Skip to content

Rpc log ip anonymisation #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
philippem merged 1 commit into from
Jul 7, 2025
Merged

Rpc log ip anonymisation #148

philippem merged 1 commit into from
Jul 7, 2025

Conversation

@rem1-dev
Copy link

@rem1-dev rem1-dev commented Apr 14, 2025
edited
Loading

Introduces mechanism for IP anonymisation in RPC log. It's turned on by providing --electrum-rpc-logging anonymised parameter. Possible set of parameters and a result of executing client request:

echo '{"jsonrpc":"2.0","id":18,"method":"blockchain.scripthash.get_history","params":["6b63eef944d982701eb2d0dbb8ee900f42d8e79fe3d1ea473602c0edc87c34f6"]}' | nc localhost 50001

is following:

--electrum-rpc-logging with-params anonymised
{"event":"rpc request","id":18,"method":"blockchain.scripthash.get_history","params":["6b63eef944d982701eb2d0dbb8ee900f42d8e79fe3d1ea473602c0edc87c34f6"],"source":{"ip":"249e448ff0b4bb71b5ac2472066343f932c047992135c414d4c1012ec3d7e56b","port":51913}}

--electrum-rpc-logging no-params anonymised
{"event":"rpc request","id":18,"method":"blockchain.scripthash.get_history","params":null,"source":{"ip":"46aa0e33aed5391dd3f7b350ac3e7dbb99ab7d3bc7137479d68ee6baef8a04ce","port":51944}}

--electrum-rpc-logging anonymised
{"event":"rpc request","id":18,"method":"blockchain.scripthash.get_history","params":null,"source":{"ip":"d817f783df6de6ae961133b9ba44e01a5aa072a98a547248bc0d67fb89384e8c","port":51969}}

--electrum-rpc-logging with-params
{"event":"rpc request","id":18,"method":"blockchain.scripthash.get_history","params":["6b63eef944d982701eb2d0dbb8ee900f42d8e79fe3d1ea473602c0edc87c34f6"],"source":{"ip":"127.0.0.1","port":51987}}

--electrum-rpc-logging no-params
{"event":"rpc request","id":18,"method":"blockchain.scripthash.get_history","params":null,"source":{"ip":"127.0.0.1","port":52029}}

Anonymisation is using SHA256 hashing with a random salt rotated every 24 hours or electrs restart.

@philippem philippem requested review from RCasatta and shesek April 28, 2025 14:47
RCasatta
RCasatta reviewed Apr 30, 2025
View reviewed changes
philippem
philippem reviewed Jun 19, 2025
View reviewed changes
philippem
philippem reviewed Jun 19, 2025
View reviewed changes
philippem
philippem reviewed Jun 19, 2025
View reviewed changes
philippem
philippem reviewed Jun 20, 2025
View reviewed changes
@rem1-dev
Copy link
Author

rem1-dev commented Jun 23, 2025

@RCasatta does this error mean I need to commit Cargo.lock file too? https://github.com/Blockstream/electrs/actions/runs/15773212485/job/44461876317?pr=148

@rem1-dev
Copy link
Author

rem1-dev commented Jun 24, 2025

@RCasatta does this error mean I need to commit Cargo.lock file too? https://github.com/Blockstream/electrs/actions/runs/15773212485/job/44461876317?pr=148

Yeah that fixed the issue. We can merge it now.

@rem1-dev
Copy link
Author

rem1-dev commented Jun 26, 2025

All conversations are resolved, @philippem @RCasatta can I get an approval please?

RCasatta
RCasatta previously approved these changes Jun 27, 2025
View reviewed changes
Copy link
Collaborator

@RCasatta RCasatta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK a741f23

philippem
philippem approved these changes Jul 5, 2025
View reviewed changes
Copy link
Collaborator

@philippem philippem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tack

RCasatta
RCasatta approved these changes Jul 7, 2025
View reviewed changes
Copy link
Collaborator

@RCasatta RCasatta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utack d53d528

@philippem philippem merged commit 5098e19 into Blockstream:new-index Jul 7, 2025
5 checks passed
@shesek
Copy link
Collaborator

shesek commented Oct 3, 2025

I know I'm late to the party... but this could've been implemented more simply using SHA256(seed || floor(time/(24*3600)) || ip_addr), with a static seed initialized once on startup (e.g. using lazy_static) instead of rotating the seed behind an RwLock.

Also, we could keep the anonymized IP as a Connection field to avoid making a SHA256 operation for each logged message.

If these changes seem desirable, I can make a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@philippem philippem philippem approved these changes

@RCasatta RCasatta RCasatta approved these changes

@shesek shesek Awaiting requested review from shesek

+1 more reviewer

@mario-rei mario-rei mario-rei left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rem1-dev @shesek @philippem @RCasatta @mario-rei