2017-09-24 21:35:25 +02:00
|
|
|
/* Copyright 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
|
|
|
*
|
|
|
|
* This implements userspace semantics of "sticky sockets", modeled after
|
|
|
|
* WireGuard's kernelspace implementation.
|
|
|
|
*/
|
|
|
|
|
2017-08-25 14:53:23 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2017-09-24 21:35:25 +02:00
|
|
|
"errors"
|
2017-08-25 14:53:23 +02:00
|
|
|
"golang.org/x/sys/unix"
|
|
|
|
"net"
|
2017-09-24 21:35:25 +02:00
|
|
|
"strconv"
|
|
|
|
"unsafe"
|
2017-08-25 14:53:23 +02:00
|
|
|
)
|
|
|
|
|
2017-10-06 22:56:01 +02:00
|
|
|
import "fmt"
|
|
|
|
|
2017-09-24 21:35:25 +02:00
|
|
|
/* Supports source address caching
|
|
|
|
*
|
|
|
|
* Currently there is no way to achieve this within the net package:
|
|
|
|
* See e.g. https://github.com/golang/go/issues/17930
|
2017-10-06 22:56:01 +02:00
|
|
|
* So this code is platform dependent.
|
|
|
|
*
|
|
|
|
* It is important that the endpoint is only updated after the packet content has been authenticated!
|
2017-09-24 21:35:25 +02:00
|
|
|
*/
|
2017-10-06 22:56:01 +02:00
|
|
|
|
2017-09-24 21:35:25 +02:00
|
|
|
type Endpoint struct {
|
|
|
|
// source (selected based on dst type)
|
|
|
|
// (could use RawSockaddrAny and unsafe)
|
2017-10-07 22:35:23 +02:00
|
|
|
// TODO: Merge
|
2017-10-06 22:56:01 +02:00
|
|
|
src6 unix.RawSockaddrInet6
|
|
|
|
src4 unix.RawSockaddrInet4
|
|
|
|
src4if int32
|
2017-09-24 21:35:25 +02:00
|
|
|
|
|
|
|
dst unix.RawSockaddrAny
|
|
|
|
}
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
type Socket int
|
|
|
|
|
|
|
|
/* Returns a byte representation of the source field(s)
|
|
|
|
* for use in "under load" cookie computations.
|
|
|
|
*/
|
|
|
|
func (endpoint *Endpoint) Source() []byte {
|
|
|
|
return nil
|
|
|
|
}
|
2017-10-06 22:56:01 +02:00
|
|
|
|
2017-09-24 21:35:25 +02:00
|
|
|
func zoneToUint32(zone string) (uint32, error) {
|
|
|
|
if zone == "" {
|
|
|
|
return 0, nil
|
|
|
|
}
|
|
|
|
if intr, err := net.InterfaceByName(zone); err == nil {
|
|
|
|
return uint32(intr.Index), nil
|
|
|
|
}
|
|
|
|
n, err := strconv.ParseUint(zone, 10, 32)
|
|
|
|
return uint32(n), err
|
|
|
|
}
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
func CreateIPv4Socket(port uint16) (Socket, uint16, error) {
|
2017-10-06 22:56:01 +02:00
|
|
|
|
|
|
|
// create socket
|
|
|
|
|
|
|
|
fd, err := unix.Socket(
|
|
|
|
unix.AF_INET,
|
|
|
|
unix.SOCK_DGRAM,
|
|
|
|
0,
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
2017-10-07 22:35:23 +02:00
|
|
|
return -1, 0, err
|
|
|
|
}
|
|
|
|
|
|
|
|
addr := unix.SockaddrInet4{
|
|
|
|
Port: int(port),
|
2017-10-06 22:56:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// set sockopts and bind
|
|
|
|
|
|
|
|
if err := func() error {
|
|
|
|
if err := unix.SetsockoptInt(
|
|
|
|
fd,
|
|
|
|
unix.SOL_SOCKET,
|
|
|
|
unix.SO_REUSEADDR,
|
|
|
|
1,
|
|
|
|
); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := unix.SetsockoptInt(
|
|
|
|
fd,
|
|
|
|
unix.IPPROTO_IP,
|
|
|
|
unix.IP_PKTINFO,
|
|
|
|
1,
|
|
|
|
); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return unix.Bind(fd, &addr)
|
|
|
|
}(); err != nil {
|
|
|
|
unix.Close(fd)
|
|
|
|
}
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
return Socket(fd), uint16(addr.Port), err
|
2017-10-06 22:56:01 +02:00
|
|
|
}
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
func CloseIPv4Socket(sock Socket) error {
|
|
|
|
return unix.Close(int(sock))
|
|
|
|
}
|
|
|
|
|
|
|
|
func CloseIPv6Socket(sock Socket) error {
|
|
|
|
return unix.Close(int(sock))
|
|
|
|
}
|
|
|
|
|
|
|
|
func CreateIPv6Socket(port uint16) (Socket, uint16, error) {
|
2017-10-06 22:56:01 +02:00
|
|
|
|
|
|
|
// create socket
|
|
|
|
|
|
|
|
fd, err := unix.Socket(
|
|
|
|
unix.AF_INET,
|
|
|
|
unix.SOCK_DGRAM,
|
|
|
|
0,
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
2017-10-07 22:35:23 +02:00
|
|
|
return -1, 0, err
|
2017-10-06 22:56:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// set sockopts and bind
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
addr := unix.SockaddrInet6{
|
|
|
|
Port: int(port),
|
|
|
|
}
|
|
|
|
|
2017-10-06 22:56:01 +02:00
|
|
|
if err := func() error {
|
|
|
|
|
|
|
|
if err := unix.SetsockoptInt(
|
|
|
|
fd,
|
|
|
|
unix.SOL_SOCKET,
|
|
|
|
unix.SO_REUSEADDR,
|
|
|
|
1,
|
|
|
|
); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := unix.SetsockoptInt(
|
|
|
|
fd,
|
|
|
|
unix.IPPROTO_IPV6,
|
|
|
|
unix.IPV6_RECVPKTINFO,
|
|
|
|
1,
|
|
|
|
); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := unix.SetsockoptInt(
|
|
|
|
fd,
|
|
|
|
unix.IPPROTO_IPV6,
|
|
|
|
unix.IPV6_V6ONLY,
|
|
|
|
1,
|
|
|
|
); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return unix.Bind(fd, &addr)
|
|
|
|
|
|
|
|
}(); err != nil {
|
|
|
|
unix.Close(fd)
|
|
|
|
}
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
return Socket(fd), uint16(addr.Port), err
|
2017-10-06 22:56:01 +02:00
|
|
|
}
|
|
|
|
|
2017-09-24 21:35:25 +02:00
|
|
|
func (end *Endpoint) ClearSrc() {
|
2017-10-06 22:56:01 +02:00
|
|
|
end.src4if = 0
|
|
|
|
end.src4 = unix.RawSockaddrInet4{}
|
|
|
|
end.src6 = unix.RawSockaddrInet6{}
|
2017-09-24 21:35:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (end *Endpoint) Set(s string) error {
|
|
|
|
addr, err := parseEndpoint(s)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
ipv6 := addr.IP.To16()
|
|
|
|
if ipv6 != nil {
|
|
|
|
zone, err := zoneToUint32(addr.Zone)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
ptr := (*unix.RawSockaddrInet6)(unsafe.Pointer(&end.dst))
|
|
|
|
ptr.Family = unix.AF_INET6
|
|
|
|
ptr.Port = uint16(addr.Port)
|
|
|
|
ptr.Flowinfo = 0
|
|
|
|
ptr.Scope_id = zone
|
|
|
|
copy(ptr.Addr[:], ipv6[:])
|
|
|
|
end.ClearSrc()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
ipv4 := addr.IP.To4()
|
|
|
|
if ipv4 != nil {
|
|
|
|
ptr := (*unix.RawSockaddrInet4)(unsafe.Pointer(&end.dst))
|
|
|
|
ptr.Family = unix.AF_INET
|
|
|
|
ptr.Port = uint16(addr.Port)
|
|
|
|
ptr.Zero = [8]byte{}
|
|
|
|
copy(ptr.Addr[:], ipv4)
|
|
|
|
end.ClearSrc()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return errors.New("Failed to recognize IP address format")
|
|
|
|
}
|
|
|
|
|
|
|
|
func send6(sock uintptr, end *Endpoint, buff []byte) error {
|
|
|
|
|
2017-10-06 22:56:01 +02:00
|
|
|
// construct message header
|
|
|
|
|
|
|
|
var iovec unix.Iovec
|
2017-09-24 21:35:25 +02:00
|
|
|
iovec.Base = (*byte)(unsafe.Pointer(&buff[0]))
|
|
|
|
iovec.SetLen(len(buff))
|
|
|
|
|
|
|
|
cmsg := struct {
|
|
|
|
cmsghdr unix.Cmsghdr
|
|
|
|
pktinfo unix.Inet6Pktinfo
|
|
|
|
}{
|
|
|
|
unix.Cmsghdr{
|
|
|
|
Level: unix.IPPROTO_IPV6,
|
|
|
|
Type: unix.IPV6_PKTINFO,
|
|
|
|
Len: unix.SizeofInet6Pktinfo,
|
|
|
|
},
|
|
|
|
unix.Inet6Pktinfo{
|
2017-10-06 22:56:01 +02:00
|
|
|
Addr: end.src6.Addr,
|
|
|
|
Ifindex: end.src6.Scope_id,
|
2017-09-24 21:35:25 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
msghdr := unix.Msghdr{
|
|
|
|
Iov: &iovec,
|
|
|
|
Iovlen: 1,
|
|
|
|
Name: (*byte)(unsafe.Pointer(&end.dst)),
|
|
|
|
Namelen: unix.SizeofSockaddrInet6,
|
|
|
|
Control: (*byte)(unsafe.Pointer(&cmsg)),
|
|
|
|
}
|
|
|
|
|
|
|
|
msghdr.SetControllen(int(unsafe.Sizeof(cmsg)))
|
|
|
|
|
|
|
|
// sendmsg(sock, &msghdr, 0)
|
|
|
|
|
|
|
|
_, _, errno := unix.Syscall(
|
|
|
|
unix.SYS_SENDMSG,
|
|
|
|
sock,
|
|
|
|
uintptr(unsafe.Pointer(&msghdr)),
|
|
|
|
0,
|
|
|
|
)
|
|
|
|
if errno == unix.EINVAL {
|
|
|
|
end.ClearSrc()
|
|
|
|
}
|
|
|
|
return errno
|
|
|
|
}
|
|
|
|
|
|
|
|
func send4(sock uintptr, end *Endpoint, buff []byte) error {
|
|
|
|
|
2017-10-06 22:56:01 +02:00
|
|
|
// construct message header
|
|
|
|
|
|
|
|
var iovec unix.Iovec
|
2017-09-24 21:35:25 +02:00
|
|
|
iovec.Base = (*byte)(unsafe.Pointer(&buff[0]))
|
|
|
|
iovec.SetLen(len(buff))
|
|
|
|
|
|
|
|
cmsg := struct {
|
|
|
|
cmsghdr unix.Cmsghdr
|
|
|
|
pktinfo unix.Inet4Pktinfo
|
|
|
|
}{
|
|
|
|
unix.Cmsghdr{
|
|
|
|
Level: unix.IPPROTO_IP,
|
|
|
|
Type: unix.IP_PKTINFO,
|
2017-10-06 22:56:01 +02:00
|
|
|
Len: unix.SizeofInet4Pktinfo,
|
2017-09-24 21:35:25 +02:00
|
|
|
},
|
|
|
|
unix.Inet4Pktinfo{
|
2017-10-06 22:56:01 +02:00
|
|
|
Spec_dst: end.src4.Addr,
|
|
|
|
Ifindex: end.src4if,
|
2017-09-24 21:35:25 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
msghdr := unix.Msghdr{
|
|
|
|
Iov: &iovec,
|
|
|
|
Iovlen: 1,
|
|
|
|
Name: (*byte)(unsafe.Pointer(&end.dst)),
|
|
|
|
Namelen: unix.SizeofSockaddrInet4,
|
|
|
|
Control: (*byte)(unsafe.Pointer(&cmsg)),
|
|
|
|
}
|
|
|
|
|
|
|
|
msghdr.SetControllen(int(unsafe.Sizeof(cmsg)))
|
|
|
|
|
|
|
|
// sendmsg(sock, &msghdr, 0)
|
|
|
|
|
|
|
|
_, _, errno := unix.Syscall(
|
|
|
|
unix.SYS_SENDMSG,
|
|
|
|
sock,
|
|
|
|
uintptr(unsafe.Pointer(&msghdr)),
|
|
|
|
0,
|
|
|
|
)
|
|
|
|
if errno == unix.EINVAL {
|
|
|
|
end.ClearSrc()
|
|
|
|
}
|
|
|
|
return errno
|
|
|
|
}
|
|
|
|
|
2017-10-06 22:56:01 +02:00
|
|
|
func (end *Endpoint) Send(c *net.UDPConn, buff []byte) error {
|
2017-09-24 21:35:25 +02:00
|
|
|
|
|
|
|
// extract underlying file descriptor
|
|
|
|
|
|
|
|
file, err := c.File()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
sock := file.Fd()
|
|
|
|
|
|
|
|
// send depending on address family of dst
|
|
|
|
|
|
|
|
family := *((*uint16)(unsafe.Pointer(&end.dst)))
|
|
|
|
if family == unix.AF_INET {
|
|
|
|
return send4(sock, end, buff)
|
|
|
|
} else if family == unix.AF_INET6 {
|
|
|
|
return send6(sock, end, buff)
|
|
|
|
}
|
|
|
|
return errors.New("Unknown address family of source")
|
|
|
|
}
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
func (end *Endpoint) ReceiveIPv4(sock Socket, buff []byte) (int, error) {
|
2017-09-24 21:35:25 +02:00
|
|
|
|
2017-10-06 22:56:01 +02:00
|
|
|
// contruct message header
|
|
|
|
|
|
|
|
var iovec unix.Iovec
|
|
|
|
iovec.Base = (*byte)(unsafe.Pointer(&buff[0]))
|
|
|
|
iovec.SetLen(len(buff))
|
|
|
|
|
|
|
|
var cmsg struct {
|
|
|
|
cmsghdr unix.Cmsghdr
|
|
|
|
pktinfo unix.Inet4Pktinfo
|
2017-09-24 21:35:25 +02:00
|
|
|
}
|
|
|
|
|
2017-10-06 22:56:01 +02:00
|
|
|
var msghdr unix.Msghdr
|
|
|
|
msghdr.Iov = &iovec
|
|
|
|
msghdr.Iovlen = 1
|
|
|
|
msghdr.Name = (*byte)(unsafe.Pointer(&end.dst))
|
|
|
|
msghdr.Namelen = unix.SizeofSockaddrInet4
|
|
|
|
msghdr.Control = (*byte)(unsafe.Pointer(&cmsg))
|
|
|
|
msghdr.SetControllen(int(unsafe.Sizeof(cmsg)))
|
|
|
|
|
|
|
|
// recvmsg(sock, &mskhdr, 0)
|
|
|
|
|
|
|
|
size, _, errno := unix.Syscall(
|
|
|
|
unix.SYS_RECVMSG,
|
|
|
|
uintptr(sock),
|
|
|
|
uintptr(unsafe.Pointer(&msghdr)),
|
|
|
|
0,
|
|
|
|
)
|
|
|
|
|
|
|
|
if errno != 0 {
|
|
|
|
return 0, errno
|
|
|
|
}
|
|
|
|
|
|
|
|
fmt.Println(msghdr)
|
|
|
|
fmt.Println(cmsg)
|
|
|
|
|
|
|
|
// update source cache
|
|
|
|
|
|
|
|
if cmsg.cmsghdr.Level == unix.IPPROTO_IP &&
|
|
|
|
cmsg.cmsghdr.Type == unix.IP_PKTINFO &&
|
|
|
|
cmsg.cmsghdr.Len >= unix.SizeofInet4Pktinfo {
|
|
|
|
end.src4.Addr = cmsg.pktinfo.Spec_dst
|
|
|
|
end.src4if = cmsg.pktinfo.Ifindex
|
|
|
|
}
|
|
|
|
|
|
|
|
return int(size), nil
|
|
|
|
}
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
func (end *Endpoint) ReceiveIPv6(sock Socket, buff []byte) (int, error) {
|
2017-10-06 22:56:01 +02:00
|
|
|
|
|
|
|
// contruct message header
|
|
|
|
|
2017-09-24 21:35:25 +02:00
|
|
|
var iovec unix.Iovec
|
|
|
|
iovec.Base = (*byte)(unsafe.Pointer(&buff[0]))
|
|
|
|
iovec.SetLen(len(buff))
|
|
|
|
|
|
|
|
var cmsg struct {
|
|
|
|
cmsghdr unix.Cmsghdr
|
2017-10-06 22:56:01 +02:00
|
|
|
pktinfo unix.Inet6Pktinfo
|
2017-09-24 21:35:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
var msg unix.Msghdr
|
|
|
|
msg.Iov = &iovec
|
|
|
|
msg.Iovlen = 1
|
|
|
|
msg.Name = (*byte)(unsafe.Pointer(&end.dst))
|
2017-10-06 22:56:01 +02:00
|
|
|
msg.Namelen = uint32(unix.SizeofSockaddrInet6)
|
2017-09-24 21:35:25 +02:00
|
|
|
msg.Control = (*byte)(unsafe.Pointer(&cmsg))
|
|
|
|
msg.SetControllen(int(unsafe.Sizeof(cmsg)))
|
|
|
|
|
2017-10-06 22:56:01 +02:00
|
|
|
// recvmsg(sock, &mskhdr, 0)
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
size, _, errno := unix.Syscall(
|
2017-09-24 21:35:25 +02:00
|
|
|
unix.SYS_RECVMSG,
|
2017-10-06 22:56:01 +02:00
|
|
|
uintptr(sock),
|
2017-09-24 21:35:25 +02:00
|
|
|
uintptr(unsafe.Pointer(&msg)),
|
|
|
|
0,
|
|
|
|
)
|
|
|
|
|
|
|
|
if errno != 0 {
|
2017-10-07 22:35:23 +02:00
|
|
|
return 0, errno
|
2017-09-24 21:35:25 +02:00
|
|
|
}
|
|
|
|
|
2017-10-06 22:56:01 +02:00
|
|
|
// update source cache
|
|
|
|
|
2017-09-24 21:35:25 +02:00
|
|
|
if cmsg.cmsghdr.Level == unix.IPPROTO_IPV6 &&
|
|
|
|
cmsg.cmsghdr.Type == unix.IPV6_PKTINFO &&
|
|
|
|
cmsg.cmsghdr.Len >= unix.SizeofInet6Pktinfo {
|
2017-10-06 22:56:01 +02:00
|
|
|
end.src6.Addr = cmsg.pktinfo.Addr
|
|
|
|
end.src6.Scope_id = cmsg.pktinfo.Ifindex
|
2017-09-24 21:35:25 +02:00
|
|
|
}
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
return int(size), nil
|
2017-09-24 21:35:25 +02:00
|
|
|
}
|
|
|
|
|
2017-10-07 22:35:23 +02:00
|
|
|
func SetMark(sock Socket, value uint32) error {
|
2017-08-25 14:53:23 +02:00
|
|
|
return unix.SetsockoptInt(
|
2017-10-07 22:35:23 +02:00
|
|
|
int(sock),
|
2017-08-25 14:53:23 +02:00
|
|
|
unix.SOL_SOCKET,
|
|
|
|
unix.SO_MARK,
|
2017-09-21 03:09:57 +02:00
|
|
|
int(value),
|
2017-08-25 14:53:23 +02:00
|
|
|
)
|
|
|
|
}
|