Runing bitcoind through a tor proxy does not hide my ipv6 address #6585

issue lunokhod openend this issue on August 24, 2015
  1. lunokhod commented at 8:21 am on August 24, 2015: none

    I am running bitcoind through a tor proxy, and everything seems to be working fine for my hidden service, as well as nodes that are being connected to via ipv4. I’ve verified (via getpeerinfo) that my real ipv4 address does not show up when inspecting the nodes I’m connected to. However, I was very surprised to see that I have a single incoming connection from ipv6 that is connected to my real ipv6 address.

    Here is the info I am using in my bitcoin configuration file:

    0proxy=127.0.0.1:9050
    1onion=127.0.0.1:9050
    2externalip=myhiddenservice.onion
    3listen=1
    4discover=0
    

    Here is the getpeerinfo on the node:

     0  {
     1    "id": 21,
     2    "addr": "[2a01:4f8:202:81b1::2]:4834",
     3    "addrlocal": "[my:ipv6:address:xxx:xxx:xxx:xxx:xxx]:8333",
     4    "services": "0000000000000000",
     5    "lastsend": 1440404xxx,
     6    "lastrecv": 1440403xxx,
     7    "bytessent": 2081xxx,
     8    "bytesrecv": 39xxx,
     9    "conntime": 1440367xxx,
    10    "timeoffset": 0,
    11    "pingtime": 0.043xxx,
    12    "version": 70002,
    13    "subver": "/Satoshi:0.9.3/",
    14    "inbound": true,
    15    "startingheight": 371217,
    16    "banscore": 0,
    17    "synced_headers": 371273,
    18    "synced_blocks": -1,
    19    "inflight": [
    20    ],
    21    "whitelisted": false
    22  },
    

    And here is the relevant getnetwork output

     0  "networks": [
     1    {
     2      "name": "ipv4",
     3      "limited": false,
     4      "reachable": false,
     5      "proxy": "127.0.0.1:9050",
     6      "proxy_randomize_credentials": true
     7    }, 
     8    {
     9      "name": "ipv6",
    10      "limited": false,
    11      "reachable": false,
    12      "proxy": "127.0.0.1:9050",
    13      "proxy_randomize_credentials": true
    14    }, 
    15    {
    16      "name": "onion",
    17      "limited": false,
    18      "reachable": true,
    19      "proxy": "127.0.0.1:9050",
    20      "proxy_randomize_credentials": true
    21    }
    22  ],
    

    For info, I am running this on OSX 10.10.5, bitcoin v0.11.99.0-49793fb and tor 0.2.6.10.

  2. laanwj commented at 9:17 am on August 24, 2015: member
    That’s curious. If you specify -proxy and/or -externalip, -discover will be automatically disabled. It will not advertize any other addresses. Have you run bitcoind before without this setup? Might an old node still have known your IPv6 address?
  3. laanwj added the label P2P on Aug 24, 2015
  4. lunokhod commented at 9:29 am on August 24, 2015: none
    I probably have run bitcond on clearnet before, so it is possible that someone knows my ipv6 address. However, shouldn’t discover=0 preclude them from connecting to my node?
  5. laanwj added the label Privacy on Aug 24, 2015
  6. laanwj commented at 10:38 am on August 24, 2015: member

    It does this:

    0  -discover
    1       Discover own IP addresses (default: 1 when listening and no -externalip
    2       or -proxy)
    

    It has no effect on what interfaces are listened on by -listen (note that -listen is disabled by default if -proxy is given). If you want to only bind to a specific interface, use e.g. -bind=127.0.0.1.

  7. laanwj closed this on Aug 24, 2015

  8. lunokhod commented at 11:02 am on August 24, 2015: none

    Thanks for the help, but this still appears to be a bug to me.

    • The client is telling me that reachable=false for ipv6, yet I have an inbound connection on ipv6.
    • Listen needs to be set to 1 in order to run a hidden service.
  9. laanwj commented at 9:01 am on August 26, 2015: member

    I’m still not convinced that this is a bug. reachable=false means as much as “cannot connect to this network”. It does not mean that connections cannot come in. It is completely independent of listening functionality.

    Yes, you need -listen for a hidden service. By default if you listen, it listens on every interface. If you want to restrict that, as said above, use -bind.

    (it would ofc be possible to automatically restrict the binding interfaces based on e.g. -onlynet, but I think such parameter interaction will only result in further confusion)

  10. lunokhod commented at 1:19 pm on August 26, 2015: none

    Just to follow up, using

    0onlynet=ipv4
    1onlynet=onion
    

    does not fix this problem: I still get an incoming connection from ipv6. Using

    0bind=127.0.0.1
    

    however does work. Thanks!

  11. sipa commented at 4:41 pm on August 26, 2015: member
    Yes, onlynet only restricts outgoing connections.
  12. MarcoFalke referenced this in commit 88da62c54c on Sep 6, 2015
  13. MarcoFalke referenced this in commit 74275c374a on Sep 6, 2015
  14. MarcoFalke referenced this in commit 238851bf64 on Sep 6, 2015
  15. DrahtBot locked this on Sep 8, 2021

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-30 15:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me