conn: make binds replacable

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/conn/conn_linux.go b/conn/bind_linux.go
similarity index 76%
rename from conn/conn_linux.go
rename to conn/bind_linux.go
index 58b7de176304c0bdbe5a835060b505f6fca0b3b4..41998095190296aa7c28b0869df5b30fc625bca0 100644 (file)
--- a/conn/conn_linux.go
+++ b/conn/bind_linux.go
@@ -1,5 +1,3 @@
-// +build !android
-
 /* SPDX-License-Identifier: MIT
  *
  * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
@@ -18,55 +16,59 @@ import (
        "golang.org/x/sys/unix"
 )
 
-type IPv4Source struct {
+type ipv4Source struct {
        Src     [4]byte
        Ifindex int32
 }
 
-type IPv6Source struct {
+type ipv6Source struct {
        src [16]byte
-       //ifindex belongs in dst.ZoneId
+       // ifindex belongs in dst.ZoneId
 }
 
-type NativeEndpoint struct {
+type LinuxSocketEndpoint struct {
        sync.Mutex
        dst  [unsafe.Sizeof(unix.SockaddrInet6{})]byte
-       src  [unsafe.Sizeof(IPv6Source{})]byte
+       src  [unsafe.Sizeof(ipv6Source{})]byte
        isV6 bool
 }
 
-func (endpoint *NativeEndpoint) Src4() *IPv4Source         { return endpoint.src4() }
-func (endpoint *NativeEndpoint) Dst4() *unix.SockaddrInet4 { return endpoint.dst4() }
-func (endpoint *NativeEndpoint) IsV6() bool                { return endpoint.isV6 }
+func (endpoint *LinuxSocketEndpoint) Src4() *ipv4Source         { return endpoint.src4() }
+func (endpoint *LinuxSocketEndpoint) Dst4() *unix.SockaddrInet4 { return endpoint.dst4() }
+func (endpoint *LinuxSocketEndpoint) IsV6() bool                { return endpoint.isV6 }
 
-func (endpoint *NativeEndpoint) src4() *IPv4Source {
-       return (*IPv4Source)(unsafe.Pointer(&endpoint.src[0]))
+func (endpoint *LinuxSocketEndpoint) src4() *ipv4Source {
+       return (*ipv4Source)(unsafe.Pointer(&endpoint.src[0]))
 }
 
-func (endpoint *NativeEndpoint) src6() *IPv6Source {
-       return (*IPv6Source)(unsafe.Pointer(&endpoint.src[0]))
+func (endpoint *LinuxSocketEndpoint) src6() *ipv6Source {
+       return (*ipv6Source)(unsafe.Pointer(&endpoint.src[0]))
 }
 
-func (endpoint *NativeEndpoint) dst4() *unix.SockaddrInet4 {
+func (endpoint *LinuxSocketEndpoint) dst4() *unix.SockaddrInet4 {
        return (*unix.SockaddrInet4)(unsafe.Pointer(&endpoint.dst[0]))
 }
 
-func (endpoint *NativeEndpoint) dst6() *unix.SockaddrInet6 {
+func (endpoint *LinuxSocketEndpoint) dst6() *unix.SockaddrInet6 {
        return (*unix.SockaddrInet6)(unsafe.Pointer(&endpoint.dst[0]))
 }
 
-type nativeBind struct {
+// LinuxSocketBind uses sendmsg and recvmsg to implement a full bind with sticky sockets on Linux.
+type LinuxSocketBind struct {
        sock4    int
        sock6    int
        lastMark uint32
        closing  sync.RWMutex
 }
 
-var _ Endpoint = (*NativeEndpoint)(nil)
-var _ Bind = (*nativeBind)(nil)
+func NewLinuxSocketBind() Bind { return &LinuxSocketBind{sock4: -1, sock6: -1} }
+func NewDefaultBind() Bind     { return NewLinuxSocketBind() }
+
+var _ Endpoint = (*LinuxSocketEndpoint)(nil)
+var _ Bind = (*LinuxSocketBind)(nil)
 
-func CreateEndpoint(s string) (Endpoint, error) {
-       var end NativeEndpoint
+func (*LinuxSocketBind) ParseEndpoint(s string) (Endpoint, error) {
+       var end LinuxSocketEndpoint
        addr, err := parseEndpoint(s)
        if err != nil {
                return nil, err
@@ -97,14 +99,18 @@ func CreateEndpoint(s string) (Endpoint, error) {
                return &end, nil
        }
 
-       return nil, errors.New("Invalid IP address")
+       return nil, errors.New("invalid IP address")
 }
 
-func createBind(port uint16) (Bind, uint16, error) {
+func (bind *LinuxSocketBind) Open(port uint16) (uint16, error) {
        var err error
-       var bind nativeBind
        var newPort uint16
        var tries int
+
+       if bind.sock4 != -1 || bind.sock6 != -1 {
+               return 0, ErrBindAlreadyOpen
+       }
+
        originalPort := port
 
 again:
@@ -113,7 +119,7 @@ again:
        bind.sock6, newPort, err = create6(port)
        if err != nil {
                if err != syscall.EAFNOSUPPORT {
-                       return nil, 0, err
+                       return 0, err
                }
        } else {
                port = newPort
@@ -129,24 +135,19 @@ again:
                }
                if err != syscall.EAFNOSUPPORT {
                        unix.Close(bind.sock6)
-                       return nil, 0, err
+                       return 0, err
                }
        } else {
                port = newPort
        }
 
        if bind.sock4 == -1 && bind.sock6 == -1 {
-               return nil, 0, errors.New("ipv4 and ipv6 not supported")
+               return 0, syscall.EAFNOSUPPORT
        }
-
-       return &bind, port, nil
-}
-
-func (bind *nativeBind) LastMark() uint32 {
-       return bind.lastMark
+       return port, nil
 }
 
-func (bind *nativeBind) SetMark(value uint32) error {
+func (bind *LinuxSocketBind) SetMark(value uint32) error {
        bind.closing.RLock()
        defer bind.closing.RUnlock()
 
@@ -180,7 +181,7 @@ func (bind *nativeBind) SetMark(value uint32) error {
        return nil
 }
 
-func (bind *nativeBind) Close() error {
+func (bind *LinuxSocketBind) Close() error {
        var err1, err2 error
        bind.closing.RLock()
        if bind.sock6 != -1 {
@@ -207,11 +208,11 @@ func (bind *nativeBind) Close() error {
        return err2
 }
 
-func (bind *nativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
+func (bind *LinuxSocketBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
        bind.closing.RLock()
        defer bind.closing.RUnlock()
 
-       var end NativeEndpoint
+       var end LinuxSocketEndpoint
        if bind.sock6 == -1 {
                return 0, nil, net.ErrClosed
        }
@@ -223,11 +224,11 @@ func (bind *nativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
        return n, &end, err
 }
 
-func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
+func (bind *LinuxSocketBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
        bind.closing.RLock()
        defer bind.closing.RUnlock()
 
-       var end NativeEndpoint
+       var end LinuxSocketEndpoint
        if bind.sock4 == -1 {
                return 0, nil, net.ErrClosed
        }
@@ -239,11 +240,14 @@ func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
        return n, &end, err
 }
 
-func (bind *nativeBind) Send(buff []byte, end Endpoint) error {
+func (bind *LinuxSocketBind) Send(buff []byte, end Endpoint) error {
        bind.closing.RLock()
        defer bind.closing.RUnlock()
 
-       nend := end.(*NativeEndpoint)
+       nend, ok := end.(*LinuxSocketEndpoint)
+       if !ok {
+               return ErrWrongEndpointType
+       }
        if !nend.isV6 {
                if bind.sock4 == -1 {
                        return net.ErrClosed
@@ -257,7 +261,7 @@ func (bind *nativeBind) Send(buff []byte, end Endpoint) error {
        }
 }
 
-func (end *NativeEndpoint) SrcIP() net.IP {
+func (end *LinuxSocketEndpoint) SrcIP() net.IP {
        if !end.isV6 {
                return net.IPv4(
                        end.src4().Src[0],
@@ -270,7 +274,7 @@ func (end *NativeEndpoint) SrcIP() net.IP {
        }
 }
 
-func (end *NativeEndpoint) DstIP() net.IP {
+func (end *LinuxSocketEndpoint) DstIP() net.IP {
        if !end.isV6 {
                return net.IPv4(
                        end.dst4().Addr[0],
@@ -283,7 +287,7 @@ func (end *NativeEndpoint) DstIP() net.IP {
        }
 }
 
-func (end *NativeEndpoint) DstToBytes() []byte {
+func (end *LinuxSocketEndpoint) DstToBytes() []byte {
        if !end.isV6 {
                return (*[unsafe.Offsetof(end.dst4().Addr) + unsafe.Sizeof(end.dst4().Addr)]byte)(unsafe.Pointer(end.dst4()))[:]
        } else {
@@ -291,11 +295,11 @@ func (end *NativeEndpoint) DstToBytes() []byte {
        }
 }
 
-func (end *NativeEndpoint) SrcToString() string {
+func (end *LinuxSocketEndpoint) SrcToString() string {
        return end.SrcIP().String()
 }
 
-func (end *NativeEndpoint) DstToString() string {
+func (end *LinuxSocketEndpoint) DstToString() string {
        var udpAddr net.UDPAddr
        udpAddr.IP = end.DstIP()
        if !end.isV6 {
@@ -306,13 +310,13 @@ func (end *NativeEndpoint) DstToString() string {
        return udpAddr.String()
 }
 
-func (end *NativeEndpoint) ClearDst() {
+func (end *LinuxSocketEndpoint) ClearDst() {
        for i := range end.dst {
                end.dst[i] = 0
        }
 }
 
-func (end *NativeEndpoint) ClearSrc() {
+func (end *LinuxSocketEndpoint) ClearSrc() {
        for i := range end.src {
                end.src[i] = 0
        }
@@ -427,7 +431,7 @@ func create6(port uint16) (int, uint16, error) {
        return fd, uint16(addr.Port), err
 }
 
-func send4(sock int, end *NativeEndpoint, buff []byte) error {
+func send4(sock int, end *LinuxSocketEndpoint, buff []byte) error {
 
        // construct message header
 
@@ -467,7 +471,7 @@ func send4(sock int, end *NativeEndpoint, buff []byte) error {
        return err
 }
 
-func send6(sock int, end *NativeEndpoint, buff []byte) error {
+func send6(sock int, end *LinuxSocketEndpoint, buff []byte) error {
 
        // construct message header
 
@@ -511,7 +515,7 @@ func send6(sock int, end *NativeEndpoint, buff []byte) error {
        return err
 }
 
-func receive4(sock int, buff []byte, end *NativeEndpoint) (int, error) {
+func receive4(sock int, buff []byte, end *LinuxSocketEndpoint) (int, error) {
 
        // construct message header
 
@@ -543,7 +547,7 @@ func receive4(sock int, buff []byte, end *NativeEndpoint) (int, error) {
        return size, nil
 }
 
-func receive6(sock int, buff []byte, end *NativeEndpoint) (int, error) {
+func receive6(sock int, buff []byte, end *LinuxSocketEndpoint) (int, error) {
 
        // construct message header
 

diff --git a/conn/conn_default.go b/conn/bind_std.go
similarity index 58%
rename from conn/conn_default.go
rename to conn/bind_std.go
index 82a1e4220d3e74f2488a034c6e8bc05419a794eb..193c4fed3313395b8771c0c6f3355dae2f0d3b26 100644 (file)
--- a/conn/conn_default.go
+++ b/conn/bind_std.go
@@ -1,5 +1,3 @@
-// +build !linux android
-
 /* SPDX-License-Identifier: MIT
  *
  * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
@@ -13,41 +11,40 @@ import (
        "syscall"
 )
 
-/* This code is meant to be a temporary solution
- * on platforms for which the sticky socket / source caching behavior
- * has not yet been implemented.
- *
- * See conn_linux.go for an implementation on the linux platform.
- */
-
-type nativeBind struct {
+// StdNetBind is meant to be a temporary solution on platforms for which
+// the sticky socket / source caching behavior has not yet been implemented.
+// It uses the Go's net package to implement networking.
+// See LinuxSocketBind for a proper implementation on the Linux platform.
+type StdNetBind struct {
        ipv4       *net.UDPConn
        ipv6       *net.UDPConn
        blackhole4 bool
        blackhole6 bool
 }
 
-type NativeEndpoint net.UDPAddr
+func NewStdNetBind() Bind { return &StdNetBind{} }
 
-var _ Bind = (*nativeBind)(nil)
-var _ Endpoint = (*NativeEndpoint)(nil)
+type StdNetEndpoint net.UDPAddr
 
-func CreateEndpoint(s string) (Endpoint, error) {
+var _ Bind = (*StdNetBind)(nil)
+var _ Endpoint = (*StdNetEndpoint)(nil)
+
+func (*StdNetBind) ParseEndpoint(s string) (Endpoint, error) {
        addr, err := parseEndpoint(s)
-       return (*NativeEndpoint)(addr), err
+       return (*StdNetEndpoint)(addr), err
 }
 
-func (*NativeEndpoint) ClearSrc() {}
+func (*StdNetEndpoint) ClearSrc() {}
 
-func (e *NativeEndpoint) DstIP() net.IP {
+func (e *StdNetEndpoint) DstIP() net.IP {
        return (*net.UDPAddr)(e).IP
 }
 
-func (e *NativeEndpoint) SrcIP() net.IP {
+func (e *StdNetEndpoint) SrcIP() net.IP {
        return nil // not supported
 }
 
-func (e *NativeEndpoint) DstToBytes() []byte {
+func (e *StdNetEndpoint) DstToBytes() []byte {
        addr := (*net.UDPAddr)(e)
        out := addr.IP.To4()
        if out == nil {
@@ -58,11 +55,11 @@ func (e *NativeEndpoint) DstToBytes() []byte {
        return out
 }
 
-func (e *NativeEndpoint) DstToString() string {
+func (e *StdNetEndpoint) DstToString() string {
        return (*net.UDPAddr)(e).String()
 }
 
-func (e *NativeEndpoint) SrcToString() string {
+func (e *StdNetEndpoint) SrcToString() string {
        return ""
 }
 
@@ -84,41 +81,52 @@ func listenNet(network string, port int) (*net.UDPConn, int, error) {
        return conn, uaddr.Port, nil
 }
 
-func createBind(uport uint16) (Bind, uint16, error) {
+func (bind *StdNetBind) Open(uport uint16) (uint16, error) {
        var err error
-       var bind nativeBind
        var tries int
 
+       if bind.ipv4 != nil || bind.ipv6 != nil {
+               return 0, ErrBindAlreadyOpen
+       }
+
 again:
        port := int(uport)
 
        bind.ipv4, port, err = listenNet("udp4", port)
        if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) {
-               return nil, 0, err
+               bind.ipv4 = nil
+               return 0, err
        }
 
        bind.ipv6, port, err = listenNet("udp6", port)
        if uport == 0 && err != nil && errors.Is(err, syscall.EADDRINUSE) && tries < 100 {
                bind.ipv4.Close()
+               bind.ipv4 = nil
+               bind.ipv6 = nil
                tries++
                goto again
        }
        if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) {
                bind.ipv4.Close()
                bind.ipv4 = nil
-               return nil, 0, err
+               bind.ipv6 = nil
+               return 0, err
        }
-
-       return &bind, uint16(port), nil
+       if bind.ipv4 == nil && bind.ipv6 == nil {
+               return 0, syscall.EAFNOSUPPORT
+       }
+       return uint16(port), nil
 }
 
-func (bind *nativeBind) Close() error {
+func (bind *StdNetBind) Close() error {
        var err1, err2 error
        if bind.ipv4 != nil {
                err1 = bind.ipv4.Close()
+               bind.ipv4 = nil
        }
        if bind.ipv6 != nil {
                err2 = bind.ipv6.Close()
+               bind.ipv6 = nil
        }
        if err1 != nil {
                return err1
@@ -126,9 +134,7 @@ func (bind *nativeBind) Close() error {
        return err2
 }
 
-func (bind *nativeBind) LastMark() uint32 { return 0 }
-
-func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
+func (bind *StdNetBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
        if bind.ipv4 == nil {
                return 0, nil, syscall.EAFNOSUPPORT
        }
@@ -136,20 +142,23 @@ func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
        if endpoint != nil {
                endpoint.IP = endpoint.IP.To4()
        }
-       return n, (*NativeEndpoint)(endpoint), err
+       return n, (*StdNetEndpoint)(endpoint), err
 }
 
-func (bind *nativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
+func (bind *StdNetBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
        if bind.ipv6 == nil {
                return 0, nil, syscall.EAFNOSUPPORT
        }
        n, endpoint, err := bind.ipv6.ReadFromUDP(buff)
-       return n, (*NativeEndpoint)(endpoint), err
+       return n, (*StdNetEndpoint)(endpoint), err
 }
 
-func (bind *nativeBind) Send(buff []byte, endpoint Endpoint) error {
+func (bind *StdNetBind) Send(buff []byte, endpoint Endpoint) error {
        var err error
-       nend := endpoint.(*NativeEndpoint)
+       nend, ok := endpoint.(*StdNetEndpoint)
+       if !ok {
+               return ErrWrongEndpointType
+       }
        if nend.IP.To4() != nil {
                if bind.ipv4 == nil {
                        return syscall.EAFNOSUPPORT

diff --git a/conn/boundif_android.go b/conn/boundif_android.go
index 2c68d579fb084be8b593d46f1a433dc63e424572..8b82bfc581db3bab766d3889eb728c74fd8a3e55 100644 (file)
--- a/conn/boundif_android.go
+++ b/conn/boundif_android.go
@@ -5,7 +5,7 @@
 
 package conn
 
-func (bind *nativeBind) PeekLookAtSocketFd4() (fd int, err error) {
+func (bind *StdNetBind) PeekLookAtSocketFd4() (fd int, err error) {
        sysconn, err := bind.ipv4.SyscallConn()
        if err != nil {
                return -1, err
@@ -19,7 +19,7 @@ func (bind *nativeBind) PeekLookAtSocketFd4() (fd int, err error) {
        return
 }
 
-func (bind *nativeBind) PeekLookAtSocketFd6() (fd int, err error) {
+func (bind *StdNetBind) PeekLookAtSocketFd6() (fd int, err error) {
        sysconn, err := bind.ipv6.SyscallConn()
        if err != nil {
                return -1, err

diff --git a/conn/boundif_windows.go b/conn/boundif_windows.go
index e425d2358868822df0473ee94cb2232dddebeda1..6f6fdd8fea3ed7ea705151692c1c8f71a20353ce 100644 (file)
--- a/conn/boundif_windows.go
+++ b/conn/boundif_windows.go
@@ -17,7 +17,7 @@ const (
        sockoptIPV6_UNICAST_IF = 31
 )
 
-func (bind *nativeBind) BindSocketToInterface4(interfaceIndex uint32, blackhole bool) error {
+func (bind *StdNetBind) BindSocketToInterface4(interfaceIndex uint32, blackhole bool) error {
        /* MSDN says for IPv4 this needs to be in net byte order, so that it's like an IP address with leading zeros. */
        bytes := make([]byte, 4)
        binary.BigEndian.PutUint32(bytes, interfaceIndex)
@@ -40,7 +40,7 @@ func (bind *nativeBind) BindSocketToInterface4(interfaceIndex uint32, blackhole
        return nil
 }
 
-func (bind *nativeBind) BindSocketToInterface6(interfaceIndex uint32, blackhole bool) error {
+func (bind *StdNetBind) BindSocketToInterface6(interfaceIndex uint32, blackhole bool) error {
        sysconn, err := bind.ipv6.SyscallConn()
        if err != nil {
                return err

diff --git a/conn/conn.go b/conn/conn.go
index 6e7939cd9aa5b7806234871b0d85f8c2feb0a966..6fd232f1b96daaf09fcddb58d3a715099da41211 100644 (file)
--- a/conn/conn.go
+++ b/conn/conn.go
@@ -17,40 +17,30 @@ import (
 // A Bind interface may also be a PeekLookAtSocketFd or BindSocketToInterface,
 // depending on the platform-specific implementation.
 type Bind interface {
-       // LastMark reports the last mark set for this Bind.
-       LastMark() uint32
+       // Open puts the Bind into a listening state on a given port and reports the actual
+       // port that it bound to. Passing zero results in a random selection.
+       Open(port uint16) (actualPort uint16, err error)
+
+       // Close closes the Bind listener.
+       Close() error
 
        // SetMark sets the mark for each packet sent through this Bind.
        // This mark is passed to the kernel as the socket option SO_MARK.
        SetMark(mark uint32) error
 
-       // ReceiveIPv6 reads an IPv6 UDP packet into b.
-       //
-       // It reports the number of bytes read, n,
-       // the packet source address ep,
-       // and any error.
+       // ReceiveIPv6 reads an IPv6 UDP packet into b.  It reports the number of bytes read,
+       // n, the packet source address ep, and any error.
        ReceiveIPv6(b []byte) (n int, ep Endpoint, err error)
 
-       // ReceiveIPv4 reads an IPv4 UDP packet into b.
-       //
-       // It reports the number of bytes read, n,
-       // the packet source address ep,
-       // and any error.
+       // ReceiveIPv4 reads an IPv4 UDP packet into b. It reports the number of bytes read,
+       // n, the packet source address ep, and any error.
        ReceiveIPv4(b []byte) (n int, ep Endpoint, err error)
 
        // Send writes a packet b to address ep.
        Send(b []byte, ep Endpoint) error
 
-       // Close closes the Bind connection.
-       Close() error
-}
-
-// CreateBind creates a Bind bound to a port.
-//
-// The value actualPort reports the actual port number the Bind
-// object gets bound to.
-func CreateBind(port uint16) (b Bind, actualPort uint16, err error) {
-       return createBind(port)
+       // ParseEndpoint creates a new endpoint from a string.
+       ParseEndpoint(s string) (Endpoint, error)
 }
 
 // BindSocketToInterface is implemented by Bind objects that support being
@@ -69,8 +59,8 @@ type PeekLookAtSocketFd interface {
 
 // An Endpoint maintains the source/destination caching for a peer.
 //
-//     dst : the remote address of a peer ("endpoint" in uapi terminology)
-//     src : the local address from which datagrams originate going to the peer
+//     dst: the remote address of a peer ("endpoint" in uapi terminology)
+//     src: the local address from which datagrams originate going to the peer
 type Endpoint interface {
        ClearSrc()           // clears the source address
        SrcToString() string // returns the local source address (ip:port)
@@ -109,3 +99,8 @@ func parseEndpoint(s string) (*net.UDPAddr, error) {
        }
        return addr, err
 }
+
+var (
+       ErrBindAlreadyOpen   = errors.New("bind is already open")
+       ErrWrongEndpointType = errors.New("endpoint type does not correspond with bind type")
+)

diff --git a/conn/default.go b/conn/default.go
new file mode 100644 (file)
index 0000000..cd9bfb0
--- /dev/null
+++ b/conn/default.go
@@ -0,0 +1,10 @@
+// +build !linux
+
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ */
+
+package conn
+
+func NewDefaultBind() Bind { return NewStdNetBind() }

diff --git a/conn/mark_default.go b/conn/mark_default.go
index 0f00f6f0f3325737e8c639d1602be268d7a07b1e..c315f4b36b345f976088a61c8ca4b1ebf73b1010 100644 (file)
--- a/conn/mark_default.go
+++ b/conn/mark_default.go
@@ -7,6 +7,6 @@
 
 package conn
 
-func (bind *nativeBind) SetMark(mark uint32) error {
+func (bind *StdNetBind) SetMark(mark uint32) error {
        return nil
 }

diff --git a/conn/mark_unix.go b/conn/mark_unix.go
index c29f247ee9a0b964a5b7e5ef7a60b3acc296df4b..18eb581957820da32524185a5a061a2022198594 100644 (file)
--- a/conn/mark_unix.go
+++ b/conn/mark_unix.go
@@ -1,4 +1,4 @@
-// +build android openbsd freebsd
+// +build linux openbsd freebsd
 
 /* SPDX-License-Identifier: MIT
  *
@@ -26,7 +26,7 @@ func init() {
        }
 }
 
-func (bind *nativeBind) SetMark(mark uint32) error {
+func (bind *StdNetBind) SetMark(mark uint32) error {
        var operr error
        if fwmarkIoctl == 0 {
                return nil

diff --git a/device/device.go b/device/device.go
index 432549d6715852f61426b24cd799149a0a7212de..4b131a2cb97f486f1048f70145a99d5b93e59e3e 100644 (file)
--- a/device/device.go
+++ b/device/device.go
@@ -279,11 +279,12 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
        return nil
 }
 
-func NewDevice(tunDevice tun.Device, logger *Logger) *Device {
+func NewDevice(tunDevice tun.Device, bind conn.Bind, logger *Logger) *Device {
        device := new(Device)
        device.state.state = uint32(deviceStateDown)
        device.closed = make(chan struct{})
        device.log = logger
+       device.net.bind = bind
        device.tun.device = tunDevice
        mtu, err := device.tun.device.MTU()
        if err != nil {
@@ -302,11 +303,6 @@ func NewDevice(tunDevice tun.Device, logger *Logger) *Device {
        device.queue.encryption = newOutboundQueue()
        device.queue.decryption = newInboundQueue()
 
-       // prepare net
-
-       device.net.port = 0
-       device.net.bind = nil
-
        // start workers
 
        cpus := runtime.NumCPU()
@@ -414,7 +410,6 @@ func unsafeCloseBind(device *Device) error {
        }
        if netc.bind != nil {
                err = netc.bind.Close()
-               netc.bind = nil
        }
        netc.stopping.Wait()
        return err
@@ -474,16 +469,14 @@ func (device *Device) BindUpdate() error {
        // bind to new port
        var err error
        netc := &device.net
-       netc.bind, netc.port, err = conn.CreateBind(netc.port)
+       netc.port, err = netc.bind.Open(netc.port)
        if err != nil {
-               netc.bind = nil
                netc.port = 0
                return err
        }
        netc.netlinkCancel, err = device.startRouteListener(netc.bind)
        if err != nil {
                netc.bind.Close()
-               netc.bind = nil
                netc.port = 0
                return err
        }

diff --git a/device/device_test.go b/device/device_test.go
index 7958fb9c4b7dcb39f77b0434a074f98cfa0197fe..01ee2acdefbad10e032f02a268aa858864c06436 100644 (file)
--- a/device/device_test.go
+++ b/device/device_test.go
@@ -21,6 +21,7 @@ import (
        "testing"
        "time"
 
+       "golang.zx2c4.com/wireguard/conn"
        "golang.zx2c4.com/wireguard/tun/tuntest"
 )
 
@@ -158,7 +159,7 @@ func genTestPair(tb testing.TB) (pair testPair) {
                if _, ok := tb.(*testing.B); ok && !testing.Verbose() {
                        level = LogLevelError
                }
-               p.dev = NewDevice(p.tun.TUN(), NewLogger(level, fmt.Sprintf("dev%d: ", i)))
+               p.dev = NewDevice(p.tun.TUN(), conn.NewDefaultBind(), NewLogger(level, fmt.Sprintf("dev%d: ", i)))
                if err := p.dev.IpcSet(cfg[i]); err != nil {
                        tb.Errorf("failed to configure device %d: %v", i, err)
                        p.dev.Close()
@@ -332,7 +333,7 @@ func randDevice(t *testing.T) *Device {
        }
        tun := newDummyTUN("dummy")
        logger := NewLogger(LogLevelError, "")
-       device := NewDevice(tun, logger)
+       device := NewDevice(tun, conn.NewDefaultBind(), logger)
        device.SetPrivateKey(sk)
        return device
 }

diff --git a/device/peer.go b/device/peer.go
index 499888dfbddbd03f9930ce3c20c3636861f74111..332f7bd190fa414d1c9b0f4049405efcb9d6b7fc 100644 (file)
--- a/device/peer.go
+++ b/device/peer.go
@@ -126,13 +126,8 @@ func (peer *Peer) SendBuffer(buffer []byte) error {
        peer.device.net.RLock()
        defer peer.device.net.RUnlock()
 
-       if peer.device.net.bind == nil {
-               // Packets can leak through to SendBuffer while the device is closing.
-               // When that happens, drop them silently to avoid spurious errors.
-               if peer.device.isClosed() {
-                       return nil
-               }
-               return errors.New("no bind")
+       if peer.device.isClosed() {
+               return nil
        }
 
        peer.RLock()

diff --git a/device/sticky_default.go b/device/sticky_default.go
index 56da4ebf27c7cbfffa5b40b859ff416b50b5e226..1cc52f69bfd6a9e99e8c4249e6a0ded5baa61dba 100644 (file)
--- a/device/sticky_default.go
+++ b/device/sticky_default.go
@@ -1,4 +1,4 @@
-// +build !linux android
+// +build !linux
 
 package device
 

diff --git a/device/sticky_linux.go b/device/sticky_linux.go
index a984f249a87f1bcea768fd7ba4cb521e06cb8073..6193ea3c2e364137cd4770efa0c3fa967a27efc2 100644 (file)
--- a/device/sticky_linux.go
+++ b/device/sticky_linux.go
@@ -1,5 +1,3 @@
-// +build !android
-
 /* SPDX-License-Identifier: MIT
  *
  * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
@@ -21,11 +19,16 @@ import (
        "unsafe"
 
        "golang.org/x/sys/unix"
+
        "golang.zx2c4.com/wireguard/conn"
        "golang.zx2c4.com/wireguard/rwcancel"
 )
 
 func (device *Device) startRouteListener(bind conn.Bind) (*rwcancel.RWCancel, error) {
+       if _, ok := bind.(*conn.LinuxSocketBind); !ok {
+               return nil, nil
+       }
+
        netlinkSock, err := createNetlinkRouteSocket()
        if err != nil {
                return nil, err
@@ -109,11 +112,11 @@ func (device *Device) routineRouteListener(bind conn.Bind, netlinkSock int, netl
                                                                        pePtr.peer.Unlock()
                                                                        break
                                                                }
-                                                               if uint32(pePtr.peer.endpoint.(*conn.NativeEndpoint).Src4().Ifindex) == ifidx {
+                                                               if uint32(pePtr.peer.endpoint.(*conn.LinuxSocketEndpoint).Src4().Ifindex) == ifidx {
                                                                        pePtr.peer.Unlock()
                                                                        break
                                                                }
-                                                               pePtr.peer.endpoint.(*conn.NativeEndpoint).ClearSrc()
+                                                               pePtr.peer.endpoint.(*conn.LinuxSocketEndpoint).ClearSrc()
                                                                pePtr.peer.Unlock()
                                                        }
                                                        attr = attr[attrhdr.Len:]
@@ -133,7 +136,7 @@ func (device *Device) routineRouteListener(bind conn.Bind, netlinkSock int, netl
                                                        peer.RUnlock()
                                                        continue
                                                }
-                                               nativeEP, _ := peer.endpoint.(*conn.NativeEndpoint)
+                                               nativeEP, _ := peer.endpoint.(*conn.LinuxSocketEndpoint)
                                                if nativeEP == nil {
                                                        peer.RUnlock()
                                                        continue
@@ -176,7 +179,7 @@ func (device *Device) routineRouteListener(bind conn.Bind, netlinkSock int, netl
                                                                Len:  8,
                                                                Type: unix.RTA_MARK,
                                                        },
-                                                       uint32(bind.LastMark()),
+                                                       device.net.fwmark,
                                                }
                                                nlmsg.hdr.Len = uint32(unsafe.Sizeof(nlmsg))
                                                reqPeerLock.Lock()

diff --git a/device/uapi.go b/device/uapi.go
index 406880f2e1954035b5bde465ed94830a80dd63e3..659af0acbcbd14111537862d5baacf2217940e36 100644 (file)
--- a/device/uapi.go
+++ b/device/uapi.go
@@ -18,7 +18,6 @@ import (
        "sync/atomic"
        "time"
 
-       "golang.zx2c4.com/wireguard/conn"
        "golang.zx2c4.com/wireguard/ipc"
 )
 
@@ -331,7 +330,7 @@ func (device *Device) handlePeerLine(peer *ipcSetPeer, key, value string) error
 
        case "endpoint":
                device.log.Verbosef("%v - UAPI: Updating endpoint", peer.Peer)
-               endpoint, err := conn.CreateEndpoint(value)
+               endpoint, err := device.net.bind.ParseEndpoint(value)
                if err != nil {
                        return ipcErrorf(ipc.IpcErrorInvalid, "failed to set endpoint %v: %w", value, err)
                }

diff --git a/main.go b/main.go
index eb5446f111b4f41c34a8ecd57e9471c60458e4a7..a599de1784a24f4a204dc3dca4caa40987b38a9c 100644 (file)
--- a/main.go
+++ b/main.go
@@ -15,6 +15,7 @@ import (
        "strconv"
        "syscall"
 
+       "golang.zx2c4.com/wireguard/conn"
        "golang.zx2c4.com/wireguard/device"
        "golang.zx2c4.com/wireguard/ipc"
        "golang.zx2c4.com/wireguard/tun"
@@ -219,7 +220,7 @@ func main() {
                return
        }
 
-       device := device.NewDevice(tun, logger)
+       device := device.NewDevice(tun, conn.NewDefaultBind(), logger)
 
        logger.Verbosef("Device started")
 

diff --git a/main_windows.go b/main_windows.go
index 128a0cd8efe8c0f9cea496d838841060a0234e4b..5a7b1364bc95abf5ad7df8dbea0de2c5c305e2ce 100644 (file)
--- a/main_windows.go
+++ b/main_windows.go
@@ -11,6 +11,7 @@ import (
        "os/signal"
        "syscall"
 
+       "golang.zx2c4.com/wireguard/conn"
        "golang.zx2c4.com/wireguard/device"
        "golang.zx2c4.com/wireguard/ipc"
 
@@ -47,7 +48,7 @@ func main() {
                os.Exit(ExitSetupFailed)
        }
 
-       device := device.NewDevice(tun, logger)
+       device := device.NewDevice(tun, conn.NewDefaultBind(), logger)
        err = device.Up()
        if err != nil {
                logger.Errorf("Failed to bring up device: %v", err)