2018-11-05 16:40:47 +00:00
|
|
|
package yggdrasil
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/hex"
|
|
|
|
|
"errors"
|
2018-11-05 17:03:58 +00:00
|
|
|
"fmt"
|
2018-11-05 16:40:47 +00:00
|
|
|
"net"
|
|
|
|
|
"sort"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// This module implements crypto-key routing, similar to Wireguard, where we
|
|
|
|
|
// allow traffic for non-Yggdrasil ranges to be routed over Yggdrasil.
|
|
|
|
|
|
|
|
|
|
type cryptokey struct {
|
|
|
|
|
core *Core
|
|
|
|
|
enabled bool
|
|
|
|
|
ipv4routes []cryptokey_route
|
|
|
|
|
ipv6routes []cryptokey_route
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type cryptokey_route struct {
|
|
|
|
|
subnet net.IPNet
|
|
|
|
|
destination []byte
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *cryptokey) init(core *Core) {
|
|
|
|
|
c.core = core
|
|
|
|
|
c.ipv4routes = make([]cryptokey_route, 0)
|
|
|
|
|
c.ipv6routes = make([]cryptokey_route, 0)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *cryptokey) isEnabled() bool {
|
|
|
|
|
return c.enabled
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *cryptokey) addRoute(cidr string, dest string) error {
|
|
|
|
|
// Is the CIDR we've been given valid?
|
2018-11-05 17:03:58 +00:00
|
|
|
ipaddr, ipnet, err := net.ParseCIDR(cidr)
|
2018-11-05 16:40:47 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get the prefix length and size
|
2018-11-05 17:03:58 +00:00
|
|
|
_, prefixsize := ipnet.Mask.Size()
|
2018-11-05 16:40:47 +00:00
|
|
|
|
|
|
|
|
// Check if the prefix is IPv4 or IPv6
|
|
|
|
|
if prefixsize == net.IPv6len*8 {
|
2018-11-05 17:03:58 +00:00
|
|
|
// Is the route an Yggdrasil destination?
|
|
|
|
|
var addr address
|
|
|
|
|
var snet subnet
|
|
|
|
|
copy(addr[:], ipaddr)
|
|
|
|
|
copy(snet[:], ipnet.IP)
|
|
|
|
|
if addr.isValid() || snet.isValid() {
|
|
|
|
|
return errors.New("Can't specify Yggdrasil destination as crypto-key route")
|
|
|
|
|
}
|
|
|
|
|
// Do we already have a route for this subnet?
|
2018-11-05 16:40:47 +00:00
|
|
|
for _, route := range c.ipv6routes {
|
2018-11-05 17:03:58 +00:00
|
|
|
if route.subnet.String() == ipnet.String() {
|
|
|
|
|
return errors.New(fmt.Sprintf("Route already exists for %s", cidr))
|
2018-11-05 16:40:47 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// Decode the public key
|
|
|
|
|
if boxPubKey, err := hex.DecodeString(dest); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
} else {
|
|
|
|
|
// Add the new crypto-key route
|
|
|
|
|
c.ipv6routes = append(c.ipv6routes, cryptokey_route{
|
|
|
|
|
subnet: *ipnet,
|
|
|
|
|
destination: boxPubKey,
|
|
|
|
|
})
|
|
|
|
|
// Sort so most specific routes are first
|
|
|
|
|
sort.Slice(c.ipv6routes, func(i, j int) bool {
|
|
|
|
|
im, _ := c.ipv6routes[i].subnet.Mask.Size()
|
|
|
|
|
jm, _ := c.ipv6routes[j].subnet.Mask.Size()
|
|
|
|
|
return im > jm
|
|
|
|
|
})
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
} else if prefixsize == net.IPv4len*8 {
|
|
|
|
|
// IPv4
|
|
|
|
|
return errors.New("IPv4 not supported at this time")
|
|
|
|
|
}
|
|
|
|
|
return errors.New("Unspecified error")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *cryptokey) getPublicKeyForAddress(addr string) (boxPubKey, error) {
|
|
|
|
|
ipaddr := net.ParseIP(addr)
|
|
|
|
|
|
|
|
|
|
if ipaddr.To4() == nil {
|
|
|
|
|
// IPv6
|
|
|
|
|
for _, route := range c.ipv6routes {
|
|
|
|
|
if route.subnet.Contains(ipaddr) {
|
|
|
|
|
var box boxPubKey
|
|
|
|
|
copy(box[:boxPubKeyLen], route.destination)
|
|
|
|
|
return box, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// IPv4
|
|
|
|
|
return boxPubKey{}, errors.New("IPv4 not supported at this time")
|
|
|
|
|
/*
|
|
|
|
|
for _, route := range c.ipv4routes {
|
|
|
|
|
if route.subnet.Contains(ipaddr) {
|
|
|
|
|
return route.destination, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
}
|
2018-11-05 17:03:58 +00:00
|
|
|
return boxPubKey{}, errors.New(fmt.Sprintf("No route to %s", addr))
|
2018-11-05 16:40:47 +00:00
|
|
|
}
|
