mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 03:52:49 +01:00
merge bitcoin#19638: Replace hidden service with onion service
This commit is contained in:
parent
81c686e7db
commit
f003f00e9a
@ -89,7 +89,7 @@ include:
|
|||||||
Examples:
|
Examples:
|
||||||
|
|
||||||
feat(consensus): add new opcode for BIP-XXXX OP_CHECKAWESOMESIG
|
feat(consensus): add new opcode for BIP-XXXX OP_CHECKAWESOMESIG
|
||||||
feat(net): automatically create hidden service, listen on Tor
|
feat(net): automatically create onion service, listen on Tor
|
||||||
feat(qt): add feed bump button
|
feat(qt): add feed bump button
|
||||||
fix(log): fix typo in log message
|
fix(log): fix typo in log message
|
||||||
feat(rpc)!: modify gettransaction parameter type
|
feat(rpc)!: modify gettransaction parameter type
|
||||||
|
@ -60,7 +60,7 @@ RPC interface will be abused.
|
|||||||
are sent as clear text that can be read by anyone on your network
|
are sent as clear text that can be read by anyone on your network
|
||||||
path. Additionally, the RPC interface has not been hardened to
|
path. Additionally, the RPC interface has not been hardened to
|
||||||
withstand arbitrary Internet traffic, so changing the above settings
|
withstand arbitrary Internet traffic, so changing the above settings
|
||||||
to expose it to the Internet (even using something like a Tor hidden
|
to expose it to the Internet (even using something like a Tor onion
|
||||||
service) could expose you to unconsidered vulnerabilities. See
|
service) could expose you to unconsidered vulnerabilities. See
|
||||||
`dashd -help` for more information about these settings and other
|
`dashd -help` for more information about these settings and other
|
||||||
settings described in this document.
|
settings described in this document.
|
||||||
|
@ -65,7 +65,7 @@ Subdirectory | File(s) | Description
|
|||||||
`./` | `fee_estimates.dat` | Stores statistics used to estimate minimum transaction fees and priorities required for confirmation
|
`./` | `fee_estimates.dat` | Stores statistics used to estimate minimum transaction fees and priorities required for confirmation
|
||||||
`./` | `guisettings.ini.bak` | Backup of former [GUI settings](#gui-settings) after `-resetguisettings` option is used
|
`./` | `guisettings.ini.bak` | Backup of former [GUI settings](#gui-settings) after `-resetguisettings` option is used
|
||||||
`./` | `mempool.dat` | Dump of the mempool's transactions
|
`./` | `mempool.dat` | Dump of the mempool's transactions
|
||||||
`./` | `onion_v3_private_key` | Cached Tor hidden service private key for `-listenonion` option
|
`./` | `onion_v3_private_key` | Cached Tor onion service private key for `-listenonion` option
|
||||||
`./` | `peers.dat` | Peer IP address database (custom format)
|
`./` | `peers.dat` | Peer IP address database (custom format)
|
||||||
`./` | `settings.json` | Read-write settings set through GUI or RPC interfaces, augmenting manual settings from [dash.conf](dash-conf.md). File is created automatically if read-write settings storage is not disabled with `-nosettings` option. Path can be specified with `-settings` option
|
`./` | `settings.json` | Read-write settings set through GUI or RPC interfaces, augmenting manual settings from [dash.conf](dash-conf.md). File is created automatically if read-write settings storage is not disabled with `-nosettings` option. Path can be specified with `-settings` option
|
||||||
`./` | `.cookie` | Session RPC authentication cookie; if used, created at start and deleted on shutdown; can be specified by `-rpccookiefile` option
|
`./` | `.cookie` | Session RPC authentication cookie; if used, created at start and deleted on shutdown; can be specified by `-rpccookiefile` option
|
||||||
|
20
doc/tor.md
20
doc/tor.md
@ -1,6 +1,6 @@
|
|||||||
# TOR SUPPORT IN DASH CORE
|
# TOR SUPPORT IN DASH CORE
|
||||||
|
|
||||||
It is possible to run Dash Core as a Tor hidden service, and connect to such services.
|
It is possible to run Dash Core as a Tor onion service, and connect to such services.
|
||||||
|
|
||||||
The following directions assume you have a Tor proxy running on port 9050. Many
|
The following directions assume you have a Tor proxy running on port 9050. Many
|
||||||
distributions default to having a SOCKS proxy listening on port 9050, but others
|
distributions default to having a SOCKS proxy listening on port 9050, but others
|
||||||
@ -17,12 +17,12 @@ outgoing connections, but more is possible.
|
|||||||
-proxy=ip:port Set the proxy server. If SOCKS5 is selected (default), this proxy
|
-proxy=ip:port Set the proxy server. If SOCKS5 is selected (default), this proxy
|
||||||
server will be used to try to reach .onion addresses as well.
|
server will be used to try to reach .onion addresses as well.
|
||||||
|
|
||||||
-onion=ip:port Set the proxy server to use for Tor hidden services. You do not
|
-onion=ip:port Set the proxy server to use for Tor onion services. You do not
|
||||||
need to set this if it's the same as -proxy. You can use -noonion
|
need to set this if it's the same as -proxy. You can use -noonion
|
||||||
to explicitly disable access to hidden services.
|
to explicitly disable access to onion services.
|
||||||
|
|
||||||
-listen When using -proxy, listening is disabled by default. If you want
|
-listen When using -proxy, listening is disabled by default. If you want
|
||||||
to run a hidden service (see next section), you'll need to enable
|
to run an onion service (see next section), you'll need to enable
|
||||||
it explicitly.
|
it explicitly.
|
||||||
|
|
||||||
-connect=X When behind a Tor proxy, you can specify .onion addresses instead
|
-connect=X When behind a Tor proxy, you can specify .onion addresses instead
|
||||||
@ -120,11 +120,11 @@ Note: All these nodes are hosted by masternodehosting.com
|
|||||||
## 4. Automatically listen on Tor
|
## 4. Automatically listen on Tor
|
||||||
|
|
||||||
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
|
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
|
||||||
API, to create and destroy 'ephemeral' hidden services programmatically.
|
API, to create and destroy 'ephemeral' onion services programmatically.
|
||||||
Dash Core has been updated to make use of this.
|
Dash Core has been updated to make use of this.
|
||||||
|
|
||||||
This means that if Tor is running (and proper authentication has been configured),
|
This means that if Tor is running (and proper authentication has been configured),
|
||||||
Dash Core automatically creates a hidden service to listen on. This will positively
|
Dash Core automatically creates a onion service to listen on. This will positively
|
||||||
affect the number of available .onion nodes.
|
affect the number of available .onion nodes.
|
||||||
|
|
||||||
This new feature is enabled by default if Dash Core is listening (`-listen`), and
|
This new feature is enabled by default if Dash Core is listening (`-listen`), and
|
||||||
@ -136,7 +136,7 @@ Connecting to Tor's control socket API requires one of two authentication method
|
|||||||
configured. It also requires the control socket to be enabled, e.g. put `ControlPort 9051`
|
configured. It also requires the control socket to be enabled, e.g. put `ControlPort 9051`
|
||||||
in `torrc` config file. For cookie authentication the user running dashd must have read
|
in `torrc` config file. For cookie authentication the user running dashd must have read
|
||||||
access to the `CookieAuthFile` specified in Tor configuration. In some cases this is
|
access to the `CookieAuthFile` specified in Tor configuration. In some cases this is
|
||||||
preconfigured and the creation of a hidden service is automatic. If permission problems
|
preconfigured and the creation of an onion service is automatic. If permission problems
|
||||||
are seen with `-debug=tor` they can be resolved by adding both the user running Tor and
|
are seen with `-debug=tor` they can be resolved by adding both the user running Tor and
|
||||||
the user running dashd to the same group and setting permissions appropriately. On
|
the user running dashd to the same group and setting permissions appropriately. On
|
||||||
Debian-based systems the user running dashd can be added to the debian-tor group,
|
Debian-based systems the user running dashd can be added to the debian-tor group,
|
||||||
@ -153,8 +153,8 @@ in the tor configuration file. The hashed password can be obtained with the comm
|
|||||||
|
|
||||||
## 5. Privacy recommendations
|
## 5. Privacy recommendations
|
||||||
|
|
||||||
- Do not add anything but Dash Core ports to the hidden service created in section 2.
|
- Do not add anything but Dash Core ports to the onion service created in section 2.
|
||||||
If you run a web service too, create a new hidden service for that.
|
If you run a web service too, create a new onion service for that.
|
||||||
Otherwise it is trivial to link them, which may reduce privacy. Hidden
|
Otherwise it is trivial to link them, which may reduce privacy. Onion
|
||||||
services created automatically (as in section 3) always have only one port
|
services created automatically (as in section 3) always have only one port
|
||||||
open.
|
open.
|
||||||
|
@ -573,13 +573,13 @@ void SetupServerArgs(NodeContext& node)
|
|||||||
argsman.AddArg("-externalip=<ip>", "Specify your own public address", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-externalip=<ip>", "Specify your own public address", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-forcednsseed", strprintf("Always query for peer addresses via DNS lookup (default: %u)", DEFAULT_FORCEDNSSEED), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-forcednsseed", strprintf("Always query for peer addresses via DNS lookup (default: %u)", DEFAULT_FORCEDNSSEED), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-listen", "Accept connections from outside (default: 1 if no -proxy or -connect)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-listen", "Accept connections from outside (default: 1 if no -proxy or -connect)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-listenonion", strprintf("Automatically create Tor hidden service (default: %d)", DEFAULT_LISTEN_ONION), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-listenonion", strprintf("Automatically create Tor onion service (default: %d)", DEFAULT_LISTEN_ONION), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-maxconnections=<n>", strprintf("Maintain at most <n> connections to peers (temporary service connections excluded) (default: %u)", DEFAULT_MAX_PEER_CONNECTIONS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-maxconnections=<n>", strprintf("Maintain at most <n> connections to peers (temporary service connections excluded) (default: %u)", DEFAULT_MAX_PEER_CONNECTIONS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-maxreceivebuffer=<n>", strprintf("Maximum per-connection receive buffer, <n>*1000 bytes (default: %u)", DEFAULT_MAXRECEIVEBUFFER), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-maxreceivebuffer=<n>", strprintf("Maximum per-connection receive buffer, <n>*1000 bytes (default: %u)", DEFAULT_MAXRECEIVEBUFFER), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-maxsendbuffer=<n>", strprintf("Maximum per-connection send buffer, <n>*1000 bytes (default: %u)", DEFAULT_MAXSENDBUFFER), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-maxsendbuffer=<n>", strprintf("Maximum per-connection send buffer, <n>*1000 bytes (default: %u)", DEFAULT_MAXSENDBUFFER), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-maxtimeadjustment", strprintf("Maximum allowed median peer time offset adjustment. Local perspective of time may be influenced by peers forward or backward by this amount. (default: %u seconds)", DEFAULT_MAX_TIME_ADJUSTMENT), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-maxtimeadjustment", strprintf("Maximum allowed median peer time offset adjustment. Local perspective of time may be influenced by peers forward or backward by this amount. (default: %u seconds)", DEFAULT_MAX_TIME_ADJUSTMENT), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-maxuploadtarget=<n>", strprintf("Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: %d)", DEFAULT_MAX_UPLOAD_TARGET), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-maxuploadtarget=<n>", strprintf("Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: %d)", DEFAULT_MAX_UPLOAD_TARGET), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-onion=<ip:port>", "Use separate SOCKS5 proxy to reach peers via Tor hidden services, set -noonion to disable (default: -proxy)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-onion=<ip:port>", "Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-onlynet=<net>", "Make outgoing connections only through network <net> (ipv4, ipv6 or onion). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-onlynet=<net>", "Make outgoing connections only through network <net> (ipv4, ipv6 or onion). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
|
||||||
|
@ -703,10 +703,10 @@
|
|||||||
<item>
|
<item>
|
||||||
<widget class="QCheckBox" name="connectSocksTor">
|
<widget class="QCheckBox" name="connectSocksTor">
|
||||||
<property name="toolTip">
|
<property name="toolTip">
|
||||||
<string>Connect to the Dash network through a separate SOCKS5 proxy for Tor hidden services.</string>
|
<string>Connect to the Dash network through a separate SOCKS5 proxy for Tor onion services.</string>
|
||||||
</property>
|
</property>
|
||||||
<property name="text">
|
<property name="text">
|
||||||
<string>Use separate SOCKS&5 proxy to reach peers via Tor hidden services:</string>
|
<string>Use separate SOCKS&5 proxy to reach peers via Tor onion services:</string>
|
||||||
</property>
|
</property>
|
||||||
</widget>
|
</widget>
|
||||||
</item>
|
</item>
|
||||||
|
@ -413,7 +413,7 @@ static bool WriteBinaryFile(const fs::path &filename, const std::string &data)
|
|||||||
/****** Bitcoin specific TorController implementation ********/
|
/****** Bitcoin specific TorController implementation ********/
|
||||||
|
|
||||||
/** Controller that connects to Tor control socket, authenticate, then create
|
/** Controller that connects to Tor control socket, authenticate, then create
|
||||||
* and maintain an ephemeral hidden service.
|
* and maintain an ephemeral onion service.
|
||||||
*/
|
*/
|
||||||
class TorController
|
class TorController
|
||||||
{
|
{
|
||||||
@ -545,7 +545,7 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply&
|
|||||||
if (private_key.empty()) { // No private key, generate one
|
if (private_key.empty()) { // No private key, generate one
|
||||||
private_key = "NEW:ED25519-V3"; // Explicitly request key type - see issue #9214
|
private_key = "NEW:ED25519-V3"; // Explicitly request key type - see issue #9214
|
||||||
}
|
}
|
||||||
// Request hidden service, redirect port.
|
// Request onion service, redirect port.
|
||||||
// Note that the 'virtual' port is always the default port to avoid decloaking nodes using other ports.
|
// Note that the 'virtual' port is always the default port to avoid decloaking nodes using other ports.
|
||||||
_conn.Command(strprintf("ADD_ONION %s Port=%i,%s", private_key, Params().GetDefaultPort(), m_target.ToStringIPPort()),
|
_conn.Command(strprintf("ADD_ONION %s Port=%i,%s", private_key, Params().GetDefaultPort(), m_target.ToStringIPPort()),
|
||||||
std::bind(&TorController::add_onion_cb, this, std::placeholders::_1, std::placeholders::_2));
|
std::bind(&TorController::add_onion_cb, this, std::placeholders::_1, std::placeholders::_2));
|
||||||
|
Loading…
Reference in New Issue
Block a user