From b42f536d23ab617ac56fc71f9a7743333ad499ef Mon Sep 17 00:00:00 2001 From: George McCandless <5fk7echy8@riseup.net> Date: Tue, 8 Oct 2019 20:08:42 +0000 Subject: [PATCH] Add a checkbox to the network settings tab that allows restricting outbound connections to onion services (i.e., hosts that end with '.onion'). --- src/bitmessageqt/settings.py | 10 ++++++++++ src/bitmessageqt/settings.ui | 7 +++++++ src/network/connectionchooser.py | 5 +++++ 3 files changed, 22 insertions(+) diff --git a/src/bitmessageqt/settings.py b/src/bitmessageqt/settings.py index 513f285b..982328cc 100644 --- a/src/bitmessageqt/settings.py +++ b/src/bitmessageqt/settings.py @@ -99,6 +99,8 @@ class SettingsDialog(QtGui.QDialog): config.getboolean('bitmessagesettings', 'socksauthentication')) self.checkBoxSocksListen.setChecked( config.getboolean('bitmessagesettings', 'sockslisten')) + self.checkBoxOnionOnly.setChecked( + config.safeGetBoolean('bitmessagesettings', 'onionservicesonly')) proxy_type = config.safeGet( 'bitmessagesettings', 'socksproxytype', 'none') @@ -110,6 +112,7 @@ class SettingsDialog(QtGui.QDialog): self.lineEditSocksPassword.setEnabled(False) self.checkBoxAuthentication.setEnabled(False) self.checkBoxSocksListen.setEnabled(False) + self.checkBoxOnionOnly.setEnabled(False) elif proxy_type == 'SOCKS4a': self.comboBoxProxyType.setCurrentIndex(1) elif proxy_type == 'SOCKS5': @@ -200,11 +203,13 @@ class SettingsDialog(QtGui.QDialog): self.lineEditSocksPassword.setEnabled(False) self.checkBoxAuthentication.setEnabled(False) self.checkBoxSocksListen.setEnabled(False) + self.checkBoxOnionOnly.setEnabled(False) elif comboBoxIndex in (1, 2): self.lineEditSocksHostname.setEnabled(True) self.lineEditSocksPort.setEnabled(True) self.checkBoxAuthentication.setEnabled(True) self.checkBoxSocksListen.setEnabled(True) + self.checkBoxOnionOnly.setEnabled(True) if self.checkBoxAuthentication.isChecked(): self.lineEditSocksUsername.setEnabled(True) self.lineEditSocksPassword.setEnabled(True) @@ -334,6 +339,11 @@ class SettingsDialog(QtGui.QDialog): self.lineEditSocksPassword.text())) self.config.set('bitmessagesettings', 'sockslisten', str( self.checkBoxSocksListen.isChecked())) + if self.checkBoxOnionOnly.isChecked() \ + and not self.config.safeGetBoolean('bitmessagesettings', 'onionservicesonly'): + self.net_restart_needed = True + self.config.set('bitmessagesettings', 'onionservicesonly', str( + self.checkBoxOnionOnly.isChecked())) try: # Rounding to integers just for aesthetics self.config.set('bitmessagesettings', 'maxdownloadrate', str( diff --git a/src/bitmessageqt/settings.ui b/src/bitmessageqt/settings.ui index 307c06c2..963f2e64 100644 --- a/src/bitmessageqt/settings.ui +++ b/src/bitmessageqt/settings.ui @@ -403,6 +403,13 @@ + + + + Only connect to onion services (*.onion) + + + diff --git a/src/network/connectionchooser.py b/src/network/connectionchooser.py index ead8b31b..838ca45d 100644 --- a/src/network/connectionchooser.py +++ b/src/network/connectionchooser.py @@ -26,6 +26,8 @@ def getDiscoveredPeer(): def chooseConnection(stream): haveOnion = BMConfigParser().safeGet( "bitmessagesettings", "socksproxytype")[0:5] == 'SOCKS' + onionOnly = BMConfigParser().safeGetBoolean( + "bitmessagesettings", "onionservicesonly") if state.trustedPeer: return state.trustedPeer try: @@ -49,6 +51,9 @@ def chooseConnection(stream): logger.warning('Error in %s', peer) rating = 0 if haveOnion: + # do not connect to raw IP addresses--keep all traffic within Tor overlay + if onionOnly and not peer.host.endswith('.onion'): + continue # onion addresses have a higher priority when SOCKS if peer.host.endswith('.onion') and rating > 0: rating = 1