diff options
author | fanquake <fanquake@gmail.com> | 2022-09-07 18:23:15 +0100 |
---|---|---|
committer | fanquake <fanquake@gmail.com> | 2022-09-07 18:28:42 +0100 |
commit | 37095c7dc4a85155c35e2473b6a20a53ae413cea (patch) | |
tree | 8a78098d90fd6bfe7b147df353292683ef33f359 /src | |
parent | fc44d1796e4df5824423d7d13de3082fe204db7d (diff) | |
parent | 385f5a4c3feb716fcf3f2b4823535df6da6bb67b (diff) |
Merge bitcoin/bitcoin#25678: p2p: skip querying dns seeds if `-onlynet` disables IPv4 and IPv6
385f5a4c3feb716fcf3f2b4823535df6da6bb67b p2p: Don't query DNS seeds when both IPv4 and IPv6 are unreachable (Martin Zumsande)
91f0a7fbb79fe81a75370a4b60dcdd2e55edfa81 p2p: add only reachable addresses to addrman (Martin Zumsande)
Pull request description:
Currently, `-onlynet` does not work well in connection with initial peer discovery, because DNS seeds only resolve to IPv6 and IPv4 adresses:
With `-onlynet=i2p`, we would load clearnet addresses from DNS seeds into addrman, be content our addrman isn't empty so we don't try to query hardcoded seeds (although these exist for i2p!), and never attempt to make an automatic outbound connection.
With `-onlynet=onion` and `-proxy` set, we wouldn't load addresses via DNS, but will make AddrFetch connections (through a tor exit node) to a random clearnet peer the DNS seed resolves to (see https://github.com/bitcoin/bitcoin/issues/6808#issuecomment-147652505), thus breaching the `-onlynet` preference of the user - this has been reported in the two issues listed below.
This PR proposes two changes:
1.) Don't load addresses that are unreachable (so that we wouldn't connect to them) into addrman. This is already the case for addresses received via p2p addr messages, this PR implements the same for addresses received from DNS seeds and fixed seeds. This means that in the case of `-onlynet=onion`, we wouldn't load fixed seed IPv4 addresses into addrman, only the onion ones.
2.) Skip trying the DNS seeds if neither IPv4 nor IPv6 are reachable and move directly to adding the hardcoded seeds from networks we can connect to. This is done by soft-setting `-dnsseed` to 0 in this case, unless `-dnsseed=1` was explicitly specified, in which case we abort with an `InitError`.
Fixes #6808
Fixes #12344
ACKs for top commit:
naumenkogs:
utACK 385f5a4c3feb716fcf3f2b4823535df6da6bb67b
vasild:
ACK 385f5a4c3feb716fcf3f2b4823535df6da6bb67b
Tree-SHA512: 33a8c29faccb2d9b937b017dba4ef72c10e05e458ccf258f1aed3893bcc37c2e984ec8de998d2ecfa54282abbf44a132e97d98bbcc24a0dcf1871566016a9b91
Diffstat (limited to 'src')
-rw-r--r-- | src/init.cpp | 17 | ||||
-rw-r--r-- | src/net.cpp | 9 |
2 files changed, 24 insertions, 2 deletions
diff --git a/src/init.cpp b/src/init.cpp index f3cb763ecc..0ca94974bb 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -723,6 +723,16 @@ void InitParameterInteraction(ArgsManager& args) if (args.SoftSetBoolArg("-whitelistrelay", true)) LogPrintf("%s: parameter interaction: -whitelistforcerelay=1 -> setting -whitelistrelay=1\n", __func__); } + if (args.IsArgSet("-onlynet")) { + const auto onlynets = args.GetArgs("-onlynet"); + bool clearnet_reachable = std::any_of(onlynets.begin(), onlynets.end(), [](const auto& net) { + const auto n = ParseNetwork(net); + return n == NET_IPV4 || n == NET_IPV6; + }); + if (!clearnet_reachable && args.SoftSetBoolArg("-dnsseed", false)) { + LogPrintf("%s: parameter interaction: -onlynet excludes IPv4 and IPv6 -> setting -dnsseed=0\n", __func__); + } + } } /** @@ -1281,6 +1291,13 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info) // 2.1. -onlynet is not given or // 2.2. -onlynet=cjdns is given + // Requesting DNS seeds entails connecting to IPv4/IPv6, which -onlynet options may prohibit: + // If -dnsseed=1 is explicitly specified, abort. If it's left unspecified by the user, we skip + // the DNS seeds by adjusting -dnsseed in InitParameterInteraction. + if (args.GetBoolArg("-dnsseed") == true && !IsReachable(NET_IPV4) && !IsReachable(NET_IPV6)) { + return InitError(strprintf(_("Incompatible options: -dnsseed=1 was explicitly specified, but -onlynet forbids connections to IPv4/IPv6"))); + }; + // Check for host lookup allowed before parsing any network related parameters fNameLookup = args.GetBoolArg("-dns", DEFAULT_NAME_LOOKUP); diff --git a/src/net.cpp b/src/net.cpp index 6659b64246..d1df393ad3 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -1642,15 +1642,20 @@ void CConnman::ThreadOpenConnections(const std::vector<std::string> connect) LOCK2(m_addr_fetches_mutex, m_added_nodes_mutex); if (m_addr_fetches.empty() && m_added_nodes.empty()) { add_fixed_seeds_now = true; - LogPrintf("Adding fixed seeds as -dnsseed=0, -addnode is not provided and all -seednode(s) attempted\n"); + LogPrintf("Adding fixed seeds as -dnsseed=0 (or IPv4/IPv6 connections are disabled via -onlynet), -addnode is not provided and all -seednode(s) attempted\n"); } } if (add_fixed_seeds_now) { + std::vector<CAddress> seed_addrs{ConvertSeeds(Params().FixedSeeds())}; + seed_addrs.erase(std::remove_if(seed_addrs.begin(), seed_addrs.end(), + [](const CAddress& addr) { return !IsReachable(addr); }), + seed_addrs.end()); CNetAddr local; local.SetInternal("fixedseeds"); - addrman.Add(ConvertSeeds(Params().FixedSeeds()), local); + addrman.Add(seed_addrs, local); add_fixed_seeds = false; + LogPrintf("Added %d fixed seeds from reachable networks.\n", seed_addrs.size()); } } |