multi: Added Tor support

This commit adds Tor support. Users can set the --TorSocks flag
to specify which port Tor's SOCKS5 proxy is listening on so that
lnd can connect to it. When this flag is set, ALL traffic gets
routed over Tor including DNS traffic. Special functions for
DNS lookups were added, and since Tor doesn't natively support
SRV requests, the proxySRV function routes connects us to
a DNS server via Tor and SRV requests can be issued directly
to the DNS server.

Co-authored-by: MeshCollider <dobsonsa68@gmail.com>

config.go

@@ -17,11 +17,15 @@ import (
 	"strings"
 	"time"
 
+	"github.com/btcsuite/btcd/connmgr"
 	flags "github.com/jessevdk/go-flags"
+	"github.com/btcsuite/go-socks/socks"
 	"github.com/lightningnetwork/lnd/brontide"
 	"github.com/lightningnetwork/lnd/lnwire"
+	"github.com/miekg/dns"
 	"github.com/roasbeef/btcd/btcec"
 	"github.com/roasbeef/btcutil"
+	"golang.org/x/net/proxy"
 )
 
 const (
@@ -158,7 +162,8 @@ type config struct {
 
 	CPUProfile string `long:"cpuprofile" description:"Write CPU profile to the specified file"`
 
-	Profile string `long:"profile" description:"Enable HTTP profiling on given port -- NOTE port must be between 1024 and 65536"`
+	Profile  string `long:"profile" description:"Enable HTTP profiling on given port -- NOTE port must be between 1024 and 65535"`
+	TorSocks string `long:"torsocks" description:"The port that Tor's exposed SOCKS5 proxy is listening on -- NOTE port must be between 1024 and 65535"`
 
 	DebugHTLC          bool `long:"debughtlc" description:"Activate the debug htlc mode. With the debug HTLC mode, all payments sent use a pre-determined R-Hash. Additionally, all HTLCs sent to a node with the debug HTLC R-Hash are immediately settled in the next available state transition."`
 	HodlHTLC           bool `long:"hodlhtlc" description:"Activate the hodl HTLC mode.  With hodl HTLC mode, all incoming HTLCs will be accepted by the receiving node, but no attempt will be made to settle the payment with the sender."`
@@ -182,6 +187,12 @@ type config struct {
 
 	Alias string `long:"alias" description:"The node alias. Used as a moniker by peers and intelligence services"`
 	Color string `long:"color" description:"The color of the node in hex format (i.e. '#3399FF'). Used to customize node appearance in intelligence services"`
+
+	dial       func(string, string) (net.Conn, error)
+	lookup     func(string) ([]string, error)
+	lookupSRV  func(string, string, string) (string, []*net.SRV, error)
+	resolveTCP func(string, string) (*net.TCPAddr, error)
+	// TODO(eugene) - onionDial & related onion functions
 }
 
 // loadConfig initializes and parses the config using a config file and command
@@ -286,6 +297,83 @@ func loadConfig() (*config, error) {
 		return nil, err
 	}
 
+	// Setup dial and DNS resolution (lookup, lookupSRV, resolveTCP) functions
+	// depending on the specified options. The default is to use the standard
+	// golang "net" package functions. When Tor's proxy is specified, the dial
+	// function is set to the proxy specific dial function and the DNS
+	// resolution functions use Tor.
+	cfg.lookup = net.LookupHost
+	cfg.lookupSRV = net.LookupSRV
+	cfg.resolveTCP = net.ResolveTCPAddr
+	if cfg.TorSocks != "" {
+		// Validate Tor port number
+		torport, err := strconv.Atoi(cfg.TorSocks)
+		if err != nil || torport < 1024 || torport > 65535 {
+			str := "%s: The tor socks5 port must be between 1024 and 65535"
+			err := fmt.Errorf(str, funcName)
+			fmt.Fprintln(os.Stderr, err)
+			fmt.Fprintln(os.Stderr, usageMessage)
+			return nil, err
+		}
+
+		proxyAddr := "127.0.0.1:" + cfg.TorSocks
+
+		// If ExternalIPs is set, throw an error since we cannot
+		// listen for incoming connections via Tor's SOCKS5 proxy.
+		if len(cfg.ExternalIPs) != 0 {
+			str := "%s: Cannot set externalip flag with proxy flag - " +
+				"cannot listen for incoming connections via Tor's " +
+				"socks5 proxy"
+			err := fmt.Errorf(str, funcName)
+			return nil, err
+		}
+
+		// We use go-socks for the dialer that actually connects to peers
+		// since it preserves the connection information in a *ProxiedAddr
+		// struct. golang's proxy package abstracts this away and is
+		// therefore unsuitable.
+		p := &socks.Proxy{
+			Addr: proxyAddr,
+		}
+		cfg.dial = p.Dial
+
+		// If we are using Tor, since we only want connections routed
+		// through Tor, listening is disabled.
+		cfg.DisableListen = true
+
+		dialer, err := proxy.SOCKS5(
+			"tcp",
+			proxyAddr,
+			nil,
+			proxy.Direct,
+		)
+		if err != nil {
+			str := "%s: Unable to set up SRV dialer: %v"
+			err := fmt.Errorf(str, funcName, err)
+			return nil, err
+		}
+
+		// Perform all DNS resolution through the Tor proxy. We set the
+		// lookup, lookupSRV, & resolveTCP functions here.
+		cfg.lookup = func(host string) ([]string, error) {
+			return proxyLookup(host, proxyAddr)
+		}
+
+		// lookupSRV uses golang's proxy package since go-socks will
+		// cause the SRV request to hang.
+		cfg.lookupSRV = func(service, proto, name string) (cname string,
+			addrs []*net.SRV, err error) {
+			return proxySRV(dialer, service, proto, name)
+		}
+
+		// resolveTCP uses TCP over Tor to resolve TCP addresses and
+		// returns a pointer to a net.TCPAddr struct in the same manner
+		// that the net.ResolveTCPAddr function does.
+		cfg.resolveTCP = func(network, address string) (*net.TCPAddr, error) {
+			return proxyTCP(address, cfg.lookup)
+		}
+	}
+
 	switch {
 	// At this moment, multiple active chains are not supported.
 	case cfg.Litecoin.Active && cfg.Bitcoin.Active:
@@ -627,10 +715,136 @@ func supportedSubsystems() []string {
 func noiseDial(idPriv *btcec.PrivateKey) func(net.Addr) (net.Conn, error) {
 	return func(a net.Addr) (net.Conn, error) {
 		lnAddr := a.(*lnwire.NetAddress)
-		return brontide.Dial(idPriv, lnAddr)
+		if cfg.dial == nil {
+			return brontide.Dial(idPriv, lnAddr)
+		}
+		return brontide.Dial(idPriv, lnAddr, cfg.dial)
 	}
 }
 
+// lndLookup resolves the IP address of a given host using the correct DNS
+// function depending on the lookup configuration options. Lookup can be done
+// via golang's system resolver or via Tor. When Tor is used, only IPv4
+// addresses are returned.
+func lndLookup(host string) ([]string, error) {
+	return cfg.lookup(host)
+}
+
+// lndLookupSRV queries a DNS server with SRV requests depending on the
+// configuration options. SRV queries can be done via golang's system
+// resolver or through (but not by!) Tor.
+func lndLookupSRV(service, proto, name string) (string, []*net.SRV, error) {
+	return cfg.lookupSRV(service, proto, name)
+}
+
+// lndResolveTCP resolves TCP addresses into type *net.TCPAddr. Depending on
+// configuration options, this resolution can be done via golang's system
+// resolver or via Tor.
+func lndResolveTCP(network, address string) (*net.TCPAddr, error) {
+	return cfg.resolveTCP(network, address)
+}
+
+// proxyLookup uses Tor to resolve DNS via the SOCKS extension they provide for
+// resolution over the Tor network. Only IPV4 is supported. Unlike btcd's
+// TorLookupIP function, however, this function returns a ([]string, error)
+// tuple.
+func proxyLookup(host string, proxy string) ([]string, error) {
+	ip, err := connmgr.TorLookupIP(host, proxy)
+	if err != nil {
+		return nil, err
+	}
+
+	var addrs []string
+	// Only one IPv4 address is returned by the TorLookupIP function.
+	addrs = append(addrs, ip[0].String())
+	return addrs, nil
+}
+
+// proxyTCP uses Tor's proxy to resolve tcp addresses instead of the system resolver
+// that ResolveTCPAddr and related functions use. This resolver only queries DNS
+// servers in the case a hostname is passed in the address parameter. Only TCP
+// resolution is supported.
+func proxyTCP(address string, lookupFn func(string) ([]string, error)) (*net.TCPAddr, error) {
+	// Split host:port since the lookup function does not take a port.
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+
+	// Look up the host's IP address via Tor.
+	ip, err := lookupFn(host)
+	if err != nil {
+		return nil, err
+	}
+
+	// Convert port to an int
+	p, err := strconv.Atoi(port)
+	if err != nil {
+		return nil, err
+	}
+
+	// Return a pointer to a net.TCPAddr struct exactly like ResolveTCPAddr.
+	return &net.TCPAddr{
+		IP:   net.ParseIP(ip[0]),
+		Port: p,
+	}, nil
+}
+
+// proxySRV uses Tor's proxy to route DNS SRV requests. Tor does not support
+// SRV queries. Therefore, we must route all SRV requests THROUGH the Tor proxy
+// and connect directly to a DNS server and query it. Note: the DNS server must
+// be a Lightning DNS server that follows the BOLT#10 specification.
+func proxySRV(dialer proxy.Dialer, service, proto, name string) (string, []*net.SRV, error) {
+
+	// _service._proto.name as described in RFC#2782.
+	host := "_" + service + "._" + proto + "." + name + "."
+
+	// Dial Eugene's lseed.
+	conn, err := dialer.Dial("tcp", "108.26.210.110:8053")
+	if err != nil {
+		return "", nil, err
+	}
+
+	// Construct the actual SRV request.
+	msg := new(dns.Msg)
+	msg.SetQuestion(host, dns.TypeSRV)
+	msg.RecursionDesired = true
+
+	dnsConn := &dns.Conn{
+		Conn: conn,
+	}
+	defer dnsConn.Close()
+
+	// Write the SRV request
+	dnsConn.WriteMsg(msg)
+
+	// Read the response
+	resp, err := dnsConn.ReadMsg()
+	if err != nil {
+		return "", nil, err
+	}
+
+	if resp.Rcode != dns.RcodeSuccess {
+		// TODO(eugene) - table of Rcode fmt.Errors
+		return "", nil, fmt.Errorf("Unsuccessful SRV request, received: %d",
+			resp.Rcode)
+	}
+
+	// Retrieve the RR(s) of the Answer section.
+	var rrs []*net.SRV
+	for _, rr := range resp.Answer {
+		srv := rr.(*dns.SRV)
+		rrs = append(rrs, &net.SRV{
+			Target:   srv.Target,
+			Port:     srv.Port,
+			Priority: srv.Priority,
+			Weight:   srv.Weight,
+		})
+	}
+
+	return "", rrs, nil
+}
+
 func parseRPCParams(cConfig *chainConfig, nodeConfig interface{}, net chainCode,
 	funcName string) error {
 	// If the configuration has already set the RPCUser and RPCPass, and