Skip to content

Add proxy and onion support for ckb-network #4733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: develop
Choose a base branch
from
Open

Add proxy and onion support for ckb-network #4733

wants to merge 16 commits into from

Conversation

@eval-exec
Copy link
Collaborator

@eval-exec eval-exec commented Dec 2, 2024
edited
Loading

What problem does this PR solve?

This PR want to add socks5 proxy and onion support for ckb.

Add network.proxy and network.onion config:

# [network.proxy]
### The proxy_url is user-specified. If CKB needs to run behind the Onion network,
### the user should start a Tor server and set proxy_url to the Tor server's address.
### The default Tor SOCKS5 proxy URL is socks5://127.0.0.1:9050.
### For more information on configuring Tor, visit: https://linux.die.net/man/1/tor
# proxy_url = "socks5://127.0.0.1:9050"

### Toggle random authentication for the proxy server.
### Default setting: true
###
### When enabled (true), CKB will generate a random username and password for each connection
### to the proxy server.
### For a Tor Server, this increases privacy by ensuring the proxy cannot correlate
### multiple connections.
### Refer to the 'IsolateSOCKSAuth' section in the following documentation:
### https://manpages.debian.org/testing/tor/torrc.5.en.html
###
### Important Note:
### If you are using a non-Tor SOCKS5 proxy that supports, but does not require authentication,
### enabling this may lead to connection rejections. In such cases, set proxy_random_auth to false.
# proxy_random_auth = true

# [network.onion]
### Enable or disable listening on the Onion network.
### When set to true, CKB will accept incoming connections over Tor.
### You can get the onion listening address in log, or by get_node_info RPC
# listen_on_onion = true

### The onion service will proxy incoming traffic to `p2p_listen_address`.
### If the CKB's peer-to-peer listen address is not set to the default 127.0.0.1
### with the port specified in `[network].listen_addresses` for IPv4, you should configure this field.
# p2p_listen_address = "127.0.0.1:8115"

### The address and port of the Tor SOCKS5 proxy server that CKB will use to establish
### outbound connections to other Onion services. If not set, it will use network.proxy.proxy_url
# onion_server = "127.0.0.1:9050"

### The address and port of the Tor ControlPort, which allows CKB to communicate with
### the Tor process for tasks like creating Onion services.
### Default: "127.0.0.1:9051"
# tor_controller = "127.0.0.1:9051"

### The password for authenticating with the Tor ControlPort.
### This should match the 'HashedControlPassword' set in your Tor configuration.
### Leave empty if no authentication is required.
# tor_password = ""

Start a tor server: tor --SocksPort 9050 --ControlPort 9051, finaly, start the ckb node, if network.onion.listen_on_onion is true, it will auto connect to the tor server, and use tor control port to create onion service.

Related changes

  • Add ProxyConfig and OnionConfig to network config
  • Support socks5 authentication like: socks5://<username>:<password>@server_host:port
  • Support connect to onion ckb node, and listen on the onion hidden network
  • [WIP] Integration test for ckb-onion
    • node1(onion) can succesfully connect node2(node2) in the onion network
    • noode1(onion) can succesfully connect to node2(non-onion)
    • node1(onion) connect node0(onion), node2(onion) connect to node0, expect node1 and node2 can reach each other
    • node1(non-onion) can use [network.proxy] via a normal socks5 proxy
  • ckb-onion related configuration's documentation in ckb.toml

Note:
Need to setup promethues for tor process: https://gitlab.torproject.org/tpo/onion-services/onionprobe

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code ci-runs-only: [ quick_checks,linters ]

Side effects

  • None

Release note 

Title Only: Include only the PR title in the release note.

@eval-exec eval-exec force-pushed the exec/proxy branch 5 times, most recently from fe5d648 to e55f631 Compare December 5, 2024 03:37
@eval-exec
Copy link
Collaborator Author

eval-exec commented Dec 18, 2024

nervosnetwork/tentacle#392

@eval-exec eval-exec force-pushed the exec/proxy branch 10 times, most recently from de239fd to f9f0733 Compare December 24, 2024 06:15
@eval-exec eval-exec mentioned this pull request Dec 30, 2024
Closed
@eval-exec eval-exec force-pushed the exec/proxy branch 3 times, most recently from 587e905 to 865759d Compare December 31, 2024 08:49
@eval-exec eval-exec force-pushed the exec/proxy branch 3 times, most recently from 260c2fe to c0f57bb Compare January 21, 2025 10:45
@eval-exec eval-exec force-pushed the exec/proxy branch 5 times, most recently from 6169766 to 12e27f6 Compare January 24, 2025 06:29
@eval-exec eval-exec requested a review from Copilot October 23, 2025 01:58
Copilot AI reviewed Oct 23, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 45 out of 46 changed files in this pull request and generated 3 comments.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@eval-exec eval-exec force-pushed the exec/proxy branch 2 times, most recently from 5574cc1 to eab98b7 Compare October 23, 2025 03:10
@eval-exec eval-exec requested a review from Copilot October 23, 2025 03:10
Copilot AI reviewed Oct 23, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 45 out of 46 changed files in this pull request and generated no new comments.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

zhangsoledad
zhangsoledad previously approved these changes Oct 23, 2025
View reviewed changes
@eval-exec eval-exec force-pushed the exec/proxy branch 3 times, most recently from 62c611c to 7b7eb12 Compare October 30, 2025 06:48
@eval-exec
ci: add Tor installation to GitHub Actions workflows
baf2d42 
Add Tor package installation to macOS and Windows CI workflows for Tor integration testing.
@eval-exec
ci: add Go toolchain setup to GitHub Actions workflows
591f768 
Add Go toolchain installation to macOS and Ubuntu CI workflows for building obfs4 proxy.
@eval-exec
build: add obfs4 submodule and build targets
f557e36 
Add obfs4 submodule for obfuscation proxy support and Makefile targets for building obfs4proxy.
@eval-exec
deps: add onion/tor dependencies
28395c7 
Add ckb-onion crate and torut dependency for Tor integration, and update tentacle dependencies.
@eval-exec
network: add NetworkAddresses struct for onion addresses
e53f125 
Add NetworkAddresses struct to manage onion addresses alongside regular network addresses.
@eval-exec
network: add proxy URL validation and configuration
951048d 
Add proxy module with URL validation for Tor proxy configuration and error handling.
@eval-exec
config: add onion service configuration handling
810bc72 
Add onion service configuration options to network configuration for Tor integration.
@eval-exec
network: update service builder for proxy support
8a9e535 
Update network service builder to support proxy and onion service configuration.
@eval-exec
feat: add onion crate for Tor integration
84d4d6a 
Add ckb-onion crate for managing onion service integration with Tor network.
@eval-exec
network: update peer store to handle onion addresses
ab70f4f 
Update peer store to properly handle and store onion addresses for Tor network peers.
@eval-exec
network: update identify protocol for onion address sharing
86769ee 
Update identify protocol to properly advertise and discover onion addresses for Tor network peers.
@eval-exec
network: update network state for public address management
571ef9a 
Update network state to manage public addresses including onion addresses for Tor integration.
@eval-exec
config: add onion service configuration options
fb037a5 
Add onion service configuration options to network configuration and update ckb.toml template.
@eval-exec
log: extract modify_logger_filter to mute fast-socks5 log
5da6b3f
@eval-exec
Apply code readbility suggestion
76294bc 
Signed-off-by: Eval EXEC <[email protected]>
@eval-exec
Change MultiAddr to Multiaddr
37719bd 
Signed-off-by: Eval EXEC <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@zhangsoledad zhangsoledad zhangsoledad left review comments

@driftluo driftluo driftluo left review comments

@quake quake Awaiting requested review from quake quake is a code owner automatically assigned from nervosnetwork/ckb-dev

@doitian doitian Awaiting requested review from doitian

@chenyukang chenyukang Awaiting requested review from chenyukang

At least 1 approving review is required to merge this pull request.

Assignees

@eval-exec eval-exec

Labels

m:network

Projects

Kanban
Status: 🏗 In progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@eval-exec @zhangsoledad @driftluo