2019-01-01 19:55:51 -05:00
|
|
|
/* SPDX-License-Identifier: MIT
|
2018-05-03 09:04:00 -04:00
|
|
|
*
|
2022-09-20 11:21:32 -04:00
|
|
|
* Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
|
2018-05-03 09:04:00 -04:00
|
|
|
*/
|
|
|
|
|
|
2019-03-02 22:04:41 -05:00
|
|
|
package device
|
2017-06-26 07:14:02 -04:00
|
|
|
|
|
|
|
|
import (
|
2018-05-07 16:27:03 -04:00
|
|
|
"bytes"
|
2017-06-26 16:07:29 -04:00
|
|
|
"encoding/binary"
|
2021-05-20 12:26:01 -04:00
|
|
|
"errors"
|
2017-06-26 07:14:02 -04:00
|
|
|
"net"
|
2021-05-20 12:26:01 -04:00
|
|
|
"os"
|
2017-06-26 07:14:02 -04:00
|
|
|
"sync"
|
2017-06-30 08:41:08 -04:00
|
|
|
"time"
|
2019-05-14 03:09:52 -04:00
|
|
|
|
|
|
|
|
"golang.org/x/crypto/chacha20poly1305"
|
|
|
|
|
"golang.org/x/net/ipv4"
|
|
|
|
|
"golang.org/x/net/ipv6"
|
2024-01-07 14:03:11 -05:00
|
|
|
"gitea.hbanafa.com/hesham/wireguard-go/conn"
|
|
|
|
|
"gitea.hbanafa.com/hesham/wireguard-go/tun"
|
2017-06-26 07:14:02 -04:00
|
|
|
)
|
|
|
|
|
|
2017-12-01 17:37:26 -05:00
|
|
|
/* Outbound flow
|
2017-06-26 07:14:02 -04:00
|
|
|
*
|
|
|
|
|
* 1. TUN queue
|
2017-06-28 17:45:45 -04:00
|
|
|
* 2. Routing (sequential)
|
|
|
|
|
* 3. Nonce assignment (sequential)
|
|
|
|
|
* 4. Encryption (parallel)
|
|
|
|
|
* 5. Transmission (sequential)
|
2017-06-26 07:14:02 -04:00
|
|
|
*
|
2017-12-01 17:37:26 -05:00
|
|
|
* The functions in this file occur (roughly) in the order in
|
|
|
|
|
* which the packets are processed.
|
|
|
|
|
*
|
|
|
|
|
* Locking, Producers and Consumers
|
|
|
|
|
*
|
|
|
|
|
* The order of packets (per peer) must be maintained,
|
|
|
|
|
* but encryption of packets happen out-of-order:
|
|
|
|
|
*
|
|
|
|
|
* The sequential consumers will attempt to take the lock,
|
2017-07-13 08:32:40 -04:00
|
|
|
* workers release lock when they have completed work (encryption) on the packet.
|
2017-07-06 09:43:55 -04:00
|
|
|
*
|
|
|
|
|
* If the element is inserted into the "encryption queue",
|
2017-12-01 17:37:26 -05:00
|
|
|
* the content is preceded by enough "junk" to contain the transport header
|
2017-07-07 07:47:09 -04:00
|
|
|
* (to allow the construction of transport messages in-place)
|
2017-06-28 17:45:45 -04:00
|
|
|
*/
|
2017-12-01 17:37:26 -05:00
|
|
|
|
2017-06-28 17:45:45 -04:00
|
|
|
type QueueOutboundElement struct {
|
2017-07-14 08:25:18 -04:00
|
|
|
buffer *[MaxMessageSize]byte // slice holding the packet data
|
2017-09-09 09:03:01 -04:00
|
|
|
packet []byte // slice of "buffer" (always!)
|
2017-07-14 08:25:18 -04:00
|
|
|
nonce uint64 // nonce for encryption
|
2018-05-13 13:50:58 -04:00
|
|
|
keypair *Keypair // keypair for encryption
|
2017-07-14 08:25:18 -04:00
|
|
|
peer *Peer // related peer
|
2017-06-26 07:14:02 -04:00
|
|
|
}
|
|
|
|
|
|
2023-10-02 17:48:28 -04:00
|
|
|
type QueueOutboundElementsContainer struct {
|
|
|
|
|
sync.Mutex
|
|
|
|
|
elems []*QueueOutboundElement
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-06 09:43:55 -04:00
|
|
|
func (device *Device) NewOutboundElement() *QueueOutboundElement {
|
2018-09-22 00:29:02 -04:00
|
|
|
elem := device.GetOutboundElement()
|
|
|
|
|
elem.buffer = device.GetMessageBuffer()
|
|
|
|
|
elem.nonce = 0
|
2020-12-04 18:36:21 -05:00
|
|
|
// keypair and peer were cleared (if necessary) by clearPointers.
|
|
|
|
|
return elem
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// clearPointers clears elem fields that contain pointers.
|
|
|
|
|
// This makes the garbage collector's life easier and
|
|
|
|
|
// avoids accidentally keeping other objects around unnecessarily.
|
|
|
|
|
// It also reduces the possible collateral damage from use-after-free bugs.
|
|
|
|
|
func (elem *QueueOutboundElement) clearPointers() {
|
|
|
|
|
elem.buffer = nil
|
|
|
|
|
elem.packet = nil
|
2018-09-22 00:29:02 -04:00
|
|
|
elem.keypair = nil
|
|
|
|
|
elem.peer = nil
|
2017-07-06 09:43:55 -04:00
|
|
|
}
|
|
|
|
|
|
2018-05-07 16:27:03 -04:00
|
|
|
/* Queues a keepalive if no packets are queued for peer
|
|
|
|
|
*/
|
2021-01-27 12:13:53 -05:00
|
|
|
func (peer *Peer) SendKeepalive() {
|
2022-08-30 10:43:11 -04:00
|
|
|
if len(peer.queue.staged) == 0 && peer.isRunning.Load() {
|
2021-01-29 08:54:11 -05:00
|
|
|
elem := peer.device.NewOutboundElement()
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsContainer := peer.device.GetOutboundElementsContainer()
|
|
|
|
|
elemsContainer.elems = append(elemsContainer.elems, elem)
|
2021-01-29 08:54:11 -05:00
|
|
|
select {
|
2023-10-02 17:48:28 -04:00
|
|
|
case peer.queue.staged <- elemsContainer:
|
2021-01-29 08:54:11 -05:00
|
|
|
peer.device.log.Verbosef("%v - Sending keepalive packet", peer)
|
|
|
|
|
default:
|
|
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
2023-10-02 17:48:28 -04:00
|
|
|
peer.device.PutOutboundElementsContainer(elemsContainer)
|
2021-01-29 08:54:11 -05:00
|
|
|
}
|
2018-05-07 16:27:03 -04:00
|
|
|
}
|
2021-01-27 12:13:53 -05:00
|
|
|
peer.SendStagedPackets()
|
2018-05-07 16:27:03 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
|
|
|
|
|
if !isRetry {
|
2022-08-30 10:43:11 -04:00
|
|
|
peer.timers.handshakeAttempts.Store(0)
|
2018-05-07 16:27:03 -04:00
|
|
|
}
|
|
|
|
|
|
2018-05-13 17:14:43 -04:00
|
|
|
peer.handshake.mutex.RLock()
|
2019-06-03 15:46:46 -04:00
|
|
|
if time.Since(peer.handshake.lastSentHandshake) < RekeyTimeout {
|
2018-05-13 17:14:43 -04:00
|
|
|
peer.handshake.mutex.RUnlock()
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
peer.handshake.mutex.RUnlock()
|
|
|
|
|
|
|
|
|
|
peer.handshake.mutex.Lock()
|
2019-06-03 15:46:46 -04:00
|
|
|
if time.Since(peer.handshake.lastSentHandshake) < RekeyTimeout {
|
2018-05-13 17:14:43 -04:00
|
|
|
peer.handshake.mutex.Unlock()
|
2018-05-07 16:27:03 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
2018-05-13 17:14:43 -04:00
|
|
|
peer.handshake.lastSentHandshake = time.Now()
|
|
|
|
|
peer.handshake.mutex.Unlock()
|
2018-05-07 16:27:03 -04:00
|
|
|
|
2021-01-26 17:05:48 -05:00
|
|
|
peer.device.log.Verbosef("%v - Sending handshake initiation", peer)
|
2018-05-07 16:27:03 -04:00
|
|
|
|
|
|
|
|
msg, err := peer.device.CreateMessageInitiation(peer)
|
|
|
|
|
if err != nil {
|
2021-01-26 17:05:48 -05:00
|
|
|
peer.device.log.Errorf("%v - Failed to create initiation message: %v", peer, err)
|
2018-05-07 16:27:03 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-13 12:55:05 -04:00
|
|
|
var buf [MessageInitiationSize]byte
|
|
|
|
|
writer := bytes.NewBuffer(buf[:0])
|
2018-05-07 16:27:03 -04:00
|
|
|
binary.Write(writer, binary.LittleEndian, msg)
|
|
|
|
|
packet := writer.Bytes()
|
2018-05-13 17:14:43 -04:00
|
|
|
peer.cookieGenerator.AddMacs(packet)
|
2018-05-07 16:27:03 -04:00
|
|
|
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
2018-05-18 19:19:53 -04:00
|
|
|
peer.timersAnyAuthenticatedPacketSent()
|
2018-05-13 17:14:43 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
err = peer.SendBuffers([][]byte{packet})
|
2018-05-13 17:14:43 -04:00
|
|
|
if err != nil {
|
2021-01-26 17:05:48 -05:00
|
|
|
peer.device.log.Errorf("%v - Failed to send handshake initiation: %v", peer, err)
|
2018-05-13 17:14:43 -04:00
|
|
|
}
|
2018-05-07 16:27:03 -04:00
|
|
|
peer.timersHandshakeInitiated()
|
2018-05-13 17:14:43 -04:00
|
|
|
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) SendHandshakeResponse() error {
|
|
|
|
|
peer.handshake.mutex.Lock()
|
|
|
|
|
peer.handshake.lastSentHandshake = time.Now()
|
|
|
|
|
peer.handshake.mutex.Unlock()
|
|
|
|
|
|
2021-01-26 17:05:48 -05:00
|
|
|
peer.device.log.Verbosef("%v - Sending handshake response", peer)
|
2018-05-13 17:14:43 -04:00
|
|
|
|
|
|
|
|
response, err := peer.device.CreateMessageResponse(peer)
|
|
|
|
|
if err != nil {
|
2021-01-26 17:05:48 -05:00
|
|
|
peer.device.log.Errorf("%v - Failed to create response message: %v", peer, err)
|
2018-05-13 17:14:43 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-13 12:55:05 -04:00
|
|
|
var buf [MessageResponseSize]byte
|
|
|
|
|
writer := bytes.NewBuffer(buf[:0])
|
2018-05-13 17:14:43 -04:00
|
|
|
binary.Write(writer, binary.LittleEndian, response)
|
|
|
|
|
packet := writer.Bytes()
|
|
|
|
|
peer.cookieGenerator.AddMacs(packet)
|
|
|
|
|
|
|
|
|
|
err = peer.BeginSymmetricSession()
|
|
|
|
|
if err != nil {
|
2021-01-26 17:05:48 -05:00
|
|
|
peer.device.log.Errorf("%v - Failed to derive keypair: %v", peer, err)
|
2018-05-13 17:14:43 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
peer.timersSessionDerived()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
2018-05-18 19:19:53 -04:00
|
|
|
peer.timersAnyAuthenticatedPacketSent()
|
2018-05-13 17:14:43 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
// TODO: allocation could be avoided
|
|
|
|
|
err = peer.SendBuffers([][]byte{packet})
|
2018-05-13 17:14:43 -04:00
|
|
|
if err != nil {
|
2021-01-26 17:05:48 -05:00
|
|
|
peer.device.log.Errorf("%v - Failed to send handshake response: %v", peer, err)
|
2018-05-13 17:14:43 -04:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error {
|
2021-01-26 17:05:48 -05:00
|
|
|
device.log.Verbosef("Sending cookie response for denied handshake message for %v", initiatingElem.endpoint.DstToString())
|
2018-05-13 17:14:43 -04:00
|
|
|
|
|
|
|
|
sender := binary.LittleEndian.Uint32(initiatingElem.packet[4:8])
|
|
|
|
|
reply, err := device.cookieChecker.CreateReply(initiatingElem.packet, sender, initiatingElem.endpoint.DstToBytes())
|
|
|
|
|
if err != nil {
|
2021-01-26 17:05:48 -05:00
|
|
|
device.log.Errorf("Failed to create cookie reply: %v", err)
|
2018-05-13 17:14:43 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-13 12:55:05 -04:00
|
|
|
var buf [MessageCookieReplySize]byte
|
|
|
|
|
writer := bytes.NewBuffer(buf[:0])
|
2018-05-13 17:14:43 -04:00
|
|
|
binary.Write(writer, binary.LittleEndian, reply)
|
2023-03-02 17:48:02 -05:00
|
|
|
// TODO: allocation could be avoided
|
|
|
|
|
device.net.bind.Send([][]byte{writer.Bytes()}, initiatingElem.endpoint)
|
2019-10-21 05:46:54 -04:00
|
|
|
return nil
|
2018-05-07 16:27:03 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) keepKeyFreshSending() {
|
2018-05-13 17:14:43 -04:00
|
|
|
keypair := peer.keypairs.Current()
|
|
|
|
|
if keypair == nil {
|
2018-05-07 16:27:03 -04:00
|
|
|
return
|
|
|
|
|
}
|
2022-08-30 10:43:11 -04:00
|
|
|
nonce := keypair.sendNonce.Load()
|
2019-06-03 15:46:46 -04:00
|
|
|
if nonce > RekeyAfterMessages || (keypair.isInitiator && time.Since(keypair.created) > RekeyAfterTime) {
|
2018-05-07 16:27:03 -04:00
|
|
|
peer.SendHandshakeInitiation(false)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-04 10:15:53 -04:00
|
|
|
func (device *Device) RoutineReadFromTUN() {
|
2018-05-01 10:59:13 -04:00
|
|
|
defer func() {
|
2021-01-26 17:05:48 -05:00
|
|
|
device.log.Verbosef("Routine: TUN reader - stopped")
|
2018-05-16 16:20:15 -04:00
|
|
|
device.state.stopping.Done()
|
2021-02-09 12:53:00 -05:00
|
|
|
device.queue.encryption.wg.Done()
|
2018-05-01 10:59:13 -04:00
|
|
|
}()
|
|
|
|
|
|
2021-01-26 17:05:48 -05:00
|
|
|
device.log.Verbosef("Routine: TUN reader - started")
|
2017-07-13 08:32:40 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
var (
|
|
|
|
|
batchSize = device.BatchSize()
|
|
|
|
|
readErr error
|
|
|
|
|
elems = make([]*QueueOutboundElement, batchSize)
|
2023-03-13 12:55:05 -04:00
|
|
|
bufs = make([][]byte, batchSize)
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsByPeer = make(map[*Peer]*QueueOutboundElementsContainer, batchSize)
|
2023-03-02 17:48:02 -05:00
|
|
|
count = 0
|
|
|
|
|
sizes = make([]int, batchSize)
|
|
|
|
|
offset = MessageTransportHeaderSize
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
for i := range elems {
|
|
|
|
|
elems[i] = device.NewOutboundElement()
|
2023-03-13 12:55:05 -04:00
|
|
|
bufs[i] = elems[i].buffer[:]
|
2023-03-02 17:48:02 -05:00
|
|
|
}
|
2018-09-22 00:29:02 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
defer func() {
|
|
|
|
|
for _, elem := range elems {
|
|
|
|
|
if elem != nil {
|
|
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2018-09-22 00:29:02 -04:00
|
|
|
}
|
2023-03-02 17:48:02 -05:00
|
|
|
}()
|
2017-07-06 09:43:55 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
for {
|
|
|
|
|
// read packets
|
2023-03-13 12:55:05 -04:00
|
|
|
count, readErr = device.tun.device.Read(bufs, sizes, offset)
|
2023-03-02 17:48:02 -05:00
|
|
|
for i := 0; i < count; i++ {
|
|
|
|
|
if sizes[i] < 1 {
|
|
|
|
|
continue
|
2018-05-20 23:18:25 -04:00
|
|
|
}
|
2017-07-13 08:32:40 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
elem := elems[i]
|
2023-03-13 12:55:05 -04:00
|
|
|
elem.packet = bufs[i][offset : offset+sizes[i]]
|
2017-06-26 07:14:02 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
// lookup peer
|
|
|
|
|
var peer *Peer
|
|
|
|
|
switch elem.packet[0] >> 4 {
|
|
|
|
|
case 4:
|
|
|
|
|
if len(elem.packet) < ipv4.HeaderLen {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
dst := elem.packet[IPv4offsetDst : IPv4offsetDst+net.IPv4len]
|
|
|
|
|
peer = device.allowedips.Lookup(dst)
|
2017-08-04 10:15:53 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
case 6:
|
|
|
|
|
if len(elem.packet) < ipv6.HeaderLen {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
dst := elem.packet[IPv6offsetDst : IPv6offsetDst+net.IPv6len]
|
|
|
|
|
peer = device.allowedips.Lookup(dst)
|
2017-06-26 07:14:02 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
default:
|
|
|
|
|
device.log.Verbosef("Received packet with unknown IP version")
|
2017-08-04 10:15:53 -04:00
|
|
|
}
|
2017-06-26 07:14:02 -04:00
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
if peer == nil {
|
2017-08-04 10:15:53 -04:00
|
|
|
continue
|
|
|
|
|
}
|
2023-03-02 17:48:02 -05:00
|
|
|
elemsForPeer, ok := elemsByPeer[peer]
|
|
|
|
|
if !ok {
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsForPeer = device.GetOutboundElementsContainer()
|
2023-03-02 17:48:02 -05:00
|
|
|
elemsByPeer[peer] = elemsForPeer
|
|
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsForPeer.elems = append(elemsForPeer.elems, elem)
|
2023-03-02 17:48:02 -05:00
|
|
|
elems[i] = device.NewOutboundElement()
|
2023-03-13 12:55:05 -04:00
|
|
|
bufs[i] = elems[i].buffer[:]
|
2017-06-28 17:45:45 -04:00
|
|
|
}
|
|
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
for peer, elemsForPeer := range elemsByPeer {
|
|
|
|
|
if peer.isRunning.Load() {
|
|
|
|
|
peer.StagePackets(elemsForPeer)
|
|
|
|
|
peer.SendStagedPackets()
|
|
|
|
|
} else {
|
2023-10-02 17:48:28 -04:00
|
|
|
for _, elem := range elemsForPeer.elems {
|
2023-03-02 17:48:02 -05:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
device.PutOutboundElementsContainer(elemsForPeer)
|
2023-03-02 17:48:02 -05:00
|
|
|
}
|
|
|
|
|
delete(elemsByPeer, peer)
|
2017-06-28 17:45:45 -04:00
|
|
|
}
|
2023-03-02 17:48:02 -05:00
|
|
|
|
|
|
|
|
if readErr != nil {
|
|
|
|
|
if errors.Is(readErr, tun.ErrTooManySegments) {
|
|
|
|
|
// TODO: record stat for this
|
|
|
|
|
// This will happen if MSS is surprisingly small (< 576)
|
|
|
|
|
// coincident with reasonably high throughput.
|
|
|
|
|
device.log.Verbosef("Dropped some packets from multi-segment read: %v", readErr)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if !device.isClosed() {
|
|
|
|
|
if !errors.Is(readErr, os.ErrClosed) {
|
|
|
|
|
device.log.Errorf("Failed to read packet from TUN device: %v", readErr)
|
|
|
|
|
}
|
|
|
|
|
go device.Close()
|
|
|
|
|
}
|
|
|
|
|
return
|
2018-01-26 16:52:32 -05:00
|
|
|
}
|
2017-06-26 07:14:02 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-02 17:48:28 -04:00
|
|
|
func (peer *Peer) StagePackets(elems *QueueOutboundElementsContainer) {
|
2021-01-27 12:13:53 -05:00
|
|
|
for {
|
|
|
|
|
select {
|
2023-03-02 17:48:02 -05:00
|
|
|
case peer.queue.staged <- elems:
|
2021-01-27 12:13:53 -05:00
|
|
|
return
|
|
|
|
|
default:
|
2021-01-28 12:56:58 -05:00
|
|
|
}
|
|
|
|
|
select {
|
|
|
|
|
case tooOld := <-peer.queue.staged:
|
2023-10-02 17:48:28 -04:00
|
|
|
for _, elem := range tooOld.elems {
|
2023-03-02 17:48:02 -05:00
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
peer.device.PutOutboundElementsContainer(tooOld)
|
2021-01-28 12:56:58 -05:00
|
|
|
default:
|
2018-05-18 18:35:49 -04:00
|
|
|
}
|
|
|
|
|
}
|
2021-01-27 12:13:53 -05:00
|
|
|
}
|
2018-05-18 18:35:49 -04:00
|
|
|
|
2021-01-27 12:13:53 -05:00
|
|
|
func (peer *Peer) SendStagedPackets() {
|
|
|
|
|
top:
|
2021-01-19 12:02:16 -05:00
|
|
|
if len(peer.queue.staged) == 0 || !peer.device.isUp() {
|
2021-01-27 12:13:53 -05:00
|
|
|
return
|
|
|
|
|
}
|
2018-09-23 19:52:02 -04:00
|
|
|
|
2021-01-27 12:13:53 -05:00
|
|
|
keypair := peer.keypairs.Current()
|
2022-08-30 10:43:11 -04:00
|
|
|
if keypair == nil || keypair.sendNonce.Load() >= RejectAfterMessages || time.Since(keypair.created) >= RejectAfterTime {
|
2021-01-27 12:13:53 -05:00
|
|
|
peer.SendHandshakeInitiation(false)
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-02-02 10:40:14 -05:00
|
|
|
|
2017-09-09 09:03:01 -04:00
|
|
|
for {
|
2023-10-02 17:48:28 -04:00
|
|
|
var elemsContainerOOO *QueueOutboundElementsContainer
|
2017-09-09 09:03:01 -04:00
|
|
|
select {
|
2023-10-02 17:48:28 -04:00
|
|
|
case elemsContainer := <-peer.queue.staged:
|
2023-03-02 17:48:02 -05:00
|
|
|
i := 0
|
2023-10-02 17:48:28 -04:00
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-03-02 17:48:02 -05:00
|
|
|
elem.peer = peer
|
|
|
|
|
elem.nonce = keypair.sendNonce.Add(1) - 1
|
|
|
|
|
if elem.nonce >= RejectAfterMessages {
|
|
|
|
|
keypair.sendNonce.Store(RejectAfterMessages)
|
2023-10-02 17:48:28 -04:00
|
|
|
if elemsContainerOOO == nil {
|
|
|
|
|
elemsContainerOOO = peer.device.GetOutboundElementsContainer()
|
2023-03-02 17:48:02 -05:00
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsContainerOOO.elems = append(elemsContainerOOO.elems, elem)
|
2023-03-02 17:48:02 -05:00
|
|
|
continue
|
|
|
|
|
} else {
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsContainer.elems[i] = elem
|
2023-03-02 17:48:02 -05:00
|
|
|
i++
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
elem.keypair = keypair
|
2018-05-07 16:27:03 -04:00
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsContainer.Lock()
|
|
|
|
|
elemsContainer.elems = elemsContainer.elems[:i]
|
2018-05-18 18:35:49 -04:00
|
|
|
|
2023-10-02 17:48:28 -04:00
|
|
|
if elemsContainerOOO != nil {
|
|
|
|
|
peer.StagePackets(elemsContainerOOO) // XXX: Out of order, but we can't front-load go chans
|
2023-03-02 17:48:02 -05:00
|
|
|
}
|
|
|
|
|
|
2023-10-02 17:48:28 -04:00
|
|
|
if len(elemsContainer.elems) == 0 {
|
|
|
|
|
peer.device.PutOutboundElementsContainer(elemsContainer)
|
2023-03-02 17:48:02 -05:00
|
|
|
goto top
|
|
|
|
|
}
|
2017-07-06 09:43:55 -04:00
|
|
|
|
2017-09-09 09:03:01 -04:00
|
|
|
// add to parallel and sequential queue
|
2022-08-30 10:43:11 -04:00
|
|
|
if peer.isRunning.Load() {
|
2023-10-02 17:48:28 -04:00
|
|
|
peer.queue.outbound.c <- elemsContainer
|
|
|
|
|
peer.device.queue.encryption.c <- elemsContainer
|
2021-01-29 08:54:11 -05:00
|
|
|
} else {
|
2023-10-02 17:48:28 -04:00
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-03-02 17:48:02 -05:00
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
peer.device.PutOutboundElementsContainer(elemsContainer)
|
2023-03-02 17:48:02 -05:00
|
|
|
}
|
|
|
|
|
|
2023-10-02 17:48:28 -04:00
|
|
|
if elemsContainerOOO != nil {
|
2023-03-02 17:48:02 -05:00
|
|
|
goto top
|
2021-01-29 08:54:11 -05:00
|
|
|
}
|
2021-01-27 12:13:53 -05:00
|
|
|
default:
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) FlushStagedPackets() {
|
|
|
|
|
for {
|
|
|
|
|
select {
|
2023-10-02 17:48:28 -04:00
|
|
|
case elemsContainer := <-peer.queue.staged:
|
|
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-03-02 17:48:02 -05:00
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
peer.device.PutOutboundElementsContainer(elemsContainer)
|
2021-01-27 12:13:53 -05:00
|
|
|
default:
|
|
|
|
|
return
|
2017-06-26 07:14:02 -04:00
|
|
|
}
|
2017-09-09 09:03:01 -04:00
|
|
|
}
|
2017-06-26 07:14:02 -04:00
|
|
|
}
|
|
|
|
|
|
2020-05-18 16:32:31 -04:00
|
|
|
func calculatePaddingSize(packetSize, mtu int) int {
|
|
|
|
|
lastUnit := packetSize
|
|
|
|
|
if mtu == 0 {
|
|
|
|
|
return ((lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1)) - lastUnit
|
|
|
|
|
}
|
|
|
|
|
if lastUnit > mtu {
|
|
|
|
|
lastUnit %= mtu
|
|
|
|
|
}
|
|
|
|
|
paddedSize := ((lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1))
|
|
|
|
|
if paddedSize > mtu {
|
|
|
|
|
paddedSize = mtu
|
|
|
|
|
}
|
|
|
|
|
return paddedSize - lastUnit
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-28 17:45:45 -04:00
|
|
|
/* Encrypts the elements in the queue
|
|
|
|
|
* and marks them for sequential consumption (by releasing the mutex)
|
2017-06-26 16:07:29 -04:00
|
|
|
*
|
2017-06-28 17:45:45 -04:00
|
|
|
* Obs. One instance per core
|
2017-06-26 16:07:29 -04:00
|
|
|
*/
|
2021-05-07 06:21:21 -04:00
|
|
|
func (device *Device) RoutineEncryption(id int) {
|
2021-01-29 14:10:48 -05:00
|
|
|
var paddingZeros [PaddingMultiple]byte
|
2017-06-26 16:07:29 -04:00
|
|
|
var nonce [chacha20poly1305.NonceSize]byte
|
2017-07-17 10:16:18 -04:00
|
|
|
|
2021-05-07 06:21:21 -04:00
|
|
|
defer device.log.Verbosef("Routine: encryption worker %d - stopped", id)
|
|
|
|
|
device.log.Verbosef("Routine: encryption worker %d - started", id)
|
2017-07-17 10:16:18 -04:00
|
|
|
|
2023-10-02 17:48:28 -04:00
|
|
|
for elemsContainer := range device.queue.encryption.c {
|
|
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-10-02 17:41:04 -04:00
|
|
|
// populate header fields
|
|
|
|
|
header := elem.buffer[:MessageTransportHeaderSize]
|
|
|
|
|
|
|
|
|
|
fieldType := header[0:4]
|
|
|
|
|
fieldReceiver := header[4:8]
|
|
|
|
|
fieldNonce := header[8:16]
|
|
|
|
|
|
|
|
|
|
binary.LittleEndian.PutUint32(fieldType, MessageTransportType)
|
|
|
|
|
binary.LittleEndian.PutUint32(fieldReceiver, elem.keypair.remoteIndex)
|
|
|
|
|
binary.LittleEndian.PutUint64(fieldNonce, elem.nonce)
|
|
|
|
|
|
|
|
|
|
// pad content to multiple of 16
|
|
|
|
|
paddingSize := calculatePaddingSize(len(elem.packet), int(device.tun.mtu.Load()))
|
|
|
|
|
elem.packet = append(elem.packet, paddingZeros[:paddingSize]...)
|
|
|
|
|
|
|
|
|
|
// encrypt content and release to consumer
|
|
|
|
|
|
|
|
|
|
binary.LittleEndian.PutUint64(nonce[4:], elem.nonce)
|
|
|
|
|
elem.packet = elem.keypair.send.Seal(
|
|
|
|
|
header,
|
|
|
|
|
nonce[:],
|
|
|
|
|
elem.packet,
|
|
|
|
|
nil,
|
|
|
|
|
)
|
|
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsContainer.Unlock()
|
2017-06-28 17:45:45 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-02 17:48:02 -05:00
|
|
|
func (peer *Peer) RoutineSequentialSender(maxBatchSize int) {
|
2017-06-30 08:41:08 -04:00
|
|
|
device := peer.device
|
2021-01-29 08:54:11 -05:00
|
|
|
defer func() {
|
|
|
|
|
defer device.log.Verbosef("%v - Routine: sequential sender - stopped", peer)
|
|
|
|
|
peer.stopping.Done()
|
|
|
|
|
}()
|
2021-01-26 17:05:48 -05:00
|
|
|
device.log.Verbosef("%v - Routine: sequential sender - started", peer)
|
2018-05-01 10:59:13 -04:00
|
|
|
|
2023-03-13 12:55:05 -04:00
|
|
|
bufs := make([][]byte, 0, maxBatchSize)
|
2023-03-02 17:48:02 -05:00
|
|
|
|
2023-10-02 17:48:28 -04:00
|
|
|
for elemsContainer := range peer.queue.outbound.c {
|
2023-03-13 12:55:05 -04:00
|
|
|
bufs = bufs[:0]
|
2023-10-02 17:48:28 -04:00
|
|
|
if elemsContainer == nil {
|
2021-02-08 16:02:52 -05:00
|
|
|
return
|
|
|
|
|
}
|
2022-08-30 10:43:11 -04:00
|
|
|
if !peer.isRunning.Load() {
|
2020-12-15 18:54:48 -05:00
|
|
|
// peer has been stopped; return re-usable elems to the shared pool.
|
|
|
|
|
// This is an optimization only. It is possible for the peer to be stopped
|
|
|
|
|
// immediately after this check, in which case, elem will get processed.
|
2023-03-02 17:48:02 -05:00
|
|
|
// The timers and SendBuffers code are resilient to a few stragglers.
|
2021-02-22 09:43:08 -05:00
|
|
|
// TODO: rework peer shutdown order to ensure
|
2020-12-15 18:54:48 -05:00
|
|
|
// that we never accidentally keep timers alive longer than necessary.
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsContainer.Lock()
|
|
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-03-02 17:48:02 -05:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2020-12-15 18:54:48 -05:00
|
|
|
continue
|
|
|
|
|
}
|
2023-03-02 17:48:02 -05:00
|
|
|
dataSent := false
|
2023-10-02 17:48:28 -04:00
|
|
|
elemsContainer.Lock()
|
|
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-03-02 17:48:02 -05:00
|
|
|
if len(elem.packet) != MessageKeepaliveSize {
|
|
|
|
|
dataSent = true
|
|
|
|
|
}
|
2023-03-13 12:55:05 -04:00
|
|
|
bufs = append(bufs, elem.packet)
|
2023-03-02 17:48:02 -05:00
|
|
|
}
|
2020-12-15 18:54:48 -05:00
|
|
|
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketSent()
|
2017-07-18 09:22:56 -04:00
|
|
|
|
2023-03-13 12:55:05 -04:00
|
|
|
err := peer.SendBuffers(bufs)
|
2023-03-02 17:48:02 -05:00
|
|
|
if dataSent {
|
2020-12-15 18:54:48 -05:00
|
|
|
peer.timersDataSent()
|
2017-06-30 08:41:08 -04:00
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-03-02 17:48:02 -05:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2023-10-02 17:48:28 -04:00
|
|
|
device.PutOutboundElementsContainer(elemsContainer)
|
2023-10-02 16:53:07 -04:00
|
|
|
if err != nil {
|
|
|
|
|
var errGSO conn.ErrUDPGSODisabled
|
|
|
|
|
if errors.As(err, &errGSO) {
|
|
|
|
|
device.log.Verbosef(err.Error())
|
|
|
|
|
err = errGSO.RetryErr
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-12-15 18:54:48 -05:00
|
|
|
if err != nil {
|
2023-03-02 17:48:02 -05:00
|
|
|
device.log.Errorf("%v - Failed to send data packets: %v", peer, err)
|
2020-12-15 18:54:48 -05:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
peer.keepKeyFreshSending()
|
2017-06-26 07:14:02 -04:00
|
|
|
}
|
|
|
|
|
}
|
