Don't log IP addresses for transactions. #3741

pull rebroad wants to merge 1 commits into bitcoin:master from rebroad:DontLogTxIPaddresses changing 1 files +1 −2
  1. rebroad commented at 6:33 AM on February 25, 2014: contributor

    Don't log IP addresses by default. Argument originally given in pull request #2126 by darkhosis and luke-jr.

  2. Don't log IP addresses for transactions. 1df708cec2
  3. BitcoinPullTester commented at 6:51 AM on February 25, 2014: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/1df708cec2da7f2a41dd3d846bead82b594f9a15 for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  4. Michagogo commented at 11:11 AM on February 25, 2014: contributor

    Personally, I don't think this change is a good idea. There are reasons why one might want to have this information. If you're worried about it, perhaps add an option to control it. It could even be off by default, but I don't want to make it impossible.

  5. laanwj commented at 11:20 AM on February 25, 2014: member

    You removed not only the IP adress but also the subversion. The version is very useful to know when a strange transaction comes in.

    All in all, I think this makes little sense. Are you afraid of people logging IPs? Well, the people that want to log IPs can simply patch the source code to do so. Or use a sniffing tool. Some sites such as blockchain.info will already log your IP (see the sad story in #2653) and even make it queryable for all.

    At this point if you don't want your IP all over the place you should use bitcoin behind Tor.

  6. luke-jr commented at 6:17 PM on February 25, 2014: member

    @laanwj Historically, we've had a policy (there are PRs prior to #2126 also) to not log IP addresses. The reason being, that it makes bitcoin node logs a potentially valuable resource to hack/subpoena, making a hassle for users. If an individual wants to patch it in (or even enable an option), that's fine, but having it enabled by default is IMO a real risk.

  7. Diapolo commented at 6:39 PM on February 25, 2014: none

    I agree with @luke-jr here, but we should perhaps allow enabling IP address logging somehow for debugging.

  8. gmaxwell commented at 6:40 PM on February 25, 2014: contributor

    The complaint against making logs valuable is really only about defaults, options are fine.

  9. laanwj commented at 7:17 PM on February 25, 2014: member

    I'm fine with making logging IPs an option that is off by default.

    BTW the respective commit ba6a4ea added IPs in various places (and there were others as well already) so it probably makes sense to generalize this and not single out this single occurence.

  10. Michagogo commented at 7:18 PM on February 25, 2014: contributor

    Well, right now this isn't implemented as an option as far as I can tell -- it just strips it out completely. I wouldn't be very opposed to having it off by default, but it shouldn't be completely removed.

    Ninja edit: Yeah, as @laanwj says, it should definitely be changed across the board, if any change is made at all. (also, TIL that Github PR pages automatically update with new posts even while you're typing.)

  11. rebroad commented at 1:19 AM on February 27, 2014: contributor

    So, shall I change this pull request, and extend it to other areas so that IPs are logged, but only when a command line option is given, which is off by default? This is kinda what I did about 2 years ago (#1311), but perhaps policy has changed since then, although my code was pretty messy back then, so I'm not surprised much of it was never pulled.

  12. gmaxwell commented at 1:26 AM on February 27, 2014: contributor

    Right now I think the only IPs we log by default are connect messages— and I actually don't see much harm in those. I'd like to eventually move in the direction of keeping a ring buffer in memory and dumping it on crash (or on command), and otherwise logging very little to disk by default.

  13. rebroad commented at 1:31 AM on February 27, 2014: contributor

    @gmaxwell sounds like a good idea, well, more so on Windows, whereas on unix there are more system tools available for doing this externally to bitcoind.

  14. int03h commented at 2:50 AM on February 27, 2014: none

    what purpose would logging IPs serve ?

  15. gmaxwell commented at 2:51 AM on February 27, 2014: contributor

    it's useful for debugging. If some node is sending you garbage it's useful to be able to reconnect to it intentionally to see what its doing and reproduce the behavior.

  16. laanwj commented at 1:01 PM on February 27, 2014: member

    @gmaxwell I think you're right. For example the mempool messages affected by this pull are not logged by default, only if -debug=mempool is provided. Apart from that we log IPs for incoming/outgoing version messages and misbehaving peers.

  17. rebroad commented at 10:02 PM on February 27, 2014: contributor

    I've just raised a pull request #3764 that hopefully addresses the points made. Thanks for any feedback on this.

  18. rebroad closed this on Feb 27, 2014
  19. Michagogo commented at 10:05 PM on February 27, 2014: contributor

    @rebroad For future reference, there's no need to create a new PR. If you just push to the same branch (DontLogTxIPaddresses) the PR gets updated.

  20. rebroad commented at 12:51 AM on April 2, 2014: contributor

    I'm confused. I thought pull #3764 provided a solution to what people were requesting in this pull request, but the arguments I'm hearing on there is that it adds an extra command line argument to what is already a list of too many command line options, yet, people on here are asking for it to be optional. Can someone please clarify what is wanted?

  21. rebroad reopened this on Apr 2, 2014
  22. laanwj commented at 8:04 AM on April 2, 2014: member

    How many times do we need to repeat this: there is no issue!

    In the default configuration (so if you don't enable -debug=net), which this 'threat scenario' is all about, those extra IP-logging messages are not logged. If you want extra network debugging you get IPs. That's exactly how it should be, IMO.

  23. laanwj closed this on May 28, 2014
  24. rebroad deleted the branch on Sep 3, 2014
  25. DrahtBot locked this on Sep 8, 2021
Contributors
rebroadBitcoinPullTesterMichagogolaanwjluke-jrDiapologmaxwellint03h
Linked (view graph)
#2126 Improved getblocks logging.
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 18:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me