Added --no-clearnet-p2p parameter, added TOR documentation

README.md

@@ -60,6 +60,7 @@ Here's the comparison table of the different ways of mining. While pool mining i
 * Advanced mempool picking algorithm, it creates blocks with better reward than what monerod solo mining does
 * Password protected private pools
 * Highly reliable configurations are supported (multiple P2Pool nodes mining to the same wallet, each P2Pool node can use multiple Monero nodes and switch on the fly if an issue is detected)
+* Mining through [TOR](docs/TOR.MD) is fully supported
 
 ## How payouts work in P2Pool
 

docs/COMMAND_LINE.MD

@@ -42,6 +42,7 @@
 --no-stratum-http     Disable HTTP on Stratum ports
 --full-validation     Enables full share validation / increases CPU usage
 --onion-address       Tell other peers to use this .onion address to connect to this node through TOR
+--no-clearnet-p2p     Forces P2P server to listen on 127.0.0.1 and to not connect to clearnet IPs
 ```
 
 ### Example command line

docs/TOR.MD

@@ -0,0 +1,29 @@
+## Running P2Pool with TOR
+
+P2Pool has several command line options that should be used TOR setup:
+
+- `--socks5 IP:port` to spefify your TOR proxy address (usually `127.0.0.1:9050` if you installed TOR on the same PC)
+- `--no-dns` to disable all DNS queries and prevent DNS leaks. P2Pool only every does DNS requests to get a list of seed nodes, to resolve your Monero node's domain (if it's not set as an IP address), and to resolve manually added peers
+- `--no-upnp` to disable UPnP requests (they are sent to your router, so use this option if you are not in your home network)
+- `--onion-address` your hidden service's address (without port number). This address will be broadcasted to other peers when you mine a share in P2Pool. This is to prevent address spamming - you have to mine a real share to be able to broadcast your TOR address
+- `--no-clearnet-p2p` to never connect to clearnet P2Pool nodes. This also makes sure that your P2Pool traffic doesn't exit TOR network (and is not seen/modified by the exit nodes)
+
+## Setting up hidden service for P2Pool (Linux)
+
+- Add these lines to your TOR config in `/etc/tor/torrc`:
+	```
+	HiddenServiceDir /var/lib/tor/p2pool/
+	HiddenServicePort 28722 127.0.0.1:37889
+	```
+	Note that you must use port 28722 as hidden service's port because this is what other peers will use when trying to connect to you. Internal port (37889) should be your actual P2Pool's listening port (37889 for P2Pool-main, 37888 for P2Pool-mini, 37890 for P2Pool-nano)
+- Restart TOR service:
+	```
+	sudo systemctl restart tor.service
+	```
+- If there was no errors, you should now have `/var/lib/tor/p2pool` directory with `hostname` file in it. This file will have your onion address
+- Use this address in P2Pool's command line: `--onion-address ADDRESS_FROM_HOSTNAME_FILE`
+
+## Command line example
+```
+./p2pool --host MONERO_NODE_IP --wallet YOUR_WALLET --socks5 127.0.0.1:9050 --no-dns --no-upnp --onion-address ADDRESS_FROM_HOSTNAME_FILE
+```

src/main.cpp

@@ -107,6 +107,7 @@ void p2pool_usage()
 		"--no-stratum-http     Disable HTTP on Stratum ports\n"
 		"--full-validation     Enables full share validation / increases CPU usage\n"
 		"--onion-address       Tell other peers to use this .onion address to connect to this node through TOR\n"
+		"--no-clearnet-p2p     Forces P2P server to listen on 127.0.0.1 and to not connect to clearnet IPs\n"
 		"--help                Show this help message\n\n"
 		"Example command line:\n\n"
 		"%s --host 127.0.0.1 --rpc-port 18081 --zmq-port 18083 --wallet YOUR_WALLET_ADDRESS --stratum 0.0.0.0:%d --p2p 0.0.0.0:%d\n\n",

src/p2p_server.cpp

@@ -60,7 +60,7 @@ namespace p2pool {
 
 static constexpr hash seed_onion_nodes[] = {
 	from_onion_v3_const("p2pseeds5qoenuuseyuqxhzzefzxpbhiq4z4h5hfbry5dxd5y2fwudyd.onion"),
-	from_onion_v3_const("p2pool2giz2r5cpqicajwoazjcxkfujxswtk3jolfk2ubilhrkqam2id.onion")
+	from_onion_v3_const("p2pseedtwyepi4crkf4akceen4twejcptnsbm6gjmzdfgxua57hiijid.onion")
 };
 
 P2PServer::P2PServer(p2pool* pool)
@@ -282,13 +282,15 @@ void P2PServer::connect_to_peers(const std::string& peer_list)
 	parse_address_list(peer_list,
 		[this](bool is_v6, const std::string& /*address*/, std::string ip, int port)
 		{
+			const Params& params = m_pool->params();
+
 			if (!m_socks5Proxy.empty() && (ip.find_first_not_of("0123456789.:") != std::string::npos)) {
 				// Assume it's a domain name and use the proxy to resolve it
 				if (!connect_to_peer(ip, port)) {
 					LOGERR(5, "connect_to_peers: failed to connect to " << ip);
 				}
 			}
-			else if (!m_pool->params().m_dns || resolve_host(ip, is_v6)) {
+			else if (!params.m_noClearnetP2P && (!params.m_dns || resolve_host(ip, is_v6))) {
 				if (!connect_to_peer(is_v6, ip.c_str(), port)) {
 					LOGERR(5, "connect_to_peers: failed to connect to " << ip);
 				}
@@ -456,16 +458,18 @@ void P2PServer::update_peer_connections()
 	}
 
 	// Try to have at least N outgoing connections (N defaults to 10, can be set via --out-peers command line parameter)
-	while ((num_outgoing < N) && !peer_list.empty()) {
-		const uint64_t k = get_random64() % peer_list.size();
-		const Peer& peer = peer_list[k];
+	if (!m_pool->params().m_noClearnetP2P) {
+		while ((num_outgoing < N) && !peer_list.empty()) {
+			const uint64_t k = get_random64() % peer_list.size();
+			const Peer& peer = peer_list[k];
 
-		if ((connected_clients.find(peer.m_addr) == connected_clients.end()) && connect_to_peer(peer.m_isV6, peer.m_addr, peer.m_port)) {
-			++num_outgoing;
+			if ((connected_clients.find(peer.m_addr) == connected_clients.end()) && connect_to_peer(peer.m_isV6, peer.m_addr, peer.m_port)) {
+				++num_outgoing;
+			}
+
+			peer_list[k] = peer_list.back();
+			peer_list.pop_back();
 		}
-
-		peer_list[k] = peer_list.back();
-		peer_list.pop_back();
 	}
 
 	if (!has_good_peers && ((m_timerCounter % 10) == 0) && (SideChain::network_type() == NetworkType::Mainnet)) {

src/p2pool.cpp

@@ -205,9 +205,16 @@ p2pool::p2pool(int argc, char* argv[])
 
 	m_sideChain = new SideChain(this, type, p->m_mini ? "mini" : (p->m_nano ? "nano" : nullptr));
 
-	if (p->m_p2pAddresses.empty()) {
-		const int p2p_port = m_sideChain->is_mini() ? DEFAULT_P2P_PORT_MINI : (m_sideChain->is_nano() ? DEFAULT_P2P_PORT_NANO : DEFAULT_P2P_PORT);
+	const int p2p_port = m_sideChain->is_mini() ? DEFAULT_P2P_PORT_MINI : (m_sideChain->is_nano() ? DEFAULT_P2P_PORT_NANO : DEFAULT_P2P_PORT);
 
+	if (p->m_noClearnetP2P) {
+		char buf[48] = {};
+		log::Stream s(buf);
+		s << "127.0.0.1:" << p2p_port;
+
+		p->m_p2pAddresses = buf;
+	}
+	else if (p->m_p2pAddresses.empty()) {
 		char buf[48] = {};
 		log::Stream s(buf);
 		s << "[::]:" << p2p_port << ",0.0.0.0:" << p2p_port;

src/params.cpp

@@ -273,6 +273,11 @@ Params::Params(int argc, char* const argv[])
 			ok = true;
 		}
 
+		if (strcmp(argv[i], "--no-clearnet-p2p") == 0) {
+			m_noClearnetP2P = true;
+			ok = true;
+		}
+
 		if (!ok) {
 			// Wait to avoid log messages overlapping with printf() calls and making a mess on screen
 			std::this_thread::sleep_for(std::chrono::milliseconds(10));

src/params.h

@@ -131,6 +131,7 @@ struct Params
 
 	std::string m_onionAddress;
 	hash m_onionPubkey;
+	bool m_noClearnetP2P = false;
 };
 
 } // namespace p2pool