Merge bitcoin/bitcoin#22834: net: respect -onlynet= when making outbound connections

0eea83a85e scripted-diff: rename `proxyType` to `Proxy` (Vasil Dimov) e53a8505db net: respect -onlynet= when making outbound connections (Vasil Dimov) Pull request description: Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednode`. Fixes https://github.com/bitcoin/bitcoin/issues/13378 Fixes https://github.com/bitcoin/bitcoin/issues/22647 Supersedes https://github.com/bitcoin/bitcoin/pull/22651 ACKs for top commit: naumenkogs: utACK 0eea83a85e prayank23: reACK 0eea83a85e jonatack: ACK 0eea83a85e code review, rebased to master, debug built, and did some manual testing with various config options on signet Tree-SHA512: 37d68b449dd6d2715843fc84d85f48fa2508be40ea105a7f4a28443b318d0b6bd39e3b2ca2a6186f2913836adf08d91038a8b142928e1282130f39ac81aa741b
2025-11-10 22:18:54 +01:00 · 2022-03-01 18:31:05 +01:00
parent 024b8e12a5 0eea83a85e
commit 848b11615b
14 changed files with 72 additions and 52 deletions
--- a/src/torcontrol.cpp
+++ b/src/torcontrol.cpp
@@ -382,9 +382,24 @@ void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply&
        // if -onion isn't set to something else.
        if (gArgs.GetArg("-onion", "") == "") {
            CService resolved(LookupNumeric("127.0.0.1", 9050));
-            proxyType addrOnion = proxyType(resolved, true);
+            Proxy addrOnion = Proxy(resolved, true);
            SetProxy(NET_ONION, addrOnion);
-            SetReachable(NET_ONION, true);
+
+            const auto onlynets = gArgs.GetArgs("-onlynet");
+
+            const bool onion_allowed_by_onlynet{
+                !gArgs.IsArgSet("-onlynet") ||
+                std::any_of(onlynets.begin(), onlynets.end(), [](const auto& n) {
+                    return ParseNetwork(n) == NET_ONION;
+                })};
+
+            if (onion_allowed_by_onlynet) {
+                // If NET_ONION is reachable, then the below is a noop.
+                //
+                // If NET_ONION is not reachable, then none of -proxy or -onion was given.
+                // Since we are here, then -torcontrol and -torpassword were given.
+                SetReachable(NET_ONION, true);
+            }
        }

        // Finally - now create the service