init: allow startup with -onlynet=onion -listenonion=1 #24991
Conversation
vasild
force-pushed
the
onlynet_onion_with_listenonion_is_ok
branch
from
111bec2 to
bbbb175
Compare
|
|
There was a problem hiding this comment.
Light Approach ACK (looked quickly, in seminar ATM)
₿ bitcoind -signet -onlynet=onion -listenonion=0
2022-04-26T12:11:00Z [init] Error: Outbound connections restricted to Tor (-onlynet=onion) but the proxy for reaching the Tor network is not provided: none of -proxy, -onion or -listenonion is given
Error: Outbound connections restricted to Tor (-onlynet=onion) but the proxy for reaching the Tor network is not provided: none of -proxy, -onion or -listenonion is given
2022-04-26T12:11:00Z [init] Shutdown: In progress...
2022-04-26T12:11:00Z [scheduler] scheduler thread exit
2022-04-26T12:11:00Z [shutoff] Shutdown: done
test/functional/feature_proxy.py
Outdated
There was a problem hiding this comment.
maybe keep the test without explicit listenonion=0 (not sure, didn't review deeply yet)
- self.log.info("Test passing -onlynet=onion without -proxy, -onion or -listenonion raises expected init error")
- self.nodes[1].extra_args = ["-onlynet=onion", "-listenonion=0"]
msg = (
"Error: Outbound connections restricted to Tor (-onlynet=onion) but "
"the proxy for reaching the Tor network is not provided: "
"none of -proxy, -onion or -listenonion is given"
)
+
+ self.log.info("Test passing -onlynet=onion without -proxy or -onion raises expected init error")
+ self.nodes[1].extra_args = ["-onlynet=onion", "-listen"]
+ self.nodes[1].assert_start_raises_init_error(expected_msg=msg)
+
+ self.log.info("Test passing -onlynet=onion and -listen, without -proxy or -onion, and with -listenonion disabled raises expected init error")
+ self.nodes[1].extra_args = ["-onlynet=onion", "-listen", "-listenonion=0"]
self.nodes[1].assert_start_raises_init_error(expected_msg=msg)There was a problem hiding this comment.
Since now the behavior depends on the -listenonion value, I added two tests - one with 1 and one with 0. Leaving the test without an explicit -listenonion would mean relying on some parameter interaction or that the testing framework uses a specific value. This could result in a test failure if it is changed.
|
Concept ACK
Nice! |
|
tACK bbbb175
|
|
@midnightmagic Can you confirm this solves your issue? |
|
|
vasild
force-pushed
the
onlynet_onion_with_listenonion_is_ok
branch
from
bbbb175 to
c313568
Compare
|
Does this issue prevent incoming connections via Tor, if |
|
@schildbach, no, the issue itself (described in #24980) is that startup would abort with an error if This PR aims to fix that problem by relaxing the startup check to allow startup with |
jonatack
left a comment
jonatack
left a comment
There was a problem hiding this comment.
Diff LGTM in latest push per git diff bbbb175 c313568, will re-review.
I've been running version 23.0 for days, and I've not got a single incoming connection via Tor.
@schildbach If you like, send me your tor address over IRC (nick jonatack on #bitcoin-core-dev) and I'll try to manually connect to you.
It does not make sense to specify `-onlynet=onion` without providing a Tor proxy (even if other `-onlynet=...` are given). This is checked during startup. However, it was forgotten that a Tor proxy can also be retrieved from "Tor control" to which we connect if `-listenonion=1`. So, the full Tor proxy retrieval logic is: 1. get it from `-onion` 2. get it from `-proxy` 3. if `-listenonion=1`, then connect to "Tor control" and get the proxy from there (was forgotten before this change) Fixes bitcoin#24980 Github-Pull: bitcoin#24991 Rebased-From: c313568a97bbac41d7f372f62594e440a515e1f5
vasild
force-pushed
the
onlynet_onion_with_listenonion_is_ok
branch
from
c313568 to
28ae912
Compare
|
Previously invalidated ACK from @dunxen |
|
re-ACK 28ae912 |
|
Concept ACK, will review closely soon. I think it would be nice to get this fixed for 24.0. |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
jonatack
left a comment
jonatack
left a comment
There was a problem hiding this comment.
ACK 28ae912f501e1a09bd050dcf35ecf712374f743f
I agree that this should be tagged for the v24.0 milestone, have run across this issue myself.
src/init.cpp
Outdated
There was a problem hiding this comment.
nit, use the same (more explicit) phrasing here as for the error message below, and consistent verb tense
- _("Outbound connections restricted to Tor (-onlynet=onion) but the proxy for "
- "reaching the Tor network is explicitly forbidden: -onion=0"));
+ _("The -onlynet=onion configuration option was passed to restrict outbound"
+ " connections to Tor, but the proxy for reaching the Tor network was explicitly forbidden: -onion=0"));There was a problem hiding this comment.
Would be good to have consistent wording here and for I2P and CJDNS in #25989.
master:
Outbound connections restricted to Tor (-onlynet=onion) but the proxy for reaching the Tor network is not provided ...
this PR:
Outbound connections restricted to Tor (-onlynet=onion) but the proxy for reaching the Tor network is explicitly forbidden: -onion=0
The -onlynet=onion configuration option was passed to restrict outbound connections to Tor, but the proxy for reaching the Tor network was not provided ...
Outbound connections restricted to CJDNS (-onlynet=cjdns) but -cjdnsreachable is not provided
Outbound connections restricted to i2p (-onlynet=i2p) but -i2psam is not provided
There was a problem hiding this comment.
I changed the second message in this PR to be consistent with the rest:
Outbound connections restricted to Tor (-onlynet=onion) but the proxy for reaching the Tor network is not provided: none of -proxy, -onion or -listenonion is given
There was a problem hiding this comment.
I think the explicit version is clearer.
test/functional/feature_proxy.py
Outdated
There was a problem hiding this comment.
- these two lines can be combined to one, i.e.
self.start_node(1, extra_args=["-onlynet=onion", "-listenonion=1"]) - maybe check that Tor is successfully up with assert_debug_log
self.log.info("Test passing -onlynet=onion without -proxy or -onion but with -listenonion=1 is ok")
- self.nodes[1].extra_args = ["-onlynet=onion", "-listenonion=1"]
- self.start_node(1)
+ with self.nodes[1].assert_debug_log(["[tor] Authentication successful"]):
+ self.start_node(1, extra_args=["-onlynet=onion", "-listenonion=1"])
self.stop_node(1)There was a problem hiding this comment.
I combined the two lines to one, as suggested.
However, expecting "[tor] Authentication successful" in the log failed for me because it tried to talk to a Tor daemon on 127.0.0.1:9051, not to the Python one from the testing framework at self.conf2.addr, because when overriding extra_args the setting -onion=... which was in extra_args is lost.
It does not make sense to specify `-onlynet=onion` without providing a Tor proxy (even if other `-onlynet=...` are given). This is checked during startup. However, it was forgotten that a Tor proxy can also be retrieved from "Tor control" to which we connect if `-listenonion=1`. So, the full Tor proxy retrieval logic is: 1. get it from `-onion` 2. get it from `-proxy` 3. if `-listenonion=1`, then connect to "Tor control" and get the proxy from there (was forgotten before this change) Fixes bitcoin#24980
vasild
force-pushed
the
onlynet_onion_with_listenonion_is_ok
branch
from
28ae912 to
2d0b4e4
Compare
|
Concept ACK |
|
Tested ACK 2d0b4e4 |
|
ACK 2d0b4e4 🕸 Show signatureSignature: |
…nion=1 2d0b4e4 init: allow startup with -onlynet=onion -listenonion=1 (Vasil Dimov) Pull request description: It does not make sense to specify `-onlynet=onion` without providing a Tor proxy (even if other `-onlynet=...` are given). This is checked during startup. However, it was forgotten that a Tor proxy can also be retrieved from "Tor control" to which we connect if `-listenonion=1`. So, the full Tor proxy retrieval logic is: 1. get it from `-onion` 2. get it from `-proxy` 3. if `-listenonion=1`, then connect to "Tor control" and get the proxy from there (was forgotten before this change) Fixes bitcoin#24980 ACKs for top commit: mzumsande: Tested ACK 2d0b4e4 MarcoFalke: ACK 2d0b4e4 🕸 Tree-SHA512: d1d18e07a8a40a47b7f00c31cb291a3d3a9b24eeb28c5e4720d5df4997f488583a3a010d46902b4b600d2ed1136a368e1051c133847ae165e0748b8167603dc3
ghost
mentioned this pull request
10 participants
It does not make sense to specify
-onlynet=onionwithout providing aTor proxy (even if other
-onlynet=...are given). This is checkedduring startup. However, it was forgotten that a Tor proxy can also be
retrieved from "Tor control" to which we connect if
-listenonion=1.So, the full Tor proxy retrieval logic is:
-onion-proxy-listenonion=1, then connect to "Tor control" and get the proxyfrom there (was forgotten before this change)
Fixes #24980