EtherGuard-VPN/tun/tun_linux.go

493 lines
9.9 KiB
Go
Raw Normal View History

2019-01-02 01:55:51 +01:00
/* SPDX-License-Identifier: MIT
*
* Copyright (C) 2017-2020 WireGuard LLC. All Rights Reserved.
*/
2018-05-23 02:10:54 +02:00
package tun
/* Implementation of the TUN device interface for linux
*/
import (
2018-05-05 02:48:21 +02:00
"bytes"
"errors"
2017-08-17 00:25:39 +02:00
"fmt"
"os"
"sync"
2019-03-07 01:51:41 +01:00
"syscall"
"time"
"unsafe"
2019-05-14 09:09:52 +02:00
"golang.org/x/net/ipv6"
"golang.org/x/sys/unix"
"golang.zx2c4.com/wireguard/rwcancel"
)
2017-08-17 00:25:39 +02:00
const (
cloneDevicePath = "/dev/net/tun"
ifReqSize = unix.IFNAMSIZ + 64
2017-08-17 00:25:39 +02:00
)
type NativeTun struct {
tunFile *os.File
index int32 // if index
errors chan error // async error handling
events chan Event // device related events
nopi bool // the device was passed IFF_NO_PI
netlinkSock int
netlinkCancel *rwcancel.RWCancel
hackListenerClosed sync.Mutex
2018-05-14 03:43:56 +02:00
statusListenersShutdown chan struct{}
nameOnce sync.Once // guards calling initNameCache, which sets following fields
nameCache string // name of interface
nameErr error
2017-08-17 00:25:39 +02:00
}
func (tun *NativeTun) File() *os.File {
return tun.tunFile
2017-11-14 18:26:28 +01:00
}
func (tun *NativeTun) routineHackListener() {
defer tun.hackListenerClosed.Unlock()
2017-11-29 21:12:09 +01:00
/* This is needed for the detection to work across network namespaces
* If you are reading this and know a better method, please get in touch.
*/
for {
2019-03-07 01:51:41 +01:00
sysconn, err := tun.tunFile.SyscallConn()
if err != nil {
return
}
err2 := sysconn.Control(func(fd uintptr) {
_, err = unix.Write(int(fd), nil)
})
if err2 != nil {
return
}
switch err {
case unix.EINVAL:
// If the tunnel is up, it reports that write() is
// allowed but we provided invalid data.
tun.events <- EventUp
case unix.EIO:
// If the tunnel is down, it reports that no I/O
// is possible, without checking our provided data.
tun.events <- EventDown
default:
2018-05-14 02:14:33 +02:00
return
}
select {
case <-time.After(time.Second):
// nothing
2018-05-14 03:43:56 +02:00
case <-tun.statusListenersShutdown:
2018-05-14 02:14:33 +02:00
return
}
}
}
2018-05-14 02:14:33 +02:00
func createNetlinkSocket() (int, error) {
sock, err := unix.Socket(unix.AF_NETLINK, unix.SOCK_RAW, unix.NETLINK_ROUTE)
if err != nil {
2018-05-14 02:14:33 +02:00
return -1, err
2017-08-17 00:25:39 +02:00
}
saddr := &unix.SockaddrNetlink{
Family: unix.AF_NETLINK,
Groups: unix.RTMGRP_LINK | unix.RTMGRP_IPV4_IFADDR | unix.RTMGRP_IPV6_IFADDR,
}
err = unix.Bind(sock, saddr)
if err != nil {
2018-05-14 02:14:33 +02:00
return -1, err
}
2018-05-14 02:14:33 +02:00
return sock, nil
}
func (tun *NativeTun) routineNetlinkListener() {
defer func() {
unix.Close(tun.netlinkSock)
tun.hackListenerClosed.Lock()
close(tun.events)
}()
2018-05-14 14:08:03 +02:00
2017-08-17 00:25:39 +02:00
for msg := make([]byte, 1<<16); ; {
2018-05-14 14:08:03 +02:00
var err error
var msgn int
for {
msgn, _, _, _, err = unix.Recvmsg(tun.netlinkSock, msg[:], nil, 0)
2018-05-24 15:29:16 +02:00
if err == nil || !rwcancel.RetryAfterError(err) {
2018-05-14 14:08:03 +02:00
break
}
if !tun.netlinkCancel.ReadyRead() {
tun.errors <- fmt.Errorf("netlink socket closed: %s", err.Error())
return
}
}
2017-08-17 00:25:39 +02:00
if err != nil {
2018-05-14 02:14:33 +02:00
tun.errors <- fmt.Errorf("failed to receive netlink message: %s", err.Error())
2017-08-17 00:25:39 +02:00
return
}
2018-05-14 03:43:56 +02:00
select {
case <-tun.statusListenersShutdown:
return
default:
}
wasEverUp := false
2017-08-17 00:25:39 +02:00
for remain := msg[:msgn]; len(remain) >= unix.SizeofNlMsghdr; {
hdr := *(*unix.NlMsghdr)(unsafe.Pointer(&remain[0]))
if int(hdr.Len) > len(remain) {
break
}
switch hdr.Type {
case unix.NLMSG_DONE:
remain = []byte{}
case unix.RTM_NEWLINK:
info := *(*unix.IfInfomsg)(unsafe.Pointer(&remain[unix.SizeofNlMsghdr]))
remain = remain[hdr.Len:]
2017-08-17 00:25:39 +02:00
2017-08-17 12:58:18 +02:00
if info.Index != tun.index {
// not our interface
continue
}
2017-08-17 00:25:39 +02:00
if info.Flags&unix.IFF_RUNNING != 0 {
tun.events <- EventUp
wasEverUp = true
2017-08-17 00:25:39 +02:00
}
if info.Flags&unix.IFF_RUNNING == 0 {
// Don't emit EventDown before we've ever emitted EventUp.
// This avoids a startup race with HackListener, which
// might detect Up before we have finished reporting Down.
if wasEverUp {
tun.events <- EventDown
}
2017-08-17 00:25:39 +02:00
}
tun.events <- EventMTUUpdate
2017-08-17 00:25:39 +02:00
default:
remain = remain[hdr.Len:]
}
}
}
}
func getIFIndex(name string) (int32, error) {
fd, err := unix.Socket(
2017-08-17 00:25:39 +02:00
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return 0, err
}
defer unix.Close(fd)
var ifr [ifReqSize]byte
2017-08-17 00:25:39 +02:00
copy(ifr[:], name)
_, _, errno := unix.Syscall(
unix.SYS_IOCTL,
uintptr(fd),
uintptr(unix.SIOCGIFINDEX),
uintptr(unsafe.Pointer(&ifr[0])),
)
if errno != 0 {
return 0, errno
}
2018-05-23 02:10:54 +02:00
return *(*int32)(unsafe.Pointer(&ifr[unix.IFNAMSIZ])), nil
2017-08-17 00:25:39 +02:00
}
func (tun *NativeTun) setMTU(n int) error {
name, err := tun.Name()
if err != nil {
return err
}
// open datagram socket
fd, err := unix.Socket(
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return err
}
defer unix.Close(fd)
2017-07-18 14:15:29 +02:00
// do ioctl call
var ifr [ifReqSize]byte
copy(ifr[:], name)
2018-05-23 02:10:54 +02:00
*(*uint32)(unsafe.Pointer(&ifr[unix.IFNAMSIZ])) = uint32(n)
_, _, errno := unix.Syscall(
unix.SYS_IOCTL,
uintptr(fd),
uintptr(unix.SIOCSIFMTU),
uintptr(unsafe.Pointer(&ifr[0])),
)
if errno != 0 {
2018-05-21 17:27:18 +02:00
return errors.New("failed to set MTU of TUN device")
}
return nil
}
func (tun *NativeTun) MTU() (int, error) {
name, err := tun.Name()
if err != nil {
return 0, err
}
// open datagram socket
fd, err := unix.Socket(
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return 0, err
}
defer unix.Close(fd)
2017-07-18 14:15:29 +02:00
// do ioctl call
var ifr [ifReqSize]byte
copy(ifr[:], name)
_, _, errno := unix.Syscall(
unix.SYS_IOCTL,
uintptr(fd),
uintptr(unix.SIOCGIFMTU),
uintptr(unsafe.Pointer(&ifr[0])),
)
if errno != 0 {
2019-03-07 01:51:41 +01:00
return 0, errors.New("failed to get MTU of TUN device: " + errno.Error())
}
2018-05-23 02:10:54 +02:00
return int(*(*int32)(unsafe.Pointer(&ifr[unix.IFNAMSIZ]))), nil
}
func (tun *NativeTun) Name() (string, error) {
tun.nameOnce.Do(tun.initNameCache)
return tun.nameCache, tun.nameErr
}
func (tun *NativeTun) initNameCache() {
tun.nameCache, tun.nameErr = tun.nameSlow()
}
func (tun *NativeTun) nameSlow() (string, error) {
2019-03-07 01:51:41 +01:00
sysconn, err := tun.tunFile.SyscallConn()
if err != nil {
return "", err
}
2018-04-18 16:39:14 +02:00
var ifr [ifReqSize]byte
2019-03-07 01:51:41 +01:00
var errno syscall.Errno
err = sysconn.Control(func(fd uintptr) {
_, _, errno = unix.Syscall(
unix.SYS_IOCTL,
fd,
uintptr(unix.TUNGETIFF),
uintptr(unsafe.Pointer(&ifr[0])),
)
})
if err != nil {
return "", errors.New("failed to get name of TUN device: " + err.Error())
}
2018-04-18 16:39:14 +02:00
if errno != 0 {
2019-03-07 01:51:41 +01:00
return "", errors.New("failed to get name of TUN device: " + errno.Error())
2018-04-18 16:39:14 +02:00
}
name := ifr[:]
if i := bytes.IndexByte(name, 0); i != -1 {
name = name[:i]
}
return string(name), nil
2018-04-18 16:39:14 +02:00
}
func (tun *NativeTun) Write(buff []byte, offset int) (int, error) {
2018-02-28 12:40:56 +01:00
if tun.nopi {
buff = buff[offset:]
} else {
// reserve space for header
2018-02-28 12:40:56 +01:00
buff = buff[offset-4:]
2018-02-28 12:40:56 +01:00
// add packet information header
2018-02-28 12:40:56 +01:00
buff[0] = 0x00
buff[1] = 0x00
if buff[4]>>4 == ipv6.Version {
2018-02-28 12:40:56 +01:00
buff[2] = 0x86
buff[3] = 0xdd
} else {
buff[2] = 0x08
buff[3] = 0x00
}
}
// write
return tun.tunFile.Write(buff)
}
2019-03-21 21:43:04 +01:00
func (tun *NativeTun) Flush() error {
2019-06-06 23:00:15 +02:00
// TODO: can flushing be implemented by buffering and using sendmmsg?
2019-03-21 21:43:04 +01:00
return nil
}
2019-03-07 01:51:41 +01:00
func (tun *NativeTun) Read(buff []byte, offset int) (int, error) {
2017-08-17 00:25:39 +02:00
select {
case err := <-tun.errors:
return 0, err
default:
2018-02-28 12:40:56 +01:00
if tun.nopi {
return tun.tunFile.Read(buff[offset:])
2018-02-28 12:40:56 +01:00
} else {
buff := buff[offset-4:]
n, err := tun.tunFile.Read(buff[:])
2018-02-28 12:40:56 +01:00
if n < 4 {
return 0, err
}
return n - 4, err
}
2017-08-17 00:25:39 +02:00
}
}
func (tun *NativeTun) Events() chan Event {
return tun.events
}
func (tun *NativeTun) Close() error {
2018-05-14 14:08:03 +02:00
var err1 error
if tun.statusListenersShutdown != nil {
close(tun.statusListenersShutdown)
if tun.netlinkCancel != nil {
err1 = tun.netlinkCancel.Cancel()
}
} else if tun.events != nil {
close(tun.events)
2018-05-14 14:08:03 +02:00
}
err2 := tun.tunFile.Close()
2018-05-14 02:14:33 +02:00
if err1 != nil {
return err1
}
2019-03-07 01:51:41 +01:00
return err2
}
func CreateTUN(name string, mtu int) (Device, error) {
nfd, err := unix.Open(cloneDevicePath, os.O_RDWR, 0)
if err != nil {
if os.IsNotExist(err) {
return nil, fmt.Errorf("CreateTUN(%q) failed; %s does not exist", name, cloneDevicePath)
}
return nil, err
}
var ifr [ifReqSize]byte
var flags uint16 = unix.IFF_TUN // | unix.IFF_NO_PI (disabled for TUN status hack)
nameBytes := []byte(name)
if len(nameBytes) >= unix.IFNAMSIZ {
2018-05-14 02:14:33 +02:00
return nil, errors.New("interface name too long")
}
copy(ifr[:], nameBytes)
2018-05-23 02:10:54 +02:00
*(*uint16)(unsafe.Pointer(&ifr[unix.IFNAMSIZ])) = flags
_, _, errno := unix.Syscall(
unix.SYS_IOCTL,
2019-03-07 01:51:41 +01:00
uintptr(nfd),
uintptr(unix.TUNSETIFF),
uintptr(unsafe.Pointer(&ifr[0])),
)
if errno != 0 {
2017-08-17 00:25:39 +02:00
return nil, errno
}
2019-03-07 01:51:41 +01:00
err = unix.SetNonblock(nfd, true)
// Note that the above -- open,ioctl,nonblock -- must happen prior to handing it to netpoll as below this line.
fd := os.NewFile(uintptr(nfd), cloneDevicePath)
if err != nil {
return nil, err
}
return CreateTUNFromFile(fd, mtu)
}
func CreateTUNFromFile(file *os.File, mtu int) (Device, error) {
tun := &NativeTun{
tunFile: file,
events: make(chan Event, 5),
2018-05-14 03:43:56 +02:00
errors: make(chan error, 5),
2018-05-14 04:19:25 +02:00
statusListenersShutdown: make(chan struct{}),
nopi: false,
}
name, err := tun.Name()
if err != nil {
return nil, err
}
2017-08-17 12:58:18 +02:00
// start event listener
2017-08-17 00:25:39 +02:00
tun.index, err = getIFIndex(name)
2017-08-17 00:25:39 +02:00
if err != nil {
return nil, err
}
2018-05-14 12:27:29 +02:00
tun.netlinkSock, err = createNetlinkSocket()
2018-05-14 02:14:33 +02:00
if err != nil {
2018-05-14 14:08:03 +02:00
return nil, err
}
tun.netlinkCancel, err = rwcancel.NewRWCancel(tun.netlinkSock)
if err != nil {
unix.Close(tun.netlinkSock)
2018-05-14 02:14:33 +02:00
return nil, err
}
tun.hackListenerClosed.Lock()
2018-05-23 02:10:54 +02:00
go tun.routineNetlinkListener()
go tun.routineHackListener() // cross namespace
2018-05-14 12:27:29 +02:00
2018-05-23 02:10:54 +02:00
err = tun.setMTU(mtu)
2018-05-14 02:14:33 +02:00
if err != nil {
unix.Close(tun.netlinkSock)
2018-05-14 02:14:33 +02:00
return nil, err
}
2018-05-14 12:27:29 +02:00
return tun, nil
}
2019-03-03 05:20:13 +01:00
func CreateUnmonitoredTUNFromFD(fd int) (Device, string, error) {
2019-03-07 01:51:41 +01:00
err := unix.SetNonblock(fd, true)
if err != nil {
return nil, "", err
}
file := os.NewFile(uintptr(fd), "/dev/tun")
2019-03-03 05:20:13 +01:00
tun := &NativeTun{
tunFile: file,
events: make(chan Event, 5),
2019-03-03 05:20:13 +01:00
errors: make(chan error, 5),
nopi: true,
}
name, err := tun.Name()
if err != nil {
return nil, "", err
}
return tun, name, nil
}