mirror of
https://github.com/lightningnetwork/lnd.git
synced 2025-08-29 15:11:09 +02:00
config+lnd: Update Tor configuration for hybrid node mode
This commit is contained in:
Adrian-Stefan Mares
@@ -909,6 +909,7 @@ func ValidateConfig(cfg Config, usageMessage string,
|
|||||||
SOCKS: cfg.Tor.SOCKS,
|
SOCKS: cfg.Tor.SOCKS,
|
||||||
DNS: cfg.Tor.DNS,
|
DNS: cfg.Tor.DNS,
|
||||||
StreamIsolation: cfg.Tor.StreamIsolation,
|
StreamIsolation: cfg.Tor.StreamIsolation,
|
||||||
|
DirectConnections: cfg.Tor.DirectConnections,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1316,7 +1317,7 @@ func ValidateConfig(cfg Config, usageMessage string,
|
|||||||
// connections.
|
// connections.
|
||||||
if len(cfg.RawListeners) == 0 {
|
if len(cfg.RawListeners) == 0 {
|
||||||
addr := fmt.Sprintf(":%d", defaultPeerPort)
|
addr := fmt.Sprintf(":%d", defaultPeerPort)
|
||||||
if cfg.Tor.Active {
|
if cfg.Tor.Active && !cfg.Tor.DirectConnections {
|
||||||
addr = fmt.Sprintf("localhost:%d", defaultPeerPort)
|
addr = fmt.Sprintf("localhost:%d", defaultPeerPort)
|
||||||
}
|
}
|
||||||
cfg.RawListeners = append(cfg.RawListeners, addr)
|
cfg.RawListeners = append(cfg.RawListeners, addr)
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ type Tor struct {
|
|||||||
SOCKS string `long:"socks" description:"The host:port that Tor's exposed SOCKS5 proxy is listening on"`
|
SOCKS string `long:"socks" description:"The host:port that Tor's exposed SOCKS5 proxy is listening on"`
|
||||||
DNS string `long:"dns" description:"The DNS server as host:port that Tor will use for SRV queries - NOTE must have TCP resolution enabled"`
|
DNS string `long:"dns" description:"The DNS server as host:port that Tor will use for SRV queries - NOTE must have TCP resolution enabled"`
|
||||||
StreamIsolation bool `long:"streamisolation" description:"Enable Tor stream isolation by randomizing user credentials for each connection."`
|
StreamIsolation bool `long:"streamisolation" description:"Enable Tor stream isolation by randomizing user credentials for each connection."`
|
||||||
|
DirectConnections bool `long:"directconnections" description:"Allow the node to establish direct connections to services not running behind Tor."`
|
||||||
Control string `long:"control" description:"The host:port that Tor is listening on for Tor control connections"`
|
Control string `long:"control" description:"The host:port that Tor is listening on for Tor control connections"`
|
||||||
TargetIPAddress string `long:"targetipaddress" description:"IP address that Tor should use as the target of the hidden service"`
|
TargetIPAddress string `long:"targetipaddress" description:"IP address that Tor should use as the target of the hidden service"`
|
||||||
Password string `long:"password" description:"The password used to arrive at the HashedControlPassword for the control port. If provided, the HASHEDPASSWORD authentication method will be used instead of the SAFECOOKIE one."`
|
Password string `long:"password" description:"The password used to arrive at the HashedControlPassword for the control port. If provided, the HASHEDPASSWORD authentication method will be used instead of the SAFECOOKIE one."`
|
||||||
|
|||||||
14
lnd.go
14
lnd.go
@@ -8,6 +8,7 @@ import (
|
|||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net"
|
"net"
|
||||||
@@ -168,6 +169,10 @@ type ListenerCfg struct {
|
|||||||
ExternalRestRegistrar RestRegistrar
|
ExternalRestRegistrar RestRegistrar
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var errStreamIsolationWithDirectConnections = errors.New(
|
||||||
|
"direct connections cannot be used while stream isolation is enabled",
|
||||||
|
)
|
||||||
|
|
||||||
// Main is the true entry point for lnd. It accepts a fully populated and
|
// Main is the true entry point for lnd. It accepts a fully populated and
|
||||||
// validated main configuration struct and an optional listener config struct.
|
// validated main configuration struct and an optional listener config struct.
|
||||||
// This function starts all main system components then blocks until a signal
|
// This function starts all main system components then blocks until a signal
|
||||||
@@ -752,11 +757,20 @@ func Main(cfg *Config, lisCfg ListenerCfg, interceptor signal.Interceptor) error
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if cfg.Tor.StreamIsolation && cfg.Tor.DirectConnections {
|
||||||
|
return errStreamIsolationWithDirectConnections
|
||||||
|
}
|
||||||
|
|
||||||
if cfg.Tor.Active {
|
if cfg.Tor.Active {
|
||||||
|
if cfg.Tor.DirectConnections {
|
||||||
|
srvrLog.Info("Onion services are accessible via Tor! NOTE: " +
|
||||||
|
"Traffic to clearnet services is not routed via Tor.")
|
||||||
|
} else {
|
||||||
srvrLog.Infof("Proxying all network traffic via Tor "+
|
srvrLog.Infof("Proxying all network traffic via Tor "+
|
||||||
"(stream_isolation=%v)! NOTE: Ensure the backend node "+
|
"(stream_isolation=%v)! NOTE: Ensure the backend node "+
|
||||||
"is proxying over Tor as well", cfg.Tor.StreamIsolation)
|
"is proxying over Tor as well", cfg.Tor.StreamIsolation)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// If the watchtower client should be active, open the client database.
|
// If the watchtower client should be active, open the client database.
|
||||||
// This is done here so that Close always executes when lndMain returns.
|
// This is done here so that Close always executes when lndMain returns.
|
||||||
|
|||||||
Reference in New Issue
Block a user