mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2024-11-25 02:31:35 +00:00
remove ckr
This commit is contained in:
parent
cd4144f22b
commit
e83b5d08a8
@ -1,10 +1,10 @@
|
|||||||
package tuntap
|
package tuntap
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/hex"
|
//"encoding/hex"
|
||||||
"errors"
|
//"errors"
|
||||||
"fmt"
|
//"fmt"
|
||||||
"net"
|
//"net"
|
||||||
|
|
||||||
"github.com/yggdrasil-network/yggdrasil-go/src/admin"
|
"github.com/yggdrasil-network/yggdrasil-go/src/admin"
|
||||||
)
|
)
|
||||||
@ -54,61 +54,4 @@ func (t *TunAdapter) SetupAdminHandlers(a *admin.AdminSocket) {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
*/
|
*/
|
||||||
a.AddHandler("getTunnelRouting", []string{}, func(in admin.Info) (admin.Info, error) {
|
|
||||||
return admin.Info{"enabled": t.ckr.isEnabled()}, nil
|
|
||||||
})
|
|
||||||
a.AddHandler("setTunnelRouting", []string{"enabled"}, func(in admin.Info) (admin.Info, error) {
|
|
||||||
enabled := false
|
|
||||||
if e, ok := in["enabled"].(bool); ok {
|
|
||||||
enabled = e
|
|
||||||
}
|
|
||||||
t.ckr.setEnabled(enabled)
|
|
||||||
return admin.Info{"enabled": enabled}, nil
|
|
||||||
})
|
|
||||||
a.AddHandler("addLocalSubnet", []string{"subnet"}, func(in admin.Info) (admin.Info, error) {
|
|
||||||
if err := t.ckr.addLocalSubnet(in["subnet"].(string)); err == nil {
|
|
||||||
return admin.Info{"added": []string{in["subnet"].(string)}}, nil
|
|
||||||
}
|
|
||||||
return admin.Info{"not_added": []string{in["subnet"].(string)}}, errors.New("Failed to add source subnet")
|
|
||||||
})
|
|
||||||
a.AddHandler("addRemoteSubnet", []string{"subnet", "box_pub_key"}, func(in admin.Info) (admin.Info, error) {
|
|
||||||
if err := t.ckr.addRemoteSubnet(in["subnet"].(string), in["box_pub_key"].(string)); err == nil {
|
|
||||||
return admin.Info{"added": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["box_pub_key"].(string))}}, nil
|
|
||||||
}
|
|
||||||
return admin.Info{"not_added": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["box_pub_key"].(string))}}, errors.New("Failed to add route")
|
|
||||||
})
|
|
||||||
a.AddHandler("getSourceSubnets", []string{}, func(in admin.Info) (admin.Info, error) {
|
|
||||||
var subnets []string
|
|
||||||
getSourceSubnets := func(snets []net.IPNet) {
|
|
||||||
for _, subnet := range snets {
|
|
||||||
subnets = append(subnets, subnet.String())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
getSourceSubnets(t.ckr.ipv4locals)
|
|
||||||
getSourceSubnets(t.ckr.ipv6locals)
|
|
||||||
return admin.Info{"source_subnets": subnets}, nil
|
|
||||||
})
|
|
||||||
a.AddHandler("getRoutes", []string{}, func(in admin.Info) (admin.Info, error) {
|
|
||||||
routes := make(admin.Info)
|
|
||||||
getRoutes := func(ckrs []cryptokey_route) {
|
|
||||||
for _, ckr := range ckrs {
|
|
||||||
routes[ckr.subnet.String()] = hex.EncodeToString(ckr.destination[:])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
getRoutes(t.ckr.ipv4remotes)
|
|
||||||
getRoutes(t.ckr.ipv6remotes)
|
|
||||||
return admin.Info{"routes": routes}, nil
|
|
||||||
})
|
|
||||||
a.AddHandler("removeLocalSubnet", []string{"subnet"}, func(in admin.Info) (admin.Info, error) {
|
|
||||||
if err := t.ckr.removeLocalSubnet(in["subnet"].(string)); err == nil {
|
|
||||||
return admin.Info{"removed": []string{in["subnet"].(string)}}, nil
|
|
||||||
}
|
|
||||||
return admin.Info{"not_removed": []string{in["subnet"].(string)}}, errors.New("Failed to remove source subnet")
|
|
||||||
})
|
|
||||||
a.AddHandler("removeRemoteSubnet", []string{"subnet", "box_pub_key"}, func(in admin.Info) (admin.Info, error) {
|
|
||||||
if err := t.ckr.removeRemoteSubnet(in["subnet"].(string), in["box_pub_key"].(string)); err == nil {
|
|
||||||
return admin.Info{"removed": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["box_pub_key"].(string))}}, nil
|
|
||||||
}
|
|
||||||
return admin.Info{"not_removed": []string{fmt.Sprintf("%s via %s", in["subnet"].(string), in["box_pub_key"].(string))}}, errors.New("Failed to remove route")
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
|
@ -1,430 +0,0 @@
|
|||||||
package tuntap
|
|
||||||
|
|
||||||
import (
|
|
||||||
"bytes"
|
|
||||||
"encoding/hex"
|
|
||||||
"errors"
|
|
||||||
"fmt"
|
|
||||||
"net"
|
|
||||||
"sort"
|
|
||||||
"sync"
|
|
||||||
"sync/atomic"
|
|
||||||
|
|
||||||
"github.com/yggdrasil-network/yggdrasil-go/src/address"
|
|
||||||
"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
|
|
||||||
)
|
|
||||||
|
|
||||||
// This module implements crypto-key routing, similar to Wireguard, where we
|
|
||||||
// allow traffic for non-Yggdrasil ranges to be routed over Yggdrasil.
|
|
||||||
|
|
||||||
type cryptokey struct {
|
|
||||||
tun *TunAdapter
|
|
||||||
enabled atomic.Value // bool
|
|
||||||
ipv4remotes []cryptokey_route
|
|
||||||
ipv6remotes []cryptokey_route
|
|
||||||
ipv4cache map[address.Address]cryptokey_route
|
|
||||||
ipv6cache map[address.Address]cryptokey_route
|
|
||||||
ipv4locals []net.IPNet
|
|
||||||
ipv6locals []net.IPNet
|
|
||||||
mutexremotes sync.RWMutex
|
|
||||||
mutexcaches sync.RWMutex
|
|
||||||
mutexlocals sync.RWMutex
|
|
||||||
}
|
|
||||||
|
|
||||||
type cryptokey_route struct {
|
|
||||||
subnet net.IPNet
|
|
||||||
destination crypto.BoxPubKey
|
|
||||||
}
|
|
||||||
|
|
||||||
// Initialise crypto-key routing. This must be done before any other CKR calls.
|
|
||||||
func (c *cryptokey) init(tun *TunAdapter) {
|
|
||||||
c.tun = tun
|
|
||||||
c.configure()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Configure the CKR routes. This should only ever be ran by the TUN/TAP actor.
|
|
||||||
func (c *cryptokey) configure() {
|
|
||||||
current := c.tun.config.GetCurrent()
|
|
||||||
|
|
||||||
// Set enabled/disabled state
|
|
||||||
c.setEnabled(current.TunnelRouting.Enable)
|
|
||||||
|
|
||||||
// Clear out existing routes
|
|
||||||
c.mutexremotes.Lock()
|
|
||||||
c.ipv6remotes = make([]cryptokey_route, 0)
|
|
||||||
c.ipv4remotes = make([]cryptokey_route, 0)
|
|
||||||
c.mutexremotes.Unlock()
|
|
||||||
|
|
||||||
// Add IPv6 routes
|
|
||||||
for ipv6, pubkey := range current.TunnelRouting.IPv6RemoteSubnets {
|
|
||||||
if err := c.addRemoteSubnet(ipv6, pubkey); err != nil {
|
|
||||||
c.tun.log.Errorln("Error adding CKR IPv6 remote subnet:", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add IPv4 routes
|
|
||||||
for ipv4, pubkey := range current.TunnelRouting.IPv4RemoteSubnets {
|
|
||||||
if err := c.addRemoteSubnet(ipv4, pubkey); err != nil {
|
|
||||||
c.tun.log.Errorln("Error adding CKR IPv4 remote subnet:", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Clear out existing sources
|
|
||||||
c.mutexlocals.Lock()
|
|
||||||
c.ipv6locals = make([]net.IPNet, 0)
|
|
||||||
c.ipv4locals = make([]net.IPNet, 0)
|
|
||||||
c.mutexlocals.Unlock()
|
|
||||||
|
|
||||||
// Add IPv6 sources
|
|
||||||
c.ipv6locals = make([]net.IPNet, 0)
|
|
||||||
for _, source := range current.TunnelRouting.IPv6LocalSubnets {
|
|
||||||
if err := c.addLocalSubnet(source); err != nil {
|
|
||||||
c.tun.log.Errorln("Error adding CKR IPv6 local subnet:", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add IPv4 sources
|
|
||||||
c.ipv4locals = make([]net.IPNet, 0)
|
|
||||||
for _, source := range current.TunnelRouting.IPv4LocalSubnets {
|
|
||||||
if err := c.addLocalSubnet(source); err != nil {
|
|
||||||
c.tun.log.Errorln("Error adding CKR IPv4 local subnet:", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Wipe the caches
|
|
||||||
c.mutexcaches.Lock()
|
|
||||||
c.ipv4cache = make(map[address.Address]cryptokey_route, 0)
|
|
||||||
c.ipv6cache = make(map[address.Address]cryptokey_route, 0)
|
|
||||||
c.mutexcaches.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Enable or disable crypto-key routing.
|
|
||||||
func (c *cryptokey) setEnabled(enabled bool) {
|
|
||||||
c.enabled.Store(enabled)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if crypto-key routing is enabled.
|
|
||||||
func (c *cryptokey) isEnabled() bool {
|
|
||||||
enabled, ok := c.enabled.Load().(bool)
|
|
||||||
return ok && enabled
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check whether the given address (with the address length specified in bytes)
|
|
||||||
// matches either the current node's address, the node's routed subnet or the
|
|
||||||
// list of subnets specified in ipv4locals/ipv6locals.
|
|
||||||
func (c *cryptokey) isValidLocalAddress(addr address.Address, addrlen int) bool {
|
|
||||||
c.mutexlocals.RLock()
|
|
||||||
defer c.mutexlocals.RUnlock()
|
|
||||||
// Does it match a configured CKR source?
|
|
||||||
if c.isEnabled() {
|
|
||||||
ip := net.IP(addr[:addrlen])
|
|
||||||
// Build our references to the routing sources
|
|
||||||
var routingsources *[]net.IPNet
|
|
||||||
|
|
||||||
// Check if the prefix is IPv4 or IPv6
|
|
||||||
if addrlen == net.IPv6len {
|
|
||||||
routingsources = &c.ipv6locals
|
|
||||||
} else if addrlen == net.IPv4len {
|
|
||||||
routingsources = &c.ipv4locals
|
|
||||||
} else {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, subnet := range *routingsources {
|
|
||||||
if subnet.Contains(ip) {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Doesn't match any of the above
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// Adds a source subnet, which allows traffic with these source addresses to
|
|
||||||
// be tunnelled using crypto-key routing.
|
|
||||||
func (c *cryptokey) addLocalSubnet(cidr string) error {
|
|
||||||
c.mutexlocals.Lock()
|
|
||||||
defer c.mutexlocals.Unlock()
|
|
||||||
|
|
||||||
// Is the CIDR we've been given valid?
|
|
||||||
_, ipnet, err := net.ParseCIDR(cidr)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get the prefix length and size
|
|
||||||
_, prefixsize := ipnet.Mask.Size()
|
|
||||||
|
|
||||||
// Build our references to the routing sources
|
|
||||||
var routingsources *[]net.IPNet
|
|
||||||
|
|
||||||
// Check if the prefix is IPv4 or IPv6
|
|
||||||
if prefixsize == net.IPv6len*8 {
|
|
||||||
routingsources = &c.ipv6locals
|
|
||||||
} else if prefixsize == net.IPv4len*8 {
|
|
||||||
routingsources = &c.ipv4locals
|
|
||||||
} else {
|
|
||||||
return errors.New("unexpected prefix size")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if we already have this CIDR
|
|
||||||
for _, subnet := range *routingsources {
|
|
||||||
if subnet.String() == ipnet.String() {
|
|
||||||
return errors.New("local subnet already configured")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add the source subnet
|
|
||||||
*routingsources = append(*routingsources, *ipnet)
|
|
||||||
c.tun.log.Infoln("Added CKR local subnet", cidr)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Adds a destination route for the given CIDR to be tunnelled to the node
|
|
||||||
// with the given BoxPubKey.
|
|
||||||
func (c *cryptokey) addRemoteSubnet(cidr string, dest string) error {
|
|
||||||
c.mutexremotes.Lock()
|
|
||||||
c.mutexcaches.Lock()
|
|
||||||
defer c.mutexremotes.Unlock()
|
|
||||||
defer c.mutexcaches.Unlock()
|
|
||||||
|
|
||||||
// Is the CIDR we've been given valid?
|
|
||||||
ipaddr, ipnet, err := net.ParseCIDR(cidr)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get the prefix length and size
|
|
||||||
_, prefixsize := ipnet.Mask.Size()
|
|
||||||
|
|
||||||
// Build our references to the routing table and cache
|
|
||||||
var routingtable *[]cryptokey_route
|
|
||||||
var routingcache *map[address.Address]cryptokey_route
|
|
||||||
|
|
||||||
// Check if the prefix is IPv4 or IPv6
|
|
||||||
if prefixsize == net.IPv6len*8 {
|
|
||||||
routingtable = &c.ipv6remotes
|
|
||||||
routingcache = &c.ipv6cache
|
|
||||||
} else if prefixsize == net.IPv4len*8 {
|
|
||||||
routingtable = &c.ipv4remotes
|
|
||||||
routingcache = &c.ipv4cache
|
|
||||||
} else {
|
|
||||||
return errors.New("unexpected prefix size")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Is the route an Yggdrasil destination?
|
|
||||||
var addr address.Address
|
|
||||||
var snet address.Subnet
|
|
||||||
copy(addr[:], ipaddr)
|
|
||||||
copy(snet[:], ipnet.IP)
|
|
||||||
if addr.IsValid() || snet.IsValid() {
|
|
||||||
return errors.New("can't specify Yggdrasil destination as crypto-key route")
|
|
||||||
}
|
|
||||||
// Do we already have a route for this subnet?
|
|
||||||
for _, route := range *routingtable {
|
|
||||||
if route.subnet.String() == ipnet.String() {
|
|
||||||
return fmt.Errorf("remote subnet already exists for %s", cidr)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// Decode the public key
|
|
||||||
if bpk, err := hex.DecodeString(dest); err != nil {
|
|
||||||
return err
|
|
||||||
} else if len(bpk) != crypto.BoxPubKeyLen {
|
|
||||||
return fmt.Errorf("incorrect key length for %s", dest)
|
|
||||||
} else {
|
|
||||||
// Add the new crypto-key route
|
|
||||||
var key crypto.BoxPubKey
|
|
||||||
copy(key[:], bpk)
|
|
||||||
*routingtable = append(*routingtable, cryptokey_route{
|
|
||||||
subnet: *ipnet,
|
|
||||||
destination: key,
|
|
||||||
})
|
|
||||||
|
|
||||||
// Sort so most specific routes are first
|
|
||||||
sort.Slice(*routingtable, func(i, j int) bool {
|
|
||||||
im, _ := (*routingtable)[i].subnet.Mask.Size()
|
|
||||||
jm, _ := (*routingtable)[j].subnet.Mask.Size()
|
|
||||||
return im > jm
|
|
||||||
})
|
|
||||||
|
|
||||||
// Clear the cache as this route might change future routing
|
|
||||||
// Setting an empty slice keeps the memory whereas nil invokes GC
|
|
||||||
for k := range *routingcache {
|
|
||||||
delete(*routingcache, k)
|
|
||||||
}
|
|
||||||
|
|
||||||
c.tun.log.Infoln("Added CKR remote subnet", cidr)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Looks up the most specific route for the given address (with the address
|
|
||||||
// length specified in bytes) from the crypto-key routing table. An error is
|
|
||||||
// returned if the address is not suitable or no route was found.
|
|
||||||
func (c *cryptokey) getPublicKeyForAddress(addr address.Address, addrlen int) (crypto.BoxPubKey, error) {
|
|
||||||
|
|
||||||
// Check if the address is a valid Yggdrasil address - if so it
|
|
||||||
// is exempt from all CKR checking
|
|
||||||
if addr.IsValid() {
|
|
||||||
return crypto.BoxPubKey{}, errors.New("cannot look up CKR for Yggdrasil addresses")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Build our references to the routing table and cache
|
|
||||||
var routingtable *[]cryptokey_route
|
|
||||||
var routingcache *map[address.Address]cryptokey_route
|
|
||||||
|
|
||||||
// Check if the prefix is IPv4 or IPv6
|
|
||||||
if addrlen == net.IPv6len {
|
|
||||||
routingcache = &c.ipv6cache
|
|
||||||
} else if addrlen == net.IPv4len {
|
|
||||||
routingcache = &c.ipv4cache
|
|
||||||
} else {
|
|
||||||
return crypto.BoxPubKey{}, errors.New("unexpected prefix size")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if there's a cache entry for this addr
|
|
||||||
c.mutexcaches.RLock()
|
|
||||||
if route, ok := (*routingcache)[addr]; ok {
|
|
||||||
c.mutexcaches.RUnlock()
|
|
||||||
return route.destination, nil
|
|
||||||
}
|
|
||||||
c.mutexcaches.RUnlock()
|
|
||||||
|
|
||||||
c.mutexremotes.RLock()
|
|
||||||
defer c.mutexremotes.RUnlock()
|
|
||||||
|
|
||||||
// Check if the prefix is IPv4 or IPv6
|
|
||||||
if addrlen == net.IPv6len {
|
|
||||||
routingtable = &c.ipv6remotes
|
|
||||||
} else if addrlen == net.IPv4len {
|
|
||||||
routingtable = &c.ipv4remotes
|
|
||||||
} else {
|
|
||||||
return crypto.BoxPubKey{}, errors.New("unexpected prefix size")
|
|
||||||
}
|
|
||||||
|
|
||||||
// No cache was found - start by converting the address into a net.IP
|
|
||||||
ip := make(net.IP, addrlen)
|
|
||||||
copy(ip[:addrlen], addr[:])
|
|
||||||
|
|
||||||
// Check if we have a route. At this point c.ipv6remotes should be
|
|
||||||
// pre-sorted so that the most specific routes are first
|
|
||||||
for _, route := range *routingtable {
|
|
||||||
// Does this subnet match the given IP?
|
|
||||||
if route.subnet.Contains(ip) {
|
|
||||||
c.mutexcaches.Lock()
|
|
||||||
defer c.mutexcaches.Unlock()
|
|
||||||
|
|
||||||
// Check if the routing cache is above a certain size, if it is evict
|
|
||||||
// a random entry so we can make room for this one. We take advantage
|
|
||||||
// of the fact that the iteration order is random here
|
|
||||||
for k := range *routingcache {
|
|
||||||
if len(*routingcache) < 1024 {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
delete(*routingcache, k)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Cache the entry for future packets to get a faster lookup
|
|
||||||
(*routingcache)[addr] = route
|
|
||||||
|
|
||||||
// Return the boxPubKey
|
|
||||||
return route.destination, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// No route was found if we got to this point
|
|
||||||
return crypto.BoxPubKey{}, fmt.Errorf("no route to %s", ip.String())
|
|
||||||
}
|
|
||||||
|
|
||||||
// Removes a source subnet, which allows traffic with these source addresses to
|
|
||||||
// be tunnelled using crypto-key routing.
|
|
||||||
func (c *cryptokey) removeLocalSubnet(cidr string) error {
|
|
||||||
c.mutexlocals.Lock()
|
|
||||||
defer c.mutexlocals.Unlock()
|
|
||||||
|
|
||||||
// Is the CIDR we've been given valid?
|
|
||||||
_, ipnet, err := net.ParseCIDR(cidr)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get the prefix length and size
|
|
||||||
_, prefixsize := ipnet.Mask.Size()
|
|
||||||
|
|
||||||
// Build our references to the routing sources
|
|
||||||
var routingsources *[]net.IPNet
|
|
||||||
|
|
||||||
// Check if the prefix is IPv4 or IPv6
|
|
||||||
if prefixsize == net.IPv6len*8 {
|
|
||||||
routingsources = &c.ipv6locals
|
|
||||||
} else if prefixsize == net.IPv4len*8 {
|
|
||||||
routingsources = &c.ipv4locals
|
|
||||||
} else {
|
|
||||||
return errors.New("unexpected prefix size")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if we already have this CIDR
|
|
||||||
for idx, subnet := range *routingsources {
|
|
||||||
if subnet.String() == ipnet.String() {
|
|
||||||
*routingsources = append((*routingsources)[:idx], (*routingsources)[idx+1:]...)
|
|
||||||
c.tun.log.Infoln("Removed CKR local subnet", cidr)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return errors.New("local subnet not found")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Removes a destination route for the given CIDR to be tunnelled to the node
|
|
||||||
// with the given BoxPubKey.
|
|
||||||
func (c *cryptokey) removeRemoteSubnet(cidr string, dest string) error {
|
|
||||||
c.mutexremotes.Lock()
|
|
||||||
c.mutexcaches.Lock()
|
|
||||||
defer c.mutexremotes.Unlock()
|
|
||||||
defer c.mutexcaches.Unlock()
|
|
||||||
|
|
||||||
// Is the CIDR we've been given valid?
|
|
||||||
_, ipnet, err := net.ParseCIDR(cidr)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get the prefix length and size
|
|
||||||
_, prefixsize := ipnet.Mask.Size()
|
|
||||||
|
|
||||||
// Build our references to the routing table and cache
|
|
||||||
var routingtable *[]cryptokey_route
|
|
||||||
var routingcache *map[address.Address]cryptokey_route
|
|
||||||
|
|
||||||
// Check if the prefix is IPv4 or IPv6
|
|
||||||
if prefixsize == net.IPv6len*8 {
|
|
||||||
routingtable = &c.ipv6remotes
|
|
||||||
routingcache = &c.ipv6cache
|
|
||||||
} else if prefixsize == net.IPv4len*8 {
|
|
||||||
routingtable = &c.ipv4remotes
|
|
||||||
routingcache = &c.ipv4cache
|
|
||||||
} else {
|
|
||||||
return errors.New("unexpected prefix size")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Decode the public key
|
|
||||||
bpk, err := hex.DecodeString(dest)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
} else if len(bpk) != crypto.BoxPubKeyLen {
|
|
||||||
return fmt.Errorf("incorrect key length for %s", dest)
|
|
||||||
}
|
|
||||||
netStr := ipnet.String()
|
|
||||||
|
|
||||||
for idx, route := range *routingtable {
|
|
||||||
if bytes.Equal(route.destination[:], bpk) && route.subnet.String() == netStr {
|
|
||||||
*routingtable = append((*routingtable)[:idx], (*routingtable)[idx+1:]...)
|
|
||||||
for k := range *routingcache {
|
|
||||||
delete(*routingcache, k)
|
|
||||||
}
|
|
||||||
c.tun.log.Infof("Removed CKR remote subnet %s via %s\n", cidr, dest)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return fmt.Errorf("route does not exists for %s", cidr)
|
|
||||||
}
|
|
@ -40,7 +40,6 @@ type TunAdapter struct {
|
|||||||
log *log.Logger
|
log *log.Logger
|
||||||
addr address.Address
|
addr address.Address
|
||||||
subnet address.Subnet
|
subnet address.Subnet
|
||||||
ckr cryptokey
|
|
||||||
mtu MTU
|
mtu MTU
|
||||||
iface tun.Device
|
iface tun.Device
|
||||||
phony.Inbox // Currently only used for _handlePacket from the reader, TODO: all the stuff that currently needs a mutex below
|
phony.Inbox // Currently only used for _handlePacket from the reader, TODO: all the stuff that currently needs a mutex below
|
||||||
@ -146,7 +145,6 @@ func (tun *TunAdapter) _start() error {
|
|||||||
}
|
}
|
||||||
// TODO tun.core.SetMaximumSessionMTU(tun.MTU())
|
// TODO tun.core.SetMaximumSessionMTU(tun.MTU())
|
||||||
tun.isOpen = true
|
tun.isOpen = true
|
||||||
tun.ckr.init(tun)
|
|
||||||
go tun.read()
|
go tun.read()
|
||||||
go tun.write()
|
go tun.write()
|
||||||
return nil
|
return nil
|
||||||
|
Loading…
Reference in New Issue
Block a user