diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/init.cpp | 37 | ||||
| -rw-r--r-- | src/interfaces/node.h | 4 | ||||
| -rw-r--r-- | src/net.cpp | 4 | ||||
| -rw-r--r-- | src/netbase.cpp | 14 | ||||
| -rw-r--r-- | src/netbase.h | 16 | ||||
| -rw-r--r-- | src/node/interfaces.cpp | 2 | ||||
| -rw-r--r-- | src/qt/clientmodel.cpp | 2 | ||||
| -rw-r--r-- | src/qt/optionsdialog.cpp | 4 | ||||
| -rw-r--r-- | src/rpc/net.cpp | 2 | ||||
| -rw-r--r-- | src/torcontrol.cpp | 19 |
10 files changed, 63 insertions, 41 deletions
diff --git a/src/init.cpp b/src/init.cpp index 02ea30e28e..ce666534ae 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -462,7 +462,7 @@ void SetupServerArgs(ArgsManager& argsman) argsman.AddArg("-onion=<ip:port>", "Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-i2psam=<ip:port>", "I2P SAM proxy to reach I2P peers and accept I2P connections (default: none)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-i2pacceptincoming", "If set and -i2psam is also set then incoming I2P connections are accepted via the SAM proxy. If this is not set but -i2psam is set then only outgoing connections will be made to the I2P network. Ignored if -i2psam is not set. Listening for incoming I2P connections is done through the SAM proxy, not by binding to a local address and port (default: 1)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); - argsman.AddArg("-onlynet=<net>", "Make outgoing connections only through network <net> (" + Join(GetNetworkNames(), ", ") + "). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks. Warning: if it is used with non-onion networks and the -onion or -proxy option is set, then outbound onion connections will still be made; use -noonion or -onion=0 to disable outbound onion connections in this case.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); + argsman.AddArg("-onlynet=<net>", "Make automatic outgoing connections only through network <net> (" + Join(GetNetworkNames(), ", ") + "). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-permitbaremultisig", strprintf("Relay non-P2SH multisig (default: %u)", DEFAULT_PERMIT_BAREMULTISIG), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); @@ -1317,27 +1317,27 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info) // Check for host lookup allowed before parsing any network related parameters fNameLookup = args.GetBoolArg("-dns", DEFAULT_NAME_LOOKUP); + Proxy onion_proxy; + bool proxyRandomize = args.GetBoolArg("-proxyrandomize", DEFAULT_PROXYRANDOMIZE); // -proxy sets a proxy for all outgoing network traffic // -noproxy (or -proxy=0) as well as the empty string can be used to not set a proxy, this is the default std::string proxyArg = args.GetArg("-proxy", ""); - SetReachable(NET_ONION, false); if (proxyArg != "" && proxyArg != "0") { CService proxyAddr; if (!Lookup(proxyArg, proxyAddr, 9050, fNameLookup)) { return InitError(strprintf(_("Invalid -proxy address or hostname: '%s'"), proxyArg)); } - proxyType addrProxy = proxyType(proxyAddr, proxyRandomize); + Proxy addrProxy = Proxy(proxyAddr, proxyRandomize); if (!addrProxy.IsValid()) return InitError(strprintf(_("Invalid -proxy address or hostname: '%s'"), proxyArg)); SetProxy(NET_IPV4, addrProxy); SetProxy(NET_IPV6, addrProxy); - SetProxy(NET_ONION, addrProxy); SetProxy(NET_CJDNS, addrProxy); SetNameProxy(addrProxy); - SetReachable(NET_ONION, true); // by default, -proxy sets onion as reachable, unless -noonion later + onion_proxy = addrProxy; } // -onion can be used to set only a proxy for .onion, or override normal proxy for .onion addresses @@ -1346,18 +1346,26 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info) std::string onionArg = args.GetArg("-onion", ""); if (onionArg != "") { if (onionArg == "0") { // Handle -noonion/-onion=0 - SetReachable(NET_ONION, false); + onion_proxy = Proxy{}; } else { - CService onionProxy; - if (!Lookup(onionArg, onionProxy, 9050, fNameLookup)) { + CService addr; + if (!Lookup(onionArg, addr, 9050, fNameLookup) || !addr.IsValid()) { return InitError(strprintf(_("Invalid -onion address or hostname: '%s'"), onionArg)); } - proxyType addrOnion = proxyType(onionProxy, proxyRandomize); - if (!addrOnion.IsValid()) - return InitError(strprintf(_("Invalid -onion address or hostname: '%s'"), onionArg)); - SetProxy(NET_ONION, addrOnion); - SetReachable(NET_ONION, true); + onion_proxy = Proxy{addr, proxyRandomize}; + } + } + + if (onion_proxy.IsValid()) { + SetProxy(NET_ONION, onion_proxy); + } else { + if (args.IsArgSet("-onlynet") && IsReachable(NET_ONION)) { + return InitError( + _("Outbound connections restricted to Tor (-onlynet=onion) but the proxy for " + "reaching the Tor network is not provided (no -proxy= and no -onion= given) or " + "it is explicitly forbidden (-onion=0)")); } + SetReachable(NET_ONION, false); } for (const std::string& strAddr : args.GetArgs("-externalip")) { @@ -1752,8 +1760,7 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info) if (!Lookup(i2psam_arg, addr, 7656, fNameLookup) || !addr.IsValid()) { return InitError(strprintf(_("Invalid -i2psam address or hostname: '%s'"), i2psam_arg)); } - SetReachable(NET_I2P, true); - SetProxy(NET_I2P, proxyType{addr}); + SetProxy(NET_I2P, Proxy{addr}); } else { SetReachable(NET_I2P, false); } diff --git a/src/interfaces/node.h b/src/interfaces/node.h index 9c1b196d61..c4dc303dd5 100644 --- a/src/interfaces/node.h +++ b/src/interfaces/node.h @@ -27,7 +27,7 @@ class CNodeStats; class Coin; class RPCTimerInterface; class UniValue; -class proxyType; +class Proxy; enum class SynchronizationState; enum class TransactionError; struct CNodeStateStats; @@ -101,7 +101,7 @@ public: virtual void mapPort(bool use_upnp, bool use_natpmp) = 0; //! Get proxy. - virtual bool getProxy(Network net, proxyType& proxy_info) = 0; + virtual bool getProxy(Network net, Proxy& proxy_info) = 0; //! Get number of connections. virtual size_t getNodeCount(ConnectionDirection flags) = 0; diff --git a/src/net.cpp b/src/net.cpp index 63e25a71bb..d200da0dea 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -449,7 +449,7 @@ CNode* CConnman::ConnectNode(CAddress addrConnect, const char *pszDest, bool fCo // Connect bool connected = false; std::unique_ptr<Sock> sock; - proxyType proxy; + Proxy proxy; CAddress addr_bind; assert(!addr_bind.IsValid()); @@ -2559,7 +2559,7 @@ bool CConnman::Start(CScheduler& scheduler, const Options& connOptions) return false; } - proxyType i2p_sam; + Proxy i2p_sam; if (GetProxy(NET_I2P, i2p_sam)) { m_i2p_sam_session = std::make_unique<i2p::sam::Session>(gArgs.GetDataDirNet() / "i2p_private_key", i2p_sam.proxy, &interruptNet); diff --git a/src/netbase.cpp b/src/netbase.cpp index 87014a0644..a36ad7d179 100644 --- a/src/netbase.cpp +++ b/src/netbase.cpp @@ -31,8 +31,8 @@ // Settings static Mutex g_proxyinfo_mutex; -static proxyType proxyInfo[NET_MAX] GUARDED_BY(g_proxyinfo_mutex); -static proxyType nameProxy GUARDED_BY(g_proxyinfo_mutex); +static Proxy proxyInfo[NET_MAX] GUARDED_BY(g_proxyinfo_mutex); +static Proxy nameProxy GUARDED_BY(g_proxyinfo_mutex); int nConnectTimeout = DEFAULT_CONNECT_TIMEOUT; bool fNameLookup = DEFAULT_NAME_LOOKUP; @@ -605,7 +605,7 @@ bool ConnectSocketDirectly(const CService &addrConnect, const Sock& sock, int nT return true; } -bool SetProxy(enum Network net, const proxyType &addrProxy) { +bool SetProxy(enum Network net, const Proxy &addrProxy) { assert(net >= 0 && net < NET_MAX); if (!addrProxy.IsValid()) return false; @@ -614,7 +614,7 @@ bool SetProxy(enum Network net, const proxyType &addrProxy) { return true; } -bool GetProxy(enum Network net, proxyType &proxyInfoOut) { +bool GetProxy(enum Network net, Proxy &proxyInfoOut) { assert(net >= 0 && net < NET_MAX); LOCK(g_proxyinfo_mutex); if (!proxyInfo[net].IsValid()) @@ -623,7 +623,7 @@ bool GetProxy(enum Network net, proxyType &proxyInfoOut) { return true; } -bool SetNameProxy(const proxyType &addrProxy) { +bool SetNameProxy(const Proxy &addrProxy) { if (!addrProxy.IsValid()) return false; LOCK(g_proxyinfo_mutex); @@ -631,7 +631,7 @@ bool SetNameProxy(const proxyType &addrProxy) { return true; } -bool GetNameProxy(proxyType &nameProxyOut) { +bool GetNameProxy(Proxy &nameProxyOut) { LOCK(g_proxyinfo_mutex); if(!nameProxy.IsValid()) return false; @@ -653,7 +653,7 @@ bool IsProxy(const CNetAddr &addr) { return false; } -bool ConnectThroughProxy(const proxyType& proxy, const std::string& strDest, uint16_t port, const Sock& sock, int nTimeout, bool& outProxyConnectionFailed) +bool ConnectThroughProxy(const Proxy& proxy, const std::string& strDest, uint16_t port, const Sock& sock, int nTimeout, bool& outProxyConnectionFailed) { // first connect to proxy server if (!ConnectSocketDirectly(proxy.proxy, sock, nTimeout, true)) { diff --git a/src/netbase.h b/src/netbase.h index 980aa47d66..b63d53086d 100644 --- a/src/netbase.h +++ b/src/netbase.h @@ -45,11 +45,11 @@ static inline bool operator&(ConnectionDirection a, ConnectionDirection b) { return (underlying(a) & underlying(b)); } -class proxyType +class Proxy { public: - proxyType(): randomize_credentials(false) {} - explicit proxyType(const CService &_proxy, bool _randomize_credentials=false): proxy(_proxy), randomize_credentials(_randomize_credentials) {} + Proxy(): randomize_credentials(false) {} + explicit Proxy(const CService &_proxy, bool _randomize_credentials=false): proxy(_proxy), randomize_credentials(_randomize_credentials) {} bool IsValid() const { return proxy.IsValid(); } @@ -73,8 +73,8 @@ enum Network ParseNetwork(const std::string& net); std::string GetNetworkName(enum Network net); /** Return a vector of publicly routable Network names; optionally append NET_UNROUTABLE. */ std::vector<std::string> GetNetworkNames(bool append_unroutable = false); -bool SetProxy(enum Network net, const proxyType &addrProxy); -bool GetProxy(enum Network net, proxyType &proxyInfoOut); +bool SetProxy(enum Network net, const Proxy &addrProxy); +bool GetProxy(enum Network net, Proxy &proxyInfoOut); bool IsProxy(const CNetAddr &addr); /** * Set the name proxy to use for all connections to nodes specified by a @@ -92,9 +92,9 @@ bool IsProxy(const CNetAddr &addr); * server in common use (most notably Tor) actually implements UDP * support, and a DNS resolver is beyond the scope of this project. */ -bool SetNameProxy(const proxyType &addrProxy); +bool SetNameProxy(const Proxy &addrProxy); bool HaveNameProxy(); -bool GetNameProxy(proxyType &nameProxyOut); +bool GetNameProxy(Proxy &nameProxyOut); using DNSLookupFn = std::function<std::vector<CNetAddr>(const std::string&, bool)>; extern DNSLookupFn g_dns_lookup; @@ -219,7 +219,7 @@ bool ConnectSocketDirectly(const CService &addrConnect, const Sock& sock, int nT * * @returns Whether or not the operation succeeded. */ -bool ConnectThroughProxy(const proxyType& proxy, const std::string& strDest, uint16_t port, const Sock& sock, int nTimeout, bool& outProxyConnectionFailed); +bool ConnectThroughProxy(const Proxy& proxy, const std::string& strDest, uint16_t port, const Sock& sock, int nTimeout, bool& outProxyConnectionFailed); /** Disable or enable blocking-mode for a socket */ bool SetSocketNonBlocking(const SOCKET& hSocket, bool fNonBlocking); diff --git a/src/node/interfaces.cpp b/src/node/interfaces.cpp index ffad289fa9..cb063ae9f8 100644 --- a/src/node/interfaces.cpp +++ b/src/node/interfaces.cpp @@ -113,7 +113,7 @@ public: } bool shutdownRequested() override { return ShutdownRequested(); } void mapPort(bool use_upnp, bool use_natpmp) override { StartMapPort(use_upnp, use_natpmp); } - bool getProxy(Network net, proxyType& proxy_info) override { return GetProxy(net, proxy_info); } + bool getProxy(Network net, Proxy& proxy_info) override { return GetProxy(net, proxy_info); } size_t getNodeCount(ConnectionDirection flags) override { return m_context->connman ? m_context->connman->GetNodeCount(flags) : 0; diff --git a/src/qt/clientmodel.cpp b/src/qt/clientmodel.cpp index a28329082a..4327d31787 100644 --- a/src/qt/clientmodel.cpp +++ b/src/qt/clientmodel.cpp @@ -329,7 +329,7 @@ void ClientModel::unsubscribeFromCoreSignals() bool ClientModel::getProxyInfo(std::string& ip_port) const { - proxyType ipv4, ipv6; + Proxy ipv4, ipv6; if (m_node.getProxy((Network) 1, ipv4) && m_node.getProxy((Network) 2, ipv6)) { ip_port = ipv4.proxy.ToStringIPPort(); return true; diff --git a/src/qt/optionsdialog.cpp b/src/qt/optionsdialog.cpp index c05571677c..f90765fe5b 100644 --- a/src/qt/optionsdialog.cpp +++ b/src/qt/optionsdialog.cpp @@ -395,7 +395,7 @@ void OptionsDialog::updateProxyValidationState() void OptionsDialog::updateDefaultProxyNets() { - proxyType proxy; + Proxy proxy; std::string strProxy; QString strDefaultProxyGUI; @@ -425,7 +425,7 @@ QValidator::State ProxyAddressValidator::validate(QString &input, int &pos) cons Q_UNUSED(pos); // Validate the proxy CService serv(LookupNumeric(input.toStdString(), DEFAULT_GUI_PROXY_PORT)); - proxyType addrProxy = proxyType(serv, true); + Proxy addrProxy = Proxy(serv, true); if (addrProxy.IsValid()) return QValidator::Acceptable; diff --git a/src/rpc/net.cpp b/src/rpc/net.cpp index 4d3e3e81d4..1bde4fccbb 100644 --- a/src/rpc/net.cpp +++ b/src/rpc/net.cpp @@ -556,7 +556,7 @@ static UniValue GetNetworksInfo() for (int n = 0; n < NET_MAX; ++n) { enum Network network = static_cast<enum Network>(n); if (network == NET_UNROUTABLE || network == NET_INTERNAL) continue; - proxyType proxy; + Proxy proxy; UniValue obj(UniValue::VOBJ); GetProxy(network, proxy); obj.pushKV("name", GetNetworkName(network)); diff --git a/src/torcontrol.cpp b/src/torcontrol.cpp index 1bbced8cb6..7ae384ceb3 100644 --- a/src/torcontrol.cpp +++ b/src/torcontrol.cpp @@ -382,9 +382,24 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply& // if -onion isn't set to something else. if (gArgs.GetArg("-onion", "") == "") { CService resolved(LookupNumeric("127.0.0.1", 9050)); - proxyType addrOnion = proxyType(resolved, true); + Proxy addrOnion = Proxy(resolved, true); SetProxy(NET_ONION, addrOnion); - SetReachable(NET_ONION, true); + + const auto onlynets = gArgs.GetArgs("-onlynet"); + + const bool onion_allowed_by_onlynet{ + !gArgs.IsArgSet("-onlynet") || + std::any_of(onlynets.begin(), onlynets.end(), [](const auto& n) { + return ParseNetwork(n) == NET_ONION; + })}; + + if (onion_allowed_by_onlynet) { + // If NET_ONION is reachable, then the below is a noop. + // + // If NET_ONION is not reachable, then none of -proxy or -onion was given. + // Since we are here, then -torcontrol and -torpassword were given. + SetReachable(NET_ONION, true); + } } // Finally - now create the service |