2 GoVPN -- simple secure free software virtual private network daemon
3 Copyright (C) 2014-2017 Sergey Matveev <stargrave@stargrave.org>
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 "github.com/Sirupsen/logrus"
27 "github.com/pkg/errors"
29 "cypherpunks.ru/govpn"
32 func (s *Server) startTCP() {
33 bind, err := net.ResolveTCPAddr("tcp", s.configuration.BindAddress)
35 s.Error <- errors.Wrap(err, "net.ResolveTCPAddr")
38 listener, err := net.ListenTCP("tcp", bind)
40 s.Error <- errors.Wrapf(err, "net.ListenTCP %q", bind.String())
43 fields := logrus.Fields{
44 "func": logFuncPrefix + "Server.startTCP",
45 "bind": bind.String(),
52 s.configuration.LogFields(),
56 conn, err := listener.AcceptTCP()
58 s.logger.WithError(err).WithFields(
62 ).Error("Failed to accept TCP connection")
70 func (s *Server) handleTCP(conn net.Conn) {
71 addr := conn.RemoteAddr().String()
72 buf := make([]byte, govpn.EnclessEnlargeSize+2*govpn.MTUMax)
76 var hs *govpn.Handshake
79 var deadLine time.Time
81 var conf *govpn.PeerConf
82 fields := logrus.Fields{
83 "func": logFuncPrefix + "Server.handleTCP",
92 deadLine = time.Now().Add(govpn.TimeoutDefault)
93 if err = conn.SetReadDeadline(deadLine); err != nil {
94 s.Error <- errors.Wrapf(err, "conn.SetReadDeadline %s", deadLine.String())
97 n, err = conn.Read(buf[prev:])
105 ).Debug("Can't read connection: either EOFed or timeouted")
109 peerID, err := s.idsCache.Find(buf[:prev])
115 ).WithError(err).Debug("Couldn't lookup for peer in ids")
119 s.logger.WithFields(fields).WithFields(s.LogFields()).Debug("Couldn't find peer")
123 conf = s.confs.Get(*peerID)
130 s.configuration.LogFields(),
131 ).Error("Configuration get failed")
134 hs = govpn.NewHandshake(addr, conn, conf)
136 peer, err = hs.Server(buf[:prev])
140 ).WithError(err).WithFields(
142 ).Error("Can't create new peer")
156 ).Info("Handshake completed")
159 s.peersByIDLock.RLock()
160 addrPrev, exists := s.peersByID[*peer.ID]
161 s.peersByIDLock.RUnlock()
165 s.peers[addrPrev].terminator <- struct{}{}
166 tap = s.peers[addrPrev].tap
170 terminator: make(chan struct{}),
172 peer.Protocol = govpn.ProtocolTCP
173 go govpn.PeerTapProcessor(ps.peer, ps.tap, ps.terminator)
174 s.peersByIDLock.Lock()
176 delete(s.peers, addrPrev)
177 delete(s.knownPeers, addrPrev)
179 s.knownPeers[addr] = &peer
180 s.peersByID[*peer.ID] = addr
182 s.peersByIDLock.Unlock()
190 ).Debug("Rehandshake completed")
192 tap, err = s.callUp(peer, govpn.ProtocolTCP)
200 ).WithError(err).Error("TAP failed")
207 terminator: make(chan struct{}, 1),
209 peer.Protocol = govpn.ProtocolTCP
210 go govpn.PeerTapProcessor(ps.peer, ps.tap, ps.terminator)
212 s.peersByIDLock.Lock()
215 s.peersByID[*peer.ID] = addr
216 s.knownPeers[addr] = &peer
218 s.peersByIDLock.Unlock()
226 ).Info("Peer created")
240 if prev == len(buf) {
243 deadLine = time.Now().Add(conf.Timeout)
244 if err = conn.SetReadDeadline(deadLine); err != nil {
245 s.Error <- errors.Wrapf(err, "conn.SetReadDeadline %s", deadLine.String())
248 n, err = conn.Read(buf[prev:])
256 ).Debug("Can't read connection: either EOFed or timeouted")
261 if prev < govpn.MinPktLength {
264 i = bytes.Index(buf[:prev], peer.NonceExpect)
268 if !peer.PktProcess(buf[:i+govpn.NonceSize], tap, false) {
275 ).Warn("Packet unauthenticated")
278 copy(buf, buf[i+govpn.NonceSize:prev])
279 prev = prev - i - govpn.NonceSize