net: respect -onlynet= when making outbound connections

Do not make outbound connections to hosts which belong to a network which is restricted by `-onlynet`. This applies to hosts that are automatically chosen to connect to and to anchors. This does not apply to hosts given to `-connect`, `-addnode`, `addnode` RPC, dns seeds, `-seednodes`. Fixes https://github.com/bitcoin/bitcoin/issues/13378 Fixes https://github.com/bitcoin/bitcoin/issues/22647 Supersedes https://github.com/bitcoin/bitcoin/pull/22651
2026-01-18 22:35:39 +01:00 · 2021-08-30 14:33:29 +02:00
parent 9394964f6b
commit e53a8505db
6 changed files with 45 additions and 25 deletions
--- a/doc/i2p.md
+++ b/doc/i2p.md
@@ -67,11 +67,7 @@ logging` for more information.

 Make outgoing connections only to I2P addresses. Incoming connections are not
 affected by this option. It can be specified multiple times to allow multiple
-network types, e.g. onlynet=ipv4, onlynet=ipv6, onlynet=onion, onlynet=i2p.
-
-Warning: if you use -onlynet with values other than onion, and the -onion or
-proxy option is set, then outgoing onion connections will still be made; use
-noonion or -onion=0 to disable outbound onion connections in this case.
+network types, e.g. onlynet=onion, onlynet=i2p.

 I2P support was added to Bitcoin Core in version 22.0 and there may be fewer I2P
 peers than Tor or IP ones. Therefore, using I2P alone without other networks may
--- a/doc/release-notes.md
+++ b/doc/release-notes.md
@@ -131,6 +131,12 @@ Updated settings
  E.g. `-maxuploadtarget=500g`. No whitespace, +- or fractions allowed.
  Default is `M` if no suffix provided. (#23249)

+- If `-proxy=` is given together with `-noonion` then the provided proxy will
+  not be set as a proxy for reaching the Tor network. So it will not be
+  possible to open manual connections to the Tor network for example with the
+  `addnode` RPC. To mimic the old behavior use `-proxy=` together with
+  `-onlynet=` listing all relevant networks except `onion`. (#22834)
+
 Tools and Utilities
 -------------------

--- a/doc/tor.md
+++ b/doc/tor.md
@@ -56,11 +56,7 @@ outgoing connections, but more is possible.
    -onlynet=onion  Make outgoing connections only to .onion addresses. Incoming
                    connections are not affected by this option. This option can be
                    specified multiple times to allow multiple network types, e.g.
-                    onlynet=ipv4, onlynet=ipv6, onlynet=onion, onlynet=i2p.
-                    Warning: if you use -onlynet with values other than onion, and
-                    the -onion or -proxy option is set, then outgoing onion
-                    connections will still be made; use -noonion or -onion=0 to
-                    disable outbound onion connections in this case.
+                    onlynet=onion, onlynet=i2p.

 In a typical situation, this suffices to run behind a Tor proxy: