2021-05-23 19:42:26 +00:00
|
|
|
package core
|
2019-01-04 17:14:40 +00:00
|
|
|
|
|
|
|
import (
|
2021-05-08 13:35:58 +00:00
|
|
|
"crypto/ed25519"
|
2019-01-31 23:29:18 +00:00
|
|
|
"encoding/hex"
|
2019-01-05 12:06:45 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2019-02-24 20:48:16 +00:00
|
|
|
"io"
|
2019-01-31 23:18:02 +00:00
|
|
|
"net"
|
2019-03-04 22:45:35 +00:00
|
|
|
"net/url"
|
2019-01-31 23:18:02 +00:00
|
|
|
"strings"
|
2019-01-04 17:23:37 +00:00
|
|
|
"sync"
|
2019-03-04 17:09:48 +00:00
|
|
|
|
2019-01-22 05:08:50 +00:00
|
|
|
//"sync/atomic"
|
2019-01-05 12:06:45 +00:00
|
|
|
"time"
|
2019-01-04 17:23:37 +00:00
|
|
|
|
2021-05-15 18:44:55 +00:00
|
|
|
"github.com/yggdrasil-network/yggdrasil-go/src/address"
|
2019-01-23 03:16:41 +00:00
|
|
|
"github.com/yggdrasil-network/yggdrasil-go/src/util"
|
2020-05-09 10:24:32 +00:00
|
|
|
"golang.org/x/net/proxy"
|
2021-05-08 13:35:58 +00:00
|
|
|
//"github.com/Arceliar/phony" // TODO? use instead of mutexes
|
2019-01-04 17:14:40 +00:00
|
|
|
)
|
|
|
|
|
2021-05-23 19:33:28 +00:00
|
|
|
type keyArray [ed25519.PublicKeySize]byte
|
|
|
|
|
2020-05-23 15:23:55 +00:00
|
|
|
type links struct {
|
2020-05-23 15:28:57 +00:00
|
|
|
core *Core
|
|
|
|
mutex sync.RWMutex // protects links below
|
|
|
|
links map[linkInfo]*link
|
|
|
|
tcp tcp // TCP interface support
|
|
|
|
stopped chan struct{}
|
2019-02-03 04:18:55 +00:00
|
|
|
// TODO timeout (to remove from switch), read from config.ReadTimeout
|
2019-01-23 03:16:41 +00:00
|
|
|
}
|
|
|
|
|
2021-05-08 13:35:58 +00:00
|
|
|
// linkInfo is used as a map key
|
2019-01-23 03:16:41 +00:00
|
|
|
type linkInfo struct {
|
2021-05-23 19:33:28 +00:00
|
|
|
key keyArray
|
2021-05-08 13:35:58 +00:00
|
|
|
linkType string // Type of link, e.g. TCP, AWDL
|
|
|
|
local string // Local name or address
|
|
|
|
remote string // Remote name or address
|
2019-01-22 03:27:52 +00:00
|
|
|
}
|
|
|
|
|
2020-05-23 15:28:57 +00:00
|
|
|
type link struct {
|
2021-05-08 13:35:58 +00:00
|
|
|
lname string
|
|
|
|
links *links
|
|
|
|
conn net.Conn
|
|
|
|
options linkOptions
|
|
|
|
info linkInfo
|
|
|
|
incoming bool
|
|
|
|
force bool
|
|
|
|
closed chan struct{}
|
2019-01-04 17:14:40 +00:00
|
|
|
}
|
|
|
|
|
2020-05-08 22:23:48 +00:00
|
|
|
type linkOptions struct {
|
2021-05-23 19:33:28 +00:00
|
|
|
pinnedEd25519Keys map[keyArray]struct{}
|
2020-05-08 22:23:48 +00:00
|
|
|
}
|
|
|
|
|
2020-05-23 15:23:55 +00:00
|
|
|
func (l *links) init(c *Core) error {
|
2019-01-04 17:23:37 +00:00
|
|
|
l.core = c
|
|
|
|
l.mutex.Lock()
|
2020-05-23 15:28:57 +00:00
|
|
|
l.links = make(map[linkInfo]*link)
|
2019-01-04 17:23:37 +00:00
|
|
|
l.mutex.Unlock()
|
2019-09-20 00:15:59 +00:00
|
|
|
l.stopped = make(chan struct{})
|
2019-01-04 17:14:40 +00:00
|
|
|
|
2019-03-04 17:09:48 +00:00
|
|
|
if err := l.tcp.init(l); err != nil {
|
|
|
|
c.log.Errorln("Failed to start TCP interface")
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-01-04 17:23:37 +00:00
|
|
|
return nil
|
2019-01-04 17:14:40 +00:00
|
|
|
}
|
|
|
|
|
2020-05-23 15:23:55 +00:00
|
|
|
func (l *links) reconfigure() {
|
2019-08-28 18:31:04 +00:00
|
|
|
l.tcp.reconfigure()
|
2019-08-25 17:10:59 +00:00
|
|
|
}
|
|
|
|
|
2020-05-23 15:23:55 +00:00
|
|
|
func (l *links) call(uri string, sintf string) error {
|
2019-03-04 22:45:35 +00:00
|
|
|
u, err := url.Parse(uri)
|
|
|
|
if err != nil {
|
2019-09-18 14:01:19 +00:00
|
|
|
return fmt.Errorf("peer %s is not correctly formatted (%s)", uri, err)
|
2019-03-04 22:45:35 +00:00
|
|
|
}
|
|
|
|
pathtokens := strings.Split(strings.Trim(u.Path, "/"), "/")
|
2020-05-08 22:23:48 +00:00
|
|
|
tcpOpts := tcpOptions{}
|
2020-05-08 23:43:19 +00:00
|
|
|
if pubkeys, ok := u.Query()["ed25519"]; ok && len(pubkeys) > 0 {
|
2021-05-23 19:33:28 +00:00
|
|
|
tcpOpts.pinnedEd25519Keys = make(map[keyArray]struct{})
|
2020-05-08 23:43:19 +00:00
|
|
|
for _, pubkey := range pubkeys {
|
2020-05-09 11:49:02 +00:00
|
|
|
if sigPub, err := hex.DecodeString(pubkey); err == nil {
|
2021-05-23 19:33:28 +00:00
|
|
|
var sigPubKey keyArray
|
2020-05-08 23:43:19 +00:00
|
|
|
copy(sigPubKey[:], sigPub)
|
2020-05-09 11:38:20 +00:00
|
|
|
tcpOpts.pinnedEd25519Keys[sigPubKey] = struct{}{}
|
2020-05-08 23:43:19 +00:00
|
|
|
}
|
|
|
|
}
|
2020-05-08 22:23:48 +00:00
|
|
|
}
|
2019-03-04 22:45:35 +00:00
|
|
|
switch u.Scheme {
|
|
|
|
case "tcp":
|
2020-05-08 22:23:48 +00:00
|
|
|
l.tcp.call(u.Host, tcpOpts, sintf)
|
2019-03-04 22:45:35 +00:00
|
|
|
case "socks":
|
2020-05-08 22:23:48 +00:00
|
|
|
tcpOpts.socksProxyAddr = u.Host
|
2020-05-09 10:24:32 +00:00
|
|
|
if u.User != nil {
|
|
|
|
tcpOpts.socksProxyAuth = &proxy.Auth{}
|
|
|
|
tcpOpts.socksProxyAuth.User = u.User.Username()
|
|
|
|
tcpOpts.socksProxyAuth.Password, _ = u.User.Password()
|
|
|
|
}
|
2020-05-08 22:23:48 +00:00
|
|
|
l.tcp.call(pathtokens[0], tcpOpts, sintf)
|
2019-10-23 16:26:35 +00:00
|
|
|
case "tls":
|
2020-05-08 22:23:48 +00:00
|
|
|
tcpOpts.upgrade = l.tcp.tls.forDialer
|
|
|
|
l.tcp.call(u.Host, tcpOpts, sintf)
|
2019-03-04 22:45:35 +00:00
|
|
|
default:
|
|
|
|
return errors.New("unknown call scheme: " + u.Scheme)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-05-23 15:23:55 +00:00
|
|
|
func (l *links) listen(uri string) error {
|
2019-03-04 22:45:35 +00:00
|
|
|
u, err := url.Parse(uri)
|
|
|
|
if err != nil {
|
2019-09-18 14:01:19 +00:00
|
|
|
return fmt.Errorf("listener %s is not correctly formatted (%s)", uri, err)
|
2019-03-04 22:45:35 +00:00
|
|
|
}
|
|
|
|
switch u.Scheme {
|
|
|
|
case "tcp":
|
2019-10-23 16:26:35 +00:00
|
|
|
_, err := l.tcp.listen(u.Host, nil)
|
|
|
|
return err
|
|
|
|
case "tls":
|
|
|
|
_, err := l.tcp.listen(u.Host, l.tcp.tls.forListener)
|
2019-03-06 11:06:13 +00:00
|
|
|
return err
|
2019-03-04 22:45:35 +00:00
|
|
|
default:
|
|
|
|
return errors.New("unknown listen scheme: " + u.Scheme)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-05-08 13:35:58 +00:00
|
|
|
func (l *links) create(conn net.Conn, name, linkType, local, remote string, incoming, force bool, options linkOptions) (*link, error) {
|
2019-11-29 09:45:02 +00:00
|
|
|
// Technically anything unique would work for names, but let's pick something human readable, just for debugging
|
2020-05-23 15:28:57 +00:00
|
|
|
intf := link{
|
2021-05-08 13:35:58 +00:00
|
|
|
conn: conn,
|
2020-05-23 16:33:37 +00:00
|
|
|
lname: name,
|
|
|
|
links: l,
|
2020-05-08 22:23:48 +00:00
|
|
|
options: options,
|
2019-01-23 03:16:41 +00:00
|
|
|
info: linkInfo{
|
|
|
|
linkType: linkType,
|
|
|
|
local: local,
|
|
|
|
remote: remote,
|
|
|
|
},
|
2019-02-01 00:02:17 +00:00
|
|
|
incoming: incoming,
|
|
|
|
force: force,
|
2019-01-04 17:23:37 +00:00
|
|
|
}
|
2019-01-19 12:19:24 +00:00
|
|
|
return &intf, nil
|
|
|
|
}
|
|
|
|
|
2020-05-23 15:23:55 +00:00
|
|
|
func (l *links) stop() error {
|
2019-09-20 00:15:59 +00:00
|
|
|
close(l.stopped)
|
2019-09-18 15:32:22 +00:00
|
|
|
if err := l.tcp.stop(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-12-13 22:29:03 +00:00
|
|
|
func (intf *link) handler() (chan struct{}, error) {
|
2019-01-22 05:08:50 +00:00
|
|
|
// TODO split some of this into shorter functions, so it's easier to read, and for the FIXME duplicate peer issue mentioned later
|
2021-05-08 13:35:58 +00:00
|
|
|
defer intf.conn.Close()
|
2019-01-22 05:08:50 +00:00
|
|
|
meta := version_getBaseMetadata()
|
2021-05-08 13:35:58 +00:00
|
|
|
meta.key = intf.links.core.public
|
2019-01-22 05:08:50 +00:00
|
|
|
metaBytes := meta.encode()
|
|
|
|
// TODO timeouts on send/recv (goroutine for send/recv, channel select w/ timer)
|
2019-02-27 03:07:56 +00:00
|
|
|
var err error
|
2021-05-08 13:35:58 +00:00
|
|
|
if !util.FuncTimeout(30*time.Second, func() {
|
|
|
|
var n int
|
|
|
|
n, err = intf.conn.Write(metaBytes)
|
|
|
|
if err == nil && n != len(metaBytes) {
|
|
|
|
err = errors.New("incomplete metadata send")
|
|
|
|
}
|
|
|
|
}) {
|
2020-12-13 22:29:03 +00:00
|
|
|
return nil, errors.New("timeout on metadata send")
|
2019-02-27 03:07:56 +00:00
|
|
|
}
|
2019-01-22 05:08:50 +00:00
|
|
|
if err != nil {
|
2020-12-13 22:29:03 +00:00
|
|
|
return nil, err
|
2019-01-22 05:08:50 +00:00
|
|
|
}
|
2021-05-08 13:35:58 +00:00
|
|
|
if !util.FuncTimeout(30*time.Second, func() {
|
|
|
|
var n int
|
|
|
|
n, err = io.ReadFull(intf.conn, metaBytes)
|
|
|
|
if err == nil && n != len(metaBytes) {
|
|
|
|
err = errors.New("incomplete metadata recv")
|
|
|
|
}
|
|
|
|
}) {
|
2020-12-13 22:29:03 +00:00
|
|
|
return nil, errors.New("timeout on metadata recv")
|
2019-02-27 03:07:56 +00:00
|
|
|
}
|
2019-01-22 05:08:50 +00:00
|
|
|
if err != nil {
|
2020-12-13 22:29:03 +00:00
|
|
|
return nil, err
|
2019-01-22 05:08:50 +00:00
|
|
|
}
|
|
|
|
meta = version_metadata{}
|
2021-05-10 21:31:01 +00:00
|
|
|
base := version_getBaseMetadata()
|
|
|
|
if !meta.decode(metaBytes) {
|
2020-12-13 22:29:03 +00:00
|
|
|
return nil, errors.New("failed to decode metadata")
|
2019-01-22 05:08:50 +00:00
|
|
|
}
|
2021-05-10 21:31:01 +00:00
|
|
|
if !meta.check() {
|
|
|
|
intf.links.core.log.Errorf("Failed to connect to node: %s is incompatible version (local %s, remote %s)",
|
|
|
|
intf.lname,
|
|
|
|
fmt.Sprintf("%d.%d", base.ver, base.minorVer),
|
|
|
|
fmt.Sprintf("%d.%d", meta.ver, meta.minorVer),
|
|
|
|
)
|
|
|
|
return nil, errors.New("remote node is incompatible version")
|
2019-01-22 05:08:50 +00:00
|
|
|
}
|
2020-05-08 22:23:48 +00:00
|
|
|
// Check if the remote side matches the keys we expected. This is a bit of a weak
|
|
|
|
// check - in future versions we really should check a signature or something like that.
|
2020-05-09 11:38:20 +00:00
|
|
|
if pinned := intf.options.pinnedEd25519Keys; pinned != nil {
|
2021-05-23 19:33:28 +00:00
|
|
|
var key keyArray
|
2021-05-08 13:35:58 +00:00
|
|
|
copy(key[:], meta.key)
|
|
|
|
if _, allowed := pinned[key]; !allowed {
|
2020-05-23 16:33:37 +00:00
|
|
|
intf.links.core.log.Errorf("Failed to connect to node: %q sent ed25519 key that does not match pinned keys", intf.name)
|
2020-12-13 22:29:03 +00:00
|
|
|
return nil, fmt.Errorf("failed to connect: host sent ed25519 key that does not match pinned keys")
|
2020-05-08 22:23:48 +00:00
|
|
|
}
|
|
|
|
}
|
2019-01-31 23:29:18 +00:00
|
|
|
// Check if we're authorized to connect to this key / IP
|
2021-05-10 21:39:12 +00:00
|
|
|
allowed := intf.links.core.config.GetCurrent().AllowedPublicKeys
|
|
|
|
isallowed := len(allowed) == 0
|
|
|
|
for _, k := range allowed {
|
|
|
|
if k == hex.EncodeToString(meta.key) { // TODO: this is yuck
|
|
|
|
isallowed = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if intf.incoming && !intf.force && !isallowed {
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.core.log.Warnf("%s connection from %s forbidden: AllowedEncryptionPublicKeys does not contain key %s",
|
2021-05-10 21:39:12 +00:00
|
|
|
strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.key))
|
|
|
|
intf.close()
|
2020-12-13 22:29:03 +00:00
|
|
|
return nil, nil
|
2019-01-31 23:29:18 +00:00
|
|
|
}
|
2019-01-23 03:16:41 +00:00
|
|
|
// Check if we already have a link to this node
|
2021-05-08 13:35:58 +00:00
|
|
|
copy(intf.info.key[:], meta.key)
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.mutex.Lock()
|
2020-12-13 22:29:03 +00:00
|
|
|
if oldIntf, isIn := intf.links.links[intf.info]; isIn {
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.mutex.Unlock()
|
2019-01-23 03:16:41 +00:00
|
|
|
// FIXME we should really return an error and let the caller block instead
|
2019-01-23 03:53:39 +00:00
|
|
|
// That lets them do things like close connections on its own, avoid printing a connection message in the first place, etc.
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.core.log.Debugln("DEBUG: found existing interface for", intf.name)
|
2020-12-13 22:29:03 +00:00
|
|
|
return oldIntf.closed, nil
|
2019-01-23 03:16:41 +00:00
|
|
|
} else {
|
|
|
|
intf.closed = make(chan struct{})
|
2020-05-23 15:28:57 +00:00
|
|
|
intf.links.links[intf.info] = intf
|
2019-01-23 03:48:43 +00:00
|
|
|
defer func() {
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.mutex.Lock()
|
2020-05-23 15:28:57 +00:00
|
|
|
delete(intf.links.links, intf.info)
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.mutex.Unlock()
|
2019-08-26 03:55:17 +00:00
|
|
|
close(intf.closed)
|
2019-01-23 03:48:43 +00:00
|
|
|
}()
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.core.log.Debugln("DEBUG: registered interface for", intf.name)
|
2019-01-23 03:16:41 +00:00
|
|
|
}
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.mutex.Unlock()
|
2021-05-15 18:44:55 +00:00
|
|
|
themAddr := address.AddrForKey(ed25519.PublicKey(intf.info.key[:]))
|
2019-02-01 00:02:17 +00:00
|
|
|
themAddrString := net.IP(themAddr[:]).String()
|
|
|
|
themString := fmt.Sprintf("%s@%s", themAddrString, intf.info.remote)
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.core.log.Infof("Connected %s: %s, source %s",
|
2019-02-03 21:50:25 +00:00
|
|
|
strings.ToUpper(intf.info.linkType), themString, intf.info.local)
|
2021-05-08 13:35:58 +00:00
|
|
|
// Run the handler
|
|
|
|
err = intf.links.core.PacketConn.HandleConn(ed25519.PublicKey(intf.info.key[:]), intf.conn)
|
2019-09-20 00:15:59 +00:00
|
|
|
// TODO don't report an error if it's just a 'use of closed network connection'
|
2019-08-26 03:55:17 +00:00
|
|
|
if err != nil {
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.core.log.Infof("Disconnected %s: %s, source %s; error: %s",
|
2019-02-24 20:48:16 +00:00
|
|
|
strings.ToUpper(intf.info.linkType), themString, intf.info.local, err)
|
2019-08-26 03:55:17 +00:00
|
|
|
} else {
|
2020-05-23 15:23:55 +00:00
|
|
|
intf.links.core.log.Infof("Disconnected %s: %s, source %s",
|
2019-02-24 20:48:16 +00:00
|
|
|
strings.ToUpper(intf.info.linkType), themString, intf.info.local)
|
|
|
|
}
|
2020-12-13 22:29:03 +00:00
|
|
|
return nil, err
|
2019-01-22 05:08:50 +00:00
|
|
|
}
|
2019-08-26 03:19:20 +00:00
|
|
|
|
2020-05-23 15:28:57 +00:00
|
|
|
func (intf *link) close() {
|
2021-05-08 13:35:58 +00:00
|
|
|
intf.conn.Close()
|
2020-05-16 22:07:47 +00:00
|
|
|
}
|
|
|
|
|
2020-05-23 15:28:57 +00:00
|
|
|
func (intf *link) name() string {
|
2020-05-16 22:07:47 +00:00
|
|
|
return intf.lname
|
|
|
|
}
|
|
|
|
|
2020-05-23 15:28:57 +00:00
|
|
|
func (intf *link) local() string {
|
2020-05-16 22:07:47 +00:00
|
|
|
return intf.info.local
|
|
|
|
}
|
|
|
|
|
2020-05-23 15:28:57 +00:00
|
|
|
func (intf *link) remote() string {
|
2020-05-16 22:07:47 +00:00
|
|
|
return intf.info.remote
|
|
|
|
}
|
|
|
|
|
2020-05-23 15:28:57 +00:00
|
|
|
func (intf *link) interfaceType() string {
|
2020-05-16 22:07:47 +00:00
|
|
|
return intf.info.linkType
|
|
|
|
}
|