mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2024-11-26 08:21:36 +00:00
Merge pull request #210 from Arceliar/admin
Admin functions for cryptokey routing
This commit is contained in:
commit
3efc9bfa22
@ -232,6 +232,76 @@ func (a *admin) init(c *Core, listenaddr string) {
|
|||||||
}, errors.New("Failed to remove allowed key")
|
}, errors.New("Failed to remove allowed key")
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
a.addHandler("addSourceSubnet", []string{"subnet"}, func(in admin_info) (admin_info, error) {
|
||||||
|
var err error
|
||||||
|
a.core.router.doAdmin(func() {
|
||||||
|
err = a.core.router.cryptokey.addSourceSubnet(in["subnet"].(string))
|
||||||
|
})
|
||||||
|
if err == nil {
|
||||||
|
return admin_info{"added": []string{in["subnet"].(string)}}, nil
|
||||||
|
} else {
|
||||||
|
return admin_info{"not_added": []string{in["subnet"].(string)}}, errors.New("Failed to add source subnet")
|
||||||
|
}
|
||||||
|
})
|
||||||
|
a.addHandler("addRoute", []string{"subnet", "destPubKey"}, func(in admin_info) (admin_info, error) {
|
||||||
|
var err error
|
||||||
|
a.core.router.doAdmin(func() {
|
||||||
|
err = a.core.router.cryptokey.addRoute(in["subnet"].(string), in["destPubKey"].(string))
|
||||||
|
})
|
||||||
|
if err == nil {
|
||||||
|
return admin_info{"added": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["destPubKey"].(string))}}, nil
|
||||||
|
} else {
|
||||||
|
return admin_info{"not_added": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["destPubKey"].(string))}}, errors.New("Failed to add route")
|
||||||
|
}
|
||||||
|
})
|
||||||
|
a.addHandler("getSourceSubnets", []string{}, func(in admin_info) (admin_info, error) {
|
||||||
|
var subnets []string
|
||||||
|
a.core.router.doAdmin(func() {
|
||||||
|
getSourceSubnets := func(snets []net.IPNet) {
|
||||||
|
for _, subnet := range snets {
|
||||||
|
subnets = append(subnets, subnet.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
getSourceSubnets(a.core.router.cryptokey.ipv4sources)
|
||||||
|
getSourceSubnets(a.core.router.cryptokey.ipv6sources)
|
||||||
|
})
|
||||||
|
return admin_info{"source_subnets": subnets}, nil
|
||||||
|
})
|
||||||
|
a.addHandler("getRoutes", []string{}, func(in admin_info) (admin_info, error) {
|
||||||
|
var routes []string
|
||||||
|
a.core.router.doAdmin(func() {
|
||||||
|
getRoutes := func(ckrs []cryptokey_route) {
|
||||||
|
for _, ckr := range ckrs {
|
||||||
|
routes = append(routes, fmt.Sprintf("%s via %s", ckr.subnet.String(), hex.EncodeToString(ckr.destination[:])))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
getRoutes(a.core.router.cryptokey.ipv4routes)
|
||||||
|
getRoutes(a.core.router.cryptokey.ipv6routes)
|
||||||
|
})
|
||||||
|
return admin_info{"routes": routes}, nil
|
||||||
|
})
|
||||||
|
a.addHandler("removeSourceSubnet", []string{"subnet"}, func(in admin_info) (admin_info, error) {
|
||||||
|
var err error
|
||||||
|
a.core.router.doAdmin(func() {
|
||||||
|
err = a.core.router.cryptokey.removeSourceSubnet(in["subnet"].(string))
|
||||||
|
})
|
||||||
|
if err == nil {
|
||||||
|
return admin_info{"removed": []string{in["subnet"].(string)}}, nil
|
||||||
|
} else {
|
||||||
|
return admin_info{"not_removed": []string{in["subnet"].(string)}}, errors.New("Failed to remove source subnet")
|
||||||
|
}
|
||||||
|
})
|
||||||
|
a.addHandler("removeRoute", []string{"subnet", "destPubKey"}, func(in admin_info) (admin_info, error) {
|
||||||
|
var err error
|
||||||
|
a.core.router.doAdmin(func() {
|
||||||
|
err = a.core.router.cryptokey.removeRoute(in["subnet"].(string), in["destPubKey"].(string))
|
||||||
|
})
|
||||||
|
if err == nil {
|
||||||
|
return admin_info{"removed": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["destPubKey"].(string))}}, nil
|
||||||
|
} else {
|
||||||
|
return admin_info{"not_removed": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["destPubKey"].(string))}}, errors.New("Failed to remove route")
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// start runs the admin API socket to listen for / respond to admin API calls.
|
// start runs the admin API socket to listen for / respond to admin API calls.
|
||||||
@ -386,7 +456,6 @@ func (n *admin_nodeInfo) toString() string {
|
|||||||
out = append(out, fmt.Sprintf("%v: %v", p.key, p.val))
|
out = append(out, fmt.Sprintf("%v: %v", p.key, p.val))
|
||||||
}
|
}
|
||||||
return strings.Join(out, ", ")
|
return strings.Join(out, ", ")
|
||||||
return fmt.Sprint(*n)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// printInfos returns a newline separated list of strings from admin_nodeInfos, e.g. a printable string of info about all peers.
|
// printInfos returns a newline separated list of strings from admin_nodeInfos, e.g. a printable string of info about all peers.
|
||||||
@ -527,7 +596,7 @@ func (a *admin) getData_getSwitchPeers() []admin_nodeInfo {
|
|||||||
// getData_getSwitchQueues returns info from Core.switchTable for an queue data.
|
// getData_getSwitchQueues returns info from Core.switchTable for an queue data.
|
||||||
func (a *admin) getData_getSwitchQueues() admin_nodeInfo {
|
func (a *admin) getData_getSwitchQueues() admin_nodeInfo {
|
||||||
var peerInfos admin_nodeInfo
|
var peerInfos admin_nodeInfo
|
||||||
switchTable := a.core.switchTable
|
switchTable := &a.core.switchTable
|
||||||
getSwitchQueues := func() {
|
getSwitchQueues := func() {
|
||||||
queues := make([]map[string]interface{}, 0)
|
queues := make([]map[string]interface{}, 0)
|
||||||
for k, v := range switchTable.queues.bufs {
|
for k, v := range switchTable.queues.bufs {
|
||||||
|
@ -25,7 +25,7 @@ type cryptokey struct {
|
|||||||
|
|
||||||
type cryptokey_route struct {
|
type cryptokey_route struct {
|
||||||
subnet net.IPNet
|
subnet net.IPNet
|
||||||
destination []byte
|
destination boxPubKey
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initialise crypto-key routing. This must be done before any other CKR calls.
|
// Initialise crypto-key routing. This must be done before any other CKR calls.
|
||||||
@ -171,13 +171,17 @@ func (c *cryptokey) addRoute(cidr string, dest string) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Decode the public key
|
// Decode the public key
|
||||||
if boxPubKey, err := hex.DecodeString(dest); err != nil {
|
if bpk, err := hex.DecodeString(dest); err != nil {
|
||||||
return err
|
return err
|
||||||
|
} else if len(bpk) != boxPubKeyLen {
|
||||||
|
return errors.New(fmt.Sprintf("Incorrect key length for %s", dest))
|
||||||
} else {
|
} else {
|
||||||
// Add the new crypto-key route
|
// Add the new crypto-key route
|
||||||
|
var key boxPubKey
|
||||||
|
copy(key[:], bpk)
|
||||||
*routingtable = append(*routingtable, cryptokey_route{
|
*routingtable = append(*routingtable, cryptokey_route{
|
||||||
subnet: *ipnet,
|
subnet: *ipnet,
|
||||||
destination: boxPubKey,
|
destination: key,
|
||||||
})
|
})
|
||||||
|
|
||||||
// Sort so most specific routes are first
|
// Sort so most specific routes are first
|
||||||
@ -196,8 +200,6 @@ func (c *cryptokey) addRoute(cidr string, dest string) error {
|
|||||||
c.core.log.Println("Added CKR destination subnet", cidr)
|
c.core.log.Println("Added CKR destination subnet", cidr)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return errors.New("Unspecified error")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Looks up the most specific route for the given address (with the address
|
// Looks up the most specific route for the given address (with the address
|
||||||
@ -227,9 +229,7 @@ func (c *cryptokey) getPublicKeyForAddress(addr address, addrlen int) (boxPubKey
|
|||||||
|
|
||||||
// Check if there's a cache entry for this addr
|
// Check if there's a cache entry for this addr
|
||||||
if route, ok := (*routingcache)[addr]; ok {
|
if route, ok := (*routingcache)[addr]; ok {
|
||||||
var box boxPubKey
|
return route.destination, nil
|
||||||
copy(box[:boxPubKeyLen], route.destination)
|
|
||||||
return box, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// No cache was found - start by converting the address into a net.IP
|
// No cache was found - start by converting the address into a net.IP
|
||||||
@ -245,12 +245,94 @@ func (c *cryptokey) getPublicKeyForAddress(addr address, addrlen int) (boxPubKey
|
|||||||
(*routingcache)[addr] = route
|
(*routingcache)[addr] = route
|
||||||
|
|
||||||
// Return the boxPubKey
|
// Return the boxPubKey
|
||||||
var box boxPubKey
|
return route.destination, nil
|
||||||
copy(box[:boxPubKeyLen], route.destination)
|
|
||||||
return box, nil
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// No route was found if we got to this point
|
// No route was found if we got to this point
|
||||||
return boxPubKey{}, errors.New(fmt.Sprintf("No route to %s", ip.String()))
|
return boxPubKey{}, errors.New(fmt.Sprintf("No route to %s", ip.String()))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Removes a source subnet, which allows traffic with these source addresses to
|
||||||
|
// be tunnelled using crypto-key routing.
|
||||||
|
func (c *cryptokey) removeSourceSubnet(cidr string) error {
|
||||||
|
// Is the CIDR we've been given valid?
|
||||||
|
_, ipnet, err := net.ParseCIDR(cidr)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the prefix length and size
|
||||||
|
_, prefixsize := ipnet.Mask.Size()
|
||||||
|
|
||||||
|
// Build our references to the routing sources
|
||||||
|
var routingsources *[]net.IPNet
|
||||||
|
|
||||||
|
// Check if the prefix is IPv4 or IPv6
|
||||||
|
if prefixsize == net.IPv6len*8 {
|
||||||
|
routingsources = &c.ipv6sources
|
||||||
|
} else if prefixsize == net.IPv4len*8 {
|
||||||
|
routingsources = &c.ipv4sources
|
||||||
|
} else {
|
||||||
|
return errors.New("Unexpected prefix size")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if we already have this CIDR
|
||||||
|
for idx, subnet := range *routingsources {
|
||||||
|
if subnet.String() == ipnet.String() {
|
||||||
|
*routingsources = append((*routingsources)[:idx], (*routingsources)[idx+1:]...)
|
||||||
|
c.core.log.Println("Removed CKR source subnet", cidr)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return errors.New("Source subnet not found")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Removes a destination route for the given CIDR to be tunnelled to the node
|
||||||
|
// with the given BoxPubKey.
|
||||||
|
func (c *cryptokey) removeRoute(cidr string, dest string) error {
|
||||||
|
// Is the CIDR we've been given valid?
|
||||||
|
_, ipnet, err := net.ParseCIDR(cidr)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the prefix length and size
|
||||||
|
_, prefixsize := ipnet.Mask.Size()
|
||||||
|
|
||||||
|
// Build our references to the routing table and cache
|
||||||
|
var routingtable *[]cryptokey_route
|
||||||
|
var routingcache *map[address]cryptokey_route
|
||||||
|
|
||||||
|
// Check if the prefix is IPv4 or IPv6
|
||||||
|
if prefixsize == net.IPv6len*8 {
|
||||||
|
routingtable = &c.ipv6routes
|
||||||
|
routingcache = &c.ipv6cache
|
||||||
|
} else if prefixsize == net.IPv4len*8 {
|
||||||
|
routingtable = &c.ipv4routes
|
||||||
|
routingcache = &c.ipv4cache
|
||||||
|
} else {
|
||||||
|
return errors.New("Unexpected prefix size")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Decode the public key
|
||||||
|
bpk, err := hex.DecodeString(dest)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
} else if len(bpk) != boxPubKeyLen {
|
||||||
|
return errors.New(fmt.Sprintf("Incorrect key length for %s", dest))
|
||||||
|
}
|
||||||
|
netStr := ipnet.String()
|
||||||
|
|
||||||
|
for idx, route := range *routingtable {
|
||||||
|
if bytes.Equal(route.destination[:], bpk) && route.subnet.String() == netStr {
|
||||||
|
*routingtable = append((*routingtable)[:idx], (*routingtable)[idx+1:]...)
|
||||||
|
for k := range *routingcache {
|
||||||
|
delete(*routingcache, k)
|
||||||
|
}
|
||||||
|
c.core.log.Printf("Removed CKR destination subnet %s via %s\n", cidr, dest)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return errors.New(fmt.Sprintf("Route does not exists for %s", cidr))
|
||||||
|
}
|
||||||
|
@ -102,7 +102,6 @@ func (t *dht) insert(info *dhtInfo) {
|
|||||||
if *info.getNodeID() == t.nodeID {
|
if *info.getNodeID() == t.nodeID {
|
||||||
// This shouldn't happen, but don't add it if it does
|
// This shouldn't happen, but don't add it if it does
|
||||||
return
|
return
|
||||||
panic("FIXME")
|
|
||||||
}
|
}
|
||||||
info.recv = time.Now()
|
info.recv = time.Now()
|
||||||
if oldInfo, isIn := t.table[*info.getNodeID()]; isIn {
|
if oldInfo, isIn := t.table[*info.getNodeID()]; isIn {
|
||||||
|
@ -36,15 +36,22 @@ type router struct {
|
|||||||
core *Core
|
core *Core
|
||||||
addr address
|
addr address
|
||||||
subnet subnet
|
subnet subnet
|
||||||
in <-chan []byte // packets we received from the network, link to peer's "out"
|
in <-chan []byte // packets we received from the network, link to peer's "out"
|
||||||
out func([]byte) // packets we're sending to the network, link to peer's "in"
|
out func([]byte) // packets we're sending to the network, link to peer's "in"
|
||||||
recv chan<- []byte // place where the tun pulls received packets from
|
toRecv chan router_recvPacket // packets to handle via recvPacket()
|
||||||
send <-chan []byte // place where the tun puts outgoing packets
|
recv chan<- []byte // place where the tun pulls received packets from
|
||||||
reset chan struct{} // signal that coords changed (re-init sessions/dht)
|
send <-chan []byte // place where the tun puts outgoing packets
|
||||||
admin chan func() // pass a lambda for the admin socket to query stuff
|
reset chan struct{} // signal that coords changed (re-init sessions/dht)
|
||||||
|
admin chan func() // pass a lambda for the admin socket to query stuff
|
||||||
cryptokey cryptokey
|
cryptokey cryptokey
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Packet and session info, used to check that the packet matches a valid IP range or CKR prefix before sending to the tun.
|
||||||
|
type router_recvPacket struct {
|
||||||
|
bs []byte
|
||||||
|
sinfo *sessionInfo
|
||||||
|
}
|
||||||
|
|
||||||
// Initializes the router struct, which includes setting up channels to/from the tun/tap.
|
// Initializes the router struct, which includes setting up channels to/from the tun/tap.
|
||||||
func (r *router) init(core *Core) {
|
func (r *router) init(core *Core) {
|
||||||
r.core = core
|
r.core = core
|
||||||
@ -63,6 +70,7 @@ func (r *router) init(core *Core) {
|
|||||||
}
|
}
|
||||||
r.in = in
|
r.in = in
|
||||||
r.out = func(packet []byte) { p.handlePacket(packet) } // The caller is responsible for go-ing if it needs to not block
|
r.out = func(packet []byte) { p.handlePacket(packet) } // The caller is responsible for go-ing if it needs to not block
|
||||||
|
r.toRecv = make(chan router_recvPacket, 32)
|
||||||
recv := make(chan []byte, 32)
|
recv := make(chan []byte, 32)
|
||||||
send := make(chan []byte, 32)
|
send := make(chan []byte, 32)
|
||||||
r.recv = recv
|
r.recv = recv
|
||||||
@ -70,7 +78,7 @@ func (r *router) init(core *Core) {
|
|||||||
r.core.tun.recv = recv
|
r.core.tun.recv = recv
|
||||||
r.core.tun.send = send
|
r.core.tun.send = send
|
||||||
r.reset = make(chan struct{}, 1)
|
r.reset = make(chan struct{}, 1)
|
||||||
r.admin = make(chan func())
|
r.admin = make(chan func(), 32)
|
||||||
r.cryptokey.init(r.core)
|
r.cryptokey.init(r.core)
|
||||||
// go r.mainLoop()
|
// go r.mainLoop()
|
||||||
}
|
}
|
||||||
@ -91,6 +99,8 @@ func (r *router) mainLoop() {
|
|||||||
defer ticker.Stop()
|
defer ticker.Stop()
|
||||||
for {
|
for {
|
||||||
select {
|
select {
|
||||||
|
case rp := <-r.toRecv:
|
||||||
|
r.recvPacket(rp.bs, rp.sinfo)
|
||||||
case p := <-r.in:
|
case p := <-r.in:
|
||||||
r.handleIn(p)
|
r.handleIn(p)
|
||||||
case p := <-r.send:
|
case p := <-r.send:
|
||||||
|
@ -589,5 +589,5 @@ func (sinfo *sessionInfo) doRecv(p *wire_trafficPacket) {
|
|||||||
sinfo.updateNonce(&p.Nonce)
|
sinfo.updateNonce(&p.Nonce)
|
||||||
sinfo.time = time.Now()
|
sinfo.time = time.Now()
|
||||||
sinfo.bytesRecvd += uint64(len(bs))
|
sinfo.bytesRecvd += uint64(len(bs))
|
||||||
sinfo.core.router.recvPacket(bs, sinfo)
|
sinfo.core.router.toRecv <- router_recvPacket{bs, sinfo}
|
||||||
}
|
}
|
||||||
|
@ -231,7 +231,7 @@ func main() {
|
|||||||
uint(k), uint(v), uint(queuesizepercent), uint(portqueuepackets[k]))
|
uint(k), uint(v), uint(queuesizepercent), uint(portqueuepackets[k]))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
case "addpeer", "removepeer", "addallowedencryptionpublickey", "removeallowedencryptionpublickey":
|
case "addpeer", "removepeer", "addallowedencryptionpublickey", "removeallowedencryptionpublickey", "addsourcesubnet", "addroute", "removesourcesubnet", "removeroute":
|
||||||
if _, ok := res["added"]; ok {
|
if _, ok := res["added"]; ok {
|
||||||
for _, v := range res["added"].([]interface{}) {
|
for _, v := range res["added"].([]interface{}) {
|
||||||
fmt.Println("Added:", fmt.Sprint(v))
|
fmt.Println("Added:", fmt.Sprint(v))
|
||||||
@ -274,6 +274,28 @@ func main() {
|
|||||||
fmt.Println("-", v)
|
fmt.Println("-", v)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
case "getsourcesubnets":
|
||||||
|
if _, ok := res["source_subnets"]; !ok {
|
||||||
|
fmt.Println("No source subnets found")
|
||||||
|
} else if res["source_subnets"] == nil {
|
||||||
|
fmt.Println("No source subnets found")
|
||||||
|
} else {
|
||||||
|
fmt.Println("Source subnets:")
|
||||||
|
for _, v := range res["source_subnets"].([]interface{}) {
|
||||||
|
fmt.Println("-", v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
case "getroutes":
|
||||||
|
if _, ok := res["routes"]; !ok {
|
||||||
|
fmt.Println("No routes found")
|
||||||
|
} else if res["routes"] == nil {
|
||||||
|
fmt.Println("No routes found")
|
||||||
|
} else {
|
||||||
|
fmt.Println("Routes:")
|
||||||
|
for _, v := range res["routes"].([]interface{}) {
|
||||||
|
fmt.Println("-", v)
|
||||||
|
}
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
if json, err := json.MarshalIndent(recv["response"], "", " "); err == nil {
|
if json, err := json.MarshalIndent(recv["response"], "", " "); err == nil {
|
||||||
fmt.Println(string(json))
|
fmt.Println(string(json))
|
||||||
|
Loading…
Reference in New Issue
Block a user