- current code, when set e.g. -onlynet="IPv6", only prevents outgoing connections to peers via the blocked networks (in this example IPv4/ Tor)
- this patch extends the behaviour to inbound connections, so when e.g. -onlynet="IPv6", don't allow incoming IPv4/Tor connections from peers
honor blocked networks (-onlynet="XXX") with inbound connections #2089
pull Diapolo wants to merge 1 commits into bitcoin:master from Diapolo:onlynet_inbound changing 1 files +5 −0-
Diapolo commented at 6:20 PM on December 10, 2012: none
-
6ede3440c9
honor blocked networks (-onlynet="XXX") with inbound connections
- current code, when set e.g. -onlynet="IPv6", only prevents outgoing connections to peers via the blocked networks (in this example IPv4/ Tor) - this patch extends the behaviour to inbound connections, so when e.g. -onlynet="IPv6", don't allow incoming IPv4/Tor connections from peers
-
BitcoinPullTester commented at 6:44 PM on December 10, 2012: none
Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/6ede3440c96920062625b9b044d227632944a80c for binaries and test log.
-
gmaxwell commented at 7:00 PM on December 10, 2012: contributor
I don't think disallowing IPv4 local connections (e.g. from mining daemons and monitoring tools) is a desired effect of onlynet. I suspect this will also block all onion peers even when onlynet tor, though I haven't actually tried it.
-
Diapolo commented at 8:31 PM on December 10, 2012: none
IMHO when we have a switch to block certain networks, this should include ALL connections (in- and outbound). What did we intend with
-onlynetotherwise?If people really want to explicitly allow IPv4 connections, they can use
-bind(remember #1778, which is for such cases). As this network-block is not active for RPC-stuff AFAIK, I really see no problem here. -
sipa commented at 8:33 PM on December 10, 2012: member
But the problem is that incoming onion connections come in as an IPv4 connection from 127.0.0.1. So -onlynet=tor would block incoming onion connections...
-
Diapolo commented at 8:34 PM on December 10, 2012: none
Right, so the user could just add -bind=127.0.0.1 :).
This is from the commit message of #1778:
usage case: specify -bind=127.0.0.1 -onlynet="Tor" to allow incoming connections to a Tor hidden service, but still don't allow other IPv4 nodes to connect / get connected -
sipa commented at 8:35 PM on December 10, 2012: member
Yes. but this very commit will still block such connections.
-
Diapolo commented at 8:36 PM on December 10, 2012: none
Then it's not well implemented by me, I just want to know if the idea from the pull is worth further work on it :D.
-
sipa commented at 8:37 PM on December 10, 2012: member
In general, there is no knowing what network an incoming connections comes from (though perhaps some special cases can be made, meh).
-
Diapolo commented at 8:40 PM on December 10, 2012: none
I'm not sure if that was a yes it's worth further work or a no, we (core devs) don't like the general idea.
-
gmaxwell commented at 8:42 PM on December 10, 2012: contributor
I like the idea if it can be done without resulting in surprising misbehavior, though I'm not convinced that this is possible. :)
-
Diapolo commented at 8:45 PM on December 10, 2012: none
Perhaps if I'm thinking a few minutes longer and come to the same conclusion I'll just close this, but as always I like the valuable feedback :).
-
Diapolo commented at 8:25 PM on December 12, 2012: none
As this just seems to cause weird behaviour I'll close this for now ... perhaps in the future we can re-think the idea and implementation.
- Diapolo closed this on Dec 12, 2012
- DrahtBot locked this on Sep 8, 2021
Contributors