From e36f88c75f8702442478b1e15544c602ccdbe72d Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Thu, 31 Jan 2019 23:18:02 +0000 Subject: [PATCH 1/4] Info logging when link connects/disconnects --- src/yggdrasil/link.go | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 320b3e6..681cf81 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -3,10 +3,13 @@ package yggdrasil import ( "errors" "fmt" + "net" + "strings" "sync" //"sync/atomic" "time" + "github.com/yggdrasil-network/yggdrasil-go/src/address" "github.com/yggdrasil-network/yggdrasil-go/src/crypto" "github.com/yggdrasil-network/yggdrasil-go/src/util" ) @@ -143,7 +146,22 @@ func (intf *linkInterface) handler() error { out <- msg } intf.peer.linkOut = make(chan []byte, 1) - intf.peer.close = func() { intf.msgIO.close() } + intf.peer.close = func() { + intf.msgIO.close() + // Make output + themAddr := address.AddrForNodeID(crypto.GetNodeID(&intf.info.box)) + themAddrString := net.IP(themAddr[:]).String() + themString := fmt.Sprintf("%s@%s", themAddrString, intf.info.remote) + intf.link.core.log.Infof("Disconnected %s: %s, source %s", + strings.ToUpper(intf.info.linkType), themString, intf.info.local) + } + // Make output + themAddr := address.AddrForNodeID(crypto.GetNodeID(&intf.info.box)) + themAddrString := net.IP(themAddr[:]).String() + themString := fmt.Sprintf("%s@%s", themAddrString, intf.info.remote) + intf.link.core.log.Infof("Connected %s: %s, source %s", + strings.ToUpper(intf.info.linkType), themString, intf.info.local) + // Start the link loop go intf.peer.linkLoop() // Start the writer signalReady := make(chan struct{}, 1) From 432f93de894fcc21a3fb30a32fa0e053405796c7 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Thu, 31 Jan 2019 23:29:18 +0000 Subject: [PATCH 2/4] Check AllowedEncryptionPublicKeys --- src/yggdrasil/link.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 681cf81..3b540d0 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -1,6 +1,7 @@ package yggdrasil import ( + "encoding/hex" "errors" "fmt" "net" @@ -104,6 +105,18 @@ func (intf *linkInterface) handler() error { intf.link.core.log.Errorln("Failed to connect to node: " + intf.name + " version: " + fmt.Sprintf("%d.%d", meta.ver, meta.minorVer)) return errors.New("failed to connect: wrong version") } + // Check if we're authorized to connect to this key / IP + if !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) { + // Allow unauthorized peers if they're link-local + raddrStr, _, _ := net.SplitHostPort(intf.info.remote) + raddr := net.ParseIP(raddrStr) + if !raddr.IsLinkLocalUnicast() { + intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKey does not contain key %s", + strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:])) + intf.msgIO.close() + return nil + } + } // Check if we already have a link to this node intf.info.box = meta.box intf.info.sig = meta.sig From ec5f7d98790b246c3e5f0c5b143f5789ad895166 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Thu, 31 Jan 2019 23:47:20 +0000 Subject: [PATCH 3/4] Enforce AllowedEncryptionPublicKeys for all peers inc. link-local --- src/yggdrasil/link.go | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 3b540d0..e52ff95 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -107,15 +107,10 @@ func (intf *linkInterface) handler() error { } // Check if we're authorized to connect to this key / IP if !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) { - // Allow unauthorized peers if they're link-local - raddrStr, _, _ := net.SplitHostPort(intf.info.remote) - raddr := net.ParseIP(raddrStr) - if !raddr.IsLinkLocalUnicast() { - intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKey does not contain key %s", - strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:])) - intf.msgIO.close() - return nil - } + intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKeys does not contain key %s", + strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:])) + intf.msgIO.close() + return nil } // Check if we already have a link to this node intf.info.box = meta.box From 43f798e82ea1cce63e23c1c2be46426fc25a1c46 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 1 Feb 2019 00:02:17 +0000 Subject: [PATCH 4/4] Check link-local in tcp.go, track direction in link.go, fix compile error for mobile.go --- src/yggdrasil/awdl.go | 4 ++-- src/yggdrasil/link.go | 35 +++++++++++++++++------------------ src/yggdrasil/mobile.go | 3 ++- src/yggdrasil/mobile_ios.go | 4 ++-- src/yggdrasil/tcp.go | 3 ++- 5 files changed, 25 insertions(+), 24 deletions(-) diff --git a/src/yggdrasil/awdl.go b/src/yggdrasil/awdl.go index e9e57a6..4236688 100644 --- a/src/yggdrasil/awdl.go +++ b/src/yggdrasil/awdl.go @@ -54,14 +54,14 @@ func (a *awdl) init(l *link) error { return nil } -func (a *awdl) create(name, local, remote string) (*awdlInterface, error) { +func (a *awdl) create(name, local, remote string, incoming bool) (*awdlInterface, error) { rwc := awdlReadWriteCloser{ fromAWDL: make(chan []byte, 1), toAWDL: make(chan []byte, 1), } s := stream{} s.init(rwc) - linkif, err := a.link.create(&s, name, "awdl", local, remote) + linkif, err := a.link.create(&s, name, "awdl", local, remote, incoming, true) if err != nil { return nil, err } diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index e52ff95..2d2155c 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -40,12 +40,14 @@ type linkInterfaceMsgIO interface { } type linkInterface struct { - name string - link *link - peer *peer - msgIO linkInterfaceMsgIO - info linkInfo - closed chan struct{} + name string + link *link + peer *peer + msgIO linkInterfaceMsgIO + info linkInfo + incoming bool + force bool + closed chan struct{} } func (l *link) init(c *Core) error { @@ -62,7 +64,7 @@ func (l *link) init(c *Core) error { return nil } -func (l *link) create(msgIO linkInterfaceMsgIO, name, linkType, local, remote string) (*linkInterface, error) { +func (l *link) create(msgIO linkInterfaceMsgIO, name, linkType, local, remote string, incoming, force bool) (*linkInterface, error) { // Technically anything unique would work for names, but lets pick something human readable, just for debugging intf := linkInterface{ name: name, @@ -73,6 +75,8 @@ func (l *link) create(msgIO linkInterfaceMsgIO, name, linkType, local, remote st local: local, remote: remote, }, + incoming: incoming, + force: force, } //l.interfaces[intf.name] = &intf //go intf.start() @@ -106,7 +110,7 @@ func (intf *linkInterface) handler() error { return errors.New("failed to connect: wrong version") } // Check if we're authorized to connect to this key / IP - if !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) { + if !intf.force && !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) { intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKeys does not contain key %s", strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:])) intf.msgIO.close() @@ -154,19 +158,14 @@ func (intf *linkInterface) handler() error { out <- msg } intf.peer.linkOut = make(chan []byte, 1) - intf.peer.close = func() { - intf.msgIO.close() - // Make output - themAddr := address.AddrForNodeID(crypto.GetNodeID(&intf.info.box)) - themAddrString := net.IP(themAddr[:]).String() - themString := fmt.Sprintf("%s@%s", themAddrString, intf.info.remote) - intf.link.core.log.Infof("Disconnected %s: %s, source %s", - strings.ToUpper(intf.info.linkType), themString, intf.info.local) - } - // Make output themAddr := address.AddrForNodeID(crypto.GetNodeID(&intf.info.box)) themAddrString := net.IP(themAddr[:]).String() themString := fmt.Sprintf("%s@%s", themAddrString, intf.info.remote) + intf.peer.close = func() { + intf.msgIO.close() + intf.link.core.log.Infof("Disconnected %s: %s, source %s", + strings.ToUpper(intf.info.linkType), themString, intf.info.local) + } intf.link.core.log.Infof("Connected %s: %s, source %s", strings.ToUpper(intf.info.linkType), themString, intf.info.local) // Start the link loop diff --git a/src/yggdrasil/mobile.go b/src/yggdrasil/mobile.go index 52215f0..76fbe54 100644 --- a/src/yggdrasil/mobile.go +++ b/src/yggdrasil/mobile.go @@ -5,10 +5,11 @@ package yggdrasil import ( "encoding/hex" "encoding/json" - "log" "os" "time" + "github.com/gologme/log" + hjson "github.com/hjson/hjson-go" "github.com/mitchellh/mapstructure" "github.com/yggdrasil-network/yggdrasil-go/src/config" diff --git a/src/yggdrasil/mobile_ios.go b/src/yggdrasil/mobile_ios.go index c2ec63b..7b08999 100644 --- a/src/yggdrasil/mobile_ios.go +++ b/src/yggdrasil/mobile_ios.go @@ -29,8 +29,8 @@ func (nsl MobileLogger) Write(p []byte) (n int, err error) { return len(p), nil } -func (c *Core) AWDLCreateInterface(name, local, remote string) error { - if intf, err := c.link.awdl.create(name, local, remote); err != nil || intf == nil { +func (c *Core) AWDLCreateInterface(name, local, remote string, incoming bool) error { + if intf, err := c.link.awdl.create(name, local, remote, incoming); err != nil || intf == nil { c.log.Println("c.link.awdl.create:", err) return err } diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 617aa22..979bc81 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -284,8 +284,9 @@ func (iface *tcpInterface) handler(sock net.Conn, incoming bool) { stream.init(sock) local, _, _ := net.SplitHostPort(sock.LocalAddr().String()) remote, _, _ := net.SplitHostPort(sock.RemoteAddr().String()) + remotelinklocal := net.ParseIP(remote).IsLinkLocalUnicast() name := "tcp://" + sock.RemoteAddr().String() - link, err := iface.core.link.create(&stream, name, "tcp", local, remote) + link, err := iface.core.link.create(&stream, name, "tcp", local, remote, incoming, remotelinklocal) if err != nil { iface.core.log.Println(err) panic(err)