2019-01-02 00:55:51 +00:00
|
|
|
/* SPDX-License-Identifier: MIT
|
2018-05-03 13:04:00 +00:00
|
|
|
*
|
2021-01-28 16:52:15 +00:00
|
|
|
* Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
|
2018-05-03 13:04:00 +00:00
|
|
|
*/
|
|
|
|
|
|
2019-03-03 03:04:41 +00:00
|
|
|
package device
|
2017-06-26 11:14:02 +00:00
|
|
|
|
|
|
|
|
import (
|
2018-05-07 20:27:03 +00:00
|
|
|
"bytes"
|
2017-06-26 20:07:29 +00:00
|
|
|
"encoding/binary"
|
2021-05-20 16:26:01 +00:00
|
|
|
"errors"
|
2017-06-26 11:14:02 +00:00
|
|
|
"net"
|
2021-05-20 16:26:01 +00:00
|
|
|
"os"
|
2017-06-26 11:14:02 +00:00
|
|
|
"sync"
|
2017-06-30 12:41:08 +00:00
|
|
|
"sync/atomic"
|
|
|
|
|
"time"
|
2019-05-14 07:09:52 +00:00
|
|
|
|
|
|
|
|
"golang.org/x/crypto/chacha20poly1305"
|
|
|
|
|
"golang.org/x/net/ipv4"
|
|
|
|
|
"golang.org/x/net/ipv6"
|
2017-06-26 11:14:02 +00:00
|
|
|
)
|
|
|
|
|
|
2017-12-01 22:37:26 +00:00
|
|
|
/* Outbound flow
|
2017-06-26 11:14:02 +00:00
|
|
|
*
|
|
|
|
|
* 1. TUN queue
|
2017-06-28 21:45:45 +00:00
|
|
|
* 2. Routing (sequential)
|
|
|
|
|
* 3. Nonce assignment (sequential)
|
|
|
|
|
* 4. Encryption (parallel)
|
|
|
|
|
* 5. Transmission (sequential)
|
2017-06-26 11:14:02 +00:00
|
|
|
*
|
2017-12-01 22:37:26 +00:00
|
|
|
* The functions in this file occur (roughly) in the order in
|
|
|
|
|
* which the packets are processed.
|
|
|
|
|
*
|
|
|
|
|
* Locking, Producers and Consumers
|
|
|
|
|
*
|
|
|
|
|
* The order of packets (per peer) must be maintained,
|
|
|
|
|
* but encryption of packets happen out-of-order:
|
|
|
|
|
*
|
|
|
|
|
* The sequential consumers will attempt to take the lock,
|
2017-07-13 12:32:40 +00:00
|
|
|
* workers release lock when they have completed work (encryption) on the packet.
|
2017-07-06 13:43:55 +00:00
|
|
|
*
|
|
|
|
|
* If the element is inserted into the "encryption queue",
|
2017-12-01 22:37:26 +00:00
|
|
|
* the content is preceded by enough "junk" to contain the transport header
|
2017-07-07 11:47:09 +00:00
|
|
|
* (to allow the construction of transport messages in-place)
|
2017-06-28 21:45:45 +00:00
|
|
|
*/
|
2017-12-01 22:37:26 +00:00
|
|
|
|
2017-06-28 21:45:45 +00:00
|
|
|
type QueueOutboundElement struct {
|
2019-01-03 18:04:00 +00:00
|
|
|
sync.Mutex
|
2017-07-14 12:25:18 +00:00
|
|
|
buffer *[MaxMessageSize]byte // slice holding the packet data
|
2017-09-09 13:03:01 +00:00
|
|
|
packet []byte // slice of "buffer" (always!)
|
2017-07-14 12:25:18 +00:00
|
|
|
nonce uint64 // nonce for encryption
|
2018-05-13 17:50:58 +00:00
|
|
|
keypair *Keypair // keypair for encryption
|
2017-07-14 12:25:18 +00:00
|
|
|
peer *Peer // related peer
|
2017-06-26 11:14:02 +00:00
|
|
|
}
|
|
|
|
|
|
2017-07-06 13:43:55 +00:00
|
|
|
func (device *Device) NewOutboundElement() *QueueOutboundElement {
|
2018-09-22 04:29:02 +00:00
|
|
|
elem := device.GetOutboundElement()
|
|
|
|
|
elem.buffer = device.GetMessageBuffer()
|
2019-01-03 18:04:00 +00:00
|
|
|
elem.Mutex = sync.Mutex{}
|
2018-09-22 04:29:02 +00:00
|
|
|
elem.nonce = 0
|
2020-12-04 23:36:21 +00:00
|
|
|
// keypair and peer were cleared (if necessary) by clearPointers.
|
|
|
|
|
return elem
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// clearPointers clears elem fields that contain pointers.
|
|
|
|
|
// This makes the garbage collector's life easier and
|
|
|
|
|
// avoids accidentally keeping other objects around unnecessarily.
|
|
|
|
|
// It also reduces the possible collateral damage from use-after-free bugs.
|
|
|
|
|
func (elem *QueueOutboundElement) clearPointers() {
|
|
|
|
|
elem.buffer = nil
|
|
|
|
|
elem.packet = nil
|
2018-09-22 04:29:02 +00:00
|
|
|
elem.keypair = nil
|
|
|
|
|
elem.peer = nil
|
2017-07-06 13:43:55 +00:00
|
|
|
}
|
|
|
|
|
|
2018-05-07 20:27:03 +00:00
|
|
|
/* Queues a keepalive if no packets are queued for peer
|
|
|
|
|
*/
|
2021-01-27 17:13:53 +00:00
|
|
|
func (peer *Peer) SendKeepalive() {
|
2021-01-29 13:54:11 +00:00
|
|
|
if len(peer.queue.staged) == 0 && peer.isRunning.Get() {
|
|
|
|
|
elem := peer.device.NewOutboundElement()
|
|
|
|
|
select {
|
|
|
|
|
case peer.queue.staged <- elem:
|
|
|
|
|
peer.device.log.Verbosef("%v - Sending keepalive packet", peer)
|
|
|
|
|
default:
|
|
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2018-05-07 20:27:03 +00:00
|
|
|
}
|
2021-01-27 17:13:53 +00:00
|
|
|
peer.SendStagedPackets()
|
2018-05-07 20:27:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
|
|
|
|
|
if !isRetry {
|
2018-05-20 04:50:07 +00:00
|
|
|
atomic.StoreUint32(&peer.timers.handshakeAttempts, 0)
|
2018-05-07 20:27:03 +00:00
|
|
|
}
|
|
|
|
|
|
2018-05-13 21:14:43 +00:00
|
|
|
peer.handshake.mutex.RLock()
|
2019-06-03 19:46:46 +00:00
|
|
|
if time.Since(peer.handshake.lastSentHandshake) < RekeyTimeout {
|
2018-05-13 21:14:43 +00:00
|
|
|
peer.handshake.mutex.RUnlock()
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
peer.handshake.mutex.RUnlock()
|
|
|
|
|
|
|
|
|
|
peer.handshake.mutex.Lock()
|
2019-06-03 19:46:46 +00:00
|
|
|
if time.Since(peer.handshake.lastSentHandshake) < RekeyTimeout {
|
2018-05-13 21:14:43 +00:00
|
|
|
peer.handshake.mutex.Unlock()
|
2018-05-07 20:27:03 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
2018-05-13 21:14:43 +00:00
|
|
|
peer.handshake.lastSentHandshake = time.Now()
|
|
|
|
|
peer.handshake.mutex.Unlock()
|
2018-05-07 20:27:03 +00:00
|
|
|
|
2021-01-26 22:05:48 +00:00
|
|
|
peer.device.log.Verbosef("%v - Sending handshake initiation", peer)
|
2018-05-07 20:27:03 +00:00
|
|
|
|
|
|
|
|
msg, err := peer.device.CreateMessageInitiation(peer)
|
|
|
|
|
if err != nil {
|
2021-01-26 22:05:48 +00:00
|
|
|
peer.device.log.Errorf("%v - Failed to create initiation message: %v", peer, err)
|
2018-05-07 20:27:03 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var buff [MessageInitiationSize]byte
|
|
|
|
|
writer := bytes.NewBuffer(buff[:0])
|
|
|
|
|
binary.Write(writer, binary.LittleEndian, msg)
|
|
|
|
|
packet := writer.Bytes()
|
2018-05-13 21:14:43 +00:00
|
|
|
peer.cookieGenerator.AddMacs(packet)
|
2018-05-07 20:27:03 +00:00
|
|
|
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
2018-05-18 23:19:53 +00:00
|
|
|
peer.timersAnyAuthenticatedPacketSent()
|
2018-05-13 21:14:43 +00:00
|
|
|
|
|
|
|
|
err = peer.SendBuffer(packet)
|
|
|
|
|
if err != nil {
|
2021-01-26 22:05:48 +00:00
|
|
|
peer.device.log.Errorf("%v - Failed to send handshake initiation: %v", peer, err)
|
2018-05-13 21:14:43 +00:00
|
|
|
}
|
2018-05-07 20:27:03 +00:00
|
|
|
peer.timersHandshakeInitiated()
|
2018-05-13 21:14:43 +00:00
|
|
|
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) SendHandshakeResponse() error {
|
|
|
|
|
peer.handshake.mutex.Lock()
|
|
|
|
|
peer.handshake.lastSentHandshake = time.Now()
|
|
|
|
|
peer.handshake.mutex.Unlock()
|
|
|
|
|
|
2021-01-26 22:05:48 +00:00
|
|
|
peer.device.log.Verbosef("%v - Sending handshake response", peer)
|
2018-05-13 21:14:43 +00:00
|
|
|
|
|
|
|
|
response, err := peer.device.CreateMessageResponse(peer)
|
|
|
|
|
if err != nil {
|
2021-01-26 22:05:48 +00:00
|
|
|
peer.device.log.Errorf("%v - Failed to create response message: %v", peer, err)
|
2018-05-13 21:14:43 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var buff [MessageResponseSize]byte
|
|
|
|
|
writer := bytes.NewBuffer(buff[:0])
|
|
|
|
|
binary.Write(writer, binary.LittleEndian, response)
|
|
|
|
|
packet := writer.Bytes()
|
|
|
|
|
peer.cookieGenerator.AddMacs(packet)
|
|
|
|
|
|
|
|
|
|
err = peer.BeginSymmetricSession()
|
|
|
|
|
if err != nil {
|
2021-01-26 22:05:48 +00:00
|
|
|
peer.device.log.Errorf("%v - Failed to derive keypair: %v", peer, err)
|
2018-05-13 21:14:43 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
peer.timersSessionDerived()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
2018-05-18 23:19:53 +00:00
|
|
|
peer.timersAnyAuthenticatedPacketSent()
|
2018-05-13 21:14:43 +00:00
|
|
|
|
|
|
|
|
err = peer.SendBuffer(packet)
|
|
|
|
|
if err != nil {
|
2021-01-26 22:05:48 +00:00
|
|
|
peer.device.log.Errorf("%v - Failed to send handshake response: %v", peer, err)
|
2018-05-13 21:14:43 +00:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error {
|
2021-01-26 22:05:48 +00:00
|
|
|
device.log.Verbosef("Sending cookie response for denied handshake message for %v", initiatingElem.endpoint.DstToString())
|
2018-05-13 21:14:43 +00:00
|
|
|
|
|
|
|
|
sender := binary.LittleEndian.Uint32(initiatingElem.packet[4:8])
|
|
|
|
|
reply, err := device.cookieChecker.CreateReply(initiatingElem.packet, sender, initiatingElem.endpoint.DstToBytes())
|
|
|
|
|
if err != nil {
|
2021-01-26 22:05:48 +00:00
|
|
|
device.log.Errorf("Failed to create cookie reply: %v", err)
|
2018-05-13 21:14:43 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var buff [MessageCookieReplySize]byte
|
|
|
|
|
writer := bytes.NewBuffer(buff[:0])
|
|
|
|
|
binary.Write(writer, binary.LittleEndian, reply)
|
|
|
|
|
device.net.bind.Send(writer.Bytes(), initiatingElem.endpoint)
|
2019-10-21 09:46:54 +00:00
|
|
|
return nil
|
2018-05-07 20:27:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) keepKeyFreshSending() {
|
2018-05-13 21:14:43 +00:00
|
|
|
keypair := peer.keypairs.Current()
|
|
|
|
|
if keypair == nil {
|
2018-05-07 20:27:03 +00:00
|
|
|
return
|
|
|
|
|
}
|
2018-05-13 21:14:43 +00:00
|
|
|
nonce := atomic.LoadUint64(&keypair.sendNonce)
|
2019-06-03 19:46:46 +00:00
|
|
|
if nonce > RekeyAfterMessages || (keypair.isInitiator && time.Since(keypair.created) > RekeyAfterTime) {
|
2018-05-07 20:27:03 +00:00
|
|
|
peer.SendHandshakeInitiation(false)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-28 21:45:45 +00:00
|
|
|
/* Reads packets from the TUN and inserts
|
2021-01-27 17:13:53 +00:00
|
|
|
* into staged queue for peer
|
2017-06-28 21:45:45 +00:00
|
|
|
*
|
|
|
|
|
* Obs. Single instance per TUN device
|
|
|
|
|
*/
|
2017-08-04 14:15:53 +00:00
|
|
|
func (device *Device) RoutineReadFromTUN() {
|
2018-05-01 14:59:13 +00:00
|
|
|
defer func() {
|
2021-01-26 22:05:48 +00:00
|
|
|
device.log.Verbosef("Routine: TUN reader - stopped")
|
2018-05-16 20:20:15 +00:00
|
|
|
device.state.stopping.Done()
|
2021-02-09 17:53:00 +00:00
|
|
|
device.queue.encryption.wg.Done()
|
2018-05-01 14:59:13 +00:00
|
|
|
}()
|
|
|
|
|
|
2021-01-26 22:05:48 +00:00
|
|
|
device.log.Verbosef("Routine: TUN reader - started")
|
2017-07-13 12:32:40 +00:00
|
|
|
|
2018-09-22 04:29:02 +00:00
|
|
|
var elem *QueueOutboundElement
|
|
|
|
|
|
2017-06-28 21:45:45 +00:00
|
|
|
for {
|
2018-09-22 04:29:02 +00:00
|
|
|
if elem != nil {
|
|
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutOutboundElement(elem)
|
|
|
|
|
}
|
|
|
|
|
elem = device.NewOutboundElement()
|
2017-06-26 11:14:02 +00:00
|
|
|
|
2017-08-25 12:53:23 +00:00
|
|
|
// read packet
|
2017-07-06 13:43:55 +00:00
|
|
|
|
2017-12-04 20:39:06 +00:00
|
|
|
offset := MessageTransportHeaderSize
|
|
|
|
|
size, err := device.tun.device.Read(elem.buffer[:], offset)
|
2017-06-28 21:45:45 +00:00
|
|
|
if err != nil {
|
2021-01-19 17:02:16 +00:00
|
|
|
if !device.isClosed() {
|
2021-05-20 16:26:01 +00:00
|
|
|
if !errors.Is(err, os.ErrClosed) {
|
|
|
|
|
device.log.Errorf("Failed to read packet from TUN device: %v", err)
|
|
|
|
|
}
|
2021-03-11 16:29:10 +00:00
|
|
|
go device.Close()
|
2018-05-21 03:18:25 +00:00
|
|
|
}
|
2018-09-16 19:50:58 +00:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
2018-09-22 04:29:02 +00:00
|
|
|
device.PutOutboundElement(elem)
|
2017-07-13 12:32:40 +00:00
|
|
|
return
|
2017-06-28 21:45:45 +00:00
|
|
|
}
|
2017-07-13 12:32:40 +00:00
|
|
|
|
2017-08-25 12:53:23 +00:00
|
|
|
if size == 0 || size > MaxContentSize {
|
2017-06-28 21:45:45 +00:00
|
|
|
continue
|
|
|
|
|
}
|
2017-06-26 11:14:02 +00:00
|
|
|
|
2017-12-04 20:39:06 +00:00
|
|
|
elem.packet = elem.buffer[offset : offset+size]
|
2017-08-04 14:15:53 +00:00
|
|
|
|
2017-06-28 21:45:45 +00:00
|
|
|
// lookup peer
|
2017-06-26 11:14:02 +00:00
|
|
|
|
2017-06-28 21:45:45 +00:00
|
|
|
var peer *Peer
|
2017-07-06 13:43:55 +00:00
|
|
|
switch elem.packet[0] >> 4 {
|
2017-07-13 12:32:40 +00:00
|
|
|
case ipv4.Version:
|
2017-08-04 14:15:53 +00:00
|
|
|
if len(elem.packet) < ipv4.HeaderLen {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2017-07-06 13:43:55 +00:00
|
|
|
dst := elem.packet[IPv4offsetDst : IPv4offsetDst+net.IPv4len]
|
2021-06-03 14:12:29 +00:00
|
|
|
peer = device.allowedips.Lookup(dst)
|
2017-06-26 11:14:02 +00:00
|
|
|
|
2017-07-13 12:32:40 +00:00
|
|
|
case ipv6.Version:
|
2017-08-04 14:15:53 +00:00
|
|
|
if len(elem.packet) < ipv6.HeaderLen {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2017-07-06 13:43:55 +00:00
|
|
|
dst := elem.packet[IPv6offsetDst : IPv6offsetDst+net.IPv6len]
|
2021-06-03 14:12:29 +00:00
|
|
|
peer = device.allowedips.Lookup(dst)
|
2017-06-26 11:14:02 +00:00
|
|
|
|
|
|
|
|
default:
|
2021-01-26 22:05:48 +00:00
|
|
|
device.log.Verbosef("Received packet with unknown IP version")
|
2017-06-28 21:45:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if peer == nil {
|
2017-06-29 12:39:21 +00:00
|
|
|
continue
|
2017-06-28 21:45:45 +00:00
|
|
|
}
|
2018-01-26 21:52:32 +00:00
|
|
|
if peer.isRunning.Get() {
|
2021-01-27 17:13:53 +00:00
|
|
|
peer.StagePacket(elem)
|
2018-09-22 04:29:02 +00:00
|
|
|
elem = nil
|
2021-01-27 17:13:53 +00:00
|
|
|
peer.SendStagedPackets()
|
2018-01-26 21:52:32 +00:00
|
|
|
}
|
2017-06-26 11:14:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-27 17:13:53 +00:00
|
|
|
func (peer *Peer) StagePacket(elem *QueueOutboundElement) {
|
|
|
|
|
for {
|
|
|
|
|
select {
|
|
|
|
|
case peer.queue.staged <- elem:
|
|
|
|
|
return
|
|
|
|
|
default:
|
2021-01-28 17:56:58 +00:00
|
|
|
}
|
|
|
|
|
select {
|
|
|
|
|
case tooOld := <-peer.queue.staged:
|
|
|
|
|
peer.device.PutMessageBuffer(tooOld.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(tooOld)
|
|
|
|
|
default:
|
2018-05-18 22:35:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-01-27 17:13:53 +00:00
|
|
|
}
|
2018-05-18 22:35:49 +00:00
|
|
|
|
2021-01-27 17:13:53 +00:00
|
|
|
func (peer *Peer) SendStagedPackets() {
|
|
|
|
|
top:
|
2021-01-19 17:02:16 +00:00
|
|
|
if len(peer.queue.staged) == 0 || !peer.device.isUp() {
|
2021-01-27 17:13:53 +00:00
|
|
|
return
|
|
|
|
|
}
|
2018-09-23 23:52:02 +00:00
|
|
|
|
2021-01-27 17:13:53 +00:00
|
|
|
keypair := peer.keypairs.Current()
|
|
|
|
|
if keypair == nil || atomic.LoadUint64(&keypair.sendNonce) >= RejectAfterMessages || time.Since(keypair.created) >= RejectAfterTime {
|
|
|
|
|
peer.SendHandshakeInitiation(false)
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-02-02 15:40:14 +00:00
|
|
|
|
2017-09-09 13:03:01 +00:00
|
|
|
for {
|
|
|
|
|
select {
|
2021-01-27 17:13:53 +00:00
|
|
|
case elem := <-peer.queue.staged:
|
2017-09-09 13:03:01 +00:00
|
|
|
elem.peer = peer
|
2018-05-13 16:23:40 +00:00
|
|
|
elem.nonce = atomic.AddUint64(&keypair.sendNonce, 1) - 1
|
2018-05-07 20:27:03 +00:00
|
|
|
if elem.nonce >= RejectAfterMessages {
|
2018-05-18 22:35:49 +00:00
|
|
|
atomic.StoreUint64(&keypair.sendNonce, RejectAfterMessages)
|
2021-01-27 17:13:53 +00:00
|
|
|
peer.StagePacket(elem) // XXX: Out of order, but we can't front-load go chans
|
|
|
|
|
goto top
|
2018-05-07 20:27:03 +00:00
|
|
|
}
|
2018-05-18 22:35:49 +00:00
|
|
|
|
2018-05-13 16:23:40 +00:00
|
|
|
elem.keypair = keypair
|
2019-01-03 18:04:00 +00:00
|
|
|
elem.Lock()
|
2017-07-06 13:43:55 +00:00
|
|
|
|
2017-09-09 13:03:01 +00:00
|
|
|
// add to parallel and sequential queue
|
2021-01-29 13:54:11 +00:00
|
|
|
if peer.isRunning.Get() {
|
2021-02-09 14:09:50 +00:00
|
|
|
peer.queue.outbound.c <- elem
|
2021-01-29 13:54:11 +00:00
|
|
|
peer.device.queue.encryption.c <- elem
|
|
|
|
|
} else {
|
|
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2021-01-27 17:13:53 +00:00
|
|
|
default:
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) FlushStagedPackets() {
|
|
|
|
|
for {
|
|
|
|
|
select {
|
|
|
|
|
case elem := <-peer.queue.staged:
|
|
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
|
|
|
|
default:
|
|
|
|
|
return
|
2017-06-26 11:14:02 +00:00
|
|
|
}
|
2017-09-09 13:03:01 +00:00
|
|
|
}
|
2017-06-26 11:14:02 +00:00
|
|
|
}
|
|
|
|
|
|
2020-05-18 20:32:31 +00:00
|
|
|
func calculatePaddingSize(packetSize, mtu int) int {
|
|
|
|
|
lastUnit := packetSize
|
|
|
|
|
if mtu == 0 {
|
|
|
|
|
return ((lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1)) - lastUnit
|
|
|
|
|
}
|
|
|
|
|
if lastUnit > mtu {
|
|
|
|
|
lastUnit %= mtu
|
|
|
|
|
}
|
|
|
|
|
paddedSize := ((lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1))
|
|
|
|
|
if paddedSize > mtu {
|
|
|
|
|
paddedSize = mtu
|
|
|
|
|
}
|
|
|
|
|
return paddedSize - lastUnit
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-28 21:45:45 +00:00
|
|
|
/* Encrypts the elements in the queue
|
|
|
|
|
* and marks them for sequential consumption (by releasing the mutex)
|
2017-06-26 20:07:29 +00:00
|
|
|
*
|
2017-06-28 21:45:45 +00:00
|
|
|
* Obs. One instance per core
|
2017-06-26 20:07:29 +00:00
|
|
|
*/
|
2021-05-07 10:21:21 +00:00
|
|
|
func (device *Device) RoutineEncryption(id int) {
|
2021-01-29 19:10:48 +00:00
|
|
|
var paddingZeros [PaddingMultiple]byte
|
2017-06-26 20:07:29 +00:00
|
|
|
var nonce [chacha20poly1305.NonceSize]byte
|
2017-07-17 14:16:18 +00:00
|
|
|
|
2021-05-07 10:21:21 +00:00
|
|
|
defer device.log.Verbosef("Routine: encryption worker %d - stopped", id)
|
|
|
|
|
device.log.Verbosef("Routine: encryption worker %d - started", id)
|
2017-07-17 14:16:18 +00:00
|
|
|
|
2020-12-14 23:07:23 +00:00
|
|
|
for elem := range device.queue.encryption.c {
|
|
|
|
|
// populate header fields
|
|
|
|
|
header := elem.buffer[:MessageTransportHeaderSize]
|
2017-06-26 11:14:02 +00:00
|
|
|
|
2020-12-14 23:07:23 +00:00
|
|
|
fieldType := header[0:4]
|
|
|
|
|
fieldReceiver := header[4:8]
|
|
|
|
|
fieldNonce := header[8:16]
|
2017-07-02 13:28:38 +00:00
|
|
|
|
2020-12-14 23:07:23 +00:00
|
|
|
binary.LittleEndian.PutUint32(fieldType, MessageTransportType)
|
|
|
|
|
binary.LittleEndian.PutUint32(fieldReceiver, elem.keypair.remoteIndex)
|
|
|
|
|
binary.LittleEndian.PutUint64(fieldNonce, elem.nonce)
|
2017-07-15 14:27:59 +00:00
|
|
|
|
2020-12-14 23:07:23 +00:00
|
|
|
// pad content to multiple of 16
|
|
|
|
|
paddingSize := calculatePaddingSize(len(elem.packet), int(atomic.LoadInt32(&device.tun.mtu)))
|
2021-01-29 19:10:48 +00:00
|
|
|
elem.packet = append(elem.packet, paddingZeros[:paddingSize]...)
|
2017-07-02 13:28:38 +00:00
|
|
|
|
2020-12-14 23:07:23 +00:00
|
|
|
// encrypt content and release to consumer
|
2017-09-09 13:03:01 +00:00
|
|
|
|
2020-12-14 23:07:23 +00:00
|
|
|
binary.LittleEndian.PutUint64(nonce[4:], elem.nonce)
|
|
|
|
|
elem.packet = elem.keypair.send.Seal(
|
|
|
|
|
header,
|
|
|
|
|
nonce[:],
|
|
|
|
|
elem.packet,
|
|
|
|
|
nil,
|
|
|
|
|
)
|
|
|
|
|
elem.Unlock()
|
2017-06-28 21:45:45 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Sequentially reads packets from queue and sends to endpoint
|
|
|
|
|
*
|
|
|
|
|
* Obs. Single instance per peer.
|
|
|
|
|
* The routine terminates then the outbound queue is closed.
|
|
|
|
|
*/
|
2017-06-30 12:41:08 +00:00
|
|
|
func (peer *Peer) RoutineSequentialSender() {
|
|
|
|
|
device := peer.device
|
2021-01-29 13:54:11 +00:00
|
|
|
defer func() {
|
|
|
|
|
defer device.log.Verbosef("%v - Routine: sequential sender - stopped", peer)
|
|
|
|
|
peer.stopping.Done()
|
|
|
|
|
}()
|
2021-01-26 22:05:48 +00:00
|
|
|
device.log.Verbosef("%v - Routine: sequential sender - started", peer)
|
2018-05-01 14:59:13 +00:00
|
|
|
|
2021-02-09 14:09:50 +00:00
|
|
|
for elem := range peer.queue.outbound.c {
|
2021-02-08 21:02:52 +00:00
|
|
|
if elem == nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-12-15 23:54:48 +00:00
|
|
|
elem.Lock()
|
|
|
|
|
if !peer.isRunning.Get() {
|
|
|
|
|
// peer has been stopped; return re-usable elems to the shared pool.
|
|
|
|
|
// This is an optimization only. It is possible for the peer to be stopped
|
|
|
|
|
// immediately after this check, in which case, elem will get processed.
|
|
|
|
|
// The timers and SendBuffer code are resilient to a few stragglers.
|
2021-02-22 14:43:08 +00:00
|
|
|
// TODO: rework peer shutdown order to ensure
|
2020-12-15 23:54:48 +00:00
|
|
|
// that we never accidentally keep timers alive longer than necessary.
|
2017-07-27 21:45:37 +00:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
2018-09-22 04:29:02 +00:00
|
|
|
device.PutOutboundElement(elem)
|
2020-12-15 23:54:48 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketSent()
|
2017-07-18 13:22:56 +00:00
|
|
|
|
2020-12-15 23:54:48 +00:00
|
|
|
// send message and return buffer to pool
|
|
|
|
|
|
|
|
|
|
err := peer.SendBuffer(elem.packet)
|
|
|
|
|
if len(elem.packet) != MessageKeepaliveSize {
|
|
|
|
|
peer.timersDataSent()
|
2017-06-30 12:41:08 +00:00
|
|
|
}
|
2020-12-15 23:54:48 +00:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutOutboundElement(elem)
|
|
|
|
|
if err != nil {
|
2021-01-26 22:05:48 +00:00
|
|
|
device.log.Errorf("%v - Failed to send data packet: %v", peer, err)
|
2020-12-15 23:54:48 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
peer.keepKeyFreshSending()
|
2017-06-26 11:14:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
