config+server: update usage of lncfg methods to pass in resolver
In this commit, we update all the lncfg methods used to properly pass in a new resolver. This is required in order to ensure that we don't leak our DNS queries if Tor mode is active.
This commit is contained in:
parent
37f56ce976
commit
17399994e4
46
config.go
46
config.go
|
@ -166,20 +166,20 @@ type torConfig struct {
|
||||||
type config struct {
|
type config struct {
|
||||||
ShowVersion bool `short:"V" long:"version" description:"Display version information and exit"`
|
ShowVersion bool `short:"V" long:"version" description:"Display version information and exit"`
|
||||||
|
|
||||||
LndDir string `long:"lnddir" description:"The base directory that contains lnd's data, logs, configuration file, etc."`
|
LndDir string `long:"lnddir" description:"The base directory that contains lnd's data, logs, configuration file, etc."`
|
||||||
ConfigFile string `long:"C" long:"configfile" description:"Path to configuration file"`
|
ConfigFile string `long:"C" long:"configfile" description:"Path to configuration file"`
|
||||||
DataDir string `short:"b" long:"datadir" description:"The directory to store lnd's data within"`
|
DataDir string `short:"b" long:"datadir" description:"The directory to store lnd's data within"`
|
||||||
TLSCertPath string `long:"tlscertpath" description:"Path to write the TLS certificate for lnd's RPC and REST services"`
|
TLSCertPath string `long:"tlscertpath" description:"Path to write the TLS certificate for lnd's RPC and REST services"`
|
||||||
TLSKeyPath string `long:"tlskeypath" description:"Path to write the TLS private key for lnd's RPC and REST services"`
|
TLSKeyPath string `long:"tlskeypath" description:"Path to write the TLS private key for lnd's RPC and REST services"`
|
||||||
TLSExtraIP string `long:"tlsextraip" description:"Adds an extra ip to the generated certificate"`
|
TLSExtraIP string `long:"tlsextraip" description:"Adds an extra ip to the generated certificate"`
|
||||||
TLSExtraDomain string `long:"tlsextradomain" description:"Adds an extra domain to the generated certificate"`
|
TLSExtraDomain string `long:"tlsextradomain" description:"Adds an extra domain to the generated certificate"`
|
||||||
NoMacaroons bool `long:"no-macaroons" description:"Disable macaroon authentication"`
|
NoMacaroons bool `long:"no-macaroons" description:"Disable macaroon authentication"`
|
||||||
AdminMacPath string `long:"adminmacaroonpath" description:"Path to write the admin macaroon for lnd's RPC and REST services if it doesn't exist"`
|
AdminMacPath string `long:"adminmacaroonpath" description:"Path to write the admin macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||||
ReadMacPath string `long:"readonlymacaroonpath" description:"Path to write the read-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
ReadMacPath string `long:"readonlymacaroonpath" description:"Path to write the read-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||||
InvoiceMacPath string `long:"invoicemacaroonpath" description:"Path to the invoice-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
InvoiceMacPath string `long:"invoicemacaroonpath" description:"Path to the invoice-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||||
LogDir string `long:"logdir" description:"Directory to log output."`
|
LogDir string `long:"logdir" description:"Directory to log output."`
|
||||||
MaxLogFiles int `long:"maxlogfiles" description:"Maximum logfiles to keep (0 for no rotation)"`
|
MaxLogFiles int `long:"maxlogfiles" description:"Maximum logfiles to keep (0 for no rotation)"`
|
||||||
MaxLogFileSize int `long:"maxlogfilesize" description:"Maximum logfile size in MB"`
|
MaxLogFileSize int `long:"maxlogfilesize" description:"Maximum logfile size in MB"`
|
||||||
|
|
||||||
// We'll parse these 'raw' string arguments into real net.Addrs in the
|
// We'll parse these 'raw' string arguments into real net.Addrs in the
|
||||||
// loadConfig function. We need to expose the 'raw' strings so the
|
// loadConfig function. We need to expose the 'raw' strings so the
|
||||||
|
@ -193,8 +193,8 @@ type config struct {
|
||||||
RESTListeners []net.Addr
|
RESTListeners []net.Addr
|
||||||
Listeners []net.Addr
|
Listeners []net.Addr
|
||||||
ExternalIPs []net.Addr
|
ExternalIPs []net.Addr
|
||||||
DisableListen bool `long:"nolisten" description:"Disable listening for incoming peer connections"`
|
DisableListen bool `long:"nolisten" description:"Disable listening for incoming peer connections"`
|
||||||
NAT bool `long:"nat" description:"Toggle NAT traversal support (using either UPnP or NAT-PMP) to automatically advertise your external IP address to the network -- NOTE this does not support devices behind multiple NATs"`
|
NAT bool `long:"nat" description:"Toggle NAT traversal support (using either UPnP or NAT-PMP) to automatically advertise your external IP address to the network -- NOTE this does not support devices behind multiple NATs"`
|
||||||
|
|
||||||
DebugLevel string `short:"d" long:"debuglevel" description:"Logging level for all subsystems {trace, debug, info, warn, error, critical} -- You may also specify <subsystem>=<level>,<subsystem2>=<level>,... to set the log level for individual subsystems -- Use show to list available subsystems"`
|
DebugLevel string `short:"d" long:"debuglevel" description:"Logging level for all subsystems {trace, debug, info, warn, error, critical} -- You may also specify <subsystem>=<level>,<subsystem2>=<level>,... to set the log level for individual subsystems -- Use show to list available subsystems"`
|
||||||
|
|
||||||
|
@ -431,25 +431,31 @@ func loadConfig() (*config, error) {
|
||||||
// Validate the Tor config parameters.
|
// Validate the Tor config parameters.
|
||||||
socks, err := lncfg.ParseAddressString(
|
socks, err := lncfg.ParseAddressString(
|
||||||
cfg.Tor.SOCKS, strconv.Itoa(defaultTorSOCKSPort),
|
cfg.Tor.SOCKS, strconv.Itoa(defaultTorSOCKSPort),
|
||||||
|
cfg.net.ResolveTCPAddr,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
cfg.Tor.SOCKS = socks.String()
|
cfg.Tor.SOCKS = socks.String()
|
||||||
|
|
||||||
dns, err := lncfg.ParseAddressString(
|
dns, err := lncfg.ParseAddressString(
|
||||||
cfg.Tor.DNS, strconv.Itoa(defaultTorDNSPort),
|
cfg.Tor.DNS, strconv.Itoa(defaultTorDNSPort),
|
||||||
|
cfg.net.ResolveTCPAddr,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
cfg.Tor.DNS = dns.String()
|
cfg.Tor.DNS = dns.String()
|
||||||
|
|
||||||
control, err := lncfg.ParseAddressString(
|
control, err := lncfg.ParseAddressString(
|
||||||
cfg.Tor.Control, strconv.Itoa(defaultTorControlPort),
|
cfg.Tor.Control, strconv.Itoa(defaultTorControlPort),
|
||||||
|
cfg.net.ResolveTCPAddr,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
cfg.Tor.Control = control.String()
|
cfg.Tor.Control = control.String()
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
case cfg.Tor.V2 && cfg.Tor.V3:
|
case cfg.Tor.V2 && cfg.Tor.V3:
|
||||||
return nil, errors.New("either tor.v2 or tor.v3 can be set, " +
|
return nil, errors.New("either tor.v2 or tor.v3 can be set, " +
|
||||||
|
@ -817,6 +823,7 @@ func loadConfig() (*config, error) {
|
||||||
// duplicate addresses.
|
// duplicate addresses.
|
||||||
cfg.RPCListeners, err = lncfg.NormalizeAddresses(
|
cfg.RPCListeners, err = lncfg.NormalizeAddresses(
|
||||||
cfg.RawRPCListeners, strconv.Itoa(defaultRPCPort),
|
cfg.RawRPCListeners, strconv.Itoa(defaultRPCPort),
|
||||||
|
cfg.net.ResolveTCPAddr,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -826,6 +833,7 @@ func loadConfig() (*config, error) {
|
||||||
// duplicate addresses.
|
// duplicate addresses.
|
||||||
cfg.RESTListeners, err = lncfg.NormalizeAddresses(
|
cfg.RESTListeners, err = lncfg.NormalizeAddresses(
|
||||||
cfg.RawRESTListeners, strconv.Itoa(defaultRESTPort),
|
cfg.RawRESTListeners, strconv.Itoa(defaultRESTPort),
|
||||||
|
cfg.net.ResolveTCPAddr,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -835,6 +843,7 @@ func loadConfig() (*config, error) {
|
||||||
// duplicate addresses.
|
// duplicate addresses.
|
||||||
cfg.Listeners, err = lncfg.NormalizeAddresses(
|
cfg.Listeners, err = lncfg.NormalizeAddresses(
|
||||||
cfg.RawListeners, strconv.Itoa(defaultPeerPort),
|
cfg.RawListeners, strconv.Itoa(defaultPeerPort),
|
||||||
|
cfg.net.ResolveTCPAddr,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -844,6 +853,7 @@ func loadConfig() (*config, error) {
|
||||||
// duplicate addresses.
|
// duplicate addresses.
|
||||||
cfg.ExternalIPs, err = lncfg.NormalizeAddresses(
|
cfg.ExternalIPs, err = lncfg.NormalizeAddresses(
|
||||||
cfg.RawExternalIPs, strconv.Itoa(defaultPeerPort),
|
cfg.RawExternalIPs, strconv.Itoa(defaultPeerPort),
|
||||||
|
cfg.net.ResolveTCPAddr,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -854,7 +864,7 @@ func loadConfig() (*config, error) {
|
||||||
// that.
|
// that.
|
||||||
for _, p2pListener := range cfg.Listeners {
|
for _, p2pListener := range cfg.Listeners {
|
||||||
if lncfg.IsUnix(p2pListener) {
|
if lncfg.IsUnix(p2pListener) {
|
||||||
err := fmt.Errorf("unix socket addresses cannot be " +
|
err := fmt.Errorf("unix socket addresses cannot be "+
|
||||||
"used for the p2p connection listener: %s",
|
"used for the p2p connection listener: %s",
|
||||||
p2pListener)
|
p2pListener)
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -868,7 +878,7 @@ func loadConfig() (*config, error) {
|
||||||
// Due to the addresses being normalized above, we can
|
// Due to the addresses being normalized above, we can
|
||||||
// skip checking the error.
|
// skip checking the error.
|
||||||
host, _, _ := net.SplitHostPort(addr.String())
|
host, _, _ := net.SplitHostPort(addr.String())
|
||||||
if host == "localhost" || host == "127.0.0.1" {
|
if lncfg.IsLoopback(addr) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -399,6 +399,7 @@ func newServer(listenAddrs []net.Addr, chanDB *channeldb.DB, cc *chainControl,
|
||||||
// of this server's addresses.
|
// of this server's addresses.
|
||||||
externalIPs, err := lncfg.NormalizeAddresses(
|
externalIPs, err := lncfg.NormalizeAddresses(
|
||||||
externalIpStrings, strconv.Itoa(defaultPeerPort),
|
externalIpStrings, strconv.Itoa(defaultPeerPort),
|
||||||
|
cfg.net.ResolveTCPAddr,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
Loading…
Reference in New Issue
Block a user