ZMQ: Support UNIX domain sockets #27679
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
|
Concept ACK |
0e2d156 to
a584969
Compare
Relax bot! sheesh. I'm gonna wait until #27375 gets approved |
Waiting for #27375 |
567cec9 doc: add release notes and help text for unix sockets (Matthew Zipkin) bfe5192 test: cover UNIX sockets in feature_proxy.py (Matthew Zipkin) c65c0d0 init: allow UNIX socket path for -proxy and -onion (Matthew Zipkin) c3bd431 gui: accomodate unix socket Proxy in updateDefaultProxyNets() (Matthew Zipkin) a88bf9d i2p: construct Session with Proxy instead of CService (Matthew Zipkin) d9318a3 net: split ConnectToSocket() from ConnectDirectly() for unix sockets (Matthew Zipkin) ac2ecf3 proxy: rename randomize_credentials to m_randomize_credentials (Matthew Zipkin) a89c3f5 netbase: extend Proxy class to wrap UNIX socket as well as TCP (Matthew Zipkin) 3a7d654 net: move CreateSock() calls from ConnectNode() to netbase methods (Matthew Zipkin) 74f568c netbase: allow CreateSock() to create UNIX sockets if supported (Matthew Zipkin) bae86c8 netbase: refactor CreateSock() to accept sa_family_t (Matthew Zipkin) adb3a3e configure: test for unix domain sockets (Matthew Zipkin) Pull request description: Closes #27252 UNIX domain sockets are a mechanism for inter-process communication that are faster than local TCP ports (because there is no need for TCP overhead) and potentially more secure because access is managed by the filesystem instead of serving an open port on the system. There has been work on [unix domain sockets before](#9979) but for now I just wanted to start on this single use-case which is enabling unix sockets from the client side, specifically connecting to a local Tor proxy (Tor can listen on unix sockets and even enforces strict curent-user-only access permission before binding) configured by `-onion=` or `-proxy=` I copied the prefix `unix:` usage from Tor. With this patch built locally you can test with your own filesystem path (example): `tor --SocksPort unix:/Users/matthewzipkin/torsocket/x` `bitcoind -proxy=unix:/Users/matthewzipkin/torsocket/x` Prep work for this feature includes: - Moving where and how we create `sockaddr` and `Sock` to accommodate `AF_UNIX` without disturbing `CService` - Expanding `Proxy` class to represent either a `CService` or a UNIX socket (by its file path) Future work: - Enable UNIX sockets for ZMQ (#27679) - Enable UNIX sockets for I2P SAM proxy (some code is included in this PR but not tested or exposed to user options yet) - Enable UNIX sockets on windows where supported - Update Network Proxies dialog in GUI to support UNIX sockets ACKs for top commit: Sjors: re-ACK 567cec9 tdb3: re ACK for 567cec9. achow101: ACK 567cec9 vasild: ACK 567cec9 Tree-SHA512: de81860e56d5de83217a18df4c35297732b4ad491e293a0153d2d02a0bde1d022700a1131279b187ef219651487537354b9d06d10fde56225500c7e257df92c1
a584969 to
95fda8a
Compare
95fda8a to
7b4c7bd
Compare
|
🚧 At least one of the CI tasks failed. Make sure to run all tests locally, according to the Possibly this is due to a silent merge conflict (the changes in this pull request being Leave a comment here, if you need help tracking down a confusing failure. |
| {"-i2psam", false}, | ||
| {"-onion", true}, | ||
| {"-proxy", true}, | ||
| {"-rpcbind", false}, | ||
| {"-torcontrol", false}, | ||
| {"-whitebind", false}, | ||
| {"-zmqpubhashblock", true}, | ||
| {"-zmqpubhashtx", true}, | ||
| {"-zmqpubrawblock", true}, | ||
| {"-zmqpubrawtx", true}, | ||
| {"-zmqpubsequence", true} |
There was a problem hiding this comment.
unix socket support for i2psam and rpcbind will be implemented in future work, so this little matrix is anticipating that
src/zmq/zmqnotificationinterface.cpp
Outdated
| for (const std::string& address : gArgs.GetArgs(arg)) { | ||
| for (std::string& address : gArgs.GetArgs(arg)) { | ||
| // libzmq uses prefix "ipc://" for UNIX domain sockets | ||
| ReplaceAll(address, ADDR_PREFIX_UNIX, ADDR_PREFIX_IPC); |
There was a problem hiding this comment.
Is ReplaceAll the right function to use here?
Sure, it's unlikely for it to appear multiple times, but from a principle of least surprise angle, it'd make sense to only replace the prefix.
7b4c7bd to
63cc219
Compare
|
Rebasing on master since one commit was merged separately in #29649 |
63cc219 to
21d0e6c
Compare
|
Thanks so much for your review @laanwj addressed your comments |
|
Looks good to me now |
re ACK for 21d0e6c Retested the following:
p.s. Looks like the invalid port error message is duplicated. |
|
ACK 21d0e6c |
Based on Github-Pull: bitcoin#27679 Based on: c87b0a0
Github-Pull: bitcoin#27679 Rebased-From: 791dea2
| }) { | ||
| for (const std::string& socket_addr : args.GetArgs(port_option)) { | ||
| const std::string arg{port_option.first}; | ||
| const bool unix{port_option.second}; |
There was a problem hiding this comment.
FYI https://github.com/bitcoin/bitcoin/runs/24257306970:
init.cpp: In function ‘bool AppInitMain(node::NodeContext&, interfaces::BlockAndHeaderTipInfo*)’:
init.cpp:1319:20: error: unused variable ‘unix’ [-Werror=unused-variable]
1319 | const bool unix{port_option.second};
| ^~~~There was a problem hiding this comment.
No warnings for me locally using
x86_64-w64-mingw32-g++-posix (GCC) 13-posix
There was a problem hiding this comment.
No warnings for me locally using
Did you turn on the relevant warning flag
There was a problem hiding this comment.
No warnings for me locally using
Did you turn on the relevant warning flag
My bad! 🤦
fa9abf9 refactor: Avoid unused-variable warning in init.cpp (MarcoFalke) Pull request description: Fixes #27679 (comment) ACKs for top commit: TheCharlatan: ACK fa9abf9 Tree-SHA512: dcf56d7aa68578ba611a2dc591de036ab1d08f7f4dfb35d325ecf7241d8e17abc0af7005b96c44da9777adc36961b4da7fdde282a1ab0e0a6f229c8108923101
, bitcoin#29649, bitcoin#27679, bitcoin#29968, partial bitcoin#26312 (UNIX domain sockets support) 10c7c1d merge bitcoin#29968: Avoid unused-variable warning in init.cpp (Kittywhiskers Van Gogh) 82a0fb2 merge bitcoin#27679: Support UNIX domain sockets (Kittywhiskers Van Gogh) a23d651 merge bitcoin#29649: remove unnecessary log message (Kittywhiskers Van Gogh) 343bf83 merge bitcoin#27375: support unix domain sockets for -proxy and -onion (Kittywhiskers Van Gogh) 0fd83f3 merge bitcoin#28695: Sanity check private keys received from SAM proxy (Kittywhiskers Van Gogh) 6e55ab5 partial bitcoin#26312: Remove Sock::Get() and Sock::Sock() (Kittywhiskers Van Gogh) 859da12 merge bitcoin#22087: Validate port-options (Kittywhiskers Van Gogh) Pull request description: ## Additional Information * Depends on #6630 ## Breaking Changes None expected. ## Checklist - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas **(note: N/A)** - [x] I have added or updated relevant unit/integration/functional/e2e tests - [x] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: UdjinM6: utACK 10c7c1d Tree-SHA512: cf3bb84a34315fd188bf1427f59e8b050a04f26d2d4a152a8477c50daef154b35e0f29e49787ac8b585078e985d7192bc39bde27ea39a3b547c297cb2fc3a2ae
This is a follow-up to #27375, allowing ZMQ notifications to be published to a UNIX domain socket.
Fortunately, libzmq handles unix sockets already, all we really have to do to support it is allow the format in the actual option.
libzmq uses the prefix
ipc://as opposed tounix:which is used by Tor and now also by bitcoind so we need to switch that internally.As far as I can tell, LND supports
ipc://andunix://(notice the double slashes).With this patch, LND can connect to bitcoind using unix sockets:
Example:
bitcoin.conf:
lnd.conf: