Add Tor support for outbound connections via SOCKS #778
+186
−31
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -45,7 +45,7 @@ use vss_client::headers::VssHeaderProvider; | |
| use crate::chain::ChainSource; | ||
| use crate::config::{ | ||
| default_user_config, may_announce_channel, AnnounceError, AsyncPaymentsRole, | ||
| BitcoindRestClientConfig, Config, ElectrumSyncConfig, EsploraSyncConfig, TorConfig, | ||
| DEFAULT_ESPLORA_SERVER_URL, DEFAULT_LOG_FILENAME, DEFAULT_LOG_LEVEL, | ||
| }; | ||
| use crate::connection::ConnectionManager; | ||
|
|
@@ -165,6 +165,8 @@ pub enum BuildError { | |
| InvalidListeningAddresses, | ||
| /// The given announcement addresses are invalid, e.g. too many were passed. | ||
| InvalidAnnouncementAddresses, | ||
| /// The given tor proxy address is invalid, e.g. an onion address was passed. | ||
| InvalidTorProxyAddress, | ||
| /// The provided alias is invalid. | ||
| InvalidNodeAlias, | ||
| /// An attempt to setup a runtime has failed. | ||
|
|
@@ -206,6 +208,7 @@ impl fmt::Display for BuildError { | |
| Self::InvalidAnnouncementAddresses => { | ||
| write!(f, "Given announcement addresses are invalid.") | ||
| }, | ||
| Self::InvalidTorProxyAddress => write!(f, "Given Tor proxy address is invalid."), | ||
| Self::RuntimeSetupFailed => write!(f, "Failed to setup a runtime."), | ||
| Self::ReadFailed => write!(f, "Failed to read from store."), | ||
| Self::WriteFailed => write!(f, "Failed to write to store."), | ||
|
|
@@ -523,6 +526,23 @@ impl NodeBuilder { | |
| Ok(self) | ||
| } | ||
|
|
||
| /// Configures the [`Node`] instance to use a Tor SOCKS proxy for outbound connections to peers with OnionV3 addresses. | ||
| /// Connections to clearnet addresses are not affected, and are not made over Tor. | ||
| /// The proxy address must not itself be an onion address. | ||
| /// | ||
| /// **Note**: If unset, connecting to peer OnionV3 addresses will fail. | ||
| pub fn set_tor_config(&mut self, tor_config: TorConfig) -> Result<&mut Self, BuildError> { | ||
| match tor_config.proxy_address { | ||
| SocketAddress::OnionV2 { .. } | SocketAddress::OnionV3 { .. } => { | ||
| return Err(BuildError::InvalidTorProxyAddress); | ||
| }, | ||
| _ => {}, | ||
| } | ||
|
|
||
| self.config.tor_config = Some(tor_config); | ||
| Ok(self) | ||
| } | ||
|
|
||
| /// Sets the node alias that will be used when broadcasting announcements to the gossip | ||
| /// network. | ||
| /// | ||
|
|
@@ -957,6 +977,15 @@ impl ArcedNodeBuilder { | |
| self.inner.write().unwrap().set_announcement_addresses(announcement_addresses).map(|_| ()) | ||
| } | ||
|
|
||
| /// Configures the [`Node`] instance to use a Tor SOCKS proxy for outbound connections to peers with OnionV3 addresses. | ||
| /// Connections to clearnet addresses are not affected, and are not made over Tor. | ||
| /// The proxy address must not itself be an onion address. | ||
| /// | ||
| /// **Note**: If unset, connecting to peer OnionV3 addresses will fail. | ||
| pub fn set_tor_config(&self, tor_config: TorConfig) -> Result<(), BuildError> { | ||
| self.inner.write().unwrap().set_tor_config(tor_config).map(|_| ()) | ||
| } | ||
|
|
||
| /// Sets the node alias that will be used when broadcasting announcements to the gossip | ||
| /// network. | ||
| /// | ||
|
|
@@ -1146,6 +1175,15 @@ fn build_with_store_internal( | |
| } | ||
| } | ||
|
|
||
| if let Some(tor_config) = &config.tor_config { | ||
| match tor_config.proxy_address { | ||
| SocketAddress::OnionV2 { .. } | SocketAddress::OnionV3 { .. } => { | ||
| return Err(BuildError::InvalidTorProxyAddress); | ||
| }, | ||
| _ => {}, | ||
| } | ||
| } | ||
|
Comment on lines
+1178
to
+1185
Contributor
There was a problem hiding this comment. Do we put this here in addition to the validation in |
||
|
|
||
| let tx_broadcaster = Arc::new(TransactionBroadcaster::new(Arc::clone(&logger))); | ||
| let fee_estimator = Arc::new(OnchainFeeEstimator::new()); | ||
|
|
||
|
|
@@ -1779,8 +1817,12 @@ fn build_with_store_internal( | |
|
|
||
| liquidity_source.as_ref().map(|l| l.set_peer_manager(Arc::downgrade(&peer_manager))); | ||
|
|
||
| let connection_manager = Arc::new(ConnectionManager::new( | ||
| Arc::clone(&peer_manager), | ||
| config.tor_config.clone(), | ||
| Arc::clone(&keys_manager), | ||
|
Contributor
There was a problem hiding this comment. I want to confirm we are ok with using the same
Contributor
Author
There was a problem hiding this comment. Looking at this again, we could also create a new set of random bytes from Then this entropy source should have no interaction with the one used for BOLT8 ephemeral keys. Lmk if you prefer that approach, happy to make the change if so.
Contributor
There was a problem hiding this comment. Right @tnull you suggested we pass the
Collaborator
There was a problem hiding this comment. Yeah, I think either is fine. |
||
| Arc::clone(&logger), | ||
| )); | ||
|
|
||
| let output_sweeper = match sweeper_bytes_res { | ||
| Ok(output_sweeper) => Arc::new(output_sweeper), | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we should move this check to the
buildstep so it happens also when set viaBuilder::from_config? Not sure if we even need this setter then?Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with also having the check there, though I'll note that there are checks in other setters, like
set_announcement_addresses()andset_listening_addresses(), that aren't mirrored inbuild_with_store_internal()right now.I'd prefer to keep the setter (since I'm using the others as well), but can remove it if needed.