merge bitcoin#26838: I2P documentation updates

This commit is contained in:
Kittywhiskers Van Gogh 2023-01-09 07:25:04 -08:00 committed by pasta
parent 5058519bbb
commit 1dc50d05cb
No known key found for this signature in database
GPG Key ID: 52527BEDABE87984
3 changed files with 57 additions and 47 deletions

View File

@ -16,8 +16,7 @@ enabled is required. Options include:
Java Java
- [i2pd (I2P Daemon)](https://github.com/PurpleI2P/i2pd) - [i2pd (I2P Daemon)](https://github.com/PurpleI2P/i2pd)
([documentation](https://i2pd.readthedocs.io/en/latest)), a lighter ([documentation](https://i2pd.readthedocs.io/en/latest)), a lighter
alternative in C++ (successfully tested with version 2.23 and up; version 2.36 alternative in C++
or later recommended)
- [i2p-zero](https://github.com/i2p-zero/i2p-zero) - [i2p-zero](https://github.com/i2p-zero/i2p-zero)
- [other alternatives](https://en.wikipedia.org/wiki/I2P#Routers) - [other alternatives](https://en.wikipedia.org/wiki/I2P#Routers)
@ -33,12 +32,10 @@ Core configuration options:
none) none)
-i2pacceptincoming -i2pacceptincoming
If set and -i2psam is also set then incoming I2P connections are Whether to accept inbound I2P connections (default: 1). Ignored if
accepted via the SAM proxy. If this is not set but -i2psam is set -i2psam is not set. Listening for inbound I2P connections is
then only outgoing connections will be made to the I2P network. done through the SAM proxy, not by binding to a local address and
Ignored if -i2psam is not set. Listening for incoming I2P port.
connections is done through the SAM proxy, not by binding to a
local address and port (default: 1)
``` ```
In a typical situation, this suffices: In a typical situation, this suffices:
@ -47,27 +44,6 @@ In a typical situation, this suffices:
dashd -i2psam=127.0.0.1:7656 dashd -i2psam=127.0.0.1:7656
``` ```
The first time Dash Core connects to the I2P router, if
`-i2pacceptincoming=1`, then it will automatically generate a persistent I2P
address and its corresponding private key. The private key will be saved in a
file named `i2p_private_key` in the Dash Core data directory. The persistent
I2P address is used for accepting incoming connections and for making outgoing
connections if `-i2pacceptincoming=1`. If `-i2pacceptincoming=0` then only
outbound I2P connections are made and a different transient I2P address is used
for each connection to improve privacy.
## Persistent vs transient I2P addresses
In I2P connections, the connection receiver sees the I2P address of the
connection initiator. This is unlike the Tor network where the recipient does
not know who is connecting to them and can't tell if two connections are from
the same peer or not.
If an I2P node is not accepting incoming connections, then Dash Core uses
random, one-time, transient I2P addresses for itself for outbound connections
to make it harder to discriminate, fingerprint or analyze it based on its I2P
address.
## Additional configuration options related to I2P ## Additional configuration options related to I2P
``` ```
@ -104,7 +80,29 @@ In general, a node can be run with both onion and I2P hidden services (or
any/all of IPv4/IPv6/onion/I2P), which can provide a potential fallback if one any/all of IPv4/IPv6/onion/I2P), which can provide a potential fallback if one
of the networks has issues. of the networks has issues.
## I2P-related information in Dash Core ## Persistent vs transient I2P addresses
The first time Dash Core connects to the I2P router, it automatically
generates a persistent I2P address and its corresponding private key by default
or if `-i2pacceptincoming=1` is set. The private key is saved in a file named
`i2p_private_key` in the Dash Core data directory. The persistent I2P
address is used for making outbound connections and accepting inbound
connections.
In the I2P network, the receiver of an inbound connection sees the address of
the initiator. This is unlike the Tor network, where the recipient does not
know who is connecting to it.
If your node is configured by setting `-i2pacceptincoming=0` to not accept
inbound I2P connections, then it will use a random transient I2P address for
itself on each outbound connection to make it harder to discriminate,
fingerprint or analyze it based on its I2P address.
I2P addresses are designed to be long-lived. Waiting for tunnels to be built
for every peer connection adds delay to connection setup time. Therefore, I2P
listening should only be turned off if really needed.
## Fetching I2P-related information from Dash Core
There are several ways to see your I2P address in Dash Core if accepting There are several ways to see your I2P address in Dash Core if accepting
incoming I2P connections (`-i2pacceptincoming`): incoming I2P connections (`-i2pacceptincoming`):
@ -140,14 +138,19 @@ port (`TO_PORT`) is always set to 0 and is not in the control of Dash Core.
## Bandwidth ## Bandwidth
I2P routers may route a large amount of general network traffic with their By default, your node shares bandwidth and transit tunnels with the I2P network
default settings. Check your router's configuration to limit the amount of this in order to increase your anonymity with cover traffic, help the I2P router used
traffic relayed, if desired. by your node integrate optimally with the network, and give back to the network.
It's important that the nodes of a popular application like Dash contribute
as much to the I2P network as they consume.
With `i2pd`, the amount of bandwidth being shared with the wider network can be It is possible, though strongly discouraged, to change your I2P router
adjusted with the `bandwidth`, `share` and `transittunnels` options in your configuration to limit the amount of I2P traffic relayed by your node.
`i2pd.conf` file. For example, to limit total I2P traffic to 256KB/s and share
50% of this limit for a maximum of 20 transit tunnels: With `i2pd`, this can be done by adjusting the `bandwidth`, `share` and
`transittunnels` options in your `i2pd.conf` file. For example, to limit total
I2P traffic to 256KB/s and share 50% of this limit for a maximum of 20 transit
tunnels:
``` ```
bandwidth = 256 bandwidth = 256
@ -157,9 +160,15 @@ share = 50
transittunnels = 20 transittunnels = 20
``` ```
If you prefer not to relay any public I2P traffic and only permit I2P traffic
from programs which are connecting via the SAM proxy, e.g. Dash Core, you
can set the `notransit` option to `true`.
Similar bandwidth configuration options for the Java I2P router can be found in Similar bandwidth configuration options for the Java I2P router can be found in
`http://127.0.0.1:7657/config` under the "Bandwidth" tab. `http://127.0.0.1:7657/config` under the "Bandwidth" tab.
Before doing this, please see the "Participating Traffic Considerations" section
in [Embedding I2P in your Application](https://geti2p.net/en/docs/applications/embedding).
In most cases, the default router settings should work fine.
## Bundling I2P in a Dash application
Please see the "General Guidance for Developers" section in https://geti2p.net/en/docs/api/samv3
if you are developing a downstream application that may be bundling I2P with Dash.

View File

@ -131,8 +131,9 @@
#include <zmq/zmqrpc.h> #include <zmq/zmqrpc.h>
#endif #endif
static const bool DEFAULT_PROXYRANDOMIZE = true; static constexpr bool DEFAULT_PROXYRANDOMIZE{true};
static const bool DEFAULT_REST_ENABLE = false; static constexpr bool DEFAULT_REST_ENABLE{false};
static constexpr bool DEFAULT_I2P_ACCEPT_INCOMING{true};
static CDSNotificationInterface* pdsNotificationInterface = nullptr; static CDSNotificationInterface* pdsNotificationInterface = nullptr;
@ -581,7 +582,7 @@ void SetupServerArgs(NodeContext& node)
argsman.AddArg("-maxuploadtarget=<n>", strprintf("Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: %d)", DEFAULT_MAX_UPLOAD_TARGET), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-maxuploadtarget=<n>", strprintf("Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: %d)", DEFAULT_MAX_UPLOAD_TARGET), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-onion=<ip:port>", "Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-onion=<ip:port>", "Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-i2psam=<ip:port>", "I2P SAM proxy to reach I2P peers and accept I2P connections (default: none)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-i2psam=<ip:port>", "I2P SAM proxy to reach I2P peers and accept I2P connections (default: none)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-i2pacceptincoming", "If set and -i2psam is also set then incoming I2P connections are accepted via the SAM proxy. If this is not set but -i2psam is set then only outgoing connections will be made to the I2P network. Ignored if -i2psam is not set. Listening for incoming I2P connections is done through the SAM proxy, not by binding to a local address and port (default: 1)", ArgsManager::ALLOW_BOOL, OptionsCategory::CONNECTION); argsman.AddArg("-i2pacceptincoming", strprintf("Whether to accept inbound I2P connections (default: %i). Ignored if -i2psam is not set. Listening for inbound I2P connections is done through the SAM proxy, not by binding to a local address and port.", DEFAULT_I2P_ACCEPT_INCOMING), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-onlynet=<net>", "Make outgoing connections only through network <net> (" + Join(GetNetworkNames(), ", ") + "). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks. Warning: if it is used with non-onion networks and the -onion or -proxy option is set, then outbound onion connections will still be made; use -noonion or -onion=0 to disable outbound onion connections in this case.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-onlynet=<net>", "Make outgoing connections only through network <net> (" + Join(GetNetworkNames(), ", ") + "). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks. Warning: if it is used with non-onion networks and the -onion or -proxy option is set, then outbound onion connections will still be made; use -noonion or -onion=0 to disable outbound onion connections in this case.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
@ -2534,7 +2535,7 @@ bool AppInitMain(const CoreContext& context, NodeContext& node, interfaces::Bloc
SetReachable(NET_I2P, false); SetReachable(NET_I2P, false);
} }
connOptions.m_i2p_accept_incoming = args.GetBoolArg("-i2pacceptincoming", true); connOptions.m_i2p_accept_incoming = args.GetBoolArg("-i2pacceptincoming", DEFAULT_I2P_ACCEPT_INCOMING);
if (!node.connman->Start(*node.dmnman, *node.mn_metaman, *node.mn_sync, *node.scheduler, connOptions)) { if (!node.connman->Start(*node.dmnman, *node.mn_metaman, *node.mn_sync, *node.scheduler, connOptions)) {
return false; return false;

View File

@ -23,12 +23,12 @@ class I2PSessions(BitcoinTestFramework):
self.log.info("Ensure we create a persistent session when -i2pacceptincoming=1") self.log.info("Ensure we create a persistent session when -i2pacceptincoming=1")
node0 = self.nodes[0] node0 = self.nodes[0]
with node0.assert_debug_log(expected_msgs=[f"Creating persistent SAM session"]): with node0.assert_debug_log(expected_msgs=["Creating persistent SAM session"]):
node0.addnode(node=addr, command="onetry") node0.addnode(node=addr, command="onetry")
self.log.info("Ensure we create a transient session when -i2pacceptincoming=0") self.log.info("Ensure we create a transient session when -i2pacceptincoming=0")
node1 = self.nodes[1] node1 = self.nodes[1]
with node1.assert_debug_log(expected_msgs=[f"Creating transient SAM session"]): with node1.assert_debug_log(expected_msgs=["Creating transient SAM session"]):
node1.addnode(node=addr, command="onetry") node1.addnode(node=addr, command="onetry")