conn: make binds replacable

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2021-02-22 02:01:50 +01:00
parent c69481f1b3
commit a4f8e83d5d
16 changed files with 160 additions and 149 deletions

View File

@ -1,5 +1,3 @@
// +build !android
/* SPDX-License-Identifier: MIT /* SPDX-License-Identifier: MIT
* *
* Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved. * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
@ -18,55 +16,59 @@ import (
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
) )
type IPv4Source struct { type ipv4Source struct {
Src [4]byte Src [4]byte
Ifindex int32 Ifindex int32
} }
type IPv6Source struct { type ipv6Source struct {
src [16]byte src [16]byte
//ifindex belongs in dst.ZoneId // ifindex belongs in dst.ZoneId
} }
type NativeEndpoint struct { type LinuxSocketEndpoint struct {
sync.Mutex sync.Mutex
dst [unsafe.Sizeof(unix.SockaddrInet6{})]byte dst [unsafe.Sizeof(unix.SockaddrInet6{})]byte
src [unsafe.Sizeof(IPv6Source{})]byte src [unsafe.Sizeof(ipv6Source{})]byte
isV6 bool isV6 bool
} }
func (endpoint *NativeEndpoint) Src4() *IPv4Source { return endpoint.src4() } func (endpoint *LinuxSocketEndpoint) Src4() *ipv4Source { return endpoint.src4() }
func (endpoint *NativeEndpoint) Dst4() *unix.SockaddrInet4 { return endpoint.dst4() } func (endpoint *LinuxSocketEndpoint) Dst4() *unix.SockaddrInet4 { return endpoint.dst4() }
func (endpoint *NativeEndpoint) IsV6() bool { return endpoint.isV6 } func (endpoint *LinuxSocketEndpoint) IsV6() bool { return endpoint.isV6 }
func (endpoint *NativeEndpoint) src4() *IPv4Source { func (endpoint *LinuxSocketEndpoint) src4() *ipv4Source {
return (*IPv4Source)(unsafe.Pointer(&endpoint.src[0])) return (*ipv4Source)(unsafe.Pointer(&endpoint.src[0]))
} }
func (endpoint *NativeEndpoint) src6() *IPv6Source { func (endpoint *LinuxSocketEndpoint) src6() *ipv6Source {
return (*IPv6Source)(unsafe.Pointer(&endpoint.src[0])) return (*ipv6Source)(unsafe.Pointer(&endpoint.src[0]))
} }
func (endpoint *NativeEndpoint) dst4() *unix.SockaddrInet4 { func (endpoint *LinuxSocketEndpoint) dst4() *unix.SockaddrInet4 {
return (*unix.SockaddrInet4)(unsafe.Pointer(&endpoint.dst[0])) return (*unix.SockaddrInet4)(unsafe.Pointer(&endpoint.dst[0]))
} }
func (endpoint *NativeEndpoint) dst6() *unix.SockaddrInet6 { func (endpoint *LinuxSocketEndpoint) dst6() *unix.SockaddrInet6 {
return (*unix.SockaddrInet6)(unsafe.Pointer(&endpoint.dst[0])) return (*unix.SockaddrInet6)(unsafe.Pointer(&endpoint.dst[0]))
} }
type nativeBind struct { // LinuxSocketBind uses sendmsg and recvmsg to implement a full bind with sticky sockets on Linux.
type LinuxSocketBind struct {
sock4 int sock4 int
sock6 int sock6 int
lastMark uint32 lastMark uint32
closing sync.RWMutex closing sync.RWMutex
} }
var _ Endpoint = (*NativeEndpoint)(nil) func NewLinuxSocketBind() Bind { return &LinuxSocketBind{sock4: -1, sock6: -1} }
var _ Bind = (*nativeBind)(nil) func NewDefaultBind() Bind { return NewLinuxSocketBind() }
func CreateEndpoint(s string) (Endpoint, error) { var _ Endpoint = (*LinuxSocketEndpoint)(nil)
var end NativeEndpoint var _ Bind = (*LinuxSocketBind)(nil)
func (*LinuxSocketBind) ParseEndpoint(s string) (Endpoint, error) {
var end LinuxSocketEndpoint
addr, err := parseEndpoint(s) addr, err := parseEndpoint(s)
if err != nil { if err != nil {
return nil, err return nil, err
@ -97,14 +99,18 @@ func CreateEndpoint(s string) (Endpoint, error) {
return &end, nil return &end, nil
} }
return nil, errors.New("Invalid IP address") return nil, errors.New("invalid IP address")
} }
func createBind(port uint16) (Bind, uint16, error) { func (bind *LinuxSocketBind) Open(port uint16) (uint16, error) {
var err error var err error
var bind nativeBind
var newPort uint16 var newPort uint16
var tries int var tries int
if bind.sock4 != -1 || bind.sock6 != -1 {
return 0, ErrBindAlreadyOpen
}
originalPort := port originalPort := port
again: again:
@ -113,7 +119,7 @@ again:
bind.sock6, newPort, err = create6(port) bind.sock6, newPort, err = create6(port)
if err != nil { if err != nil {
if err != syscall.EAFNOSUPPORT { if err != syscall.EAFNOSUPPORT {
return nil, 0, err return 0, err
} }
} else { } else {
port = newPort port = newPort
@ -129,24 +135,19 @@ again:
} }
if err != syscall.EAFNOSUPPORT { if err != syscall.EAFNOSUPPORT {
unix.Close(bind.sock6) unix.Close(bind.sock6)
return nil, 0, err return 0, err
} }
} else { } else {
port = newPort port = newPort
} }
if bind.sock4 == -1 && bind.sock6 == -1 { if bind.sock4 == -1 && bind.sock6 == -1 {
return nil, 0, errors.New("ipv4 and ipv6 not supported") return 0, syscall.EAFNOSUPPORT
} }
return port, nil
return &bind, port, nil
} }
func (bind *nativeBind) LastMark() uint32 { func (bind *LinuxSocketBind) SetMark(value uint32) error {
return bind.lastMark
}
func (bind *nativeBind) SetMark(value uint32) error {
bind.closing.RLock() bind.closing.RLock()
defer bind.closing.RUnlock() defer bind.closing.RUnlock()
@ -180,7 +181,7 @@ func (bind *nativeBind) SetMark(value uint32) error {
return nil return nil
} }
func (bind *nativeBind) Close() error { func (bind *LinuxSocketBind) Close() error {
var err1, err2 error var err1, err2 error
bind.closing.RLock() bind.closing.RLock()
if bind.sock6 != -1 { if bind.sock6 != -1 {
@ -207,11 +208,11 @@ func (bind *nativeBind) Close() error {
return err2 return err2
} }
func (bind *nativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) { func (bind *LinuxSocketBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
bind.closing.RLock() bind.closing.RLock()
defer bind.closing.RUnlock() defer bind.closing.RUnlock()
var end NativeEndpoint var end LinuxSocketEndpoint
if bind.sock6 == -1 { if bind.sock6 == -1 {
return 0, nil, net.ErrClosed return 0, nil, net.ErrClosed
} }
@ -223,11 +224,11 @@ func (bind *nativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
return n, &end, err return n, &end, err
} }
func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) { func (bind *LinuxSocketBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
bind.closing.RLock() bind.closing.RLock()
defer bind.closing.RUnlock() defer bind.closing.RUnlock()
var end NativeEndpoint var end LinuxSocketEndpoint
if bind.sock4 == -1 { if bind.sock4 == -1 {
return 0, nil, net.ErrClosed return 0, nil, net.ErrClosed
} }
@ -239,11 +240,14 @@ func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
return n, &end, err return n, &end, err
} }
func (bind *nativeBind) Send(buff []byte, end Endpoint) error { func (bind *LinuxSocketBind) Send(buff []byte, end Endpoint) error {
bind.closing.RLock() bind.closing.RLock()
defer bind.closing.RUnlock() defer bind.closing.RUnlock()
nend := end.(*NativeEndpoint) nend, ok := end.(*LinuxSocketEndpoint)
if !ok {
return ErrWrongEndpointType
}
if !nend.isV6 { if !nend.isV6 {
if bind.sock4 == -1 { if bind.sock4 == -1 {
return net.ErrClosed return net.ErrClosed
@ -257,7 +261,7 @@ func (bind *nativeBind) Send(buff []byte, end Endpoint) error {
} }
} }
func (end *NativeEndpoint) SrcIP() net.IP { func (end *LinuxSocketEndpoint) SrcIP() net.IP {
if !end.isV6 { if !end.isV6 {
return net.IPv4( return net.IPv4(
end.src4().Src[0], end.src4().Src[0],
@ -270,7 +274,7 @@ func (end *NativeEndpoint) SrcIP() net.IP {
} }
} }
func (end *NativeEndpoint) DstIP() net.IP { func (end *LinuxSocketEndpoint) DstIP() net.IP {
if !end.isV6 { if !end.isV6 {
return net.IPv4( return net.IPv4(
end.dst4().Addr[0], end.dst4().Addr[0],
@ -283,7 +287,7 @@ func (end *NativeEndpoint) DstIP() net.IP {
} }
} }
func (end *NativeEndpoint) DstToBytes() []byte { func (end *LinuxSocketEndpoint) DstToBytes() []byte {
if !end.isV6 { if !end.isV6 {
return (*[unsafe.Offsetof(end.dst4().Addr) + unsafe.Sizeof(end.dst4().Addr)]byte)(unsafe.Pointer(end.dst4()))[:] return (*[unsafe.Offsetof(end.dst4().Addr) + unsafe.Sizeof(end.dst4().Addr)]byte)(unsafe.Pointer(end.dst4()))[:]
} else { } else {
@ -291,11 +295,11 @@ func (end *NativeEndpoint) DstToBytes() []byte {
} }
} }
func (end *NativeEndpoint) SrcToString() string { func (end *LinuxSocketEndpoint) SrcToString() string {
return end.SrcIP().String() return end.SrcIP().String()
} }
func (end *NativeEndpoint) DstToString() string { func (end *LinuxSocketEndpoint) DstToString() string {
var udpAddr net.UDPAddr var udpAddr net.UDPAddr
udpAddr.IP = end.DstIP() udpAddr.IP = end.DstIP()
if !end.isV6 { if !end.isV6 {
@ -306,13 +310,13 @@ func (end *NativeEndpoint) DstToString() string {
return udpAddr.String() return udpAddr.String()
} }
func (end *NativeEndpoint) ClearDst() { func (end *LinuxSocketEndpoint) ClearDst() {
for i := range end.dst { for i := range end.dst {
end.dst[i] = 0 end.dst[i] = 0
} }
} }
func (end *NativeEndpoint) ClearSrc() { func (end *LinuxSocketEndpoint) ClearSrc() {
for i := range end.src { for i := range end.src {
end.src[i] = 0 end.src[i] = 0
} }
@ -427,7 +431,7 @@ func create6(port uint16) (int, uint16, error) {
return fd, uint16(addr.Port), err return fd, uint16(addr.Port), err
} }
func send4(sock int, end *NativeEndpoint, buff []byte) error { func send4(sock int, end *LinuxSocketEndpoint, buff []byte) error {
// construct message header // construct message header
@ -467,7 +471,7 @@ func send4(sock int, end *NativeEndpoint, buff []byte) error {
return err return err
} }
func send6(sock int, end *NativeEndpoint, buff []byte) error { func send6(sock int, end *LinuxSocketEndpoint, buff []byte) error {
// construct message header // construct message header
@ -511,7 +515,7 @@ func send6(sock int, end *NativeEndpoint, buff []byte) error {
return err return err
} }
func receive4(sock int, buff []byte, end *NativeEndpoint) (int, error) { func receive4(sock int, buff []byte, end *LinuxSocketEndpoint) (int, error) {
// construct message header // construct message header
@ -543,7 +547,7 @@ func receive4(sock int, buff []byte, end *NativeEndpoint) (int, error) {
return size, nil return size, nil
} }
func receive6(sock int, buff []byte, end *NativeEndpoint) (int, error) { func receive6(sock int, buff []byte, end *LinuxSocketEndpoint) (int, error) {
// construct message header // construct message header

View File

@ -1,5 +1,3 @@
// +build !linux android
/* SPDX-License-Identifier: MIT /* SPDX-License-Identifier: MIT
* *
* Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved. * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
@ -13,41 +11,40 @@ import (
"syscall" "syscall"
) )
/* This code is meant to be a temporary solution // StdNetBind is meant to be a temporary solution on platforms for which
* on platforms for which the sticky socket / source caching behavior // the sticky socket / source caching behavior has not yet been implemented.
* has not yet been implemented. // It uses the Go's net package to implement networking.
* // See LinuxSocketBind for a proper implementation on the Linux platform.
* See conn_linux.go for an implementation on the linux platform. type StdNetBind struct {
*/
type nativeBind struct {
ipv4 *net.UDPConn ipv4 *net.UDPConn
ipv6 *net.UDPConn ipv6 *net.UDPConn
blackhole4 bool blackhole4 bool
blackhole6 bool blackhole6 bool
} }
type NativeEndpoint net.UDPAddr func NewStdNetBind() Bind { return &StdNetBind{} }
var _ Bind = (*nativeBind)(nil) type StdNetEndpoint net.UDPAddr
var _ Endpoint = (*NativeEndpoint)(nil)
func CreateEndpoint(s string) (Endpoint, error) { var _ Bind = (*StdNetBind)(nil)
var _ Endpoint = (*StdNetEndpoint)(nil)
func (*StdNetBind) ParseEndpoint(s string) (Endpoint, error) {
addr, err := parseEndpoint(s) addr, err := parseEndpoint(s)
return (*NativeEndpoint)(addr), err return (*StdNetEndpoint)(addr), err
} }
func (*NativeEndpoint) ClearSrc() {} func (*StdNetEndpoint) ClearSrc() {}
func (e *NativeEndpoint) DstIP() net.IP { func (e *StdNetEndpoint) DstIP() net.IP {
return (*net.UDPAddr)(e).IP return (*net.UDPAddr)(e).IP
} }
func (e *NativeEndpoint) SrcIP() net.IP { func (e *StdNetEndpoint) SrcIP() net.IP {
return nil // not supported return nil // not supported
} }
func (e *NativeEndpoint) DstToBytes() []byte { func (e *StdNetEndpoint) DstToBytes() []byte {
addr := (*net.UDPAddr)(e) addr := (*net.UDPAddr)(e)
out := addr.IP.To4() out := addr.IP.To4()
if out == nil { if out == nil {
@ -58,11 +55,11 @@ func (e *NativeEndpoint) DstToBytes() []byte {
return out return out
} }
func (e *NativeEndpoint) DstToString() string { func (e *StdNetEndpoint) DstToString() string {
return (*net.UDPAddr)(e).String() return (*net.UDPAddr)(e).String()
} }
func (e *NativeEndpoint) SrcToString() string { func (e *StdNetEndpoint) SrcToString() string {
return "" return ""
} }
@ -84,41 +81,52 @@ func listenNet(network string, port int) (*net.UDPConn, int, error) {
return conn, uaddr.Port, nil return conn, uaddr.Port, nil
} }
func createBind(uport uint16) (Bind, uint16, error) { func (bind *StdNetBind) Open(uport uint16) (uint16, error) {
var err error var err error
var bind nativeBind
var tries int var tries int
if bind.ipv4 != nil || bind.ipv6 != nil {
return 0, ErrBindAlreadyOpen
}
again: again:
port := int(uport) port := int(uport)
bind.ipv4, port, err = listenNet("udp4", port) bind.ipv4, port, err = listenNet("udp4", port)
if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) { if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) {
return nil, 0, err bind.ipv4 = nil
return 0, err
} }
bind.ipv6, port, err = listenNet("udp6", port) bind.ipv6, port, err = listenNet("udp6", port)
if uport == 0 && err != nil && errors.Is(err, syscall.EADDRINUSE) && tries < 100 { if uport == 0 && err != nil && errors.Is(err, syscall.EADDRINUSE) && tries < 100 {
bind.ipv4.Close() bind.ipv4.Close()
bind.ipv4 = nil
bind.ipv6 = nil
tries++ tries++
goto again goto again
} }
if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) { if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) {
bind.ipv4.Close() bind.ipv4.Close()
bind.ipv4 = nil bind.ipv4 = nil
return nil, 0, err bind.ipv6 = nil
return 0, err
} }
if bind.ipv4 == nil && bind.ipv6 == nil {
return &bind, uint16(port), nil return 0, syscall.EAFNOSUPPORT
}
return uint16(port), nil
} }
func (bind *nativeBind) Close() error { func (bind *StdNetBind) Close() error {
var err1, err2 error var err1, err2 error
if bind.ipv4 != nil { if bind.ipv4 != nil {
err1 = bind.ipv4.Close() err1 = bind.ipv4.Close()
bind.ipv4 = nil
} }
if bind.ipv6 != nil { if bind.ipv6 != nil {
err2 = bind.ipv6.Close() err2 = bind.ipv6.Close()
bind.ipv6 = nil
} }
if err1 != nil { if err1 != nil {
return err1 return err1
@ -126,9 +134,7 @@ func (bind *nativeBind) Close() error {
return err2 return err2
} }
func (bind *nativeBind) LastMark() uint32 { return 0 } func (bind *StdNetBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
if bind.ipv4 == nil { if bind.ipv4 == nil {
return 0, nil, syscall.EAFNOSUPPORT return 0, nil, syscall.EAFNOSUPPORT
} }
@ -136,20 +142,23 @@ func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) {
if endpoint != nil { if endpoint != nil {
endpoint.IP = endpoint.IP.To4() endpoint.IP = endpoint.IP.To4()
} }
return n, (*NativeEndpoint)(endpoint), err return n, (*StdNetEndpoint)(endpoint), err
} }
func (bind *nativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) { func (bind *StdNetBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) {
if bind.ipv6 == nil { if bind.ipv6 == nil {
return 0, nil, syscall.EAFNOSUPPORT return 0, nil, syscall.EAFNOSUPPORT
} }
n, endpoint, err := bind.ipv6.ReadFromUDP(buff) n, endpoint, err := bind.ipv6.ReadFromUDP(buff)
return n, (*NativeEndpoint)(endpoint), err return n, (*StdNetEndpoint)(endpoint), err
} }
func (bind *nativeBind) Send(buff []byte, endpoint Endpoint) error { func (bind *StdNetBind) Send(buff []byte, endpoint Endpoint) error {
var err error var err error
nend := endpoint.(*NativeEndpoint) nend, ok := endpoint.(*StdNetEndpoint)
if !ok {
return ErrWrongEndpointType
}
if nend.IP.To4() != nil { if nend.IP.To4() != nil {
if bind.ipv4 == nil { if bind.ipv4 == nil {
return syscall.EAFNOSUPPORT return syscall.EAFNOSUPPORT

View File

@ -5,7 +5,7 @@
package conn package conn
func (bind *nativeBind) PeekLookAtSocketFd4() (fd int, err error) { func (bind *StdNetBind) PeekLookAtSocketFd4() (fd int, err error) {
sysconn, err := bind.ipv4.SyscallConn() sysconn, err := bind.ipv4.SyscallConn()
if err != nil { if err != nil {
return -1, err return -1, err
@ -19,7 +19,7 @@ func (bind *nativeBind) PeekLookAtSocketFd4() (fd int, err error) {
return return
} }
func (bind *nativeBind) PeekLookAtSocketFd6() (fd int, err error) { func (bind *StdNetBind) PeekLookAtSocketFd6() (fd int, err error) {
sysconn, err := bind.ipv6.SyscallConn() sysconn, err := bind.ipv6.SyscallConn()
if err != nil { if err != nil {
return -1, err return -1, err

View File

@ -17,7 +17,7 @@ const (
sockoptIPV6_UNICAST_IF = 31 sockoptIPV6_UNICAST_IF = 31
) )
func (bind *nativeBind) BindSocketToInterface4(interfaceIndex uint32, blackhole bool) error { func (bind *StdNetBind) BindSocketToInterface4(interfaceIndex uint32, blackhole bool) error {
/* MSDN says for IPv4 this needs to be in net byte order, so that it's like an IP address with leading zeros. */ /* MSDN says for IPv4 this needs to be in net byte order, so that it's like an IP address with leading zeros. */
bytes := make([]byte, 4) bytes := make([]byte, 4)
binary.BigEndian.PutUint32(bytes, interfaceIndex) binary.BigEndian.PutUint32(bytes, interfaceIndex)
@ -40,7 +40,7 @@ func (bind *nativeBind) BindSocketToInterface4(interfaceIndex uint32, blackhole
return nil return nil
} }
func (bind *nativeBind) BindSocketToInterface6(interfaceIndex uint32, blackhole bool) error { func (bind *StdNetBind) BindSocketToInterface6(interfaceIndex uint32, blackhole bool) error {
sysconn, err := bind.ipv6.SyscallConn() sysconn, err := bind.ipv6.SyscallConn()
if err != nil { if err != nil {
return err return err

View File

@ -17,40 +17,30 @@ import (
// A Bind interface may also be a PeekLookAtSocketFd or BindSocketToInterface, // A Bind interface may also be a PeekLookAtSocketFd or BindSocketToInterface,
// depending on the platform-specific implementation. // depending on the platform-specific implementation.
type Bind interface { type Bind interface {
// LastMark reports the last mark set for this Bind. // Open puts the Bind into a listening state on a given port and reports the actual
LastMark() uint32 // port that it bound to. Passing zero results in a random selection.
Open(port uint16) (actualPort uint16, err error)
// Close closes the Bind listener.
Close() error
// SetMark sets the mark for each packet sent through this Bind. // SetMark sets the mark for each packet sent through this Bind.
// This mark is passed to the kernel as the socket option SO_MARK. // This mark is passed to the kernel as the socket option SO_MARK.
SetMark(mark uint32) error SetMark(mark uint32) error
// ReceiveIPv6 reads an IPv6 UDP packet into b. // ReceiveIPv6 reads an IPv6 UDP packet into b. It reports the number of bytes read,
// // n, the packet source address ep, and any error.
// It reports the number of bytes read, n,
// the packet source address ep,
// and any error.
ReceiveIPv6(b []byte) (n int, ep Endpoint, err error) ReceiveIPv6(b []byte) (n int, ep Endpoint, err error)
// ReceiveIPv4 reads an IPv4 UDP packet into b. // ReceiveIPv4 reads an IPv4 UDP packet into b. It reports the number of bytes read,
// // n, the packet source address ep, and any error.
// It reports the number of bytes read, n,
// the packet source address ep,
// and any error.
ReceiveIPv4(b []byte) (n int, ep Endpoint, err error) ReceiveIPv4(b []byte) (n int, ep Endpoint, err error)
// Send writes a packet b to address ep. // Send writes a packet b to address ep.
Send(b []byte, ep Endpoint) error Send(b []byte, ep Endpoint) error
// Close closes the Bind connection. // ParseEndpoint creates a new endpoint from a string.
Close() error ParseEndpoint(s string) (Endpoint, error)
}
// CreateBind creates a Bind bound to a port.
//
// The value actualPort reports the actual port number the Bind
// object gets bound to.
func CreateBind(port uint16) (b Bind, actualPort uint16, err error) {
return createBind(port)
} }
// BindSocketToInterface is implemented by Bind objects that support being // BindSocketToInterface is implemented by Bind objects that support being
@ -69,8 +59,8 @@ type PeekLookAtSocketFd interface {
// An Endpoint maintains the source/destination caching for a peer. // An Endpoint maintains the source/destination caching for a peer.
// //
// dst : the remote address of a peer ("endpoint" in uapi terminology) // dst: the remote address of a peer ("endpoint" in uapi terminology)
// src : the local address from which datagrams originate going to the peer // src: the local address from which datagrams originate going to the peer
type Endpoint interface { type Endpoint interface {
ClearSrc() // clears the source address ClearSrc() // clears the source address
SrcToString() string // returns the local source address (ip:port) SrcToString() string // returns the local source address (ip:port)
@ -109,3 +99,8 @@ func parseEndpoint(s string) (*net.UDPAddr, error) {
} }
return addr, err return addr, err
} }
var (
ErrBindAlreadyOpen = errors.New("bind is already open")
ErrWrongEndpointType = errors.New("endpoint type does not correspond with bind type")
)

10
conn/default.go Normal file
View File

@ -0,0 +1,10 @@
// +build !linux
/* SPDX-License-Identifier: MIT
*
* Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
*/
package conn
func NewDefaultBind() Bind { return NewStdNetBind() }

View File

@ -7,6 +7,6 @@
package conn package conn
func (bind *nativeBind) SetMark(mark uint32) error { func (bind *StdNetBind) SetMark(mark uint32) error {
return nil return nil
} }

View File

@ -1,4 +1,4 @@
// +build android openbsd freebsd // +build linux openbsd freebsd
/* SPDX-License-Identifier: MIT /* SPDX-License-Identifier: MIT
* *
@ -26,7 +26,7 @@ func init() {
} }
} }
func (bind *nativeBind) SetMark(mark uint32) error { func (bind *StdNetBind) SetMark(mark uint32) error {
var operr error var operr error
if fwmarkIoctl == 0 { if fwmarkIoctl == 0 {
return nil return nil

View File

@ -279,11 +279,12 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
return nil return nil
} }
func NewDevice(tunDevice tun.Device, logger *Logger) *Device { func NewDevice(tunDevice tun.Device, bind conn.Bind, logger *Logger) *Device {
device := new(Device) device := new(Device)
device.state.state = uint32(deviceStateDown) device.state.state = uint32(deviceStateDown)
device.closed = make(chan struct{}) device.closed = make(chan struct{})
device.log = logger device.log = logger
device.net.bind = bind
device.tun.device = tunDevice device.tun.device = tunDevice
mtu, err := device.tun.device.MTU() mtu, err := device.tun.device.MTU()
if err != nil { if err != nil {
@ -302,11 +303,6 @@ func NewDevice(tunDevice tun.Device, logger *Logger) *Device {
device.queue.encryption = newOutboundQueue() device.queue.encryption = newOutboundQueue()
device.queue.decryption = newInboundQueue() device.queue.decryption = newInboundQueue()
// prepare net
device.net.port = 0
device.net.bind = nil
// start workers // start workers
cpus := runtime.NumCPU() cpus := runtime.NumCPU()
@ -414,7 +410,6 @@ func unsafeCloseBind(device *Device) error {
} }
if netc.bind != nil { if netc.bind != nil {
err = netc.bind.Close() err = netc.bind.Close()
netc.bind = nil
} }
netc.stopping.Wait() netc.stopping.Wait()
return err return err
@ -474,16 +469,14 @@ func (device *Device) BindUpdate() error {
// bind to new port // bind to new port
var err error var err error
netc := &device.net netc := &device.net
netc.bind, netc.port, err = conn.CreateBind(netc.port) netc.port, err = netc.bind.Open(netc.port)
if err != nil { if err != nil {
netc.bind = nil
netc.port = 0 netc.port = 0
return err return err
} }
netc.netlinkCancel, err = device.startRouteListener(netc.bind) netc.netlinkCancel, err = device.startRouteListener(netc.bind)
if err != nil { if err != nil {
netc.bind.Close() netc.bind.Close()
netc.bind = nil
netc.port = 0 netc.port = 0
return err return err
} }

View File

@ -21,6 +21,7 @@ import (
"testing" "testing"
"time" "time"
"golang.zx2c4.com/wireguard/conn"
"golang.zx2c4.com/wireguard/tun/tuntest" "golang.zx2c4.com/wireguard/tun/tuntest"
) )
@ -158,7 +159,7 @@ func genTestPair(tb testing.TB) (pair testPair) {
if _, ok := tb.(*testing.B); ok && !testing.Verbose() { if _, ok := tb.(*testing.B); ok && !testing.Verbose() {
level = LogLevelError level = LogLevelError
} }
p.dev = NewDevice(p.tun.TUN(), NewLogger(level, fmt.Sprintf("dev%d: ", i))) p.dev = NewDevice(p.tun.TUN(), conn.NewDefaultBind(), NewLogger(level, fmt.Sprintf("dev%d: ", i)))
if err := p.dev.IpcSet(cfg[i]); err != nil { if err := p.dev.IpcSet(cfg[i]); err != nil {
tb.Errorf("failed to configure device %d: %v", i, err) tb.Errorf("failed to configure device %d: %v", i, err)
p.dev.Close() p.dev.Close()
@ -332,7 +333,7 @@ func randDevice(t *testing.T) *Device {
} }
tun := newDummyTUN("dummy") tun := newDummyTUN("dummy")
logger := NewLogger(LogLevelError, "") logger := NewLogger(LogLevelError, "")
device := NewDevice(tun, logger) device := NewDevice(tun, conn.NewDefaultBind(), logger)
device.SetPrivateKey(sk) device.SetPrivateKey(sk)
return device return device
} }

View File

@ -126,13 +126,8 @@ func (peer *Peer) SendBuffer(buffer []byte) error {
peer.device.net.RLock() peer.device.net.RLock()
defer peer.device.net.RUnlock() defer peer.device.net.RUnlock()
if peer.device.net.bind == nil { if peer.device.isClosed() {
// Packets can leak through to SendBuffer while the device is closing. return nil
// When that happens, drop them silently to avoid spurious errors.
if peer.device.isClosed() {
return nil
}
return errors.New("no bind")
} }
peer.RLock() peer.RLock()

View File

@ -1,4 +1,4 @@
// +build !linux android // +build !linux
package device package device

View File

@ -1,5 +1,3 @@
// +build !android
/* SPDX-License-Identifier: MIT /* SPDX-License-Identifier: MIT
* *
* Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved. * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
@ -21,11 +19,16 @@ import (
"unsafe" "unsafe"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
"golang.zx2c4.com/wireguard/conn" "golang.zx2c4.com/wireguard/conn"
"golang.zx2c4.com/wireguard/rwcancel" "golang.zx2c4.com/wireguard/rwcancel"
) )
func (device *Device) startRouteListener(bind conn.Bind) (*rwcancel.RWCancel, error) { func (device *Device) startRouteListener(bind conn.Bind) (*rwcancel.RWCancel, error) {
if _, ok := bind.(*conn.LinuxSocketBind); !ok {
return nil, nil
}
netlinkSock, err := createNetlinkRouteSocket() netlinkSock, err := createNetlinkRouteSocket()
if err != nil { if err != nil {
return nil, err return nil, err
@ -109,11 +112,11 @@ func (device *Device) routineRouteListener(bind conn.Bind, netlinkSock int, netl
pePtr.peer.Unlock() pePtr.peer.Unlock()
break break
} }
if uint32(pePtr.peer.endpoint.(*conn.NativeEndpoint).Src4().Ifindex) == ifidx { if uint32(pePtr.peer.endpoint.(*conn.LinuxSocketEndpoint).Src4().Ifindex) == ifidx {
pePtr.peer.Unlock() pePtr.peer.Unlock()
break break
} }
pePtr.peer.endpoint.(*conn.NativeEndpoint).ClearSrc() pePtr.peer.endpoint.(*conn.LinuxSocketEndpoint).ClearSrc()
pePtr.peer.Unlock() pePtr.peer.Unlock()
} }
attr = attr[attrhdr.Len:] attr = attr[attrhdr.Len:]
@ -133,7 +136,7 @@ func (device *Device) routineRouteListener(bind conn.Bind, netlinkSock int, netl
peer.RUnlock() peer.RUnlock()
continue continue
} }
nativeEP, _ := peer.endpoint.(*conn.NativeEndpoint) nativeEP, _ := peer.endpoint.(*conn.LinuxSocketEndpoint)
if nativeEP == nil { if nativeEP == nil {
peer.RUnlock() peer.RUnlock()
continue continue
@ -176,7 +179,7 @@ func (device *Device) routineRouteListener(bind conn.Bind, netlinkSock int, netl
Len: 8, Len: 8,
Type: unix.RTA_MARK, Type: unix.RTA_MARK,
}, },
uint32(bind.LastMark()), device.net.fwmark,
} }
nlmsg.hdr.Len = uint32(unsafe.Sizeof(nlmsg)) nlmsg.hdr.Len = uint32(unsafe.Sizeof(nlmsg))
reqPeerLock.Lock() reqPeerLock.Lock()

View File

@ -18,7 +18,6 @@ import (
"sync/atomic" "sync/atomic"
"time" "time"
"golang.zx2c4.com/wireguard/conn"
"golang.zx2c4.com/wireguard/ipc" "golang.zx2c4.com/wireguard/ipc"
) )
@ -331,7 +330,7 @@ func (device *Device) handlePeerLine(peer *ipcSetPeer, key, value string) error
case "endpoint": case "endpoint":
device.log.Verbosef("%v - UAPI: Updating endpoint", peer.Peer) device.log.Verbosef("%v - UAPI: Updating endpoint", peer.Peer)
endpoint, err := conn.CreateEndpoint(value) endpoint, err := device.net.bind.ParseEndpoint(value)
if err != nil { if err != nil {
return ipcErrorf(ipc.IpcErrorInvalid, "failed to set endpoint %v: %w", value, err) return ipcErrorf(ipc.IpcErrorInvalid, "failed to set endpoint %v: %w", value, err)
} }

View File

@ -15,6 +15,7 @@ import (
"strconv" "strconv"
"syscall" "syscall"
"golang.zx2c4.com/wireguard/conn"
"golang.zx2c4.com/wireguard/device" "golang.zx2c4.com/wireguard/device"
"golang.zx2c4.com/wireguard/ipc" "golang.zx2c4.com/wireguard/ipc"
"golang.zx2c4.com/wireguard/tun" "golang.zx2c4.com/wireguard/tun"
@ -219,7 +220,7 @@ func main() {
return return
} }
device := device.NewDevice(tun, logger) device := device.NewDevice(tun, conn.NewDefaultBind(), logger)
logger.Verbosef("Device started") logger.Verbosef("Device started")

View File

@ -11,6 +11,7 @@ import (
"os/signal" "os/signal"
"syscall" "syscall"
"golang.zx2c4.com/wireguard/conn"
"golang.zx2c4.com/wireguard/device" "golang.zx2c4.com/wireguard/device"
"golang.zx2c4.com/wireguard/ipc" "golang.zx2c4.com/wireguard/ipc"
@ -47,7 +48,7 @@ func main() {
os.Exit(ExitSetupFailed) os.Exit(ExitSetupFailed)
} }
device := device.NewDevice(tun, logger) device := device.NewDevice(tun, conn.NewDefaultBind(), logger)
err = device.Up() err = device.Up()
if err != nil { if err != nil {
logger.Errorf("Failed to bring up device: %v", err) logger.Errorf("Failed to bring up device: %v", err)