5
0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-11-22 17:40:26 +00:00

Update configuration names, fix multicast interface selection

This commit is contained in:
Neil Alexander 2018-05-23 11:28:20 +01:00
parent 6f79184c9b
commit 9d9083e373
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944
10 changed files with 117 additions and 125 deletions

View File

@ -48,16 +48,16 @@ func (n *Node) startPeers() {
func linkNodes(m, n *Node) { func linkNodes(m, n *Node) {
// Don't allow duplicates // Don't allow duplicates
if m.core.DEBUG_getPeers().DEBUG_hasPeer(n.core.DEBUG_getSigPub()) { if m.core.DEBUG_getPeers().DEBUG_hasPeer(n.core.DEBUG_getSigningPublicKey()) {
return return
} }
// Create peers // Create peers
// Buffering reduces packet loss in the sim // Buffering reduces packet loss in the sim
// This slightly speeds up testing (fewer delays before retrying a ping) // This slightly speeds up testing (fewer delays before retrying a ping)
p := m.core.DEBUG_getPeers().DEBUG_newPeer(n.core.DEBUG_getBoxPub(), p := m.core.DEBUG_getPeers().DEBUG_newPeer(n.core.DEBUG_getEncryptionPublicKey(),
n.core.DEBUG_getSigPub()) n.core.DEBUG_getSigningPublicKey())
q := n.core.DEBUG_getPeers().DEBUG_newPeer(m.core.DEBUG_getBoxPub(), q := n.core.DEBUG_getPeers().DEBUG_newPeer(m.core.DEBUG_getEncryptionPublicKey(),
m.core.DEBUG_getSigPub()) m.core.DEBUG_getSigningPublicKey())
DEBUG_simLinkPeers(p, q) DEBUG_simLinkPeers(p, q)
return return
} }
@ -141,7 +141,7 @@ func startNetwork(store map[[32]byte]*Node) {
func getKeyedStore(store map[int]*Node) map[[32]byte]*Node { func getKeyedStore(store map[int]*Node) map[[32]byte]*Node {
newStore := make(map[[32]byte]*Node) newStore := make(map[[32]byte]*Node)
for _, node := range store { for _, node := range store {
newStore[node.core.DEBUG_getSigPub()] = node newStore[node.core.DEBUG_getSigningPublicKey()] = node
} }
return newStore return newStore
} }
@ -257,7 +257,7 @@ func pingNodes(store map[[32]byte]*Node) {
count++ count++
//if count > 16 { break } //if count > 16 { break }
fmt.Printf("Sending packets from node %d/%d (%d)\n", count, nNodes, source.index) fmt.Printf("Sending packets from node %d/%d (%d)\n", count, nNodes, source.index)
sourceKey := source.core.DEBUG_getBoxPub() sourceKey := source.core.DEBUG_getEncryptionPublicKey()
payload := sourceKey[:] payload := sourceKey[:]
sourceAddr := source.core.DEBUG_getAddr()[:] sourceAddr := source.core.DEBUG_getAddr()[:]
sendTo := func(bs []byte, destAddr []byte) { sendTo := func(bs []byte, destAddr []byte) {
@ -329,7 +329,7 @@ func pingBench(store map[[32]byte]*Node) {
return packet return packet
} }
for _, dest := range store { for _, dest := range store {
key := dest.core.DEBUG_getBoxPub() key := dest.core.DEBUG_getEncryptionPublicKey()
loc := dest.core.DEBUG_getLocator() loc := dest.core.DEBUG_getLocator()
coords := loc.DEBUG_getCoords() coords := loc.DEBUG_getCoords()
ping := getPing(key, coords) ping := getPing(key, coords)

View File

@ -173,11 +173,11 @@ func (a *admin) init(c *Core, listenaddr string) {
}, nil }, nil
} }
}) })
a.addHandler("getAllowedBoxPubs", []string{}, func(in admin_info) (admin_info, error) { a.addHandler("getAllowedEncryptionPublicKeys", []string{}, func(in admin_info) (admin_info, error) {
return admin_info{"allowed_box_pubs": a.getAllowedBoxPubs()}, nil return admin_info{"allowed_box_pubs": a.getAllowedEncryptionPublicKeys()}, nil
}) })
a.addHandler("addAllowedBoxPub", []string{"box_pub_key"}, func(in admin_info) (admin_info, error) { a.addHandler("addAllowedEncryptionPublicKey", []string{"box_pub_key"}, func(in admin_info) (admin_info, error) {
if a.addAllowedBoxPub(in["box_pub_key"].(string)) == nil { if a.addAllowedEncryptionPublicKey(in["box_pub_key"].(string)) == nil {
return admin_info{ return admin_info{
"added": []string{ "added": []string{
in["box_pub_key"].(string), in["box_pub_key"].(string),
@ -191,8 +191,8 @@ func (a *admin) init(c *Core, listenaddr string) {
}, errors.New("Failed to add allowed box pub key") }, errors.New("Failed to add allowed box pub key")
} }
}) })
a.addHandler("removeAllowedBoxPub", []string{"box_pub_key"}, func(in admin_info) (admin_info, error) { a.addHandler("removeAllowedEncryptionPublicKey", []string{"box_pub_key"}, func(in admin_info) (admin_info, error) {
if a.removeAllowedBoxPub(in["box_pub_key"].(string)) == nil { if a.removeAllowedEncryptionPublicKey(in["box_pub_key"].(string)) == nil {
return admin_info{ return admin_info{
"removed": []string{ "removed": []string{
in["box_pub_key"].(string), in["box_pub_key"].(string),
@ -514,8 +514,8 @@ func (a *admin) getData_getSessions() []admin_nodeInfo {
return infos return infos
} }
func (a *admin) getAllowedBoxPubs() []string { func (a *admin) getAllowedEncryptionPublicKeys() []string {
pubs := a.core.peers.getAllowedBoxPubs() pubs := a.core.peers.getAllowedEncryptionPublicKeys()
var out []string var out []string
for _, pub := range pubs { for _, pub := range pubs {
out = append(out, hex.EncodeToString(pub[:])) out = append(out, hex.EncodeToString(pub[:]))
@ -523,22 +523,22 @@ func (a *admin) getAllowedBoxPubs() []string {
return out return out
} }
func (a *admin) addAllowedBoxPub(bstr string) (err error) { func (a *admin) addAllowedEncryptionPublicKey(bstr string) (err error) {
boxBytes, err := hex.DecodeString(bstr) boxBytes, err := hex.DecodeString(bstr)
if err == nil { if err == nil {
var box boxPubKey var box boxPubKey
copy(box[:], boxBytes) copy(box[:], boxBytes)
a.core.peers.addAllowedBoxPub(&box) a.core.peers.addAllowedEncryptionPublicKey(&box)
} }
return return
} }
func (a *admin) removeAllowedBoxPub(bstr string) (err error) { func (a *admin) removeAllowedEncryptionPublicKey(bstr string) (err error) {
boxBytes, err := hex.DecodeString(bstr) boxBytes, err := hex.DecodeString(bstr)
if err == nil { if err == nil {
var box boxPubKey var box boxPubKey
copy(box[:], boxBytes) copy(box[:], boxBytes)
a.core.peers.removeAllowedBoxPub(&box) a.core.peers.removeAllowedEncryptionPublicKey(&box)
} }
return return
} }

View File

@ -5,13 +5,12 @@ type NodeConfig struct {
Listen string `comment:"Listen address for peer connections (default is to listen for all\nconnections over IPv4 and IPv6)"` Listen string `comment:"Listen address for peer connections (default is to listen for all\nconnections over IPv4 and IPv6)"`
AdminListen string `comment:"Listen address for admin connections (default is to listen only\nfor local connections)"` AdminListen string `comment:"Listen address for admin connections (default is to listen only\nfor local connections)"`
Peers []string `comment:"List of connection strings for static peers (i.e. tcp://a.b.c.d:e)"` Peers []string `comment:"List of connection strings for static peers (i.e. tcp://a.b.c.d:e)"`
AllowedBoxPubs []string `json:"AllowedEncryptionPublicKeys" comment:"List of peer encryption public keys to allow UDP incoming TCP connections from\n(if left empty/undefined then connections will be allowed by default)"` AllowedEncryptionPublicKeys []string `comment:"List of peer encryption public keys to allow UDP incoming TCP connections from\n(if left empty/undefined then connections will be allowed by default)"`
BoxPub string `json:"EncryptionPublicKey" comment:"Your public encryption key (your peers may ask you for this to put\ninto their AllowedEncryptionPublicKeys configuration)"` EncryptionPublicKey string `comment:"Your public encryption key (your peers may ask you for this to put\ninto their AllowedEncryptionPublicKeys configuration)"`
BoxPriv string `json:"EncryptionPrivateKey" comment:"Your private encryption key (do not share this with anyone!)"` EncryptionPrivateKey string `comment:"Your private encryption key (do not share this with anyone!)"`
SigPub string `json:"SigningPublicKey" comment:"Your public signing key"` SigningPublicKey string `comment:"Your public signing key"`
SigPriv string `json:"SigningPrivateKey" comment:"Your private signing key (do not share this with anyone!)"` SigningPrivateKey string `comment:"Your private signing key (do not share this with anyone!)"`
Multicast bool `json:"MulticastEnabled,omitempty" comment:"Enable or disable automatic peer discovery on the same LAN using multicast"` MulticastInterfaces []string `comment:"Regexes for which interfaces multicast peer discovery should be enabled\non. If none specified, multicast peer discovery is disabled"`
LinkLocal []string `json:"MulticastInterfaces" comment:"Regexes for which interfaces multicast peer discovery should be enabled\non. If none specified, multicast peer discovery is disabled"`
IfName string `comment:"Local network interface name for TUN/TAP adapter, or \"auto\", or \"none\""` IfName string `comment:"Local network interface name for TUN/TAP adapter, or \"auto\", or \"none\""`
IfTAPMode bool `comment:"Set local network interface to TAP mode rather than TUN mode (if supported\nby your platform, option will be ignored if not)"` IfTAPMode bool `comment:"Set local network interface to TAP mode rather than TUN mode (if supported\nby your platform, option will be ignored if not)"`
IfMTU int `comment:"Maximux Transmission Unit (MTU) size for your local network interface"` IfMTU int `comment:"Maximux Transmission Unit (MTU) size for your local network interface"`

View File

@ -17,11 +17,11 @@ import "regexp"
// Core // Core
func (c *Core) DEBUG_getSigPub() sigPubKey { func (c *Core) DEBUG_getSigningPublicKey() sigPubKey {
return (sigPubKey)(c.sigPub) return (sigPubKey)(c.sigPub)
} }
func (c *Core) DEBUG_getBoxPub() boxPubKey { func (c *Core) DEBUG_getEncryptionPublicKey() boxPubKey {
return (boxPubKey)(c.boxPub) return (boxPubKey)(c.boxPub)
} }
@ -404,8 +404,8 @@ func (c *Core) DEBUG_setIfceExpr(expr *regexp.Regexp) {
c.ifceExpr = append(c.ifceExpr, expr) c.ifceExpr = append(c.ifceExpr, expr)
} }
func (c *Core) DEBUG_addAllowedBoxPub(boxStr string) { func (c *Core) DEBUG_addAllowedEncryptionPublicKey(boxStr string) {
err := c.admin.addAllowedBoxPub(boxStr) err := c.admin.addAllowedEncryptionPublicKey(boxStr)
if err != nil { if err != nil {
panic(err) panic(err)
} }

View File

@ -36,21 +36,19 @@ func (m *multicast) init(core *Core) {
continue continue
} }
for _, expr := range m.core.ifceExpr { for _, expr := range m.core.ifceExpr {
m.core.log.Println(expr)
if expr.MatchString(iface.Name) { if expr.MatchString(iface.Name) {
m.core.log.Println(iface.Name, "matched", expr)
m.interfaces = append(m.interfaces, iface) m.interfaces = append(m.interfaces, iface)
} }
} }
} }
m.core.log.Println("Found", len(m.interfaces), "multicast interfaces") m.core.log.Println("Found", len(m.interfaces), "multicast interface(s)")
} }
func (m *multicast) Start() { func (m *multicast) Start() {
if len(m.core.ifceExpr) == 0 { if len(m.core.ifceExpr) == 0 {
m.core.log.Println("Not starting multicast discovery") m.core.log.Println("Multicast discovery is disabled")
} else { } else {
m.core.log.Println("Starting multicast discovery...") m.core.log.Println("Multicast discovery is enabled")
addr, err := net.ResolveUDPAddr("udp", m.groupAddr) addr, err := net.ResolveUDPAddr("udp", m.groupAddr)
if err != nil { if err != nil {
panic(err) panic(err)
@ -86,7 +84,6 @@ func (m *multicast) announce() {
} }
for { for {
for _, iface := range m.interfaces { for _, iface := range m.interfaces {
m.sock.JoinGroup(&iface, groupAddr) m.sock.JoinGroup(&iface, groupAddr)
//err := n.sock.JoinGroup(&iface, groupAddr) //err := n.sock.JoinGroup(&iface, groupAddr)
//if err != nil { panic(err) } //if err != nil { panic(err) }

View File

@ -35,7 +35,7 @@ type peers struct {
ports atomic.Value //map[Port]*peer, use CoW semantics ports atomic.Value //map[Port]*peer, use CoW semantics
//ports map[Port]*peer //ports map[Port]*peer
authMutex sync.RWMutex authMutex sync.RWMutex
allowedBoxPubs map[boxPubKey]struct{} allowedEncryptionPublicKeys map[boxPubKey]struct{}
} }
func (ps *peers) init(c *Core) { func (ps *peers) init(c *Core) {
@ -43,33 +43,33 @@ func (ps *peers) init(c *Core) {
defer ps.mutex.Unlock() defer ps.mutex.Unlock()
ps.putPorts(make(map[switchPort]*peer)) ps.putPorts(make(map[switchPort]*peer))
ps.core = c ps.core = c
ps.allowedBoxPubs = make(map[boxPubKey]struct{}) ps.allowedEncryptionPublicKeys = make(map[boxPubKey]struct{})
} }
func (ps *peers) isAllowedBoxPub(box *boxPubKey) bool { func (ps *peers) isAllowedEncryptionPublicKey(box *boxPubKey) bool {
ps.authMutex.RLock() ps.authMutex.RLock()
defer ps.authMutex.RUnlock() defer ps.authMutex.RUnlock()
_, isIn := ps.allowedBoxPubs[*box] _, isIn := ps.allowedEncryptionPublicKeys[*box]
return isIn || len(ps.allowedBoxPubs) == 0 return isIn || len(ps.allowedEncryptionPublicKeys) == 0
} }
func (ps *peers) addAllowedBoxPub(box *boxPubKey) { func (ps *peers) addAllowedEncryptionPublicKey(box *boxPubKey) {
ps.authMutex.Lock() ps.authMutex.Lock()
defer ps.authMutex.Unlock() defer ps.authMutex.Unlock()
ps.allowedBoxPubs[*box] = struct{}{} ps.allowedEncryptionPublicKeys[*box] = struct{}{}
} }
func (ps *peers) removeAllowedBoxPub(box *boxPubKey) { func (ps *peers) removeAllowedEncryptionPublicKey(box *boxPubKey) {
ps.authMutex.Lock() ps.authMutex.Lock()
defer ps.authMutex.Unlock() defer ps.authMutex.Unlock()
delete(ps.allowedBoxPubs, *box) delete(ps.allowedEncryptionPublicKeys, *box)
} }
func (ps *peers) getAllowedBoxPubs() []boxPubKey { func (ps *peers) getAllowedEncryptionPublicKeys() []boxPubKey {
ps.authMutex.RLock() ps.authMutex.RLock()
defer ps.authMutex.RUnlock() defer ps.authMutex.RUnlock()
keys := make([]boxPubKey, 0, len(ps.allowedBoxPubs)) keys := make([]boxPubKey, 0, len(ps.allowedEncryptionPublicKeys))
for key := range ps.allowedBoxPubs { for key := range ps.allowedEncryptionPublicKeys {
keys = append(keys, key) keys = append(keys, key)
} }
return keys return keys

View File

@ -151,7 +151,7 @@ func (iface *tcpInterface) handler(sock net.Conn, incoming bool) {
return return
} }
// Check if we're authorized to connect to this key / IP // Check if we're authorized to connect to this key / IP
if incoming && !iface.core.peers.isAllowedBoxPub(&info.box) { if incoming && !iface.core.peers.isAllowedEncryptionPublicKey(&info.box) {
// Allow unauthorized peers if they're link-local // Allow unauthorized peers if they're link-local
raddrStr, _, _ := net.SplitHostPort(sock.RemoteAddr().String()) raddrStr, _, _ := net.SplitHostPort(sock.RemoteAddr().String())
raddr := net.ParseIP(raddrStr) raddr := net.ParseIP(raddrStr)

View File

@ -206,7 +206,7 @@ func (iface *udpInterface) handleKeys(msg []byte, addr connAddr) {
udpAddr := addr.toUDPAddr() udpAddr := addr.toUDPAddr()
// Check if we're authorized to connect to this key / IP // Check if we're authorized to connect to this key / IP
// TODO monitor and always allow outgoing connections // TODO monitor and always allow outgoing connections
if !iface.core.peers.isAllowedBoxPub(&ks.box) { if !iface.core.peers.isAllowedEncryptionPublicKey(&ks.box) {
// Allow unauthorized peers if they're link-local // Allow unauthorized peers if they're link-local
if !udpAddr.IP.IsLinkLocalUnicast() { if !udpAddr.IP.IsLinkLocalUnicast() {
return return

View File

@ -32,19 +32,19 @@ type node struct {
} }
func (n *node) init(cfg *nodeConfig, logger *log.Logger) { func (n *node) init(cfg *nodeConfig, logger *log.Logger) {
boxPub, err := hex.DecodeString(cfg.BoxPub) boxPub, err := hex.DecodeString(cfg.EncryptionPublicKey)
if err != nil { if err != nil {
panic(err) panic(err)
} }
boxPriv, err := hex.DecodeString(cfg.BoxPriv) boxPriv, err := hex.DecodeString(cfg.EncryptionPrivateKey)
if err != nil { if err != nil {
panic(err) panic(err)
} }
sigPub, err := hex.DecodeString(cfg.SigPub) sigPub, err := hex.DecodeString(cfg.SigningPublicKey)
if err != nil { if err != nil {
panic(err) panic(err)
} }
sigPriv, err := hex.DecodeString(cfg.SigPriv) sigPriv, err := hex.DecodeString(cfg.SigningPrivateKey)
if err != nil { if err != nil {
panic(err) panic(err)
} }
@ -58,17 +58,14 @@ func (n *node) init(cfg *nodeConfig, logger *log.Logger) {
logger.Println("Starting admin socket...") logger.Println("Starting admin socket...")
n.core.DEBUG_setupAndStartAdminInterface(cfg.AdminListen) n.core.DEBUG_setupAndStartAdminInterface(cfg.AdminListen)
logger.Println("Started admin socket") logger.Println("Started admin socket")
for _, pBoxStr := range cfg.AllowedBoxPubs { for _, pBoxStr := range cfg.AllowedEncryptionPublicKeys {
n.core.DEBUG_addAllowedBoxPub(pBoxStr) n.core.DEBUG_addAllowedEncryptionPublicKey(pBoxStr)
} }
logger.Println(cfg.LinkLocal) for _, ll := range cfg.MulticastInterfaces {
for _, ll := range cfg.LinkLocal {
logger.Println("Adding expression", ll)
ifceExpr, err := regexp.Compile(ll) ifceExpr, err := regexp.Compile(ll)
if err != nil { if err != nil {
panic(err) panic(err)
} }
logger.Println("Added expression", ifceExpr)
n.core.DEBUG_setIfceExpr(ifceExpr) n.core.DEBUG_setIfceExpr(ifceExpr)
} }
n.core.DEBUG_setupAndStartMulticastInterface() n.core.DEBUG_setupAndStartMulticastInterface()
@ -99,14 +96,13 @@ func generateConfig(isAutoconf bool) *nodeConfig {
cfg.Listen = fmt.Sprintf("[::]:%d", r1.Intn(65534-32768)+32768) cfg.Listen = fmt.Sprintf("[::]:%d", r1.Intn(65534-32768)+32768)
} }
cfg.AdminListen = "[::1]:9001" cfg.AdminListen = "[::1]:9001"
cfg.BoxPub = hex.EncodeToString(bpub[:]) cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:])
cfg.BoxPriv = hex.EncodeToString(bpriv[:]) cfg.EncryptionPrivateKey = hex.EncodeToString(bpriv[:])
cfg.SigPub = hex.EncodeToString(spub[:]) cfg.SigningPublicKey = hex.EncodeToString(spub[:])
cfg.SigPriv = hex.EncodeToString(spriv[:]) cfg.SigningPrivateKey = hex.EncodeToString(spriv[:])
cfg.Peers = []string{} cfg.Peers = []string{}
cfg.AllowedBoxPubs = []string{} cfg.AllowedEncryptionPublicKeys = []string{}
cfg.Multicast = false cfg.MulticastInterfaces = []string{".*"}
cfg.LinkLocal = []string{}
cfg.IfName = core.DEBUG_GetTUNDefaultIfName() cfg.IfName = core.DEBUG_GetTUNDefaultIfName()
cfg.IfMTU = core.DEBUG_GetTUNDefaultIfMTU() cfg.IfMTU = core.DEBUG_GetTUNDefaultIfMTU()
cfg.IfTAPMode = core.DEBUG_GetTUNDefaultIfTAPMode() cfg.IfTAPMode = core.DEBUG_GetTUNDefaultIfTAPMode()

View File

@ -155,7 +155,7 @@ func main() {
fmt.Println("TAP mode:", tap_mode) fmt.Println("TAP mode:", tap_mode)
} }
} }
case "addPeer", "removePeer", "addAllowedBoxPub", "removeAllowedBoxPub": case "addPeer", "removePeer", "addAllowedEncryptionPublicKey", "removeAllowedEncryptionPublicKey":
if _, ok := res["added"]; ok { if _, ok := res["added"]; ok {
for _, v := range res["added"].([]interface{}) { for _, v := range res["added"].([]interface{}) {
fmt.Println("Added:", fmt.Sprint(v)) fmt.Println("Added:", fmt.Sprint(v))
@ -176,7 +176,7 @@ func main() {
fmt.Println("Not removed:", fmt.Sprint(v)) fmt.Println("Not removed:", fmt.Sprint(v))
} }
} }
case "getAllowedBoxPubs": case "getAllowedEncryptionPublicKeys":
if _, ok := res["allowed_box_pubs"]; !ok { if _, ok := res["allowed_box_pubs"]; !ok {
fmt.Println("All connections are allowed") fmt.Println("All connections are allowed")
} else if res["allowed_box_pubs"] == nil { } else if res["allowed_box_pubs"] == nil {