1 /*~ Welcome to the connect daemon: maintainer of connectivity!
2 *
3 * This is another separate daemon which is responsible for reaching out to
4 * other peers, and also accepting their incoming connections. It talks to
5 * them for just long enough to validate their identity using a cryptographic
6 * handshake, then receive and send supported feature sets; then it hands them
7 * up to lightningd which will fire up a specific per-peer daemon to talk to
8 * it.
9 */
10 #include <ccan/array_size/array_size.h>
11 #include <ccan/asort/asort.h>
12 #include <ccan/fdpass/fdpass.h>
13 #include <ccan/noerr/noerr.h>
14 #include <ccan/tal/str/str.h>
15 #include <common/bech32.h>
16 #include <common/bech32_util.h>
17 #include <common/daemon_conn.h>
18 #include <common/ecdh_hsmd.h>
19 #include <common/jsonrpc_errors.h>
20 #include <common/memleak.h>
21 #include <common/pseudorand.h>
22 #include <common/status.h>
23 #include <common/subdaemon.h>
24 #include <common/timeout.h>
25 #include <common/type_to_string.h>
26 #include <common/wire_error.h>
27 #include <connectd/connectd.h>
28 #include <connectd/connectd_gossipd_wiregen.h>
29 #include <connectd/connectd_wiregen.h>
30 #include <connectd/handshake.h>
31 #include <connectd/netaddress.h>
32 #include <connectd/peer_exchange_initmsg.h>
33 #include <connectd/tor.h>
34 #include <connectd/tor_autoservice.h>
35 #include <errno.h>
36 #include <fcntl.h>
37 #include <netdb.h>
38 #include <netinet/in.h>
39 #include <sodium.h>
40 #include <sys/types.h>
41 #include <sys/wait.h>
42 #include <unistd.h>
43 #include <wire/wire_sync.h>
44
45 /*~ We are passed two file descriptors when exec'ed from `lightningd`: the
46 * first is a connection to `hsmd`, which we need for the cryptographic
47 * handshake, and the second is to `gossipd`: it gathers network gossip and
48 * thus may know how to reach certain peers. */
49 #define HSM_FD 3
50 #define GOSSIPCTL_FD 4
51
52 /*~ In C convention, constants are UPPERCASE macros. Not everything needs to
53 * be a constant, but it soothes the programmer's conscience to encapsulate
54 * arbitrary decisions like these in one place. */
55 #define MAX_CONNECT_ATTEMPTS 10
56 #define INITIAL_WAIT_SECONDS 1
57 #define MAX_WAIT_SECONDS 300
58
59 /*~ We keep a hash table (ccan/htable) of public keys, which tells us what
60 * peers are already connected. The HTABLE_DEFINE_TYPE() macro needs a
61 * keyof() function to extract the key. For this simple use case, that's the
62 * identity function: */
node_id_keyof(const struct node_id * pc)63 static const struct node_id *node_id_keyof(const struct node_id *pc)
64 {
65 return pc;
66 }
67
68 /*~ We also need to define a hashing function. siphash24 is a fast yet
69 * cryptographic hash in ccan/crypto/siphash24; we might be able to get away
70 * with a slightly faster hash with fewer guarantees, but it's good hygiene to
71 * use this unless it's a proven bottleneck. siphash_seed() is a function in
72 * common/pseudorand which sets up a seed for our hashing; it's different
73 * every time the program is run. */
node_id_hash(const struct node_id * id)74 static size_t node_id_hash(const struct node_id *id)
75 {
76 return siphash24(siphash_seed(), id->k, sizeof(id->k));
77 }
78
79 /*~ This defines 'struct node_set' which contains 'struct node_id' pointers. */
80 HTABLE_DEFINE_TYPE(struct node_id,
81 node_id_keyof,
82 node_id_hash,
83 node_id_eq,
84 node_set);
85
86 /*~ This is the global state, like `struct lightningd *ld` in lightningd. */
87 struct daemon {
88 /* Who am I? */
89 struct node_id id;
90
91 /* pubkey equivalent. */
92 struct pubkey mykey;
93
94 /* Base for timeout timers, and how long to wait for init msg */
95 struct timers timers;
96 u32 timeout_secs;
97
98 /* Peers that we've handed to `lightningd`, which it hasn't told us
99 * have disconnected. */
100 struct node_set peers;
101
102 /* Peers we are trying to reach */
103 struct list_head connecting;
104
105 /* Connection to main daemon. */
106 struct daemon_conn *master;
107
108 /* Allow localhost to be considered "public": DEVELOPER-only option,
109 * but for simplicity we don't #if DEVELOPER-wrap it here. */
110 bool dev_allow_localhost;
111
112 /* We support use of a SOCKS5 proxy (e.g. Tor) */
113 struct addrinfo *proxyaddr;
114
115 /* They can tell us we must use proxy even for non-Tor addresses. */
116 bool always_use_proxy;
117
118 /* There are DNS seeds we can use to look up node addresses as a last
119 * resort, but doing so leaks our address so can be disabled. */
120 bool use_dns;
121
122 /* The address that the broken response returns instead of
123 * NXDOMAIN. NULL if we have not detected a broken resolver. */
124 struct sockaddr *broken_resolver_response;
125
126 /* File descriptors to listen on once we're activated. */
127 struct listen_fd *listen_fds;
128
129 /* Allow to define the default behavior of tor services calls*/
130 bool use_v3_autotor;
131
132 /* Our features, as lightningd told us */
133 struct feature_set *our_features;
134
135 /* Subdaemon to proxy websocket requests. */
136 char *websocket_helper;
137
138 /* If non-zero, port to listen for websocket connections. */
139 u16 websocket_port;
140 };
141
142 /* Peers we're trying to reach: we iterate through addrs until we succeed
143 * or fail. */
144 struct connecting {
145 /* daemon->connecting */
146 struct list_node list;
147
148 struct daemon *daemon;
149
150 struct io_conn *conn;
151
152 /* The ID of the peer (not necessarily unique, in transit!) */
153 struct node_id id;
154
155 /* We iterate through the tal_count(addrs) */
156 size_t addrnum;
157 struct wireaddr_internal *addrs;
158
159 /* NULL if there wasn't a hint. */
160 struct wireaddr_internal *addrhint;
161
162 /* How far did we get? */
163 const char *connstate;
164
165 /* Accumulated errors */
166 char *errors;
167
168 /* How many seconds did we wait this time? */
169 u32 seconds_waited;
170 };
171
172 /*~ C programs should generally be written bottom-to-top, with the root
173 * function at the bottom, and functions it calls above it. That avoids
174 * us having to pre-declare functions; but in the case of mutual recursion
175 * pre-declarations are necessary (also, sometimes we do it to avoid making
176 * a patch hard to review with gratuitous reorganizations). */
177 static void try_connect_one_addr(struct connecting *connect);
178
179 /*~ Some ISP resolvers will reply with a dummy IP to queries that would otherwise
180 * result in an NXDOMAIN reply. This just checks whether we have one such
181 * resolver upstream and remembers its reply so we can try to filter future
182 * dummies out.
183 */
broken_resolver(struct daemon * daemon)184 static bool broken_resolver(struct daemon *daemon)
185 {
186 struct addrinfo *addrinfo;
187 struct addrinfo hints;
188 const char *hostname = "nxdomain-test.doesntexist";
189 int err;
190
191 /* If they told us to never do DNS queries, don't even do this one and
192 * also not if we just say that we don't */
193 if (!daemon->use_dns || daemon->always_use_proxy) {
194 daemon->broken_resolver_response = NULL;
195 return false;
196 }
197
198 memset(&hints, 0, sizeof(hints));
199 hints.ai_family = AF_UNSPEC;
200 hints.ai_socktype = SOCK_STREAM;
201 hints.ai_protocol = 0;
202 hints.ai_flags = AI_ADDRCONFIG;
203 err = getaddrinfo(hostname, tal_fmt(tmpctx, "%d", 42),
204 &hints, &addrinfo);
205
206 /*~ Note the use of tal_dup here: it is a memdup for tal, but it's
207 * type-aware so it's less error-prone. */
208 if (err == 0) {
209 daemon->broken_resolver_response
210 = tal_dup(daemon, struct sockaddr, addrinfo->ai_addr);
211 freeaddrinfo(addrinfo);
212 } else
213 daemon->broken_resolver_response = NULL;
214
215 return daemon->broken_resolver_response != NULL;
216 }
217
218 /*~ Here we see our first tal destructor: in this case the 'struct connect'
219 * simply removes itself from the list of all 'connect' structs. */
destroy_connecting(struct connecting * connect)220 static void destroy_connecting(struct connecting *connect)
221 {
222 /*~ We don't *need* the list_head here; `list_del(&connect->list)`
223 * would work. But we have access to it, and `list_del_from()` is
224 * clearer for readers, and also does a very brief sanity check that
225 * the list isn't already empty which catches a surprising number of
226 * bugs! (If CCAN_LIST_DEBUG were defined, it would perform a
227 * complete list traverse to check it was in the list before
228 * deletion). */
229 list_del_from(&connect->daemon->connecting, &connect->list);
230 }
231
232 /*~ Most simple search functions start with find_; in this case, search
233 * for an existing attempt to connect the given peer id. */
find_connecting(struct daemon * daemon,const struct node_id * id)234 static struct connecting *find_connecting(struct daemon *daemon,
235 const struct node_id *id)
236 {
237 struct connecting *i;
238
239 /*~ Note the node_id_eq function: this is generally preferred over
240 * doing a memcmp() manually, as it is both typesafe and can handle
241 * any padding which the C compiler is allowed to insert between
242 * members (unnecessary here, as there's no padding in a `struct
243 * node_id`). */
244 list_for_each(&daemon->connecting, i, list)
245 if (node_id_eq(id, &i->id))
246 return i;
247 return NULL;
248 }
249
250 /*~ Once we've connected out, we disable the callback which would cause us to
251 * to try the next address. */
connected_out_to_peer(struct daemon * daemon,struct io_conn * conn,const struct node_id * id)252 static void connected_out_to_peer(struct daemon *daemon,
253 struct io_conn *conn,
254 const struct node_id *id)
255 {
256 struct connecting *connect = find_connecting(daemon, id);
257
258 /* We allocate 'conn' as a child of 'connect': we don't want to free
259 * it just yet though. tal_steal() it onto the permanent 'daemon'
260 * struct. */
261 tal_steal(daemon, conn);
262
263 /* We only allow one outgoing attempt at a time */
264 assert(connect->conn == conn);
265
266 /* Don't call destroy_io_conn, since we're done. */
267 io_set_finish(conn, NULL, NULL);
268
269 /* Now free the 'connecting' struct. */
270 tal_free(connect);
271 }
272
273 /*~ Once they've connected in, stop trying to connect out (if we were). */
peer_connected_in(struct daemon * daemon,struct io_conn * conn,const struct node_id * id)274 static void peer_connected_in(struct daemon *daemon,
275 struct io_conn *conn,
276 const struct node_id *id)
277 {
278 struct connecting *connect = find_connecting(daemon, id);
279
280 if (!connect)
281 return;
282
283 /* Don't call destroy_io_conn, since we're done. */
284 io_set_finish(connect->conn, NULL, NULL);
285
286 /* Now free the 'connecting' struct since we succeeded. */
287 tal_free(connect);
288 }
289
290 /*~ Every per-peer daemon needs a connection to the gossip daemon; this allows
291 * it to forward gossip to/from the peer. The gossip daemon needs to know a
292 * few of the features of the peer and its id (for reporting).
293 *
294 * Every peer also has read-only access to the gossip_store, which is handed
295 * out by gossipd too, and also a "gossip_state" indicating where we're up to.
296 *
297 * 'features' is a field in the `init` message, indicating properties of the
298 * node.
299 */
get_gossipfds(struct daemon * daemon,const struct node_id * id,const u8 * their_features,struct per_peer_state * pps)300 static bool get_gossipfds(struct daemon *daemon,
301 const struct node_id *id,
302 const u8 *their_features,
303 struct per_peer_state *pps)
304 {
305 bool gossip_queries_feature, initial_routing_sync, success;
306 u8 *msg;
307
308 /*~ The way features generally work is that both sides need to offer it;
309 * we always offer `gossip_queries`, but this check is explicit. */
310 gossip_queries_feature
311 = feature_negotiated(daemon->our_features, their_features,
312 OPT_GOSSIP_QUERIES);
313
314 /*~ `initial_routing_sync` is supported by every node, since it was in
315 * the initial lightning specification: it means the peer wants the
316 * backlog of existing gossip. */
317 initial_routing_sync
318 = feature_offered(their_features, OPT_INITIAL_ROUTING_SYNC);
319
320 /*~ We do this communication sync, since gossipd is our friend and
321 * it's easier. If gossipd fails, we fail. */
322 msg = towire_gossipd_new_peer(NULL, id, gossip_queries_feature,
323 initial_routing_sync);
324 if (!wire_sync_write(GOSSIPCTL_FD, take(msg)))
325 status_failed(STATUS_FAIL_INTERNAL_ERROR,
326 "Failed writing to gossipctl: %s",
327 strerror(errno));
328
329 msg = wire_sync_read(tmpctx, GOSSIPCTL_FD);
330 if (!fromwire_gossipd_new_peer_reply(pps, msg, &success, &pps->gs))
331 status_failed(STATUS_FAIL_INTERNAL_ERROR,
332 "Failed parsing msg gossipctl: %s",
333 tal_hex(tmpctx, msg));
334
335 /* Gossipd might run out of file descriptors, so it tells us, and we
336 * give up on connecting this peer. */
337 if (!success) {
338 status_broken("Gossipd did not give us an fd: losing peer %s",
339 type_to_string(tmpctx, struct node_id, id));
340 return false;
341 }
342
343 /* Otherwise, the next thing in the socket will be the file descriptors
344 * for the per-peer daemon. */
345 pps->gossip_fd = fdpass_recv(GOSSIPCTL_FD);
346 pps->gossip_store_fd = fdpass_recv(GOSSIPCTL_FD);
347 return true;
348 }
349
350 /*~ This is an ad-hoc marshalling structure where we store arguments so we
351 * can call peer_connected again. */
352 struct peer_reconnected {
353 struct daemon *daemon;
354 struct node_id id;
355 struct wireaddr_internal addr;
356 struct crypto_state cs;
357 const u8 *their_features;
358 bool incoming;
359 };
360
361 /*~ For simplicity, lightningd only ever deals with a single connection per
362 * peer. So if we already know about a peer, we tell lightning to disconnect
363 * the old one and retry once it does. */
retry_peer_connected(struct io_conn * conn,struct peer_reconnected * pr)364 static struct io_plan *retry_peer_connected(struct io_conn *conn,
365 struct peer_reconnected *pr)
366 {
367 struct io_plan *plan;
368
369 /*~ As you can see, we've had issues with this code before :( */
370 status_peer_debug(&pr->id, "processing now old peer gone");
371
372 /*~ Usually the pattern is to return this directly, but we have to free
373 * our temporary structure. */
374 plan = peer_connected(conn, pr->daemon, &pr->id, &pr->addr, &pr->cs,
375 take(pr->their_features), pr->incoming);
376 tal_free(pr);
377 return plan;
378 }
379
380 /*~ If we already know about this peer, we tell lightningd and it disconnects
381 * the old one. We wait until it tells us that's happened. */
peer_reconnected(struct io_conn * conn,struct daemon * daemon,const struct node_id * id,const struct wireaddr_internal * addr,const struct crypto_state * cs,const u8 * their_features TAKES,bool incoming)382 static struct io_plan *peer_reconnected(struct io_conn *conn,
383 struct daemon *daemon,
384 const struct node_id *id,
385 const struct wireaddr_internal *addr,
386 const struct crypto_state *cs,
387 const u8 *their_features TAKES,
388 bool incoming)
389 {
390 u8 *msg;
391 struct peer_reconnected *pr;
392
393 status_peer_debug(id, "reconnect");
394
395 /* Tell master to kill it: will send peer_disconnect */
396 msg = towire_connectd_reconnected(NULL, id);
397 daemon_conn_send(daemon->master, take(msg));
398
399 /* Save arguments for next time. */
400 pr = tal(daemon, struct peer_reconnected);
401 pr->daemon = daemon;
402 pr->id = *id;
403 pr->cs = *cs;
404 pr->addr = *addr;
405 pr->incoming = incoming;
406
407 /*~ Note that tal_dup_talarr() will do handle the take() of features
408 * (turning it into a simply tal_steal() in those cases). */
409 pr->their_features = tal_dup_talarr(pr, u8, their_features);
410
411 /*~ ccan/io supports waiting on an address: in this case, the key in
412 * the peer set. When someone calls `io_wake()` on that address, it
413 * will call retry_peer_connected above. */
414 return io_wait(conn, node_set_get(&daemon->peers, id),
415 /*~ The notleak() wrapper is a DEVELOPER-mode hack so
416 * that our memory leak detection doesn't consider 'pr'
417 * (which is not referenced from our code) to be a
418 * memory leak. */
419 retry_peer_connected, notleak(pr));
420 }
421
422 /*~ Note the lack of static: this is called by peer_exchange_initmsg.c once the
423 * INIT messages are exchanged, and also by the retry code above. */
peer_connected(struct io_conn * conn,struct daemon * daemon,const struct node_id * id,const struct wireaddr_internal * addr,struct crypto_state * cs,const u8 * their_features TAKES,bool incoming)424 struct io_plan *peer_connected(struct io_conn *conn,
425 struct daemon *daemon,
426 const struct node_id *id,
427 const struct wireaddr_internal *addr,
428 struct crypto_state *cs,
429 const u8 *their_features TAKES,
430 bool incoming)
431 {
432 u8 *msg;
433 struct per_peer_state *pps;
434 int unsup;
435 size_t depender, missing;
436
437 if (node_set_get(&daemon->peers, id))
438 return peer_reconnected(conn, daemon, id, addr, cs,
439 their_features, incoming);
440
441 /* We promised we'd take it by marking it TAKEN above; prepare to free it. */
442 if (taken(their_features))
443 tal_steal(tmpctx, their_features);
444
445 /* BOLT #1:
446 *
447 * The receiving node:
448 * ...
449 * - upon receiving unknown _odd_ feature bits that are non-zero:
450 * - MUST ignore the bit.
451 * - upon receiving unknown _even_ feature bits that are non-zero:
452 * - MUST fail the connection.
453 */
454 unsup = features_unsupported(daemon->our_features, their_features,
455 INIT_FEATURE);
456 if (unsup != -1) {
457 status_peer_unusual(id, "Unsupported feature %u", unsup);
458 msg = towire_warningfmt(NULL, NULL, "Unsupported feature %u",
459 unsup);
460 msg = cryptomsg_encrypt_msg(tmpctx, cs, take(msg));
461 return io_write(conn, msg, tal_count(msg), io_close_cb, NULL);
462 }
463
464 if (!feature_check_depends(their_features, &depender, &missing)) {
465 status_peer_unusual(id, "Feature %zu requires feature %zu",
466 depender, missing);
467 msg = towire_warningfmt(NULL, NULL,
468 "Feature %zu requires feature %zu",
469 depender, missing);
470 msg = cryptomsg_encrypt_msg(tmpctx, cs, take(msg));
471 return io_write(conn, msg, tal_count(msg), io_close_cb, NULL);
472 }
473
474 /* We've successfully connected. */
475 if (incoming)
476 peer_connected_in(daemon, conn, id);
477 else
478 connected_out_to_peer(daemon, conn, id);
479
480 if (find_connecting(daemon, id))
481 status_failed(STATUS_FAIL_INTERNAL_ERROR,
482 "After %s connection on %p, still trying to connect conn %p?",
483 incoming ? "incoming" : "outgoing",
484 conn, find_connecting(daemon, id)->conn);
485
486 /* This contains the per-peer state info; gossipd fills in pps->gs */
487 pps = new_per_peer_state(tmpctx, cs);
488
489 /* If gossipd can't give us a file descriptor, we give up connecting. */
490 if (!get_gossipfds(daemon, id, their_features, pps))
491 return io_close(conn);
492
493 /* Create message to tell master peer has connected. */
494 msg = towire_connectd_peer_connected(NULL, id, addr, incoming,
495 pps, their_features);
496
497 /*~ daemon_conn is a message queue for inter-daemon communication: we
498 * queue up the `connect_peer_connected` message to tell lightningd
499 * we have connected, and give the peer and gossip fds. */
500 daemon_conn_send(daemon->master, take(msg));
501 /* io_conn_fd() extracts the fd from ccan/io's io_conn */
502 daemon_conn_send_fd(daemon->master, io_conn_fd(conn));
503 daemon_conn_send_fd(daemon->master, pps->gossip_fd);
504 daemon_conn_send_fd(daemon->master, pps->gossip_store_fd);
505
506 /* Don't try to close these on freeing. */
507 pps->gossip_store_fd = pps->gossip_fd = -1;
508
509 /*~ Finally, we add it to the set of pubkeys: tal_dup will handle
510 * take() args for us, by simply tal_steal()ing it. */
511 node_set_add(&daemon->peers, tal_dup(daemon, struct node_id, id));
512
513 /*~ We want to free the connection, but not close the fd (which is
514 * queued to go to lightningd), so use this variation on io_close: */
515 return io_close_taken_fd(conn);
516 }
517
518 /*~ handshake.c's handles setting up the crypto state once we get a connection
519 * in; we hand it straight to peer_exchange_initmsg() to send and receive INIT
520 * and call peer_connected(). */
handshake_in_success(struct io_conn * conn,const struct pubkey * id_key,const struct wireaddr_internal * addr,struct crypto_state * cs,struct daemon * daemon)521 static struct io_plan *handshake_in_success(struct io_conn *conn,
522 const struct pubkey *id_key,
523 const struct wireaddr_internal *addr,
524 struct crypto_state *cs,
525 struct daemon *daemon)
526 {
527 struct node_id id;
528 node_id_from_pubkey(&id, id_key);
529 status_peer_debug(&id, "Connect IN");
530 return peer_exchange_initmsg(conn, daemon, daemon->our_features,
531 cs, &id, addr, true);
532 }
533
534 /*~ If the timer goes off, we simply free everything, which hangs up. */
conn_timeout(struct io_conn * conn)535 static void conn_timeout(struct io_conn *conn)
536 {
537 status_debug("conn timed out");
538 errno = ETIMEDOUT;
539 io_close(conn);
540 }
541
542 /*~ So, where are you from? */
get_remote_address(struct io_conn * conn,struct wireaddr_internal * addr)543 static bool get_remote_address(struct io_conn *conn,
544 struct wireaddr_internal *addr)
545 {
546 struct sockaddr_storage s = {};
547 socklen_t len = sizeof(s);
548
549 /* The cast here is a weird Berkeley sockets API feature... */
550 if (getpeername(io_conn_fd(conn), (struct sockaddr *)&s, &len) != 0) {
551 status_debug("Failed to get peername for incoming conn: %s",
552 strerror(errno));
553 return false;
554 }
555
556 if (s.ss_family == AF_INET6) {
557 struct sockaddr_in6 *s6 = (void *)&s;
558 addr->itype = ADDR_INTERNAL_WIREADDR;
559 wireaddr_from_ipv6(&addr->u.wireaddr,
560 &s6->sin6_addr, ntohs(s6->sin6_port));
561 } else if (s.ss_family == AF_INET) {
562 struct sockaddr_in *s4 = (void *)&s;
563 addr->itype = ADDR_INTERNAL_WIREADDR;
564 wireaddr_from_ipv4(&addr->u.wireaddr,
565 &s4->sin_addr, ntohs(s4->sin_port));
566 } else if (s.ss_family == AF_UNIX) {
567 struct sockaddr_un *sun = (void *)&s;
568 addr->itype = ADDR_INTERNAL_SOCKNAME;
569 memcpy(addr->u.sockname, sun->sun_path, sizeof(sun->sun_path));
570 } else {
571 status_broken("Unknown socket type %i for incoming conn",
572 s.ss_family);
573 return false;
574 }
575 return true;
576 }
577
578 /*~ As so common in C, we need to bundle two args into a callback, so we
579 * allocate a temporary structure to hold them: */
580 struct conn_in {
581 struct wireaddr_internal addr;
582 struct daemon *daemon;
583 };
584
585 /*~ Once we've got a connection in, we set it up here (whether it's via the
586 * websocket proxy, or direct). */
conn_in(struct io_conn * conn,struct conn_in * conn_in_arg)587 static struct io_plan *conn_in(struct io_conn *conn,
588 struct conn_in *conn_in_arg)
589 {
590 struct daemon *daemon = conn_in_arg->daemon;
591
592 /* If they don't complete handshake in reasonable time, hang up */
593 notleak(new_reltimer(&daemon->timers, conn,
594 time_from_sec(daemon->timeout_secs),
595 conn_timeout, conn));
596
597 /*~ The crypto handshake differs depending on whether you received or
598 * initiated the socket connection, so there are two entry points.
599 * Note, again, the notleak() to avoid our simplistic leak detection
600 * code from thinking `conn` (which we don't keep a pointer to) is
601 * leaked */
602 return responder_handshake(notleak(conn), &daemon->mykey,
603 &conn_in_arg->addr,
604 handshake_in_success, daemon);
605 }
606
607 /*~ When we get a direct connection in we set up its network address
608 * then call handshake.c to set up the crypto state. */
connection_in(struct io_conn * conn,struct daemon * daemon)609 static struct io_plan *connection_in(struct io_conn *conn,
610 struct daemon *daemon)
611 {
612 struct conn_in conn_in_arg;
613
614 if (!get_remote_address(conn, &conn_in_arg.addr))
615 return io_close(conn);
616
617 conn_in_arg.daemon = daemon;
618 return conn_in(conn, &conn_in_arg);
619 }
620
621 /*~ <hello>I speak web socket</hello>.
622 *
623 * Actually that's dumb, websocket (aka rfc6455) looks nothing like that. */
websocket_connection_in(struct io_conn * conn,struct daemon * daemon)624 static struct io_plan *websocket_connection_in(struct io_conn *conn,
625 struct daemon *daemon)
626 {
627 int childmsg[2], execfail[2];
628 pid_t childpid;
629 int err;
630 struct conn_in conn_in_arg;
631
632 if (!get_remote_address(conn, &conn_in_arg.addr))
633 return io_close(conn);
634
635 status_debug("Websocket connection in from %s",
636 type_to_string(tmpctx, struct wireaddr_internal,
637 &conn_in_arg.addr));
638
639 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, childmsg) != 0)
640 goto fail;
641
642 if (pipe(execfail) != 0)
643 goto close_msgfd_fail;
644
645 if (fcntl(execfail[1], F_SETFD, fcntl(execfail[1], F_GETFD)
646 | FD_CLOEXEC) < 0)
647 goto close_execfail_fail;
648
649 childpid = fork();
650 if (childpid < 0)
651 goto close_execfail_fail;
652
653 if (childpid == 0) {
654 size_t max;
655 close(childmsg[0]);
656 close(execfail[0]);
657
658 /* Attach remote socket to stdin. */
659 if (dup2(io_conn_fd(conn), STDIN_FILENO) == -1)
660 goto child_errno_fail;
661
662 /* Attach our socket to stdout. */
663 if (dup2(childmsg[1], STDOUT_FILENO) == -1)
664 goto child_errno_fail;
665
666 /* Make (fairly!) sure all other fds are closed. */
667 max = sysconf(_SC_OPEN_MAX);
668 for (size_t i = STDERR_FILENO + 1; i < max; i++)
669 close(i);
670
671 /* Tell websocket helper what we read so far. */
672 execlp(daemon->websocket_helper, daemon->websocket_helper,
673 NULL);
674
675 child_errno_fail:
676 err = errno;
677 /* Gcc's warn-unused-result fail. */
678 if (write(execfail[1], &err, sizeof(err))) {
679 ;
680 }
681 exit(127);
682 }
683
684 close(childmsg[1]);
685 close(execfail[1]);
686
687 /* Child will close this without writing on successful exec. */
688 if (read(execfail[0], &err, sizeof(err)) == sizeof(err)) {
689 close(execfail[0]);
690 waitpid(childpid, NULL, 0);
691 status_broken("Exec of helper %s failed: %s",
692 daemon->websocket_helper, strerror(err));
693 errno = err;
694 return io_close(conn);
695 }
696
697 close(execfail[0]);
698
699 /* New connection actually talks to proxy process. */
700 conn_in_arg.daemon = daemon;
701 io_new_conn(tal_parent(conn), childmsg[0], conn_in, &conn_in_arg);
702
703 /* Abandon original (doesn't close since child has dup'd fd) */
704 return io_close(conn);
705
706 close_execfail_fail:
707 close_noerr(execfail[0]);
708 close_noerr(execfail[1]);
709 close_msgfd_fail:
710 close_noerr(childmsg[0]);
711 close_noerr(childmsg[1]);
712 fail:
713 status_broken("Preparation of helper failed: %s",
714 strerror(errno));
715 return io_close(conn);
716 }
717
718 /*~ These are the mirror functions for the connecting-out case. */
handshake_out_success(struct io_conn * conn,const struct pubkey * key,const struct wireaddr_internal * addr,struct crypto_state * cs,struct connecting * connect)719 static struct io_plan *handshake_out_success(struct io_conn *conn,
720 const struct pubkey *key,
721 const struct wireaddr_internal *addr,
722 struct crypto_state *cs,
723 struct connecting *connect)
724 {
725 struct node_id id;
726
727 node_id_from_pubkey(&id, key);
728 connect->connstate = "Exchanging init messages";
729 status_peer_debug(&id, "Connect OUT");
730 return peer_exchange_initmsg(conn, connect->daemon,
731 connect->daemon->our_features,
732 cs, &id, addr, false);
733 }
734
connection_out(struct io_conn * conn,struct connecting * connect)735 struct io_plan *connection_out(struct io_conn *conn, struct connecting *connect)
736 {
737 struct pubkey outkey;
738
739 /* This shouldn't happen: lightningd should not give invalid ids! */
740 if (!pubkey_from_node_id(&outkey, &connect->id)) {
741 status_broken("Connection out to invalid id %s",
742 type_to_string(tmpctx, struct node_id,
743 &connect->id));
744 return io_close(conn);
745 }
746
747 /* If they don't complete handshake in reasonable time, hang up */
748 notleak(new_reltimer(&connect->daemon->timers, conn,
749 time_from_sec(connect->daemon->timeout_secs),
750 conn_timeout, conn));
751 status_peer_debug(&connect->id, "Connected out, starting crypto");
752
753 connect->connstate = "Cryptographic handshake";
754 return initiator_handshake(conn, &connect->daemon->mykey, &outkey,
755 &connect->addrs[connect->addrnum],
756 handshake_out_success, connect);
757 }
758
759 /*~ When we've exhausted all addresses without success, we come here.
760 *
761 * Note that gcc gets upset if we put the PRINTF_FMT at the end like this if
762 * it's an actual function definition, but etags gets confused and ignores the
763 * rest of the file if we put PRINTF_FMT at the front. So we put it at the
764 * end, in a gratuitous declaration.
765 */
766 static void connect_failed(struct daemon *daemon,
767 const struct node_id *id,
768 u32 seconds_waited,
769 const struct wireaddr_internal *addrhint,
770 errcode_t errcode,
771 const char *errfmt, ...)
772 PRINTF_FMT(6,7);
773
connect_failed(struct daemon * daemon,const struct node_id * id,u32 seconds_waited,const struct wireaddr_internal * addrhint,errcode_t errcode,const char * errfmt,...)774 static void connect_failed(struct daemon *daemon,
775 const struct node_id *id,
776 u32 seconds_waited,
777 const struct wireaddr_internal *addrhint,
778 errcode_t errcode,
779 const char *errfmt, ...)
780 {
781 u8 *msg;
782 va_list ap;
783 char *errmsg;
784 u32 wait_seconds;
785
786 va_start(ap, errfmt);
787 errmsg = tal_vfmt(tmpctx, errfmt, ap);
788 va_end(ap);
789
790 /* Wait twice as long to reconnect, between min and max. */
791 wait_seconds = seconds_waited * 2;
792 if (wait_seconds > MAX_WAIT_SECONDS)
793 wait_seconds = MAX_WAIT_SECONDS;
794 if (wait_seconds < INITIAL_WAIT_SECONDS)
795 wait_seconds = INITIAL_WAIT_SECONDS;
796
797 /* lightningd may have a connect command waiting to know what
798 * happened. We leave it to lightningd to decide if it wants to try
799 * again, with the wait_seconds as a hint of how long before
800 * asking. */
801 msg = towire_connectd_connect_failed(NULL, id, errcode, errmsg,
802 wait_seconds, addrhint);
803 daemon_conn_send(daemon->master, take(msg));
804
805 status_peer_debug(id, "Failed connected out: %s", errmsg);
806 }
807
808 /* add errors to error list */
add_errors_to_error_list(struct connecting * connect,const char * error)809 void add_errors_to_error_list(struct connecting *connect, const char *error)
810 {
811 tal_append_fmt(&connect->errors,
812 "%s. ", error);
813 }
814
815 /*~ This is the destructor for the (unsuccessful) outgoing connection. We accumulate
816 * the errors which occurred, so we can report to lightningd properly in case
817 * they all fail, and try the next address.
818 *
819 * This is a specialized form of destructor which takes an extra argument;
820 * it set up by either the creatively-named tal_add_destructor2(), or by
821 * the ccan/io's io_set_finish() on a connection. */
destroy_io_conn(struct io_conn * conn,struct connecting * connect)822 static void destroy_io_conn(struct io_conn *conn, struct connecting *connect)
823 {
824 /*~ tal_append_fmt appends to a tal string. It's terribly convenient */
825 const char *errstr = strerror(errno);
826 /* errno 0 means they hung up on us. */
827 if (errno == 0) {
828 errstr = "peer closed connection";
829 if (streq(connect->connstate, "Cryptographic handshake"))
830 errstr = "peer closed connection (wrong key?)";
831 }
832
833 add_errors_to_error_list(connect,
834 tal_fmt(tmpctx, "%s: %s: %s",
835 type_to_string(tmpctx, struct wireaddr_internal,
836 &connect->addrs[connect->addrnum]),
837 connect->connstate, errstr));
838 connect->addrnum++;
839 try_connect_one_addr(connect);
840 }
841
842 /* This initializes a fresh io_conn by setting it to io_connect to the
843 * destination */
conn_init(struct io_conn * conn,struct connecting * connect)844 static struct io_plan *conn_init(struct io_conn *conn,
845 struct connecting *connect)
846 {
847 /*~ I generally dislike the pattern of "set to NULL, assert if NULL at
848 * bottom". On -O2 and above the compiler will warn you at compile time
849 * if a there is a path by which the variable is not set, which is always
850 * preferable to a runtime assertion. In this case, it's the best way
851 * to use the "enum in a switch" trick to make sure we handle all enum
852 * cases, so I use it. */
853 struct addrinfo *ai = NULL;
854 const struct wireaddr_internal *addr = &connect->addrs[connect->addrnum];
855
856 switch (addr->itype) {
857 case ADDR_INTERNAL_SOCKNAME:
858 ai = wireaddr_internal_to_addrinfo(tmpctx, addr);
859 break;
860 case ADDR_INTERNAL_ALLPROTO:
861 status_failed(STATUS_FAIL_INTERNAL_ERROR,
862 "Can't connect to all protocols");
863 break;
864 case ADDR_INTERNAL_AUTOTOR:
865 status_failed(STATUS_FAIL_INTERNAL_ERROR,
866 "Can't connect to autotor address");
867 break;
868 case ADDR_INTERNAL_STATICTOR:
869 status_failed(STATUS_FAIL_INTERNAL_ERROR,
870 "Can't connect to statictor address");
871 break;
872 case ADDR_INTERNAL_FORPROXY:
873 status_failed(STATUS_FAIL_INTERNAL_ERROR,
874 "Can't connect to forproxy address");
875 break;
876 case ADDR_INTERNAL_WIREADDR:
877 /* If it was a Tor address, we wouldn't be here. */
878 ai = wireaddr_to_addrinfo(tmpctx, &addr->u.wireaddr);
879 break;
880 }
881 assert(ai);
882
883 io_set_finish(conn, destroy_io_conn, connect);
884 return io_connect(conn, ai, connection_out, connect);
885 }
886
887 /* This initializes a fresh io_conn by setting it to io_connect to the
888 * SOCKS proxy, as handled in tor.c. */
conn_proxy_init(struct io_conn * conn,struct connecting * connect)889 static struct io_plan *conn_proxy_init(struct io_conn *conn,
890 struct connecting *connect)
891 {
892 const char *host = NULL;
893 u16 port;
894 const struct wireaddr_internal *addr = &connect->addrs[connect->addrnum];
895
896 switch (addr->itype) {
897 case ADDR_INTERNAL_FORPROXY:
898 host = addr->u.unresolved.name;
899 port = addr->u.unresolved.port;
900 break;
901 case ADDR_INTERNAL_WIREADDR:
902 host = fmt_wireaddr_without_port(tmpctx, &addr->u.wireaddr);
903 port = addr->u.wireaddr.port;
904 break;
905 case ADDR_INTERNAL_SOCKNAME:
906 case ADDR_INTERNAL_ALLPROTO:
907 case ADDR_INTERNAL_AUTOTOR:
908 case ADDR_INTERNAL_STATICTOR:
909 break;
910 }
911
912 if (!host)
913 status_failed(STATUS_FAIL_INTERNAL_ERROR,
914 "Can't connect to %u address", addr->itype);
915
916 io_set_finish(conn, destroy_io_conn, connect);
917 return io_tor_connect(conn, connect->daemon->proxyaddr, host, port,
918 connect);
919 }
920
921 /*~ This is the routine which tries to connect. */
try_connect_one_addr(struct connecting * connect)922 static void try_connect_one_addr(struct connecting *connect)
923 {
924 int fd, af;
925 bool use_proxy = connect->daemon->always_use_proxy;
926 const struct wireaddr_internal *addr = &connect->addrs[connect->addrnum];
927 struct io_conn *conn;
928
929 /* In case we fail without a connection, make destroy_io_conn happy */
930 connect->conn = NULL;
931
932 /* Out of addresses? */
933 if (connect->addrnum == tal_count(connect->addrs)) {
934 connect_failed(connect->daemon, &connect->id,
935 connect->seconds_waited,
936 connect->addrhint, CONNECT_ALL_ADDRESSES_FAILED,
937 "%s", connect->errors);
938 tal_free(connect);
939 return;
940 }
941
942 /* Might not even be able to create eg. IPv6 sockets */
943 af = -1;
944
945 switch (addr->itype) {
946 case ADDR_INTERNAL_SOCKNAME:
947 af = AF_LOCAL;
948 /* Local sockets don't use tor proxy */
949 use_proxy = false;
950 break;
951 case ADDR_INTERNAL_ALLPROTO:
952 status_failed(STATUS_FAIL_INTERNAL_ERROR,
953 "Can't connect ALLPROTO");
954 case ADDR_INTERNAL_AUTOTOR:
955 status_failed(STATUS_FAIL_INTERNAL_ERROR,
956 "Can't connect AUTOTOR");
957 case ADDR_INTERNAL_STATICTOR:
958 status_failed(STATUS_FAIL_INTERNAL_ERROR,
959 "Can't connect STATICTOR");
960 case ADDR_INTERNAL_FORPROXY:
961 use_proxy = true;
962 break;
963 case ADDR_INTERNAL_WIREADDR:
964 switch (addr->u.wireaddr.type) {
965 case ADDR_TYPE_TOR_V2:
966 case ADDR_TYPE_TOR_V3:
967 use_proxy = true;
968 break;
969 case ADDR_TYPE_IPV4:
970 af = AF_INET;
971 break;
972 case ADDR_TYPE_IPV6:
973 af = AF_INET6;
974 break;
975 case ADDR_TYPE_WEBSOCKET:
976 af = -1;
977 break;
978 }
979 }
980
981 /* If we have to use proxy but we don't have one, we fail. */
982 if (use_proxy) {
983 if (!connect->daemon->proxyaddr) {
984 tal_append_fmt(&connect->errors,
985 "%s: need a proxy. ",
986 type_to_string(tmpctx,
987 struct wireaddr_internal,
988 addr));
989 goto next;
990 }
991 af = connect->daemon->proxyaddr->ai_family;
992 }
993
994 if (af == -1) {
995 tal_append_fmt(&connect->errors,
996 "%s: not supported. ",
997 type_to_string(tmpctx, struct wireaddr_internal,
998 addr));
999 goto next;
1000 }
1001
1002 fd = socket(af, SOCK_STREAM, 0);
1003 if (fd < 0) {
1004 tal_append_fmt(&connect->errors,
1005 "%s: opening %i socket gave %s. ",
1006 type_to_string(tmpctx, struct wireaddr_internal,
1007 addr),
1008 af, strerror(errno));
1009 goto next;
1010 }
1011
1012 /* This creates the new connection using our fd, with the initialization
1013 * function one of the above. */
1014 if (use_proxy)
1015 conn = io_new_conn(connect, fd, conn_proxy_init, connect);
1016 else
1017 conn = io_new_conn(connect, fd, conn_init, connect);
1018
1019 /* Careful! io_new_conn can fail (immediate connect() failure), and
1020 * that frees connect. */
1021 if (conn)
1022 connect->conn = conn;
1023
1024 return;
1025
1026 next:
1027 /* This causes very limited recursion. */
1028 connect->addrnum++;
1029 try_connect_one_addr(connect);
1030 }
1031
1032 /*~ connectd is responsible for incoming connections, but it's the process of
1033 * setting up the listening ports which gives us information we need for startup
1034 * (such as our own address). So we perform setup in two phases: first we bind
1035 * the sockets according to the command line arguments (if any), then we start
1036 * listening for connections to them once lightningd is ready.
1037 *
1038 * This stores the fds we're going to listen on: */
1039 struct listen_fd {
1040 int fd;
1041 /* If we bind() IPv6 then IPv4 to same port, we *may* fail to listen()
1042 * on the IPv4 socket: under Linux, by default, the IPv6 listen()
1043 * covers IPv4 too. Normally we'd consider failing to listen on a
1044 * port to be fatal, so we note this when setting up addresses. */
1045 bool mayfail;
1046 /* Callback to use for the listening: either connection_in, or for
1047 * our much-derided WebSocket ability, websocket_connection_in! */
1048 struct io_plan *(*in_cb)(struct io_conn *conn, struct daemon *daemon);
1049 };
1050
add_listen_fd(struct daemon * daemon,int fd,bool mayfail,struct io_plan * (* in_cb)(struct io_conn *,struct daemon *))1051 static void add_listen_fd(struct daemon *daemon, int fd, bool mayfail,
1052 struct io_plan *(*in_cb)(struct io_conn *,
1053 struct daemon *))
1054 {
1055 /*~ utils.h contains a convenience macro tal_arr_expand which
1056 * reallocates a tal_arr to make it one longer, then returns a pointer
1057 * to the (new) last element. */
1058 struct listen_fd l;
1059 l.fd = fd;
1060 l.mayfail = mayfail;
1061 l.in_cb = in_cb;
1062 tal_arr_expand(&daemon->listen_fds, l);
1063 }
1064
1065 /*~ Helper routine to create and bind a socket of a given type; like many
1066 * daemons we set it SO_REUSEADDR so we won't have to wait 2 minutes to reuse
1067 * it on restart.
1068 *
1069 * I generally avoid "return -1 on error", but for file-descriptors it's the
1070 * UNIX standard, so it's not as offensive here as it would be in other
1071 * contexts.
1072 */
make_listen_fd(int domain,void * addr,socklen_t len,bool mayfail)1073 static int make_listen_fd(int domain, void *addr, socklen_t len, bool mayfail)
1074 {
1075 int fd = socket(domain, SOCK_STREAM, 0);
1076 int on = 1;
1077
1078 if (fd < 0) {
1079 if (!mayfail)
1080 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1081 "Failed to create %u socket: %s",
1082 domain, strerror(errno));
1083 status_debug("Failed to create %u socket: %s",
1084 domain, strerror(errno));
1085 return -1;
1086 }
1087
1088
1089 /* Re-use, please.. */
1090 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)))
1091 status_unusual("Failed setting socket reuse: %s",
1092 strerror(errno));
1093
1094 if (bind(fd, addr, len) != 0) {
1095 if (!mayfail)
1096 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1097 "Failed to bind on %u socket: %s",
1098 domain, strerror(errno));
1099 status_debug("Failed to create %u socket: %s",
1100 domain, strerror(errno));
1101 goto fail;
1102 }
1103
1104 return fd;
1105
1106 fail:
1107 /*~ ccan/noerr contains convenient routines which don't clobber the
1108 * errno global; in this case, the caller can report errno. */
1109 close_noerr(fd);
1110 return -1;
1111 }
1112
1113 /* Return true if it created socket successfully. */
handle_wireaddr_listen(struct daemon * daemon,const struct wireaddr * wireaddr,bool mayfail,bool websocket)1114 static bool handle_wireaddr_listen(struct daemon *daemon,
1115 const struct wireaddr *wireaddr,
1116 bool mayfail,
1117 bool websocket)
1118 {
1119 int fd;
1120 struct sockaddr_in addr;
1121 struct sockaddr_in6 addr6;
1122 struct io_plan *(*in_cb)(struct io_conn *, struct daemon *);
1123
1124 if (websocket)
1125 in_cb = websocket_connection_in;
1126 else
1127 in_cb = connection_in;
1128
1129 /* Note the use of a switch() over enum here, even though it must be
1130 * IPv4 or IPv6 here; that will catch future changes. */
1131 switch (wireaddr->type) {
1132 case ADDR_TYPE_IPV4:
1133 wireaddr_to_ipv4(wireaddr, &addr);
1134 /* We might fail if IPv6 bound to port first */
1135 fd = make_listen_fd(AF_INET, &addr, sizeof(addr), mayfail);
1136 if (fd >= 0) {
1137 status_debug("Created IPv4 %slistener on port %u",
1138 websocket ? "websocket ": "",
1139 wireaddr->port);
1140 add_listen_fd(daemon, fd, mayfail, in_cb);
1141 return true;
1142 }
1143 return false;
1144 case ADDR_TYPE_IPV6:
1145 wireaddr_to_ipv6(wireaddr, &addr6);
1146 fd = make_listen_fd(AF_INET6, &addr6, sizeof(addr6), mayfail);
1147 if (fd >= 0) {
1148 status_debug("Created IPv6 %slistener on port %u",
1149 websocket ? "websocket ": "",
1150 wireaddr->port);
1151 add_listen_fd(daemon, fd, mayfail, in_cb);
1152 return true;
1153 }
1154 return false;
1155 /* Handle specially by callers. */
1156 case ADDR_TYPE_WEBSOCKET:
1157 case ADDR_TYPE_TOR_V2:
1158 case ADDR_TYPE_TOR_V3:
1159 break;
1160 }
1161 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1162 "Invalid listener wireaddress type %u", wireaddr->type);
1163 }
1164
1165 /* If it's a wildcard, turns it into a real address pointing to internet */
public_address(struct daemon * daemon,struct wireaddr * wireaddr)1166 static bool public_address(struct daemon *daemon, struct wireaddr *wireaddr)
1167 {
1168 if (wireaddr_is_wildcard(wireaddr)) {
1169 if (!guess_address(wireaddr))
1170 return false;
1171 }
1172
1173 /* --dev-allow-localhost treats the localhost as "public" for testing */
1174 return address_routable(wireaddr, daemon->dev_allow_localhost);
1175 }
1176
add_announcable(struct wireaddr ** announcable,const struct wireaddr * addr)1177 static void add_announcable(struct wireaddr **announcable,
1178 const struct wireaddr *addr)
1179 {
1180 tal_arr_expand(announcable, *addr);
1181 }
1182
add_binding(struct wireaddr_internal ** binding,const struct wireaddr_internal * addr)1183 static void add_binding(struct wireaddr_internal **binding,
1184 const struct wireaddr_internal *addr)
1185 {
1186 tal_arr_expand(binding, *addr);
1187 }
1188
1189 /*~ ccan/asort provides a type-safe sorting function; it requires a comparison
1190 * function, which takes an optional extra argument which is usually unused as
1191 * here, but deeply painful if you need it and don't have it! */
wireaddr_cmp_type(const struct wireaddr * a,const struct wireaddr * b,void * unused)1192 static int wireaddr_cmp_type(const struct wireaddr *a,
1193 const struct wireaddr *b, void *unused)
1194 {
1195 /* This works, but of course it's inefficient. We don't
1196 * really care, since it's called only once at startup. */
1197 u8 *a_wire = tal_arr(tmpctx, u8, 0), *b_wire = tal_arr(tmpctx, u8, 0);
1198 int cmp, minlen;
1199
1200 towire_wireaddr(&a_wire, a);
1201 towire_wireaddr(&b_wire, b);
1202
1203 minlen = tal_bytelen(a_wire) < tal_bytelen(b_wire)
1204 ? tal_bytelen(a_wire) : tal_bytelen(b_wire);
1205 cmp = memcmp(a_wire, b_wire, minlen);
1206 /* On a tie, shorter one goes first. */
1207 if (cmp == 0)
1208 return tal_bytelen(a_wire) - tal_bytelen(b_wire);
1209 return cmp;
1210 }
1211
1212 /*~ The user can specify three kinds of addresses: ones we bind to but don't
1213 * announce, ones we announce but don't bind to, and ones we bind to and
1214 * announce if they seem to be public addresses.
1215 *
1216 * This routine sorts out the mess: it populates the daemon->announcable array,
1217 * and returns the addresses we bound to (by convention, return is allocated
1218 * off `ctx` argument).
1219 */
setup_listeners(const tal_t * ctx,struct daemon * daemon,const struct wireaddr_internal * proposed_wireaddr,const enum addr_listen_announce * proposed_listen_announce,const char * tor_password,struct wireaddr ** announcable)1220 static struct wireaddr_internal *setup_listeners(const tal_t *ctx,
1221 struct daemon *daemon,
1222 /* The proposed address. */
1223 const struct wireaddr_internal *proposed_wireaddr,
1224 /* For each one, listen,
1225 announce or both */
1226 const enum addr_listen_announce *proposed_listen_announce,
1227 const char *tor_password,
1228 struct wireaddr **announcable)
1229 {
1230 struct sockaddr_un addrun;
1231 int fd;
1232 struct wireaddr_internal *binding;
1233 const u8 *blob = NULL;
1234 struct secret random;
1235 struct pubkey pb;
1236 struct wireaddr *toraddr;
1237
1238 /* Start with empty arrays, for tal_arr_expand() */
1239 binding = tal_arr(ctx, struct wireaddr_internal, 0);
1240 *announcable = tal_arr(ctx, struct wireaddr, 0);
1241
1242 /* Add addresses we've explicitly been told to *first*: implicit
1243 * addresses will be discarded then if we have multiple. */
1244 for (size_t i = 0; i < tal_count(proposed_wireaddr); i++) {
1245 struct wireaddr_internal wa = proposed_wireaddr[i];
1246
1247 /* We want announce-only addresses. */
1248 if (proposed_listen_announce[i] & ADDR_LISTEN)
1249 continue;
1250
1251 assert(proposed_listen_announce[i] & ADDR_ANNOUNCE);
1252 /* You can only announce wiretypes, not internal formats! */
1253 assert(proposed_wireaddr[i].itype
1254 == ADDR_INTERNAL_WIREADDR);
1255 add_announcable(announcable, &wa.u.wireaddr);
1256 }
1257
1258 /* Now look for listening addresses. */
1259 for (size_t i = 0; i < tal_count(proposed_wireaddr); i++) {
1260 struct wireaddr_internal wa = proposed_wireaddr[i];
1261 bool announce = (proposed_listen_announce[i] & ADDR_ANNOUNCE);
1262 if (!(proposed_listen_announce[i] & ADDR_LISTEN))
1263 continue;
1264
1265 switch (wa.itype) {
1266 /* We support UNIX domain sockets, but can't announce */
1267 case ADDR_INTERNAL_SOCKNAME:
1268 addrun.sun_family = AF_UNIX;
1269 memcpy(addrun.sun_path, wa.u.sockname,
1270 sizeof(addrun.sun_path));
1271 /* Remove any existing one. */
1272 unlink(wa.u.sockname);
1273 fd = make_listen_fd(AF_UNIX, &addrun, sizeof(addrun),
1274 false);
1275 status_debug("Created socket listener on file %s",
1276 addrun.sun_path);
1277 add_listen_fd(daemon, fd, false, connection_in);
1278 /* We don't announce socket names, though we allow
1279 * them to lazily specify --addr=/socket. */
1280 add_binding(&binding, &wa);
1281 continue;
1282 case ADDR_INTERNAL_AUTOTOR:
1283 /* We handle these after we have all bindings. */
1284 continue;
1285 case ADDR_INTERNAL_STATICTOR:
1286 /* We handle these after we have all bindings. */
1287 continue;
1288 /* Special case meaning IPv6 and IPv4 */
1289 case ADDR_INTERNAL_ALLPROTO: {
1290 bool ipv6_ok;
1291
1292 wa.itype = ADDR_INTERNAL_WIREADDR;
1293 wa.u.wireaddr.port = wa.u.port;
1294
1295 /* First, create wildcard IPv6 address. */
1296 wa.u.wireaddr.type = ADDR_TYPE_IPV6;
1297 wa.u.wireaddr.addrlen = 16;
1298 memset(wa.u.wireaddr.addr, 0,
1299 sizeof(wa.u.wireaddr.addr));
1300
1301 ipv6_ok = handle_wireaddr_listen(daemon, &wa.u.wireaddr,
1302 true, false);
1303 if (ipv6_ok) {
1304 add_binding(&binding, &wa);
1305 if (announce
1306 && public_address(daemon, &wa.u.wireaddr))
1307 add_announcable(announcable,
1308 &wa.u.wireaddr);
1309 }
1310
1311 /* Now, create wildcard IPv4 address. */
1312 wa.u.wireaddr.type = ADDR_TYPE_IPV4;
1313 wa.u.wireaddr.addrlen = 4;
1314 memset(wa.u.wireaddr.addr, 0,
1315 sizeof(wa.u.wireaddr.addr));
1316 /* OK if this fails, as long as one succeeds! */
1317 if (handle_wireaddr_listen(daemon, &wa.u.wireaddr,
1318 ipv6_ok, false)) {
1319 add_binding(&binding, &wa);
1320 if (announce
1321 && public_address(daemon, &wa.u.wireaddr))
1322 add_announcable(announcable,
1323 &wa.u.wireaddr);
1324 }
1325 continue;
1326 }
1327 /* This is a vanilla wireaddr as per BOLT #7 */
1328 case ADDR_INTERNAL_WIREADDR:
1329 handle_wireaddr_listen(daemon, &wa.u.wireaddr,
1330 false, false);
1331 add_binding(&binding, &wa);
1332 if (announce && public_address(daemon, &wa.u.wireaddr))
1333 add_announcable(announcable, &wa.u.wireaddr);
1334 continue;
1335 case ADDR_INTERNAL_FORPROXY:
1336 break;
1337 }
1338 /* Shouldn't happen. */
1339 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1340 "Invalid listener address type %u",
1341 proposed_wireaddr[i].itype);
1342 }
1343
1344 /* If we want websockets to match IPv4/v6, set it up now. */
1345 if (daemon->websocket_port) {
1346 bool announced_some = false;
1347 struct wireaddr addr;
1348
1349 for (size_t i = 0; i < tal_count(binding); i++) {
1350 /* Ignore UNIX sockets */
1351 if (binding[i].itype != ADDR_INTERNAL_WIREADDR)
1352 continue;
1353
1354 /* Override with websocket port */
1355 addr = binding[i].u.wireaddr;
1356 addr.port = daemon->websocket_port;
1357 handle_wireaddr_listen(daemon, &addr, false, true);
1358 announced_some = true;
1359 /* FIXME: We don't report these bindings to
1360 * lightningd, so they don't appear in
1361 * getinfo. */
1362 }
1363
1364
1365 /* We add the websocket port to the announcement if it
1366 * applies to any */
1367 if (announced_some) {
1368 wireaddr_from_websocket(&addr, daemon->websocket_port);
1369 add_announcable(announcable, &addr);
1370 }
1371 }
1372
1373 /* FIXME: Websocket over Tor (difficult for autotor, since we need
1374 * to use the same onion addr!) */
1375
1376 /* Now we have bindings, set up any Tor auto addresses: we will point
1377 * it at the first bound IPv4 or IPv6 address we have. */
1378 for (size_t i = 0; i < tal_count(proposed_wireaddr); i++) {
1379 if (!(proposed_listen_announce[i] & ADDR_LISTEN))
1380 continue;
1381 if (proposed_wireaddr[i].itype != ADDR_INTERNAL_AUTOTOR)
1382 continue;
1383 toraddr = tor_autoservice(tmpctx,
1384 &proposed_wireaddr[i],
1385 tor_password,
1386 binding,
1387 daemon->use_v3_autotor);
1388
1389 if (!(proposed_listen_announce[i] & ADDR_ANNOUNCE)) {
1390 continue;
1391 };
1392 add_announcable(announcable, toraddr);
1393 }
1394
1395 /* Now we have bindings, set up any Tor static addresses: we will point
1396 * it at the first bound IPv4 or IPv6 address we have. */
1397 for (size_t i = 0; i < tal_count(proposed_wireaddr); i++) {
1398 if (!(proposed_listen_announce[i] & ADDR_LISTEN))
1399 continue;
1400 if (proposed_wireaddr[i].itype != ADDR_INTERNAL_STATICTOR)
1401 continue;
1402 blob = proposed_wireaddr[i].u.torservice.blob;
1403
1404 if (tal_strreg(tmpctx, (char *)proposed_wireaddr[i].u.torservice.blob, STATIC_TOR_MAGIC_STRING)) {
1405 if (pubkey_from_node_id(&pb, &daemon->id)) {
1406 if (sodium_mlock(&random, sizeof(random)) != 0)
1407 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1408 "Could not lock the random prf key memory.");
1409 randombytes_buf((void * const)&random, 32);
1410 /* generate static tor node address, take first 32 bytes from secret of node_id plus 32 random bytes from sodiom */
1411 struct sha256 sha;
1412 struct secret ss;
1413
1414 ecdh(&pb, &ss);
1415 /* let's sha, that will clear ctx of hsm data */
1416 sha256(&sha, &ss, 32);
1417 /* even if it's a secret pub derived, tor shall see only the single sha */
1418 memcpy((void *)&blob[0], &sha, 32);
1419 memcpy((void *)&blob[32], &random, 32);
1420 /* clear our temp buffer, don't leak by extern libs core-dumps, our blob we/tal handle later */
1421 sodium_munlock(&random, sizeof(random));
1422
1423 } else status_failed(STATUS_FAIL_INTERNAL_ERROR,
1424 "Could not get the pub of our node id from hsm");
1425 }
1426
1427 toraddr = tor_fixed_service(tmpctx,
1428 &proposed_wireaddr[i],
1429 tor_password,
1430 blob,
1431 find_local_address(binding),
1432 0);
1433 /* get rid of blob data on our side of tor and add jitter */
1434 randombytes_buf((void * const)proposed_wireaddr[i].u.torservice.blob, TOR_V3_BLOBLEN);
1435
1436 if (!(proposed_listen_announce[i] & ADDR_ANNOUNCE)) {
1437 continue;
1438 };
1439 add_announcable(announcable, toraddr);
1440 }
1441
1442 /*~ The spec used to ban more than one address of each type, but
1443 * nobody could remember exactly why, so now that's allowed. */
1444 /* BOLT #7:
1445 *
1446 * The origin node:
1447 *...
1448 * - MUST place address descriptors in ascending order.
1449 */
1450 asort(*announcable, tal_count(*announcable), wireaddr_cmp_type, NULL);
1451
1452 return binding;
1453 }
1454
1455
1456 /*~ Parse the incoming connect init message from lightningd ("master") and
1457 * assign config variables to the daemon; it should be the first message we
1458 * get. */
connect_init(struct io_conn * conn,struct daemon * daemon,const u8 * msg)1459 static struct io_plan *connect_init(struct io_conn *conn,
1460 struct daemon *daemon,
1461 const u8 *msg)
1462 {
1463 struct wireaddr *proxyaddr;
1464 struct wireaddr_internal *binding;
1465 struct wireaddr_internal *proposed_wireaddr;
1466 enum addr_listen_announce *proposed_listen_announce;
1467 struct wireaddr *announcable;
1468 char *tor_password;
1469
1470 /* Fields which require allocation are allocated off daemon */
1471 if (!fromwire_connectd_init(
1472 daemon, msg,
1473 &chainparams,
1474 &daemon->our_features,
1475 &daemon->id,
1476 &proposed_wireaddr,
1477 &proposed_listen_announce,
1478 &proxyaddr, &daemon->always_use_proxy,
1479 &daemon->dev_allow_localhost, &daemon->use_dns,
1480 &tor_password,
1481 &daemon->use_v3_autotor,
1482 &daemon->timeout_secs,
1483 &daemon->websocket_helper,
1484 &daemon->websocket_port)) {
1485 /* This is a helper which prints the type expected and the actual
1486 * message, then exits (it should never be called!). */
1487 master_badmsg(WIRE_CONNECTD_INIT, msg);
1488 }
1489
1490 if (!pubkey_from_node_id(&daemon->mykey, &daemon->id))
1491 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1492 "Invalid id for me %s",
1493 type_to_string(tmpctx, struct node_id,
1494 &daemon->id));
1495
1496 /* Resolve Tor proxy address if any: we need an addrinfo to connect()
1497 * to. */
1498 if (proxyaddr) {
1499 status_debug("Proxy address: %s",
1500 fmt_wireaddr(tmpctx, proxyaddr));
1501 daemon->proxyaddr = wireaddr_to_addrinfo(daemon, proxyaddr);
1502 tal_free(proxyaddr);
1503 } else
1504 daemon->proxyaddr = NULL;
1505
1506 if (broken_resolver(daemon)) {
1507 status_debug("Broken DNS resolver detected, will check for "
1508 "dummy replies");
1509 }
1510
1511 /* Figure out our addresses. */
1512 binding = setup_listeners(tmpctx, daemon,
1513 proposed_wireaddr,
1514 proposed_listen_announce,
1515 tor_password,
1516 &announcable);
1517
1518 /* Free up old allocations */
1519 tal_free(proposed_wireaddr);
1520 tal_free(proposed_listen_announce);
1521 tal_free(tor_password);
1522
1523 /* Tell it we're ready, handing it the addresses we have. */
1524 daemon_conn_send(daemon->master,
1525 take(towire_connectd_init_reply(NULL,
1526 binding,
1527 announcable)));
1528
1529 /* Read the next message. */
1530 return daemon_conn_read_next(conn, daemon->master);
1531 }
1532
1533 /*~ lightningd tells us to go! */
connect_activate(struct io_conn * conn,struct daemon * daemon,const u8 * msg)1534 static struct io_plan *connect_activate(struct io_conn *conn,
1535 struct daemon *daemon,
1536 const u8 *msg)
1537 {
1538 bool do_listen;
1539
1540 if (!fromwire_connectd_activate(msg, &do_listen))
1541 master_badmsg(WIRE_CONNECTD_ACTIVATE, msg);
1542
1543 /* If we're --offline, lightningd tells us not to actually listen. */
1544 if (do_listen) {
1545 for (size_t i = 0; i < tal_count(daemon->listen_fds); i++) {
1546 /* On Linux, at least, we may bind to all addresses
1547 * for IPv4 and IPv6, but we'll fail to listen. */
1548 if (listen(daemon->listen_fds[i].fd, 64) != 0) {
1549 if (daemon->listen_fds[i].mayfail)
1550 continue;
1551 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1552 "Failed to listen on socket: %s",
1553 strerror(errno));
1554 }
1555 notleak(io_new_listener(daemon,
1556 daemon->listen_fds[i].fd,
1557 daemon->listen_fds[i].in_cb,
1558 daemon));
1559 }
1560 }
1561 /* Free, with NULL assignment just as an extra sanity check. */
1562 daemon->listen_fds = tal_free(daemon->listen_fds);
1563
1564 /* OK, we're ready! */
1565 daemon_conn_send(daemon->master,
1566 take(towire_connectd_activate_reply(NULL)));
1567 return daemon_conn_read_next(conn, daemon->master);
1568 }
1569
1570 /* BOLT #10:
1571 *
1572 * The DNS seed:
1573 * ...
1574 * - upon receiving a _node_ query:
1575 * - MUST select the record matching the `node_id`, if any, AND return all
1576 * addresses associated with that node.
1577 */
seednames(const tal_t * ctx,const struct node_id * id)1578 static const char **seednames(const tal_t *ctx, const struct node_id *id)
1579 {
1580 char bech32[100];
1581 u5 *data = tal_arr(ctx, u5, 0);
1582 const char **seednames = tal_arr(ctx, const char *, 0);
1583
1584 bech32_push_bits(&data, id->k, ARRAY_SIZE(id->k)*8);
1585 bech32_encode(bech32, "ln", data, tal_count(data), sizeof(bech32),
1586 BECH32_ENCODING_BECH32);
1587 /* This is cdecker's seed */
1588 tal_arr_expand(&seednames, tal_fmt(seednames, "%s.lseed.bitcoinstats.com", bech32));
1589 /* This is darosior's seed */
1590 tal_arr_expand(&seednames, tal_fmt(seednames, "%s.lseed.darosior.ninja", bech32));
1591 return seednames;
1592 }
1593
1594 /*~ As a last resort, we do a DNS lookup to the lightning DNS seed to
1595 * resolve a node name when they say to connect to it. This is synchronous,
1596 * so connectd blocks, but it's not very common so we haven't fixed it.
1597 *
1598 * This "seed by DNS" approach is similar to what bitcoind uses, and in fact
1599 * has the nice property that DNS is cached, and the seed only sees a request
1600 * from the ISP, not directly from the user. */
add_seed_addrs(struct wireaddr_internal ** addrs,const struct node_id * id,struct sockaddr * broken_reply)1601 static void add_seed_addrs(struct wireaddr_internal **addrs,
1602 const struct node_id *id,
1603 struct sockaddr *broken_reply)
1604 {
1605 struct wireaddr *new_addrs;
1606 const char **hostnames = seednames(tmpctx, id);
1607
1608 for (size_t i = 0; i < tal_count(hostnames); i++) {
1609 status_peer_debug(id, "Resolving %s", hostnames[i]);
1610 new_addrs = wireaddr_from_hostname(tmpctx, hostnames[i], DEFAULT_PORT,
1611 NULL, broken_reply, NULL);
1612 if (new_addrs) {
1613 for (size_t j = 0; j < tal_count(new_addrs); j++) {
1614 struct wireaddr_internal a;
1615 a.itype = ADDR_INTERNAL_WIREADDR;
1616 a.u.wireaddr = new_addrs[j];
1617 status_peer_debug(id, "Resolved %s to %s", hostnames[i],
1618 type_to_string(tmpctx, struct wireaddr,
1619 &a.u.wireaddr));
1620 tal_arr_expand(addrs, a);
1621 }
1622 /* Other seeds will likely have the same information. */
1623 return;
1624 } else
1625 status_peer_debug(id, "Could not resolve %s", hostnames[i]);
1626 }
1627 }
1628
wireaddr_int_equals_wireaddr(struct wireaddr_internal * addr_a,struct wireaddr * addr_b)1629 static bool wireaddr_int_equals_wireaddr(struct wireaddr_internal *addr_a,
1630 struct wireaddr *addr_b)
1631 {
1632 if (!addr_a || !addr_b)
1633 return false;
1634 return wireaddr_eq(&addr_a->u.wireaddr, addr_b);
1635 }
1636
1637 /*~ This asks gossipd for any addresses advertized by the node. */
add_gossip_addrs(struct wireaddr_internal ** addrs,const struct node_id * id,struct wireaddr_internal * addrhint)1638 static void add_gossip_addrs(struct wireaddr_internal **addrs,
1639 const struct node_id *id,
1640 struct wireaddr_internal *addrhint)
1641 {
1642 u8 *msg;
1643 struct wireaddr *normal_addrs;
1644
1645 /* For simplicity, we do this synchronous. */
1646 msg = towire_gossipd_get_addrs(NULL, id);
1647 if (!wire_sync_write(GOSSIPCTL_FD, take(msg)))
1648 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1649 "Failed writing to gossipctl: %s",
1650 strerror(errno));
1651
1652 /* This returns 'struct wireaddr's since that's what's supported by
1653 * the BOLT #7 protocol. */
1654 msg = wire_sync_read(tmpctx, GOSSIPCTL_FD);
1655 if (!fromwire_gossipd_get_addrs_reply(tmpctx, msg, &normal_addrs))
1656 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1657 "Failed parsing get_addrs_reply gossipctl: %s",
1658 tal_hex(tmpctx, msg));
1659
1660 /* Wrap each one in a wireaddr_internal and add to addrs. */
1661 for (size_t i = 0; i < tal_count(normal_addrs); i++) {
1662 /* add TOR addresses in a second loop */
1663 if (normal_addrs[i].type == ADDR_TYPE_TOR_V2 ||
1664 normal_addrs[i].type == ADDR_TYPE_TOR_V3)
1665 continue;
1666 if (wireaddr_int_equals_wireaddr(addrhint, &normal_addrs[i]))
1667 continue;
1668 struct wireaddr_internal addr;
1669 addr.itype = ADDR_INTERNAL_WIREADDR;
1670 addr.u.wireaddr = normal_addrs[i];
1671 tal_arr_expand(addrs, addr);
1672 }
1673 /* so connectd prefers direct connections if possible. */
1674 for (size_t i = 0; i < tal_count(normal_addrs); i++) {
1675 if (normal_addrs[i].type != ADDR_TYPE_TOR_V2 &&
1676 normal_addrs[i].type != ADDR_TYPE_TOR_V3)
1677 continue;
1678 if (wireaddr_int_equals_wireaddr(addrhint, &normal_addrs[i]))
1679 continue;
1680 struct wireaddr_internal addr;
1681 addr.itype = ADDR_INTERNAL_WIREADDR;
1682 addr.u.wireaddr = normal_addrs[i];
1683 tal_arr_expand(addrs, addr);
1684 }
1685 }
1686
1687 /*~ Consumes addrhint if not NULL.
1688 *
1689 * That's a pretty ugly interface: we should use TAKEN, but we only have one
1690 * caller so it's marginal. */
try_connect_peer(struct daemon * daemon,const struct node_id * id,u32 seconds_waited,struct wireaddr_internal * addrhint)1691 static void try_connect_peer(struct daemon *daemon,
1692 const struct node_id *id,
1693 u32 seconds_waited,
1694 struct wireaddr_internal *addrhint)
1695 {
1696 struct wireaddr_internal *addrs;
1697 bool use_proxy = daemon->always_use_proxy;
1698 struct connecting *connect;
1699
1700 /* Already done? May happen with timer. */
1701 if (node_set_get(&daemon->peers, id))
1702 return;
1703
1704 /* If we're trying to connect it right now, that's OK. */
1705 if ((connect = find_connecting(daemon, id))) {
1706 /* If we've been passed in new connection details
1707 * for this connection, update our addrhint + add
1708 * to addresses to check */
1709 if (addrhint) {
1710 connect->addrhint = tal_steal(connect, addrhint);
1711 tal_arr_expand(&connect->addrs, *addrhint);
1712 }
1713
1714 return;
1715 }
1716
1717 /* Start an array of addresses to try. */
1718 addrs = tal_arr(tmpctx, struct wireaddr_internal, 0);
1719
1720 /* They can supply an optional address for the connect RPC */
1721 /* We add this first so its tried first by connectd */
1722 if (addrhint)
1723 tal_arr_expand(&addrs, *addrhint);
1724
1725 add_gossip_addrs(&addrs, id, addrhint);
1726
1727 if (tal_count(addrs) == 0) {
1728 /* Don't resolve via DNS seed if we're supposed to use proxy. */
1729 if (use_proxy) {
1730 /* You're allowed to use names with proxies; in fact it's
1731 * a good idea. */
1732 struct wireaddr_internal unresolved;
1733 const char **hostnames = seednames(tmpctx, id);
1734 for (size_t i = 0; i < tal_count(hostnames); i++) {
1735 wireaddr_from_unresolved(&unresolved,
1736 hostnames[i],
1737 DEFAULT_PORT);
1738 tal_arr_expand(&addrs, unresolved);
1739 }
1740 } else if (daemon->use_dns) {
1741 add_seed_addrs(&addrs, id,
1742 daemon->broken_resolver_response);
1743 }
1744 }
1745
1746 /* Still no address? Fail immediately. Lightningd can still choose
1747 * to retry; an address may get gossiped or appear on the DNS seed. */
1748 if (tal_count(addrs) == 0) {
1749 connect_failed(daemon, id, seconds_waited, addrhint,
1750 CONNECT_NO_KNOWN_ADDRESS,
1751 "Unable to connect, no address known for peer");
1752 return;
1753 }
1754
1755 /* Start connecting to it: since this is the only place we allocate
1756 * a 'struct connecting' we don't write a separate new_connecting(). */
1757 connect = tal(daemon, struct connecting);
1758 connect->daemon = daemon;
1759 connect->id = *id;
1760 connect->addrs = tal_steal(connect, addrs);
1761 connect->addrnum = 0;
1762 /* connstate is supposed to be updated as we go, to give context for
1763 * errors which occur. We miss it in a few places; would be nice to
1764 * fix! */
1765 connect->connstate = "Connection establishment";
1766 connect->seconds_waited = seconds_waited;
1767 connect->addrhint = tal_steal(connect, addrhint);
1768 connect->errors = tal_strdup(connect, "");
1769 list_add_tail(&daemon->connecting, &connect->list);
1770 tal_add_destructor(connect, destroy_connecting);
1771
1772 /* Now we kick it off by recursively trying connect->addrs[connect->addrnum] */
1773 try_connect_one_addr(connect);
1774 }
1775
1776 /* lightningd tells us to connect to a peer by id, with optional addr hint. */
connect_to_peer(struct io_conn * conn,struct daemon * daemon,const u8 * msg)1777 static struct io_plan *connect_to_peer(struct io_conn *conn,
1778 struct daemon *daemon, const u8 *msg)
1779 {
1780 struct node_id id;
1781 u32 seconds_waited;
1782 struct wireaddr_internal *addrhint;
1783
1784 if (!fromwire_connectd_connect_to_peer(tmpctx, msg,
1785 &id, &seconds_waited,
1786 &addrhint))
1787 master_badmsg(WIRE_CONNECTD_CONNECT_TO_PEER, msg);
1788
1789 try_connect_peer(daemon, &id, seconds_waited, addrhint);
1790 return daemon_conn_read_next(conn, daemon->master);
1791 }
1792
1793 /* A peer is gone: clean things up. */
cleanup_dead_peer(struct daemon * daemon,const struct node_id * id)1794 static void cleanup_dead_peer(struct daemon *daemon, const struct node_id *id)
1795 {
1796 struct node_id *node;
1797
1798 /* We should stay in sync with lightningd at all times. */
1799 node = node_set_get(&daemon->peers, id);
1800 if (!node)
1801 status_failed(STATUS_FAIL_INTERNAL_ERROR,
1802 "peer_disconnected unknown peer: %s",
1803 type_to_string(tmpctx, struct node_id, id));
1804 node_set_del(&daemon->peers, node);
1805 status_peer_debug(id, "disconnect");
1806
1807 /* Wake up in case there's a reconnecting peer waiting in io_wait. */
1808 io_wake(node);
1809
1810 /* Note: deleting from a htable (a-la node_set_del) does not free it:
1811 * htable doesn't assume it's a tal object at all. */
1812 tal_free(node);
1813 }
1814
1815 /* lightningd tells us a peer has disconnected. */
peer_disconnected(struct io_conn * conn,struct daemon * daemon,const u8 * msg)1816 static struct io_plan *peer_disconnected(struct io_conn *conn,
1817 struct daemon *daemon, const u8 *msg)
1818 {
1819 struct node_id id;
1820
1821 if (!fromwire_connectd_peer_disconnected(msg, &id))
1822 master_badmsg(WIRE_CONNECTD_PEER_DISCONNECTED, msg);
1823
1824 cleanup_dead_peer(daemon, &id);
1825
1826 /* Read the next message from lightningd. */
1827 return daemon_conn_read_next(conn, daemon->master);
1828 }
1829
1830 /* lightningd tells us to send a final (usually error) message to peer, then
1831 * disconnect. */
1832 struct final_msg_data {
1833 struct daemon *daemon;
1834 struct node_id id;
1835 };
1836
destroy_final_msg_data(struct final_msg_data * f)1837 static void destroy_final_msg_data(struct final_msg_data *f)
1838 {
1839 cleanup_dead_peer(f->daemon, &f->id);
1840 }
1841
send_final_msg(struct io_conn * conn,u8 * msg)1842 static struct io_plan *send_final_msg(struct io_conn *conn, u8 *msg)
1843 {
1844 return io_write(conn, msg, tal_bytelen(msg), io_close_cb, NULL);
1845 }
1846
1847 /* lightningd tells us to send a msg and disconnect. */
peer_final_msg(struct io_conn * conn,struct daemon * daemon,const u8 * msg)1848 static struct io_plan *peer_final_msg(struct io_conn *conn,
1849 struct daemon *daemon, const u8 *msg)
1850 {
1851 struct per_peer_state *pps;
1852 struct final_msg_data *f = tal(NULL, struct final_msg_data);
1853 u8 *finalmsg;
1854 int fds[3];
1855
1856 f->daemon = daemon;
1857 /* pps is allocated off f, so fds are closed when f freed. */
1858 if (!fromwire_connectd_peer_final_msg(f, msg, &f->id, &pps, &finalmsg))
1859 master_badmsg(WIRE_CONNECTD_PEER_FINAL_MSG, msg);
1860
1861 /* When f is freed, we want to mark node as dead. */
1862 tal_add_destructor(f, destroy_final_msg_data);
1863
1864 /* Get the fds for this peer. */
1865 io_fd_block(io_conn_fd(conn), true);
1866 for (size_t i = 0; i < ARRAY_SIZE(fds); i++) {
1867 fds[i] = fdpass_recv(io_conn_fd(conn));
1868 if (fds[i] == -1)
1869 status_failed(STATUS_FAIL_MASTER_IO,
1870 "Getting fd %zu after peer_final_msg: %s",
1871 i, strerror(errno));
1872 }
1873 io_fd_block(io_conn_fd(conn), false);
1874
1875 /* We put peer fd into conn, but pps needs to free the rest */
1876 per_peer_state_set_fds(pps, -1, fds[1], fds[2]);
1877
1878 /* Log and encrypt message for peer. */
1879 status_peer_io(LOG_IO_OUT, &f->id, finalmsg);
1880 finalmsg = cryptomsg_encrypt_msg(f, &pps->cs, take(finalmsg));
1881
1882 /* Organize io loop to write out that message, it will free f
1883 * once closed */
1884 tal_steal(io_new_conn(daemon, fds[0], send_final_msg, finalmsg), f);
1885
1886 /* Read the next message from lightningd. */
1887 return daemon_conn_read_next(conn, daemon->master);
1888 }
1889
1890 #if DEVELOPER
dev_connect_memleak(struct io_conn * conn,struct daemon * daemon,const u8 * msg)1891 static struct io_plan *dev_connect_memleak(struct io_conn *conn,
1892 struct daemon *daemon,
1893 const u8 *msg)
1894 {
1895 struct htable *memtable;
1896 bool found_leak;
1897
1898 memtable = memleak_find_allocations(tmpctx, msg, msg);
1899
1900 /* Now delete daemon and those which it has pointers to. */
1901 memleak_remove_region(memtable, daemon, sizeof(daemon));
1902
1903 found_leak = dump_memleak(memtable, memleak_status_broken);
1904 daemon_conn_send(daemon->master,
1905 take(towire_connectd_dev_memleak_reply(NULL,
1906 found_leak)));
1907 return daemon_conn_read_next(conn, daemon->master);
1908 }
1909 #endif /* DEVELOPER */
1910
recv_req(struct io_conn * conn,const u8 * msg,struct daemon * daemon)1911 static struct io_plan *recv_req(struct io_conn *conn,
1912 const u8 *msg,
1913 struct daemon *daemon)
1914 {
1915 enum connectd_wire t = fromwire_peektype(msg);
1916
1917 /* Demux requests from lightningd: we expect INIT then ACTIVATE, then
1918 * connect requests and disconnected messages. */
1919 switch (t) {
1920 case WIRE_CONNECTD_INIT:
1921 return connect_init(conn, daemon, msg);
1922
1923 case WIRE_CONNECTD_ACTIVATE:
1924 return connect_activate(conn, daemon, msg);
1925
1926 case WIRE_CONNECTD_CONNECT_TO_PEER:
1927 return connect_to_peer(conn, daemon, msg);
1928
1929 case WIRE_CONNECTD_PEER_DISCONNECTED:
1930 return peer_disconnected(conn, daemon, msg);
1931
1932 case WIRE_CONNECTD_PEER_FINAL_MSG:
1933 return peer_final_msg(conn, daemon, msg);
1934
1935 case WIRE_CONNECTD_DEV_MEMLEAK:
1936 #if DEVELOPER
1937 return dev_connect_memleak(conn, daemon, msg);
1938 #endif
1939 /* We send these, we don't receive them */
1940 case WIRE_CONNECTD_INIT_REPLY:
1941 case WIRE_CONNECTD_ACTIVATE_REPLY:
1942 case WIRE_CONNECTD_PEER_CONNECTED:
1943 case WIRE_CONNECTD_RECONNECTED:
1944 case WIRE_CONNECTD_CONNECT_FAILED:
1945 case WIRE_CONNECTD_DEV_MEMLEAK_REPLY:
1946 break;
1947 }
1948
1949 /* Master shouldn't give bad requests. */
1950 status_failed(STATUS_FAIL_MASTER_IO, "%i: %s",
1951 t, tal_hex(tmpctx, msg));
1952 }
1953
1954 /*~ UNUSED is defined to an __attribute__ for GCC; at one stage we tried to use
1955 * it ubiquitously to make us compile cleanly with -Wunused, but it's bitrotted
1956 * and we'd need to start again.
1957 *
1958 * The C++ method of omitting unused parameter names is *much* neater, and I
1959 * hope we'll eventually see it in a C standard. */
master_gone(struct daemon_conn * master UNUSED)1960 static void master_gone(struct daemon_conn *master UNUSED)
1961 {
1962 /* Can't tell master, it's gone. */
1963 exit(2);
1964 }
1965
1966 /*~ This is a hook used by the memleak code (if DEVELOPER=1): it can't see
1967 * pointers inside hash tables, so we give it a hint here. */
1968 #if DEVELOPER
memleak_daemon_cb(struct htable * memtable,struct daemon * daemon)1969 static void memleak_daemon_cb(struct htable *memtable, struct daemon *daemon)
1970 {
1971 memleak_remove_htable(memtable, &daemon->peers.raw);
1972 }
1973 #endif /* DEVELOPER */
1974
main(int argc,char * argv[])1975 int main(int argc, char *argv[])
1976 {
1977 setup_locale();
1978
1979 struct daemon *daemon;
1980
1981 /* Common subdaemon setup code. */
1982 subdaemon_setup(argc, argv);
1983
1984 /* Allocate and set up our simple top-level structure. */
1985 daemon = tal(NULL, struct daemon);
1986 node_set_init(&daemon->peers);
1987 memleak_add_helper(daemon, memleak_daemon_cb);
1988 list_head_init(&daemon->connecting);
1989 daemon->listen_fds = tal_arr(daemon, struct listen_fd, 0);
1990 timers_init(&daemon->timers, time_mono());
1991 /* stdin == control */
1992 daemon->master = daemon_conn_new(daemon, STDIN_FILENO, recv_req, NULL,
1993 daemon);
1994 tal_add_destructor(daemon->master, master_gone);
1995
1996 /* This tells the status_* subsystem to use this connection to send
1997 * our status_ and failed messages. */
1998 status_setup_async(daemon->master);
1999
2000 /* Set up ecdh() function so it uses our HSM fd, and calls
2001 * status_failed on error. */
2002 ecdh_hsmd_setup(HSM_FD, status_failed);
2003
2004 for (;;) {
2005 struct timer *expired;
2006 io_loop(&daemon->timers, &expired);
2007 timer_expired(daemon, expired);
2008 }
2009 }
2010
2011 /*~ Getting bored? This was a pretty simple daemon!
2012 *
2013 * The good news is that the next daemon gossipd/gossipd.c is the most complex
2014 * global daemon we have!
2015 */
2016