2019-01-02 01:55:51 +01:00
|
|
|
/* SPDX-License-Identifier: MIT
|
2018-05-03 15:04:00 +02:00
|
|
|
*
|
2021-01-28 17:52:15 +01:00
|
|
|
* Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
|
2018-05-03 15:04:00 +02:00
|
|
|
*/
|
|
|
|
|
2019-03-03 04:04:41 +01:00
|
|
|
package device
|
2017-05-30 22:36:49 +02:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bufio"
|
2021-01-26 20:11:58 +01:00
|
|
|
"bytes"
|
2020-04-01 18:27:02 +02:00
|
|
|
"errors"
|
2017-05-30 22:36:49 +02:00
|
|
|
"fmt"
|
|
|
|
"io"
|
2017-06-01 21:31:30 +02:00
|
|
|
"net"
|
2017-06-04 21:48:15 +02:00
|
|
|
"strconv"
|
2017-06-29 14:39:21 +02:00
|
|
|
"strings"
|
2021-01-26 20:11:58 +01:00
|
|
|
"sync"
|
2017-07-17 16:16:18 +02:00
|
|
|
"sync/atomic"
|
2017-07-18 15:22:56 +02:00
|
|
|
"time"
|
2019-05-14 09:09:52 +02:00
|
|
|
|
2021-08-16 02:43:17 +02:00
|
|
|
"github.com/KusakabeSi/EtherGuardVPN/ipc"
|
2017-05-30 22:36:49 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
type IPCError struct {
|
2021-01-15 22:24:38 +01:00
|
|
|
code int64 // error code
|
|
|
|
err error // underlying/wrapped error
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
|
|
|
|
2019-03-10 02:49:27 +01:00
|
|
|
func (s IPCError) Error() string {
|
2021-01-15 22:24:38 +01:00
|
|
|
return fmt.Sprintf("IPC error %d: %v", s.code, s.err)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s IPCError) Unwrap() error {
|
|
|
|
return s.err
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
|
|
|
|
2019-03-10 02:49:27 +01:00
|
|
|
func (s IPCError) ErrorCode() int64 {
|
2021-01-15 22:24:38 +01:00
|
|
|
return s.code
|
|
|
|
}
|
|
|
|
|
|
|
|
func ipcErrorf(code int64, msg string, args ...interface{}) *IPCError {
|
|
|
|
return &IPCError{code: code, err: fmt.Errorf(msg, args...)}
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
|
|
|
|
2021-01-26 20:11:58 +01:00
|
|
|
var byteBufferPool = &sync.Pool{
|
|
|
|
New: func() interface{} { return new(bytes.Buffer) },
|
|
|
|
}
|
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
// IpcGetOperation implements the WireGuard configuration protocol "get" operation.
|
|
|
|
// See https://www.wireguard.com/xplatform/#configuration-protocol for details.
|
2020-12-22 19:08:25 +01:00
|
|
|
func (device *Device) IpcGetOperation(w io.Writer) error {
|
2021-01-28 15:26:22 +01:00
|
|
|
device.ipcMutex.RLock()
|
|
|
|
defer device.ipcMutex.RUnlock()
|
|
|
|
|
2021-01-26 20:11:58 +01:00
|
|
|
buf := byteBufferPool.Get().(*bytes.Buffer)
|
|
|
|
buf.Reset()
|
|
|
|
defer byteBufferPool.Put(buf)
|
|
|
|
sendf := func(format string, args ...interface{}) {
|
|
|
|
fmt.Fprintf(buf, format, args...)
|
|
|
|
buf.WriteByte('\n')
|
2017-06-28 23:45:45 +02:00
|
|
|
}
|
2021-01-28 00:49:31 +01:00
|
|
|
keyf := func(prefix string, key *[32]byte) {
|
|
|
|
buf.Grow(len(key)*2 + 2 + len(prefix))
|
|
|
|
buf.WriteString(prefix)
|
|
|
|
buf.WriteByte('=')
|
|
|
|
const hex = "0123456789abcdef"
|
|
|
|
for i := 0; i < len(key); i++ {
|
|
|
|
buf.WriteByte(hex[key[i]>>4])
|
|
|
|
buf.WriteByte(hex[key[i]&0xf])
|
|
|
|
}
|
|
|
|
buf.WriteByte('\n')
|
|
|
|
}
|
2017-06-28 23:45:45 +02:00
|
|
|
|
2018-02-02 16:40:14 +01:00
|
|
|
func() {
|
2017-06-28 23:45:45 +02:00
|
|
|
|
2018-02-02 16:40:14 +01:00
|
|
|
// lock required resources
|
2017-10-16 21:33:47 +02:00
|
|
|
|
2019-01-03 19:04:00 +01:00
|
|
|
device.net.RLock()
|
|
|
|
defer device.net.RUnlock()
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2019-01-03 19:04:00 +01:00
|
|
|
device.staticIdentity.RLock()
|
|
|
|
defer device.staticIdentity.RUnlock()
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2019-01-03 19:04:00 +01:00
|
|
|
device.peers.RLock()
|
|
|
|
defer device.peers.RUnlock()
|
2018-02-02 16:40:14 +01:00
|
|
|
|
|
|
|
// serialize device related values
|
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
if !device.staticIdentity.privateKey.IsZero() {
|
2021-01-28 00:49:31 +01:00
|
|
|
keyf("private_key", (*[32]byte)(&device.staticIdentity.privateKey))
|
2018-02-02 16:40:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if device.net.port != 0 {
|
2021-01-26 20:11:58 +01:00
|
|
|
sendf("listen_port=%d", device.net.port)
|
2018-02-02 16:40:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if device.net.fwmark != 0 {
|
2021-01-26 20:11:58 +01:00
|
|
|
sendf("fwmark=%d", device.net.fwmark)
|
2018-02-02 16:40:14 +01:00
|
|
|
}
|
2017-06-28 23:45:45 +02:00
|
|
|
|
2018-02-02 16:40:14 +01:00
|
|
|
// serialize each peer state
|
|
|
|
|
|
|
|
for _, peer := range device.peers.keyMap {
|
2019-01-03 19:04:00 +01:00
|
|
|
peer.RLock()
|
|
|
|
defer peer.RUnlock()
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-28 00:49:31 +01:00
|
|
|
keyf("public_key", (*[32]byte)(&peer.handshake.remoteStatic))
|
|
|
|
keyf("preshared_key", (*[32]byte)(&peer.handshake.presharedKey))
|
2021-01-26 20:11:58 +01:00
|
|
|
sendf("protocol_version=1")
|
2017-11-18 23:34:02 +01:00
|
|
|
if peer.endpoint != nil {
|
2021-01-26 20:11:58 +01:00
|
|
|
sendf("endpoint=%s", peer.endpoint.DstToString())
|
2017-06-28 23:45:45 +02:00
|
|
|
}
|
2017-07-18 15:22:56 +02:00
|
|
|
|
|
|
|
nano := atomic.LoadInt64(&peer.stats.lastHandshakeNano)
|
|
|
|
secs := nano / time.Second.Nanoseconds()
|
|
|
|
nano %= time.Second.Nanoseconds()
|
|
|
|
|
2021-01-26 20:11:58 +01:00
|
|
|
sendf("last_handshake_time_sec=%d", secs)
|
|
|
|
sendf("last_handshake_time_nsec=%d", nano)
|
|
|
|
sendf("tx_bytes=%d", atomic.LoadUint64(&peer.stats.txBytes))
|
|
|
|
sendf("rx_bytes=%d", atomic.LoadUint64(&peer.stats.rxBytes))
|
|
|
|
sendf("persistent_keepalive_interval=%d", atomic.LoadUint32(&peer.persistentKeepaliveInterval))
|
2021-08-16 20:58:15 +02:00
|
|
|
sendf("allowed_ip=%s/%d", net.IPv4zero.String(), 0)
|
|
|
|
sendf("allowed_ip=%s/%d", net.IPv6zero.String(), 0)
|
2018-02-02 16:40:14 +01:00
|
|
|
}
|
|
|
|
}()
|
2017-07-17 16:16:18 +02:00
|
|
|
|
2018-02-02 16:40:14 +01:00
|
|
|
// send lines (does not require resource locks)
|
2021-01-26 20:11:58 +01:00
|
|
|
if _, err := w.Write(buf.Bytes()); err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorIO, "failed to write output: %w", err)
|
2017-06-28 23:45:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
// IpcSetOperation implements the WireGuard configuration protocol "set" operation.
|
|
|
|
// See https://www.wireguard.com/xplatform/#configuration-protocol for details.
|
2021-01-15 22:24:38 +01:00
|
|
|
func (device *Device) IpcSetOperation(r io.Reader) (err error) {
|
2021-01-28 15:26:22 +01:00
|
|
|
device.ipcMutex.Lock()
|
|
|
|
defer device.ipcMutex.Unlock()
|
2021-01-25 18:35:35 +01:00
|
|
|
|
2021-01-15 22:24:38 +01:00
|
|
|
defer func() {
|
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("%v", err)
|
2021-01-15 22:24:38 +01:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
peer := new(ipcSetPeer)
|
2017-08-04 16:15:53 +02:00
|
|
|
deviceConfig := true
|
|
|
|
|
2021-01-15 22:24:38 +01:00
|
|
|
scanner := bufio.NewScanner(r)
|
2017-05-30 22:36:49 +02:00
|
|
|
for scanner.Scan() {
|
|
|
|
line := scanner.Text()
|
2017-06-29 14:39:21 +02:00
|
|
|
if line == "" {
|
2021-01-15 23:32:34 +01:00
|
|
|
// Blank line means terminate operation.
|
2017-06-29 14:39:21 +02:00
|
|
|
return nil
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
2017-06-29 14:39:21 +02:00
|
|
|
parts := strings.Split(line, "=")
|
|
|
|
if len(parts) != 2 {
|
2021-01-15 22:24:38 +01:00
|
|
|
return ipcErrorf(ipc.IpcErrorProtocol, "failed to parse line %q, found %d =-separated parts, want 2", line, len(parts))
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
2017-06-29 14:39:21 +02:00
|
|
|
key := parts[0]
|
|
|
|
value := parts[1]
|
2017-05-30 22:36:49 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
if key == "public_key" {
|
|
|
|
if deviceConfig {
|
2017-08-04 16:15:53 +02:00
|
|
|
deviceConfig = false
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
2021-01-27 18:13:53 +01:00
|
|
|
peer.handlePostConfig()
|
2021-01-15 23:32:34 +01:00
|
|
|
// Load/create the peer we are now configuring.
|
|
|
|
err := device.handlePublicKeyLine(peer, value)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
continue
|
2017-08-04 16:15:53 +02:00
|
|
|
}
|
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
var err error
|
|
|
|
if deviceConfig {
|
|
|
|
err = device.handleDeviceLine(key, value)
|
|
|
|
} else {
|
|
|
|
err = device.handlePeerLine(peer, key, value)
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2021-01-27 18:13:53 +01:00
|
|
|
peer.handlePostConfig()
|
2019-09-28 20:12:46 +02:00
|
|
|
|
2021-01-25 18:21:43 +01:00
|
|
|
if err := scanner.Err(); err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorIO, "failed to read input: %w", err)
|
|
|
|
}
|
|
|
|
return nil
|
2021-01-15 23:32:34 +01:00
|
|
|
}
|
2019-09-28 20:12:46 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
func (device *Device) handleDeviceLine(key, value string) error {
|
|
|
|
switch key {
|
|
|
|
case "private_key":
|
|
|
|
var sk NoisePrivateKey
|
|
|
|
err := sk.FromMaybeZeroHex(value)
|
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to set private_key: %w", err)
|
|
|
|
}
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("UAPI: Updating private key")
|
2021-01-15 23:32:34 +01:00
|
|
|
device.SetPrivateKey(sk)
|
2017-10-16 21:33:47 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "listen_port":
|
|
|
|
port, err := strconv.ParseUint(value, 10, 16)
|
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to parse listen_port: %w", err)
|
|
|
|
}
|
2017-10-16 21:33:47 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
// update port and rebind
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("UAPI: Updating listen port")
|
2017-05-30 22:36:49 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
device.net.Lock()
|
|
|
|
device.net.port = uint16(port)
|
|
|
|
device.net.Unlock()
|
2017-10-16 21:33:47 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
if err := device.BindUpdate(); err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorPortInUse, "failed to set listen_port: %w", err)
|
|
|
|
}
|
2017-10-16 21:33:47 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "fwmark":
|
2021-01-25 18:27:06 +01:00
|
|
|
mark, err := strconv.ParseUint(value, 10, 32)
|
2021-01-15 23:32:34 +01:00
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "invalid fwmark: %w", err)
|
|
|
|
}
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("UAPI: Updating fwmark")
|
2021-01-25 18:27:06 +01:00
|
|
|
if err := device.BindSetMark(uint32(mark)); err != nil {
|
2021-01-15 23:32:34 +01:00
|
|
|
return ipcErrorf(ipc.IpcErrorPortInUse, "failed to update fwmark: %w", err)
|
|
|
|
}
|
2017-10-16 21:33:47 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "replace_peers":
|
|
|
|
if value != "true" {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to set replace_peers, invalid value: %v", value)
|
|
|
|
}
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("UAPI: Removing all peers")
|
2021-01-15 23:32:34 +01:00
|
|
|
device.RemoveAllPeers()
|
2017-11-18 23:34:02 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
default:
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "invalid UAPI device key: %v", key)
|
|
|
|
}
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
return nil
|
|
|
|
}
|
2017-10-16 21:33:47 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
// An ipcSetPeer is the current state of an IPC set operation on a peer.
|
|
|
|
type ipcSetPeer struct {
|
|
|
|
*Peer // Peer is the current peer being operated on
|
|
|
|
dummy bool // dummy reports whether this peer is a temporary, placeholder peer
|
|
|
|
created bool // new reports whether this is a newly created peer
|
|
|
|
}
|
2017-05-30 22:36:49 +02:00
|
|
|
|
2021-01-27 18:13:53 +01:00
|
|
|
func (peer *ipcSetPeer) handlePostConfig() {
|
2021-01-19 18:02:16 +01:00
|
|
|
if peer.Peer != nil && !peer.dummy && peer.Peer.device.isUp() {
|
2021-01-27 18:13:53 +01:00
|
|
|
peer.SendStagedPackets()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
func (device *Device) handlePublicKeyLine(peer *ipcSetPeer, value string) error {
|
|
|
|
// Load/create the peer we are configuring.
|
|
|
|
var publicKey NoisePublicKey
|
|
|
|
err := publicKey.FromHex(value)
|
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to get peer by public key: %w", err)
|
|
|
|
}
|
2017-08-04 16:15:53 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
// Ignore peer with the same public key as this device.
|
|
|
|
device.staticIdentity.RLock()
|
|
|
|
peer.dummy = device.staticIdentity.publicKey.Equals(publicKey)
|
|
|
|
device.staticIdentity.RUnlock()
|
2017-08-04 16:15:53 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
if peer.dummy {
|
|
|
|
peer.Peer = &Peer{}
|
|
|
|
} else {
|
|
|
|
peer.Peer = device.LookupPeer(publicKey)
|
|
|
|
}
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
peer.created = peer.Peer == nil
|
|
|
|
if peer.created {
|
2021-08-24 10:43:55 +02:00
|
|
|
id, err := device.LookupPeerIDAtConfig(publicKey)
|
|
|
|
if err != nil {
|
|
|
|
return errors.New("Create new peer by UAPI is not implemented")
|
|
|
|
}
|
2021-09-21 22:03:11 +02:00
|
|
|
peer.Peer, err = device.NewPeer(publicKey, id, false)
|
2021-01-15 23:32:34 +01:00
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to create new peer: %w", err)
|
|
|
|
}
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - UAPI: Created", peer.Peer)
|
2021-01-15 23:32:34 +01:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
2017-08-04 16:15:53 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
func (device *Device) handlePeerLine(peer *ipcSetPeer, key, value string) error {
|
|
|
|
switch key {
|
|
|
|
case "update_only":
|
|
|
|
// allow disabling of creation
|
|
|
|
if value != "true" {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to set update only, invalid value: %v", value)
|
|
|
|
}
|
|
|
|
if peer.created && !peer.dummy {
|
|
|
|
device.RemovePeer(peer.handshake.remoteStatic)
|
|
|
|
peer.Peer = &Peer{}
|
|
|
|
peer.dummy = true
|
|
|
|
}
|
2017-05-30 22:36:49 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "remove":
|
|
|
|
// remove currently selected peer from device
|
|
|
|
if value != "true" {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to set remove, invalid value: %v", value)
|
|
|
|
}
|
|
|
|
if !peer.dummy {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - UAPI: Removing", peer.Peer)
|
2021-01-15 23:32:34 +01:00
|
|
|
device.RemovePeer(peer.handshake.remoteStatic)
|
|
|
|
}
|
|
|
|
peer.Peer = &Peer{}
|
|
|
|
peer.dummy = true
|
2017-08-04 16:15:53 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "preshared_key":
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - UAPI: Updating preshared key", peer.Peer)
|
2017-08-04 16:15:53 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
peer.handshake.mutex.Lock()
|
|
|
|
err := peer.handshake.presharedKey.FromHex(value)
|
|
|
|
peer.handshake.mutex.Unlock()
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to set preshared key: %w", err)
|
|
|
|
}
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "endpoint":
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - UAPI: Updating endpoint", peer.Peer)
|
2021-02-22 02:01:50 +01:00
|
|
|
endpoint, err := device.net.bind.ParseEndpoint(value)
|
2021-01-15 23:32:34 +01:00
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to set endpoint %v: %w", value, err)
|
|
|
|
}
|
2021-01-25 18:32:09 +01:00
|
|
|
peer.Lock()
|
|
|
|
defer peer.Unlock()
|
|
|
|
peer.endpoint = endpoint
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "persistent_keepalive_interval":
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - UAPI: Updating persistent keepalive interval", peer.Peer)
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
secs, err := strconv.ParseUint(value, 10, 16)
|
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to set persistent keepalive interval: %w", err)
|
|
|
|
}
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
old := atomic.SwapUint32(&peer.persistentKeepaliveInterval, uint32(secs))
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
// Send immediate keepalive if we're turning it on and before it wasn't on.
|
|
|
|
if old == 0 && secs != 0 {
|
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorIO, "failed to get tun device status: %w", err)
|
|
|
|
}
|
2021-01-19 18:02:16 +01:00
|
|
|
if device.isUp() && !peer.dummy {
|
2021-01-15 23:32:34 +01:00
|
|
|
peer.SendKeepalive()
|
|
|
|
}
|
|
|
|
}
|
2017-05-30 22:36:49 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "replace_allowed_ips":
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - UAPI: Removing all allowedips", peer.Peer)
|
2021-01-15 23:32:34 +01:00
|
|
|
if value != "true" {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to replace allowedips, invalid value: %v", value)
|
|
|
|
}
|
|
|
|
if peer.dummy {
|
|
|
|
return nil
|
|
|
|
}
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "allowed_ip":
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - UAPI: Adding allowedip", peer.Peer)
|
2018-09-03 07:04:47 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
_, network, err := net.ParseCIDR(value)
|
|
|
|
if err != nil {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "failed to set allowed ip: %w", err)
|
|
|
|
}
|
|
|
|
if peer.dummy {
|
|
|
|
return nil
|
|
|
|
}
|
2021-08-16 20:58:15 +02:00
|
|
|
_, _ = network.Mask.Size()
|
2018-09-03 07:04:47 +02:00
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
case "protocol_version":
|
|
|
|
if value != "1" {
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "invalid protocol version: %v", value)
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
2021-01-15 23:32:34 +01:00
|
|
|
|
|
|
|
default:
|
|
|
|
return ipcErrorf(ipc.IpcErrorInvalid, "invalid UAPI peer key: %v", key)
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
|
|
|
|
2021-01-15 23:32:34 +01:00
|
|
|
return nil
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|
|
|
|
|
2020-12-22 14:30:57 +01:00
|
|
|
func (device *Device) IpcGet() (string, error) {
|
2020-12-22 19:08:25 +01:00
|
|
|
buf := new(strings.Builder)
|
|
|
|
if err := device.IpcGetOperation(buf); err != nil {
|
2020-12-22 14:30:57 +01:00
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
return buf.String(), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (device *Device) IpcSet(uapiConf string) error {
|
2020-12-22 19:08:25 +01:00
|
|
|
return device.IpcSetOperation(strings.NewReader(uapiConf))
|
2020-12-22 14:30:57 +01:00
|
|
|
}
|
|
|
|
|
2019-03-03 04:04:41 +01:00
|
|
|
func (device *Device) IpcHandle(socket net.Conn) {
|
2017-07-17 16:16:18 +02:00
|
|
|
defer socket.Close()
|
2017-05-30 22:36:49 +02:00
|
|
|
|
2017-07-17 16:16:18 +02:00
|
|
|
buffered := func(s io.ReadWriter) *bufio.ReadWriter {
|
|
|
|
reader := bufio.NewReader(s)
|
|
|
|
writer := bufio.NewWriter(s)
|
|
|
|
return bufio.NewReadWriter(reader, writer)
|
|
|
|
}(socket)
|
2017-06-28 23:45:45 +02:00
|
|
|
|
2021-01-25 19:00:43 +01:00
|
|
|
for {
|
|
|
|
op, err := buffered.ReadString('\n')
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
2017-05-30 22:36:49 +02:00
|
|
|
|
2021-01-25 19:00:43 +01:00
|
|
|
// handle operation
|
|
|
|
switch op {
|
|
|
|
case "set=1\n":
|
|
|
|
err = device.IpcSetOperation(buffered.Reader)
|
|
|
|
case "get=1\n":
|
2021-01-26 19:35:25 +01:00
|
|
|
var nextByte byte
|
|
|
|
nextByte, err = buffered.ReadByte()
|
2021-01-25 19:00:43 +01:00
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if nextByte != '\n' {
|
2021-01-26 23:05:48 +01:00
|
|
|
err = ipcErrorf(ipc.IpcErrorInvalid, "trailing character in UAPI get: %q", nextByte)
|
2021-01-25 19:00:43 +01:00
|
|
|
break
|
|
|
|
}
|
|
|
|
err = device.IpcGetOperation(buffered.Writer)
|
|
|
|
default:
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("invalid UAPI operation: %v", op)
|
2021-01-25 19:00:43 +01:00
|
|
|
return
|
|
|
|
}
|
2017-08-04 16:15:53 +02:00
|
|
|
|
2021-01-25 19:00:43 +01:00
|
|
|
// write status
|
|
|
|
var status *IPCError
|
|
|
|
if err != nil && !errors.As(err, &status) {
|
|
|
|
// shouldn't happen
|
|
|
|
status = ipcErrorf(ipc.IpcErrorUnknown, "other UAPI error: %w", err)
|
|
|
|
}
|
|
|
|
if status != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("%v", status)
|
2021-01-25 19:00:43 +01:00
|
|
|
fmt.Fprintf(buffered, "errno=%d\n\n", status.ErrorCode())
|
|
|
|
} else {
|
|
|
|
fmt.Fprintf(buffered, "errno=0\n\n")
|
|
|
|
}
|
|
|
|
buffered.Flush()
|
2017-07-17 16:16:18 +02:00
|
|
|
}
|
2017-05-30 22:36:49 +02:00
|
|
|
}
|