merge bitcoin#19638: Replace hidden service with onion service

This commit is contained in:
Kittywhiskers Van Gogh 2020-08-01 15:10:26 +02:00 committed by PastaPastaPasta
parent 81c686e7db
commit f003f00e9a
7 changed files with 19 additions and 19 deletions

View File

@ -89,7 +89,7 @@ include:
Examples: Examples:
feat(consensus): add new opcode for BIP-XXXX OP_CHECKAWESOMESIG feat(consensus): add new opcode for BIP-XXXX OP_CHECKAWESOMESIG
feat(net): automatically create hidden service, listen on Tor feat(net): automatically create onion service, listen on Tor
feat(qt): add feed bump button feat(qt): add feed bump button
fix(log): fix typo in log message fix(log): fix typo in log message
feat(rpc)!: modify gettransaction parameter type feat(rpc)!: modify gettransaction parameter type

View File

@ -60,7 +60,7 @@ RPC interface will be abused.
are sent as clear text that can be read by anyone on your network are sent as clear text that can be read by anyone on your network
path. Additionally, the RPC interface has not been hardened to path. Additionally, the RPC interface has not been hardened to
withstand arbitrary Internet traffic, so changing the above settings withstand arbitrary Internet traffic, so changing the above settings
to expose it to the Internet (even using something like a Tor hidden to expose it to the Internet (even using something like a Tor onion
service) could expose you to unconsidered vulnerabilities. See service) could expose you to unconsidered vulnerabilities. See
`dashd -help` for more information about these settings and other `dashd -help` for more information about these settings and other
settings described in this document. settings described in this document.

View File

@ -65,7 +65,7 @@ Subdirectory | File(s) | Description
`./` | `fee_estimates.dat` | Stores statistics used to estimate minimum transaction fees and priorities required for confirmation `./` | `fee_estimates.dat` | Stores statistics used to estimate minimum transaction fees and priorities required for confirmation
`./` | `guisettings.ini.bak` | Backup of former [GUI settings](#gui-settings) after `-resetguisettings` option is used `./` | `guisettings.ini.bak` | Backup of former [GUI settings](#gui-settings) after `-resetguisettings` option is used
`./` | `mempool.dat` | Dump of the mempool's transactions `./` | `mempool.dat` | Dump of the mempool's transactions
`./` | `onion_v3_private_key` | Cached Tor hidden service private key for `-listenonion` option `./` | `onion_v3_private_key` | Cached Tor onion service private key for `-listenonion` option
`./` | `peers.dat` | Peer IP address database (custom format) `./` | `peers.dat` | Peer IP address database (custom format)
`./` | `settings.json` | Read-write settings set through GUI or RPC interfaces, augmenting manual settings from [dash.conf](dash-conf.md). File is created automatically if read-write settings storage is not disabled with `-nosettings` option. Path can be specified with `-settings` option `./` | `settings.json` | Read-write settings set through GUI or RPC interfaces, augmenting manual settings from [dash.conf](dash-conf.md). File is created automatically if read-write settings storage is not disabled with `-nosettings` option. Path can be specified with `-settings` option
`./` | `.cookie` | Session RPC authentication cookie; if used, created at start and deleted on shutdown; can be specified by `-rpccookiefile` option `./` | `.cookie` | Session RPC authentication cookie; if used, created at start and deleted on shutdown; can be specified by `-rpccookiefile` option

View File

@ -1,6 +1,6 @@
# TOR SUPPORT IN DASH CORE # TOR SUPPORT IN DASH CORE
It is possible to run Dash Core as a Tor hidden service, and connect to such services. It is possible to run Dash Core as a Tor onion service, and connect to such services.
The following directions assume you have a Tor proxy running on port 9050. Many The following directions assume you have a Tor proxy running on port 9050. Many
distributions default to having a SOCKS proxy listening on port 9050, but others distributions default to having a SOCKS proxy listening on port 9050, but others
@ -17,12 +17,12 @@ outgoing connections, but more is possible.
-proxy=ip:port Set the proxy server. If SOCKS5 is selected (default), this proxy -proxy=ip:port Set the proxy server. If SOCKS5 is selected (default), this proxy
server will be used to try to reach .onion addresses as well. server will be used to try to reach .onion addresses as well.
-onion=ip:port Set the proxy server to use for Tor hidden services. You do not -onion=ip:port Set the proxy server to use for Tor onion services. You do not
need to set this if it's the same as -proxy. You can use -noonion need to set this if it's the same as -proxy. You can use -noonion
to explicitly disable access to hidden services. to explicitly disable access to onion services.
-listen When using -proxy, listening is disabled by default. If you want -listen When using -proxy, listening is disabled by default. If you want
to run a hidden service (see next section), you'll need to enable to run an onion service (see next section), you'll need to enable
it explicitly. it explicitly.
-connect=X When behind a Tor proxy, you can specify .onion addresses instead -connect=X When behind a Tor proxy, you can specify .onion addresses instead
@ -120,11 +120,11 @@ Note: All these nodes are hosted by masternodehosting.com
## 4. Automatically listen on Tor ## 4. Automatically listen on Tor
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
API, to create and destroy 'ephemeral' hidden services programmatically. API, to create and destroy 'ephemeral' onion services programmatically.
Dash Core has been updated to make use of this. Dash Core has been updated to make use of this.
This means that if Tor is running (and proper authentication has been configured), This means that if Tor is running (and proper authentication has been configured),
Dash Core automatically creates a hidden service to listen on. This will positively Dash Core automatically creates a onion service to listen on. This will positively
affect the number of available .onion nodes. affect the number of available .onion nodes.
This new feature is enabled by default if Dash Core is listening (`-listen`), and This new feature is enabled by default if Dash Core is listening (`-listen`), and
@ -136,7 +136,7 @@ Connecting to Tor's control socket API requires one of two authentication method
configured. It also requires the control socket to be enabled, e.g. put `ControlPort 9051` configured. It also requires the control socket to be enabled, e.g. put `ControlPort 9051`
in `torrc` config file. For cookie authentication the user running dashd must have read in `torrc` config file. For cookie authentication the user running dashd must have read
access to the `CookieAuthFile` specified in Tor configuration. In some cases this is access to the `CookieAuthFile` specified in Tor configuration. In some cases this is
preconfigured and the creation of a hidden service is automatic. If permission problems preconfigured and the creation of an onion service is automatic. If permission problems
are seen with `-debug=tor` they can be resolved by adding both the user running Tor and are seen with `-debug=tor` they can be resolved by adding both the user running Tor and
the user running dashd to the same group and setting permissions appropriately. On the user running dashd to the same group and setting permissions appropriately. On
Debian-based systems the user running dashd can be added to the debian-tor group, Debian-based systems the user running dashd can be added to the debian-tor group,
@ -153,8 +153,8 @@ in the tor configuration file. The hashed password can be obtained with the comm
## 5. Privacy recommendations ## 5. Privacy recommendations
- Do not add anything but Dash Core ports to the hidden service created in section 2. - Do not add anything but Dash Core ports to the onion service created in section 2.
If you run a web service too, create a new hidden service for that. If you run a web service too, create a new onion service for that.
Otherwise it is trivial to link them, which may reduce privacy. Hidden Otherwise it is trivial to link them, which may reduce privacy. Onion
services created automatically (as in section 3) always have only one port services created automatically (as in section 3) always have only one port
open. open.

View File

@ -573,13 +573,13 @@ void SetupServerArgs(NodeContext& node)
argsman.AddArg("-externalip=<ip>", "Specify your own public address", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-externalip=<ip>", "Specify your own public address", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-forcednsseed", strprintf("Always query for peer addresses via DNS lookup (default: %u)", DEFAULT_FORCEDNSSEED), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-forcednsseed", strprintf("Always query for peer addresses via DNS lookup (default: %u)", DEFAULT_FORCEDNSSEED), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-listen", "Accept connections from outside (default: 1 if no -proxy or -connect)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-listen", "Accept connections from outside (default: 1 if no -proxy or -connect)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-listenonion", strprintf("Automatically create Tor hidden service (default: %d)", DEFAULT_LISTEN_ONION), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-listenonion", strprintf("Automatically create Tor onion service (default: %d)", DEFAULT_LISTEN_ONION), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-maxconnections=<n>", strprintf("Maintain at most <n> connections to peers (temporary service connections excluded) (default: %u)", DEFAULT_MAX_PEER_CONNECTIONS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-maxconnections=<n>", strprintf("Maintain at most <n> connections to peers (temporary service connections excluded) (default: %u)", DEFAULT_MAX_PEER_CONNECTIONS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-maxreceivebuffer=<n>", strprintf("Maximum per-connection receive buffer, <n>*1000 bytes (default: %u)", DEFAULT_MAXRECEIVEBUFFER), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-maxreceivebuffer=<n>", strprintf("Maximum per-connection receive buffer, <n>*1000 bytes (default: %u)", DEFAULT_MAXRECEIVEBUFFER), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-maxsendbuffer=<n>", strprintf("Maximum per-connection send buffer, <n>*1000 bytes (default: %u)", DEFAULT_MAXSENDBUFFER), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-maxsendbuffer=<n>", strprintf("Maximum per-connection send buffer, <n>*1000 bytes (default: %u)", DEFAULT_MAXSENDBUFFER), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-maxtimeadjustment", strprintf("Maximum allowed median peer time offset adjustment. Local perspective of time may be influenced by peers forward or backward by this amount. (default: %u seconds)", DEFAULT_MAX_TIME_ADJUSTMENT), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-maxtimeadjustment", strprintf("Maximum allowed median peer time offset adjustment. Local perspective of time may be influenced by peers forward or backward by this amount. (default: %u seconds)", DEFAULT_MAX_TIME_ADJUSTMENT), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-maxuploadtarget=<n>", strprintf("Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: %d)", DEFAULT_MAX_UPLOAD_TARGET), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-maxuploadtarget=<n>", strprintf("Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: %d)", DEFAULT_MAX_UPLOAD_TARGET), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-onion=<ip:port>", "Use separate SOCKS5 proxy to reach peers via Tor hidden services, set -noonion to disable (default: -proxy)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-onion=<ip:port>", "Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-onlynet=<net>", "Make outgoing connections only through network <net> (ipv4, ipv6 or onion). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-onlynet=<net>", "Make outgoing connections only through network <net> (ipv4, ipv6 or onion). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);

View File

@ -703,10 +703,10 @@
<item> <item>
<widget class="QCheckBox" name="connectSocksTor"> <widget class="QCheckBox" name="connectSocksTor">
<property name="toolTip"> <property name="toolTip">
<string>Connect to the Dash network through a separate SOCKS5 proxy for Tor hidden services.</string> <string>Connect to the Dash network through a separate SOCKS5 proxy for Tor onion services.</string>
</property> </property>
<property name="text"> <property name="text">
<string>Use separate SOCKS&amp;5 proxy to reach peers via Tor hidden services:</string> <string>Use separate SOCKS&amp;5 proxy to reach peers via Tor onion services:</string>
</property> </property>
</widget> </widget>
</item> </item>

View File

@ -413,7 +413,7 @@ static bool WriteBinaryFile(const fs::path &filename, const std::string &data)
/****** Bitcoin specific TorController implementation ********/ /****** Bitcoin specific TorController implementation ********/
/** Controller that connects to Tor control socket, authenticate, then create /** Controller that connects to Tor control socket, authenticate, then create
* and maintain an ephemeral hidden service. * and maintain an ephemeral onion service.
*/ */
class TorController class TorController
{ {
@ -545,7 +545,7 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply&
if (private_key.empty()) { // No private key, generate one if (private_key.empty()) { // No private key, generate one
private_key = "NEW:ED25519-V3"; // Explicitly request key type - see issue #9214 private_key = "NEW:ED25519-V3"; // Explicitly request key type - see issue #9214
} }
// Request hidden service, redirect port. // Request onion service, redirect port.
// Note that the 'virtual' port is always the default port to avoid decloaking nodes using other ports. // Note that the 'virtual' port is always the default port to avoid decloaking nodes using other ports.
_conn.Command(strprintf("ADD_ONION %s Port=%i,%s", private_key, Params().GetDefaultPort(), m_target.ToStringIPPort()), _conn.Command(strprintf("ADD_ONION %s Port=%i,%s", private_key, Params().GetDefaultPort(), m_target.ToStringIPPort()),
std::bind(&TorController::add_onion_cb, this, std::placeholders::_1, std::placeholders::_2)); std::bind(&TorController::add_onion_cb, this, std::placeholders::_1, std::placeholders::_2));