EtherGuard-VPN/tap/tap_linux.go
2021-08-24 13:55:42 +00:00

572 lines
12 KiB
Go

/* SPDX-License-Identifier: MIT
*
* Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
*/
package tap
/* Implementation of the TUN device interface for linux
*/
import (
"bytes"
"encoding/binary"
"errors"
"fmt"
"os"
"sync"
"syscall"
"time"
"unsafe"
"golang.org/x/sys/unix"
"github.com/KusakabeSi/EtherGuardVPN/config"
"github.com/KusakabeSi/EtherGuardVPN/rwcancel"
)
const (
cloneDevicePath = "/dev/net/tun"
ifReqSize = unix.IFNAMSIZ + 64
)
type NativeTap struct {
tapFile *os.File
index int32 // if index
errors chan error // async error handling
events chan Event // device related events
nopi bool // the device was passed IFF_NO_PI
netlinkSock int
netlinkCancel *rwcancel.RWCancel
hackListenerClosed sync.Mutex
statusListenersShutdown chan struct{}
closeOnce sync.Once
nameOnce sync.Once // guards calling initNameCache, which sets following fields
nameCache string // name of interface
nameErr error
}
func (tap *NativeTap) File() *os.File {
return tap.tapFile
}
func (tap *NativeTap) routineHackListener() {
defer tap.hackListenerClosed.Unlock()
/* This is needed for the detection to work across network namespaces
* If you are reading this and know a better method, please get in touch.
*/
last := 0
const (
up = 1
down = 2
)
for {
sysconn, err := tap.tapFile.SyscallConn()
if err != nil {
return
}
err2 := sysconn.Control(func(fd uintptr) {
_, err = unix.Write(int(fd), nil)
})
if err2 != nil {
return
}
switch err {
case unix.EINVAL:
if last != up {
// If the tunnel is up, it reports that write() is
// allowed but we provided invalid data.
tap.events <- EventUp
last = up
}
case unix.EIO:
if last != down {
// If the tunnel is down, it reports that no I/O
// is possible, without checking our provided data.
tap.events <- EventDown
last = down
}
default:
return
}
select {
case <-time.After(time.Second):
// nothing
case <-tap.statusListenersShutdown:
return
}
}
}
func createNetlinkSocket() (int, error) {
sock, err := unix.Socket(unix.AF_NETLINK, unix.SOCK_RAW, unix.NETLINK_ROUTE)
if err != nil {
return -1, err
}
saddr := &unix.SockaddrNetlink{
Family: unix.AF_NETLINK,
Groups: unix.RTMGRP_LINK | unix.RTMGRP_IPV4_IFADDR | unix.RTMGRP_IPV6_IFADDR,
}
err = unix.Bind(sock, saddr)
if err != nil {
return -1, err
}
return sock, nil
}
func (tap *NativeTap) routineNetlinkListener() {
defer func() {
unix.Close(tap.netlinkSock)
tap.hackListenerClosed.Lock()
close(tap.events)
tap.netlinkCancel.Close()
}()
for msg := make([]byte, 1<<16); ; {
var err error
var msgn int
for {
msgn, _, _, _, err = unix.Recvmsg(tap.netlinkSock, msg[:], nil, 0)
if err == nil || !rwcancel.RetryAfterError(err) {
break
}
if !tap.netlinkCancel.ReadyRead() {
tap.errors <- fmt.Errorf("netlink socket closed: %w", err)
return
}
}
if err != nil {
tap.errors <- fmt.Errorf("failed to receive netlink message: %w", err)
return
}
select {
case <-tap.statusListenersShutdown:
return
default:
}
wasEverUp := false
for remain := msg[:msgn]; len(remain) >= unix.SizeofNlMsghdr; {
hdr := *(*unix.NlMsghdr)(unsafe.Pointer(&remain[0]))
if int(hdr.Len) > len(remain) {
break
}
switch hdr.Type {
case unix.NLMSG_DONE:
remain = []byte{}
case unix.RTM_NEWLINK:
info := *(*unix.IfInfomsg)(unsafe.Pointer(&remain[unix.SizeofNlMsghdr]))
remain = remain[hdr.Len:]
if info.Index != tap.index {
// not our interface
continue
}
if info.Flags&unix.IFF_RUNNING != 0 {
tap.events <- EventUp
wasEverUp = true
}
if info.Flags&unix.IFF_RUNNING == 0 {
// Don't emit EventDown before we've ever emitted EventUp.
// This avoids a startup race with HackListener, which
// might detect Up before we have finished reporting Down.
if wasEverUp {
tap.events <- EventDown
}
}
tap.events <- EventMTUUpdate
default:
remain = remain[hdr.Len:]
}
}
}
}
func (tap *NativeTap) setMacAddr(mac MacAddress) (err error) {
fd, err := unix.Socket(
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return err
}
defer unix.Close(fd)
var ifr [ifReqSize]byte
name, err := tap.Name()
if err != nil {
return err
}
/*
ifreq = struct.pack('16sH6B8x', self.name, AF_UNIX, *macbytes)
fcntl.ioctl(sockfd, SIOCSIFHWADDR, ifreq)
*/
copy(ifr[:unix.IFNAMSIZ], name)
binary.LittleEndian.PutUint16(ifr[unix.IFNAMSIZ:unix.IFNAMSIZ+2], unix.AF_UNIX)
copy(ifr[unix.IFNAMSIZ+2:unix.IFNAMSIZ+8], mac[:])
_, _, err = unix.Syscall(
unix.SYS_IOCTL,
uintptr(fd),
uintptr(unix.SIOCSIFHWADDR),
uintptr(unsafe.Pointer(&ifr[0])),
)
if err.(syscall.Errno) == syscall.Errno(0) {
err = nil
}
return
}
func (tap *NativeTap) setUp() (err error) {
fd, err := unix.Socket(
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return err
}
defer unix.Close(fd)
var ifr [ifReqSize]byte
name, err := tap.Name()
if err != nil {
return err
}
/*
ifreq = struct.pack('16sH6B8x', self.name, AF_UNIX, *macbytes)
fcntl.ioctl(sockfd, SIOCSIFHWADDR, ifreq)
*/
flags := uint16(unix.IFF_UP)
copy(ifr[:unix.IFNAMSIZ], name)
binary.LittleEndian.PutUint16(ifr[unix.IFNAMSIZ:unix.IFNAMSIZ+2], unix.AF_UNIX)
binary.LittleEndian.PutUint16(ifr[unix.IFNAMSIZ+2:unix.IFNAMSIZ+4], flags)
_, _, err = unix.Syscall(
unix.SYS_IOCTL,
uintptr(fd),
uintptr(unix.SIOCSIFFLAGS),
uintptr(unsafe.Pointer(&ifr[0])),
)
if err.(syscall.Errno) == syscall.Errno(0) {
err = nil
}
return
}
func getIFIndex(name string) (int32, error) {
fd, err := unix.Socket(
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return 0, err
}
defer unix.Close(fd)
var ifr [ifReqSize]byte
copy(ifr[:], name)
_, _, errno := unix.Syscall(
unix.SYS_IOCTL,
uintptr(fd),
uintptr(unix.SIOCGIFINDEX),
uintptr(unsafe.Pointer(&ifr[0])),
)
if errno != 0 {
return 0, errno
}
return *(*int32)(unsafe.Pointer(&ifr[unix.IFNAMSIZ])), nil
}
func (tap *NativeTap) setMTU(n int) error {
name, err := tap.Name()
if err != nil {
return err
}
// open datagram socket
fd, err := unix.Socket(
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return err
}
defer unix.Close(fd)
// do ioctl call
var ifr [ifReqSize]byte
copy(ifr[:], name)
*(*uint32)(unsafe.Pointer(&ifr[unix.IFNAMSIZ])) = uint32(n)
_, _, errno := unix.Syscall(
unix.SYS_IOCTL,
uintptr(fd),
uintptr(unix.SIOCSIFMTU),
uintptr(unsafe.Pointer(&ifr[0])),
)
if errno != 0 {
return fmt.Errorf("failed to set MTU of TUN device: %w", errno)
}
return nil
}
func (tap *NativeTap) MTU() (int, error) {
name, err := tap.Name()
if err != nil {
return 0, err
}
// open datagram socket
fd, err := unix.Socket(
unix.AF_INET,
unix.SOCK_DGRAM,
0,
)
if err != nil {
return 0, err
}
defer unix.Close(fd)
// do ioctl call
var ifr [ifReqSize]byte
copy(ifr[:], name)
_, _, errno := unix.Syscall(
unix.SYS_IOCTL,
uintptr(fd),
uintptr(unix.SIOCGIFMTU),
uintptr(unsafe.Pointer(&ifr[0])),
)
if errno != 0 {
return 0, fmt.Errorf("failed to get MTU of TUN device: %w", errno)
}
return int(*(*int32)(unsafe.Pointer(&ifr[unix.IFNAMSIZ]))), nil
}
func (tap *NativeTap) Name() (string, error) {
tap.nameOnce.Do(tap.initNameCache)
return tap.nameCache, tap.nameErr
}
func (tap *NativeTap) initNameCache() {
tap.nameCache, tap.nameErr = tap.nameSlow()
}
func (tap *NativeTap) nameSlow() (string, error) {
sysconn, err := tap.tapFile.SyscallConn()
if err != nil {
return "", err
}
var ifr [ifReqSize]byte
var errno syscall.Errno
err = sysconn.Control(func(fd uintptr) {
_, _, errno = unix.Syscall(
unix.SYS_IOCTL,
fd,
uintptr(unix.TUNGETIFF),
uintptr(unsafe.Pointer(&ifr[0])),
)
})
if err != nil {
return "", fmt.Errorf("failed to get name of TUN device: %w", err)
}
if errno != 0 {
return "", fmt.Errorf("failed to get name of TUN device: %w", errno)
}
name := ifr[:]
if i := bytes.IndexByte(name, 0); i != -1 {
name = name[:i]
}
return string(name), nil
}
func (tap *NativeTap) Write(buf []byte, offset int) (int, error) {
buf = buf[offset:]
n, err := tap.tapFile.Write(buf)
if errors.Is(err, syscall.EBADFD) {
err = os.ErrClosed
}
return n, err
}
func (tap *NativeTap) Flush() error {
// TODO: can flushing be implemented by buffering and using sendmmsg?
return nil
}
func (tap *NativeTap) Read(buf []byte, offset int) (n int, err error) {
select {
case err = <-tap.errors:
default:
n, err = tap.tapFile.Read(buf[offset:])
if errors.Is(err, syscall.EBADFD) {
err = os.ErrClosed
}
}
return
}
func (tap *NativeTap) Events() chan Event {
return tap.events
}
func (tap *NativeTap) Close() error {
var err1, err2 error
tap.closeOnce.Do(func() {
if tap.statusListenersShutdown != nil {
close(tap.statusListenersShutdown)
if tap.netlinkCancel != nil {
err1 = tap.netlinkCancel.Cancel()
}
} else if tap.events != nil {
close(tap.events)
}
err2 = tap.tapFile.Close()
})
if err1 != nil {
return err1
}
return err2
}
func CreateTAP(iconfig config.InterfaceConf) (Device, error) {
nfd, err := unix.Open(cloneDevicePath, os.O_RDWR, 0)
if err != nil {
if os.IsNotExist(err) {
return nil, fmt.Errorf("CreateTAP(%q) failed; %s does not exist", iconfig.Name, cloneDevicePath)
}
return nil, err
}
var ifr [ifReqSize]byte
var flags uint16 = unix.IFF_TAP | unix.IFF_NO_PI // (disabled for TUN status hack)
if err != nil {
fmt.Println("ERROR: Failed parse mac address:", iconfig.MacAddrPrefix)
return nil, err
}
nameBytes := []byte(iconfig.Name)
if len(nameBytes) >= unix.IFNAMSIZ {
return nil, fmt.Errorf("interface name too long: %w", unix.ENAMETOOLONG)
}
copy(ifr[:], nameBytes)
*(*uint16)(unsafe.Pointer(&ifr[unix.IFNAMSIZ])) = flags
_, _, errno := unix.Syscall(
unix.SYS_IOCTL,
uintptr(nfd),
uintptr(unix.TUNSETIFF),
uintptr(unsafe.Pointer(&ifr[0])),
)
if errno != 0 {
return nil, errno
}
err = unix.SetNonblock(nfd, true)
// Note that the above -- open,ioctl,nonblock -- must happen prior to handing it to netpoll as below this line.
fd := os.NewFile(uintptr(nfd), cloneDevicePath)
if err != nil {
return nil, err
}
return CreateTAPFromFile(fd, iconfig)
}
func CreateTAPFromFile(file *os.File, iconfig config.InterfaceConf) (Device, error) {
tap := &NativeTap{
tapFile: file,
events: make(chan Event, 5),
errors: make(chan error, 5),
statusListenersShutdown: make(chan struct{}),
nopi: false,
}
name, err := tap.Name()
if err != nil {
return nil, err
}
// start event listener
tap.index, err = getIFIndex(name)
if err != nil {
return nil, err
}
tap.netlinkSock, err = createNetlinkSocket()
if err != nil {
return nil, err
}
tap.netlinkCancel, err = rwcancel.NewRWCancel(tap.netlinkSock)
if err != nil {
unix.Close(tap.netlinkSock)
return nil, err
}
tap.hackListenerClosed.Lock()
go tap.routineNetlinkListener()
go tap.routineHackListener() // cross namespace
err = tap.setMTU(iconfig.MTU)
if err != nil {
unix.Close(tap.netlinkSock)
return nil, err
}
IfMacAddr, err := GetMacAddr(iconfig.MacAddrPrefix, iconfig.VPPIfaceID)
if err != nil {
fmt.Println("ERROR: Failed parse mac address:", iconfig.MacAddrPrefix)
return nil, err
}
err = tap.setMacAddr(IfMacAddr)
if err != nil {
unix.Close(tap.netlinkSock)
return nil, err
}
err = tap.setUp()
if err != nil {
unix.Close(tap.netlinkSock)
return nil, err
}
return tap, nil
}
func CreateUnmonitoredTUNFromFD(fd int) (Device, string, error) {
err := unix.SetNonblock(fd, true)
if err != nil {
return nil, "", err
}
file := os.NewFile(uintptr(fd), "/dev/tap")
tap := &NativeTap{
tapFile: file,
events: make(chan Event, 5),
errors: make(chan error, 5),
nopi: true,
}
name, err := tap.Name()
if err != nil {
return nil, "", err
}
return tap, name, nil
}