src/cypherpunks.ru/govpn/client/tcp.go

   1 /*
   2 GoVPN -- simple secure free software virtual private network daemon
   3 Copyright (C) 2014-2017 Sergey Matveev <stargrave@stargrave.org>
   4
   5 This program is free software: you can redistribute it and/or modify
   6 it under the terms of the GNU General Public License as published by
   7 the Free Software Foundation, either version 3 of the License, or
   8 (at your option) any later version.
   9
  10 This program is distributed in the hope that it will be useful,
  11 but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 GNU General Public License for more details.
  14
  15 You should have received a copy of the GNU General Public License
  16 along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 */
  18
  19 package client
  20
  21 import (
  22         "bytes"
  23         "fmt"
  24         "net"
  25         "os"
  26         "sync/atomic"
  27         "time"
  28
  29         "github.com/Sirupsen/logrus"
  30         "github.com/pkg/errors"
  31
  32         "cypherpunks.ru/govpn"
  33 )
  34
  35 func (c *Client) startTCP() {
  36         var conn net.Conn
  37         l := c.logger.WithField("func", logFuncPrefix+"Client.startTCP")
  38         // initialize using a file descriptor
  39         if c.config.FileDescriptor > 0 {
  40                 l.WithField("fd", c.config.FileDescriptor).Debug("Connect using file descriptor")
  41                 var err error
  42                 conn, err = net.FileConn(os.NewFile(
  43                         uintptr(c.config.FileDescriptor),
  44                         fmt.Sprintf("fd[%s]", c.config.RemoteAddress),
  45                 ))
  46                 if err != nil {
  47                         c.Error <- errors.Wrapf(err, "net.FileConn fd:%d", c.config.FileDescriptor)
  48                         return
  49                 }
  50         } else {
  51                 // TODO move resolution into the loop, as the name might change over time
  52                 l.WithField("fd", c.config.RemoteAddress).Debug("Connect using TCP")
  53                 remote, err := net.ResolveTCPAddr("tcp", c.config.RemoteAddress)
  54                 if err != nil {
  55                         c.Error <- errors.Wrapf(err, "net.ResolveTCPAdd %s", c.config.RemoteAddress)
  56                         return
  57                 }
  58                 l.WithField("remote", remote.String()).Debug("dial")
  59                 conn, err = net.DialTCP("tcp", nil, remote)
  60                 if err != nil {
  61                         c.Error <- errors.Wrapf(err, "net.DialTCP: %s", remote.String())
  62                         return
  63                 }
  64         }
  65         l.WithFields(c.config.LogFields()).Info("Connected")
  66         c.handleTCP(conn)
  67 }
  68
  69 func (c *Client) handleTCP(conn net.Conn) {
  70         hs, err := govpn.HandshakeStart(c.config.RemoteAddress, conn, c.config.Peer)
  71         if err != nil {
  72                 govpn.CloseLog(conn, c.logger, c.LogFields())
  73                 c.Error <- errors.Wrap(err, "govpn.HandshakeStart")
  74                 return
  75         }
  76         buf := make([]byte, 2*(govpn.EnclessEnlargeSize+c.config.Peer.MTU)+c.config.Peer.MTU)
  77
  78         var n int
  79         var prev int
  80         var peer *govpn.Peer
  81         var deadLine time.Time
  82         var terminator chan struct{}
  83         fields := logrus.Fields{"func": logFuncPrefix + "Client.handleTCP"}
  84 HandshakeCycle:
  85         for {
  86                 select {
  87                 case <-c.termination:
  88                         break HandshakeCycle
  89                 default:
  90                 }
  91                 if prev == len(buf) {
  92                         c.logger.WithFields(fields).WithFields(
  93                                 c.LogFields(),
  94                         ).Debug("Packet timeouted")
  95                         c.timeouted <- struct{}{}
  96                         break HandshakeCycle
  97                 }
  98
  99                 deadLine = time.Now().Add(c.config.Peer.Timeout)
 100                 if err = conn.SetReadDeadline(deadLine); err != nil {
 101                         c.Error <- errors.Wrapf(err, "conn.SetReadDeadline %s", deadLine.String())
 102                         break HandshakeCycle
 103                 }
 104                 n, err = conn.Read(buf[prev:])
 105                 if err != nil {
 106                         c.logger.WithFields(
 107                                 fields,
 108                         ).WithFields(
 109                                 c.LogFields(),
 110                         ).Debug("Packet timeouted")
 111                         c.timeouted <- struct{}{}
 112                         break HandshakeCycle
 113                 }
 114
 115                 prev += n
 116                 _, err = c.idsCache.Find(buf[:prev])
 117                 if err != nil {
 118                         c.logger.WithFields(
 119                                 fields,
 120                         ).WithFields(
 121                                 c.LogFields(),
 122                         ).WithError(err).Debug("Can't find peer in ids")
 123                         continue
 124                 }
 125                 peer, err = hs.Client(buf[:prev])
 126                 prev = 0
 127                 if err != nil {
 128                         c.logger.WithFields(
 129                                 fields,
 130                         ).WithError(
 131                                 err,
 132                         ).WithFields(
 133                                 c.LogFields(),
 134                         ).Debug("Can't create new peer")
 135                         continue
 136                 }
 137                 c.logger.WithFields(fields).WithFields(c.LogFields()).Info("Handshake completed")
 138                 c.knownPeers = govpn.KnownPeers(map[string]**govpn.Peer{c.config.RemoteAddress: &peer})
 139                 if c.firstUpCall {
 140                         if err = c.postUpAction(); err != nil {
 141                                 c.Error <- errors.Wrap(err, "c.postUpAction")
 142                                 break HandshakeCycle
 143                         }
 144                         c.firstUpCall = false
 145                 }
 146                 hs.Zero()
 147                 terminator = make(chan struct{})
 148                 go govpn.PeerTapProcessor(peer, c.tap, terminator)
 149                 break HandshakeCycle
 150         }
 151         if hs != nil {
 152                 hs.Zero()
 153         }
 154         if peer == nil {
 155                 return
 156         }
 157
 158         prev = 0
 159         var i int
 160 TransportCycle:
 161         for {
 162                 select {
 163                 case <-c.termination:
 164                         break TransportCycle
 165                 default:
 166                 }
 167                 if prev == len(buf) {
 168                         c.logger.WithFields(
 169                                 c.LogFields(),
 170                         ).Debug("Packet timeouted")
 171                         c.timeouted <- struct{}{}
 172                         break TransportCycle
 173                 }
 174                 if err = conn.SetReadDeadline(time.Now().Add(c.config.Peer.Timeout)); err != nil {
 175                         c.Error <- errors.Wrap(err, "conn.SetReadDeadline")
 176                         break TransportCycle
 177                 }
 178                 n, err = conn.Read(buf[prev:])
 179                 if err != nil {
 180                         c.logger.WithError(
 181                                 err,
 182                         ).WithFields(
 183                                 c.LogFields(),
 184                         ).Debug("Connection timeouted")
 185                         c.timeouted <- struct{}{}
 186                         break TransportCycle
 187                 }
 188                 prev += n
 189         CheckMore:
 190                 if prev < govpn.MinPktLength {
 191                         continue
 192                 }
 193                 i = bytes.Index(buf[:prev], peer.NonceExpect)
 194                 if i == -1 {
 195                         continue
 196                 }
 197                 if !peer.PktProcess(buf[:i+govpn.NonceSize], c.tap, false) {
 198                         c.logger.WithFields(c.LogFields()).Debug("Packet unauthenticated")
 199                         c.timeouted <- struct{}{}
 200                         break TransportCycle
 201                 }
 202                 if atomic.LoadUint64(&peer.BytesIn)+atomic.LoadUint64(&peer.BytesOut) > govpn.MaxBytesPerKey {
 203                         c.logger.WithFields(c.LogFields()).Debug("Rehandshake required")
 204                         c.rehandshaking <- struct{}{}
 205                         break TransportCycle
 206                 }
 207                 copy(buf, buf[i+govpn.NonceSize:prev])
 208                 prev = prev - i - govpn.NonceSize
 209                 goto CheckMore
 210         }
 211         if terminator != nil {
 212                 terminator <- struct{}{}
 213         }
 214         peer.Zero()
 215         if err = conn.Close(); err != nil {
 216                 c.Error <- errors.Wrap(err, "conn.Close")
 217         }
 218         if err = c.tap.Close(); err != nil {
 219                 c.Error <- errors.Wrap(err, logFuncPrefix+"Client.tap.Close")
 220         }
 221 }