config+lnd: Update Tor configuration for hybrid node mode

This commit is contained in:
Adrian-Stefan Mares
2021-06-20 11:16:03 +02:00
parent be666b55b6
commit c4221c3c3a
3 changed files with 23 additions and 7 deletions

View File

@@ -909,6 +909,7 @@ func ValidateConfig(cfg Config, usageMessage string,
SOCKS: cfg.Tor.SOCKS, SOCKS: cfg.Tor.SOCKS,
DNS: cfg.Tor.DNS, DNS: cfg.Tor.DNS,
StreamIsolation: cfg.Tor.StreamIsolation, StreamIsolation: cfg.Tor.StreamIsolation,
DirectConnections: cfg.Tor.DirectConnections,
} }
} }
@@ -1316,7 +1317,7 @@ func ValidateConfig(cfg Config, usageMessage string,
// connections. // connections.
if len(cfg.RawListeners) == 0 { if len(cfg.RawListeners) == 0 {
addr := fmt.Sprintf(":%d", defaultPeerPort) addr := fmt.Sprintf(":%d", defaultPeerPort)
if cfg.Tor.Active { if cfg.Tor.Active && !cfg.Tor.DirectConnections {
addr = fmt.Sprintf("localhost:%d", defaultPeerPort) addr = fmt.Sprintf("localhost:%d", defaultPeerPort)
} }
cfg.RawListeners = append(cfg.RawListeners, addr) cfg.RawListeners = append(cfg.RawListeners, addr)

View File

@@ -6,6 +6,7 @@ type Tor struct {
SOCKS string `long:"socks" description:"The host:port that Tor's exposed SOCKS5 proxy is listening on"` SOCKS string `long:"socks" description:"The host:port that Tor's exposed SOCKS5 proxy is listening on"`
DNS string `long:"dns" description:"The DNS server as host:port that Tor will use for SRV queries - NOTE must have TCP resolution enabled"` DNS string `long:"dns" description:"The DNS server as host:port that Tor will use for SRV queries - NOTE must have TCP resolution enabled"`
StreamIsolation bool `long:"streamisolation" description:"Enable Tor stream isolation by randomizing user credentials for each connection."` StreamIsolation bool `long:"streamisolation" description:"Enable Tor stream isolation by randomizing user credentials for each connection."`
DirectConnections bool `long:"directconnections" description:"Allow the node to establish direct connections to services not running behind Tor."`
Control string `long:"control" description:"The host:port that Tor is listening on for Tor control connections"` Control string `long:"control" description:"The host:port that Tor is listening on for Tor control connections"`
TargetIPAddress string `long:"targetipaddress" description:"IP address that Tor should use as the target of the hidden service"` TargetIPAddress string `long:"targetipaddress" description:"IP address that Tor should use as the target of the hidden service"`
Password string `long:"password" description:"The password used to arrive at the HashedControlPassword for the control port. If provided, the HASHEDPASSWORD authentication method will be used instead of the SAFECOOKIE one."` Password string `long:"password" description:"The password used to arrive at the HashedControlPassword for the control port. If provided, the HASHEDPASSWORD authentication method will be used instead of the SAFECOOKIE one."`

14
lnd.go
View File

@@ -8,6 +8,7 @@ import (
"bytes" "bytes"
"context" "context"
"crypto/tls" "crypto/tls"
"errors"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net" "net"
@@ -168,6 +169,10 @@ type ListenerCfg struct {
ExternalRestRegistrar RestRegistrar ExternalRestRegistrar RestRegistrar
} }
var errStreamIsolationWithDirectConnections = errors.New(
"direct connections cannot be used while stream isolation is enabled",
)
// Main is the true entry point for lnd. It accepts a fully populated and // Main is the true entry point for lnd. It accepts a fully populated and
// validated main configuration struct and an optional listener config struct. // validated main configuration struct and an optional listener config struct.
// This function starts all main system components then blocks until a signal // This function starts all main system components then blocks until a signal
@@ -752,11 +757,20 @@ func Main(cfg *Config, lisCfg ListenerCfg, interceptor signal.Interceptor) error
return err return err
} }
if cfg.Tor.StreamIsolation && cfg.Tor.DirectConnections {
return errStreamIsolationWithDirectConnections
}
if cfg.Tor.Active { if cfg.Tor.Active {
if cfg.Tor.DirectConnections {
srvrLog.Info("Onion services are accessible via Tor! NOTE: " +
"Traffic to clearnet services is not routed via Tor.")
} else {
srvrLog.Infof("Proxying all network traffic via Tor "+ srvrLog.Infof("Proxying all network traffic via Tor "+
"(stream_isolation=%v)! NOTE: Ensure the backend node "+ "(stream_isolation=%v)! NOTE: Ensure the backend node "+
"is proxying over Tor as well", cfg.Tor.StreamIsolation) "is proxying over Tor as well", cfg.Tor.StreamIsolation)
} }
}
// If the watchtower client should be active, open the client database. // If the watchtower client should be active, open the client database.
// This is done here so that Close always executes when lndMain returns. // This is done here so that Close always executes when lndMain returns.