2 GoVPN -- simple secure free software virtual private network daemon
3 Copyright (C) 2014-2017 Sergey Matveev <stargrave@stargrave.org>
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 "github.com/Sirupsen/logrus"
27 "github.com/pkg/errors"
29 "cypherpunks.ru/govpn"
32 func (s *Server) startTCP() {
33 bind, err := net.ResolveTCPAddr("tcp", s.configuration.BindAddress)
35 s.Error <- errors.Wrap(err, "net.ResolveTCPAddr")
38 listener, err := net.ListenTCP("tcp", bind)
40 s.Error <- errors.Wrapf(err, "net.ListenTCP %q", bind.String())
43 fields := logrus.Fields{
44 "func": logFuncPrefix + "Server.startTCP",
45 "bind": bind.String(),
52 s.configuration.LogFields(),
56 conn, err := listener.AcceptTCP()
58 s.logger.WithError(err).WithFields(
62 ).Error("Failed to accept TCP connection")
70 func (s *Server) handleTCP(conn net.Conn) {
71 addr := conn.RemoteAddr().String()
72 buf := make([]byte, govpn.EnclessEnlargeSize+2*govpn.MTUMax)
76 var hs *govpn.Handshake
79 var deadLine time.Time
81 var conf *govpn.PeerConf
82 fields := logrus.Fields{
83 "func": logFuncPrefix + "Server.handleTCP",
92 deadLine = time.Now().Add(govpn.TimeoutDefault)
93 if err = conn.SetReadDeadline(deadLine); err != nil {
94 s.Error <- errors.Wrapf(err, "conn.SetReadDeadline %s", deadLine.String())
97 n, err = conn.Read(buf[prev:])
105 ).Debug("Can not read connection: either EOFed or timeouted")
109 peerID, err := s.idsCache.Find(buf[:prev])
115 ).WithError(err).Debug("Can not lookup for peer in ids")
123 ).Debug("Can not find peer")
127 conf = s.confs.Get(*peerID)
134 s.configuration.LogFields(),
135 ).Error("Configuration get failed")
138 hs = govpn.NewHandshake(addr, conn, conf)
140 peer, err = hs.Server(buf[:prev])
144 ).WithError(err).WithFields(
146 ).Error("Can not create new peer")
160 ).Info("Handshake completed")
163 s.peersByIDLock.RLock()
164 addrPrev, exists := s.peersByID[*peer.ID]
165 s.peersByIDLock.RUnlock()
169 s.peers[addrPrev].terminator <- struct{}{}
170 tap = s.peers[addrPrev].tap
174 terminator: make(chan struct{}),
176 peer.Protocol = govpn.ProtocolTCP
177 go govpn.PeerTapProcessor(ps.peer, ps.tap, ps.terminator)
178 s.peersByIDLock.Lock()
180 delete(s.peers, addrPrev)
181 delete(s.knownPeers, addrPrev)
183 s.knownPeers[addr] = &peer
184 s.peersByID[*peer.ID] = addr
186 s.peersByIDLock.Unlock()
194 ).Debug("Rehandshake completed")
196 tap, err = s.callUp(peer, govpn.ProtocolTCP)
204 ).WithError(err).Error("TAP failed")
211 terminator: make(chan struct{}, 1),
213 peer.Protocol = govpn.ProtocolTCP
214 go govpn.PeerTapProcessor(ps.peer, ps.tap, ps.terminator)
216 s.peersByIDLock.Lock()
219 s.peersByID[*peer.ID] = addr
220 s.knownPeers[addr] = &peer
222 s.peersByIDLock.Unlock()
230 ).Info("Peer created")
244 if prev == len(buf) {
247 deadLine = time.Now().Add(conf.Timeout)
248 if err = conn.SetReadDeadline(deadLine); err != nil {
249 s.Error <- errors.Wrapf(err, "conn.SetReadDeadline %s", deadLine.String())
252 n, err = conn.Read(buf[prev:])
260 ).Debug("Can not read connection: either EOFed or timeouted")
265 if prev < govpn.MinPktLength {
268 i = bytes.Index(buf[:prev], peer.NonceExpect)
272 if !peer.PktProcess(buf[:i+govpn.NonceSize], tap, false) {
279 ).Warn("Packet unauthenticated")
282 copy(buf, buf[i+govpn.NonceSize:prev])
283 prev = prev - i - govpn.NonceSize