/*
GoVPN -- simple secure free software virtual private network daemon
-Copyright (C) 2014-2015 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2014-2016 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
package main
import (
- "encoding/binary"
+ "bytes"
"log"
"net"
+ "time"
"govpn"
)
-type TCPSender struct {
- conn net.Conn
-}
-
-func (c TCPSender) Write(data []byte) (int, error) {
- size := make([]byte, 2)
- binary.BigEndian.PutUint16(size, uint16(len(data)))
- return c.conn.Write(append(size, data...))
-}
-
-func (c TCPSender) Reorderable() bool {
- return false
-}
-
-func startTCP(sink chan Pkt) {
+func startTCP() {
bind, err := net.ResolveTCPAddr("tcp", *bindAddr)
if err != nil {
log.Fatalln("Can not resolve bind address:", err)
if err != nil {
log.Fatalln("Can not listen on TCP:", err)
}
- log.Println("Listening on TCP", *bindAddr)
+ log.Println("Listening on TCP:" + *bindAddr)
go func() {
for {
- conn, _ := listener.AcceptTCP()
- ready := make(chan struct{}, 1)
- go handleTCP(conn, sink, ready)
- ready <- struct{}{}
+ conn, err := listener.AcceptTCP()
+ if err != nil {
+ log.Println("Error accepting TCP:", err)
+ continue
+ }
+ go handleTCP(conn)
}
}()
}
-func handleTCP(conn net.Conn, sink chan Pkt, ready chan struct{}) {
+func handleTCP(conn net.Conn) {
addr := conn.RemoteAddr().String()
- var err error
+ buf := make([]byte, govpn.EncLessEnlargeSize+2*govpn.MTU)
var n int
- var sizeNbuf int
- sizeBuf := make([]byte, 2)
- var sizeNeed uint16
- var bufN uint16
- buf := make([]byte, govpn.MTU)
+ var err error
+ var prev int
+ var hs *govpn.Handshake
+ var ps *PeerState
+ var peer *govpn.Peer
+ var tap *govpn.TAP
+ var conf *govpn.PeerConf
for {
- <-ready
- if sizeNbuf != 2 {
- n, err = conn.Read(sizeBuf[sizeNbuf:2])
- if err != nil {
+ if prev == len(buf) {
+ break
+ }
+ conn.SetReadDeadline(time.Now().Add(time.Duration(govpn.TimeoutDefault) * time.Second))
+ n, err = conn.Read(buf[prev:])
+ if err != nil {
+ // Either EOFed or timeouted
+ break
+ }
+ prev += n
+ peerId := idsCache.Find(buf[:prev])
+ if peerId == nil {
+ continue
+ }
+ if hs == nil {
+ conf = confs[*peerId]
+ if conf == nil {
+ log.Println("Can not get peer configuration:", peerId.String())
break
}
- sizeNbuf += n
- if sizeNbuf != 2 {
- sink <- Pkt{ready: ready}
- continue
+ hs = govpn.NewHandshake(addr, conn, conf)
+ }
+ peer = hs.Server(buf[:prev])
+ prev = 0
+ if peer == nil {
+ continue
+ }
+ hs.Zero()
+ log.Println("Peer handshake finished:", addr, peer.Id.String())
+ peersByIdLock.RLock()
+ addrPrev, exists := peersById[*peer.Id]
+ peersByIdLock.RUnlock()
+ if exists {
+ peersLock.Lock()
+ peers[addrPrev].terminator <- struct{}{}
+ tap = peers[addrPrev].tap
+ ps = &PeerState{
+ peer: peer,
+ tap: tap,
+ terminator: make(chan struct{}),
}
- sizeNeed = binary.BigEndian.Uint16(sizeBuf)
- if int(sizeNeed) > govpn.MTU-2 {
- log.Println("Invalid TCP size, skipping")
- sizeNbuf = 0
- sink <- Pkt{ready: ready}
- continue
+ go peerReady(*ps)
+ peersByIdLock.Lock()
+ kpLock.Lock()
+ delete(peers, addrPrev)
+ delete(knownPeers, addrPrev)
+ peers[addr] = ps
+ knownPeers[addr] = &peer
+ peersById[*peer.Id] = addr
+ peersLock.Unlock()
+ peersByIdLock.Unlock()
+ kpLock.Unlock()
+ log.Println("Rehandshake processed:", peer.Id.String())
+ } else {
+ ifaceName, err := callUp(peer.Id)
+ if err != nil {
+ peer = nil
+ break
}
- bufN = 0
- }
- ReadMore:
- if sizeNeed != bufN {
- n, err = conn.Read(buf[bufN:sizeNeed])
+ tap, err = govpn.TAPListen(ifaceName)
if err != nil {
+ log.Println("Unable to create TAP:", err)
+ peer = nil
break
}
- bufN += uint16(n)
- goto ReadMore
+ ps = &PeerState{
+ peer: peer,
+ tap: tap,
+ terminator: make(chan struct{}, 1),
+ }
+ go peerReady(*ps)
+ peersLock.Lock()
+ peersByIdLock.Lock()
+ kpLock.Lock()
+ peers[addr] = ps
+ peersById[*peer.Id] = addr
+ knownPeers[addr] = &peer
+ peersLock.Unlock()
+ peersByIdLock.Unlock()
+ kpLock.Unlock()
+ log.Println("Peer created:", peer.Id.String())
+ }
+ break
+ }
+ if hs != nil {
+ hs.Zero()
+ }
+ if peer == nil {
+ return
+ }
+
+ nonceExpectation := make([]byte, govpn.NonceSize)
+ peer.NonceExpectation(nonceExpectation)
+ prev = 0
+ var i int
+ for {
+ if prev == len(buf) {
+ break
+ }
+ conn.SetReadDeadline(time.Now().Add(conf.Timeout))
+ n, err = conn.Read(buf[prev:])
+ if err != nil {
+ // Either EOFed or timeouted
+ break
+ }
+ prev += n
+ CheckMore:
+ if prev < govpn.MinPktLength {
+ continue
+ }
+ i = bytes.Index(buf[:prev], nonceExpectation)
+ if i == -1 {
+ continue
}
- sizeNbuf = 0
- sink <- Pkt{
- addr,
- TCPSender{conn},
- buf[:sizeNeed],
- ready,
+ if !peer.PktProcess(buf[:i+govpn.NonceSize], tap, false) {
+ log.Println(
+ "Unauthenticated packet, dropping connection",
+ addr, peer.Id.String(),
+ )
+ break
}
+ peer.NonceExpectation(nonceExpectation)
+ copy(buf, buf[i+govpn.NonceSize:prev])
+ prev = prev - i - govpn.NonceSize
+ goto CheckMore
}
+ peer.Zero()
}