torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently #15651
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsNo conflicts as of last run. |
…ices, even if the internal port is set differently Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.
3961fb2 to
8a26567
Compare
|
Concept ACK Are there additional decloaking vectors that could be worth fixing? |
|
This sounds okay to me but it will remain trivial to link HS nodes with their non-HS addresses, we should document that clearly. (for example, hand a node a orphan txn on one identity then observe that it won't getdata the same txid on another) |
|
utACK 8a26567 |
|
utACK 8a26567 |
|
Would there be any reason to make it user-configurable? Could the port collide with something else? Does this need release notes? |
|
@MarcoFalke This is only for the dedicated hidden service we create, so no, nothing else can use it. The only reason for release notes would be if the privacy leak is serious enough to warrant an advisory; but IIRC this is only one of multiple ways to tie a Tor node to a clearnet node, so probably not. |
|
I think this is fine. There will be a slight service interruption due to this due to the new address needing to be propagated, but always using the "standard" virtual port by default makes perfect sense, there's no resource contention in Tor and need to deviate from that. I don't think release notes are necessary. The user can already configure it by setting up their own Tor hidden service. I don't think it's worth to add an option for it. utACK 8a26567 |
laanwj
added a commit
that referenced
this pull request
Jun 18, 2019
…or hidden services, even if the internal port is set differently 8a26567 torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently (Luke Dashjr) Pull request description: Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. ACKs for top commit: practicalswift: utACK 8a26567 naumenkogs: utACK 8a26567 laanwj: utACK 8a26567 Tree-SHA512: 737c8da4f7c3f0bb22a338647d357987f5808156e3f38864168d0d8c2e2b171160812f7da4de11eef602902b304e357d76052950b72d7b3b83535b0fdd05fadc
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Jun 19, 2019
…t for Tor hidden services, even if the internal port is set differently 8a26567 torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently (Luke Dashjr) Pull request description: Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. ACKs for top commit: practicalswift: utACK 8a26567 naumenkogs: utACK 8a26567 laanwj: utACK 8a26567 Tree-SHA512: 737c8da4f7c3f0bb22a338647d357987f5808156e3f38864168d0d8c2e2b171160812f7da4de11eef602902b304e357d76052950b72d7b3b83535b0fdd05fadc
luke-jr
added a commit
to luke-jr/bitcoin
that referenced
this pull request
Aug 23, 2019
…ices, even if the internal port is set differently Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. Github-Pull: bitcoin#15651 Rebased-From: 8a26567
Merged
fanquake
pushed a commit
to fanquake/bitcoin
that referenced
this pull request
Aug 24, 2019
…ices, even if the internal port is set differently Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. Github-Pull: bitcoin#15651 Rebased-From: 8a26567
fanquake
pushed a commit
to fanquake/bitcoin
that referenced
this pull request
Sep 23, 2019
…ices, even if the internal port is set differently Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. Github-Pull: bitcoin#15651 Rebased-From: 8a26567
laanwj
added a commit
that referenced
this pull request
Nov 25, 2019
0b18ea6 util: Filter control characters out of log messages (Wladimir J. van der Laan) ac30fc4 build: Factor out qt translations from build system (Wladimir J. van der Laan) 3b8af5f build: update boost macros to latest upstream (fanquake) b12defc Test that joinpsbts randomly shuffles the inputs (Andrew Chow) eb07d22 Shuffle inputs and outputs after joining psbts (Andrew Chow) 1175410 addrdb: Remove temporary files created in SerializeFileDB. Fixes non-determinism in unit tests. (practicalswift) c52dd12 Handle the result of posix_fallocate system call (Luca Venturini) f792b25 torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently (Luke Dashjr) 9fe8d28 Bugfix: QA: Run tests with UPnP disabled (Luke Dashjr) 1d12e52 Add vertical spacer (Josu Goñi) d764141 depends: add patch to common dependencies (fanquake) 56815e9 Give QApplication dummy arguments (Andrew Chow) 9d389d0 util: No translation of `Bitcoin Core` in the copyright (MarcoFalke) 87908e9 scripted-diff: Avoid passing PACKAGE_NAME for translation (MarcoFalke) a44e18f build: Stop translating PACKAGE_NAME (MarcoFalke) 7bd8f4e rpc: Fix getblocktemplate CLI example (#16594) (Emil Engler) 1cc06a1 doc: Fix typos in COPYRIGHT (Chuf) Pull request description: Backports some commits to the `0.18` branch: * #16596 - rpc: Fix getblocktemplate CLI example * #16615 - doc: Fix typos in COPYRIGHT * #16291 - gui: Stop translating PACKAGE_NAME (without the `make translate` commit) * #16578 - Do not pass in command line arguments to QApplication * #16051 - depends: add patch to common dependencies * #16090 - Add vertical spacer * #15651 - torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently * #15650 - Handle the result of posix_fallocate system call * #16646 - Bugfix: QA: Run tests with UPnP disabled * #16212 - addrdb: Remove temporary files created in SerializeFileDB. Fixes non-determinism in unit tests. * #16512 - rpc: Shuffle inputs and outputs after joining psbts * #16870 - build: update boost macros to latest upstream for improved error reporting * #16982 - build: Factor out qt translations from build system * #17095 - util: Filter control characters out of log messages ACKs for top commit: laanwj: ACK 0b18ea6 Tree-SHA512: 37f0e5afc20975f4d1506e8662eda2ae0125f2f424a852818b5af2c3b8db78fc1c365b83571aa80ca63c885ca314302190b891a50ff3851fda9b9238455a5627
jasonbcox
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Nov 11, 2020
…ices, even if the internal port is set differently Summary: PR description: > Currently, the hidden service is published on the same port as the public listening port. > But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. This is a backport of Core [[bitcoin/bitcoin#15651 | PR15651]] Test Plan: `ninja all check-all` Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8368
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 25, 2021
…t for Tor hidden services, even if the internal port is set differently 8a26567 torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently (Luke Dashjr) Pull request description: Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. ACKs for top commit: practicalswift: utACK 8a26567 naumenkogs: utACK 8a26567 laanwj: utACK 8a26567 Tree-SHA512: 737c8da4f7c3f0bb22a338647d357987f5808156e3f38864168d0d8c2e2b171160812f7da4de11eef602902b304e357d76052950b72d7b3b83535b0fdd05fadc
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 25, 2021
…t for Tor hidden services, even if the internal port is set differently 8a26567 torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently (Luke Dashjr) Pull request description: Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. ACKs for top commit: practicalswift: utACK 8a26567 naumenkogs: utACK 8a26567 laanwj: utACK 8a26567 Tree-SHA512: 737c8da4f7c3f0bb22a338647d357987f5808156e3f38864168d0d8c2e2b171160812f7da4de11eef602902b304e357d76052950b72d7b3b83535b0fdd05fadc
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 25, 2021
…t for Tor hidden services, even if the internal port is set differently 8a26567 torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently (Luke Dashjr) Pull request description: Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. ACKs for top commit: practicalswift: utACK 8a26567 naumenkogs: utACK 8a26567 laanwj: utACK 8a26567 Tree-SHA512: 737c8da4f7c3f0bb22a338647d357987f5808156e3f38864168d0d8c2e2b171160812f7da4de11eef602902b304e357d76052950b72d7b3b83535b0fdd05fadc
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 26, 2021
…t for Tor hidden services, even if the internal port is set differently 8a26567 torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently (Luke Dashjr) Pull request description: Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node. ACKs for top commit: practicalswift: utACK 8a26567 naumenkogs: utACK 8a26567 laanwj: utACK 8a26567 Tree-SHA512: 737c8da4f7c3f0bb22a338647d357987f5808156e3f38864168d0d8c2e2b171160812f7da4de11eef602902b304e357d76052950b72d7b3b83535b0fdd05fadc
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, the hidden service is published on the same port as the public listening port.
But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.