From e53a8505dbb6f9deaae8ac82793a4fb760a1e0a6 Mon Sep 17 00:00:00 2001
From: Vasil Dimov <vd@FreeBSD.org>
Date: Mon, 30 Aug 2021 14:33:29 +0200
Subject: net: respect -onlynet= when making outbound connections

Do not make outbound connections to hosts which belong to a network
which is restricted by `-onlynet`.

This applies to hosts that are automatically chosen to connect to and to
anchors.

This does not apply to hosts given to `-connect`, `-addnode`,
`addnode` RPC, dns seeds, `-seednodes`.

Fixes https://github.com/bitcoin/bitcoin/issues/13378
Fixes https://github.com/bitcoin/bitcoin/issues/22647
Supersedes https://github.com/bitcoin/bitcoin/pull/22651
---
 src/torcontrol.cpp | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'src/torcontrol.cpp')

diff --git a/src/torcontrol.cpp b/src/torcontrol.cpp
index 55618a5c57..fdf1957bff 100644
--- a/src/torcontrol.cpp
+++ b/src/torcontrol.cpp
@@ -380,7 +380,22 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply&
             CService resolved(LookupNumeric("127.0.0.1", 9050));
             proxyType addrOnion = proxyType(resolved, true);
             SetProxy(NET_ONION, addrOnion);
-            SetReachable(NET_ONION, true);
+
+            const auto onlynets = gArgs.GetArgs("-onlynet");
+
+            const bool onion_allowed_by_onlynet{
+                !gArgs.IsArgSet("-onlynet") ||
+                std::any_of(onlynets.begin(), onlynets.end(), [](const auto& n) {
+                    return ParseNetwork(n) == NET_ONION;
+                })};
+
+            if (onion_allowed_by_onlynet) {
+                // If NET_ONION is reachable, then the below is a noop.
+                //
+                // If NET_ONION is not reachable, then none of -proxy or -onion was given.
+                // Since we are here, then -torcontrol and -torpassword were given.
+                SetReachable(NET_ONION, true);
+            }
         }
 
         // Finally - now create the service
-- 
cgit v1.2.3


From 0eea83a85ec6b215d44facc2b16ee1b035275a6b Mon Sep 17 00:00:00 2001
From: Vasil Dimov <vd@FreeBSD.org>
Date: Mon, 8 Nov 2021 17:34:32 +0100
Subject: scripted-diff: rename `proxyType` to `Proxy`

-BEGIN VERIFY SCRIPT-
sed -i 's/\<proxyType\>/Proxy/g' $(git grep -l proxyType)
-END VERIFY SCRIPT-
---
 src/torcontrol.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/torcontrol.cpp')

diff --git a/src/torcontrol.cpp b/src/torcontrol.cpp
index fdf1957bff..38a49b8534 100644
--- a/src/torcontrol.cpp
+++ b/src/torcontrol.cpp
@@ -378,7 +378,7 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply&
         // if -onion isn't set to something else.
         if (gArgs.GetArg("-onion", "") == "") {
             CService resolved(LookupNumeric("127.0.0.1", 9050));
-            proxyType addrOnion = proxyType(resolved, true);
+            Proxy addrOnion = Proxy(resolved, true);
             SetProxy(NET_ONION, addrOnion);
 
             const auto onlynets = gArgs.GetArgs("-onlynet");
-- 
cgit v1.2.3