cwinfo/yggdrasil-go
5
0
Fork 0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-11-14 03:20:28 +00:00
Code Releases Activity

Squash a whole load of races (and mutex half the world)

Browse Source
This commit is contained in:
Neil Alexander 2019-04-20 11:53:38 +01:00
parent 24281d4049
commit f3e742a297
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944
4 changed files with 66 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/yggdrasil/conn.go
View File

@ -3,6 +3,7 @@ package yggdrasil
import ( import (
"encoding/hex" "encoding/hex"
"errors" "errors"
"sync"
"sync/atomic" "sync/atomic"
"time" "time"
@ -15,6 +16,7 @@ type Conn struct {
nodeID *crypto.NodeID nodeID *crypto.NodeID
nodeMask *crypto.NodeID nodeMask *crypto.NodeID
session *sessionInfo session *sessionInfo
sessionMutex *sync.RWMutex
readDeadline time.Time readDeadline time.Time
writeDeadline time.Time writeDeadline time.Time
expired bool expired bool
@ -28,7 +30,9 @@ func (c *Conn) startSearch() {
return return
} }
if sinfo != nil { if sinfo != nil {
c.sessionMutex.Lock()
c.session = sinfo c.session = sinfo
c.sessionMutex.Unlock()
} }
} }
doSearch := func() { doSearch := func() {
@ -61,15 +65,20 @@ func (c *Conn) startSearch() {
} }
func (c *Conn) Read(b []byte) (int, error) { func (c *Conn) Read(b []byte) (int, error) {
c.sessionMutex.RLock()
defer c.sessionMutex.RUnlock()
if c.expired { if c.expired {
return 0, errors.New("session is closed") return 0, errors.New("session is closed")
} }
if c.session == nil { if c.session == nil {
return 0, errors.New("searching for remote side") return 0, errors.New("searching for remote side")
} }
c.session.initMutex.RLock()
if !c.session.init { if !c.session.init {
c.session.initMutex.RUnlock()
return 0, errors.New("waiting for remote side to accept") return 0, errors.New("waiting for remote side to accept")
} }
c.session.initMutex.RUnlock()
select { select {
case p, ok := <-c.session.recv: case p, ok := <-c.session.recv:
if !ok { if !ok {
@ -93,7 +102,9 @@ func (c *Conn) Read(b []byte) (int, error) {
b = b[:len(bs)] b = b[:len(bs)]
} }
c.session.updateNonce(&p.Nonce) c.session.updateNonce(&p.Nonce)
c.session.timeMutex.Lock()
c.session.time = time.Now() c.session.time = time.Now()
c.session.timeMutex.Unlock()
return nil return nil
}() }()
if err != nil { if err != nil {
@ -108,6 +119,8 @@ func (c *Conn) Read(b []byte) (int, error) {
} }
func (c *Conn) Write(b []byte) (bytesWritten int, err error) { func (c *Conn) Write(b []byte) (bytesWritten int, err error) {
c.sessionMutex.RLock()
defer c.sessionMutex.RUnlock()
if c.expired { if c.expired {
return 0, errors.New("session is closed") return 0, errors.New("session is closed")
} }
@ -118,12 +131,16 @@ func (c *Conn) Write(b []byte) (bytesWritten int, err error) {
return 0, errors.New("searching for remote side") return 0, errors.New("searching for remote side")
} }
defer util.PutBytes(b) defer util.PutBytes(b)
c.session.initMutex.RLock()
if !c.session.init { if !c.session.init {
// To prevent using empty session keys c.session.initMutex.RUnlock()
return 0, errors.New("waiting for remote side to accept") return 0, errors.New("waiting for remote side to accept")
} }
c.session.initMutex.RUnlock()
// code isn't multithreaded so appending to this is safe // code isn't multithreaded so appending to this is safe
c.session.coordsMutex.RLock()
coords := c.session.coords coords := c.session.coords
c.session.coordsMutex.RUnlock()
// Prepare the payload // Prepare the payload
c.session.myNonceMutex.Lock() c.session.myNonceMutex.Lock()
payload, nonce := crypto.BoxSeal(&c.session.sharedSesKey, b, &c.session.myNonce) payload, nonce := crypto.BoxSeal(&c.session.sharedSesKey, b, &c.session.myNonce)

7
src/yggdrasil/core.go
View File

@ -5,6 +5,7 @@ import (
"errors" "errors"
"io/ioutil" "io/ioutil"
"net" "net"
"sync"
"time" "time"
"github.com/gologme/log" "github.com/gologme/log"
@ -273,7 +274,9 @@ func (c *Core) ListenConn() (*Listener, error) {
// and the second parameter should contain a hexadecimal representation of the // and the second parameter should contain a hexadecimal representation of the
// target node ID. // target node ID.
func (c *Core) Dial(network, address string) (Conn, error) { func (c *Core) Dial(network, address string) (Conn, error) {
conn := Conn{} conn := Conn{
sessionMutex: &sync.RWMutex{},
}
nodeID := crypto.NodeID{} nodeID := crypto.NodeID{}
nodeMask := crypto.NodeID{} nodeMask := crypto.NodeID{}
// Process // Process
@ -298,6 +301,8 @@ func (c *Core) Dial(network, address string) (Conn, error) {
conn.core.router.doAdmin(func() { conn.core.router.doAdmin(func() {
conn.startSearch() conn.startSearch()
}) })
conn.sessionMutex.Lock()
defer conn.sessionMutex.Unlock()
return conn, nil return conn, nil
} }

6
src/yggdrasil/router.go
View File

@ -291,6 +291,10 @@ func (r *router) sendPacket(bs []byte) {
if destSnet.IsValid() { if destSnet.IsValid() {
sinfo, isIn = r.core.sessions.getByTheirSubnet(&destSnet) sinfo, isIn = r.core.sessions.getByTheirSubnet(&destSnet)
} }
sinfo.timeMutex.Lock()
sinfo.initMutex.RLock()
defer sinfo.timeMutex.Unlock()
defer sinfo.initMutex.RUnlock()
switch { switch {
case !isIn || !sinfo.init: case !isIn || !sinfo.init:
// No or unintiialized session, so we need to search first // No or unintiialized session, so we need to search first
@ -306,6 +310,7 @@ func (r *router) sendPacket(bs []byte) {
} else { } else {
// We haven't heard about the dest in a while // We haven't heard about the dest in a while
now := time.Now() now := time.Now()
if !sinfo.time.Before(sinfo.pingTime) { if !sinfo.time.Before(sinfo.pingTime) {
// Update pingTime to start the clock for searches (above) // Update pingTime to start the clock for searches (above)
sinfo.pingTime = now sinfo.pingTime = now
@ -315,6 +320,7 @@ func (r *router) sendPacket(bs []byte) {
sinfo.pingSend = now sinfo.pingSend = now
r.core.sessions.sendPingPong(sinfo, false) r.core.sessions.sendPingPong(sinfo, false)
} }
sinfo.timeMutex.Unlock()
} }
fallthrough // Also send the packet fallthrough // Also send the packet
default: default:

38
src/yggdrasil/session.go
View File

@ -8,6 +8,7 @@ import (
"bytes" "bytes"
"encoding/hex" "encoding/hex"
"sync" "sync"
"sync/atomic"
"time" "time"
"github.com/yggdrasil-network/yggdrasil-go/src/address" "github.com/yggdrasil-network/yggdrasil-go/src/address"
@ -37,17 +38,19 @@ type sessionInfo struct {
myMTU uint16 myMTU uint16
wasMTUFixed bool // Was the MTU fixed by a receive error? wasMTUFixed bool // Was the MTU fixed by a receive error?
time time.Time // Time we last received a packet time time.Time // Time we last received a packet
coords []byte // coords of destination
packet []byte // a buffered packet, sent immediately on ping/pong
init bool // Reset if coords change
send chan []byte
recv chan *wire_trafficPacket
closed chan interface{}
tstamp int64 // tstamp from their last session ping, replay attack mitigation
tstampMutex int64 // protects the above
mtuTime time.Time // time myMTU was last changed mtuTime time.Time // time myMTU was last changed
pingTime time.Time // time the first ping was sent since the last received packet pingTime time.Time // time the first ping was sent since the last received packet
pingSend time.Time // time the last ping was sent pingSend time.Time // time the last ping was sent
timeMutex sync.RWMutex // protects all time fields above
coords []byte // coords of destination
coordsMutex sync.RWMutex // protects the above
packet []byte // a buffered packet, sent immediately on ping/pong
init bool // Reset if coords change
initMutex sync.RWMutex
send chan []byte
recv chan *wire_trafficPacket
closed chan interface{}
tstamp int64 // ATOMIC - tstamp from their last session ping, replay attack mitigation
bytesSent uint64 // Bytes of real traffic sent in this session bytesSent uint64 // Bytes of real traffic sent in this session
bytesRecvd uint64 // Bytes of real traffic received in this session bytesRecvd uint64 // Bytes of real traffic received in this session
} }
@ -66,7 +69,7 @@ type sessionPing struct {
// Updates session info in response to a ping, after checking that the ping is OK. // Updates session info in response to a ping, after checking that the ping is OK.
// Returns true if the session was updated, or false otherwise. // Returns true if the session was updated, or false otherwise.
func (s *sessionInfo) update(p *sessionPing) bool { func (s *sessionInfo) update(p *sessionPing) bool {
if !(p.Tstamp > s.tstamp) { if !(p.Tstamp > atomic.LoadInt64(&s.tstamp)) {
// To protect against replay attacks // To protect against replay attacks
return false return false
} }
@ -90,14 +93,20 @@ func (s *sessionInfo) update(p *sessionPing) bool {
s.coords = append(make([]byte, 0, len(p.Coords)+11), p.Coords...) s.coords = append(make([]byte, 0, len(p.Coords)+11), p.Coords...)
} }
now := time.Now() now := time.Now()
s.timeMutex.Lock()
s.time = now s.time = now
s.tstamp = p.Tstamp s.timeMutex.Unlock()
atomic.StoreInt64(&s.tstamp, p.Tstamp)
s.initMutex.Lock()
s.init = true s.init = true
s.initMutex.Unlock()
return true return true
} }
// Returns true if the session has been idle for longer than the allowed timeout. // Returns true if the session has been idle for longer than the allowed timeout.
func (s *sessionInfo) timedout() bool { func (s *sessionInfo) timedout() bool {
s.timeMutex.RLock()
defer s.timeMutex.RUnlock()
return time.Since(s.time) > time.Minute return time.Since(s.time) > time.Minute
} }
@ -284,10 +293,12 @@ func (ss *sessions) createSession(theirPermKey *crypto.BoxPubKey) *sessionInfo {
sinfo.myMTU = uint16(ss.core.router.adapter.MTU()) sinfo.myMTU = uint16(ss.core.router.adapter.MTU())
} }
now := time.Now() now := time.Now()
sinfo.timeMutex.Lock()
sinfo.time = now sinfo.time = now
sinfo.mtuTime = now sinfo.mtuTime = now
sinfo.pingTime = now sinfo.pingTime = now
sinfo.pingSend = now sinfo.pingSend = now
sinfo.timeMutex.Unlock()
higher := false higher := false
for idx := range ss.core.boxPub { for idx := range ss.core.boxPub {
if ss.core.boxPub[idx] > sinfo.theirPermPub[idx] { if ss.core.boxPub[idx] > sinfo.theirPermPub[idx] {
@ -428,6 +439,7 @@ func (ss *sessions) sendPingPong(sinfo *sessionInfo, isPong bool) {
bs := ping.encode() bs := ping.encode()
shared := ss.getSharedKey(&ss.core.boxPriv, &sinfo.theirPermPub) shared := ss.getSharedKey(&ss.core.boxPriv, &sinfo.theirPermPub)
payload, nonce := crypto.BoxSeal(shared, bs, nil) payload, nonce := crypto.BoxSeal(shared, bs, nil)
sinfo.coordsMutex.RLock()
p := wire_protoTrafficPacket{ p := wire_protoTrafficPacket{
Coords: sinfo.coords, Coords: sinfo.coords,
ToKey: sinfo.theirPermPub, ToKey: sinfo.theirPermPub,
@ -435,10 +447,13 @@ func (ss *sessions) sendPingPong(sinfo *sessionInfo, isPong bool) {
Nonce: *nonce, Nonce: *nonce,
Payload: payload, Payload: payload,
} }
sinfo.coordsMutex.RUnlock()
packet := p.encode() packet := p.encode()
ss.core.router.out(packet) ss.core.router.out(packet)
if !isPong { if !isPong {
sinfo.timeMutex.Lock()
sinfo.pingSend = time.Now() sinfo.pingSend = time.Now()
sinfo.timeMutex.Unlock()
} }
} }
@ -467,6 +482,7 @@ func (ss *sessions) handlePing(ping *sessionPing) {
conn := &Conn{ conn := &Conn{
core: ss.core, core: ss.core,
session: sinfo, session: sinfo,
sessionMutex: &sync.RWMutex{},
nodeID: crypto.GetNodeID(&sinfo.theirPermPub), nodeID: crypto.GetNodeID(&sinfo.theirPermPub),
nodeMask: &crypto.NodeID{}, nodeMask: &crypto.NodeID{},
} }
@ -537,6 +553,8 @@ func (sinfo *sessionInfo) updateNonce(theirNonce *crypto.BoxNonce) {
// Called after coord changes, so attemtps to use a session will trigger a new ping and notify the remote end of the coord change. // Called after coord changes, so attemtps to use a session will trigger a new ping and notify the remote end of the coord change.
func (ss *sessions) resetInits() { func (ss *sessions) resetInits() {
for _, sinfo := range ss.sinfos { for _, sinfo := range ss.sinfos {
sinfo.initMutex.Lock()
sinfo.init = false sinfo.init = false
sinfo.initMutex.Unlock()
} }
} }