doc: tor.md updates #19961
doc: tor.md updates #19961
Conversation
|
Pls feel free to grab from 654dc04 Then I can strip this from #19358 and rename that and re push Since we until now notoriously in disrespect override the users wished settings with the defaults in torcontrol. PR #19358 should be applied or tor.md doc changed to reflect that footgun. |
|
@Saibato thanks, I'll look at testing and pulling in that commit. In any case I need to verify and improve this draft. @RiccardoMasutti thanks. |
doc/tor.md
Outdated
| -externalip=X You can tell bitcoin about its publicly reachable addresses | ||
| using this option, and this can be a .onion address. Given | ||
| the above configuration, you can find your .onion address in | ||
| /var/lib/tor/bitcoin-service/hostname. For connections |
There was a problem hiding this comment.
When a hidden service is created via tor-control, /var/lib/tor/bitcoin-service/hostname is not created (credits to @vasild).
There was a problem hiding this comment.
But this new text reads:
Given the above configuration ...
and just a few lines above it says how to configure the hidden service via torrc:
HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServicePort 8333 127.0.0.1:8333
HiddenServicePort 18333 127.0.0.1:18333
So it is ok to mention /var/lib/tor/bitcoin-service/hostname.
I would suggest to drop the last line HiddenServicePort 18333 127.0.0.1:18333 because it is for testnet and also to add HiddenServiceVersion 3 so that the tor daemon creates a v3 service:
HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServiceVersion 3
HiddenServicePort 8333 127.0.0.1:8333
There was a problem hiding this comment.
Does bitcoind configure its onion service via torrc?
There was a problem hiding this comment.
#19961 (comment)
Even given the above configuration, you make a point to consider we are talking about the operation of the parameter.
If the hidden service is created via tor-control and you need to discover it please check you debug.log for lines similar to the following, it should automatically be added as AddLocal
2020-08-11T13:42:26Z tor: Got service ID {random_service}, advertising service {random_service}.onion:8333
2020-08-11T13:42:26Z AddLocal({random_service}.onion:8333,4)
|
Maybe split the white-space changes in a separate commit to ease further reviewers. |
|
Thanks everyone for the feedback. There are quite a few updates to do to bring this doc up-to-date. Will bring it out of draft status soon. |
|
Thanks for taking this on! My concern is that the doc doesn't really help the most common end users.
This is nonsense/scary to most people. This ultimately means that most users either don't end up enabling Hidden Services, or have to go to other websites/tutorials to do so (which could be giving them wrong information). I think our docs could do a much better job explaining to the layperson how to do so. |
|
I have a number of updates written that I haven't yet pushed. My concern is that they are changing too much and will discourage review and not be merged. It's on my list to scale them down and push soon. |
Agree. I think adding screenshots and examples could help. |
I don't know if a tutorial for non-technical people is the kind of doc that should be in the source code repository, but it is indeed beyond the scope of what I planned to propose (which I'm scaling down to be reviewable). |
|
@jonatack That makes sense. Maybe that's something I'll work on updating for the BitcoinWiki after the recent tor/GUI changes get merged. |
a326956 to
bd85caf
Compare
|
Updated. If everyone can review today, maybe this can still be in 0.21 as rc4 is being finalised. It may be easiest to review each commit separately. Happy to drop the last commit if it's too much to review. |
|
I also recommend viewing the diff by clicking on the "Display the rich diff" button at top right. |
bd85caf to
af2d40b
Compare
|
@jonatack |
doc/tor.md
Outdated
| than onion you *cannot* disable onion connections; outgoing onion | ||
| connections will be enabled when you use -proxy or -onion. Use | ||
| -noonion or -onion=0 if you want to be sure there are no outbound | ||
| onion connections over the default proxy or your defined -proxy. |
There was a problem hiding this comment.
Does this mean onlynet=ipv4 onion=0 does not disable onion connections? This seems confusing.
-noonion or onion=0 is always needed to explicitly disable outbound onion access, as described in the -proxy and onion section?
There was a problem hiding this comment.
(I missed this last commit, glad you asked for the clarification. I ACKd 42e6180)
There was a problem hiding this comment.
Does this mean onlynet=ipv4 onion=0 does not disable onion connections? This seems confusing.
Yes and No , a default fallback outbound pure .onion not IP name resolving proxy just for onion address will be created by default even without -proxy definition if ̶o̶n̶i̶o̶n̶!̶=̶0̶ ̶ ̶ to be precise if -onion== "" and regardless of -onlynet= if -listenonion=1 ( default) if the inbound Tor onion service could be created successfully by the ever polling torcontroller in bitcoind (What creates your advertised Tor address created by bitcoind independent of what onion services defined in torrc ) The idea was, (i guess) if that is successfully to create also an outbound proxy to reach Tor onion nodes.
So suppose u have a running bitcoind daemon and edit at some point just torrc to allow the control port or start the Tor service, bitcoind does if -listeonion=1 permanent poll for such changes and instantly creates on the fly an inbound onion address and an outbound proxy. So if u want to be sure that the outbound default proxy is disabled since u want i.e. just ipv4 set -noonion since -onlynet=ipv4 wont do that and please note the inbound Tor is created regardless of that if -listenonion=1 what is the default.
If that is a desired way to act depends, fixes or changes to that are not merged yet and at least that's the way it is and its now documented so that users are aware of that.
There was a problem hiding this comment.
@jonatack did edit the comment text to be more precise, so please review ur thumbs up ;-)
There was a problem hiding this comment.
There was a problem hiding this comment.
@Rspigler tyi, only explicit -nonion or -onion=0 can prevent outbound onion connections, solely -onllynet=pv4/ipv6 is not sufficient to disable that.
that what is said in the PR now dropped.
Please use -noonion or -onion=0 if you want to be sure to have no
outbound onion connections over the default proxy or your defined proxy..
654dc04#diff-a33b1b15efbc14c65460ef7a883b530ca52144a4f06642e4a188351d959f9894R42
So please be so kind to hint what was misunderstanding in this wording that u came to the conclusion that -onion=0 would not prevent all outbound onion connections so that we can adapt that in followup PR
There was a problem hiding this comment.
@Saibato thanks for the explanation/edits. Although now dropped, would ACK in a new PR
doc/tor.md
Outdated
| ipv4, ipv6 or onion. If you use this option with values other | ||
| than onion you *cannot* disable onion connections; outgoing onion | ||
| connections will be enabled when you use -proxy or -onion. Use | ||
| -noonion or -onion=0 if you want to be sure there are no outbound | ||
| onion connections over the default proxy or your defined -proxy. |
There was a problem hiding this comment.
Huh! :-( This is indeed a strange behavior, but I think something like the following belongs to bitcoind -help rather than doc/tor.md:
If -onlynet= is used with other networks and -onlynet=onion is not among them, but -onion= or -proxy is provided then outbound onion connections will still be made! Use -noonion or -onion=0 to disable outbound onion connections in this case.
Given that this is a guide on how to enable and configure Tor, not how to disable it, I would suggest to drop the last part and leave it to just:
-onlynet=onion Make outgoing connections only to .onion addresses. Incoming
connections are not affected by this option.
There was a problem hiding this comment.
Dropped the commit completely.
There was a problem hiding this comment.
-onlynet=onion Make outgoing connections only to .onion addresses. Incoming
connections are not affected by this option.
I guess its hard to grasp and i was 🤦♀️ too when i stumbled about, but what we believed the code does from src comments or doc and almost any post i am aware about bitcoin and Tor and social media is
not what really happens when assuming option do what they say and u follow the docs.
only -noonion or -onion=0 can prevent that, onlynet= is buggy since #7553 (2016)
Similar but also fact is that although seeders are not called directly in IP if the DNS returns are random that is not the case when bootstrap over Tor here the seeders have full control and can be sure ( or ther MITM'S or proxys) that the first entry in the DNS return a exit gets will be called since socks5 works that way all seeders ( or what they want to be called ) will be called in a distinct sequence over exist and then ADDR gossip that is highly disturbing give the timing correlation bogus Tor relays and exits can do.
Tacking in account that all that happens and wrong configured at bootstrap at least once, pure Tor nodes are quite f***ed if they not aware.
There was a problem hiding this comment.
Brought back the commits and added also to the -onlynet help in #20757, please add suggestions or ACKs there.
3985828 to
a34eceb
Compare
|
Dropped the last two commits to reduce the scope to have this merged in time for rc4. I think they were good but they can be proposed in another PR. Can everyone please ACK? |
|
ACK a34eceb |
|
ACK a34eceb |
Github-Pull: bitcoin#19961 Rebased-From: e1765d8
Github-Pull: bitcoin#19961 Rebased-From: dc8a591
Github-Pull: bitcoin#19961 Rebased-From: a34eceb
|
Post-merge ACK a34eceb |
|
FYI: There is a reviewed tutorial here for using Bitcoin Core with Tor that seems to have a permalink, albeit the tutorial deliberately steps over many things in Tor that a user could benefit from having a detailed explanation of, such as participation in the tor network, https://bitcoin.stackexchange.com/q/70069/75001 |
193f9a9 doc: update tor.md manual config, move after automatic config (Jon Atack) 9af99b6 doc: update/improve automatic tor section of tor.md (Jon Atack) dfc4ce1 doc: update -proxy, -onion and -onlynet info in tor.md (saibato) 784a278 doc: update -onlynet help in src/init.cpp (Jon Atack) Pull request description: This continues the tor documentation and help improvements of #19961 and clarifies issues that contributors have been mentioning and noticing, like in bitcoin/bitcoin#20555 (comment). More info: - bitcoin/bitcoin#19961 (comment) - bitcoin/bitcoin#19961 (comment) ACKs for top commit: Rspigler: ACK 193f9a9 prayank23: ACK bitcoin/bitcoin@193f9a9 bitcoin/bitcoin@9af99b6 bitcoin/bitcoin@dfc4ce1 Tree-SHA512: edb1b776c4624e1c2e30d829511c226a6492b719f5d1aaaeee1eaade47c108a99c09004d13a05f70b2d65f36db3db647902b5ea36807a87065f34acade33ccea
Combination of upstream's bitcoin#19961, bitcoin#21753 and bitcoin#22172
Combination of upstream's bitcoin#19961, bitcoin#21753 and bitcoin#22172
Combination of upstream's bitcoin#19961, bitcoin#21753 and bitcoin#22172
Combination of upstream's bitcoin#19961, bitcoin#21753 and bitcoin#22172
Combination of upstream's bitcoin#19961, bitcoin#21753 and bitcoin#22172
Combination of upstream's bitcoin#19961, bitcoin#21753 and bitcoin#22172
Combination of upstream's bitcoin#19961, bitcoin#21753 and bitcoin#22172
Combination of upstream's bitcoin#19961, bitcoin#21753 and bitcoin#22172
Summary: > doc: update tor.md address examples from onion v2 to v3 > doc: add tor.md section on how to get tor info via bitcoind > doc: update -externalip documentation in tor.md This is a backport of [[bitcoin/bitcoin#19961 | core#19961]] Test Plan: proofreading Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D11031
It looks like
doc/tor.mdcould use some updates and improvements, not only for Tor v3, but also for setting multiple addresses with-externalip(see the conversation from http://www.erisian.com.au/bitcoin-core-dev/log-2020-09-16.html#l-39), how to see information about your Tor config via Bitcoin Core, and other improvements.Closes #19924.