On whonix, always connect through the system Tor SOCKS5 proxy

On whonix, collect $TOR_SOCKS_* and use that as the default Transport.
Listening on a hidden service is not supported
(cf. #391 (comment)).

  # TOR_SOCKS_HOST=127.0.0.1 TOR_SOCKS_PORT=46105 ./target/debug/asb --testnet start
  2025-10-20T00:59:02.523377742Z  INFO swap::common::tracing_util: swap/src/common/tracing_util.rs:225: Initialized tracing. General logs will be written to swap-all.log, and verbose logs to tracing*.log level_filter=debug logs_dir=/home/nabijaczleweli/.local/share/xmr-btc-swap/asb/testnet/logs
  2025-10-20T00:59:02.523734203Z  INFO asb: swap-asb/src/main.rs:59: Setting up context binary="asb" version="3.2.0-rc.4" os="linux" arch="x86_64"
  2025-10-20T00:59:02.524117896Z DEBUG swap::seed: swap/src/seed.rs:128: Reading in seed from /home/nabijaczleweli/.local/share/xmr-btc-swap/asb/testnet/seed.pem
  2025-10-20T00:59:02.524380312Z DEBUG swap::database: swap/src/database.rs:99: Using existing sqlite database.
  2025-10-20T00:59:02.527334775Z  INFO asb: swap-asb/src/main.rs:176: Not tipping the developers (maker.developer_tip = 0 or not set in config)
  2025-10-20T00:59:02.527582262Z DEBUG asb: swap-asb/src/main.rs:613: Initializing Monero wallets
  2025-10-20T00:59:02.527860291Z  INFO monero_rpc_pool::database: monero-rpc-pool/src/database.rs:45: Using database at /home/nabijaczleweli/.local/share/xmr-btc-swap/asb/testnet/monero-rpc-pool/nodes_v3.db
  2025-10-20T00:59:02.539417001Z  INFO monero_rpc_pool::database: monero-rpc-pool/src/database.rs:59: Database migration completed
  2025-10-20T00:59:02.585025016Z  INFO monero_rpc_pool: monero-rpc-pool/src/lib.rs:174: Started server on 127.0.0.1:45251 (random port)
  2025-10-20T00:59:02.585302006Z  INFO asb: swap-asb/src/main.rs:637: Monero RPC Pool started for ASB on http://127.0.0.1:45251
  2025-10-20T00:59:02.590742943Z DEBUG monero_sys: monero-sys/src/lib.rs:1354: Updating wallet manager's remote node address=127.0.0.1:45251
  2025-10-20T00:59:09.182046612Z DEBUG monero_sys: monero-sys/src/lib.rs:1116: Opening or creating wallet path=/home/nabijaczleweli/.local/share/xmr-btc-swap/asb/testnet/monero/wallets/asb-wallet
  2025-10-20T00:59:09.182339945Z DEBUG monero_sys: monero-sys/src/lib.rs:1367: Checking if wallet exists path=/home/nabijaczleweli/.local/share/xmr-btc-swap/asb/testnet/monero/wallets/asb-wallet
  2025-10-20T00:59:09.182665481Z DEBUG monero_sys: monero-sys/src/lib.rs:1120: Wallet already exists, opening it wallet=/home/nabijaczleweli/.local/share/xmr-btc-swap/asb/testnet/monero/wallets/asb-wallet
  2025-10-20T00:59:09.182925233Z DEBUG monero_sys: monero-sys/src/lib.rs:1318: Opening wallet path=/home/nabijaczleweli/.local/share/xmr-btc-swap/asb/testnet/monero/wallets/asb-wallet
  2025-10-20T00:59:09.844215951Z DEBUG monero_sys: monero-sys/src/lib.rs:1489: Initializing wallet address=5AiDHB58fhFHB8u4uoSE8YHKbSxCEN8onDh4S8PKKQqMN2MekXNAJB42foDBgNq2wUAGnNzfZeEVfhwHQ6837Yf25gm6jmS
  2025-10-20T00:59:09.844695338Z DEBUG monero_sys: monero-sys/src/lib.rs:1577: Initializing wallet daemon_address=127.0.0.1:45251 ssl=false
  2025-10-20T00:59:12.471017858Z DEBUG monero_sys: monero-sys/src/lib.rs:1502: Initialized wallet, setting daemon address
  2025-10-20T00:59:12.471279924Z DEBUG monero_sys: monero-sys/src/lib.rs:1552: Setting daemon address address=127.0.0.1:45251 ssl=false
  2025-10-20T00:59:14.216130174Z DEBUG monero_sys: monero-sys/src/lib.rs:1507: Background sync enabled, starting refresh thread
  2025-10-20T00:59:14.243361749Z  INFO asb: swap-asb/src/main.rs:186: Monero wallet address monero_address=5AiDHB58fhFHB8u4uoSE8YHKbSxCEN8onDh4S8PKKQqMN2MekXNAJB42foDBgNq2wUAGnNzfZeEVfhwHQ6837Yf25gm6jmS
  2025-10-20T00:59:14.244657192Z  WARN asb: swap-asb/src/main.rs:196: The Monero balance is 0, make sure to deposit funds at monero_address=5AiDHB58fhFHB8u4uoSE8YHKbSxCEN8onDh4S8PKKQqMN2MekXNAJB42foDBgNq2wUAGnNzfZeEVfhwHQ6837Yf25gm6jmS
  2025-10-20T00:59:14.245413828Z DEBUG asb: swap-asb/src/main.rs:574: Opening Bitcoin wallet
  2025-10-20T00:59:14.254739766Z DEBUG swap::bitcoin::wallet: swap/src/bitcoin/wallet.rs:621: Loading existing Bitcoin wallet from database
  2025-10-20T00:59:14.351859914Z  INFO asb: swap-asb/src/main.rs:601: Skipping Bitcoin wallet sync because we are only using it for receiving funds
  2025-10-20T00:59:14.352228163Z  INFO asb: swap-asb/src/main.rs:218: Bitcoin wallet balance bitcoin_balance=0 BTC
  2025-10-20T00:59:14.352228163Z  INFO asb: swap-asb/src/main.rs:218: Bitcoin wallet balance bitcoin_balance=0 BTC
  2025-10-20T00:59:14.352573504Z  INFO swap_env::env: swap-env/src/env.rs:147: On whonix, not starting Tor
  2025-10-20T00:59:14.353600945Z DEBUG swap::common::tor: swap/src/common/tor.rs:192: Using SOCKS5 proxy at Ip(127.0.0.1:46105)

  # TOR_SOCKS_IPC_PATH=$PWD/SocksPort/sock ./target/debug/asb --testnet start
  2025-10-20T01:00:53.213704267Z  INFO asb: swap-asb/src/main.rs:218: Bitcoin wallet balance bitcoin_balance=0 BTC
  2025-10-20T01:00:53.214061031Z  INFO swap_env::env: swap-env/src/env.rs:147: On whonix, not starting Tor
  2025-10-20T01:00:53.215044718Z DEBUG swap::common::tor: swap/src/common/tor.rs:192: Using SOCKS5 proxy at Unix("/home/nabijaczleweli/uwu/another-bout/SocksPort/sock")

  $ tor ControlPort auto SocksPort unix:$PWD/uwu/another-bout/SocksPort/sock SafeLogging 0
  ...
  Oct 20 03:02:51.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
  Oct 20 03:02:51.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
  Oct 20 03:02:52.000 [notice] Bootstrapped 100% (done): Done
  Oct 20 03:03:20.000 [notice] Have tried resolving or connecting to address '94.74.164.77' at 3 different places. Giving up.
  Oct 20 03:03:29.000 [notice] Have tried resolving or connecting to address '94.74.164.77' at 3 different places. Giving up.

Author: nabijaczleweli

swap/Cargo.toml

@@ -42,7 +42,7 @@ ecdsa_fun = { workspace = true, features = ["libsecp_compat", "serde", "adaptor"
 ed25519-dalek = "1"
 electrum-pool = { path = "../electrum-pool" }
 fns = "0.0.7"
-futures = { workspace = true }
+futures = { workspace = true, features = ["compat", "io-compat"] }
 hex = { workspace = true }
 jsonrpsee = { workspace = true, features = ["server"] }
 libp2p = { workspace = true, features = ["tcp", "yamux", "dns", "noise", "request-response", "ping", "rendezvous", "identify", "macros", "cbor", "json", "tokio", "serde", "rsa"] }
@@ -91,6 +91,7 @@ void = "1"
 tokio = { workspace = true, features = ["process", "fs", "net", "parking_lot", "rt"] }
 tokio-tungstenite = { version = "0.15", features = ["rustls-tls"] }
 tokio-util = { workspace = true }
+tokio-socks = "0.5"
 
 tor-rtcompat = { workspace = true, features = ["tokio"] }
 tower = { version = "0.4.13", features = ["full"] }

swap/src/asb/network.rs

@@ -49,7 +49,7 @@ pub mod transport {
     ) -> Result<OnionTransportWithAddresses> {
         let mut onion_addresses = vec![];
         let maybe_tor_transport = if let Some(universal_config) = existing_tor_config() {
-            OrTransport::new(OptionalTransport::none(), OptionalTransport::some(todo!() as libp2p_tor::TorTransport))
+            OrTransport::new(OptionalTransport::none(), OptionalTransport::some(universal_config.transport()))
         } else if let Some(tor_client) = maybe_tor_client {
             let mut tor_transport =
                 libp2p_tor::TorTransport::from_client(tor_client, AddressConversion::DnsOnly);

swap/src/cli/transport.rs

@@ -29,7 +29,7 @@ pub fn new(
 
     let maybe_tor_transport = match (existing_tor_config(), maybe_tor_client) {
         (Some(universal_config), _) => {
-            OrTransport::new(OptionalTransport::none(), OptionalTransport::some(todo!() as libp2p_tor::TorTransport))
+            OrTransport::new(OptionalTransport::none(), OptionalTransport::some(universal_config.transport()))
         }
         (None, Some(client)) => OrTransport::new(OptionalTransport::some(libp2p_tor::TorTransport::from_client(
             client,

swap/src/common/tor.rs

@@ -1,5 +1,4 @@
-use std::sync::Arc;
-use std::{path::Path, time::Duration};
+use std::{net::SocketAddr, path::{PathBuf, Path}, sync::Arc, time::Duration};
 
 use crate::cli::api::tauri_bindings::{
     TauriBackgroundProgress, TauriEmitter, TauriHandle, TorBootstrapStatus,
@@ -9,10 +8,208 @@ use futures::StreamExt;
 use swap_env::env::is_whonix;
 use tor_rtcompat::tokio::TokioRustlsRuntime;
 
-pub enum RemoteTorClientConfig {}
-pub fn existing_tor_config() -> Option<RemoteTorClientConfig> {
+use libp2p::{Multiaddr, Transport, TransportError};
+use libp2p::core::multiaddr::Protocol;
+use libp2p::core::transport::{TransportEvent, ListenerId};
+use std::task::Poll;
+use std::pin::Pin;
+use std::task::Context;
+use std::future::Future;
+use tokio_socks::TargetAddr;
+use tokio_socks::tcp::Socks5Stream;
+use tokio::net::TcpStream;
+#[cfg(unix)]
+use tokio::net::UnixStream;
+use tokio::io::{AsyncRead, AsyncWrite};
+
+pub enum TcpOrUnixStream {
+    Tcp(TcpStream),
+    #[cfg(unix)]
+    Unix(UnixStream),
+}
+impl AsyncRead for TcpOrUnixStream {
+    fn poll_read(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        buf: &mut tokio::io::ReadBuf<'_>,
+    ) -> Poll<std::io::Result<()>> {
+        match self.get_mut() {
+            TcpOrUnixStream::Tcp(tsock) => AsyncRead::poll_read(Pin::new(tsock), cx, buf),
+            TcpOrUnixStream::Unix(sock) => AsyncRead::poll_read(Pin::new(sock), cx, buf),
+        }
+    }
+}
+impl AsyncWrite for TcpOrUnixStream {
+    fn poll_write(self: Pin<&mut Self>, cx: &mut Context<'_>, buf: &[u8]) -> Poll<std::io::Result<usize>> {
+        match self.get_mut() {
+            TcpOrUnixStream::Tcp(tsock) => AsyncWrite::poll_write(Pin::new(tsock), cx, buf),
+            TcpOrUnixStream::Unix(sock) => AsyncWrite::poll_write(Pin::new(sock), cx, buf),
+        }
+    }
+
+    fn poll_write_vectored(self: Pin<&mut Self>, cx: &mut Context<'_>, bufs: &[std::io::IoSlice<'_>],) -> Poll<std::io::Result<usize>> {
+        match self.get_mut() {
+            TcpOrUnixStream::Tcp(tsock) => AsyncWrite::poll_write_vectored(Pin::new(tsock), cx, bufs),
+            TcpOrUnixStream::Unix(sock) => AsyncWrite::poll_write_vectored(Pin::new(sock), cx, bufs),
+        }
+    }
+
+    fn is_write_vectored(&self) -> bool {
+        true
+    }
+
+    fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<std::io::Result<()>> {
+        match self.get_mut() {
+            TcpOrUnixStream::Tcp(tsock) => AsyncWrite::poll_flush(Pin::new(tsock), cx),
+            TcpOrUnixStream::Unix(sock) => AsyncWrite::poll_flush(Pin::new(sock), cx),
+        }
+    }
+
+    fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<std::io::Result<()>> {
+        match self.get_mut() {
+            TcpOrUnixStream::Tcp(tsock) => AsyncWrite::poll_shutdown(Pin::new(tsock), cx),
+            TcpOrUnixStream::Unix(sock) => AsyncWrite::poll_shutdown(Pin::new(sock), cx),
+        }
+    }
+}
+
+fn multi_to_socks(addr: &Multiaddr) -> Option<TargetAddr<'static>> {
+    let mut addr = addr.iter();
+    match (addr.next()?, addr.next()) {
+        (
+            Protocol::Dns(domain) | Protocol::Dns4(domain) | Protocol::Dns6(domain),
+            Some(Protocol::Tcp(port)),
+        ) => Some(TargetAddr::Domain(domain.into_owned().into(), port)),
+        (Protocol::Onion3(service), _) => {
+            let mut domain = data_encoding::BASE32.encode(service.hash()).to_lowercase();
+            domain.push_str(".onion");
+            Some(TargetAddr::Domain(domain.into(), service.port()))
+        }
+        (Protocol::Ip4(ip), Some(Protocol::Tcp(port))) => Some(TargetAddr::Ip(SocketAddr::from((ip, port)))),
+        (Protocol::Ip6(ip), Some(Protocol::Tcp(port))) => Some(TargetAddr::Ip(SocketAddr::from((ip, port)))),
+        _ => None,
+    }
+}
+#[cfg(test)]
+mod tests {
+    use tokio_socks::TargetAddr;
+    use std::net::{SocketAddr, Ipv6Addr, Ipv4Addr};
+
+    #[test]
+    fn multi_to_socks() {
+        let addresses = [
+            "/dns/ip.tld/tcp/10".parse().unwrap(),
+            "/dns4/dns.ip4.tld/tcp/11".parse().unwrap(),
+            "/dns6/dns.ip6.tld/tcp/12".parse().unwrap(),
+            "/onion3/cebulka7uxchnbpvmqapg5pfos4ngaxglsktzvha7a5rigndghvadeyd:13".parse().unwrap(),
+            "/ip4/127.0.0.1/tcp/10".parse().unwrap(),
+            "/ip6/::1/tcp/10".parse().unwrap(),
+        ];
+
+        let actual = addresses
+            .iter()
+            .filter_map(super::multi_to_socks)
+            .collect::<Vec<_>>();
+
+        assert_eq!(
+            &[
+                TargetAddr::Domain("ip.tld", 10),
+                TargetAddr::Domain("dns.ip4.tld", 11),
+                TargetAddr::Domain("dns.ip6.tld", 12),
+                TargetAddr::Domain("cebulka7uxchnbpvmqapg5pfos4ngaxglsktzvha7a5rigndghvadeyd.onion", 13),
+                TargetAddr::Ip(SocketAddr::new(Ipv4Addr::LOCALHOST.into(), 10)),
+                TargetAddr::Ip(SocketAddr::new(Ipv6Addr::LOCALHOST.into(), 10)),
+            ],
+            &actual[..]
+        );
+    }
+}
+
+pub struct Socks5Transport(Arc<SocksServerAddress>);
+impl Transport for Socks5Transport {
+    type Output = tokio_util::compat::Compat<TcpOrUnixStream>;
+    type Error = tokio_socks::Error;
+    type ListenerUpgrade = std::future::Pending<Result<Self::Output, Self::Error>>;
+    type Dial = Pin<Box<dyn Future<Output = Result<Self::Output, Self::Error>> + Send + 'static>>;
+
+    fn listen_on(
+        &mut self,
+        _: ListenerId,
+        addr: Multiaddr
+    ) -> Result<(), TransportError<Self::Error>> {
+        Err(TransportError::MultiaddrNotSupported(addr))
+    }
+
+    fn remove_listener(&mut self, _: ListenerId) -> bool {false}
+
+    fn dial(
+        &mut self,
+        addr: Multiaddr
+    ) -> Result<Self::Dial, TransportError<Self::Error>> {
+        let Some(target) = multi_to_socks(&addr) else { return Err(TransportError::MultiaddrNotSupported(addr)) };
+        let proxy = self.0.clone();
+
+        Ok(Box::pin(async move {
+            let sock = match &*proxy {
+                SocksServerAddress::Ip(tcp) => TcpOrUnixStream::Tcp(TcpStream::connect(tcp).await?),
+                #[cfg(unix)]
+                SocksServerAddress::Unix(unix) => TcpOrUnixStream::Unix(UnixStream::connect(unix).await?),
+            };
+            Ok(tokio_util::compat::TokioAsyncReadCompatExt::compat(Socks5Stream::connect_with_socket(sock, target).await?.into_inner()))
+        }))
+    }
+
+    fn dial_as_listener(
+        &mut self,
+        addr: Multiaddr
+    ) -> Result<Self::Dial, TransportError<Self::Error>> {
+        self.dial(addr)
+    }
+
+    fn poll(
+        self: Pin<&mut Self>,
+        _: &mut Context <'_>
+    ) -> Poll<TransportEvent<Self::ListenerUpgrade, Self::Error>> {
+        Poll::Pending
+    }
+
+    fn address_translation(
+        &self,
+        _: &Multiaddr,
+        _: &Multiaddr
+    ) -> Option<Multiaddr> {None}
+}
+
+#[derive(Debug)]
+pub enum SocksServerAddress {
+    Ip(SocketAddr),
+    #[cfg(unix)]
+    Unix(PathBuf),
+}
+
+impl SocksServerAddress {
+    pub fn transport(self) -> Socks5Transport {
+        tracing::debug!("Using SOCKS5 proxy at {self:?}");
+        Socks5Transport(Arc::new(self))
+    }
+
+    /// Consult `$TOR_SOCKS_{IPC_PATH,HOST+PORT}`
+    ///
+    /// `$TOR_SOCKS_IPC_PATH` is ignored if `cfg(not(unix))`, and takes precedence if `cfg(unix)`.
+    fn from_tor_environment() -> anyhow::Result<Option<Self>> {
+        #[cfg(unix)]
+        if let Some(p) = std::env::var_os("TOR_SOCKS_IPC_PATH") {
+            return Ok(Some(SocksServerAddress::Unix(p.into())));
+        }
+
+        let (Ok(h), Ok(p)) = (std::env::var("TOR_SOCKS_HOST"), std::env::var("TOR_SOCKS_PORT")) else { return Ok(None) };
+        Ok(Some(SocksServerAddress::Ip(SocketAddr::new(h.parse()?, p.parse()?))))
+    }
+}
+
+pub fn existing_tor_config() -> Option<SocksServerAddress> {
     if is_whonix() {
-        Some(todo!(/*RemoteTorClientConfig::from_environment().expect("whonix always has $TOR_... set")*/))
+        Some(SocksServerAddress::from_tor_environment().expect("whonix always has valid $TOR_... variables").expect("whonix always has $TOR_... set"))
     } else {
         None
     }