-
Notifications
You must be signed in to change notification settings - Fork 906
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
display a warning if the user use --proxy and hidden service and not … #3249
Conversation
1be1379
to
b4d1b98
Compare
What do you think of disabling DNS if |
lightningd/options.c
Outdated
|
||
if (ld->proxyaddr && (!ld->use_proxy_always || ld->config.use_dns)) { | ||
if (tal_count(ld->proposed_wireaddr) != 0 | ||
&& some_tor_addresses(ld->proposed_wireaddr)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indentation :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think of disabling DNS if --use-always-proxy=true ?
actually doing the follow PR right now
`if (!daemon->use_proxy_always)
if (broken_resolver(daemon)) {
or so ...
Then all is according to the docu of the flag`
lightningd/options.c
Outdated
|
||
if (ld->proxyaddr && (!ld->use_proxy_always || ld->config.use_dns)) { | ||
if (tal_count(ld->proposed_wireaddr) != 0 && some_tor_addresses(ld->proposed_wireaddr)) { | ||
log_unusual(ld->log, "WARNING: Your Tor proxy setup with use of hidden service address" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
log_unusual(ld->log, "WARNING: Your Tor proxy setup with use of hidden service address" | |
log_unusual(ld->log, "WARNING: Your Tor proxy setup with use of hidden service address" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK a954dee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Warning and changelog text could be grammatically correct. Possible improvements:
-
WARNING: Your Tor proxy setup with hidden service address, --always-use-proxy=true and --disable-dns is not recommended. You have configured a possible dns leak of your hidden service. Please enable both options, we hope you know what you are doing!
-
Changelog-Changed: Warn users about a possible Tor dns/ip leak
But im not a native english speaker either. Meybe they could jump in...
lightningd/options.c
Outdated
if (ld->proxyaddr && (!ld->use_proxy_always || ld->config.use_dns)) { | ||
if (tal_count(ld->proposed_wireaddr) != 0 && some_tor_addresses(ld->proposed_wireaddr)) { | ||
log_unusual(ld->log, "WARNING: Your Tor proxy setup with use of hidden service address" | ||
" and --allways-use-proxy=%s and --disable-dns=%s" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
spelling: --always-use-proxy, --disable-dns (without argument)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WARNING: Your Tor setup use a hidden service address --always-use-proxy=false and --disable-dns not set is not recommended, please set --always-use-proxy=true and use --disable-dns, we hope you know what you are doing!
c-lightning try to help you and detected that you have configured a possible dns leak of your hidden service
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, much more understandable.
WARNING: Your Tor setup uses a hidden service address with --always-use-proxy=false and without --disable-dns which is not recommended. Please set --always-use-proxy=true and use --disable-dns, we hope you know what you are doing!
c-lightning is trying to help you because it detected that you have configured a possible dns leak of your hidden service.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you too, you caught one, but now its enough for me, since I fear that ends in tautologies.
Some say I am as polite and hansom as a satoshi, but I clearly differ when there is no real progress, then I tent to get rude and bossy.
Here is the bossy unfair mean and I feel a shame for exscript of the original draft of this PR and some hints for the next party, where some caught the front row tick tick tok
Cybermen have tagged your system for upgrade by low r value and the doctor is out of town ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was no ill intent in my posts. We can leave it as it is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
keep CALM, You are clearly welcome and even now there is one mistype, if you insist, I will change the p to P to make you happy
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i dont insist on anything - its your call. And this PR does not affect my feelings whatsoever.
…disables dns @bitcoin-software reported the default behavior is in UX therms not what the users expects if --proxy is configured. Users tent to associate with the term proxy, that all traffic is routed trough the proxy. We should warn the user, if he not selects also --use-always-proxy=true and disable-dns, when having defined and used also a hidden-service. The default behavior is that ipv4/6 FQDN will be resolved locally, since we use tor socks5 proxy for onion address with the socks4a improvement we could and should let Tor do the dns. Changelog-Changed: Warn users if they about to config a possible dns leak Signed-off-by: Saibato <saibato.naga@pm.me>
Hmm, if this change is desired, we should go further:
That's pretty clear, I think? Personally, I want my node to be able to reach nodes on Tor, but I don't need most traffic over it. |
Me too, AFAICS the new logo of Tor is "Take back the internet with Tor" , c-ln's Tor implementation is unique in LN space ( gretz and thx to MIT and hobbit ), since we have this true quiet mode ( if we want ). If Tor is the default and all have a this semi unique Tor address bound to node id fine, most traffic from node to node will be intern relayed and never leave Tor. I agree to reach Ip address directly should never be removed, we could add a random jitter between the hopps and the first exit to ip that should be enough, to not called out as doxy app. In so far, this PR must not be applied, if we are crystal clear in documentation and defaults, what we try to do here. We are in early stages and most users up till now don't need this warning, since they are mostly deep techie and know. For historical purpose, I personally would like the discussion here and not in semi hidden telegram or signal channels, since such channeled unopen discussion modes are often the begin of control structures applied. I like your suggestion of --proxy-tor-only and to change the defaults of proxy, how about --add --tor= soly for tor socks ?. And have --proxy for general socks4/5 proxy ? I push a WIP --proxy-tor-only and to change the defaults, today that could trigger this discussion further. |
Not at all, thanks for the PR, and feel free to reopen later or file an issue to track progress 👍 |
…disables dns
As @bitcoin-software reported the default behavior is in UX therms
not what the users expects if --proxy is configured. Users tent to associate
with the term proxy, that all traffic is routed trough the proxy.
We should warn the user also in the logs and on startup, if he not selects also --use-always-proxy=true
and --disable-dns, when having defined and used also a hidden service.
The default behavior is that ipv4/6 FQDN will be resolved locally,
since we use tor socks5 proxy for onion address with the socks4a improvement,
the user could and should let Tor do the dns.
Changelog-Changed: Warn the users that he had configed a possible tor dns/ip leak