Bitcoin Forum

I've been working on adding -port= / -rpcport=  command line / config file options to bitcoin.  The idea is to let you run multiple copies of bitcoind on one machine; I need this because I'm planning on having at least two Bitcoin-related web services (the Bitcoin Faucet and a service to be named later), I want them to have completely separate wallets, but I don't want to rent multiple servers to host them.

Usage looks like this:

Satoshi pointed out that allowing bitcoin/bitcoind to run on a non-standard port could be dangerous, because if misconfigured two bitcoins might both open and write to the same database.  To prevent that, the <datadir>/db.log file is used as a lock so only one bitcoin can access the same datadir at a time (uses boost::interprocess::file_lock, which is purported to be cross-platform and well-behaved, even if bitcoin crashes).

Issues that came up as I was doing this:

I left a call to wxSingleInstanceChecker in the Windows GUI code, so no multiple-gui-bitcoins-listening-on-different-ports on Windows.  I don't do Windows...

I didn't bother making the error handling graceful if you point two bitcoins at the same datadir (you get a runtime exception "Cannot lock db.log, is bitcoin already running?").

Patches are at http://pastebin.com/2e4hfXSS (http://pastebin.com/2e4hfXSS); I've only tested on Linux so far, anybody willing to try this on Windows?

If I was a C++ programmer, I would make multiple instances of Bitcoin automatically talk to each other. But then again, I don't know how hard it is to do cross platform interprocess communication. If a data directory was already being used by one instance, then the new instance would be required to use a different data directory. Sure, you probably can make multiple instances share some or all the files in a data directory, but I think it's a bad idea since it the likelihood for little bugs is high, but the likelihood of the likelihood of those being discovered, researched, reported and fixed is low since the feature wouldn't get much exposure. Imagine the mess it will make if somebody starts half a dozen instances. :o

Additionally you could run each client as a different system user.

Nice.  In addition it would be good to have an -ip= option for what address to bind the port.  (rpcport binds to 127.0.0.1 but currently port binds to 0.0.0.0 which is all IP addresses on the machine.  On my multi-homed system I'd like to bind bitcoin to the external address different from the bitcoin(s) that binds to the internal address(es).)

Do you have an updated version of this patch for SVN revision 125? Also, does Bitcoin open the BerkeleyDB as exclusive, precluding the need for a file lock?It does not -- did my own tests.

It does open with DB_PRIVATE.

http://www.oracle.com/technology/documentation/berkeley-db/db/api_reference/C/envopen.html (http://www.oracle.com/technology/documentation/berkeley-db/db/api_reference/C/envopen.html)

Is there a way to open BerkeleyDB exclusive?

DB_PRIVATE is the worst of both worlds.  DB_PRIVATE is not exclusive, but it does make it get screwed up if another process tries to access it at the same time.

I've dropped the DB_PRIVATE flag in rev 153.

What is your intended goal?

If it is to prevent two bitcoin clients from actively using the same database, you'll need to employ application-level protection.  Crude methods of this include a lockfile or "lock" database entry.

If the intention is to prevent all other access, I'd suggest giving up on that goal :)  It is highly useful to permit db4 tools to access db4 databases:
and just as useful to permit read-only accesses by tools such as gavin's bitcointools.

Same here. I have managed to create 2 wallets and two instances of a bitcoin.conf.

both have a different rcport specified in the config (8332 and 8333)

I can start either one of them and it works fine, the web sites using the wallet can connect.

However.... If I start the second bitcoin instance (I'm on windows) the second process grows to about 6 Mb and then just dies.... So each of them wallets runs just fine alone but not together.

Is there any way I can debug to see what happened? I tried switching on options in the config (like noirc and the connect only to...) but it does not seem to make a difference.

Kind regards,

MoneyTree

http://doubletrouble.bitcoinbet.com/

8333 is the hardcoded P2P port.

So I just need to select a different port then? I am confused here because I configured one instance as:

rpcport=8333
rpcconnect=127.0.0.1:8333

and I configured the other instance as:

rpcport=8332
rpcconnect=127.0.0.1:8332


This solution seems to work fine but not when I run both at the same time. (i.e. either one wallet OR the other wallet) I am obviously doing something wrong here but can't figured out what. I trolled through most of the forum posts to look for an answer.

-=-=-=- DOUBLE  TROUBLE =-=-=-=-
http://doubletrouble.bitcoinbet.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Run one instance normally.  It'll listen for incoming bitcoin network connections on port 8333, rpc connections on port 8332, and connect to other nodes.

Run the other instance with a different -datadir, and a bitcoin.conf like this:
nolisten=1
rpcport=7332  (or whatever you like)
noirc=1
connect=127.0.0.1:8333

You'll need to be running the latest source code from github for the nolisten option.

The noirc and connect settings aren't strictly necessary; leave them out and the second instance will make 8 outgoing connections to other bitcoin nodes.  You'll save a little network bandwidth if the nolisten instance only connects to the other node.

I'm running the windows binary from bitcoin.org and am not comfortable compiling my own wallet. :) Is there a timeframe when the nolisten option will be included in the windows binary?

I tried with the current windows version and it does not work. (Either one of the wallets start, second instance grows to 6mb ram usage and then dies before showing the gui) I think this has to do with the listen port of the second instance conflicting with the first?

I am behind a firewall, in which I can open some ports, but not 8333.

Will this function be there in some future versions?

Due to various security/network concerns it will probably never be merged into the mainline Bitcoin version.  You can run a patched bitcoin with -port, but you still won't get incoming connections due to the way clients chose peers to connect to.  You don't strictly need to be able to accept incoming connections for bitcoin to work, it just helps the network if you do, but even if the portoption branch was merged you would still have to be able to make outgoing connections on port 8333.

Am I correct that there is currently no way to change from port 8333 and that this will possibly never be a feature ?

I don't know but arbitrary port selection should be a feature.
imagine if a government outlawed bitcoin usage and forced all their isp's to block port 8333.

Technically, no.  You can change the default port now and it would theoretically work, just very, very poorly. 
But yea, it will probably never be added due to various security/networking concerns about the results of it.  I agree, its a cool idea to add in theory, but there are too many concerns about it and in financial software, thats just unacceptable.

Can you explain which concerns, and why they cannot be addressed? Why would using another port than 8333 be less secure?

I'd say using a fixed port has security/networking problems of its own.

The only potential issue I could find in this topic is this one:
This could be addressed by storing the port number in a configuration file in the same directory as the database (or even *in* the database). One database will only open on one port, effectively protecting it.

Or use some other scheme to make sure only one bitcoin is running on a database at the same time, such as a lock file. This would be even better, as it doesn't depend on TCP rejecting the second bind to the same port

My concerns are more along the lines of potential for DDoSing the network if you have infinite nodes (well 65000 per IP) and sybil attacks.  But those are mostly because I haven't read enough of the networking code to realize all the possibilities (nor do I think anyone really has).  If you spend enough time reading up on net.cpp and can convince people that those aren't a problem, then I'm sure it would get merged.

OK. That sounds pretty serious. These issues will have to be addressed for IPv6 as well, then.

Yea, pretty much, though for IPv6 if you just take a /64 as a single address and ignore anything else from that /64 as a duplicate it might be ok.  Then again, so many of use have /48's from HE so...yea it needs to be thought out.

Well even now with IPv4 there are people with a shitload of IPs (for example botnet owners or ISPs), and that will only get worse. If bitcoin somehow relies on IPs being scarce, this is a pretty big (potential) hole in security.

Yea, the networking code is one of those things that no one has really touched since satoshi...though I don't think either port nor IPs can exploit bitcoin for sybil but I just don't know what kind of numbers would actually be required to pull it off (though it does get much, much easier with IPv6).

I just read in the IRC channel that there is up to one outgoing connection per /16.

https://en.bitcoin.it/wiki/Weaknesses#Cancer_nodes

If that is true, supporting alternate ports won't open Bitcoin up for any more sybil attacks than we have now. You can have 65535 bitcoin instances running on your system, but it will ignore all of them but one.

a) is this information still current, or is there some more up-to-date thread i should be reading instead? (i notice there is an rpcport option in the example bitcoin.conf going around, but no 'port' option).

b) has this functionality made it into the default client, or i still need to find a patched version?

thank you.

Yes
Mainline.

thanks matt, i have more questions now hopefully someone can help :)

c) do i physically need 2 copies of the bitcoind bin? i'm not much of a linux guy but i tried to nohup the 2nd instance of bitcoind from the same physical program file and it doesn't appear to have launched the 2nd process.

d) i was going to ask how to just stop one instance and not both, but if you need 2 physical copies of bitcoind then a simple stop command would make sense.

Why are you trying to run 2 bitcoinds?  There is no reason to run 2 bitcoinds on the public network.

Isn't the answer to that question in the OP?

(to run two separate websites/businesses/wallets on one server at the same time)

maybe i'm just misunderstanding how this is supposed to work...

but can anyone tell me what mainline version number this was first added to? it's not working with 0.3.20 but i guess i should maybe be upgrading anyway.

DONT EVER RUN A CLIENT OLDER THAN 0.3.24, EVER, EVER.
http://forum.bitcoin.org/index.php?topic=21767.msg373830#msg373830 (http://forum.bitcoin.org/index.php?topic=21767.msg373830#msg373830)

honestly i'd like to upgrade but i still haven't found a solution to the missing glibcxx_3.4.11 yet.

/usr/lib/libstdc++.so.6: version `GLIBCXX_3.4.11' not found
/lib/i686/cmov/libc.so.6: version `GLIBC_2.11' not found

so i was able to get this working, one instance running on 8333/8332 and another working on 7333/7332.

But when I tried to stop the 2nd instance, it stopped the first one instead!

/web/sites/.bitcoin1/bitcoind <- this runs on the default ports

/web/sites/.bitcoin2/bitcoind -datadir=/web/sites/.bitcoin2/ <- this runs on 7333

/web/sites/.bitcoin2/bitcoind stop <- this command stops the bitcoin1 instance!

Use

/web/sites/.bitcoin2/bitcoind -datadir=/web/sites/.bitcoin2/ stop

Thanks, will try that...

Funny I tried that switch before, but I put it after the 'stop':

/web/sites/.bitcoin2/bitcoind stop -datadir=/web/sites/.bitcoin2/ <- doesn't work :P

didn't even think to put it first.

You need to specify the -rpcport of the instance you want to stop (probably 7332).

yep, hence using the -datadir switch to point to the secondary bitcoin.conf file... thank you.

Hi guys, I know this thread is very old but it is something I am experiencing right now.

The example conf here is for old versions and I was wondering if you can post one that is suitable for 0.9 +

It doesn't matter which post you select, because at some point in time (around adding the addr messages ad removing IRC) the algo in the bitcoin core for selecting peers to connect to has been fucked up. And ever since then the bitcoin core node intentionally discards peers that are listening at non-default port.

I raised this issue once, but the answer was that it wasn't a bug, but a security feature.
Great feature, BTW - it makes me feel so much more secured! :)

Anyway, if you setup you node to use a different port, you only get incoming connections from non bitcoin core nodes.
Because the bitcoin code node is fucked up and nobody gives a shit about it.

Can you link me to the section of code that discards the peers, i'd like to submit a patch toc change that aspect. Users should be allowed to use whatever port they desire.

That was my thinking from the very beginning. Also because now it's very easy to block bitcoin just by blocking tcp connections on port 8333

Changing it is easy - you just need to remove a bit of code...
But I remember gmaxwell saying that they wouldn't change it, because it would allow for someone to use bitcoin nodes for conducting DDoS attacks on internet servers :)

Not sure where it is now - the code is changing all the time... give me a sec.

It's in net.cpp

Look for:

Great, thanks!!

yeah, it's more like... if it's a nonstandard port, mark it as such, and connect much less frequently....ie: only one nonstandard port connection per day... with a doubling backoffs on failure, and random time to attempt.   this would allow nonstandard ports to exist.   any web server can handle an extra 10k requests evenly spread out through the day, so no risk of ddos.   if this seems to work, and it's useful, and it doesn't turn into a mosh pit on testnet, the levels can be slowly raised to 10 nonstandard peers per day, or whatever.