-
Notifications
You must be signed in to change notification settings - Fork 36.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net: Automatically create hidden service, listen on Tor #6639
Conversation
I like the feature - concept ACK Trying to think through whether there are edge cases that persuade us to default this 'off' Leaning towards default-on as presented. |
concept ACK |
1 similar comment
concept ACK |
2015-09-26 00:03:11 [tor] Using COOKIE authentication, reading cookie authentication from /var/run/tor/control.authcookie I have ControlPort 9051 and CookieAuthentication in torrc. |
Check the permissions
|
6adfb50
to
4ed85cf
Compare
@sipa the check was broken, the cookie is 32 bytes not 64. That said, we should have a more specific error message. |
if (f == NULL) | ||
return false; | ||
if (fwrite(data.data(), 1, data.size(), f) != data.size()) | ||
return false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
false case needs fclose too
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oops good catch
Can the shutdown detection be changed to work like the httpserver? ie Init calls InterruptTorControl() which starts the immediate shutdown process? |
|
||
bool TorControlConnection::Disconnect() | ||
{ | ||
if (b_conn) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to undo the AddLocal here?
(Not for this PR) Looks like it'd be pretty simple to add support for connecting via Unix socket (/var/run/tor/control) as well. |
Concept ACK. This looks like a great feature. |
Yes, that sounds better. I have not done this before because it means making the libevent instance thread-safe -
Good idea. |
Ok: addressed all of @theuni's comments (apart from the UNIX socket, which we can add later). Edit: done |
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket API, to create and destroy 'ephemeral' hidden services programmatically. https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service This means that if Tor is running (and proper authorization is available), bitcoin automatically creates a hidden service to listen on, without user manual configuration. This will positively affect the number of available .onion nodes. - When the node is started, connect to Tor through control socket - Send `ADD_ONION` command - First time: - Make it create a hidden service key - Save the key in the data directory for later usage - Make it redirect port 8333 to the local port 8333 (or whatever port we're listening on). - Keep control socket connection open for as long node is running. The hidden service will (by default) automatically go away when the connection is closed.
93221f9
to
583d9bf
Compare
Also mentioned in release notes now. |
ACK Tests done:
|
No code review, did a weak test (it correctly reports my Tor version is too old). |
That's great! I will try to look into this soon. |
utACK squashme commits |
service = CService(service_id+".onion", GetListenPort(), false); | ||
LogPrintf("tor: Got service ID %s, advertizing service %s\n", service_id, service.ToString()); | ||
if (WriteBinaryFile(GetPrivateKeyFile(), private_key)) { | ||
LogPrint("tor", "tor: Cached service private key to %s\n", GetPrivateKeyFile()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: "Wrote service key..."?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, mind to pass this file through
contrib/devtools/clang-format.py clang-format src/torcontrol.cpp
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Please update https://github.com/bitcoin/bitcoin/blob/master/doc/files.md
Somehow I can set up a
|
you are mistaking. it's -onlynet=tor . you confuse onion with -onion=127.0.0.1:9050 where you instruct bitcoin to use that socks5 proxy to connect to onion peers (from tor network). While -onlynet=tor will make sure you connect only to onion (Tor) peers, -onion=xxx will only provide a gateway for these peers but connect to other kind of peers also. |
Then, why does
|
onlynet=onion should work. But is unrelated to this pull. Did you pass a proxy? |
I tried with and without proxy: But maybe my VPS provider is blocking tor... |
They could, but that whouldn't result in errors like
Instead you'd get proxy errors. It's not using the proxy, why is that (again, this is seemingly unrleated to this pull, maybe file a new issue) |
- Force AUTHCOOKIE size to be 32 bytes: This provides protection against an attack where a process pretends to be Tor and uses the cookie authentication method to nab arbitrary files such as the wallet - torcontrol logging - fix cookie auth - add HASHEDPASSWORD auth, fix fd leak when fwrite() fails - better error reporting when cookie file is not ok - better init/shutdown flow - stop advertizing service when disconnected from tor control port - COOKIE->SAFECOOKIE auth
944fcca
to
58ef0ff
Compare
- add new data directory files for 0.12 to doc/files.md - mention torcontrol in doc/tor.md
58ef0ff doc: update docs for Tor listening (Wladimir J. van der Laan) 68ccdc4 doc: Mention Tor listening in release notes (Wladimir J. van der Laan) 09c1ae1 torcontrol improvements and fixes (Wladimir J. van der Laan) 2f796e5 Better error message if Tor version too old (Peter Todd) 8f4e67f net: Automatically create hidden service, listen on Tor (Wladimir J. van der Laan)
tested ACK 58ef0ff |
Tor ephemeral hidden services Cherry-picked from the following upstream PRs: - bitcoin/bitcoin#6503 (included to reduce merge conflicts) - bitcoin/bitcoin#6639 - bitcoin/bitcoin#6643 - bitcoin/bitcoin#7090 - bitcoin/bitcoin#7035 - bitcoin/bitcoin#7170 - bitcoin/bitcoin#7218 (non-QT part) - bitcoin/bitcoin#7313 - bitcoin/bitcoin#7438 - bitcoin/bitcoin#7553 - bitcoin/bitcoin#7637 - bitcoin/bitcoin#7683 - bitcoin/bitcoin#7813 - bitcoin/bitcoin#7703 - bitcoin/bitcoin#8203 - bitcoin/bitcoin#9004 - bitcoin/bitcoin#9234 - bitcoin/bitcoin#9911 (partial) Closes #2061.
Discussion in #6586.
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket API, to create and destroy 'ephemeral' hidden services programmatically.
https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service
This means that if Tor is running (and proper authorization is available), bitcoin automatically creates a hidden service to listen on, without user manual configuration. This will positively affect the number of available .onion nodes.
ADD_ONION
command(by default) automatically go away when the connection is closed.
Adds command line options:
-listenonion
Automatically create Tor hidden service (default: 1)-torcontrol=<ip>:<port>
"Tor control port to use if onion listening enabled (default:127.0.0.1:9051
)TODO: