discovery+server: use network-specific functions for fallback SRV lookup

In this commit, we fix a bug where a fallback SRV lookup would leak
information if `lnd` was set to route connections over Tor. We solve
this by using the network-specific functions rather than the standard
ones found in the `net` package.
This commit is contained in:
Wilmer Paulino 2018-04-29 00:44:55 -04:00
parent d6d0c26252
commit 3bb1733fa2
No known key found for this signature in database
GPG Key ID: 6DF57B9F9514972F
2 changed files with 19 additions and 27 deletions

@ -12,6 +12,7 @@ import (
"github.com/davecgh/go-spew/spew"
"github.com/lightningnetwork/lnd/autopilot"
"github.com/lightningnetwork/lnd/lnwire"
"github.com/lightningnetwork/lnd/tor"
"github.com/miekg/dns"
"github.com/roasbeef/btcd/btcec"
"github.com/roasbeef/btcutil/bech32"
@ -247,8 +248,7 @@ type DNSSeedBootstrapper struct {
// receive the IP address of the current authoritative DNS server for
// the network seed.
dnsSeeds [][2]string
lookupHost func(string) ([]string, error)
lookupSRV func(string, string, string) (string, []*net.SRV, error)
net tor.Net
}
// A compile time assertion to ensure that DNSSeedBootstrapper meets the
@ -262,14 +262,8 @@ var _ NetworkPeerBootstrapper = (*ChannelGraphBootstrapper)(nil)
// used as a fallback for manual TCP resolution in the case of an error
// receiving the UDP response. The second host should return a single A record
// with the IP address of the authoritative name server.
func NewDNSSeedBootstrapper(seeds [][2]string, lookupHost func(string) ([]string, error),
lookupSRV func(string, string, string) (string, []*net.SRV, error)) (
NetworkPeerBootstrapper, error) {
return &DNSSeedBootstrapper{
dnsSeeds: seeds,
lookupHost: lookupHost,
lookupSRV: lookupSRV,
}, nil
func NewDNSSeedBootstrapper(seeds [][2]string, net tor.Net) NetworkPeerBootstrapper {
return &DNSSeedBootstrapper{dnsSeeds: seeds, net: net}
}
// fallBackSRVLookup attempts to manually query for SRV records we need to
@ -280,12 +274,14 @@ func NewDNSSeedBootstrapper(seeds [][2]string, lookupHost func(string) ([]string
// the records we return are currently too large for a class of resolvers,
// causing them to be filtered out. The targetEndPoint is the original end
// point that was meant to be hit.
func fallBackSRVLookup(soaShim string, targetEndPoint string) ([]*net.SRV, error) {
func (d *DNSSeedBootstrapper) fallBackSRVLookup(soaShim string,
targetEndPoint string) ([]*net.SRV, error) {
log.Tracef("Attempting to query fallback DNS seed")
// First, we'll lookup the IP address of the server that will act as
// our shim.
addrs, err := net.LookupHost(soaShim)
addrs, err := d.net.LookupHost(soaShim)
if err != nil {
return nil, err
}
@ -293,7 +289,7 @@ func fallBackSRVLookup(soaShim string, targetEndPoint string) ([]*net.SRV, error
// Once we have the IP address, we'll establish a TCP connection using
// port 53.
dnsServer := net.JoinHostPort(addrs[0], "53")
conn, err := net.Dial("tcp", dnsServer)
conn, err := d.net.Dial("tcp", dnsServer)
if err != nil {
return nil, err
}
@ -356,10 +352,12 @@ search:
// keys of nodes. We use the lndLookupSRV function for
// this task.
primarySeed := dnsSeedTuple[0]
_, addrs, err := d.lookupSRV("nodes", "tcp", primarySeed)
_, addrs, err := d.net.LookupSRV("nodes", "tcp", primarySeed)
if err != nil {
log.Tracef("Unable to lookup SRV records via "+
"primary seed, falling back to secondary")
"primary seed: %v", err)
log.Trace("Falling back to secondary")
// If the host of the secondary seed is blank,
// then we'll bail here as we can't proceed.
@ -371,7 +369,7 @@ search:
// the primary seed, we'll fallback to the
// secondary seed before concluding failure.
soaShim := dnsSeedTuple[1]
addrs, err = fallBackSRVLookup(
addrs, err = d.fallBackSRVLookup(
soaShim, primarySeed,
)
if err != nil {
@ -397,7 +395,7 @@ search:
// key. We use the lndLookup function for this
// task.
bechNodeHost := nodeSrv.Target
addrs, err := d.lookupHost(bechNodeHost)
addrs, err := d.net.LookupHost(bechNodeHost)
if err != nil {
return nil, err
}

@ -720,15 +720,9 @@ func initNetworkBootstrappers(s *server) ([]discovery.NetworkPeerBootstrapper, e
srvrLog.Infof("Creating DNS peer bootstrapper with "+
"seeds: %v", dnsSeeds)
dnsBootStrapper, err := discovery.NewDNSSeedBootstrapper(
dnsSeeds,
cfg.net.LookupHost,
cfg.net.LookupSRV,
dnsBootStrapper := discovery.NewDNSSeedBootstrapper(
dnsSeeds, cfg.net,
)
if err != nil {
return nil, err
}
bootStrappers = append(bootStrappers, dnsBootStrapper)
}
}