-
Notifications
You must be signed in to change notification settings - Fork 35.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tor: respect non-onion -onlynet= for outgoing Tor connections #22651
Conversation
Concept/Approach ACK. It may be good to have functional test coverage (or make it a separate function with unit tests). Edit: updated the -onlynet documentation in bebcf78. |
This link says "The behavior should not astonish or surprise users" I am surprised by lot of things in Bitcoin Core 😄 Concept ACK. Doesn't make sense to create outbound connections with onion peers if |
Agree. Do you think these steps are correct for test?
Master branch should print such connection attempts and PR branch should not |
Checking the debug log output is a bit of a last resort when there's nothing else to assert on... getnetworkinfo limited/reachable (and maybe getpeerinfo) would probably be good. |
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
Would this fix also #13378 ? |
Also the steps I mentioned above don't work. They worked on one of my VMs. Maybe it already had some onion address in peers.dat. I was expecting it will add onion peer in peers.dat but it didn't. |
Wrote a PowerShell script to test this. Tried on Windows 10 and Pop!_OS. Node 2 is connected to Node 1 on Linux and fails on Windows (Master branch). TL;DR
|
To my understanding, yes, but only if none of Providing both |
Also of course out of this PR, just to mention: I am sure you are already aware that to have multiple "only" nets is paradox, the option should better be called e.g. "net" instead of "onlynet".. |
|
4f3020d
to
00b7ba5
Compare
|
00b7ba5
to
25f9e11
Compare
|
Interesting. Will try this today. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! A few suggestions for the test. Only skimmed the basic server so far.
|
25f9e11
to
16bf93e
Compare
5959ece
to
a2ebcda
Compare
Done! :) |
Code review re-ACK a2ebcda per |
Concept ACK |
reACK a2ebcda Major changes since last review: |
…tests 0175977 Add I2P network SetReachable/IsReachable unit test assertions (Jon Atack) b87a9c4 Improve doc/i2p.md regarding I2P router options/versions (Jon Atack) bebcf78 Update i2p.md and tor.md regarding -onlynet config option (Jon Atack) Pull request description: This pull addresses #22634 (comment) and various user feedback/questions, updates the -onlynet documentation in doc/i2p.md and doc/tor.md per #22651 (src/init.cpp is already fine) and fills in some missing I2P unit test coverage. Note: this PR depends in part on whether #22651 is merged in order to propose the correct -onlynet documentation (it is currently aligned with the change in #22651), so that PR should be decided or merged first. ACKs for top commit: Rspigler: Re-ACK 0175977 prayank23: reACK 0175977 vasild: ACK 0175977 Tree-SHA512: ae606437522bfccdfb7508108cddc7dfede2385e30a0561dbd007b784ed2639962c28552eb0e9336412faa323637fe964c26b8d8fc6dcf9fc63734ac00d05736
To be honest this whole situation around onlynet gives me a headache: #22648 (review) |
If * `-onlynet=` is given one or more times but none of them includes `onion` and * `-proxy` is not set and * `-onion` is not set, then we should not be making outbound connections to the Tor network. Fixes bitcoin#22647
Introduce a basic TCP server in the functional testing framework and use it to simulate a Tor Control daemon, which is needed in order for the code in `src/torcontrol.cpp` to execute the code that is relevant for `-onlynet`.
Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes bitcoin#13378 Fixes bitcoin#22647 Supersedes bitcoin#22651
a2ebcda
to
baa6cb1
Compare
|
@laanwj, I agree with your comments at #22648 (comment). Opened #22834 which if merged will make this PR unnecessary. IMO #22834 should be merged and this PR (#22651) closed without merge. But lets see what reviewers think. |
Code review re-ACK baa6cb1 per Will review #22834 soon. Perhaps the functional test work here can be ~ported over to it if that change is preferred. |
Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes bitcoin#13378 Fixes bitcoin#22647 Supersedes bitcoin#22651
Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes bitcoin#13378 Fixes bitcoin#22647 Supersedes bitcoin#22651
#22834 looks like a better solution IMO |
Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes bitcoin#13378 Fixes bitcoin#22647 Supersedes bitcoin#22651 Github-Pull: bitcoin#22834 Rebased-From: 0ea0de6
Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes bitcoin#13378 Fixes bitcoin#22647 Supersedes bitcoin#22651
Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes bitcoin#13378 Fixes bitcoin#22647 Supersedes bitcoin#22651
Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes bitcoin#13378 Fixes bitcoin#22647 Supersedes bitcoin#22651 Github-Pull: bitcoin#22834 Rebased-From: 0ea0de6
…und connections 0eea83a scripted-diff: rename `proxyType` to `Proxy` (Vasil Dimov) e53a850 net: respect -onlynet= when making outbound connections (Vasil Dimov) Pull request description: Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednode`. Fixes bitcoin/bitcoin#13378 Fixes bitcoin/bitcoin#22647 Supersedes bitcoin/bitcoin#22651 ACKs for top commit: naumenkogs: utACK 0eea83a prayank23: reACK bitcoin/bitcoin@0eea83a jonatack: ACK 0eea83a code review, rebased to master, debug built, and did some manual testing with various config options on signet Tree-SHA512: 37d68b449dd6d2715843fc84d85f48fa2508be40ea105a7f4a28443b318d0b6bd39e3b2ca2a6186f2913836adf08d91038a8b142928e1282130f39ac81aa741b
Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes bitcoin/bitcoin#13378 Fixes bitcoin/bitcoin#22647 Supersedes bitcoin/bitcoin#22651
If
-onlynet=
is given one or more times but none of them includesonion
and-proxy
is not set and-onion
is not set,then we should not be making outbound connections to the Tor network.
Fixes #22647