torcontrol: add -tortarget config #19043

pull MDrollette wants to merge 1 commits into bitcoin:master from MDrollette:tor-hidden-target changing 2 files +10 −1
  1. MDrollette commented at 10:13 pm on May 21, 2020: none

    This PR allows torcontrol to auto configure the HiddenService even when Tor is running on a different host or within a containerized environment.

    In such an environment, the previously assumed static target of 127.0.0.1 was insufficient.

    fixes #16693

  2. DrahtBot added the label P2P on May 21, 2020
  3. fanquake requested review from laanwj on May 21, 2020
  4. laanwj commented at 10:58 am on May 26, 2020: member

    Concept ACK.

    You might want to add some validationfor the option value: at the least whether it’s <addr>:port, to prevent passing weird values to Tor’s control port with unclear outcomes.

    Edit: this is also the first step towards making #8973 possible. Edit.2: apparently that uses the unix:/tmp/path/to/tor/socket syntax. We’d also want to support that at some point, though right now is pointless as bitcoind can’t bind on a UNIX socket.

  5. luke-jr commented at 3:56 am on June 3, 2020: member
    I’m confused how torcontrol is talking to Tor on another host?
  6. jonatack commented at 1:26 pm on July 17, 2020: member

    Concept ACK.

    Some validation and testing would be nice here. @MDrollette, are you still active on this?

  7. MDrollette commented at 6:52 pm on July 17, 2020: none

    @laanwj

    You might want to add some validationfor the option value: at the least whether it’s <addr>:port, to prevent passing weird values to Tor’s control port with unclear outcomes.

    I’ve added what I believe to be some sanitation/validation. I am happy to do something differently if anyone can point to a better example. My apologies, I’m not a C developer, so this is very much an introduction for me. @luke-jr

    I’m confused how torcontrol is talking to Tor on another host?

    -torcontrol can be a remote host or a different interface on the same host (ie. when running in a container) - particularly when used in combination with -torpassword instead of the cookie file method.

  8. DrahtBot commented at 10:25 pm on July 17, 2020: member

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #19998 (net: Add CNode::ConnectedThroughNetwork member function by hebasto)
    • #19991 (net: Use alternative port for incoming Tor connections by hebasto)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  9. in src/torcontrol.cpp:535 in 7e57666f34 outdated
    530@@ -531,12 +531,20 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply&
    531             SetReachable(NET_ONION, true);
    532         }
    533 
    534+        // Validate the target of the hidden service
    535+        std::string targetArg = gArgs.GetArg("-tortarget", "127.0.0.1");
    


    darosior commented at 12:43 pm on July 30, 2020:
    Looks like the port is missing in the default value ?

    MDrollette commented at 4:30 pm on July 30, 2020:
    If no port is specified, either on the passed in value or in this case as the default, then GetListenPort() is used below on L537
  10. darosior commented at 12:55 pm on July 30, 2020: member
    Concept ACK
  11. DrahtBot added the label Needs rebase on Jul 30, 2020
  12. MDrollette force-pushed on Jul 30, 2020
  13. torcontrol: add -tortarget config
    This allows torcontrol to auto configure the HiddenService even
    when Tor is running on a different host or within a containerized
    environment.
    b5d5d23154
  14. MDrollette force-pushed on Jul 30, 2020
  15. DrahtBot removed the label Needs rebase on Jul 30, 2020
  16. in src/torcontrol.cpp:534 in b5d5d23154
    530@@ -531,12 +531,20 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply&
    531             SetReachable(NET_ONION, true);
    532         }
    533 
    534+        // Validate the target of the hidden service
    


    vasild commented at 11:13 am on September 23, 2020:

    Shouldn’t this also be changed, a few lines above:

    0        // Now that we know Tor is running setup the proxy for onion addresses
    1        // if -onion isn't set to something else.
    2        if (gArgs.GetArg("-onion", "") == "") {
    3            CService resolved(LookupNumeric("127.0.0.1", 9050));
    4            proxyType addrOnion = proxyType(resolved, true);
    5            SetProxy(NET_ONION, addrOnion);
    6            SetReachable(NET_ONION, true);
    7        }
    

    If the tor daemon is running on another machine, then it will not be reachable on 127.0.0.1:9050.

  17. in src/init.cpp:464 in b5d5d23154
    460@@ -461,6 +461,7 @@ void SetupServerArgs(NodeContext& node)
    461     argsman.AddArg("-timeout=<n>", strprintf("Specify connection timeout in milliseconds (minimum: 1, default: %d)", DEFAULT_CONNECT_TIMEOUT), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
    462     argsman.AddArg("-peertimeout=<n>", strprintf("Specify p2p connection timeout in seconds. This option determines the amount of time a peer may be inactive before the connection to it is dropped. (minimum: 1, default: %d)", DEFAULT_PEER_CONNECT_TIMEOUT), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::CONNECTION);
    463     argsman.AddArg("-torcontrol=<ip>:<port>", strprintf("Tor control port to use if onion listening enabled (default: %s)", DEFAULT_TOR_CONTROL), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
    464+    argsman.AddArg("-tortarget=<ip:port>", strprintf("Target for Tor HiddenService (default: 127.0.0.1:%i)", defaultChainParams->GetDefaultPort()), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
    


    vasild commented at 11:16 am on September 23, 2020:
    Because port is optional, maybe change to -tortarget=<ip[:port]>? Or -tortarget=<ip>[:<port>] to be in line with the existent -torcontrol=<ip>:<port>.
  18. vasild commented at 11:50 am on September 23, 2020: member
    In #19991 we are considering adding the possibility to bind to a dedicated addr:port for incoming tor connections, mainly to be able to distinguish them from incoming clearnet ones. If we do that, then we can automatically pass that addr:port to the ADD_ONION command avoiding the need for the -tortarget option suggested in this PR. @MDrollette, do you think that would be sufficient? I can imagine some exceptional cases where we bind to 1.2.3.4:8334 to listen for incoming tor connections, BUT from the point of view of the tor daemon which runs in another machine, that is reachable as another address, e.g. 5.6.7.8:8334. Maybe that is an overkill and we need not support this. I.e. if we bind to 1.2.3.4:8334 to listen for tor connections, then we simply pass the same 1.2.3.4:8334 to the ADD_ONION command. Agreed?
  19. MDrollette commented at 8:10 pm on September 23, 2020: none

    @MDrollette, do you think that would be sufficient?

    That seems like an appropriate default, if nothing else. I think it’s still common in the docker case to simply specify listening on 0.0.0.0 since the IP is randomly assigned when the container is created. In this case I would run the bitcoin container with -tortarget=bitcoind:1234 so that the container IP is resolved at runtime.

    It’s possible to make it work with only your PR, so it’s more flexible than the current state. But it’s not as trivial as docker run.

  20. vasild commented at 2:14 pm on September 29, 2020: member
    What is “bitcoind” in -tortarget=bitcoind:1234? Does it resolve to a different IP address from inside the container and from outside?
  21. laanwj referenced this in commit df2129a234 on Oct 2, 2020
  22. DrahtBot commented at 1:41 pm on October 2, 2020: member

    🐙 This pull request conflicts with the target branch and needs rebase.

    Want to unsubscribe from rebase notifications on this pull request? Just convert this pull request to a “draft”.

  23. DrahtBot added the label Needs rebase on Oct 2, 2020
  24. vasild commented at 2:35 pm on October 2, 2020: member
    I think this is superseded now by #19991 which got merged.
  25. MDrollette commented at 3:27 pm on October 2, 2020: none
    Closing this PR since #19991 addresses this issue and also has further discussion
  26. MDrollette closed this on Oct 2, 2020

  27. sidhujag referenced this in commit 9d14195e7b on Oct 4, 2020
  28. DrahtBot locked this on Feb 15, 2022

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-18 12:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me