discovery+server: use network-specific functions for fallback SRV lookup
In this commit, we fix a bug where a fallback SRV lookup would leak information if `lnd` was set to route connections over Tor. We solve this by using the network-specific functions rather than the standard ones found in the `net` package.
This commit is contained in:
Wilmer Paulino
parent
d6d0c26252
commit
3bb1733fa2
@ -12,6 +12,7 @@ import (
|
|||||||
"github.com/davecgh/go-spew/spew"
|
"github.com/davecgh/go-spew/spew"
|
||||||
"github.com/lightningnetwork/lnd/autopilot"
|
"github.com/lightningnetwork/lnd/autopilot"
|
||||||
"github.com/lightningnetwork/lnd/lnwire"
|
"github.com/lightningnetwork/lnd/lnwire"
|
||||||
|
"github.com/lightningnetwork/lnd/tor"
|
||||||
"github.com/miekg/dns"
|
"github.com/miekg/dns"
|
||||||
"github.com/roasbeef/btcd/btcec"
|
"github.com/roasbeef/btcd/btcec"
|
||||||
"github.com/roasbeef/btcutil/bech32"
|
"github.com/roasbeef/btcutil/bech32"
|
||||||
@ -247,8 +248,7 @@ type DNSSeedBootstrapper struct {
|
|||||||
// receive the IP address of the current authoritative DNS server for
|
// receive the IP address of the current authoritative DNS server for
|
||||||
// the network seed.
|
// the network seed.
|
||||||
dnsSeeds [][2]string
|
dnsSeeds [][2]string
|
||||||
lookupHost func(string) ([]string, error)
|
net tor.Net
|
||||||
lookupSRV func(string, string, string) (string, []*net.SRV, error)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// A compile time assertion to ensure that DNSSeedBootstrapper meets the
|
// A compile time assertion to ensure that DNSSeedBootstrapper meets the
|
||||||
@ -262,14 +262,8 @@ var _ NetworkPeerBootstrapper = (*ChannelGraphBootstrapper)(nil)
|
|||||||
// used as a fallback for manual TCP resolution in the case of an error
|
// used as a fallback for manual TCP resolution in the case of an error
|
||||||
// receiving the UDP response. The second host should return a single A record
|
// receiving the UDP response. The second host should return a single A record
|
||||||
// with the IP address of the authoritative name server.
|
// with the IP address of the authoritative name server.
|
||||||
func NewDNSSeedBootstrapper(seeds [][2]string, lookupHost func(string) ([]string, error),
|
func NewDNSSeedBootstrapper(seeds [][2]string, net tor.Net) NetworkPeerBootstrapper {
|
||||||
lookupSRV func(string, string, string) (string, []*net.SRV, error)) (
|
return &DNSSeedBootstrapper{dnsSeeds: seeds, net: net}
|
||||||
NetworkPeerBootstrapper, error) {
|
|
||||||
return &DNSSeedBootstrapper{
|
|
||||||
dnsSeeds: seeds,
|
|
||||||
lookupHost: lookupHost,
|
|
||||||
lookupSRV: lookupSRV,
|
|
||||||
}, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// fallBackSRVLookup attempts to manually query for SRV records we need to
|
// fallBackSRVLookup attempts to manually query for SRV records we need to
|
||||||
@ -280,12 +274,14 @@ func NewDNSSeedBootstrapper(seeds [][2]string, lookupHost func(string) ([]string
|
|||||||
// the records we return are currently too large for a class of resolvers,
|
// the records we return are currently too large for a class of resolvers,
|
||||||
// causing them to be filtered out. The targetEndPoint is the original end
|
// causing them to be filtered out. The targetEndPoint is the original end
|
||||||
// point that was meant to be hit.
|
// point that was meant to be hit.
|
||||||
func fallBackSRVLookup(soaShim string, targetEndPoint string) ([]*net.SRV, error) {
|
func (d *DNSSeedBootstrapper) fallBackSRVLookup(soaShim string,
|
||||||
|
targetEndPoint string) ([]*net.SRV, error) {
|
||||||
|
|
||||||
log.Tracef("Attempting to query fallback DNS seed")
|
log.Tracef("Attempting to query fallback DNS seed")
|
||||||
|
|
||||||
// First, we'll lookup the IP address of the server that will act as
|
// First, we'll lookup the IP address of the server that will act as
|
||||||
// our shim.
|
// our shim.
|
||||||
addrs, err := net.LookupHost(soaShim)
|
addrs, err := d.net.LookupHost(soaShim)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -293,7 +289,7 @@ func fallBackSRVLookup(soaShim string, targetEndPoint string) ([]*net.SRV, error
|
|||||||
// Once we have the IP address, we'll establish a TCP connection using
|
// Once we have the IP address, we'll establish a TCP connection using
|
||||||
// port 53.
|
// port 53.
|
||||||
dnsServer := net.JoinHostPort(addrs[0], "53")
|
dnsServer := net.JoinHostPort(addrs[0], "53")
|
||||||
conn, err := net.Dial("tcp", dnsServer)
|
conn, err := d.net.Dial("tcp", dnsServer)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -356,10 +352,12 @@ search:
|
|||||||
// keys of nodes. We use the lndLookupSRV function for
|
// keys of nodes. We use the lndLookupSRV function for
|
||||||
// this task.
|
// this task.
|
||||||
primarySeed := dnsSeedTuple[0]
|
primarySeed := dnsSeedTuple[0]
|
||||||
_, addrs, err := d.lookupSRV("nodes", "tcp", primarySeed)
|
_, addrs, err := d.net.LookupSRV("nodes", "tcp", primarySeed)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Tracef("Unable to lookup SRV records via "+
|
log.Tracef("Unable to lookup SRV records via "+
|
||||||
"primary seed, falling back to secondary")
|
"primary seed: %v", err)
|
||||||
|
|
||||||
|
log.Trace("Falling back to secondary")
|
||||||
|
|
||||||
// If the host of the secondary seed is blank,
|
// If the host of the secondary seed is blank,
|
||||||
// then we'll bail here as we can't proceed.
|
// then we'll bail here as we can't proceed.
|
||||||
@ -371,7 +369,7 @@ search:
|
|||||||
// the primary seed, we'll fallback to the
|
// the primary seed, we'll fallback to the
|
||||||
// secondary seed before concluding failure.
|
// secondary seed before concluding failure.
|
||||||
soaShim := dnsSeedTuple[1]
|
soaShim := dnsSeedTuple[1]
|
||||||
addrs, err = fallBackSRVLookup(
|
addrs, err = d.fallBackSRVLookup(
|
||||||
soaShim, primarySeed,
|
soaShim, primarySeed,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -397,7 +395,7 @@ search:
|
|||||||
// key. We use the lndLookup function for this
|
// key. We use the lndLookup function for this
|
||||||
// task.
|
// task.
|
||||||
bechNodeHost := nodeSrv.Target
|
bechNodeHost := nodeSrv.Target
|
||||||
addrs, err := d.lookupHost(bechNodeHost)
|
addrs, err := d.net.LookupHost(bechNodeHost)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|||||||
10
server.go
10
server.go
@ -720,15 +720,9 @@ func initNetworkBootstrappers(s *server) ([]discovery.NetworkPeerBootstrapper, e
|
|||||||
srvrLog.Infof("Creating DNS peer bootstrapper with "+
|
srvrLog.Infof("Creating DNS peer bootstrapper with "+
|
||||||
"seeds: %v", dnsSeeds)
|
"seeds: %v", dnsSeeds)
|
||||||
|
|
||||||
dnsBootStrapper, err := discovery.NewDNSSeedBootstrapper(
|
dnsBootStrapper := discovery.NewDNSSeedBootstrapper(
|
||||||
dnsSeeds,
|
dnsSeeds, cfg.net,
|
||||||
cfg.net.LookupHost,
|
|
||||||
cfg.net.LookupSRV,
|
|
||||||
)
|
)
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
bootStrappers = append(bootStrappers, dnsBootStrapper)
|
bootStrappers = append(bootStrappers, dnsBootStrapper)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user