567cec9a05 doc: add release notes and help text for unix sockets (Matthew Zipkin)
bfe5192891 test: cover UNIX sockets in feature_proxy.py (Matthew Zipkin)
c65c0d0163 init: allow UNIX socket path for -proxy and -onion (Matthew Zipkin)
c3bd43142e gui: accomodate unix socket Proxy in updateDefaultProxyNets() (Matthew Zipkin)
a88bf9dedd i2p: construct Session with Proxy instead of CService (Matthew Zipkin)
d9318a37ec net: split ConnectToSocket() from ConnectDirectly() for unix sockets (Matthew Zipkin)
ac2ecf3182 proxy: rename randomize_credentials to m_randomize_credentials (Matthew Zipkin)
a89c3f59dc netbase: extend Proxy class to wrap UNIX socket as well as TCP (Matthew Zipkin)
3a7d6548ef net: move CreateSock() calls from ConnectNode() to netbase methods (Matthew Zipkin)
74f568cb6f netbase: allow CreateSock() to create UNIX sockets if supported (Matthew Zipkin)
bae86c8d31 netbase: refactor CreateSock() to accept sa_family_t (Matthew Zipkin)
adb3a3e51d configure: test for unix domain sockets (Matthew Zipkin)
Pull request description:
Closes https://github.com/bitcoin/bitcoin/issues/27252
UNIX domain sockets are a mechanism for inter-process communication that are faster than local TCP ports (because there is no need for TCP overhead) and potentially more secure because access is managed by the filesystem instead of serving an open port on the system.
There has been work on [unix domain sockets before](https://github.com/bitcoin/bitcoin/pull/9979) but for now I just wanted to start on this single use-case which is enabling unix sockets from the client side, specifically connecting to a local Tor proxy (Tor can listen on unix sockets and even enforces strict curent-user-only access permission before binding) configured by `-onion=` or `-proxy=`
I copied the prefix `unix:` usage from Tor. With this patch built locally you can test with your own filesystem path (example):
`tor --SocksPort unix:/Users/matthewzipkin/torsocket/x`
`bitcoind -proxy=unix:/Users/matthewzipkin/torsocket/x`
Prep work for this feature includes:
- Moving where and how we create `sockaddr` and `Sock` to accommodate `AF_UNIX` without disturbing `CService`
- Expanding `Proxy` class to represent either a `CService` or a UNIX socket (by its file path)
Future work:
- Enable UNIX sockets for ZMQ (https://github.com/bitcoin/bitcoin/pull/27679)
- Enable UNIX sockets for I2P SAM proxy (some code is included in this PR but not tested or exposed to user options yet)
- Enable UNIX sockets on windows where supported
- Update Network Proxies dialog in GUI to support UNIX sockets
ACKs for top commit:
Sjors:
re-ACK 567cec9a05
tdb3:
re ACK for 567cec9a05.
achow101:
ACK 567cec9a05
vasild:
ACK 567cec9a05
Tree-SHA512: de81860e56d5de83217a18df4c35297732b4ad491e293a0153d2d02a0bde1d022700a1131279b187ef219651487537354b9d06d10fde56225500c7e257df92c1
argsman.AddArg("-maxsendbuffer=<n>",strprintf("Maximum per-connection memory usage for the send buffer, <n>*1000 bytes (default: %u)",DEFAULT_MAXSENDBUFFER),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-maxtimeadjustment",strprintf("Maximum allowed median peer time offset adjustment. Local perspective of time may be influenced by outbound peers forward or backward by this amount (default: %u seconds).",DEFAULT_MAX_TIME_ADJUSTMENT),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-maxuploadtarget=<n>",strprintf("Tries to keep outbound traffic under the given target per 24h. Limit does not apply to peers with 'download' permission or blocks created within past week. 0 = no limit (default: %s). Optional suffix units [k|K|m|M|g|G|t|T] (default: M). Lowercase is 1000 base while uppercase is 1024 base",DEFAULT_MAX_UPLOAD_TARGET),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
#if HAVE_SOCKADDR_UN
argsman.AddArg("-onion=<ip:port|path>","Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy). May be a local file path prefixed with 'unix:'.",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
#else
argsman.AddArg("-onion=<ip:port>","Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
#endif
argsman.AddArg("-i2psam=<ip:port>","I2P SAM proxy to reach I2P peers and accept I2P connections (default: none)",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-i2pacceptincoming",strprintf("Whether to accept inbound I2P connections (default: %i). Ignored if -i2psam is not set. Listening for inbound I2P connections is done through the SAM proxy, not by binding to a local address and port.",DEFAULT_I2P_ACCEPT_INCOMING),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-onlynet=<net>","Make automatic outbound connections only to network <net> ("+Join(GetNetworkNames(),", ")+"). Inbound and manual connections are not affected by this option. It can be specified multiple times to allow multiple networks.",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
// TODO: remove the sentence "Nodes not using ... incoming connections." once the changes from
// https://github.com/bitcoin/bitcoin/pull/23542 have become widespread.
argsman.AddArg("-port=<port>",strprintf("Listen for connections on <port>. Nodes not using the default ports (default: %u, testnet: %u, signet: %u, regtest: %u) are unlikely to get incoming connections. Not relevant for I2P (see doc/i2p.md).",defaultChainParams->GetDefaultPort(),testnetChainParams->GetDefaultPort(),signetChainParams->GetDefaultPort(),regtestChainParams->GetDefaultPort()),ArgsManager::ALLOW_ANY|ArgsManager::NETWORK_ONLY,OptionsCategory::CONNECTION);
#if HAVE_SOCKADDR_UN
argsman.AddArg("-proxy=<ip:port|path>","Connect through SOCKS5 proxy, set -noproxy to disable (default: disabled). May be a local file path prefixed with 'unix:' if the proxy supports it.",ArgsManager::ALLOW_ANY|ArgsManager::DISALLOW_ELISION,OptionsCategory::CONNECTION);
#else
argsman.AddArg("-proxy=<ip:port>","Connect through SOCKS5 proxy, set -noproxy to disable (default: disabled)",ArgsManager::ALLOW_ANY|ArgsManager::DISALLOW_ELISION,OptionsCategory::CONNECTION);
#endif
argsman.AddArg("-proxyrandomize",strprintf("Randomize credentials for every proxy connection. This enables Tor stream isolation (default: %u)",DEFAULT_PROXYRANDOMIZE),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-seednode=<ip>","Connect to a node to retrieve peer addresses, and disconnect. This option can be specified multiple times to connect to multiple nodes.",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-networkactive","Enable all P2P network activity (default: 1). Can be changed by the setnetworkactive RPC command",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
LogPrintLevel(BCLog::PROXY,BCLog::Level::Debug,"Using proxy: %s to connect to %s:%s\n",proxy.ToString(),addrConnect.ToStringAddr(),addrConnect.GetPort());