Merge pull request #1262 from guggero/unix-sockets

rpc: add support for unix sockets
This commit is contained in:
Olaoluwa Osuntokun 2018-06-26 18:17:27 -07:00 committed by GitHub
commit 05d1d4e845
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 454 additions and 171 deletions

@ -14,6 +14,7 @@ import (
macaroon "gopkg.in/macaroon.v2"
"github.com/lightningnetwork/lnd/lncfg"
"github.com/lightningnetwork/lnd/lnrpc"
"github.com/lightningnetwork/lnd/macaroons"
"github.com/roasbeef/btcutil"
@ -26,6 +27,8 @@ import (
const (
defaultTLSCertFilename = "tls.cert"
defaultMacaroonFilename = "admin.macaroon"
defaultRpcPort = "10009"
defaultRpcHostPort = "localhost:" + defaultRpcPort
)
var (
@ -143,6 +146,13 @@ func getClientConn(ctx *cli.Context, skipMacaroons bool) *grpc.ClientConn {
opts = append(opts, grpc.WithPerRPCCredentials(cred))
}
// We need to use a custom dialer so we can also connect to unix sockets
// and not just TCP addresses.
opts = append(
opts, grpc.WithDialer(
lncfg.ClientAddressDialer(defaultRpcPort),
),
)
conn, err := grpc.Dial(ctx.GlobalString("rpcserver"), opts...)
if err != nil {
fatal(err)
@ -159,7 +169,7 @@ func main() {
app.Flags = []cli.Flag{
cli.StringFlag{
Name: "rpcserver",
Value: "localhost:10009",
Value: defaultRpcHostPort,
Usage: "host:port of ln daemon",
},
cli.StringFlag{

179
config.go

@ -22,6 +22,7 @@ import (
flags "github.com/jessevdk/go-flags"
"github.com/lightningnetwork/lnd/brontide"
"github.com/lightningnetwork/lnd/htlcswitch/hodl"
"github.com/lightningnetwork/lnd/lncfg"
"github.com/lightningnetwork/lnd/lnwire"
"github.com/lightningnetwork/lnd/tor"
"github.com/roasbeef/btcd/btcec"
@ -179,11 +180,20 @@ type config struct {
LogDir string `long:"logdir" description:"Directory to log output."`
MaxLogFiles int `long:"maxlogfiles" description:"Maximum logfiles to keep (0 for no rotation)"`
MaxLogFileSize int `long:"maxlogfilesize" description:"Maximum logfile size in MB"`
RPCListeners []string `long:"rpclisten" description:"Add an interface/port to listen for RPC connections"`
RESTListeners []string `long:"restlisten" description:"Add an interface/port to listen for REST connections"`
Listeners []string `long:"listen" description:"Add an interface/port to listen for peer connections"`
// We'll parse these 'raw' string arguments into real net.Addrs in the
// loadConfig function. We need to expose the 'raw' strings so the
// command line library can access them.
// Only the parsed net.Addrs should be used!
RawRPCListeners []string `long:"rpclisten" description:"Add an interface/port/socket to listen for RPC connections"`
RawRESTListeners []string `long:"restlisten" description:"Add an interface/port/socket to listen for REST connections"`
RawListeners []string `long:"listen" description:"Add an interface/port to listen for peer connections"`
RawExternalIPs []string `long:"externalip" description:"Add an ip:port to the list of local addresses we claim to listen on to peers. If a port is not specified, the default (9735) will be used regardless of other parameters"`
RPCListeners []net.Addr
RESTListeners []net.Addr
Listeners []net.Addr
ExternalIPs []net.Addr
DisableListen bool `long:"nolisten" description:"Disable listening for incoming peer connections"`
ExternalIPs []string `long:"externalip" description:"Add an ip:port to the list of local addresses we claim to listen on to peers. If a port is not specified, the default (9735) will be used regardless of other parameters"`
NAT bool `long:"nat" description:"Toggle NAT traversal support (using either UPnP or NAT-PMP) to automatically advertise your external IP address to the network -- NOTE this does not support devices behind multiple NATs"`
DebugLevel string `short:"d" long:"debuglevel" description:"Logging level for all subsystems {trace, debug, info, warn, error, critical} -- You may also specify <subsystem>=<level>,<subsystem2>=<level>,... to set the log level for individual subsystems -- Use show to list available subsystems"`
@ -419,15 +429,27 @@ func loadConfig() (*config, error) {
}
// Validate the Tor config parameters.
cfg.Tor.SOCKS = normalizeAddress(
socks, err := lncfg.ParseAddressString(
cfg.Tor.SOCKS, strconv.Itoa(defaultTorSOCKSPort),
)
cfg.Tor.DNS = normalizeAddress(
if err != nil {
return nil, err
}
cfg.Tor.SOCKS = socks.String()
dns, err := lncfg.ParseAddressString(
cfg.Tor.DNS, strconv.Itoa(defaultTorDNSPort),
)
cfg.Tor.Control = normalizeAddress(
if err != nil {
return nil, err
}
cfg.Tor.DNS = dns.String()
control, err := lncfg.ParseAddressString(
cfg.Tor.Control, strconv.Itoa(defaultTorControlPort),
)
if err != nil {
return nil, err
}
cfg.Tor.Control = control.String()
switch {
case cfg.Tor.V2 && cfg.Tor.V3:
return nil, errors.New("either tor.v2 or tor.v3 can be set, " +
@ -735,8 +757,8 @@ func loadConfig() (*config, error) {
// Initialize logging at the default logging level.
initLogRotator(
filepath.Join(cfg.LogDir, defaultLogFilename), cfg.MaxLogFileSize,
cfg.MaxLogFiles,
filepath.Join(cfg.LogDir, defaultLogFilename),
cfg.MaxLogFileSize, cfg.MaxLogFiles,
)
// Parse, validate, and set debug log level(s).
@ -747,33 +769,39 @@ func loadConfig() (*config, error) {
return nil, err
}
// At least one RPCListener is required.
if len(cfg.RPCListeners) == 0 {
// At least one RPCListener is required. So listen on localhost per
// default.
if len(cfg.RawRPCListeners) == 0 {
addr := fmt.Sprintf("localhost:%d", defaultRPCPort)
cfg.RPCListeners = append(cfg.RPCListeners, addr)
cfg.RawRPCListeners = append(cfg.RawRPCListeners, addr)
}
// Listen on the default interface/port if no REST listeners were
// specified.
if len(cfg.RESTListeners) == 0 {
// Listen on localhost if no REST listeners were specified.
if len(cfg.RawRESTListeners) == 0 {
addr := fmt.Sprintf("localhost:%d", defaultRESTPort)
cfg.RESTListeners = append(cfg.RESTListeners, addr)
cfg.RawRESTListeners = append(cfg.RawRESTListeners, addr)
}
// Listen on the default interface/port if no listeners were specified.
if len(cfg.Listeners) == 0 {
// An empty address string means default interface/address, which on
// most unix systems is the same as 0.0.0.0.
if len(cfg.RawListeners) == 0 {
addr := fmt.Sprintf(":%d", defaultPeerPort)
cfg.Listeners = append(cfg.Listeners, addr)
cfg.RawListeners = append(cfg.RawListeners, addr)
}
// For each of the RPC listeners (REST+gRPC), we'll ensure that users
// have specified a safe combo for authentication. If not, we'll bail
// out with an error.
err := enforceSafeAuthentication(cfg.RPCListeners, !cfg.NoMacaroons)
err = lncfg.EnforceSafeAuthentication(
cfg.RPCListeners, !cfg.NoMacaroons,
)
if err != nil {
return nil, err
}
err = enforceSafeAuthentication(cfg.RESTListeners, !cfg.NoMacaroons)
err = lncfg.EnforceSafeAuthentication(
cfg.RESTListeners, !cfg.NoMacaroons,
)
if err != nil {
return nil, err
}
@ -787,27 +815,51 @@ func loadConfig() (*config, error) {
// Add default port to all RPC listener addresses if needed and remove
// duplicate addresses.
cfg.RPCListeners = normalizeAddresses(
cfg.RPCListeners, strconv.Itoa(defaultRPCPort),
cfg.RPCListeners, err = lncfg.NormalizeAddresses(
cfg.RawRPCListeners, strconv.Itoa(defaultRPCPort),
)
if err != nil {
return nil, err
}
// Add default port to all REST listener addresses if needed and remove
// duplicate addresses.
cfg.RESTListeners = normalizeAddresses(
cfg.RESTListeners, strconv.Itoa(defaultRESTPort),
cfg.RESTListeners, err = lncfg.NormalizeAddresses(
cfg.RawRESTListeners, strconv.Itoa(defaultRESTPort),
)
if err != nil {
return nil, err
}
// Add default port to all listener addresses if needed and remove
// duplicate addresses.
cfg.Listeners = normalizeAddresses(
cfg.Listeners, strconv.Itoa(defaultPeerPort),
cfg.Listeners, err = lncfg.NormalizeAddresses(
cfg.RawListeners, strconv.Itoa(defaultPeerPort),
)
if err != nil {
return nil, err
}
// Add default port to all external IP addresses if needed and remove
// duplicate addresses.
cfg.ExternalIPs = normalizeAddresses(
cfg.ExternalIPs, strconv.Itoa(defaultPeerPort),
cfg.ExternalIPs, err = lncfg.NormalizeAddresses(
cfg.RawExternalIPs, strconv.Itoa(defaultPeerPort),
)
if err != nil {
return nil, err
}
// For the p2p port it makes no sense to listen to an Unix socket.
// Also, we would need to refactor the brontide listener to support
// that.
for _, p2pListener := range cfg.Listeners {
if lncfg.IsUnix(p2pListener) {
err := fmt.Errorf("unix socket addresses cannot be " +
"used for the p2p connection listener: %s",
p2pListener)
return nil, err
}
}
// Finally, ensure that we are only listening on localhost if Tor
// inbound support is enabled.
@ -815,7 +867,7 @@ func loadConfig() (*config, error) {
for _, addr := range cfg.Listeners {
// Due to the addresses being normalized above, we can
// skip checking the error.
host, _, _ := net.SplitHostPort(addr)
host, _, _ := net.SplitHostPort(addr.String())
if host == "localhost" || host == "127.0.0.1" {
continue
}
@ -1199,75 +1251,6 @@ func extractBitcoindRPCParams(bitcoindConfigPath string) (string, string, string
string(zmqPathSubmatches[1]), nil
}
// normalizeAddresses returns a new slice with all the passed addresses
// normalized with the given default port and all duplicates removed.
func normalizeAddresses(addrs []string, defaultPort string) []string {
result := make([]string, 0, len(addrs))
seen := map[string]struct{}{}
for _, addr := range addrs {
addr = normalizeAddress(addr, defaultPort)
if _, ok := seen[addr]; !ok {
result = append(result, addr)
seen[addr] = struct{}{}
}
}
return result
}
// normalizeAddress normalizes an address by either setting a missing host to
// localhost or missing port to the default port.
func normalizeAddress(addr, defaultPort string) string {
if _, _, err := net.SplitHostPort(addr); err != nil {
// If the address is an integer, then we assume it is *only* a
// port and default to binding to that port on localhost.
if _, err := strconv.Atoi(addr); err == nil {
return net.JoinHostPort("localhost", addr)
}
// Otherwise, the address only contains the host so we'll use
// the default port.
return net.JoinHostPort(addr, defaultPort)
}
return addr
}
// enforceSafeAuthentication enforces "safe" authentication taking into account
// the interfaces that the RPC servers are listening on, and if macaroons are
// activated or not. To project users from using dangerous config combinations,
// we'll prevent disabling authentication if the sever is listening on a public
// interface.
func enforceSafeAuthentication(addrs []string, macaroonsActive bool) error {
isLoopback := func(addr string) bool {
loopBackAddrs := []string{"localhost", "127.0.0.1", "[::1]"}
for _, loopback := range loopBackAddrs {
if strings.Contains(addr, loopback) {
return true
}
}
return false
}
// We'll now examine all addresses that this RPC server is listening
// on. If it's a localhost address, we'll skip it, otherwise, we'll
// return an error if macaroons are inactive.
for _, addr := range addrs {
if isLoopback(addr) {
continue
}
if !macaroonsActive {
return fmt.Errorf("Detected RPC server listening on "+
"publicly reachable interface %v with "+
"authentication disabled! Refusing to start with "+
"--no-macaroons specified.", addr)
}
}
return nil
}
// normalizeNetwork returns the common name of a network type used to create
// file paths. This allows differently versioned networks to use the same path.
func normalizeNetwork(network string) string {

161
lncfg/address.go Normal file

@ -0,0 +1,161 @@
package lncfg
import (
"time"
"net"
"fmt"
"crypto/tls"
"strings"
)
var (
loopBackAddrs = []string{"localhost", "127.0.0.1", "[::1]"}
)
// NormalizeAddresses returns a new slice with all the passed addresses
// normalized with the given default port and all duplicates removed.
func NormalizeAddresses(addrs []string,
defaultPort string) ([]net.Addr, error) {
result := make([]net.Addr, 0, len(addrs))
seen := map[string]struct{}{}
for _, strAddr := range addrs {
addr, err := ParseAddressString(strAddr, defaultPort)
if err != nil {
return nil, err
}
if _, ok := seen[addr.String()]; !ok {
result = append(result, addr)
seen[addr.String()] = struct{}{}
}
}
return result, nil
}
// EnforceSafeAuthentication enforces "safe" authentication taking into account
// the interfaces that the RPC servers are listening on, and if macaroons are
// activated or not. To protect users from using dangerous config combinations,
// we'll prevent disabling authentication if the sever is listening on a public
// interface.
func EnforceSafeAuthentication(addrs []net.Addr, macaroonsActive bool) error {
// We'll now examine all addresses that this RPC server is listening
// on. If it's a localhost address, we'll skip it, otherwise, we'll
// return an error if macaroons are inactive.
for _, addr := range addrs {
if IsLoopback(addr) || IsUnix(addr) {
continue
}
if !macaroonsActive {
return fmt.Errorf("Detected RPC server listening on "+
"publicly reachable interface %v with "+
"authentication disabled! Refusing to start "+
"with --no-macaroons specified.", addr)
}
}
return nil
}
// ListenOnAddress creates a listener that listens on the given
// address.
func ListenOnAddress(addr net.Addr) (net.Listener, error) {
return net.Listen(addr.Network(), addr.String())
}
// TlsListenOnAddress creates a TLS listener that listens on the given
// address.
func TlsListenOnAddress(addr net.Addr,
config *tls.Config) (net.Listener, error) {
return tls.Listen(addr.Network(), addr.String(), config)
}
// IsLoopback returns true if an address describes a loopback interface.
func IsLoopback(addr net.Addr) bool {
for _, loopback := range loopBackAddrs {
if strings.Contains(addr.String(), loopback) {
return true
}
}
return false
}
// isUnix returns true if an address describes an Unix socket address.
func IsUnix(addr net.Addr) bool {
return strings.HasPrefix(addr.Network(), "unix")
}
// ParseAddressString converts an address in string format to a net.Addr that is
// compatible with lnd. UDP is not supported because lnd needs reliable
// connections.
func ParseAddressString(strAddress string,
defaultPort string) (net.Addr, error) {
var parsedNetwork, parsedAddr string
// Addresses can either be in network://address:port format or only
// address:port. We want to support both.
if strings.Contains(strAddress, "://") {
parts := strings.Split(strAddress, "://")
parsedNetwork, parsedAddr = parts[0], parts[1]
} else if strings.Contains(strAddress, ":") {
parts := strings.Split(strAddress, ":")
parsedNetwork = parts[0]
parsedAddr = strings.Join(parts[1:], ":")
}
// Only TCP and Unix socket addresses are valid. We can't use IP or
// UDP only connections for anything we do in lnd.
switch parsedNetwork {
case "unix", "unixpacket":
return net.ResolveUnixAddr(parsedNetwork, parsedAddr)
case "tcp", "tcp4", "tcp6":
return net.ResolveTCPAddr(parsedNetwork,
verifyPort(parsedAddr, defaultPort))
case "ip", "ip4", "ip6", "udp", "udp4", "udp6", "unixgram":
return nil, fmt.Errorf("only TCP or unix socket "+
"addresses are supported: %s", parsedAddr)
default:
// There was no network specified, just try to parse as host
// and port.
return net.ResolveTCPAddr(
"tcp", verifyPort(strAddress, defaultPort),
)
}
}
// verifyPort makes sure that an address string has both a host and a port.
// If there is no port found, the default port is appended.
func verifyPort(strAddress string, defaultPort string) string {
host, port, err := net.SplitHostPort(strAddress)
if err != nil {
// If we already have an IPv6 address with brackets, don't use
// the JoinHostPort function, since it will always add a pair
// of brackets too.
if strings.HasPrefix(strAddress, "[") {
strAddress = strAddress + ":" + defaultPort
} else {
strAddress = net.JoinHostPort(strAddress, defaultPort)
}
} else if host == "" && port == "" {
// The string ':' is parsed as valid empty host and empty port.
// But in that case, we want the default port to be applied too.
strAddress = ":" + defaultPort
}
return strAddress
}
// ClientAddressDialer creates a gRPC dialer that can also dial unix socket
// addresses instead of just TCP addresses.
func ClientAddressDialer(defaultPort string) func(string,
time.Duration) (net.Conn, error) {
return func(addr string, timeout time.Duration) (net.Conn, error) {
parsedAddr, err := ParseAddressString(addr, defaultPort)
if err != nil {
return nil, err
}
return net.DialTimeout(parsedAddr.Network(),
parsedAddr.String(), timeout)
}
}

99
lncfg/address_test.go Normal file

@ -0,0 +1,99 @@
// +build !rpctest
package lncfg
import "testing"
// addressTest defines a test vector for an address that contains the non-
// normalized input and the expected normalized output.
type addressTest struct {
address string
expectedNetwork string
expectedAddress string
isLoopback bool
isUnix bool
}
var (
defaultTestPort = "1234"
addressTestVectors = []addressTest{
{"tcp://127.0.0.1:9735", "tcp", "127.0.0.1:9735", true, false},
{"tcp:127.0.0.1:9735", "tcp", "127.0.0.1:9735", true, false},
{"127.0.0.1:9735", "tcp", "127.0.0.1:9735", true, false},
{":9735", "tcp", ":9735", false, false},
{"", "tcp", ":1234", false, false},
{":", "tcp", ":1234", false, false},
{"tcp4://127.0.0.1:9735", "tcp", "127.0.0.1:9735", true, false},
{"tcp4:127.0.0.1:9735", "tcp", "127.0.0.1:9735", true, false},
{"127.0.0.1", "tcp", "127.0.0.1:1234", true, false},
{"[::1]", "tcp", "[::1]:1234", true, false},
{"::1", "tcp", "[::1]:1234", true, false},
{"tcp6://::1", "tcp", "[::1]:1234", true, false},
{"tcp6:::1", "tcp", "[::1]:1234", true, false},
{"localhost:9735", "tcp", "127.0.0.1:9735", true, false},
{"localhost", "tcp", "127.0.0.1:1234", true, false},
{"unix:///tmp/lnd.sock", "unix", "/tmp/lnd.sock", false, true},
{"unix:/tmp/lnd.sock", "unix", "/tmp/lnd.sock", false, true},
}
invalidTestVectors = []string{
"some string",
"://",
"12.12.12",
"123",
}
)
// TestAddresses ensures that all supported address formats can be parsed and
// normalized correctly.
func TestAddresses(t *testing.T) {
// First, test all correct addresses.
for _, testVector := range addressTestVectors {
addr := []string{testVector.address}
normalized, err := NormalizeAddresses(addr, defaultTestPort)
if err != nil {
t.Fatalf("unable to normalize address %s: %v",
testVector.address, err)
}
netAddr := normalized[0]
if err != nil {
t.Fatalf("unable to split normalized address: %v", err)
}
if netAddr.Network() != testVector.expectedNetwork ||
netAddr.String() != testVector.expectedAddress {
t.Fatalf(
"mismatched address: expected %s://%s, got "+
"%s://%s",
testVector.expectedNetwork,
testVector.expectedAddress,
netAddr.Network(), netAddr.String(),
)
}
isAddrLoopback := IsLoopback(normalized[0])
if testVector.isLoopback != isAddrLoopback {
t.Fatalf(
"mismatched loopback detection: expected "+
"%v, got %v for addr %s",
testVector.isLoopback, isAddrLoopback,
testVector.address,
)
}
isAddrUnix := IsUnix(normalized[0])
if testVector.isUnix != isAddrUnix {
t.Fatalf(
"mismatched unix detection: expected "+
"%v, got %v for addr %s",
testVector.isUnix, isAddrUnix,
testVector.address,
)
}
}
// Finally, test invalid inputs to see if they are handled correctly.
for _, testVector := range invalidTestVectors {
addr := []string{testVector}
_, err := NormalizeAddresses(addr, defaultTestPort)
if err == nil {
t.Fatalf("expected error when parsing %v", testVector)
}
}
}

62
lnd.go

@ -38,6 +38,7 @@ import (
"github.com/lightningnetwork/lnd/autopilot"
"github.com/lightningnetwork/lnd/channeldb"
"github.com/lightningnetwork/lnd/keychain"
"github.com/lightningnetwork/lnd/lncfg"
"github.com/lightningnetwork/lnd/lnrpc"
"github.com/lightningnetwork/lnd/lnwallet"
"github.com/lightningnetwork/lnd/lnwallet/btcwallet"
@ -522,9 +523,11 @@ func lndMain() error {
// Next, Start the gRPC server listening for HTTP/2 connections.
for _, listener := range cfg.RPCListeners {
lis, err := net.Listen("tcp", listener)
lis, err := lncfg.ListenOnAddress(listener)
if err != nil {
ltndLog.Errorf("RPC server unable to listen on %s", listener)
ltndLog.Errorf(
"RPC server unable to listen on %s", listener,
)
return err
}
defer lis.Close()
@ -536,21 +539,25 @@ func lndMain() error {
// Finally, start the REST proxy for our gRPC server above.
mux := proxy.NewServeMux()
err = lnrpc.RegisterLightningHandlerFromEndpoint(ctx, mux,
cfg.RPCListeners[0], proxyOpts)
err = lnrpc.RegisterLightningHandlerFromEndpoint(
ctx, mux, cfg.RPCListeners[0].String(), proxyOpts,
)
if err != nil {
return err
}
for _, restEndpoint := range cfg.RESTListeners {
listener, err := tls.Listen("tcp", restEndpoint, tlsConf)
lis, err := lncfg.TlsListenOnAddress(restEndpoint, tlsConf)
if err != nil {
ltndLog.Errorf("gRPC proxy unable to listen on %s", restEndpoint)
ltndLog.Errorf(
"gRPC proxy unable to listen on %s",
restEndpoint,
)
return err
}
defer listener.Close()
defer lis.Close()
go func() {
rpcsLog.Infof("gRPC proxy started at %s", listener.Addr())
http.Serve(listener, mux)
rpcsLog.Infof("gRPC proxy started at %s", lis.Addr())
http.Serve(lis, mux)
}()
}
@ -735,6 +742,10 @@ func genCertPair(certFile, keyFile string) error {
dnsNames = append(dnsNames, cfg.TLSExtraDomain)
}
// Also add fake hostnames for unix sockets, otherwise hostname
// verification will fail in the client.
dnsNames = append(dnsNames, "unix", "unixpacket")
// Generate a private key for the certificate.
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
@ -883,7 +894,7 @@ type WalletUnlockParams struct {
// waitForWalletPassword will spin up gRPC and REST endpoints for the
// WalletUnlocker server, and block until a password is provided by
// the user to this RPC server.
func waitForWalletPassword(grpcEndpoints, restEndpoints []string,
func waitForWalletPassword(grpcEndpoints, restEndpoints []net.Addr,
serverOpts []grpc.ServerOption, proxyOpts []grpc.DialOption,
tlsConf *tls.Config) (*WalletUnlockParams, error) {
@ -916,17 +927,22 @@ func waitForWalletPassword(grpcEndpoints, restEndpoints []string,
for _, grpcEndpoint := range grpcEndpoints {
// Start a gRPC server listening for HTTP/2 connections, solely
// used for getting the encryption password from the client.
lis, err := net.Listen("tcp", grpcEndpoint)
lis, err := lncfg.ListenOnAddress(grpcEndpoint)
if err != nil {
ltndLog.Errorf("password RPC server unable to listen on %s",
grpcEndpoint)
ltndLog.Errorf(
"password RPC server unable to listen on %s",
grpcEndpoint,
)
return nil, err
}
defer lis.Close()
wg.Add(1)
go func() {
rpcsLog.Infof("password RPC server listening on %s", lis.Addr())
rpcsLog.Infof(
"password RPC server listening on %s",
lis.Addr(),
)
wg.Done()
grpcServer.Serve(lis)
}()
@ -939,8 +955,9 @@ func waitForWalletPassword(grpcEndpoints, restEndpoints []string,
mux := proxy.NewServeMux()
err := lnrpc.RegisterWalletUnlockerHandlerFromEndpoint(ctx, mux,
grpcEndpoints[0], proxyOpts)
err := lnrpc.RegisterWalletUnlockerHandlerFromEndpoint(
ctx, mux, grpcEndpoints[0].String(), proxyOpts,
)
if err != nil {
return nil, err
}
@ -948,17 +965,22 @@ func waitForWalletPassword(grpcEndpoints, restEndpoints []string,
srv := &http.Server{Handler: mux}
for _, restEndpoint := range restEndpoints {
lis, err := tls.Listen("tcp", restEndpoint, tlsConf)
lis, err := lncfg.TlsListenOnAddress(restEndpoint, tlsConf)
if err != nil {
ltndLog.Errorf("password gRPC proxy unable to listen on %s",
restEndpoint)
ltndLog.Errorf(
"password gRPC proxy unable to listen on %s",
restEndpoint,
)
return nil, err
}
defer lis.Close()
wg.Add(1)
go func() {
rpcsLog.Infof("password gRPC proxy started at %s", lis.Addr())
rpcsLog.Infof(
"password gRPC proxy started at %s",
lis.Addr(),
)
wg.Done()
srv.Serve(lis)
}()

@ -38,7 +38,7 @@
; Path to write the read-only macaroon for lnd's RPC and REST services if it
; doesn't exist. This can be set if one wishes to store the read-only macaroon
; in a distinct location. The read only macaroon allows users which can read
; the file to access RPC's which don't modify the state of the daemon.
; the file to access RPCs which don't modify the state of the daemon.
; readonlymacaroonpath=~/.lnd/readonly.macaroon
@ -61,6 +61,8 @@
; On ipv4 localhost port 10009 and ipv6 port 10010:
; rpclisten=localhost:10009
; rpclisten=[::1]:10010
; On an Unix socket:
; rpclisten=unix:///var/run/lnd/lnd-rpclistener.sock
; Specify the interfaces to listen on for REST connections. One listen
; address per line.
@ -69,6 +71,8 @@
; On ipv4 localhost port 80 and 443:
; restlisten=localhost:80
; restlisten=localhost:443
; On an Unix socket:
; restlisten=unix:///var/run/lnd-restlistener.sock
; Adding an external IP will advertise your node to the network. This signals

@ -24,6 +24,7 @@ import (
"github.com/lightningnetwork/lnd/contractcourt"
"github.com/lightningnetwork/lnd/discovery"
"github.com/lightningnetwork/lnd/htlcswitch"
"github.com/lightningnetwork/lnd/lncfg"
"github.com/lightningnetwork/lnd/lnpeer"
"github.com/lightningnetwork/lnd/lnrpc"
"github.com/lightningnetwork/lnd/lnwallet"
@ -85,7 +86,7 @@ type server struct {
// listenAddrs is the list of addresses the server is currently
// listening on.
listenAddrs []string
listenAddrs []net.Addr
// torController is a client that will communicate with a locally
// running Tor server. This client will handle initiating and
@ -207,17 +208,19 @@ func parseAddr(address string) (net.Addr, error) {
// newServer creates a new instance of the server which is to listen using the
// passed listener address.
func newServer(listenAddrs []string, chanDB *channeldb.DB, cc *chainControl,
func newServer(listenAddrs []net.Addr, chanDB *channeldb.DB, cc *chainControl,
privKey *btcec.PrivateKey) (*server, error) {
var err error
listeners := make([]net.Listener, len(listenAddrs))
for i, addr := range listenAddrs {
for i, listenAddr := range listenAddrs {
// Note: though brontide.NewListener uses ResolveTCPAddr, it
// doesn't need to call the general lndResolveTCP function
// since we are resolving a local address.
listeners[i], err = brontide.NewListener(privKey, addr)
listeners[i], err = brontide.NewListener(
privKey, listenAddr.String(),
)
if err != nil {
return nil, err
}
@ -363,14 +366,17 @@ func newServer(listenAddrs []string, chanDB *channeldb.DB, cc *chainControl,
// If we were requested to automatically configure port forwarding,
// we'll use the ports that the server will be listening on.
externalIPs := cfg.ExternalIPs
externalIpStrings := make([]string, len(cfg.ExternalIPs))
for idx, ip := range cfg.ExternalIPs {
externalIpStrings[idx] = ip.String()
}
if s.natTraversal != nil {
listenPorts := make([]uint16, 0, len(listenAddrs))
for _, listenAddr := range listenAddrs {
// At this point, the listen addresses should have
// already been normalized, so it's safe to ignore the
// errors.
_, portStr, _ := net.SplitHostPort(listenAddr)
_, portStr, _ := net.SplitHostPort(listenAddr.String())
port, _ := strconv.Atoi(portStr)
listenPorts = append(listenPorts, uint16(port))
@ -385,23 +391,21 @@ func newServer(listenAddrs []string, chanDB *channeldb.DB, cc *chainControl,
srvrLog.Infof("Automatically set up port forwarding "+
"using %s to advertise external IP",
s.natTraversal.Name())
externalIPs = append(externalIPs, ips...)
externalIpStrings = append(externalIpStrings, ips...)
}
}
// If external IP addresses have been specified, add those to the list
// of this server's addresses.
externalIPs = normalizeAddresses(
externalIPs, strconv.Itoa(defaultPeerPort),
externalIPs, err := lncfg.NormalizeAddresses(
externalIpStrings, strconv.Itoa(defaultPeerPort),
)
selfAddrs := make([]net.Addr, 0, len(externalIPs))
for _, ip := range cfg.ExternalIPs {
addr, err := parseAddr(ip)
if err != nil {
return nil, err
}
selfAddrs = append(selfAddrs, addr)
selfAddrs := make([]net.Addr, 0, len(externalIPs))
for _, ip := range cfg.ExternalIPs {
selfAddrs = append(selfAddrs, ip)
}
// If we were requested to route connections through Tor and to
@ -881,7 +885,7 @@ func (s *server) watchExternalIP() {
// them when detecting a new IP.
ipsSetByUser := make(map[string]struct{})
for _, ip := range cfg.ExternalIPs {
ipsSetByUser[ip] = struct{}{}
ipsSetByUser[ip.String()] = struct{}{}
}
forwardedPorts := s.natTraversal.ForwardedPorts()
@ -1246,7 +1250,7 @@ func (s *server) initTorController() error {
for _, listenAddr := range s.listenAddrs {
// At this point, the listen addresses should have already been
// normalized, so it's safe to ignore the errors.
_, portStr, _ := net.SplitHostPort(listenAddr)
_, portStr, _ := net.SplitHostPort(listenAddr.String())
port, _ := strconv.Atoi(portStr)
listenPorts[port] = struct{}{}
}