foster/bitcoin-bitcoin-core
0
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-02-07 10:27:47 -05:00
Code Issues Activity

Merge 5e3fa6758b into 85f96b01b7

Browse source
This commit is contained in:
stratospher 2025-02-01 00:05:21 +01:00 committed by GitHub
commit 019e93fba5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 48 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/init.cpp
View file

@ -547,6 +547,7 @@ void SetupServerArgs(ArgsManager& argsman, bool can_listen_ipc)
argsman.AddArg("-i2pacceptincoming", strprintf("Whether to accept inbound I2P connections (default: %i). Ignored if -i2psam is not set. Listening for inbound I2P connections is done through the SAM proxy, not by binding to a local address and port.", DEFAULT_I2P_ACCEPT_INCOMING), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-onlynet=<net>", "Make automatic outbound connections only to network <net> (" + Join(GetNetworkNames(), ", ") + "). Inbound and manual connections are not affected by this option. It can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-v2transport", strprintf("Support v2 transport (default: %u)", DEFAULT_V2_TRANSPORT), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-v2onlyclearnet", strprintf("Disallow outbound v1 connections on IPV4/IPV6 (default: %u). Enable this option only if you really need it. Use -listen=0 to disable inbound connections since they can be unencrypted.", false), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
argsman.AddArg("-txreconciliation", strprintf("Enable transaction reconciliations per BIP 330 (default: %d)", DEFAULT_TXRECONCILIATION_ENABLE), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::CONNECTION);
@ -930,6 +931,8 @@ bool AppInitParameterInteraction(const ArgsManager& args)
// Signal NODE_P2P_V2 if BIP324 v2 transport is enabled.
if (args.GetBoolArg("-v2transport", DEFAULT_V2_TRANSPORT)) {
g_local_services = ServiceFlags(g_local_services | NODE_P2P_V2);
} else if (args.GetBoolArg("-v2onlyclearnet", false)) {
return InitError(_("Cannot set -v2onlyclearnet to true when v2transport is disabled."));
}
// Signal NODE_COMPACT_FILTERS if peerblockfilters and basic filters index are both enabled.
@ -1874,6 +1877,7 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
connOptions.m_peer_connect_timeout = peer_connect_timeout;
connOptions.whitelist_forcerelay = args.GetBoolArg("-whitelistforcerelay", DEFAULT_WHITELISTFORCERELAY);
connOptions.whitelist_relay = args.GetBoolArg("-whitelistrelay", DEFAULT_WHITELISTRELAY);
connOptions.disable_v1conn_clearnet = args.GetBoolArg("-v2onlyclearnet", false);
// Port to bind to if `-bind=addr` is provided without a `:port` suffix.
const uint16_t default_bind_port =

10
src/net.cpp
View file

@ -459,6 +459,9 @@ CNode* CConnman::ConnectNode(CAddress addrConnect, const char *pszDest, bool fCo
std::unique_ptr<i2p::sam::Session> i2p_transient_session;
for (auto& target_addr: connect_to) {
if (DisableV1OnClearnet(target_addr.GetNetClass()) && !use_v2transport) {
continue;
}
if (target_addr.IsValid()) {
const bool use_proxy{GetProxy(target_addr.GetNetwork(), proxy)};
bool proxyConnectionFailed = false;
@ -1909,7 +1912,7 @@ void CConnman::DisconnectNodes()
// Add to reconnection list if appropriate. We don't reconnect right here, because
// the creation of a connection is a blocking operation (up to several seconds),
// and we don't want to hold up the socket handler thread for that long.
if (pnode->m_transport->ShouldReconnectV1()) {
if (pnode->m_transport->ShouldReconnectV1() && !DisableV1OnClearnet(pnode->addr.GetNetClass())) {
reconnections_to_add.push_back({
.addr_connect = pnode->addr,
.grant = std::move(pnode->grantOutbound),
@ -2472,6 +2475,11 @@ bool CConnman::MultipleManualOrFullOutboundConns(Network net) const
return m_network_conn_counts[net] > 1;
}
bool CConnman::DisableV1OnClearnet(Network net) const
{
return disable_v1conn_clearnet && (net == NET_IPV4 || net == NET_IPV6);
}
bool CConnman::MaybePickPreferredNetwork(std::optional<Network>& network)
{
std::array<Network, 5> nets{NET_IPV4, NET_IPV6, NET_ONION, NET_I2P, NET_CJDNS};

12
src/net.h
View file

@ -1078,6 +1078,7 @@ public:
bool m_i2p_accept_incoming;
bool whitelist_forcerelay = DEFAULT_WHITELISTFORCERELAY;
bool whitelist_relay = DEFAULT_WHITELISTRELAY;
bool disable_v1conn_clearnet = false;
};
void Init(const Options& connOptions) EXCLUSIVE_LOCKS_REQUIRED(!m_added_nodes_mutex, !m_total_bytes_sent_mutex)
@ -1115,6 +1116,7 @@ public:
m_onion_binds = connOptions.onion_binds;
whitelist_forcerelay = connOptions.whitelist_forcerelay;
whitelist_relay = connOptions.whitelist_relay;
disable_v1conn_clearnet = connOptions.disable_v1conn_clearnet;
}
CConnman(uint64_t seed0, uint64_t seed1, AddrMan& addrman, const NetGroupManager& netgroupman,
@ -1272,6 +1274,9 @@ public:
bool MultipleManualOrFullOutboundConns(Network net) const EXCLUSIVE_LOCKS_REQUIRED(m_nodes_mutex);
/* Returns true if outbound v1 connections need to be disabled on IPV4/IPV6 network. */
bool DisableV1OnClearnet(Network net) const;
private:
struct ListenSocket {
public:
@ -1591,6 +1596,13 @@ private:
*/
bool whitelist_relay;
/**
* option for disabling outbound v1 connections on IPV4 and IPV6.
* outbound connections on IPV4/IPV6 need to be v2 connections.
* outbound connections on Tor/I2P/CJDNS can be v1 or v2 connections.
*/
bool disable_v1conn_clearnet;
/**
* Mutex protecting m_i2p_sam_sessions.
*/

23
test/functional/p2p_v2_encrypted.py
View file

@ -18,8 +18,10 @@ from test_framework.util import (
assert_equal,
assert_greater_than,
check_node_connections,
p2p_port,
)
from test_framework.crypto.chacha20 import REKEY_INTERVAL
from test_framework.socks5 import Socks5Configuration, Socks5Server
class P2PEncrypted(BitcoinTestFramework):
@ -129,6 +131,27 @@ class P2PEncrypted(BitcoinTestFramework):
assert_equal(node0.getpeerinfo()[-1]["transport_protocol_type"], "v1")
check_node_connections(node=node0, num_in=1, num_out=0)
conf = Socks5Configuration()
conf.auth = True
conf.unauth = True
conf.addr = ('127.0.0.1', p2p_port(self.num_nodes))
conf.keep_alive = True
proxy = Socks5Server(conf)
proxy.start()
args = ['-listen', f'-proxy={conf.addr[0]}:{conf.addr[1]}', '-proxyrandomize=0', '-v2onlyclearnet=1', '-v2transport=1']
self.restart_node(0, extra_args=args)
self.log.info("Test -v2onlyclearnet=1 behaviour")
self.log.info("Check that outbound v2 connection to an ipv4 peer is successful")
node0.addnode("15.61.23.23:1234", "onetry", True)
assert_equal(node0.getpeerinfo()[-1]["addr"], "15.61.23.23:1234")
self.log.info("Check that outbound v1 connection to an ipv4 peer is unsuccessful")
node0.addnode("8.8.8.8:1234", "onetry", False)
assert all(peer["addr"] != "8.8.8.8:1234" for peer in node0.getpeerinfo())
self.log.info("Check that outbound v1 connection to an onion peer is successful")
addr = "pg6mmjiyjmcrsslvykfwnntlaru7p5svn6y2ymmju6nubxndf4pscryd.onion:8333"
node0.addnode(addr, "onetry", False)
assert_equal(node0.getpeerinfo()[-1]["addr"], addr)
if __name__ == '__main__':
P2PEncrypted(__file__).main()