net: respect -onlynet= when making outbound connections

vasild · vasild · commit 46a9a797f169 · 2021-09-03T18:16:06.000+02:00
Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes bitcoin#13378 Fixes bitcoin#22647 Supersedes bitcoin#22651
diff --git a/doc/i2p.md b/doc/i2p.md
@@ -67,11 +67,7 @@ logging` for more information.
 
 Make outgoing connections only to I2P addresses. Incoming connections are not
 affected by this option. It can be specified multiple times to allow multiple
-network types, e.g. onlynet=ipv4, onlynet=ipv6, onlynet=onion, onlynet=i2p.
-
-Warning: if you use -onlynet with values other than onion, and the -onion or
--proxy option is set, then outgoing onion connections will still be made; use
--noonion or -onion=0 to disable outbound onion connections in this case.
+network types, e.g. onlynet=onion, onlynet=i2p.
 
 I2P support was added to Bitcoin Core in version 22.0 and there may be fewer I2P
 peers than Tor or IP ones. Therefore, using I2P alone without other networks may
diff --git a/doc/tor.md b/doc/tor.md
@@ -57,11 +57,7 @@ outgoing connections, but more is possible.
     -onlynet=onion  Make outgoing connections only to .onion addresses. Incoming
                     connections are not affected by this option. This option can be
                     specified multiple times to allow multiple network types, e.g.
-                    onlynet=ipv4, onlynet=ipv6, onlynet=onion, onlynet=i2p.
-                    Warning: if you use -onlynet with values other than onion, and
-                    the -onion or -proxy option is set, then outgoing onion
-                    connections will still be made; use -noonion or -onion=0 to
-                    disable outbound onion connections in this case.
+                    onlynet=onion, onlynet=i2p.
 
 In a typical situation, this suffices to run behind a Tor proxy:
 
diff --git a/src/init.cpp b/src/init.cpp
@@ -437,7 +437,7 @@ void SetupServerArgs(ArgsManager& argsman)
     argsman.AddArg("-onion=<ip:port>", "Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
     argsman.AddArg("-i2psam=<ip:port>", "I2P SAM proxy to reach I2P peers and accept I2P connections (default: none)", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
     argsman.AddArg("-i2pacceptincoming", "If set and -i2psam is also set then incoming I2P connections are accepted via the SAM proxy. If this is not set but -i2psam is set then only outgoing connections will be made to the I2P network. Ignored if -i2psam is not set. Listening for incoming I2P connections is done through the SAM proxy, not by binding to a local address and port (default: 1)", ArgsManager::ALLOW_BOOL, OptionsCategory::CONNECTION);
-    argsman.AddArg("-onlynet=<net>", "Make outgoing connections only through network <net> (" + Join(GetNetworkNames(), ", ") + "). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks. Warning: if it is used with non-onion networks and the -onion or -proxy option is set, then outbound onion connections will still be made; use -noonion or -onion=0 to disable outbound onion connections in this case.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
+    argsman.AddArg("-onlynet=<net>", "Make automatic outgoing connections only through network <net> (" + Join(GetNetworkNames(), ", ") + "). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
     argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
     argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
     argsman.AddArg("-permitbaremultisig", strprintf("Relay non-P2SH multisig (default: %u)", DEFAULT_PERMIT_BAREMULTISIG), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
@@ -1238,6 +1238,9 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
                 SetReachable(net, false);
         }
     }
+    // Automatic outbound connections are restricted to some networks (-onlynet)
+    // and the Tor network is not among the allowed ones.
+    const bool onion_restricted{!IsReachable(NET_ONION)};
 
     // Check for host lookup allowed before parsing any network related parameters
     fNameLookup = args.GetBoolArg("-dns", DEFAULT_NAME_LOOKUP);
@@ -1261,7 +1264,9 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
         SetProxy(NET_IPV6, addrProxy);
         SetProxy(NET_ONION, addrProxy);
         SetNameProxy(addrProxy);
-        SetReachable(NET_ONION, true); // by default, -proxy sets onion as reachable, unless -noonion later
+        if (!onion_restricted) {
+            SetReachable(NET_ONION, true); // by default, -proxy sets onion as reachable, unless -noonion later
+        }
     }
 
     // -onion can be used to set only a proxy for .onion, or override normal proxy for .onion addresses
@@ -1270,6 +1275,11 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
     std::string onionArg = args.GetArg("-onion", "");
     if (onionArg != "") {
         if (onionArg == "0") { // Handle -noonion/-onion=0
+            if (args.IsArgSet("-onlynet") && IsReachable(NET_ONION)) {
+                return InitError(
+                    _("Outbound connections restricted to Tor (-onlynet=onion) but the proxy for "
+                      "reaching the Tor network is not provided (-onion=0)"));
+            }
             SetReachable(NET_ONION, false);
         } else {
             CService onionProxy;
@@ -1280,7 +1290,9 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
             if (!addrOnion.IsValid())
                 return InitError(strprintf(_("Invalid -onion address or hostname: '%s'"), onionArg));
             SetProxy(NET_ONION, addrOnion);
-            SetReachable(NET_ONION, true);
+            if (!onion_restricted) {
+                SetReachable(NET_ONION, true);
+            }
         }
     }
 
@@ -1791,7 +1803,6 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
         if (!Lookup(i2psam_arg, addr, 7656, fNameLookup) || !addr.IsValid()) {
             return InitError(strprintf(_("Invalid -i2psam address or hostname: '%s'"), i2psam_arg));
         }
-        SetReachable(NET_I2P, true);
         SetProxy(NET_I2P, proxyType{addr});
     } else {
         SetReachable(NET_I2P, false);
diff --git a/src/torcontrol.cpp b/src/torcontrol.cpp
@@ -379,7 +379,6 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply&
             CService resolved(LookupNumeric("127.0.0.1", 9050));
             proxyType addrOnion = proxyType(resolved, true);
             SetProxy(NET_ONION, addrOnion);
-            SetReachable(NET_ONION, true);
         }
 
         // Finally - now create the service

Original file line number	Diff line number	Diff line change
`@@ -379,7 +379,6 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply&`
`379`	`379`	`CService resolved(LookupNumeric("127.0.0.1", 9050));`
`380`	`380`	`proxyType addrOnion = proxyType(resolved, true);`
`381`	`381`	`SetProxy(NET_ONION, addrOnion);`
`382`		`- SetReachable(NET_ONION, true);`
`383`	`382`	`}`
`384`	`383`
`385`	`384`	`// Finally - now create the service`