Integrate new tor libraty to support pluggable transports

[ManfredKarrer]

There is a new version [1] of the tor proxy library from the developer who has worked on the initial version [2] which supports pluggable transports.

It will require minor API adoption and thoroughly testing. With that library the firewall problems for Chinese users should be solved (Obfusc4, Meek should work to get over the GFW).
That library uses 2 other sub libs which might also require an update. They should be extracted to separate projects as well (currently they are modules inside Bisq).

[1] https://github.com/JesusMcCloud/netlayer
[2] https://github.com/bisq-network/exchange/tree/master/jtorproxy

[mrosseel]

I’m having one remaining problem with the netlayer integration (all the rest is working): I can connect to onion addresses of peers, but the bitcoin seed nodes are unreachable.
These are all clearnet addresses (haven’t tried with onion nodes). The error happens inside bitcoinj, this is the error:

Nov-03 10:37:14.598 [BlockingClient network thread for dnsseed.bluematt.me/75.40.139.204:8333] ERROR o.b.n.BlockingClient: Error trying to open/read from connection: dnsseed.bluematt.me/75.40.139.204:8333: SOCKS: Connection not allowed by ruleset

Anyone has an idea?

[ManfredKarrer]

Can you check at the API call to BitcoinJ what is passed in the current version and what is passed in the new version?

[JesusMcCloud]

This error can have various reasons. It essentially means that tor cannot connect to the destination. Unfortunately this is all the semantics you get from this error message. In could even be a local firewall problem (after all, this is a new binary). It could be that the seed node is blocking connections from the exit node your current tor circuit is using.
Unfortunately I don't have any time to investigate.
However, this issue did pop up some time in 2016, and @dan-da found a solution back then.

[mrosseel]

I had already reviewed dan-da's bitcoinj commits but your linked issue explains everything in detail, should be able to resolve it using that. Thanks!

[mrosseel]

after a quick read, it seems the main thing is to set the torrc option SafeSocks to 0. I found a torrc in the netlayer lib so will change it there and test.

[JesusMcCloud]

You are right, there is no way to override the default torrc. Unfortunately, I am really swamped with work at the moment, so the best I can do is open an issue.

[ManfredKarrer]

In fact the SafeSocks 0 was just hiding another bug that we were leaking at DNS lookups and not using our DnsLookupTor. So it would be even better to set it to 1 to ensure we are not leaking. I think default it is set to 1 as well, so not urgent but might be good to have it explicit.

[ManfredKarrer]

Will close that for now as it is integrated (develoment branch atm). There might be minor improvements (config proxy, support OS wide Tor binay, config port, add key/val pairs to trorc,..) but the basics functionality to support pluggable transports works and should help those who are blocked by authoritarian regimes.