2017-05-30 20:36:49 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bufio"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
2017-06-01 19:31:30 +00:00
|
|
|
"net"
|
2017-06-04 19:48:15 +00:00
|
|
|
"strconv"
|
2017-06-29 12:39:21 +00:00
|
|
|
"strings"
|
2017-06-04 19:48:15 +00:00
|
|
|
"time"
|
2017-05-30 20:36:49 +00:00
|
|
|
)
|
|
|
|
|
|
2017-06-29 12:39:21 +00:00
|
|
|
// #include <errno.h>
|
|
|
|
|
import "C"
|
|
|
|
|
|
|
|
|
|
/* TODO: More fine grained?
|
2017-05-30 20:36:49 +00:00
|
|
|
*/
|
|
|
|
|
const (
|
2017-06-29 12:39:21 +00:00
|
|
|
ipcErrorNoPeer = C.EPROTO
|
|
|
|
|
ipcErrorNoKeyValue = C.EPROTO
|
|
|
|
|
ipcErrorInvalidKey = C.EPROTO
|
|
|
|
|
ipcErrorInvalidValue = C.EPROTO
|
2017-05-30 20:36:49 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type IPCError struct {
|
|
|
|
|
Code int
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *IPCError) Error() string {
|
|
|
|
|
return fmt.Sprintf("IPC error: %d", s.Code)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *IPCError) ErrorCode() int {
|
|
|
|
|
return s.Code
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-28 21:45:45 +00:00
|
|
|
func ipcGetOperation(device *Device, socket *bufio.ReadWriter) error {
|
2017-05-30 20:36:49 +00:00
|
|
|
|
2017-06-28 21:45:45 +00:00
|
|
|
device.mutex.RLock()
|
|
|
|
|
defer device.mutex.RUnlock()
|
|
|
|
|
|
|
|
|
|
// create lines
|
|
|
|
|
|
|
|
|
|
lines := make([]string, 0, 100)
|
|
|
|
|
send := func(line string) {
|
|
|
|
|
lines = append(lines, line)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !device.privateKey.IsZero() {
|
|
|
|
|
send("private_key=" + device.privateKey.ToHex())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if device.address != nil {
|
|
|
|
|
send(fmt.Sprintf("listen_port=%d", device.address.Port))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, peer := range device.peers {
|
|
|
|
|
func() {
|
|
|
|
|
peer.mutex.RLock()
|
|
|
|
|
defer peer.mutex.RUnlock()
|
|
|
|
|
send("public_key=" + peer.handshake.remoteStatic.ToHex())
|
|
|
|
|
send("preshared_key=" + peer.handshake.presharedKey.ToHex())
|
|
|
|
|
if peer.endpoint != nil {
|
|
|
|
|
send("endpoint=" + peer.endpoint.String())
|
|
|
|
|
}
|
|
|
|
|
send(fmt.Sprintf("tx_bytes=%d", peer.tx_bytes))
|
|
|
|
|
send(fmt.Sprintf("rx_bytes=%d", peer.rx_bytes))
|
|
|
|
|
send(fmt.Sprintf("persistent_keepalive_interval=%d", peer.persistentKeepaliveInterval))
|
|
|
|
|
for _, ip := range device.routingTable.AllowedIPs(peer) {
|
|
|
|
|
send("allowed_ip=" + ip.String())
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// send lines
|
|
|
|
|
|
|
|
|
|
for _, line := range lines {
|
2017-06-29 12:39:21 +00:00
|
|
|
device.log.Debug.Println("Response:", line)
|
2017-06-28 21:45:45 +00:00
|
|
|
_, err := socket.WriteString(line + "\n")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
|
|
|
|
|
2017-06-04 19:48:15 +00:00
|
|
|
func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger := device.log.Debug
|
2017-05-30 20:36:49 +00:00
|
|
|
scanner := bufio.NewScanner(socket)
|
|
|
|
|
|
2017-06-29 12:39:21 +00:00
|
|
|
var peer *Peer
|
2017-05-30 20:36:49 +00:00
|
|
|
for scanner.Scan() {
|
|
|
|
|
|
|
|
|
|
// Parse line
|
|
|
|
|
|
|
|
|
|
line := scanner.Text()
|
2017-06-29 12:39:21 +00:00
|
|
|
if line == "" {
|
|
|
|
|
return nil
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
2017-06-29 12:39:21 +00:00
|
|
|
parts := strings.Split(line, "=")
|
|
|
|
|
if len(parts) != 2 {
|
|
|
|
|
device.log.Debug.Println(parts)
|
2017-05-30 20:36:49 +00:00
|
|
|
return &IPCError{Code: ipcErrorNoKeyValue}
|
|
|
|
|
}
|
2017-06-29 12:39:21 +00:00
|
|
|
key := parts[0]
|
|
|
|
|
value := parts[1]
|
|
|
|
|
logger.Println("Key-value pair: (", key, ",", value, ")") // TODO: Remove, leaks private key to log
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
switch key {
|
|
|
|
|
|
|
|
|
|
/* Interface configuration */
|
|
|
|
|
|
|
|
|
|
case "private_key":
|
|
|
|
|
if value == "" {
|
2017-06-29 12:39:21 +00:00
|
|
|
device.mutex.Lock()
|
2017-06-04 19:48:15 +00:00
|
|
|
device.privateKey = NoisePrivateKey{}
|
2017-06-29 12:39:21 +00:00
|
|
|
device.mutex.Unlock()
|
2017-05-30 20:36:49 +00:00
|
|
|
} else {
|
2017-06-29 12:39:21 +00:00
|
|
|
device.mutex.Lock()
|
2017-06-04 19:48:15 +00:00
|
|
|
err := device.privateKey.FromHex(value)
|
2017-06-29 12:39:21 +00:00
|
|
|
device.mutex.Unlock()
|
2017-05-30 20:36:49 +00:00
|
|
|
if err != nil {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("Failed to set private_key:", err)
|
|
|
|
|
return &IPCError{Code: ipcErrorInvalidValue}
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case "listen_port":
|
2017-06-29 12:39:21 +00:00
|
|
|
var port int
|
|
|
|
|
_, err := fmt.Sscanf(value, "%d", &port)
|
|
|
|
|
if err != nil || port > (1<<16) || port < 0 {
|
|
|
|
|
logger.Println("Failed to set listen_port:", err)
|
|
|
|
|
return &IPCError{Code: ipcErrorInvalidValue}
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
2017-06-29 12:39:21 +00:00
|
|
|
device.mutex.Lock()
|
|
|
|
|
if device.address == nil {
|
|
|
|
|
device.address = &net.UDPAddr{}
|
|
|
|
|
}
|
|
|
|
|
device.address.Port = port
|
|
|
|
|
device.mutex.Unlock()
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
case "fwmark":
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("FWMark not handled yet")
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
case "public_key":
|
|
|
|
|
var pubKey NoisePublicKey
|
|
|
|
|
err := pubKey.FromHex(value)
|
|
|
|
|
if err != nil {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("Failed to get peer by public_key:", err)
|
|
|
|
|
return &IPCError{Code: ipcErrorInvalidValue}
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
2017-06-29 12:39:21 +00:00
|
|
|
device.mutex.RLock()
|
2017-06-04 19:48:15 +00:00
|
|
|
found, ok := device.peers[pubKey]
|
2017-06-29 12:39:21 +00:00
|
|
|
device.mutex.RUnlock()
|
2017-05-30 20:36:49 +00:00
|
|
|
if ok {
|
|
|
|
|
peer = found
|
|
|
|
|
} else {
|
2017-06-24 13:34:17 +00:00
|
|
|
peer = device.NewPeer(pubKey)
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
2017-06-29 12:39:21 +00:00
|
|
|
if peer == nil {
|
|
|
|
|
panic(errors.New("bug: failed to find peer"))
|
|
|
|
|
}
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
case "replace_peers":
|
2017-06-29 12:39:21 +00:00
|
|
|
if value == "true" {
|
2017-06-04 19:48:15 +00:00
|
|
|
device.RemoveAllPeers()
|
|
|
|
|
} else {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("Failed to set replace_peers, invalid value:", value)
|
2017-06-04 19:48:15 +00:00
|
|
|
return &IPCError{Code: ipcErrorInvalidValue}
|
2017-06-01 19:31:30 +00:00
|
|
|
}
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
/* Peer configuration */
|
|
|
|
|
|
|
|
|
|
if peer == nil {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("No peer referenced, before peer operation")
|
2017-05-30 20:36:49 +00:00
|
|
|
return &IPCError{Code: ipcErrorNoPeer}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch key {
|
|
|
|
|
|
|
|
|
|
case "remove":
|
|
|
|
|
peer.mutex.Lock()
|
2017-06-29 12:39:21 +00:00
|
|
|
device.RemovePeer(peer.handshake.remoteStatic)
|
|
|
|
|
peer.mutex.Unlock()
|
|
|
|
|
logger.Println("Remove peer")
|
2017-05-30 20:36:49 +00:00
|
|
|
peer = nil
|
|
|
|
|
|
|
|
|
|
case "preshared_key":
|
2017-06-01 19:31:30 +00:00
|
|
|
err := func() error {
|
2017-05-30 20:36:49 +00:00
|
|
|
peer.mutex.Lock()
|
|
|
|
|
defer peer.mutex.Unlock()
|
2017-06-24 13:34:17 +00:00
|
|
|
return peer.handshake.presharedKey.FromHex(value)
|
2017-05-30 20:36:49 +00:00
|
|
|
}()
|
2017-06-01 19:31:30 +00:00
|
|
|
if err != nil {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("Failed to set preshared_key:", err)
|
|
|
|
|
return &IPCError{Code: ipcErrorInvalidValue}
|
2017-06-01 19:31:30 +00:00
|
|
|
}
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
case "endpoint":
|
2017-06-01 19:31:30 +00:00
|
|
|
ip := net.ParseIP(value)
|
|
|
|
|
if ip == nil {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("Failed to set endpoint:", value)
|
|
|
|
|
return &IPCError{Code: ipcErrorInvalidValue}
|
2017-06-01 19:31:30 +00:00
|
|
|
}
|
|
|
|
|
peer.mutex.Lock()
|
2017-06-24 13:34:17 +00:00
|
|
|
// peer.endpoint = ip FIX
|
2017-06-01 19:31:30 +00:00
|
|
|
peer.mutex.Unlock()
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
case "persistent_keepalive_interval":
|
2017-06-04 19:48:15 +00:00
|
|
|
secs, err := strconv.ParseInt(value, 10, 64)
|
|
|
|
|
if secs < 0 || err != nil {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("Failed to set persistent_keepalive_interval:", err)
|
2017-06-04 19:48:15 +00:00
|
|
|
return &IPCError{Code: ipcErrorInvalidValue}
|
|
|
|
|
}
|
|
|
|
|
peer.mutex.Lock()
|
|
|
|
|
peer.persistentKeepaliveInterval = time.Duration(secs) * time.Second
|
|
|
|
|
peer.mutex.Unlock()
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
case "replace_allowed_ips":
|
2017-06-29 12:39:21 +00:00
|
|
|
if value == "true" {
|
2017-06-04 19:48:15 +00:00
|
|
|
device.routingTable.RemovePeer(peer)
|
|
|
|
|
} else {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("Failed to set replace_allowed_ips, invalid value:", value)
|
2017-06-04 19:48:15 +00:00
|
|
|
return &IPCError{Code: ipcErrorInvalidValue}
|
|
|
|
|
}
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
case "allowed_ip":
|
2017-06-04 19:48:15 +00:00
|
|
|
_, network, err := net.ParseCIDR(value)
|
|
|
|
|
if err != nil {
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("Failed to set allowed_ip:", err)
|
2017-06-04 19:48:15 +00:00
|
|
|
return &IPCError{Code: ipcErrorInvalidValue}
|
|
|
|
|
}
|
|
|
|
|
ones, _ := network.Mask.Size()
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println(network, ones, network.IP)
|
2017-06-04 19:48:15 +00:00
|
|
|
device.routingTable.Insert(network.IP, uint(ones), peer)
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
/* Invalid key */
|
|
|
|
|
|
|
|
|
|
default:
|
2017-06-29 12:39:21 +00:00
|
|
|
logger.Println("Invalid key:", key)
|
2017-05-30 20:36:49 +00:00
|
|
|
return &IPCError{Code: ipcErrorInvalidKey}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-29 12:39:21 +00:00
|
|
|
func ipcHandle(device *Device, socket net.Conn) {
|
2017-05-30 20:36:49 +00:00
|
|
|
|
2017-06-29 12:39:21 +00:00
|
|
|
func() {
|
|
|
|
|
buffered := func(s io.ReadWriter) *bufio.ReadWriter {
|
|
|
|
|
reader := bufio.NewReader(s)
|
|
|
|
|
writer := bufio.NewWriter(s)
|
|
|
|
|
return bufio.NewReadWriter(reader, writer)
|
|
|
|
|
}(socket)
|
2017-05-30 20:36:49 +00:00
|
|
|
|
2017-06-29 12:39:21 +00:00
|
|
|
defer buffered.Flush()
|
2017-06-28 21:45:45 +00:00
|
|
|
|
2017-05-30 20:36:49 +00:00
|
|
|
op, err := buffered.ReadString('\n')
|
|
|
|
|
if err != nil {
|
2017-06-29 12:39:21 +00:00
|
|
|
return
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch op {
|
|
|
|
|
|
|
|
|
|
case "set=1\n":
|
2017-06-29 12:39:21 +00:00
|
|
|
device.log.Debug.Println("Config, set operation")
|
2017-06-28 21:45:45 +00:00
|
|
|
err := ipcSetOperation(device, buffered)
|
2017-05-30 20:36:49 +00:00
|
|
|
if err != nil {
|
2017-06-28 21:45:45 +00:00
|
|
|
fmt.Fprintf(buffered, "errno=%d\n\n", err.ErrorCode())
|
2017-05-30 20:36:49 +00:00
|
|
|
} else {
|
2017-06-28 21:45:45 +00:00
|
|
|
fmt.Fprintf(buffered, "errno=0\n\n")
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
2017-06-29 12:39:21 +00:00
|
|
|
break
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
case "get=1\n":
|
2017-06-29 12:39:21 +00:00
|
|
|
device.log.Debug.Println("Config, get operation")
|
2017-06-28 21:45:45 +00:00
|
|
|
err := ipcGetOperation(device, buffered)
|
|
|
|
|
if err != nil {
|
|
|
|
|
fmt.Fprintf(buffered, "errno=1\n\n") // fix
|
|
|
|
|
} else {
|
|
|
|
|
fmt.Fprintf(buffered, "errno=0\n\n")
|
|
|
|
|
}
|
2017-06-29 12:39:21 +00:00
|
|
|
break
|
2017-05-30 20:36:49 +00:00
|
|
|
|
|
|
|
|
default:
|
2017-06-29 12:39:21 +00:00
|
|
|
device.log.Info.Println("Invalid UAPI operation:", op)
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
2017-06-29 12:39:21 +00:00
|
|
|
}()
|
2017-05-30 20:36:49 +00:00
|
|
|
|
2017-06-29 12:39:21 +00:00
|
|
|
socket.Close()
|
2017-05-30 20:36:49 +00:00
|
|
|
}
|
