"net"
"strconv"
"strings"
+ "sync/atomic"
+ "syscall"
)
-// #include <errno.h>
-import "C"
-
-/* TODO: More fine grained?
- */
const (
- ipcErrorNoPeer = C.EPROTO
- ipcErrorNoKeyValue = C.EPROTO
- ipcErrorInvalidKey = C.EPROTO
- ipcErrorInvalidValue = C.EPROTO
+ ipcErrorIO = syscall.EIO
+ ipcErrorNoPeer = syscall.EPROTO
+ ipcErrorNoKeyValue = syscall.EPROTO
+ ipcErrorInvalidKey = syscall.EPROTO
+ ipcErrorInvalidValue = syscall.EPROTO
)
type IPCError struct {
- Code int
+ Code syscall.Errno
}
func (s *IPCError) Error() string {
return fmt.Sprintf("IPC error: %d", s.Code)
}
-func (s *IPCError) ErrorCode() int {
- return s.Code
+func (s *IPCError) ErrorCode() uintptr {
+ return uintptr(s.Code)
}
-func ipcGetOperation(device *Device, socket *bufio.ReadWriter) error {
-
- device.mutex.RLock()
- defer device.mutex.RUnlock()
+func ipcGetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
// create lines
+ device.mutex.RLock()
+
lines := make([]string, 0, 100)
send := func(line string) {
lines = append(lines, line)
}
send(fmt.Sprintf("tx_bytes=%d", peer.txBytes))
send(fmt.Sprintf("rx_bytes=%d", peer.rxBytes))
- send(fmt.Sprintf("persistent_keepalive_interval=%d", peer.persistentKeepaliveInterval))
+ send(fmt.Sprintf("persistent_keepalive_interval=%d",
+ atomic.LoadUint64(&peer.persistentKeepaliveInterval),
+ ))
for _, ip := range device.routingTable.AllowedIPs(peer) {
send("allowed_ip=" + ip.String())
}
}()
}
+ device.mutex.RUnlock()
+
// send lines
for _, line := range lines {
_, err := socket.WriteString(line + "\n")
if err != nil {
- return err
+ return &IPCError{
+ Code: ipcErrorIO,
+ }
}
}
}
func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
- logger := device.log.Debug
scanner := bufio.NewScanner(socket)
+ logError := device.log.Error
+ logDebug := device.log.Debug
var peer *Peer
for scanner.Scan() {
- // Parse line
+ // parse line
line := scanner.Text()
if line == "" {
}
parts := strings.Split(line, "=")
if len(parts) != 2 {
- device.log.Debug.Println(parts)
return &IPCError{Code: ipcErrorNoKeyValue}
}
key := parts[0]
switch key {
- /* Interface configuration */
+ /* interface configuration */
case "private_key":
if value == "" {
var sk NoisePrivateKey
err := sk.FromHex(value)
if err != nil {
- logger.Println("Failed to set private_key:", err)
+ logError.Println("Failed to set private_key:", err)
return &IPCError{Code: ipcErrorInvalidValue}
}
device.SetPrivateKey(sk)
var port int
_, err := fmt.Sscanf(value, "%d", &port)
if err != nil || port > (1<<16) || port < 0 {
- logger.Println("Failed to set listen_port:", err)
+ logError.Println("Failed to set listen_port:", err)
return &IPCError{Code: ipcErrorInvalidValue}
}
device.net.mutex.Lock()
device.net.addr.Port = port
device.net.conn, err = net.ListenUDP("udp", device.net.addr)
device.net.mutex.Unlock()
+ if err != nil {
+ logError.Println("Failed to create UDP listener:", err)
+ return &IPCError{Code: ipcErrorInvalidValue}
+ }
case "fwmark":
- logger.Println("FWMark not handled yet")
+ logError.Println("FWMark not handled yet")
case "public_key":
var pubKey NoisePublicKey
err := pubKey.FromHex(value)
if err != nil {
- logger.Println("Failed to get peer by public_key:", err)
+ logError.Println("Failed to get peer by public_key:", err)
return &IPCError{Code: ipcErrorInvalidValue}
}
device.mutex.RLock()
peer = device.NewPeer(pubKey)
}
if peer == nil {
- panic(errors.New("bug: failed to find peer"))
+ panic(errors.New("bug: failed to find / create peer"))
}
case "replace_peers":
if value == "true" {
device.RemoveAllPeers()
} else {
- logger.Println("Failed to set replace_peers, invalid value:", value)
+ logError.Println("Failed to set replace_peers, invalid value:", value)
return &IPCError{Code: ipcErrorInvalidValue}
}
default:
- /* Peer configuration */
+
+ /* peer configuration */
if peer == nil {
- logger.Println("No peer referenced, before peer operation")
+ logError.Println("No peer referenced, before peer operation")
return &IPCError{Code: ipcErrorNoPeer}
}
peer.mutex.Lock()
device.RemovePeer(peer.handshake.remoteStatic)
peer.mutex.Unlock()
- logger.Println("Remove peer")
+ logDebug.Println("Removing", peer.String())
peer = nil
case "preshared_key":
return peer.handshake.presharedKey.FromHex(value)
}()
if err != nil {
- logger.Println("Failed to set preshared_key:", err)
+ logError.Println("Failed to set preshared_key:", err)
return &IPCError{Code: ipcErrorInvalidValue}
}
case "endpoint":
addr, err := net.ResolveUDPAddr("udp", value)
if err != nil {
- logger.Println("Failed to set endpoint:", value)
+ logError.Println("Failed to set endpoint:", value)
return &IPCError{Code: ipcErrorInvalidValue}
}
peer.mutex.Lock()
case "persistent_keepalive_interval":
secs, err := strconv.ParseInt(value, 10, 64)
if secs < 0 || err != nil {
- logger.Println("Failed to set persistent_keepalive_interval:", err)
+ logError.Println("Failed to set persistent_keepalive_interval:", err)
return &IPCError{Code: ipcErrorInvalidValue}
}
- peer.mutex.Lock()
- peer.persistentKeepaliveInterval = uint64(secs)
- peer.mutex.Unlock()
+ atomic.StoreUint64(
+ &peer.persistentKeepaliveInterval,
+ uint64(secs),
+ )
case "replace_allowed_ips":
if value == "true" {
device.routingTable.RemovePeer(peer)
} else {
- logger.Println("Failed to set replace_allowed_ips, invalid value:", value)
+ logError.Println("Failed to set replace_allowed_ips, invalid value:", value)
return &IPCError{Code: ipcErrorInvalidValue}
}
case "allowed_ip":
_, network, err := net.ParseCIDR(value)
if err != nil {
- logger.Println("Failed to set allowed_ip:", err)
+ logError.Println("Failed to set allowed_ip:", err)
return &IPCError{Code: ipcErrorInvalidValue}
}
ones, _ := network.Mask.Size()
- logger.Println(network, ones, network.IP)
+ logError.Println(network, ones, network.IP)
device.routingTable.Insert(network.IP, uint(ones), peer)
- /* Invalid key */
-
default:
- logger.Println("Invalid key:", key)
+ logError.Println("Invalid UAPI key:", key)
return &IPCError{Code: ipcErrorInvalidKey}
}
}
func ipcHandle(device *Device, socket net.Conn) {
- func() {
- buffered := func(s io.ReadWriter) *bufio.ReadWriter {
- reader := bufio.NewReader(s)
- writer := bufio.NewWriter(s)
- return bufio.NewReadWriter(reader, writer)
- }(socket)
+ defer socket.Close()
- defer buffered.Flush()
+ buffered := func(s io.ReadWriter) *bufio.ReadWriter {
+ reader := bufio.NewReader(s)
+ writer := bufio.NewWriter(s)
+ return bufio.NewReadWriter(reader, writer)
+ }(socket)
- op, err := buffered.ReadString('\n')
- if err != nil {
- return
- }
+ defer buffered.Flush()
- switch op {
+ op, err := buffered.ReadString('\n')
+ if err != nil {
+ return
+ }
- case "set=1\n":
- device.log.Debug.Println("Config, set operation")
- err := ipcSetOperation(device, buffered)
- if err != nil {
- fmt.Fprintf(buffered, "errno=%d\n\n", err.ErrorCode())
- } else {
- fmt.Fprintf(buffered, "errno=0\n\n")
- }
- break
+ switch op {
- case "get=1\n":
- device.log.Debug.Println("Config, get operation")
- err := ipcGetOperation(device, buffered)
- if err != nil {
- fmt.Fprintf(buffered, "errno=1\n\n") // fix
- } else {
- fmt.Fprintf(buffered, "errno=0\n\n")
- }
- break
+ case "set=1\n":
+ device.log.Debug.Println("Config, set operation")
+ err := ipcSetOperation(device, buffered)
+ if err != nil {
+ fmt.Fprintf(buffered, "errno=%d\n\n", err.ErrorCode())
+ } else {
+ fmt.Fprintf(buffered, "errno=0\n\n")
+ }
+ return
- default:
- device.log.Info.Println("Invalid UAPI operation:", op)
+ case "get=1\n":
+ device.log.Debug.Println("Config, get operation")
+ err := ipcGetOperation(device, buffered)
+ if err != nil {
+ fmt.Fprintf(buffered, "errno=%d\n\n", err.ErrorCode())
+ } else {
+ fmt.Fprintf(buffered, "errno=0\n\n")
}
- }()
+ return
+
+ default:
+ device.log.Error.Println("Invalid UAPI operation:", op)
- socket.Close()
+ }
}
* Obs. One instance per core
*/
func (device *Device) RoutineEncryption() {
+
+ var elem *QueueOutboundElement
var nonce [chacha20poly1305.NonceSize]byte
- for work := range device.queue.encryption {
+
+ logDebug := device.log.Debug
+ logDebug.Println("Routine, encryption worker, started")
+
+ for {
+
+ // fetch next element
+
+ select {
+ case elem = <-device.queue.encryption:
+ case <-device.signal.stop:
+ logDebug.Println("Routine, encryption worker, stopped")
+ return
+ }
// check if dropped
- if work.IsDropped() {
+ if elem.IsDropped() {
continue
}
// populate header fields
- header := work.buffer[:MessageTransportHeaderSize]
+ header := elem.buffer[:MessageTransportHeaderSize]
fieldType := header[0:4]
fieldReceiver := header[4:8]
fieldNonce := header[8:16]
binary.LittleEndian.PutUint32(fieldType, MessageTransportType)
- binary.LittleEndian.PutUint32(fieldReceiver, work.keyPair.remoteIndex)
- binary.LittleEndian.PutUint64(fieldNonce, work.nonce)
+ binary.LittleEndian.PutUint32(fieldReceiver, elem.keyPair.remoteIndex)
+ binary.LittleEndian.PutUint64(fieldNonce, elem.nonce)
// pad content to MTU size
mtu := int(atomic.LoadInt32(&device.mtu))
- for i := len(work.packet); i < mtu; i++ {
- work.packet = append(work.packet, 0)
+ for i := len(elem.packet); i < mtu; i++ {
+ elem.packet = append(elem.packet, 0)
}
// encrypt content
- binary.LittleEndian.PutUint64(nonce[4:], work.nonce)
- work.packet = work.keyPair.send.Seal(
- work.packet[:0],
+ binary.LittleEndian.PutUint64(nonce[4:], elem.nonce)
+ elem.packet = elem.keyPair.send.Seal(
+ elem.packet[:0],
nonce[:],
- work.packet,
+ elem.packet,
nil,
)
- length := MessageTransportHeaderSize + len(work.packet)
- work.packet = work.buffer[:length]
- work.mutex.Unlock()
+ length := MessageTransportHeaderSize + len(elem.packet)
+ elem.packet = elem.buffer[:length]
+ elem.mutex.Unlock()
// refresh key if necessary
- work.peer.KeepKeyFreshSending()
+ elem.peer.KeepKeyFreshSending()
}
}
logDebug.Println("Routine, sequential sender, stopped for", peer.String())
return
- case work := <-peer.queue.outbound:
- work.mutex.Lock()
+ case elem := <-peer.queue.outbound:
+ elem.mutex.Lock()
func() {
-
- // return buffer to pool after processing
-
- defer device.PutMessageBuffer(work.buffer)
- if work.IsDropped() {
+ if elem.IsDropped() {
return
}
- // send to endpoint
+ // get endpoint and connection
peer.mutex.RLock()
- defer peer.mutex.RUnlock()
-
- if peer.endpoint == nil {
+ endpoint := peer.endpoint
+ peer.mutex.RUnlock()
+ if endpoint == nil {
logDebug.Println("No endpoint for", peer.String())
return
}
device.net.mutex.RLock()
- defer device.net.mutex.RUnlock()
-
- if device.net.conn == nil {
+ conn := device.net.conn
+ device.net.mutex.RUnlock()
+ if conn == nil {
logDebug.Println("No source for device")
return
}
- // send message and return buffer to pool
+ // send message and refresh keys
- _, err := device.net.conn.WriteToUDP(work.packet, peer.endpoint)
+ _, err := conn.WriteToUDP(elem.packet, endpoint)
if err != nil {
return
}
-
- atomic.AddUint64(&peer.txBytes, uint64(len(work.packet)))
-
- // reset keep-alive
-
+ atomic.AddUint64(&peer.txBytes, uint64(len(elem.packet)))
peer.TimerResetKeepalive()
}()
+
+ device.PutMessageBuffer(elem.buffer)
}
}
}
projects / thirdparty / wireguard-go.git / commitdiff
