import (
"bytes"
- "encoding/binary"
"log"
"net"
"time"
if err != nil {
log.Fatalln("Can not listen on TCP:", err)
}
- log.Println("Listening on TCP", *bindAddr)
+ log.Println("Listening on TCP:" + *bindAddr)
go func() {
for {
conn, err := listener.AcceptTCP()
break
}
prev += n
- peerId := govpn.IDsCache.Find(buf[:prev])
+ peerId := idsCache.Find(buf[:prev])
if peerId == nil {
continue
}
if hs == nil {
- conf = peerId.Conf()
+ conf = confs[*peerId]
if conf == nil {
log.Println("Can not get peer configuration:", peerId.String())
break
continue
}
hs.Zero()
+ log.Println("Peer handshake finished:", addr, peer.Id.String())
peersByIdLock.RLock()
addrPrev, exists := peersById[*peer.Id]
peersByIdLock.RUnlock()
if exists {
- peersLock.RLock()
+ peersLock.Lock()
+ peers[addrPrev].terminator <- struct{}{}
tap = peers[addrPrev].tap
ps = &PeerState{
peer: peer,
tap: tap,
- terminator: peers[addrPrev].terminator,
+ terminator: make(chan struct{}),
}
- peersLock.RUnlock()
- ps.terminator <- struct{}{}
- peersLock.Lock()
+ go peerReady(*ps)
peersByIdLock.Lock()
kpLock.Lock()
delete(peers, addrPrev)
delete(knownPeers, addrPrev)
- delete(peersById, *peer.Id)
peers[addr] = ps
knownPeers[addr] = &peer
peersById[*peer.Id] = addr
peersLock.Unlock()
peersByIdLock.Unlock()
kpLock.Unlock()
- go peerReady(*ps)
- log.Println("Rehandshake finished:", peer.Id.String())
+ log.Println("Rehandshake processed:", peer.Id.String())
} else {
ifaceName, err := callUp(peer.Id)
if err != nil {
+ peer = nil
break
}
tap, err = govpn.TAPListen(ifaceName)
if err != nil {
log.Println("Unable to create TAP:", err)
+ peer = nil
break
}
ps = &PeerState{
peersLock.Unlock()
peersByIdLock.Unlock()
kpLock.Unlock()
- log.Println("New peer:", peer.Id.String())
+ log.Println("Peer created:", peer.Id.String())
}
break
}
}
nonceExpectation := make([]byte, govpn.NonceSize)
- binary.BigEndian.PutUint64(nonceExpectation, peer.NonceExpect)
- peer.NonceCipher.Encrypt(nonceExpectation, nonceExpectation)
+ peer.NonceExpectation(nonceExpectation)
prev = 0
var i int
for {
}
prev += n
CheckMore:
+ if prev < govpn.MinPktLength {
+ continue
+ }
i = bytes.Index(buf[:prev], nonceExpectation)
if i == -1 {
continue
}
if !peer.PktProcess(buf[:i+govpn.NonceSize], tap, false) {
+ log.Println(
+ "Unauthenticated packet, dropping connection",
+ addr, peer.Id.String(),
+ )
break
}
- binary.BigEndian.PutUint64(nonceExpectation, peer.NonceExpect)
- peer.NonceCipher.Encrypt(nonceExpectation, nonceExpectation)
+ peer.NonceExpectation(nonceExpectation)
copy(buf, buf[i+govpn.NonceSize:prev])
prev = prev - i - govpn.NonceSize
goto CheckMore