Yet untested.
return addr, err
}
-func ListeningUpdate(device *Device) error {
+func UpdateUDPListener(device *Device) error {
+ device.mutex.Lock()
+ defer device.mutex.Unlock()
+
netc := &device.net
netc.mutex.Lock()
defer netc.mutex.Unlock()
// close existing sockets
- if err := device.net.bind.Close(); err != nil {
- return err
+ if netc.bind != nil {
+ if err := netc.bind.Close(); err != nil {
+ return err
+ }
}
// open new sockets
return err
}
- // TODO: clear endpoint (src) caches
+ // clear cached source addresses
+
+ for _, peer := range device.peers {
+ peer.mutex.Lock()
+ peer.endpoint.value.ClearSrc()
+ peer.mutex.Unlock()
+ }
}
return nil
}
-func ListeningClose(device *Device) error {
+func CloseUDPListener(device *Device) error {
netc := &device.net
netc.mutex.Lock()
defer netc.mutex.Unlock()
}
}
-func (end *Endpoint) DestinationIP() net.IP {
+func (end *Endpoint) DstIP() net.IP {
switch end.dst.Family {
case unix.AF_INET6:
return end.dst.Addr[:]
}
}
-func (end *Endpoint) SourceToBytes() []byte {
+func (end *Endpoint) SrcToBytes() []byte {
ptr := unsafe.Pointer(&end.src)
arr := (*[unix.SizeofSockaddrInet6]byte)(ptr)
return arr[:]
}
-func (end *Endpoint) SourceToString() string {
+func (end *Endpoint) SrcToString() string {
return sockaddrToString(end.src)
}
-func (end *Endpoint) DestinationToString() string {
+func (end *Endpoint) DstToString() string {
return sockaddrToString(end.dst)
}
+func (end *Endpoint) ClearDst() {
+ end.dst = unix.RawSockaddrInet6{}
+}
+
func (end *Endpoint) ClearSrc() {
end.src = unix.RawSockaddrInet6{}
}
func (device *Device) Close() {
device.RemoveAllPeers()
close(device.signal.stop)
- ListeningClose(device)
+ CloseUDPListener(device)
}
func (device *Device) WaitChannel() chan struct{} {
}
func main() {
- test()
-
// parse arguments
var foreground bool
persistentKeepaliveInterval uint64
keyPairs KeyPairs
handshake Handshake
- endpoint Endpoint
device *Device
- stats struct {
+ endpoint struct {
+ set bool // has a known endpoint been discovered
+ value Endpoint // source / destination cache
+ }
+ stats struct {
txBytes uint64 // bytes send to peer (endpoint)
rxBytes uint64 // bytes received from peer
lastHandshakeNano int64 // nano seconds since epoch
handshake.precomputedStaticStatic = device.privateKey.sharedSecret(handshake.remoteStatic)
handshake.mutex.Unlock()
+ // reset endpoint
+
+ peer.endpoint.set = false
+ peer.endpoint.value.ClearDst()
+ peer.endpoint.value.ClearSrc()
+
// prepare queuing
peer.queue.nonce = make(chan *QueueOutboundElement, QueueOutboundSize)
return peer, nil
}
+/* Returns a short string identification for logging
+ */
func (peer *Peer) String() string {
+ if !peer.endpoint.set {
+ return fmt.Sprintf(
+ "peer(%d unknown %s)",
+ peer.id,
+ base64.StdEncoding.EncodeToString(peer.handshake.remoteStatic[:]),
+ )
+ }
return fmt.Sprintf(
"peer(%d %s %s)",
peer.id,
- peer.endpoint.DestinationToString(),
+ peer.endpoint.value.DstToString(),
base64.StdEncoding.EncodeToString(peer.handshake.remoteStatic[:]),
)
}
return
}
- srcBytes := elem.endpoint.SourceToBytes()
+ srcBytes := elem.endpoint.SrcToBytes()
if device.IsUnderLoad() {
// verify MAC2 field
// construct cookie reply
- logDebug.Println("Sending cookie reply to:", elem.endpoint.SourceToString())
-
+ logDebug.Println("Sending cookie reply to:", elem.endpoint.SrcToString())
sender := binary.LittleEndian.Uint32(elem.packet[4:8]) // "sender" always follows "type"
reply, err := device.mac.CreateReply(elem.packet, sender, srcBytes)
if err != nil {
// check ratelimiter
- if !device.ratelimiter.Allow(
- elem.endpoint.DestinationIP(),
- ) {
+ if !device.ratelimiter.Allow(elem.endpoint.DstIP()) {
continue
}
}
if peer == nil {
logInfo.Println(
"Recieved invalid initiation message from",
- elem.endpoint.DestinationToString(),
+ elem.endpoint.DstToString(),
)
continue
}
// TODO: Discover destination address also, only update on change
peer.mutex.Lock()
- peer.endpoint = elem.endpoint
+ peer.endpoint.set = true
+ peer.endpoint.value = elem.endpoint
peer.mutex.Unlock()
// create response
// send response
- _, err = peer.SendBuffer(packet)
+ err = peer.SendBuffer(packet)
if err == nil {
peer.TimerAnyAuthenticatedPacketTraversal()
}
if peer == nil {
logInfo.Println(
"Recieved invalid response message from",
- elem.endpoint.DestinationToString(),
+ elem.endpoint.DstToString(),
)
continue
}
}
}
-func (peer *Peer) SendBuffer(buffer []byte) (int, error) {
+func (peer *Peer) SendBuffer(buffer []byte) error {
peer.device.net.mutex.RLock()
defer peer.device.net.mutex.RUnlock()
-
peer.mutex.RLock()
defer peer.mutex.RUnlock()
-
- endpoint := peer.endpoint
- if endpoint == nil {
- return 0, errors.New("No known endpoint for peer")
+ if !peer.endpoint.set {
+ return errors.New("No known endpoint for peer")
}
-
- conn := peer.device.net.conn
- if conn == nil {
- return 0, errors.New("No UDP socket for device")
- }
-
- return conn.WriteToUDP(buffer, endpoint)
+ return peer.device.net.bind.Send(buffer, &peer.endpoint.value)
}
/* Reads packets from the TUN and inserts
// send message and return buffer to pool
length := uint64(len(elem.packet))
- _, err := peer.SendBuffer(elem.packet)
+ err := peer.SendBuffer(elem.packet)
device.PutMessageBuffer(elem.buffer)
if err != nil {
logDebug.Println("Failed to send authenticated packet to peer", peer.String())
packet := writer.Bytes()\r
peer.mac.AddMacs(packet)\r
\r
- _, err = peer.SendBuffer(packet)\r
+ err = peer.SendBuffer(packet)\r
if err != nil {\r
logError.Println(\r
"Failed to send handshake initiation message to",\r
if !device.tun.isUp.Get() {
logInfo.Println("Interface set up")
device.tun.isUp.Set(true)
- updateUDPConn(device)
+ UpdateUDPListener(device)
}
}
if device.tun.isUp.Get() {
logInfo.Println("Interface set down")
device.tun.isUp.Set(false)
- closeUDPConn(device)
+ CloseUDPListener(device)
}
}
}
send("private_key=" + device.privateKey.ToHex())
}
- if device.net.addr != nil {
- send(fmt.Sprintf("listen_port=%d", device.net.addr.Port))
+ if device.net.port != 0 {
+ send(fmt.Sprintf("listen_port=%d", device.net.port))
}
+
if device.net.fwmark != 0 {
send(fmt.Sprintf("fwmark=%d", device.net.fwmark))
}
defer peer.mutex.RUnlock()
send("public_key=" + peer.handshake.remoteStatic.ToHex())
send("preshared_key=" + peer.handshake.presharedKey.ToHex())
- if peer.endpoint != nil {
- send("endpoint=" + peer.endpoint.String())
+ if peer.endpoint.set {
+ send("endpoint=" + peer.endpoint.value.DstToString())
}
nano := atomic.LoadInt64(&peer.stats.lastHandshakeNano)
logError.Println("Failed to set listen_port:", err)
return &IPCError{Code: ipcErrorInvalid}
}
-
- addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf(":%d", port))
- if err != nil {
- logError.Println("Failed to set listen_port:", err)
- return &IPCError{Code: ipcErrorInvalid}
- }
-
- device.net.mutex.Lock()
- device.net.addr = addr
- device.net.mutex.Unlock()
-
- err = updateUDPConn(device)
- if err != nil {
+ device.net.port = uint16(port)
+ if err := UpdateUDPListener(device); err != nil {
logError.Println("Failed to set listen_port:", err)
return &IPCError{Code: ipcErrorPortInUse}
}
- // TODO: Clear source address of all peers
-
case "fwmark":
fwmark, err := strconv.ParseUint(value, 10, 32)
if err != nil {
logError.Println("Invalid fwmark", err)
return &IPCError{Code: ipcErrorInvalid}
}
-
device.net.mutex.Lock()
- if fwmark > 0 || device.net.fwmark > 0 {
- device.net.fwmark = uint32(fwmark)
- err := SetMark(
- device.net.conn,
- device.net.fwmark,
- )
- if err != nil {
- logError.Println("Failed to set fwmark:", err)
- device.net.mutex.Unlock()
- return &IPCError{Code: ipcErrorIO}
- }
-
- // TODO: Clear source address of all peers
- }
+ device.net.fwmark = uint32(fwmark)
device.net.mutex.Unlock()
case "public_key":
-
// switch to peer configuration
-
deviceConfig = false
case "replace_peers":
device.mutex.RLock()
if device.publicKey.Equals(pubKey) {
- // create dummy instance
+ // create dummy instance (not added to device)
peer = &Peer{}
dummy = true
}
case "remove":
+
+ // remove currently selected peer from device
+
if value != "true" {
logError.Println("Failed to set remove, invalid value:", value)
return &IPCError{Code: ipcErrorInvalid}
dummy = true
case "preshared_key":
+
+ // update PSK
+
peer.mutex.Lock()
err := peer.handshake.presharedKey.FromHex(value)
peer.mutex.Unlock()
}
case "endpoint":
- addr, err := parseEndpoint(value)
+
+ // set endpoint destination and reset handshake timer
+
+ peer.mutex.Lock()
+ err := peer.endpoint.value.Set(value)
+ peer.endpoint.set = (err == nil)
+ peer.mutex.Unlock()
if err != nil {
logError.Println("Failed to set endpoint:", value)
return &IPCError{Code: ipcErrorInvalid}
}
- peer.mutex.Lock()
- peer.endpoint = addr
- peer.mutex.Unlock()
signalSend(peer.signal.handshakeReset)
case "persistent_keepalive_interval":
projects / thirdparty / wireguard-go.git / commitdiff
