net: respect -onlynet= when making outbound connections #22834

pull vasild wants to merge 2 commits into bitcoin:master from vasild:onlynet changing 14 files +72 −52
  1. vasild commented at 1:14 pm on August 30, 2021: member

    Do not make outbound connections to hosts which belong to a network which is restricted by -onlynet.

    This applies to hosts that are automatically chosen to connect to and to anchors.

    This does not apply to hosts given to -connect, -addnode, addnode RPC, dns seeds, -seednode.

    Fixes #13378 Fixes #22647 Supersedes https://github.com/bitcoin/bitcoin/pull/22651

  2. fanquake added the label P2P on Aug 30, 2021
  3. laanwj commented at 1:20 pm on August 30, 2021: member
    Concept ACK, I think this makes onlynet closer to what users expect, clearing up all kind of exceptions that have to be documented. Thanks!
  4. vasild commented at 2:35 pm on August 30, 2021: member
    With this PR, one could use for example -onlynet=ipv6 -onion=127.0.0.1:9050 and Bitcoin Core will not automatically connect to .onion hosts. However one could later use the addnode RPC to manually connect to an .onion host. This matches the current behavior in master wrt other networks, e.g. -onlynet=ipv6 and later addnode to an ipv4 host.
  5. in doc/tor.md:60 in 7b821b9d4c outdated
    56@@ -57,11 +57,7 @@ outgoing connections, but more is possible.
    57     -onlynet=onion  Make outgoing connections only to .onion addresses. Incoming
    58                     connections are not affected by this option. This option can be
    59                     specified multiple times to allow multiple network types, e.g.
    60-                    onlynet=ipv4, onlynet=ipv6, onlynet=onion, onlynet=i2p.
    61-                    Warning: if you use -onlynet with values other than onion, and
    62-                    the -onion or -proxy option is set, then outgoing onion
    63-                    connections will still be made; use -noonion or -onion=0 to
    64-                    disable outbound onion connections in this case.
    65+                    onlynet=ipv6, onlynet=onion.
    


    jonatack commented at 3:35 pm on August 30, 2021:

    (Initial drive-by review.) Every onlynet question I’ve received has been about using -onlynet=onion, -onlynet=i2p, or both together, so it may be reasonable to address what node operators seem most interested in and minimize confusion, by using the hidden networks for the onlynet examples in both doc/tor.md and doc/i2p.md (unless you use all of them in the examples to illustrate that it is possible, which is what I did in #22648, but no strong opinion on whether that is helpful)

    0                    onlynet=onion, onlynet=i2p.
    

    vasild commented at 12:53 pm on August 31, 2021:
    Ok, I will update this as per above. I changed it because it was using onlynet with all possible networks which looked strange to me.

    vasild commented at 2:49 pm on September 1, 2021:
    Done.
  6. in src/net.cpp:127 in 7b821b9d4c outdated
    122+{
    123+    if (!gArgs.IsArgSet("-onlynet")) {
    124+        return true;
    125+    }
    126+    const auto onlynets = gArgs.GetArgs("-onlynet");
    127+    return std::any_of(onlynets.begin(), onlynets.end(), [&addr](const auto& net) {
    


    jonatack commented at 3:46 pm on August 30, 2021:

    naming nit, onlynet or maybe onlynet_str might be a clearer iterator name for onlynets, and net is often used for passing a Network enum, e.g. in src/net.h::IsReachable() and SetReachable())

    0    return std::any_of(onlynets.begin(), onlynets.end(), [&addr](const auto& onlynet) {
    

    vasild commented at 12:54 pm on August 31, 2021:
    I will optimize this because it will be called frequently (not as in #22651, once per startup). std::unordered_set has a lookup time O(1).

    vasild commented at 2:50 pm on September 1, 2021:
    Done (optimized).
  7. jonatack commented at 3:47 pm on August 30, 2021: member
    Concept ACK, initial drive-by review on github, will review/test soon
  8. jonatack commented at 3:51 pm on August 30, 2021: member

    (Feel free to ignore my comments until you re-push.)

    Do you plan to add functional tests like in #22651?

  9. DrahtBot commented at 10:34 pm on August 30, 2021: member

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #24205 (net, init, test: network reachability testing and safety improvements by jonatack)
    • #15423 (torcontrol: Query Tor for correct -onion configuration by luke-jr)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  10. vasild commented at 12:57 pm on August 31, 2021: member

    Do you plan to add functional tests like in #22651?

    It would be good. I wonder how to test this deterministically. I guess I would want to have an addrman with just addresses from one network and use onlynet another network and check that a connection is never attempted, or something like that.

  11. ghost commented at 3:19 pm on August 31, 2021: none

    Concept ACK

    Started testing today and need to test lot of combinations with onlynet. Sharing things that I observed during basic tests:

    1. onlynet=i2p with proxy=127.0.0.1:9050 does not create any outbound connections to onion nodes using PR branch however it connects to onion node with Master branch. ✅

      1.1 Run node 1:

      0bitcoind -regtest=1 -port=18333 -rpcport=18222 -rpcuser=user1 -rpcpassword=pass1 -datadir=/home/prayank/node1 -debug=net
      

      1.2 Run node 2:

      0bitcoind -regtest=1 -port=18777 -rpcport=18666 -rpcuser=user2 -rpcpassword=pass2 -onlynet=i2p -i2psam=127.0.0.1:7656 -proxy=127.0.0.1:9050 -datadir=/home/prayank/node2 -debug=net
      

      1.3 Copy onion address for node 1 and add it in peers.dat for node2:

      0bitcoin-cli -rpcport=18666 -rpcuser=user2 -rpcpassword=pass2 addpeeraddress "6w724ckwacu2sdfitjr6otzfi4hfutxqqcc5mju2gc2ufguysb447gqd.onion" 18444
      

      1.4 Wait for few seconds and node 2 will create an outbound connection with node 1 on Master branch. It should fail on PR branch.

      Master branch: https://pastebin.com/raw/krvahBf7 PR branch: https://pastebin.com/raw/P6uwLtxf

    2. Onion service and i2p service are not created when proxy=127.0.0.1:9050 is used. (Master and PR branch) :warning:

  12. Rspigler commented at 2:44 am on September 1, 2021: contributor
    Concept ACK! Glad there’s a full fix for this now.
  13. vasild force-pushed on Sep 1, 2021
  14. vasild commented at 2:51 pm on September 1, 2021: member
    7b821b9d4c...0ea0de6438: optimize OutboundConnectionAllowedTo() for a fast lookup coz it is called frequently, plus some rewording in the docs.
  15. vasild commented at 3:07 pm on September 1, 2021: member

    @prayank23, thanks for looking into this! So all is working as expected. -logips=1 will improve your log output a tiny bit. I also tested this manually by adding a printout inside OutboundConnectionAllowedTo(), with -onlynet=i2p -onion=127.0.0.1:9050 it is called many times with *.onion addresses and returns false as expected.

    A room for improvement (out of the scope of this PR): with -onlynet=X if addrman contains a small percentage of X addresses, CConnman::ThreadOpenConnections() will loop many times trying non-X addresses which get rejected either by the existent IsReachable() check or by the newly added OutboundConnectionAllowedTo(). It takes seconds to select an I2P address for example. CAddrMan::Select() could be smarter and take a onlynets argument and somehow return addresses that only belong to the requested networks fast.

  16. naumenkogs commented at 4:02 pm on September 1, 2021: member
    Concept ACK
  17. ghost commented at 7:13 pm on September 1, 2021: none

    Day 2 of testing onlynet

    ipv4 ipv6 onion i2p logs Comments
    :large_blue_circle: https://pastebin.com/raw/nq5kXqYK No issues :white_check_mark:
    :large_blue_circle: https://pastebin.com/raw/Hqnz0nAP No issues :white_check_mark:
    :large_blue_circle: https://pastebin.com/raw/9bwY0Nbw No issues :white_check_mark:
    :large_blue_circle: https://pastebin.com/raw/mhW371kx No issues :white_check_mark:

    So all is working as expected

    Need to test more things. onlynet=ipv6 did not work as expected today.

    -logips=1 will improve your log output a tiny bit

    Thanks. Will try this tomorrow.

    CAddrMan::Select() could be smarter and take a onlynets argument and somehow return addresses that only belong to the requested networks fast.

    Yes we can try this.

  18. mzumsande commented at 11:28 pm on September 1, 2021: member

    I wonder about the interactions of the new OutboundConnectionAllowedTo() with IsReachable(), which is how -onlynet also influences things - it seems complicated to have both OutboundConnectionAllowedTo() and IsReachable() doing similar things with subtle differences, and depending on the situation one or the other is effective.

    My understanding is that IsReachable() will still be able to violate the -onlynet option sometimes (if -proxy , -onion in init.cpp or torcontrol.cpp call SetReachable() after the -onlynet arg was evaluated). Because addrman acceptance is gated by IsReachable(), I think we could still accept addrs from networks excluded by -onlynet into addrman that we no longer would make outgoing connections to - leading to futile connection attempts.

    Would it be possible as an alternative approach to get Reachable in line with -onlynet expectations (e.g. by moving the -onlynet block in init.cpp below the -onion and -proxy blocks and also not calling SetReachable() from torcontrol if -onlynet excludes onions?) Or would there be negative side effects with other callers of IsReachable()?

  19. vasild commented at 8:25 am on September 2, 2021: member
    @prayank23 does the machine have an actual IPv6 connectivity? Do you see successful connections to IPv6 hosts when -onlynet= is not used? The text Network is unreachable is an actual system error, it does not come from Bitcoin Core.
  20. ghost commented at 10:30 am on September 2, 2021: none

    Yes it was ipv6 connectivity issue. There were 2 issues: 1. One of my ISP didn’t support ipv6 2. Had to change network adapter from NAT to bridged in VM. Checked connectivity on http://test-ipv6.com/

    Updated logs above as ipv6 works fine. Will test onion-ipv4, onion-ipv6, i2p-ipv4, i2p-ipv6, i2p-onion and ipv6-ipv4 today.

  21. vasild commented at 12:51 pm on September 2, 2021: member

    @mzumsande, good insight! I think there are two distinct properties of a network:

    1. Whether it is reachable (the current IsReachable() function). That is - do we have the means to connect to it if we wanted?
    2. Whether we should choose hosts from that network for making automatic outbound connections (-onlynet=, or the newly added OutboundConnectionAllowedTo() function)

    For example, a setup like -onlynet=ipv6 -onion=127.0.0.1:9050 should make the Tor network “reachable”, but avoid automatically opening connections to it. However, manual connections using -connect, -addnode and -seednode to Tor hosts should be still possible, using the proxy given with -onion=. Makes sense?

    Your comments make me think - should we only add addresses to addrman if they are both 1. and 2. (right now it is just 1.)? E.g.

    0             // Do not store addresses outside our network
    1-            if (fReachable)
    2+            if (fReachable && OutboundConnectionAllowedTo(addr))
    3                 vAddrOk.push_back(addr);
    

    or also limit relay of 1. but not 2. addresses?

    What about changing the limited property in the getnetworkinfo RPC reply?

    https://github.com/bitcoin/bitcoin/blob/b997dd211ecfe5d0d6f757b8426ad81e40219143/src/rpc/net.cpp#L574-L575

  22. naumenkogs commented at 5:09 pm on September 2, 2021: member
    I agree with @mzumsande. I find it confusing that we have two functions considering -onlynet (see how vfLimited is filled with onlynet).
  23. ghost commented at 11:15 am on September 3, 2021: none

    It tried few combinations with onlynet and everything works as expected. Although I am still not sure about trade-offs involved in each of these. Things get even more complicated if user has incoming connections on multiple networks as discussed in IRC: https://www.erisian.com.au/bitcoin-core-dev/log-2021-09-01.html (260 2021-09-01T20:26:30)

    This PR has limited scope and it does fix the issues with onlynet and proxy usage.

    ACK https://github.com/bitcoin/bitcoin/pull/22834/commits/0ea0de64385c0150e179885a792d615005e20841

    Will reACK if suggestions discussed above are implemented and functional tests are added:

    #22834 (comment)

    #22834 (comment)

    Also not sure why addpeeraddress returns false in this case: https://bitcoin.stackexchange.com/q/109465/

  24. vasild commented at 4:25 pm on September 3, 2021: member

    @mzumsande, @naumenkogs, if we need not make a distinction between 1. and 2. (from #22834 (comment)), then an alternative approach is possible, similar to the one described above by @mzumsande (but not quite the same).

    What do you think about this: https://github.com/vasild/bitcoin/commit/46a9a797f1692bc8ceefea1bee49caba5ca87127? Note that even with that, IsReachable() does not represent exactly -onlynet.

  25. mzumsande commented at 9:51 pm on September 5, 2021: member

    I didn’t find a place we would need to make the distinction between the ability (1) and the willingness (2) to make outbound connections to networks. Also the status quo for IsReachable() before this PR, despite the name, is a mix of 1. and 2. because it is initially set by -onlynet user preference (2) and then possibly overruled based on the means to connect to a network (1):

    For example, a setup like -onlynet=ipv6 -onion=127.0.0.1:9050 should make the Tor network “reachable”, but avoid automatically opening connections to it.

    Is this a relevant scenario, i.e. what should be the practical consequence of a network being “reachable” in this scenario when we wouldn’t do automatic connections to it?

    However, manual connections using -connect, -addnode and -seednode to Tor hosts should be still possible, using the proxy given with -onion=. Makes sense?

    Yes, I agree. As far as I can see, all of the manual connection code is completely independent from IsReachable, so this shouldn’t be affected by any of the discussed suggestions.

    Your comments make me think - should we only add addresses to addrman if they are both 1. and 2. (right now it is just 1.)

    I tend to think that this would make sense. I don’t see the point of storing addresses in addrman when we won’t connect to them - whether this is because we cannot or because we don’t want to doesn’t seem crucial to me.

    What do you think about this: vasild@46a9a79? Note that even with that, IsReachable() does not represent exactly -onlynet.

    On first sight, I like this approach. I don’t quite understand why it is possible to just drop the SetReachable() in torcontrol.cpp.

    I have been looking into the other call sites of IsReachable() besides connection opening and addrman acceptance to see how they would be affected by possible changes: IsPeerAddrLocalGood() and AddLocal() both call IsReachable() and therefore might be affected. Considering that they deal with the address used for self-advertising (and thus for getting incoming connections) I don’t really understand why they make use of IsReachable() in the first place. Shouldn’t this affect only outbound connection logic?

  26. practicalswift commented at 9:12 am on September 6, 2021: contributor
    Concept ACK
  27. vasild commented at 12:34 pm on September 7, 2021: member

    I didn’t find a place we would need to make the distinction between the ability (1) and the willingness (2) to make outbound connections to networks.

    The only one I can think of is this - it would be strange to display onion as not reachable in getnetworkinfo RPC, but to be able to open manual connections to it using addnode.

    Also the status quo for IsReachable() before this PR, despite the name, is a mix of 1. and 2. because it is initially set by -onlynet user preference (2) and then possibly overruled based on the means to connect to a network (1):

    Yes.

    For example, a setup like -onlynet=ipv6 -onion=127.0.0.1:9050 should make the Tor network “reachable”, but avoid automatically opening connections to it.

    Is this a relevant scenario, i.e. what should be the practical consequence of a network being “reachable” in this scenario when we wouldn’t do automatic connections to it?

    It would be possible to reach the network by opening a manual connection. I am not sure if this is “relevant”. Maybe it is exotic use case.

    What do you think about this: vasild/bitcoin@46a9a79? Note that even with that, IsReachable() does not represent exactly -onlynet.

    On first sight, I like this approach. I don’t quite understand why it is possible to just drop the SetReachable() in torcontrol.cpp.

    Hmm, maybe that is not a good idea - if -torcontrol=... -torpassword=... are given (without any of -onlynet, -proxy or -onion) then that code would have flipped the Tor network from not reachable to reachable. Is this desirable? If yes, then instead of removing SetReachable() from torcontrol.cpp it should be made conditional: if (!onion_restricted) {. However that variable onion_restricted is local in init.cpp so it would either have to be made global (:disappointed:) or OutboundConnectionAllowedTo() used instead of it. But we are looking into that potentially more invasive patch only because the co-existence of IsReachable() and OutboundConnectionAllowedTo() is confusing…

    IsPeerAddrLocalGood() and AddLocal() both call IsReachable() and therefore might be affected. Considering that they deal with the address used for self-advertising (and thus for getting incoming connections) I don’t really understand why they make use of IsReachable() in the first place. Shouldn’t this affect only outbound connection logic?

    I think the logic is this - if a network is not reachable then we cannot accept connections from it. “Reachable” in the broader English word meaning, not the stricter -onlynet meaning. For example, a host/OS may have support for both IPv4 and IPv6 but its ISP may only support IPv4. So, an operator would run -onlynet=ipv4 to avoid attempting connections to IPv6 hosts and from advertising an IPv6 address to which the rest of the world cannot connect.

  28. in src/net.cpp:124 in 0ea0de6438 outdated
    119+ * Could be restricted by the `-onlynet` configuration option.
    120+ * @return true if allowed
    121+ */
    122+static bool OutboundConnectionAllowedTo(const CNetAddr& addr)
    123+{
    124+    static const std::unordered_set<Network> onlynets = [](){
    


    luke-jr commented at 9:23 pm on September 20, 2021:

    This seems fragile. Can we guarantee onlynets is initialised only after the config files get loaded?

    At the very least, I think it should be tested.


    laanwj commented at 8:57 am on November 8, 2021:
    Yes, I also strongly prefer initialization to be done explicitly in an explicit order. This code belongs in one of the Init functions, or called from there. We’ve historiically had many initialization bugs due to hidden gotchas like this.

    vasild commented at 4:40 pm on November 8, 2021:
    Dropped this altogether for a (hopefully) better and simpler approach.
  29. luke-jr changes_requested
  30. luke-jr referenced this in commit 93c87541f6 on Oct 10, 2021
  31. DrahtBot added the label Needs rebase on Nov 1, 2021
  32. vasild force-pushed on Nov 8, 2021
  33. vasild commented at 4:39 pm on November 8, 2021: member

    0ea0de6438...051c2554ca: rebase and refactor to address concerns:

    1. now we don’t have two similar functions IsReachable() and OutboundConnectionAllowedTo() (@mzumsande, @naumenkogs)
    2. initialization order in OutboundConnectionAllowedTo() - this function was removed (@luke-jr, @laanwj)

    Rename proxyType to Proxy in a second commit (scripted diff), which is optional.

    Invalidates ACK from @prayank23

  34. vasild commented at 4:47 pm on November 8, 2021: member

    @mzumsande

    Would it be possible as an alternative approach to get Reachable in line with -onlynet expectations …

    Almost! The only exception now is that we SetReachable(NET_ONION, false) is we don’t have a proxy to reach the Tor network.

  35. DrahtBot removed the label Needs rebase on Nov 8, 2021
  36. vasild commented at 5:17 pm on November 9, 2021: member

    Comparison of IsReachable(NET_ONION) before and after this PR:

  37. unknown approved
  38. unknown commented at 7:52 pm on November 10, 2021: none

    reACK https://github.com/bitcoin/bitcoin/pull/22834/commits/051c2554ca1eb9f9f2109c586f7b53c5b1e83ce9

    Tested only one case with steps mentioned here: #22834 (comment)

    Could also see the error mentioned in the table above:

    02021-11-10T19:34:34Z Error: Outbound connections restricted to Tor (-onlynet=onion) but the proxy for reaching the Tor network is not provided (no -proxy= and no -onion= given) or it is explicitly forbidden (-onion=0)
    
  39. mzumsande commented at 0:48 am on November 11, 2021: member

    Concept/ Approach ACK.

    I like the reworked approach, the handling of -onlynet in connection with other parameters and IsReachable() makes sense to me and is clearer than before - so my points are addressed. Having very little experience with Tor in bitcoin, I’ll need to do more testing/exploration before actually ACKing.

  40. DrahtBot added the label Needs rebase on Nov 24, 2021
  41. net: respect -onlynet= when making outbound connections
    Do not make outbound connections to hosts which belong to a network
    which is restricted by `-onlynet`.
    
    This applies to hosts that are automatically chosen to connect to and to
    anchors.
    
    This does not apply to hosts given to `-connect`, `-addnode`,
    `addnode` RPC, dns seeds, `-seednodes`.
    
    Fixes https://github.com/bitcoin/bitcoin/issues/13378
    Fixes https://github.com/bitcoin/bitcoin/issues/22647
    Supersedes https://github.com/bitcoin/bitcoin/pull/22651
    e53a8505db
  42. scripted-diff: rename `proxyType` to `Proxy`
    -BEGIN VERIFY SCRIPT-
    sed -i 's/\<proxyType\>/Proxy/g' $(git grep -l proxyType)
    -END VERIFY SCRIPT-
    0eea83a85e
  43. vasild force-pushed on Nov 24, 2021
  44. vasild commented at 11:47 am on November 24, 2021: member

    051c2554ca...0eea83a85e: rebase due to conflicts

    Invalidates ACK from @prayank23

  45. unknown approved
  46. DrahtBot removed the label Needs rebase on Nov 24, 2021
  47. in src/init.cpp:1846 in e53a8505db outdated
    1850@@ -1843,7 +1851,6 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
    1851         if (!Lookup(i2psam_arg, addr, 7656, fNameLookup) || !addr.IsValid()) {
    1852             return InitError(strprintf(_("Invalid -i2psam address or hostname: '%s'"), i2psam_arg));
    1853         }
    1854-        SetReachable(NET_I2P, true);
    


    naumenkogs commented at 10:16 am on December 1, 2021:
    What’s the reason for deleting this line?

    vasild commented at 10:31 am on December 1, 2021:

    Same logic as with Tor - avoid explicitly calling SetReachable(..., true) because:

    1. Everything is reachable by default (all elements in vfLimited[] are false by default), so if the network is reachable anyway, SetReachable(..., true) is a noop.
    2. If the network is not reachable by the time this code executes, that means that -onlynet= was specified and the network in question is not among the lucky ones being listed. In this case, respect the -onlynet= setting.

    naumenkogs commented at 10:57 am on December 1, 2021:
    Why even bother doing all these checks if the network was limited in the first place? It just makes it a bit harder to understand, especially in the context of this diff, but no big deal.

    naumenkogs commented at 11:00 am on December 1, 2021:
    Ah, here’s the answer: This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`.

    vasild commented at 11:28 am on December 1, 2021:
    Yeah, because a proxy was provided, it is possible to manually open connections to those networks.
  48. naumenkogs commented at 11:21 am on December 1, 2021: member
    utACK 0eea83a85ec6b215d44facc2b16ee1b035275a6b
  49. luke-jr referenced this in commit 06fc482a73 on Dec 14, 2021
  50. in src/init.cpp:1322 in 0eea83a85e
    1319+
    1320     bool proxyRandomize = args.GetBoolArg("-proxyrandomize", DEFAULT_PROXYRANDOMIZE);
    1321     // -proxy sets a proxy for all outgoing network traffic
    1322     // -noproxy (or -proxy=0) as well as the empty string can be used to not set a proxy, this is the default
    1323     std::string proxyArg = args.GetArg("-proxy", "");
    1324-    SetReachable(NET_ONION, false);
    


    jonatack commented at 9:22 pm on January 30, 2022:

    The default network reachability values are implicitly set in this line in net.cpp:

    0static bool vfLimited[NET_MAX] GUARDED_BY(g_maplocalhost_mutex) = {};
    

    Maybe assert that each network is reachable in this first loop through them during init. Edit: proposed in #24205.

     0diff --git a/src/init.cpp b/src/init.cpp
     1index 72b86daf21..81c145870b 100644
     2--- a/src/init.cpp
     3+++ b/src/init.cpp
     4@@ -1317,6 +1317,7 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
     5         }
     6         for (int n = 0; n < NET_MAX; n++) {
     7             enum Network net = (enum Network)n;
     8+            assert(IsReachable(net));
     9             if (!nets.count(net))
    10                 SetReachable(net, false);
    11         }
    

    vasild commented at 12:55 pm on January 31, 2022:
    Marking as resolved. I think #24205 is ok and that this PR should be merged first.

    jonatack commented at 12:58 pm on January 31, 2022:

    Marking as resolved. I think #24205 is ok and that this PR should be merged first.

    Agree.

  51. in src/init.cpp:1364 in 0eea83a85e
    1367+    } else {
    1368+        if (args.IsArgSet("-onlynet") && IsReachable(NET_ONION)) {
    1369+            return InitError(
    1370+                _("Outbound connections restricted to Tor (-onlynet=onion) but the proxy for "
    1371+                  "reaching the Tor network is not provided (no -proxy= and no -onion= given) or "
    1372+                  "it is explicitly forbidden (-onion=0)"));
    


    jonatack commented at 9:27 pm on January 30, 2022:
    Manually tested hitting this error message. A test may be good in a follow-up.

    vasild commented at 12:55 pm on January 31, 2022:
    A candidate for #24205?

    jonatack commented at 10:07 pm on March 1, 2022:

    A candidate for #24205?

    Done, along with test coverage for the other proxy/onion/onlynet init errors.

  52. jonatack approved
  53. jonatack commented at 9:35 pm on January 30, 2022: member

    ACK 0eea83a85ec6b215d44facc2b16ee1b035275a6b code review, rebased to master, debug built, and did some manual testing with various config options on signet

    Came across the onlynet issue again recently that this pull fixes.

    This pull has been through quite a bit of review and has several ACKs. It may be good to have it in v23.

  54. in src/init.cpp:444 in 0eea83a85e
    440@@ -441,7 +441,7 @@ void SetupServerArgs(ArgsManager& argsman)
    441     argsman.AddArg("-onion=<ip:port>", "Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
    442     argsman.AddArg("-i2psam=<ip:port>", "I2P SAM proxy to reach I2P peers and accept I2P connections (default: none)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
    443     argsman.AddArg("-i2pacceptincoming", "If set and -i2psam is also set then incoming I2P connections are accepted via the SAM proxy. If this is not set but -i2psam is set then only outgoing connections will be made to the I2P network. Ignored if -i2psam is not set. Listening for incoming I2P connections is done through the SAM proxy, not by binding to a local address and port (default: 1)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
    444-    argsman.AddArg("-onlynet=<net>", "Make outgoing connections only through network <net> (" + Join(GetNetworkNames(), ", ") + "). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks. Warning: if it is used with non-onion networks and the -onion or -proxy option is set, then outbound onion connections will still be made; use -noonion or -onion=0 to disable outbound onion connections in this case.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
    445+    argsman.AddArg("-onlynet=<net>", "Make automatic outgoing connections only through network <net> (" + Join(GetNetworkNames(), ", ") + "). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
    


    jonatack commented at 9:41 pm on January 30, 2022:

    Maybe s/outgoing connections/automatic outbound connections and s/incoming connections/inbound and manual connections/ in these three lines:

    0₿ git grep "Incoming connections\|. Incoming"
    1doc/i2p.md:68:Make outgoing connections only to I2P addresses. Incoming connections are not
    2doc/tor.md:56:    -onlynet=onion  Make outgoing connections only to .onion addresses. Incoming
    3src/init.cpp:444:    argsman.AddArg("-onlynet=<net>", "Make automatic outgoing connections only through network <net> (" + Join(GetNetworkNames(), ", ") + "). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
    

    vasild commented at 12:56 pm on January 31, 2022:
    Will do if I retouch.

    jonatack commented at 12:58 pm on January 31, 2022:
    Yes, can be as a follow-up. This seems RFM.

    jonatack commented at 10:06 pm on March 1, 2022:
    Done in #24468
  55. MarcoFalke added this to the milestone 23.0 on Jan 31, 2022
  56. laanwj merged this on Mar 1, 2022
  57. laanwj closed this on Mar 1, 2022

  58. vasild deleted the branch on Mar 2, 2022
  59. sidhujag referenced this in commit ca34ee9984 on Mar 2, 2022
  60. laanwj referenced this in commit f6d335e828 on Mar 7, 2022
  61. sidhujag referenced this in commit c561f58099 on Mar 7, 2022
  62. MarcoFalke referenced this in commit f0c9ba2b48 on Mar 24, 2022
  63. sidhujag referenced this in commit 94a2f75119 on Apr 2, 2022
  64. DrahtBot locked this on Mar 3, 2023

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-18 21:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me