wireguard-go/src/conn_linux.go

432 lines
7.9 KiB
Go
Raw Normal View History

/* Copyright 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
*
* This implements userspace semantics of "sticky sockets", modeled after
* WireGuard's kernelspace implementation.
*/
2017-08-25 14:53:23 +02:00
package main
import (
"errors"
2017-08-25 14:53:23 +02:00
"golang.org/x/sys/unix"
"net"
"strconv"
"unsafe"
2017-08-25 14:53:23 +02:00
)
import "fmt"
/* Supports source address caching
*
* Currently there is no way to achieve this within the net package:
* See e.g. https://github.com/golang/go/issues/17930
* So this code is platform dependent.
*
* It is important that the endpoint is only updated after the packet content has been authenticated!
*/
type Endpoint struct {
// source (selected based on dst type)
// (could use RawSockaddrAny and unsafe)
// TODO: Merge
src6 unix.RawSockaddrInet6
src4 unix.RawSockaddrInet4
src4if int32
dst unix.RawSockaddrAny
}
type Socket int
/* Returns a byte representation of the source field(s)
* for use in "under load" cookie computations.
*/
func (endpoint *Endpoint) Source() []byte {
return nil
}
func zoneToUint32(zone string) (uint32, error) {
if zone == "" {
return 0, nil
}
if intr, err := net.InterfaceByName(zone); err == nil {
return uint32(intr.Index), nil
}
n, err := strconv.ParseUint(zone, 10, 32)
return uint32(n), err
}
func CreateIPv4Socket(port uint16) (Socket, uint16, error) {
// create socket
fd, err := unix.Socket(
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return -1, 0, err
}
addr := unix.SockaddrInet4{
Port: int(port),
}
// set sockopts and bind
if err := func() error {
if err := unix.SetsockoptInt(
fd,
unix.SOL_SOCKET,
unix.SO_REUSEADDR,
1,
); err != nil {
return err
}
if err := unix.SetsockoptInt(
fd,
unix.IPPROTO_IP,
unix.IP_PKTINFO,
1,
); err != nil {
return err
}
return unix.Bind(fd, &addr)
}(); err != nil {
unix.Close(fd)
}
return Socket(fd), uint16(addr.Port), err
}
func CloseIPv4Socket(sock Socket) error {
return unix.Close(int(sock))
}
func CloseIPv6Socket(sock Socket) error {
return unix.Close(int(sock))
}
func CreateIPv6Socket(port uint16) (Socket, uint16, error) {
// create socket
fd, err := unix.Socket(
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return -1, 0, err
}
// set sockopts and bind
addr := unix.SockaddrInet6{
Port: int(port),
}
if err := func() error {
if err := unix.SetsockoptInt(
fd,
unix.SOL_SOCKET,
unix.SO_REUSEADDR,
1,
); err != nil {
return err
}
if err := unix.SetsockoptInt(
fd,
unix.IPPROTO_IPV6,
unix.IPV6_RECVPKTINFO,
1,
); err != nil {
return err
}
if err := unix.SetsockoptInt(
fd,
unix.IPPROTO_IPV6,
unix.IPV6_V6ONLY,
1,
); err != nil {
return err
}
return unix.Bind(fd, &addr)
}(); err != nil {
unix.Close(fd)
}
return Socket(fd), uint16(addr.Port), err
}
func (end *Endpoint) ClearSrc() {
end.src4if = 0
end.src4 = unix.RawSockaddrInet4{}
end.src6 = unix.RawSockaddrInet6{}
}
func (end *Endpoint) Set(s string) error {
addr, err := parseEndpoint(s)
if err != nil {
return err
}
ipv6 := addr.IP.To16()
if ipv6 != nil {
zone, err := zoneToUint32(addr.Zone)
if err != nil {
return err
}
ptr := (*unix.RawSockaddrInet6)(unsafe.Pointer(&end.dst))
ptr.Family = unix.AF_INET6
ptr.Port = uint16(addr.Port)
ptr.Flowinfo = 0
ptr.Scope_id = zone
copy(ptr.Addr[:], ipv6[:])
end.ClearSrc()
return nil
}
ipv4 := addr.IP.To4()
if ipv4 != nil {
ptr := (*unix.RawSockaddrInet4)(unsafe.Pointer(&end.dst))
ptr.Family = unix.AF_INET
ptr.Port = uint16(addr.Port)
ptr.Zero = [8]byte{}
copy(ptr.Addr[:], ipv4)
end.ClearSrc()
return nil
}
return errors.New("Failed to recognize IP address format")
}
func send6(sock uintptr, end *Endpoint, buff []byte) error {
// construct message header
var iovec unix.Iovec
iovec.Base = (*byte)(unsafe.Pointer(&buff[0]))
iovec.SetLen(len(buff))
cmsg := struct {
cmsghdr unix.Cmsghdr
pktinfo unix.Inet6Pktinfo
}{
unix.Cmsghdr{
Level: unix.IPPROTO_IPV6,
Type: unix.IPV6_PKTINFO,
Len: unix.SizeofInet6Pktinfo,
},
unix.Inet6Pktinfo{
Addr: end.src6.Addr,
Ifindex: end.src6.Scope_id,
},
}
msghdr := unix.Msghdr{
Iov: &iovec,
Iovlen: 1,
Name: (*byte)(unsafe.Pointer(&end.dst)),
Namelen: unix.SizeofSockaddrInet6,
Control: (*byte)(unsafe.Pointer(&cmsg)),
}
msghdr.SetControllen(int(unsafe.Sizeof(cmsg)))
// sendmsg(sock, &msghdr, 0)
_, _, errno := unix.Syscall(
unix.SYS_SENDMSG,
sock,
uintptr(unsafe.Pointer(&msghdr)),
0,
)
if errno == unix.EINVAL {
end.ClearSrc()
}
return errno
}
func send4(sock uintptr, end *Endpoint, buff []byte) error {
// construct message header
var iovec unix.Iovec
iovec.Base = (*byte)(unsafe.Pointer(&buff[0]))
iovec.SetLen(len(buff))
cmsg := struct {
cmsghdr unix.Cmsghdr
pktinfo unix.Inet4Pktinfo
}{
unix.Cmsghdr{
Level: unix.IPPROTO_IP,
Type: unix.IP_PKTINFO,
Len: unix.SizeofInet4Pktinfo,
},
unix.Inet4Pktinfo{
Spec_dst: end.src4.Addr,
Ifindex: end.src4if,
},
}
msghdr := unix.Msghdr{
Iov: &iovec,
Iovlen: 1,
Name: (*byte)(unsafe.Pointer(&end.dst)),
Namelen: unix.SizeofSockaddrInet4,
Control: (*byte)(unsafe.Pointer(&cmsg)),
}
msghdr.SetControllen(int(unsafe.Sizeof(cmsg)))
// sendmsg(sock, &msghdr, 0)
_, _, errno := unix.Syscall(
unix.SYS_SENDMSG,
sock,
uintptr(unsafe.Pointer(&msghdr)),
0,
)
if errno == unix.EINVAL {
end.ClearSrc()
}
return errno
}
func (end *Endpoint) Send(c *net.UDPConn, buff []byte) error {
// extract underlying file descriptor
file, err := c.File()
if err != nil {
return err
}
sock := file.Fd()
// send depending on address family of dst
family := *((*uint16)(unsafe.Pointer(&end.dst)))
if family == unix.AF_INET {
return send4(sock, end, buff)
} else if family == unix.AF_INET6 {
return send6(sock, end, buff)
}
return errors.New("Unknown address family of source")
}
func (end *Endpoint) ReceiveIPv4(sock Socket, buff []byte) (int, error) {
// contruct message header
var iovec unix.Iovec
iovec.Base = (*byte)(unsafe.Pointer(&buff[0]))
iovec.SetLen(len(buff))
var cmsg struct {
cmsghdr unix.Cmsghdr
pktinfo unix.Inet4Pktinfo
}
var msghdr unix.Msghdr
msghdr.Iov = &iovec
msghdr.Iovlen = 1
msghdr.Name = (*byte)(unsafe.Pointer(&end.dst))
msghdr.Namelen = unix.SizeofSockaddrInet4
msghdr.Control = (*byte)(unsafe.Pointer(&cmsg))
msghdr.SetControllen(int(unsafe.Sizeof(cmsg)))
// recvmsg(sock, &mskhdr, 0)
size, _, errno := unix.Syscall(
unix.SYS_RECVMSG,
uintptr(sock),
uintptr(unsafe.Pointer(&msghdr)),
0,
)
if errno != 0 {
return 0, errno
}
fmt.Println(msghdr)
fmt.Println(cmsg)
// update source cache
if cmsg.cmsghdr.Level == unix.IPPROTO_IP &&
cmsg.cmsghdr.Type == unix.IP_PKTINFO &&
cmsg.cmsghdr.Len >= unix.SizeofInet4Pktinfo {
end.src4.Addr = cmsg.pktinfo.Spec_dst
end.src4if = cmsg.pktinfo.Ifindex
}
return int(size), nil
}
func (end *Endpoint) ReceiveIPv6(sock Socket, buff []byte) (int, error) {
// contruct message header
var iovec unix.Iovec
iovec.Base = (*byte)(unsafe.Pointer(&buff[0]))
iovec.SetLen(len(buff))
var cmsg struct {
cmsghdr unix.Cmsghdr
pktinfo unix.Inet6Pktinfo
}
var msg unix.Msghdr
msg.Iov = &iovec
msg.Iovlen = 1
msg.Name = (*byte)(unsafe.Pointer(&end.dst))
msg.Namelen = uint32(unix.SizeofSockaddrInet6)
msg.Control = (*byte)(unsafe.Pointer(&cmsg))
msg.SetControllen(int(unsafe.Sizeof(cmsg)))
// recvmsg(sock, &mskhdr, 0)
size, _, errno := unix.Syscall(
unix.SYS_RECVMSG,
uintptr(sock),
uintptr(unsafe.Pointer(&msg)),
0,
)
if errno != 0 {
return 0, errno
}
// update source cache
if cmsg.cmsghdr.Level == unix.IPPROTO_IPV6 &&
cmsg.cmsghdr.Type == unix.IPV6_PKTINFO &&
cmsg.cmsghdr.Len >= unix.SizeofInet6Pktinfo {
end.src6.Addr = cmsg.pktinfo.Addr
end.src6.Scope_id = cmsg.pktinfo.Ifindex
}
return int(size), nil
}
func SetMark(sock Socket, value uint32) error {
2017-08-25 14:53:23 +02:00
return unix.SetsockoptInt(
int(sock),
2017-08-25 14:53:23 +02:00
unix.SOL_SOCKET,
unix.SO_MARK,
2017-09-21 03:09:57 +02:00
int(value),
2017-08-25 14:53:23 +02:00
)
}