Add a checkbox to the network settings tab that allows restricting outbound connections to onion services (i.e., hosts that end with '.onion').

This commit is contained in:
George McCandless 2019-10-08 20:08:42 +00:00
parent f0b4e4ded4
commit b42f536d23
No known key found for this signature in database
GPG Key ID: 62B9F5A4802A74BD
3 changed files with 22 additions and 0 deletions

View File

@ -99,6 +99,8 @@ class SettingsDialog(QtGui.QDialog):
config.getboolean('bitmessagesettings', 'socksauthentication'))
self.checkBoxSocksListen.setChecked(
config.getboolean('bitmessagesettings', 'sockslisten'))
self.checkBoxOnionOnly.setChecked(
config.safeGetBoolean('bitmessagesettings', 'onionservicesonly'))
proxy_type = config.safeGet(
'bitmessagesettings', 'socksproxytype', 'none')
@ -110,6 +112,7 @@ class SettingsDialog(QtGui.QDialog):
self.lineEditSocksPassword.setEnabled(False)
self.checkBoxAuthentication.setEnabled(False)
self.checkBoxSocksListen.setEnabled(False)
self.checkBoxOnionOnly.setEnabled(False)
elif proxy_type == 'SOCKS4a':
self.comboBoxProxyType.setCurrentIndex(1)
elif proxy_type == 'SOCKS5':
@ -200,11 +203,13 @@ class SettingsDialog(QtGui.QDialog):
self.lineEditSocksPassword.setEnabled(False)
self.checkBoxAuthentication.setEnabled(False)
self.checkBoxSocksListen.setEnabled(False)
self.checkBoxOnionOnly.setEnabled(False)
elif comboBoxIndex in (1, 2):
self.lineEditSocksHostname.setEnabled(True)
self.lineEditSocksPort.setEnabled(True)
self.checkBoxAuthentication.setEnabled(True)
self.checkBoxSocksListen.setEnabled(True)
self.checkBoxOnionOnly.setEnabled(True)
if self.checkBoxAuthentication.isChecked():
self.lineEditSocksUsername.setEnabled(True)
self.lineEditSocksPassword.setEnabled(True)
@ -334,6 +339,11 @@ class SettingsDialog(QtGui.QDialog):
self.lineEditSocksPassword.text()))
self.config.set('bitmessagesettings', 'sockslisten', str(
self.checkBoxSocksListen.isChecked()))
if self.checkBoxOnionOnly.isChecked() \
and not self.config.safeGetBoolean('bitmessagesettings', 'onionservicesonly'):
self.net_restart_needed = True
self.config.set('bitmessagesettings', 'onionservicesonly', str(
self.checkBoxOnionOnly.isChecked()))
try:
# Rounding to integers just for aesthetics
self.config.set('bitmessagesettings', 'maxdownloadrate', str(

View File

@ -403,6 +403,13 @@
</property>
</widget>
</item>
<item row="4" column="1" colspan="4">
<widget class="QCheckBox" name="checkBoxOnionOnly">
<property name="text">
<string>Only connect to onion services (*.onion)</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QComboBox" name="comboBoxProxyType">
<item>

View File

@ -26,6 +26,8 @@ def getDiscoveredPeer():
def chooseConnection(stream):
haveOnion = BMConfigParser().safeGet(
"bitmessagesettings", "socksproxytype")[0:5] == 'SOCKS'
onionOnly = BMConfigParser().safeGetBoolean(
"bitmessagesettings", "onionservicesonly")
if state.trustedPeer:
return state.trustedPeer
try:
@ -49,6 +51,9 @@ def chooseConnection(stream):
logger.warning('Error in %s', peer)
rating = 0
if haveOnion:
# do not connect to raw IP addresses--keep all traffic within Tor overlay
if onionOnly and not peer.host.endswith('.onion'):
continue
# onion addresses have a higher priority when SOCKS
if peer.host.endswith('.onion') and rating > 0:
rating = 1