cwinfo/yggdrasil-go
5
0
Fork 0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-11-26 08:21:36 +00:00
Code Releases Activity

Change some mutexes to atomics, change conns map to pointers, sort of works but seems to deadlock very easily

Browse Source
This commit is contained in:
Neil Alexander 2019-04-21 11:50:41 +01:00
parent 62621f2960
commit 79bcfbf175
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944
6 changed files with 81 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/tuntap/tun.go
View File

@ -30,8 +30,7 @@ type TunAdapter struct {
config *config.NodeState config *config.NodeState
log *log.Logger log *log.Logger
reconfigure chan chan error reconfigure chan chan error
conns map[crypto.NodeID]yggdrasil.Conn conns map[crypto.NodeID]*yggdrasil.Conn
connsMutex sync.RWMutex
listener *yggdrasil.Listener listener *yggdrasil.Listener
dialer *yggdrasil.Dialer dialer *yggdrasil.Dialer
addr address.Address addr address.Address
@ -102,7 +101,7 @@ func (tun *TunAdapter) Init(config *config.NodeState, log *log.Logger, listener
tun.log = log tun.log = log
tun.listener = listener tun.listener = listener
tun.dialer = dialer tun.dialer = dialer
tun.conns = make(map[crypto.NodeID]yggdrasil.Conn) tun.conns = make(map[crypto.NodeID]*yggdrasil.Conn)
} }
// Start the setup process for the TUN/TAP adapter. If successful, starts the // Start the setup process for the TUN/TAP adapter. If successful, starts the
@ -180,6 +179,7 @@ func (tun *TunAdapter) handler() error {
} }
func (tun *TunAdapter) connReader(conn *yggdrasil.Conn) error { func (tun *TunAdapter) connReader(conn *yggdrasil.Conn) error {
tun.conns[conn.RemoteAddr()] = conn
b := make([]byte, 65535) b := make([]byte, 65535)
for { for {
n, err := conn.Read(b) n, err := conn.Read(b)
@ -203,7 +203,6 @@ func (tun *TunAdapter) connReader(conn *yggdrasil.Conn) error {
} }
func (tun *TunAdapter) ifaceReader() error { func (tun *TunAdapter) ifaceReader() error {
tun.log.Println("Start TUN reader")
bs := make([]byte, 65535) bs := make([]byte, 65535)
for { for {
n, err := tun.iface.Read(bs) n, err := tun.iface.Read(bs)
@ -244,6 +243,7 @@ func (tun *TunAdapter) ifaceReader() error {
dstNodeID, dstNodeIDMask = dstAddr.GetNodeIDandMask() dstNodeID, dstNodeIDMask = dstAddr.GetNodeIDandMask()
// Do we have an active connection for this node ID? // Do we have an active connection for this node ID?
if conn, isIn := tun.conns[*dstNodeID]; isIn { if conn, isIn := tun.conns[*dstNodeID]; isIn {
tun.log.Println("Got", &conn)
w, err := conn.Write(bs) w, err := conn.Write(bs)
if err != nil { if err != nil {
tun.log.Println("Unable to write to remote:", err) tun.log.Println("Unable to write to remote:", err)
@ -254,14 +254,12 @@ func (tun *TunAdapter) ifaceReader() error {
} }
} else { } else {
tun.log.Println("Opening connection for", *dstNodeID) tun.log.Println("Opening connection for", *dstNodeID)
tun.connsMutex.Lock()
if conn, err := tun.dialer.DialByNodeIDandMask(dstNodeID, dstNodeIDMask); err == nil { if conn, err := tun.dialer.DialByNodeIDandMask(dstNodeID, dstNodeIDMask); err == nil {
tun.conns[*dstNodeID] = conn tun.conns[*dstNodeID] = &conn
go tun.connReader(&conn) go tun.connReader(&conn)
} else { } else {
tun.log.Println("Error dialing:", err) tun.log.Println("Error dialing:", err)
} }
tun.connsMutex.Unlock()
} }
/*if !r.cryptokey.isValidSource(srcAddr, addrlen) { /*if !r.cryptokey.isValidSource(srcAddr, addrlen) {

41
src/yggdrasil/conn.go
View File

@ -1,8 +1,8 @@
package yggdrasil package yggdrasil
import ( import (
"encoding/hex"
"errors" "errors"
"fmt"
"sync" "sync"
"sync/atomic" "sync/atomic"
"time" "time"
@ -42,27 +42,27 @@ func (c *Conn) startSearch() {
doSearch := func() { doSearch := func() {
sinfo, isIn := c.core.searches.searches[*c.nodeID] sinfo, isIn := c.core.searches.searches[*c.nodeID]
if !isIn { if !isIn {
c.core.log.Debugln("Starting search for", hex.EncodeToString(c.nodeID[:]))
sinfo = c.core.searches.newIterSearch(c.nodeID, c.nodeMask, searchCompleted) sinfo = c.core.searches.newIterSearch(c.nodeID, c.nodeMask, searchCompleted)
} }
c.core.searches.continueSearch(sinfo) c.core.searches.continueSearch(sinfo)
} }
var sinfo *sessionInfo
var isIn bool
switch { switch {
case !isIn || !sinfo.init: case c.session == nil || !c.session.init.Load().(bool):
doSearch() doSearch()
case time.Since(sinfo.time) > 6*time.Second: case time.Since(c.session.time.Load().(time.Time)) > 6*time.Second:
if sinfo.time.Before(sinfo.pingTime) && time.Since(sinfo.pingTime) > 6*time.Second { sTime := c.session.time.Load().(time.Time)
pingTime := c.session.pingTime.Load().(time.Time)
if sTime.Before(pingTime) && time.Since(pingTime) > 6*time.Second {
doSearch() doSearch()
} else { } else {
pingSend := c.session.pingSend.Load().(time.Time)
now := time.Now() now := time.Now()
if !sinfo.time.Before(sinfo.pingTime) { if !sTime.Before(pingTime) {
sinfo.pingTime = now c.session.pingTime.Store(now)
} }
if time.Since(sinfo.pingSend) > time.Second { if time.Since(pingSend) > time.Second {
sinfo.pingSend = now c.session.pingSend.Store(now)
c.core.sessions.sendPingPong(sinfo, false) c.core.sessions.sendPingPong(c.session, false)
} }
} }
} }
@ -77,12 +77,9 @@ func (c *Conn) Read(b []byte) (int, error) {
if c.session == nil { if c.session == nil {
return 0, errors.New("searching for remote side") return 0, errors.New("searching for remote side")
} }
c.session.initMutex.RLock() if !c.session.init.Load().(bool) {
if !c.session.init {
c.session.initMutex.RUnlock()
return 0, errors.New("waiting for remote side to accept") return 0, errors.New("waiting for remote side to accept")
} }
c.session.initMutex.RUnlock()
select { select {
case p, ok := <-c.session.recv: case p, ok := <-c.session.recv:
if !ok { if !ok {
@ -106,9 +103,7 @@ func (c *Conn) Read(b []byte) (int, error) {
b = b[:len(bs)] b = b[:len(bs)]
} }
c.session.updateNonce(&p.Nonce) c.session.updateNonce(&p.Nonce)
c.session.timeMutex.Lock() c.session.time.Store(time.Now())
c.session.time = time.Now()
c.session.timeMutex.Unlock()
return nil return nil
}() }()
if err != nil { if err != nil {
@ -129,22 +124,18 @@ func (c *Conn) Write(b []byte) (bytesWritten int, err error) {
return 0, errors.New("session is closed") return 0, errors.New("session is closed")
} }
if c.session == nil { if c.session == nil {
fmt.Println("No session found, starting search for", &c)
c.core.router.doAdmin(func() { c.core.router.doAdmin(func() {
c.startSearch() c.startSearch()
}) })
return 0, errors.New("searching for remote side") return 0, errors.New("searching for remote side")
} }
defer util.PutBytes(b) defer util.PutBytes(b)
c.session.initMutex.RLock() if !c.session.init.Load().(bool) {
if !c.session.init {
c.session.initMutex.RUnlock()
return 0, errors.New("waiting for remote side to accept") return 0, errors.New("waiting for remote side to accept")
} }
c.session.initMutex.RUnlock()
// code isn't multithreaded so appending to this is safe // code isn't multithreaded so appending to this is safe
c.session.coordsMutex.RLock()
coords := c.session.coords coords := c.session.coords
c.session.coordsMutex.RUnlock()
// Prepare the payload // Prepare the payload
c.session.myNonceMutex.Lock() c.session.myNonceMutex.Lock()
payload, nonce := crypto.BoxSeal(&c.session.sharedSesKey, b, &c.session.myNonce) payload, nonce := crypto.BoxSeal(&c.session.sharedSesKey, b, &c.session.myNonce)

12
src/yggdrasil/dialer.go
View File

@ -35,7 +35,7 @@ func (d *Dialer) Dial(network, address string) (Conn, error) {
return Conn{}, err return Conn{}, err
} }
copy(nodeID[:], dest) copy(nodeID[:], dest)
for idx := 0; idx < len; idx++ { for idx := 0; idx <= len; idx++ {
nodeMask[idx/8] |= 0x80 >> byte(idx%8) nodeMask[idx/8] |= 0x80 >> byte(idx%8)
} }
} else { } else {
@ -59,15 +59,13 @@ func (d *Dialer) Dial(network, address string) (Conn, error) {
// NodeID parameters. // NodeID parameters.
func (d *Dialer) DialByNodeIDandMask(nodeID, nodeMask *crypto.NodeID) (Conn, error) { func (d *Dialer) DialByNodeIDandMask(nodeID, nodeMask *crypto.NodeID) (Conn, error) {
conn := Conn{ conn := Conn{
mutex: &sync.RWMutex{}, core: d.core,
mutex: &sync.RWMutex{},
nodeID: nodeID,
nodeMask: nodeMask,
} }
conn.core = d.core
conn.nodeID = nodeID
conn.nodeMask = nodeMask
conn.core.router.doAdmin(func() { conn.core.router.doAdmin(func() {
conn.startSearch() conn.startSearch()
}) })
conn.mutex.Lock()
defer conn.mutex.Unlock()
return conn, nil return conn, nil
} }

22
src/yggdrasil/router.go
View File

@ -287,16 +287,15 @@ func (r *router) sendPacket(bs []byte) {
if destSnet.IsValid() { if destSnet.IsValid() {
sinfo, isIn = r.core.sessions.getByTheirSubnet(&destSnet) sinfo, isIn = r.core.sessions.getByTheirSubnet(&destSnet)
} }
sinfo.timeMutex.Lock() sTime := sinfo.time.Load().(time.Time)
sinfo.initMutex.RLock() pingTime := sinfo.pingTime.Load().(time.Time)
defer sinfo.timeMutex.Unlock() pingSend := sinfo.pingSend.Load().(time.Time)
defer sinfo.initMutex.RUnlock()
switch { switch {
case !isIn || !sinfo.init: case !isIn || !sinfo.init.Load().(bool):
// No or unintiialized session, so we need to search first // No or unintiialized session, so we need to search first
doSearch(bs) doSearch(bs)
case time.Since(sinfo.time) > 6*time.Second: case time.Since(sTime) > 6*time.Second:
if sinfo.time.Before(sinfo.pingTime) && time.Since(sinfo.pingTime) > 6*time.Second { if sTime.Before(pingTime) && time.Since(pingTime) > 6*time.Second {
// We haven't heard from the dest in a while // We haven't heard from the dest in a while
// We tried pinging but didn't get a response // We tried pinging but didn't get a response
// They may have changed coords // They may have changed coords
@ -307,16 +306,15 @@ func (r *router) sendPacket(bs []byte) {
// We haven't heard about the dest in a while // We haven't heard about the dest in a while
now := time.Now() now := time.Now()
if !sinfo.time.Before(sinfo.pingTime) { if !sTime.Before(pingTime) {
// Update pingTime to start the clock for searches (above) // Update pingTime to start the clock for searches (above)
sinfo.pingTime = now sinfo.pingTime.Store(now)
} }
if time.Since(sinfo.pingSend) > time.Second { if time.Since(pingSend) > time.Second {
// Send at most 1 ping per second // Send at most 1 ping per second
sinfo.pingSend = now sinfo.pingSend.Store(now)
r.core.sessions.sendPingPong(sinfo, false) r.core.sessions.sendPingPong(sinfo, false)
} }
sinfo.timeMutex.Unlock()
} }
fallthrough // Also send the packet fallthrough // Also send the packet
default: default:

2
src/yggdrasil/search.go
View File

@ -212,9 +212,7 @@ func (s *searches) checkDHTRes(info *searchInfo, res *dhtRes) bool {
} }
} }
// FIXME (!) replay attacks could mess with coords? Give it a handle (tstamp)? // FIXME (!) replay attacks could mess with coords? Give it a handle (tstamp)?
sinfo.coordsMutex.Lock()
sinfo.coords = res.Coords sinfo.coords = res.Coords
sinfo.coordsMutex.Unlock()
sinfo.packet = info.packet sinfo.packet = info.packet
s.core.sessions.ping(sinfo) s.core.sessions.ping(sinfo)
info.callback(sinfo, nil) info.callback(sinfo, nil)

107
src/yggdrasil/session.go
View File

@ -18,41 +18,38 @@ import (
// All the information we know about an active session. // All the information we know about an active session.
// This includes coords, permanent and ephemeral keys, handles and nonces, various sorts of timing information for timeout and maintenance, and some metadata for the admin API. // This includes coords, permanent and ephemeral keys, handles and nonces, various sorts of timing information for timeout and maintenance, and some metadata for the admin API.
type sessionInfo struct { type sessionInfo struct {
core *Core core *Core //
reconfigure chan chan error reconfigure chan chan error //
theirAddr address.Address theirAddr address.Address //
theirSubnet address.Subnet theirSubnet address.Subnet //
theirPermPub crypto.BoxPubKey theirPermPub crypto.BoxPubKey //
theirSesPub crypto.BoxPubKey theirSesPub crypto.BoxPubKey //
mySesPub crypto.BoxPubKey mySesPub crypto.BoxPubKey //
mySesPriv crypto.BoxPrivKey mySesPriv crypto.BoxPrivKey //
sharedSesKey crypto.BoxSharedKey // derived from session keys sharedSesKey crypto.BoxSharedKey // derived from session keys
theirHandle crypto.Handle theirHandle crypto.Handle //
myHandle crypto.Handle myHandle crypto.Handle //
theirNonce crypto.BoxNonce theirNonce crypto.BoxNonce //
theirNonceMask uint64 theirNonceMask uint64 //
theirNonceMutex sync.Mutex // protects the above theirNonceMutex sync.Mutex // protects the above
myNonce crypto.BoxNonce myNonce crypto.BoxNonce //
myNonceMutex sync.Mutex // protects the above myNonceMutex sync.Mutex // protects the above
theirMTU uint16 theirMTU uint16 //
myMTU uint16 myMTU uint16 //
wasMTUFixed bool // Was the MTU fixed by a receive error? wasMTUFixed bool // Was the MTU fixed by a receive error?
time time.Time // Time we last received a packet time atomic.Value // time.Time // Time we last received a packet
mtuTime time.Time // time myMTU was last changed mtuTime atomic.Value // time.Time // time myMTU was last changed
pingTime time.Time // time the first ping was sent since the last received packet pingTime atomic.Value // time.Time // time the first ping was sent since the last received packet
pingSend time.Time // time the last ping was sent pingSend atomic.Value // time.Time // time the last ping was sent
timeMutex sync.RWMutex // protects all time fields above coords []byte // coords of destination
coords []byte // coords of destination packet []byte // a buffered packet, sent immediately on ping/pong
coordsMutex sync.RWMutex // protects the above init atomic.Value // bool // Reset if coords change
packet []byte // a buffered packet, sent immediately on ping/pong send chan []byte //
init bool // Reset if coords change recv chan *wire_trafficPacket //
initMutex sync.RWMutex closed chan interface{} //
send chan []byte tstamp int64 // ATOMIC - tstamp from their last session ping, replay attack mitigation
recv chan *wire_trafficPacket bytesSent uint64 // Bytes of real traffic sent in this session
closed chan interface{} bytesRecvd uint64 // Bytes of real traffic received in this session
tstamp int64 // ATOMIC - tstamp from their last session ping, replay attack mitigation
bytesSent uint64 // Bytes of real traffic sent in this session
bytesRecvd uint64 // Bytes of real traffic received in this session
} }
// Represents a session ping/pong packet, andincludes information like public keys, a session handle, coords, a timestamp to prevent replays, and the tun/tap MTU. // Represents a session ping/pong packet, andincludes information like public keys, a session handle, coords, a timestamp to prevent replays, and the tun/tap MTU.
@ -60,10 +57,10 @@ type sessionPing struct {
SendPermPub crypto.BoxPubKey // Sender's permanent key SendPermPub crypto.BoxPubKey // Sender's permanent key
Handle crypto.Handle // Random number to ID session Handle crypto.Handle // Random number to ID session
SendSesPub crypto.BoxPubKey // Session key to use SendSesPub crypto.BoxPubKey // Session key to use
Coords []byte Coords []byte //
Tstamp int64 // unix time, but the only real requirement is that it increases Tstamp int64 // unix time, but the only real requirement is that it increases
IsPong bool IsPong bool //
MTU uint16 MTU uint16 //
} }
// Updates session info in response to a ping, after checking that the ping is OK. // Updates session info in response to a ping, after checking that the ping is OK.
@ -93,21 +90,15 @@ func (s *sessionInfo) update(p *sessionPing) bool {
s.coords = append(make([]byte, 0, len(p.Coords)+11), p.Coords...) s.coords = append(make([]byte, 0, len(p.Coords)+11), p.Coords...)
} }
now := time.Now() now := time.Now()
s.timeMutex.Lock() s.time.Store(now)
s.time = now
s.timeMutex.Unlock()
atomic.StoreInt64(&s.tstamp, p.Tstamp) atomic.StoreInt64(&s.tstamp, p.Tstamp)
s.initMutex.Lock() s.init.Store(true)
s.init = true
s.initMutex.Unlock()
return true return true
} }
// Returns true if the session has been idle for longer than the allowed timeout. // Returns true if the session has been idle for longer than the allowed timeout.
func (s *sessionInfo) timedout() bool { func (s *sessionInfo) timedout() bool {
s.timeMutex.RLock() return time.Since(s.time.Load().(time.Time)) > time.Minute
defer s.timeMutex.RUnlock()
return time.Since(s.time) > time.Minute
} }
// Struct of all active sessions. // Struct of all active sessions.
@ -291,12 +282,10 @@ func (ss *sessions) createSession(theirPermKey *crypto.BoxPubKey) *sessionInfo {
sinfo.theirMTU = 1280 sinfo.theirMTU = 1280
sinfo.myMTU = 1280 sinfo.myMTU = 1280
now := time.Now() now := time.Now()
sinfo.timeMutex.Lock() sinfo.time.Store(now)
sinfo.time = now sinfo.mtuTime.Store(now)
sinfo.mtuTime = now sinfo.pingTime.Store(now)
sinfo.pingTime = now sinfo.pingSend.Store(now)
sinfo.pingSend = now
sinfo.timeMutex.Unlock()
higher := false higher := false
for idx := range ss.core.boxPub { for idx := range ss.core.boxPub {
if ss.core.boxPub[idx] > sinfo.theirPermPub[idx] { if ss.core.boxPub[idx] > sinfo.theirPermPub[idx] {
@ -437,7 +426,6 @@ func (ss *sessions) sendPingPong(sinfo *sessionInfo, isPong bool) {
bs := ping.encode() bs := ping.encode()
shared := ss.getSharedKey(&ss.core.boxPriv, &sinfo.theirPermPub) shared := ss.getSharedKey(&ss.core.boxPriv, &sinfo.theirPermPub)
payload, nonce := crypto.BoxSeal(shared, bs, nil) payload, nonce := crypto.BoxSeal(shared, bs, nil)
sinfo.coordsMutex.RLock()
p := wire_protoTrafficPacket{ p := wire_protoTrafficPacket{
Coords: sinfo.coords, Coords: sinfo.coords,
ToKey: sinfo.theirPermPub, ToKey: sinfo.theirPermPub,
@ -445,13 +433,10 @@ func (ss *sessions) sendPingPong(sinfo *sessionInfo, isPong bool) {
Nonce: *nonce, Nonce: *nonce,
Payload: payload, Payload: payload,
} }
sinfo.coordsMutex.RUnlock()
packet := p.encode() packet := p.encode()
ss.core.router.out(packet) ss.core.router.out(packet)
if !isPong { if !isPong {
sinfo.timeMutex.Lock() sinfo.pingSend.Store(time.Now())
sinfo.pingSend = time.Now()
sinfo.timeMutex.Unlock()
} }
} }
@ -551,8 +536,6 @@ func (sinfo *sessionInfo) updateNonce(theirNonce *crypto.BoxNonce) {
// Called after coord changes, so attemtps to use a session will trigger a new ping and notify the remote end of the coord change. // Called after coord changes, so attemtps to use a session will trigger a new ping and notify the remote end of the coord change.
func (ss *sessions) resetInits() { func (ss *sessions) resetInits() {
for _, sinfo := range ss.sinfos { for _, sinfo := range ss.sinfos {
sinfo.initMutex.Lock() sinfo.init.Store(false)
sinfo.init = false
sinfo.initMutex.Unlock()
} }
} }