Skip to content

Commit 9d23891

Browse files
stratospherstratospher
committed
init: add -v2onlyclearnet config option
if this option is set by the user, v1 connections on unencrypted networks like IPV4/IPV6 will be disallowed. Only users with real need are recommended to turn this on because it could risk network partitioning in the unlikely scenario that everyone turns it on.
1 parent 88ca9ac commit 9d23891

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

src/init.cpp

+4
Original file line numberDiff line numberDiff line change
@@ -545,6 +545,7 @@ void SetupServerArgs(ArgsManager& argsman, bool can_listen_ipc)
545545
argsman.AddArg("-i2pacceptincoming", strprintf("Whether to accept inbound I2P connections (default: %i). Ignored if -i2psam is not set. Listening for inbound I2P connections is done through the SAM proxy, not by binding to a local address and port.", DEFAULT_I2P_ACCEPT_INCOMING), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
546546
argsman.AddArg("-onlynet=<net>", "Make automatic outbound connections only to network <net> (" + Join(GetNetworkNames(), ", ") + "). Inbound and manual connections are not affected by this option. It can be specified multiple times to allow multiple networks.", ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
547547
argsman.AddArg("-v2transport", strprintf("Support v2 transport (default: %u)", DEFAULT_V2_TRANSPORT), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
548+
argsman.AddArg("-v2onlyclearnet", strprintf("Disallow outbound v1 connections on IPV4/IPV6 (default: %u). Enable this option only if you really need it. Use -listen=0 to disable inbound connections since they can be unencrypted.", false), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
548549
argsman.AddArg("-peerbloomfilters", strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)", DEFAULT_PEERBLOOMFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
549550
argsman.AddArg("-peerblockfilters", strprintf("Serve compact block filters to peers per BIP 157 (default: %u)", DEFAULT_PEERBLOCKFILTERS), ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION);
550551
argsman.AddArg("-txreconciliation", strprintf("Enable transaction reconciliations per BIP 330 (default: %d)", DEFAULT_TXRECONCILIATION_ENABLE), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::CONNECTION);
@@ -930,6 +931,8 @@ bool AppInitParameterInteraction(const ArgsManager& args)
930931
// Signal NODE_P2P_V2 if BIP324 v2 transport is enabled.
931932
if (args.GetBoolArg("-v2transport", DEFAULT_V2_TRANSPORT)) {
932933
g_local_services = ServiceFlags(g_local_services | NODE_P2P_V2);
934+
} else if (args.GetBoolArg("-v2onlyclearnet", false)) {
935+
return InitError(_("Cannot set -v2onlyclearnet to true when v2transport is disabled."));
933936
}
934937

935938
// Signal NODE_COMPACT_FILTERS if peerblockfilters and basic filters index are both enabled.
@@ -1843,6 +1846,7 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
18431846
connOptions.m_peer_connect_timeout = peer_connect_timeout;
18441847
connOptions.whitelist_forcerelay = args.GetBoolArg("-whitelistforcerelay", DEFAULT_WHITELISTFORCERELAY);
18451848
connOptions.whitelist_relay = args.GetBoolArg("-whitelistrelay", DEFAULT_WHITELISTRELAY);
1849+
connOptions.disable_v1conn_clearnet = args.GetBoolArg("-v2onlyclearnet", false);
18461850

18471851
// Port to bind to if `-bind=addr` is provided without a `:port` suffix.
18481852
const uint16_t default_bind_port =

0 commit comments

Comments
 (0)