More refactoring
This commit is contained in:
parent
729773fdf3
commit
b56af1829d
20
conn.go
20
conn.go
@ -74,9 +74,6 @@ func (device *Device) BindSetMark(mark uint32) error {
|
|||||||
device.net.mutex.Lock()
|
device.net.mutex.Lock()
|
||||||
defer device.net.mutex.Unlock()
|
defer device.net.mutex.Unlock()
|
||||||
|
|
||||||
device.peers.mutex.Lock()
|
|
||||||
defer device.peers.mutex.Unlock()
|
|
||||||
|
|
||||||
// check if modified
|
// check if modified
|
||||||
|
|
||||||
if device.net.fwmark == mark {
|
if device.net.fwmark == mark {
|
||||||
@ -92,6 +89,18 @@ func (device *Device) BindSetMark(mark uint32) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// clear cached source addresses
|
||||||
|
|
||||||
|
device.peers.mutex.RLock()
|
||||||
|
for _, peer := range device.peers.keyMap {
|
||||||
|
peer.mutex.Lock()
|
||||||
|
defer peer.mutex.Unlock()
|
||||||
|
if peer.endpoint != nil {
|
||||||
|
peer.endpoint.ClearSrc()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
device.peers.mutex.RUnlock()
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -100,9 +109,6 @@ func (device *Device) BindUpdate() error {
|
|||||||
device.net.mutex.Lock()
|
device.net.mutex.Lock()
|
||||||
defer device.net.mutex.Unlock()
|
defer device.net.mutex.Unlock()
|
||||||
|
|
||||||
device.peers.mutex.Lock()
|
|
||||||
defer device.peers.mutex.Unlock()
|
|
||||||
|
|
||||||
// close existing sockets
|
// close existing sockets
|
||||||
|
|
||||||
if err := unsafeCloseBind(device); err != nil {
|
if err := unsafeCloseBind(device); err != nil {
|
||||||
@ -135,6 +141,7 @@ func (device *Device) BindUpdate() error {
|
|||||||
|
|
||||||
// clear cached source addresses
|
// clear cached source addresses
|
||||||
|
|
||||||
|
device.peers.mutex.RLock()
|
||||||
for _, peer := range device.peers.keyMap {
|
for _, peer := range device.peers.keyMap {
|
||||||
peer.mutex.Lock()
|
peer.mutex.Lock()
|
||||||
defer peer.mutex.Unlock()
|
defer peer.mutex.Unlock()
|
||||||
@ -142,6 +149,7 @@ func (device *Device) BindUpdate() error {
|
|||||||
peer.endpoint.ClearSrc()
|
peer.endpoint.ClearSrc()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
device.peers.mutex.RUnlock()
|
||||||
|
|
||||||
// start receiving routines
|
// start receiving routines
|
||||||
|
|
||||||
|
57
device.go
57
device.go
@ -38,17 +38,12 @@ type Device struct {
|
|||||||
fwmark uint32 // mark value (0 = disabled)
|
fwmark uint32 // mark value (0 = disabled)
|
||||||
}
|
}
|
||||||
|
|
||||||
noise struct {
|
staticIdentity struct {
|
||||||
mutex sync.RWMutex
|
mutex sync.RWMutex
|
||||||
privateKey NoisePrivateKey
|
privateKey NoisePrivateKey
|
||||||
publicKey NoisePublicKey
|
publicKey NoisePublicKey
|
||||||
}
|
}
|
||||||
|
|
||||||
routing struct {
|
|
||||||
mutex sync.RWMutex
|
|
||||||
table AllowedIPs
|
|
||||||
}
|
|
||||||
|
|
||||||
peers struct {
|
peers struct {
|
||||||
mutex sync.RWMutex
|
mutex sync.RWMutex
|
||||||
keyMap map[NoisePublicKey]*Peer
|
keyMap map[NoisePublicKey]*Peer
|
||||||
@ -56,8 +51,9 @@ type Device struct {
|
|||||||
|
|
||||||
// unprotected / "self-synchronising resources"
|
// unprotected / "self-synchronising resources"
|
||||||
|
|
||||||
|
allowedips AllowedIPs
|
||||||
indexTable IndexTable
|
indexTable IndexTable
|
||||||
mac CookieChecker
|
cookieChecker CookieChecker
|
||||||
|
|
||||||
rate struct {
|
rate struct {
|
||||||
underLoadUntil atomic.Value
|
underLoadUntil atomic.Value
|
||||||
@ -87,15 +83,13 @@ type Device struct {
|
|||||||
/* Converts the peer into a "zombie", which remains in the peer map,
|
/* Converts the peer into a "zombie", which remains in the peer map,
|
||||||
* but processes no packets and does not exists in the routing table.
|
* but processes no packets and does not exists in the routing table.
|
||||||
*
|
*
|
||||||
* Must hold:
|
* Must hold device.peers.mutex.
|
||||||
* device.peers.mutex : exclusive lock
|
|
||||||
* device.routing : exclusive lock
|
|
||||||
*/
|
*/
|
||||||
func unsafeRemovePeer(device *Device, peer *Peer, key NoisePublicKey) {
|
func unsafeRemovePeer(device *Device, peer *Peer, key NoisePublicKey) {
|
||||||
|
|
||||||
// stop routing and processing of packets
|
// stop routing and processing of packets
|
||||||
|
|
||||||
device.routing.table.RemoveByPeer(peer)
|
device.allowedips.RemoveByPeer(peer)
|
||||||
peer.Stop()
|
peer.Stop()
|
||||||
|
|
||||||
// remove from peer map
|
// remove from peer map
|
||||||
@ -131,19 +125,19 @@ func deviceUpdateState(device *Device) {
|
|||||||
device.isUp.Set(false)
|
device.isUp.Set(false)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
device.peers.mutex.Lock()
|
device.peers.mutex.RLock()
|
||||||
for _, peer := range device.peers.keyMap {
|
for _, peer := range device.peers.keyMap {
|
||||||
peer.Start()
|
peer.Start()
|
||||||
}
|
}
|
||||||
device.peers.mutex.Unlock()
|
device.peers.mutex.RUnlock()
|
||||||
|
|
||||||
case false:
|
case false:
|
||||||
device.BindClose()
|
device.BindClose()
|
||||||
device.peers.mutex.Lock()
|
device.peers.mutex.RLock()
|
||||||
for _, peer := range device.peers.keyMap {
|
for _, peer := range device.peers.keyMap {
|
||||||
peer.Stop()
|
peer.Stop()
|
||||||
}
|
}
|
||||||
device.peers.mutex.Unlock()
|
device.peers.mutex.RUnlock()
|
||||||
}
|
}
|
||||||
|
|
||||||
// update state variables
|
// update state variables
|
||||||
@ -199,11 +193,8 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
|
|||||||
|
|
||||||
// lock required resources
|
// lock required resources
|
||||||
|
|
||||||
device.noise.mutex.Lock()
|
device.staticIdentity.mutex.Lock()
|
||||||
defer device.noise.mutex.Unlock()
|
defer device.staticIdentity.mutex.Unlock()
|
||||||
|
|
||||||
device.routing.mutex.Lock()
|
|
||||||
defer device.routing.mutex.Unlock()
|
|
||||||
|
|
||||||
device.peers.mutex.Lock()
|
device.peers.mutex.Lock()
|
||||||
defer device.peers.mutex.Unlock()
|
defer device.peers.mutex.Unlock()
|
||||||
@ -224,13 +215,13 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
|
|||||||
|
|
||||||
// update key material
|
// update key material
|
||||||
|
|
||||||
device.noise.privateKey = sk
|
device.staticIdentity.privateKey = sk
|
||||||
device.noise.publicKey = publicKey
|
device.staticIdentity.publicKey = publicKey
|
||||||
device.mac.Init(publicKey)
|
device.cookieChecker.Init(publicKey)
|
||||||
|
|
||||||
// do static-static DH pre-computations
|
// do static-static DH pre-computations
|
||||||
|
|
||||||
rmKey := device.noise.privateKey.IsZero()
|
rmKey := device.staticIdentity.privateKey.IsZero()
|
||||||
|
|
||||||
for key, peer := range device.peers.keyMap {
|
for key, peer := range device.peers.keyMap {
|
||||||
|
|
||||||
@ -239,7 +230,7 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
|
|||||||
if rmKey {
|
if rmKey {
|
||||||
hs.precomputedStaticStatic = [NoisePublicKeySize]byte{}
|
hs.precomputedStaticStatic = [NoisePublicKeySize]byte{}
|
||||||
} else {
|
} else {
|
||||||
hs.precomputedStaticStatic = device.noise.privateKey.sharedSecret(hs.remoteStatic)
|
hs.precomputedStaticStatic = device.staticIdentity.privateKey.sharedSecret(hs.remoteStatic)
|
||||||
}
|
}
|
||||||
|
|
||||||
if isZero(hs.precomputedStaticStatic[:]) {
|
if isZero(hs.precomputedStaticStatic[:]) {
|
||||||
@ -281,10 +272,10 @@ func NewDevice(tun TUNDevice, logger *Logger) *Device {
|
|||||||
device.rate.limiter.Init()
|
device.rate.limiter.Init()
|
||||||
device.rate.underLoadUntil.Store(time.Time{})
|
device.rate.underLoadUntil.Store(time.Time{})
|
||||||
|
|
||||||
// initialize noise & crypt-key routine
|
// initialize staticIdentity & crypt-key routine
|
||||||
|
|
||||||
device.indexTable.Init()
|
device.indexTable.Init()
|
||||||
device.routing.table.Reset()
|
device.allowedips.Reset()
|
||||||
|
|
||||||
// setup buffer pool
|
// setup buffer pool
|
||||||
|
|
||||||
@ -333,12 +324,6 @@ func (device *Device) LookupPeer(pk NoisePublicKey) *Peer {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (device *Device) RemovePeer(key NoisePublicKey) {
|
func (device *Device) RemovePeer(key NoisePublicKey) {
|
||||||
device.noise.mutex.Lock()
|
|
||||||
defer device.noise.mutex.Unlock()
|
|
||||||
|
|
||||||
device.routing.mutex.Lock()
|
|
||||||
defer device.routing.mutex.Unlock()
|
|
||||||
|
|
||||||
device.peers.mutex.Lock()
|
device.peers.mutex.Lock()
|
||||||
defer device.peers.mutex.Unlock()
|
defer device.peers.mutex.Unlock()
|
||||||
|
|
||||||
@ -351,12 +336,6 @@ func (device *Device) RemovePeer(key NoisePublicKey) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (device *Device) RemoveAllPeers() {
|
func (device *Device) RemoveAllPeers() {
|
||||||
device.noise.mutex.Lock()
|
|
||||||
defer device.noise.mutex.Unlock()
|
|
||||||
|
|
||||||
device.routing.mutex.Lock()
|
|
||||||
defer device.routing.mutex.Unlock()
|
|
||||||
|
|
||||||
device.peers.mutex.Lock()
|
device.peers.mutex.Lock()
|
||||||
defer device.peers.mutex.Unlock()
|
defer device.peers.mutex.Unlock()
|
||||||
|
|
||||||
|
@ -107,6 +107,7 @@ type Handshake struct {
|
|||||||
precomputedStaticStatic [NoisePublicKeySize]byte // precomputed shared secret
|
precomputedStaticStatic [NoisePublicKeySize]byte // precomputed shared secret
|
||||||
lastTimestamp tai64n.Timestamp
|
lastTimestamp tai64n.Timestamp
|
||||||
lastInitiationConsumption time.Time
|
lastInitiationConsumption time.Time
|
||||||
|
lastSentHandshake time.Time
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -153,8 +154,8 @@ func init() {
|
|||||||
|
|
||||||
func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error) {
|
func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error) {
|
||||||
|
|
||||||
device.noise.mutex.RLock()
|
device.staticIdentity.mutex.RLock()
|
||||||
defer device.noise.mutex.RUnlock()
|
defer device.staticIdentity.mutex.RUnlock()
|
||||||
|
|
||||||
handshake := &peer.handshake
|
handshake := &peer.handshake
|
||||||
handshake.mutex.Lock()
|
handshake.mutex.Lock()
|
||||||
@ -206,7 +207,7 @@ func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, e
|
|||||||
ss[:],
|
ss[:],
|
||||||
)
|
)
|
||||||
aead, _ := chacha20poly1305.New(key[:])
|
aead, _ := chacha20poly1305.New(key[:])
|
||||||
aead.Seal(msg.Static[:0], ZeroNonce[:], device.noise.publicKey[:], handshake.hash[:])
|
aead.Seal(msg.Static[:0], ZeroNonce[:], device.staticIdentity.publicKey[:], handshake.hash[:])
|
||||||
}()
|
}()
|
||||||
handshake.mixHash(msg.Static[:])
|
handshake.mixHash(msg.Static[:])
|
||||||
|
|
||||||
@ -240,10 +241,10 @@ func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
device.noise.mutex.RLock()
|
device.staticIdentity.mutex.RLock()
|
||||||
defer device.noise.mutex.RUnlock()
|
defer device.staticIdentity.mutex.RUnlock()
|
||||||
|
|
||||||
mixHash(&hash, &InitialHash, device.noise.publicKey[:])
|
mixHash(&hash, &InitialHash, device.staticIdentity.publicKey[:])
|
||||||
mixHash(&hash, &hash, msg.Ephemeral[:])
|
mixHash(&hash, &hash, msg.Ephemeral[:])
|
||||||
mixKey(&chainKey, &InitialChainKey, msg.Ephemeral[:])
|
mixKey(&chainKey, &InitialChainKey, msg.Ephemeral[:])
|
||||||
|
|
||||||
@ -253,7 +254,7 @@ func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer {
|
|||||||
var peerPK NoisePublicKey
|
var peerPK NoisePublicKey
|
||||||
func() {
|
func() {
|
||||||
var key [chacha20poly1305.KeySize]byte
|
var key [chacha20poly1305.KeySize]byte
|
||||||
ss := device.noise.privateKey.sharedSecret(msg.Ephemeral)
|
ss := device.staticIdentity.privateKey.sharedSecret(msg.Ephemeral)
|
||||||
KDF2(&chainKey, &key, chainKey[:], ss[:])
|
KDF2(&chainKey, &key, chainKey[:], ss[:])
|
||||||
aead, _ := chacha20poly1305.New(key[:])
|
aead, _ := chacha20poly1305.New(key[:])
|
||||||
_, err = aead.Open(peerPK[:0], ZeroNonce[:], msg.Static[:], hash[:])
|
_, err = aead.Open(peerPK[:0], ZeroNonce[:], msg.Static[:], hash[:])
|
||||||
@ -422,8 +423,8 @@ func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer {
|
|||||||
|
|
||||||
// lock private key for reading
|
// lock private key for reading
|
||||||
|
|
||||||
device.noise.mutex.RLock()
|
device.staticIdentity.mutex.RLock()
|
||||||
defer device.noise.mutex.RUnlock()
|
defer device.staticIdentity.mutex.RUnlock()
|
||||||
|
|
||||||
// finish 3-way DH
|
// finish 3-way DH
|
||||||
|
|
||||||
@ -437,7 +438,7 @@ func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer {
|
|||||||
}()
|
}()
|
||||||
|
|
||||||
func() {
|
func() {
|
||||||
ss := device.noise.privateKey.sharedSecret(msg.Ephemeral)
|
ss := device.staticIdentity.privateKey.sharedSecret(msg.Ephemeral)
|
||||||
mixKey(&chainKey, &chainKey, ss[:])
|
mixKey(&chainKey, &chainKey, ss[:])
|
||||||
setZero(ss[:])
|
setZero(ss[:])
|
||||||
}()
|
}()
|
||||||
@ -490,7 +491,7 @@ func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer {
|
|||||||
/* Derives a new keypair from the current handshake state
|
/* Derives a new keypair from the current handshake state
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
func (peer *Peer) DeriveNewKeypair() error {
|
func (peer *Peer) BeginSymmetricSession() error {
|
||||||
device := peer.device
|
device := peer.device
|
||||||
handshake := &peer.handshake
|
handshake := &peer.handshake
|
||||||
handshake.mutex.Lock()
|
handshake.mutex.Lock()
|
||||||
@ -552,50 +553,48 @@ func (peer *Peer) DeriveNewKeypair() error {
|
|||||||
|
|
||||||
// rotate key pairs
|
// rotate key pairs
|
||||||
|
|
||||||
kp := &peer.keypairs
|
keypairs := &peer.keypairs
|
||||||
kp.mutex.Lock()
|
keypairs.mutex.Lock()
|
||||||
|
defer keypairs.mutex.Unlock()
|
||||||
|
|
||||||
peer.timersSessionDerived()
|
previous := keypairs.previous
|
||||||
|
next := keypairs.next
|
||||||
previous := kp.previous
|
current := keypairs.current
|
||||||
next := kp.next
|
|
||||||
current := kp.current
|
|
||||||
|
|
||||||
if isInitiator {
|
if isInitiator {
|
||||||
if next != nil {
|
if next != nil {
|
||||||
kp.next = nil
|
keypairs.next = nil
|
||||||
kp.previous = next
|
keypairs.previous = next
|
||||||
device.DeleteKeypair(current)
|
device.DeleteKeypair(current)
|
||||||
} else {
|
} else {
|
||||||
kp.previous = current
|
keypairs.previous = current
|
||||||
}
|
}
|
||||||
device.DeleteKeypair(previous)
|
device.DeleteKeypair(previous)
|
||||||
kp.current = keypair
|
keypairs.current = keypair
|
||||||
} else {
|
} else {
|
||||||
kp.next = keypair
|
keypairs.next = keypair
|
||||||
device.DeleteKeypair(next)
|
device.DeleteKeypair(next)
|
||||||
kp.previous = nil
|
keypairs.previous = nil
|
||||||
device.DeleteKeypair(previous)
|
device.DeleteKeypair(previous)
|
||||||
}
|
}
|
||||||
kp.mutex.Unlock()
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (peer *Peer) ReceivedWithKeypair(receivedKeypair *Keypair) bool {
|
func (peer *Peer) ReceivedWithKeypair(receivedKeypair *Keypair) bool {
|
||||||
kp := &peer.keypairs
|
keypairs := &peer.keypairs
|
||||||
if kp.next != receivedKeypair {
|
if keypairs.next != receivedKeypair {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
kp.mutex.Lock()
|
keypairs.mutex.Lock()
|
||||||
defer kp.mutex.Unlock()
|
defer keypairs.mutex.Unlock()
|
||||||
if kp.next != receivedKeypair {
|
if keypairs.next != receivedKeypair {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
old := kp.previous
|
old := keypairs.previous
|
||||||
kp.previous = kp.current
|
keypairs.previous = keypairs.current
|
||||||
peer.device.DeleteKeypair(old)
|
peer.device.DeleteKeypair(old)
|
||||||
kp.current = kp.next
|
keypairs.current = keypairs.next
|
||||||
kp.next = nil
|
keypairs.next = nil
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
@ -36,8 +36,8 @@ func TestNoiseHandshake(t *testing.T) {
|
|||||||
defer dev1.Close()
|
defer dev1.Close()
|
||||||
defer dev2.Close()
|
defer dev2.Close()
|
||||||
|
|
||||||
peer1, _ := dev2.NewPeer(dev1.noise.privateKey.publicKey())
|
peer1, _ := dev2.NewPeer(dev1.staticIdentity.privateKey.publicKey())
|
||||||
peer2, _ := dev1.NewPeer(dev2.noise.privateKey.publicKey())
|
peer2, _ := dev1.NewPeer(dev2.staticIdentity.privateKey.publicKey())
|
||||||
|
|
||||||
assertEqual(
|
assertEqual(
|
||||||
t,
|
t,
|
||||||
@ -102,8 +102,8 @@ func TestNoiseHandshake(t *testing.T) {
|
|||||||
|
|
||||||
t.Log("deriving keys")
|
t.Log("deriving keys")
|
||||||
|
|
||||||
key1 := peer1.DeriveNewKeypair()
|
key1 := peer1.BeginSymmetricSession()
|
||||||
key2 := peer2.DeriveNewKeypair()
|
key2 := peer2.BeginSymmetricSession()
|
||||||
|
|
||||||
if key1 == nil {
|
if key1 == nil {
|
||||||
t.Fatal("failed to dervice keypair for peer 1")
|
t.Fatal("failed to dervice keypair for peer 1")
|
||||||
|
70
peer.go
70
peer.go
@ -19,7 +19,7 @@ const (
|
|||||||
|
|
||||||
type Peer struct {
|
type Peer struct {
|
||||||
isRunning AtomicBool
|
isRunning AtomicBool
|
||||||
mutex sync.RWMutex
|
mutex sync.RWMutex // Mostly protects endpoint, but is generally taken whenever we modify peer
|
||||||
keypairs Keypairs
|
keypairs Keypairs
|
||||||
handshake Handshake
|
handshake Handshake
|
||||||
device *Device
|
device *Device
|
||||||
@ -42,7 +42,6 @@ type Peer struct {
|
|||||||
handshakeAttempts uint
|
handshakeAttempts uint
|
||||||
needAnotherKeepalive bool
|
needAnotherKeepalive bool
|
||||||
sentLastMinuteHandshake bool
|
sentLastMinuteHandshake bool
|
||||||
lastSentHandshake time.Time
|
|
||||||
}
|
}
|
||||||
|
|
||||||
signals struct {
|
signals struct {
|
||||||
@ -64,7 +63,7 @@ type Peer struct {
|
|||||||
stop chan struct{} // size 0, stop all go routines in peer
|
stop chan struct{} // size 0, stop all go routines in peer
|
||||||
}
|
}
|
||||||
|
|
||||||
mac CookieGenerator
|
cookieGenerator CookieGenerator
|
||||||
}
|
}
|
||||||
|
|
||||||
func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) {
|
func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) {
|
||||||
@ -75,11 +74,8 @@ func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) {
|
|||||||
|
|
||||||
// lock resources
|
// lock resources
|
||||||
|
|
||||||
device.state.mutex.Lock()
|
device.staticIdentity.mutex.RLock()
|
||||||
defer device.state.mutex.Unlock()
|
defer device.staticIdentity.mutex.RUnlock()
|
||||||
|
|
||||||
device.noise.mutex.RLock()
|
|
||||||
defer device.noise.mutex.RUnlock()
|
|
||||||
|
|
||||||
device.peers.mutex.Lock()
|
device.peers.mutex.Lock()
|
||||||
defer device.peers.mutex.Unlock()
|
defer device.peers.mutex.Unlock()
|
||||||
@ -96,7 +92,7 @@ func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) {
|
|||||||
peer.mutex.Lock()
|
peer.mutex.Lock()
|
||||||
defer peer.mutex.Unlock()
|
defer peer.mutex.Unlock()
|
||||||
|
|
||||||
peer.mac.Init(pk)
|
peer.cookieGenerator.Init(pk)
|
||||||
peer.device = device
|
peer.device = device
|
||||||
peer.isRunning.Set(false)
|
peer.isRunning.Set(false)
|
||||||
|
|
||||||
@ -113,7 +109,7 @@ func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error) {
|
|||||||
handshake := &peer.handshake
|
handshake := &peer.handshake
|
||||||
handshake.mutex.Lock()
|
handshake.mutex.Lock()
|
||||||
handshake.remoteStatic = pk
|
handshake.remoteStatic = pk
|
||||||
handshake.precomputedStaticStatic = device.noise.privateKey.sharedSecret(pk)
|
handshake.precomputedStaticStatic = device.staticIdentity.privateKey.sharedSecret(pk)
|
||||||
handshake.mutex.Unlock()
|
handshake.mutex.Unlock()
|
||||||
|
|
||||||
// reset endpoint
|
// reset endpoint
|
||||||
@ -191,6 +187,7 @@ func (peer *Peer) Start() {
|
|||||||
peer.queue.inbound = make(chan *QueueInboundElement, QueueInboundSize)
|
peer.queue.inbound = make(chan *QueueInboundElement, QueueInboundSize)
|
||||||
|
|
||||||
peer.timersInit()
|
peer.timersInit()
|
||||||
|
peer.handshake.lastSentHandshake = time.Now().Add(-(RekeyTimeout + time.Second))
|
||||||
peer.signals.newKeypairArrived = make(chan struct{}, 1)
|
peer.signals.newKeypairArrived = make(chan struct{}, 1)
|
||||||
peer.signals.flushNonceQueue = make(chan struct{}, 1)
|
peer.signals.flushNonceQueue = make(chan struct{}, 1)
|
||||||
|
|
||||||
@ -204,6 +201,32 @@ func (peer *Peer) Start() {
|
|||||||
peer.isRunning.Set(true)
|
peer.isRunning.Set(true)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (peer *Peer) ZeroAndFlushAll() {
|
||||||
|
device := peer.device
|
||||||
|
|
||||||
|
// clear key pairs
|
||||||
|
|
||||||
|
keypairs := &peer.keypairs
|
||||||
|
keypairs.mutex.Lock()
|
||||||
|
device.DeleteKeypair(keypairs.previous)
|
||||||
|
device.DeleteKeypair(keypairs.current)
|
||||||
|
device.DeleteKeypair(keypairs.next)
|
||||||
|
keypairs.previous = nil
|
||||||
|
keypairs.current = nil
|
||||||
|
keypairs.next = nil
|
||||||
|
keypairs.mutex.Unlock()
|
||||||
|
|
||||||
|
// clear handshake state
|
||||||
|
|
||||||
|
handshake := &peer.handshake
|
||||||
|
handshake.mutex.Lock()
|
||||||
|
device.indexTable.Delete(handshake.localIndex)
|
||||||
|
handshake.Clear()
|
||||||
|
handshake.mutex.Unlock()
|
||||||
|
|
||||||
|
peer.FlushNonceQueue()
|
||||||
|
}
|
||||||
|
|
||||||
func (peer *Peer) Stop() {
|
func (peer *Peer) Stop() {
|
||||||
|
|
||||||
// prevent simultaneous start/stop operations
|
// prevent simultaneous start/stop operations
|
||||||
@ -215,8 +238,7 @@ func (peer *Peer) Stop() {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
device := peer.device
|
peer.device.log.Debug.Println(peer, ": Stopping...")
|
||||||
device.log.Debug.Println(peer, ": Stopping...")
|
|
||||||
|
|
||||||
peer.timersStop()
|
peer.timersStop()
|
||||||
|
|
||||||
@ -232,27 +254,5 @@ func (peer *Peer) Stop() {
|
|||||||
close(peer.queue.outbound)
|
close(peer.queue.outbound)
|
||||||
close(peer.queue.inbound)
|
close(peer.queue.inbound)
|
||||||
|
|
||||||
// clear key pairs
|
peer.ZeroAndFlushAll()
|
||||||
|
|
||||||
kp := &peer.keypairs
|
|
||||||
kp.mutex.Lock()
|
|
||||||
|
|
||||||
device.DeleteKeypair(kp.previous)
|
|
||||||
device.DeleteKeypair(kp.current)
|
|
||||||
device.DeleteKeypair(kp.next)
|
|
||||||
|
|
||||||
kp.previous = nil
|
|
||||||
kp.current = nil
|
|
||||||
kp.next = nil
|
|
||||||
kp.mutex.Unlock()
|
|
||||||
|
|
||||||
// clear handshake state
|
|
||||||
|
|
||||||
hs := &peer.handshake
|
|
||||||
hs.mutex.Lock()
|
|
||||||
device.indexTable.Delete(hs.localIndex)
|
|
||||||
hs.Clear()
|
|
||||||
hs.mutex.Unlock()
|
|
||||||
|
|
||||||
peer.FlushNonceQueue()
|
|
||||||
}
|
}
|
||||||
|
78
receive.go
78
receive.go
@ -107,8 +107,8 @@ func (peer *Peer) keepKeyFreshReceiving() {
|
|||||||
if peer.timers.sentLastMinuteHandshake {
|
if peer.timers.sentLastMinuteHandshake {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
kp := peer.keypairs.Current()
|
keypair := peer.keypairs.Current()
|
||||||
if kp != nil && kp.isInitiator && time.Now().Sub(kp.created) > (RejectAfterTime-KeepaliveTimeout-RekeyTimeout) {
|
if keypair != nil && keypair.isInitiator && time.Now().Sub(keypair.created) > (RejectAfterTime-KeepaliveTimeout-RekeyTimeout) {
|
||||||
peer.timers.sentLastMinuteHandshake = true
|
peer.timers.sentLastMinuteHandshake = true
|
||||||
peer.SendHandshakeInitiation(false)
|
peer.SendHandshakeInitiation(false)
|
||||||
}
|
}
|
||||||
@ -325,7 +325,6 @@ func (device *Device) RoutineHandshake() {
|
|||||||
|
|
||||||
logDebug.Println("Routine: handshake worker - started")
|
logDebug.Println("Routine: handshake worker - started")
|
||||||
|
|
||||||
var temp [MessageHandshakeSize]byte
|
|
||||||
var elem QueueHandshakeElement
|
var elem QueueHandshakeElement
|
||||||
var ok bool
|
var ok bool
|
||||||
|
|
||||||
@ -367,52 +366,28 @@ func (device *Device) RoutineHandshake() {
|
|||||||
// consume reply
|
// consume reply
|
||||||
|
|
||||||
if peer := entry.peer; peer.isRunning.Get() {
|
if peer := entry.peer; peer.isRunning.Get() {
|
||||||
peer.mac.ConsumeReply(&reply)
|
peer.cookieGenerator.ConsumeReply(&reply)
|
||||||
}
|
}
|
||||||
|
|
||||||
continue
|
continue
|
||||||
|
|
||||||
case MessageInitiationType, MessageResponseType:
|
case MessageInitiationType, MessageResponseType:
|
||||||
|
|
||||||
// check mac fields and ratelimit
|
// check mac fields and maybe ratelimit
|
||||||
|
|
||||||
if !device.mac.CheckMAC1(elem.packet) {
|
if !device.cookieChecker.CheckMAC1(elem.packet) {
|
||||||
logDebug.Println("Received packet with invalid mac1")
|
logDebug.Println("Received packet with invalid mac1")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// endpoints destination address is the source of the datagram
|
// endpoints destination address is the source of the datagram
|
||||||
|
|
||||||
srcBytes := elem.endpoint.DstToBytes()
|
|
||||||
|
|
||||||
if device.IsUnderLoad() {
|
if device.IsUnderLoad() {
|
||||||
|
|
||||||
// verify MAC2 field
|
// verify MAC2 field
|
||||||
|
|
||||||
if !device.mac.CheckMAC2(elem.packet, srcBytes) {
|
if !device.cookieChecker.CheckMAC2(elem.packet, elem.endpoint.DstToBytes()) {
|
||||||
|
device.SendHandshakeCookie(&elem)
|
||||||
// construct cookie reply
|
|
||||||
|
|
||||||
logDebug.Println(
|
|
||||||
"Sending cookie reply to:",
|
|
||||||
elem.endpoint.DstToString(),
|
|
||||||
)
|
|
||||||
|
|
||||||
sender := binary.LittleEndian.Uint32(elem.packet[4:8])
|
|
||||||
reply, err := device.mac.CreateReply(elem.packet, sender, srcBytes)
|
|
||||||
if err != nil {
|
|
||||||
logError.Println("Failed to create cookie reply:", err)
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
// marshal and send reply
|
|
||||||
|
|
||||||
writer := bytes.NewBuffer(temp[:0])
|
|
||||||
binary.Write(writer, binary.LittleEndian, reply)
|
|
||||||
device.net.bind.Send(writer.Bytes(), elem.endpoint)
|
|
||||||
if err != nil {
|
|
||||||
logDebug.Println("Failed to send cookie reply:", err)
|
|
||||||
}
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -467,34 +442,7 @@ func (device *Device) RoutineHandshake() {
|
|||||||
|
|
||||||
logDebug.Println(peer, ": Received handshake initiation")
|
logDebug.Println(peer, ": Received handshake initiation")
|
||||||
|
|
||||||
// create response
|
peer.SendHandshakeResponse()
|
||||||
|
|
||||||
response, err := device.CreateMessageResponse(peer)
|
|
||||||
if err != nil {
|
|
||||||
logError.Println("Failed to create response message:", err)
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
if peer.DeriveNewKeypair() != nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
logDebug.Println(peer, ": Sending handshake response")
|
|
||||||
|
|
||||||
writer := bytes.NewBuffer(temp[:0])
|
|
||||||
binary.Write(writer, binary.LittleEndian, response)
|
|
||||||
packet := writer.Bytes()
|
|
||||||
peer.mac.AddMacs(packet)
|
|
||||||
|
|
||||||
// send response
|
|
||||||
|
|
||||||
peer.timers.lastSentHandshake = time.Now()
|
|
||||||
err = peer.SendBuffer(packet)
|
|
||||||
if err == nil {
|
|
||||||
peer.timersAnyAuthenticatedPacketTraversal()
|
|
||||||
} else {
|
|
||||||
logError.Println(peer, ": Failed to send handshake response", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
case MessageResponseType:
|
case MessageResponseType:
|
||||||
|
|
||||||
@ -534,10 +482,14 @@ func (device *Device) RoutineHandshake() {
|
|||||||
|
|
||||||
// derive keypair
|
// derive keypair
|
||||||
|
|
||||||
if peer.DeriveNewKeypair() != nil {
|
err = peer.BeginSymmetricSession()
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
logError.Println(peer, ": Failed to derive keypair:", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
peer.timersSessionDerived()
|
||||||
peer.timersHandshakeComplete()
|
peer.timersHandshakeComplete()
|
||||||
peer.SendKeepalive()
|
peer.SendKeepalive()
|
||||||
select {
|
select {
|
||||||
@ -640,7 +592,7 @@ func (peer *Peer) RoutineSequentialReceiver() {
|
|||||||
// verify IPv4 source
|
// verify IPv4 source
|
||||||
|
|
||||||
src := elem.packet[IPv4offsetSrc : IPv4offsetSrc+net.IPv4len]
|
src := elem.packet[IPv4offsetSrc : IPv4offsetSrc+net.IPv4len]
|
||||||
if device.routing.table.LookupIPv4(src) != peer {
|
if device.allowedips.LookupIPv4(src) != peer {
|
||||||
logInfo.Println(
|
logInfo.Println(
|
||||||
"IPv4 packet with disallowed source address from",
|
"IPv4 packet with disallowed source address from",
|
||||||
peer,
|
peer,
|
||||||
@ -668,7 +620,7 @@ func (peer *Peer) RoutineSequentialReceiver() {
|
|||||||
// verify IPv6 source
|
// verify IPv6 source
|
||||||
|
|
||||||
src := elem.packet[IPv6offsetSrc : IPv6offsetSrc+net.IPv6len]
|
src := elem.packet[IPv6offsetSrc : IPv6offsetSrc+net.IPv6len]
|
||||||
if device.routing.table.LookupIPv6(src) != peer {
|
if device.allowedips.LookupIPv6(src) != peer {
|
||||||
logInfo.Println(
|
logInfo.Println(
|
||||||
peer,
|
peer,
|
||||||
"sent packet with disallowed IPv6 source",
|
"sent packet with disallowed IPv6 source",
|
||||||
|
108
send.go
108
send.go
@ -121,52 +121,114 @@ func (peer *Peer) SendKeepalive() bool {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Sends a new handshake initiation message to the peer (endpoint)
|
|
||||||
*/
|
|
||||||
func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
|
func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
|
||||||
if !isRetry {
|
if !isRetry {
|
||||||
peer.timers.handshakeAttempts = 0
|
peer.timers.handshakeAttempts = 0
|
||||||
}
|
}
|
||||||
|
|
||||||
if time.Now().Sub(peer.timers.lastSentHandshake) < RekeyTimeout {
|
peer.handshake.mutex.RLock()
|
||||||
|
if time.Now().Sub(peer.handshake.lastSentHandshake) < RekeyTimeout {
|
||||||
|
peer.handshake.mutex.RUnlock()
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
peer.timers.lastSentHandshake = time.Now() //TODO: locking for this variable?
|
peer.handshake.mutex.RUnlock()
|
||||||
|
|
||||||
// create initiation message
|
peer.handshake.mutex.Lock()
|
||||||
|
if time.Now().Sub(peer.handshake.lastSentHandshake) < RekeyTimeout {
|
||||||
msg, err := peer.device.CreateMessageInitiation(peer)
|
peer.handshake.mutex.Unlock()
|
||||||
if err != nil {
|
return nil
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
peer.handshake.lastSentHandshake = time.Now()
|
||||||
|
peer.handshake.mutex.Unlock()
|
||||||
|
|
||||||
peer.device.log.Debug.Println(peer, ": Sending handshake initiation")
|
peer.device.log.Debug.Println(peer, ": Sending handshake initiation")
|
||||||
|
|
||||||
// marshal handshake message
|
msg, err := peer.device.CreateMessageInitiation(peer)
|
||||||
|
if err != nil {
|
||||||
|
peer.device.log.Error.Println(peer, ": Failed to create initiation message:", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
var buff [MessageInitiationSize]byte
|
var buff [MessageInitiationSize]byte
|
||||||
writer := bytes.NewBuffer(buff[:0])
|
writer := bytes.NewBuffer(buff[:0])
|
||||||
binary.Write(writer, binary.LittleEndian, msg)
|
binary.Write(writer, binary.LittleEndian, msg)
|
||||||
packet := writer.Bytes()
|
packet := writer.Bytes()
|
||||||
peer.mac.AddMacs(packet)
|
peer.cookieGenerator.AddMacs(packet)
|
||||||
|
|
||||||
// send to endpoint
|
|
||||||
|
|
||||||
peer.timersAnyAuthenticatedPacketTraversal()
|
peer.timersAnyAuthenticatedPacketTraversal()
|
||||||
|
|
||||||
|
err = peer.SendBuffer(packet)
|
||||||
|
if err != nil {
|
||||||
|
peer.device.log.Error.Println(peer, ": Failed to send handshake initiation", err)
|
||||||
|
}
|
||||||
peer.timersHandshakeInitiated()
|
peer.timersHandshakeInitiated()
|
||||||
return peer.SendBuffer(packet)
|
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
func (peer *Peer) SendHandshakeResponse() error {
|
||||||
|
peer.handshake.mutex.Lock()
|
||||||
|
peer.handshake.lastSentHandshake = time.Now()
|
||||||
|
peer.handshake.mutex.Unlock()
|
||||||
|
|
||||||
|
peer.device.log.Debug.Println(peer, ": Sending handshake response")
|
||||||
|
|
||||||
|
response, err := peer.device.CreateMessageResponse(peer)
|
||||||
|
if err != nil {
|
||||||
|
peer.device.log.Error.Println(peer, ": Failed to create response message:", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
var buff [MessageResponseSize]byte
|
||||||
|
writer := bytes.NewBuffer(buff[:0])
|
||||||
|
binary.Write(writer, binary.LittleEndian, response)
|
||||||
|
packet := writer.Bytes()
|
||||||
|
peer.cookieGenerator.AddMacs(packet)
|
||||||
|
|
||||||
|
err = peer.BeginSymmetricSession()
|
||||||
|
if err != nil {
|
||||||
|
peer.device.log.Error.Println(peer, ": Failed to derive keypair:", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
peer.timersSessionDerived()
|
||||||
|
peer.timersAnyAuthenticatedPacketTraversal()
|
||||||
|
|
||||||
|
err = peer.SendBuffer(packet)
|
||||||
|
if err != nil {
|
||||||
|
peer.device.log.Error.Println(peer, ": Failed to send handshake response", err)
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error {
|
||||||
|
|
||||||
|
device.log.Debug.Println("Sending cookie reply to:", initiatingElem.endpoint.DstToString())
|
||||||
|
|
||||||
|
sender := binary.LittleEndian.Uint32(initiatingElem.packet[4:8])
|
||||||
|
reply, err := device.cookieChecker.CreateReply(initiatingElem.packet, sender, initiatingElem.endpoint.DstToBytes())
|
||||||
|
if err != nil {
|
||||||
|
device.log.Error.Println("Failed to create cookie reply:", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
var buff [MessageCookieReplySize]byte
|
||||||
|
writer := bytes.NewBuffer(buff[:0])
|
||||||
|
binary.Write(writer, binary.LittleEndian, reply)
|
||||||
|
device.net.bind.Send(writer.Bytes(), initiatingElem.endpoint)
|
||||||
|
if err != nil {
|
||||||
|
device.log.Error.Println("Failed to send cookie reply:", err)
|
||||||
|
}
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Called when a new authenticated message has been send
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
func (peer *Peer) keepKeyFreshSending() {
|
func (peer *Peer) keepKeyFreshSending() {
|
||||||
kp := peer.keypairs.Current()
|
keypair := peer.keypairs.Current()
|
||||||
if kp == nil {
|
if keypair == nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
nonce := atomic.LoadUint64(&kp.sendNonce)
|
nonce := atomic.LoadUint64(&keypair.sendNonce)
|
||||||
if nonce > RekeyAfterMessages || (kp.isInitiator && time.Now().Sub(kp.created) > RekeyAfterTime) {
|
if nonce > RekeyAfterMessages || (keypair.isInitiator && time.Now().Sub(keypair.created) > RekeyAfterTime) {
|
||||||
peer.SendHandshakeInitiation(false)
|
peer.SendHandshakeInitiation(false)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -217,14 +279,14 @@ func (device *Device) RoutineReadFromTUN() {
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
dst := elem.packet[IPv4offsetDst : IPv4offsetDst+net.IPv4len]
|
dst := elem.packet[IPv4offsetDst : IPv4offsetDst+net.IPv4len]
|
||||||
peer = device.routing.table.LookupIPv4(dst)
|
peer = device.allowedips.LookupIPv4(dst)
|
||||||
|
|
||||||
case ipv6.Version:
|
case ipv6.Version:
|
||||||
if len(elem.packet) < ipv6.HeaderLen {
|
if len(elem.packet) < ipv6.HeaderLen {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
dst := elem.packet[IPv6offsetDst : IPv6offsetDst+net.IPv6len]
|
dst := elem.packet[IPv6offsetDst : IPv6offsetDst+net.IPv6len]
|
||||||
peer = device.routing.table.LookupIPv6(dst)
|
peer = device.allowedips.LookupIPv6(dst)
|
||||||
|
|
||||||
default:
|
default:
|
||||||
logDebug.Println("Received packet with unknown IP version")
|
logDebug.Println("Received packet with unknown IP version")
|
||||||
|
26
timers.go
26
timers.go
@ -104,30 +104,7 @@ func expiredNewHandshake(peer *Peer) {
|
|||||||
|
|
||||||
func expiredZeroKeyMaterial(peer *Peer) {
|
func expiredZeroKeyMaterial(peer *Peer) {
|
||||||
peer.device.log.Debug.Printf(":%s Removing all keys, since we haven't received a new one in %d seconds\n", peer, int((RejectAfterTime * 3).Seconds()))
|
peer.device.log.Debug.Printf(":%s Removing all keys, since we haven't received a new one in %d seconds\n", peer, int((RejectAfterTime * 3).Seconds()))
|
||||||
|
peer.ZeroAndFlushAll()
|
||||||
hs := &peer.handshake
|
|
||||||
hs.mutex.Lock()
|
|
||||||
|
|
||||||
kp := &peer.keypairs
|
|
||||||
kp.mutex.Lock()
|
|
||||||
|
|
||||||
if kp.previous != nil {
|
|
||||||
peer.device.DeleteKeypair(kp.previous)
|
|
||||||
kp.previous = nil
|
|
||||||
}
|
|
||||||
if kp.current != nil {
|
|
||||||
peer.device.DeleteKeypair(kp.current)
|
|
||||||
kp.current = nil
|
|
||||||
}
|
|
||||||
if kp.next != nil {
|
|
||||||
peer.device.DeleteKeypair(kp.next)
|
|
||||||
kp.next = nil
|
|
||||||
}
|
|
||||||
kp.mutex.Unlock()
|
|
||||||
|
|
||||||
peer.device.indexTable.Delete(hs.localIndex)
|
|
||||||
hs.Clear()
|
|
||||||
hs.mutex.Unlock()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func expiredPersistentKeepalive(peer *Peer) {
|
func expiredPersistentKeepalive(peer *Peer) {
|
||||||
@ -209,7 +186,6 @@ func (peer *Peer) timersInit() {
|
|||||||
peer.timers.handshakeAttempts = 0
|
peer.timers.handshakeAttempts = 0
|
||||||
peer.timers.sentLastMinuteHandshake = false
|
peer.timers.sentLastMinuteHandshake = false
|
||||||
peer.timers.needAnotherKeepalive = false
|
peer.timers.needAnotherKeepalive = false
|
||||||
peer.timers.lastSentHandshake = time.Now().Add(-(RekeyTimeout + time.Second))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (peer *Peer) timersStop() {
|
func (peer *Peer) timersStop() {
|
||||||
|
34
uapi.go
34
uapi.go
@ -46,19 +46,16 @@ func ipcGetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
|
|||||||
device.net.mutex.RLock()
|
device.net.mutex.RLock()
|
||||||
defer device.net.mutex.RUnlock()
|
defer device.net.mutex.RUnlock()
|
||||||
|
|
||||||
device.noise.mutex.RLock()
|
device.staticIdentity.mutex.RLock()
|
||||||
defer device.noise.mutex.RUnlock()
|
defer device.staticIdentity.mutex.RUnlock()
|
||||||
|
|
||||||
device.routing.mutex.RLock()
|
device.peers.mutex.RLock()
|
||||||
defer device.routing.mutex.RUnlock()
|
defer device.peers.mutex.RUnlock()
|
||||||
|
|
||||||
device.peers.mutex.Lock()
|
|
||||||
defer device.peers.mutex.Unlock()
|
|
||||||
|
|
||||||
// serialize device related values
|
// serialize device related values
|
||||||
|
|
||||||
if !device.noise.privateKey.IsZero() {
|
if !device.staticIdentity.privateKey.IsZero() {
|
||||||
send("private_key=" + device.noise.privateKey.ToHex())
|
send("private_key=" + device.staticIdentity.privateKey.ToHex())
|
||||||
}
|
}
|
||||||
|
|
||||||
if device.net.port != 0 {
|
if device.net.port != 0 {
|
||||||
@ -91,7 +88,7 @@ func ipcGetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
|
|||||||
send(fmt.Sprintf("rx_bytes=%d", peer.stats.rxBytes))
|
send(fmt.Sprintf("rx_bytes=%d", peer.stats.rxBytes))
|
||||||
send(fmt.Sprintf("persistent_keepalive_interval=%d", peer.persistentKeepaliveInterval))
|
send(fmt.Sprintf("persistent_keepalive_interval=%d", peer.persistentKeepaliveInterval))
|
||||||
|
|
||||||
for _, ip := range device.routing.table.EntriesForPeer(peer) {
|
for _, ip := range device.allowedips.EntriesForPeer(peer) {
|
||||||
send("allowed_ip=" + ip.String())
|
send("allowed_ip=" + ip.String())
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -234,13 +231,12 @@ func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
|
|||||||
|
|
||||||
// ignore peer with public key of device
|
// ignore peer with public key of device
|
||||||
|
|
||||||
device.noise.mutex.RLock()
|
device.staticIdentity.mutex.RLock()
|
||||||
equals := device.noise.publicKey.Equals(publicKey)
|
dummy = device.staticIdentity.publicKey.Equals(publicKey)
|
||||||
device.noise.mutex.RUnlock()
|
device.staticIdentity.mutex.RUnlock()
|
||||||
|
|
||||||
if equals {
|
if dummy {
|
||||||
peer = &Peer{}
|
peer = &Peer{}
|
||||||
dummy = true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// find peer referenced
|
// find peer referenced
|
||||||
@ -348,9 +344,7 @@ func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
device.routing.mutex.Lock()
|
device.allowedips.RemoveByPeer(peer)
|
||||||
device.routing.table.RemoveByPeer(peer)
|
|
||||||
device.routing.mutex.Unlock()
|
|
||||||
|
|
||||||
case "allowed_ip":
|
case "allowed_ip":
|
||||||
|
|
||||||
@ -367,9 +361,7 @@ func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
|
|||||||
}
|
}
|
||||||
|
|
||||||
ones, _ := network.Mask.Size()
|
ones, _ := network.Mask.Size()
|
||||||
device.routing.mutex.Lock()
|
device.allowedips.Insert(network.IP, uint(ones), peer)
|
||||||
device.routing.table.Insert(network.IP, uint(ones), peer)
|
|
||||||
device.routing.mutex.Unlock()
|
|
||||||
|
|
||||||
default:
|
default:
|
||||||
logError.Println("Invalid UAPI key (peer configuration):", key)
|
logError.Println("Invalid UAPI key (peer configuration):", key)
|
||||||
|
Loading…
Reference in New Issue
Block a user