From 3bb1733fa2ee9de20af588932e2c2689b3ac2b1e Mon Sep 17 00:00:00 2001 From: Wilmer Paulino Date: Sun, 29 Apr 2018 00:44:55 -0400 Subject: [PATCH] discovery+server: use network-specific functions for fallback SRV lookup In this commit, we fix a bug where a fallback SRV lookup would leak information if `lnd` was set to route connections over Tor. We solve this by using the network-specific functions rather than the standard ones found in the `net` package. --- discovery/bootstrapper.go | 36 +++++++++++++++++------------------- server.go | 10 ++-------- 2 files changed, 19 insertions(+), 27 deletions(-) diff --git a/discovery/bootstrapper.go b/discovery/bootstrapper.go index aed159fb..96695fb6 100644 --- a/discovery/bootstrapper.go +++ b/discovery/bootstrapper.go @@ -12,6 +12,7 @@ import ( "github.com/davecgh/go-spew/spew" "github.com/lightningnetwork/lnd/autopilot" "github.com/lightningnetwork/lnd/lnwire" + "github.com/lightningnetwork/lnd/tor" "github.com/miekg/dns" "github.com/roasbeef/btcd/btcec" "github.com/roasbeef/btcutil/bech32" @@ -246,9 +247,8 @@ type DNSSeedBootstrapper struct { // in the tuple is a special A record that we'll query in order to // receive the IP address of the current authoritative DNS server for // the network seed. - dnsSeeds [][2]string - lookupHost func(string) ([]string, error) - lookupSRV func(string, string, string) (string, []*net.SRV, error) + dnsSeeds [][2]string + net tor.Net } // A compile time assertion to ensure that DNSSeedBootstrapper meets the @@ -262,14 +262,8 @@ var _ NetworkPeerBootstrapper = (*ChannelGraphBootstrapper)(nil) // used as a fallback for manual TCP resolution in the case of an error // receiving the UDP response. The second host should return a single A record // with the IP address of the authoritative name server. -func NewDNSSeedBootstrapper(seeds [][2]string, lookupHost func(string) ([]string, error), - lookupSRV func(string, string, string) (string, []*net.SRV, error)) ( - NetworkPeerBootstrapper, error) { - return &DNSSeedBootstrapper{ - dnsSeeds: seeds, - lookupHost: lookupHost, - lookupSRV: lookupSRV, - }, nil +func NewDNSSeedBootstrapper(seeds [][2]string, net tor.Net) NetworkPeerBootstrapper { + return &DNSSeedBootstrapper{dnsSeeds: seeds, net: net} } // fallBackSRVLookup attempts to manually query for SRV records we need to @@ -280,12 +274,14 @@ func NewDNSSeedBootstrapper(seeds [][2]string, lookupHost func(string) ([]string // the records we return are currently too large for a class of resolvers, // causing them to be filtered out. The targetEndPoint is the original end // point that was meant to be hit. -func fallBackSRVLookup(soaShim string, targetEndPoint string) ([]*net.SRV, error) { +func (d *DNSSeedBootstrapper) fallBackSRVLookup(soaShim string, + targetEndPoint string) ([]*net.SRV, error) { + log.Tracef("Attempting to query fallback DNS seed") // First, we'll lookup the IP address of the server that will act as // our shim. - addrs, err := net.LookupHost(soaShim) + addrs, err := d.net.LookupHost(soaShim) if err != nil { return nil, err } @@ -293,7 +289,7 @@ func fallBackSRVLookup(soaShim string, targetEndPoint string) ([]*net.SRV, error // Once we have the IP address, we'll establish a TCP connection using // port 53. dnsServer := net.JoinHostPort(addrs[0], "53") - conn, err := net.Dial("tcp", dnsServer) + conn, err := d.net.Dial("tcp", dnsServer) if err != nil { return nil, err } @@ -356,10 +352,12 @@ search: // keys of nodes. We use the lndLookupSRV function for // this task. primarySeed := dnsSeedTuple[0] - _, addrs, err := d.lookupSRV("nodes", "tcp", primarySeed) + _, addrs, err := d.net.LookupSRV("nodes", "tcp", primarySeed) if err != nil { - log.Tracef("Unable to lookup SRV records via " + - "primary seed, falling back to secondary") + log.Tracef("Unable to lookup SRV records via "+ + "primary seed: %v", err) + + log.Trace("Falling back to secondary") // If the host of the secondary seed is blank, // then we'll bail here as we can't proceed. @@ -371,7 +369,7 @@ search: // the primary seed, we'll fallback to the // secondary seed before concluding failure. soaShim := dnsSeedTuple[1] - addrs, err = fallBackSRVLookup( + addrs, err = d.fallBackSRVLookup( soaShim, primarySeed, ) if err != nil { @@ -397,7 +395,7 @@ search: // key. We use the lndLookup function for this // task. bechNodeHost := nodeSrv.Target - addrs, err := d.lookupHost(bechNodeHost) + addrs, err := d.net.LookupHost(bechNodeHost) if err != nil { return nil, err } diff --git a/server.go b/server.go index 23bb1adc..0f4d3cd9 100644 --- a/server.go +++ b/server.go @@ -720,15 +720,9 @@ func initNetworkBootstrappers(s *server) ([]discovery.NetworkPeerBootstrapper, e srvrLog.Infof("Creating DNS peer bootstrapper with "+ "seeds: %v", dnsSeeds) - dnsBootStrapper, err := discovery.NewDNSSeedBootstrapper( - dnsSeeds, - cfg.net.LookupHost, - cfg.net.LookupSRV, + dnsBootStrapper := discovery.NewDNSSeedBootstrapper( + dnsSeeds, cfg.net, ) - if err != nil { - return nil, err - } - bootStrappers = append(bootStrappers, dnsBootStrapper) } }