2021-05-01 12:45:37 +02:00
|
|
|
package iface
|
|
|
|
|
2021-06-24 11:46:33 +02:00
|
|
|
import (
|
2023-05-29 16:00:18 +02:00
|
|
|
"fmt"
|
2021-06-24 11:46:33 +02:00
|
|
|
"net"
|
2022-06-04 19:41:01 +02:00
|
|
|
"sync"
|
2023-02-13 18:34:56 +01:00
|
|
|
"time"
|
|
|
|
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
2024-01-03 16:06:20 +01:00
|
|
|
|
2024-10-02 18:24:22 +02:00
|
|
|
"github.com/netbirdio/netbird/client/iface/bind"
|
|
|
|
"github.com/netbirdio/netbird/client/iface/configurer"
|
|
|
|
"github.com/netbirdio/netbird/client/iface/device"
|
2021-06-24 11:46:33 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2024-10-02 18:24:22 +02:00
|
|
|
DefaultMTU = 1280
|
|
|
|
DefaultWgPort = 51820
|
|
|
|
WgInterfaceDefault = configurer.WgInterfaceDefault
|
2021-06-24 11:46:33 +02:00
|
|
|
)
|
|
|
|
|
2024-10-02 18:24:22 +02:00
|
|
|
type WGAddress = device.WGAddress
|
|
|
|
|
|
|
|
// WGIface represents an interface instance
|
2023-02-13 18:34:56 +01:00
|
|
|
type WGIface struct {
|
2024-10-02 18:24:22 +02:00
|
|
|
tun WGTunDevice
|
2023-04-13 17:00:01 +02:00
|
|
|
userspaceBind bool
|
2024-01-03 16:06:20 +01:00
|
|
|
mu sync.Mutex
|
|
|
|
|
2024-10-02 18:24:22 +02:00
|
|
|
configurer device.WGConfigurer
|
|
|
|
filter device.PacketFilter
|
2024-01-22 12:20:24 +01:00
|
|
|
}
|
|
|
|
|
2023-04-13 17:00:01 +02:00
|
|
|
// IsUserspaceBind indicates whether this interfaces is userspace with bind.ICEBind
|
|
|
|
func (w *WGIface) IsUserspaceBind() bool {
|
|
|
|
return w.userspaceBind
|
|
|
|
}
|
|
|
|
|
2023-02-13 18:34:56 +01:00
|
|
|
// Name returns the interface name
|
|
|
|
func (w *WGIface) Name() string {
|
2023-03-17 10:37:27 +01:00
|
|
|
return w.tun.DeviceName()
|
2023-02-13 18:34:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Address returns the interface address
|
2024-10-02 18:24:22 +02:00
|
|
|
func (w *WGIface) Address() device.WGAddress {
|
2023-03-17 10:37:27 +01:00
|
|
|
return w.tun.WgAddress()
|
2023-02-13 18:34:56 +01:00
|
|
|
}
|
|
|
|
|
2024-06-13 13:24:24 +02:00
|
|
|
// ToInterface returns the net.Interface for the Wireguard interface
|
|
|
|
func (r *WGIface) ToInterface() *net.Interface {
|
|
|
|
name := r.tun.DeviceName()
|
|
|
|
intf, err := net.InterfaceByName(name)
|
|
|
|
if err != nil {
|
|
|
|
log.Warnf("Failed to get interface by name %s: %v", name, err)
|
|
|
|
intf = &net.Interface{
|
|
|
|
Name: name,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return intf
|
|
|
|
}
|
|
|
|
|
2024-01-03 16:06:20 +01:00
|
|
|
// Up configures a Wireguard interface
|
2023-02-13 18:34:56 +01:00
|
|
|
// The interface must exist before calling this method (e.g. call interface.Create() before)
|
2024-01-03 16:06:20 +01:00
|
|
|
func (w *WGIface) Up() (*bind.UniversalUDPMuxDefault, error) {
|
2023-02-13 18:34:56 +01:00
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
2024-01-03 16:06:20 +01:00
|
|
|
|
|
|
|
return w.tun.Up()
|
2023-02-13 18:34:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// UpdateAddr updates address of the interface
|
|
|
|
func (w *WGIface) UpdateAddr(newAddr string) error {
|
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
|
|
|
|
2024-10-02 18:24:22 +02:00
|
|
|
addr, err := device.ParseWGAddress(newAddr)
|
2023-02-13 18:34:56 +01:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-03-17 10:37:27 +01:00
|
|
|
return w.tun.UpdateAddr(addr)
|
2023-02-13 18:34:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// UpdatePeer updates existing Wireguard Peer or creates a new one if doesn't exist
|
|
|
|
// Endpoint is optional
|
|
|
|
func (w *WGIface) UpdatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error {
|
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
|
|
|
|
2024-01-03 16:06:20 +01:00
|
|
|
log.Debugf("updating interface %s peer %s, endpoint %s", w.tun.DeviceName(), peerKey, endpoint)
|
2024-10-02 18:24:22 +02:00
|
|
|
return w.configurer.UpdatePeer(peerKey, allowedIps, keepAlive, endpoint, preSharedKey)
|
2023-03-17 10:37:27 +01:00
|
|
|
}
|
2023-02-13 18:34:56 +01:00
|
|
|
|
2023-03-17 10:37:27 +01:00
|
|
|
// RemovePeer removes a Wireguard Peer from the interface iface
|
|
|
|
func (w *WGIface) RemovePeer(peerKey string) error {
|
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
2023-02-13 18:34:56 +01:00
|
|
|
|
2023-03-17 10:37:27 +01:00
|
|
|
log.Debugf("Removing peer %s from interface %s ", peerKey, w.tun.DeviceName())
|
2024-10-02 18:24:22 +02:00
|
|
|
return w.configurer.RemovePeer(peerKey)
|
2023-02-13 18:34:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// AddAllowedIP adds a prefix to the allowed IPs list of peer
|
|
|
|
func (w *WGIface) AddAllowedIP(peerKey string, allowedIP string) error {
|
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
|
|
|
|
2024-06-13 13:24:24 +02:00
|
|
|
log.Debugf("Adding allowed IP to interface %s and peer %s: allowed IP %s ", w.tun.DeviceName(), peerKey, allowedIP)
|
2024-10-02 18:24:22 +02:00
|
|
|
return w.configurer.AddAllowedIP(peerKey, allowedIP)
|
2021-06-24 11:46:33 +02:00
|
|
|
}
|
|
|
|
|
2023-02-13 18:34:56 +01:00
|
|
|
// RemoveAllowedIP removes a prefix from the allowed IPs list of peer
|
|
|
|
func (w *WGIface) RemoveAllowedIP(peerKey string, allowedIP string) error {
|
2022-06-04 19:41:01 +02:00
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
2023-02-13 18:34:56 +01:00
|
|
|
|
2024-06-13 13:24:24 +02:00
|
|
|
log.Debugf("Removing allowed IP from interface %s and peer %s: allowed IP %s ", w.tun.DeviceName(), peerKey, allowedIP)
|
2024-10-02 18:24:22 +02:00
|
|
|
return w.configurer.RemoveAllowedIP(peerKey, allowedIP)
|
2023-02-13 18:34:56 +01:00
|
|
|
}
|
|
|
|
|
2023-03-17 10:37:27 +01:00
|
|
|
// Close closes the tunnel interface
|
|
|
|
func (w *WGIface) Close() error {
|
2023-02-13 18:34:56 +01:00
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
2024-09-02 19:19:14 +02:00
|
|
|
|
|
|
|
err := w.tun.Close()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to close wireguard interface %s: %w", w.Name(), err)
|
|
|
|
}
|
|
|
|
|
|
|
|
err = w.waitUntilRemoved()
|
|
|
|
if err != nil {
|
|
|
|
log.Warnf("failed to remove WireGuard interface %s: %v", w.Name(), err)
|
|
|
|
err = w.Destroy()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to remove WireGuard interface %s: %w", w.Name(), err)
|
|
|
|
}
|
|
|
|
log.Infof("interface %s successfully removed", w.Name())
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
2023-02-13 18:34:56 +01:00
|
|
|
}
|
2023-05-29 16:00:18 +02:00
|
|
|
|
2023-09-05 21:14:02 +02:00
|
|
|
// SetFilter sets packet filters for the userspace implementation
|
2024-10-02 18:24:22 +02:00
|
|
|
func (w *WGIface) SetFilter(filter device.PacketFilter) error {
|
2023-05-29 16:00:18 +02:00
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
|
|
|
|
2024-10-02 18:24:22 +02:00
|
|
|
if w.tun.FilteredDevice() == nil {
|
2023-05-29 16:00:18 +02:00
|
|
|
return fmt.Errorf("userspace packet filtering not handled on this device")
|
|
|
|
}
|
|
|
|
|
2023-06-08 11:46:57 +02:00
|
|
|
w.filter = filter
|
2024-01-03 16:06:20 +01:00
|
|
|
w.filter.SetNetwork(w.tun.WgAddress().Network)
|
2023-06-08 11:46:57 +02:00
|
|
|
|
2024-10-02 18:24:22 +02:00
|
|
|
w.tun.FilteredDevice().SetFilter(filter)
|
2023-05-29 16:00:18 +02:00
|
|
|
return nil
|
|
|
|
}
|
2023-06-08 11:46:57 +02:00
|
|
|
|
|
|
|
// GetFilter returns packet filter used by interface if it uses userspace device implementation
|
2024-10-02 18:24:22 +02:00
|
|
|
func (w *WGIface) GetFilter() device.PacketFilter {
|
2023-06-08 11:46:57 +02:00
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
|
|
|
|
|
|
|
return w.filter
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetDevice to interact with raw device (with filtering)
|
2024-10-02 18:24:22 +02:00
|
|
|
func (w *WGIface) GetDevice() *device.FilteredDevice {
|
2023-06-08 11:46:57 +02:00
|
|
|
w.mu.Lock()
|
|
|
|
defer w.mu.Unlock()
|
|
|
|
|
2024-10-02 18:24:22 +02:00
|
|
|
return w.tun.FilteredDevice()
|
2023-06-08 11:46:57 +02:00
|
|
|
}
|
2024-01-22 12:20:24 +01:00
|
|
|
|
|
|
|
// GetStats returns the last handshake time, rx and tx bytes for the given peer
|
2024-10-02 18:24:22 +02:00
|
|
|
func (w *WGIface) GetStats(peerKey string) (configurer.WGStats, error) {
|
|
|
|
return w.configurer.GetStats(peerKey)
|
2024-01-22 12:20:24 +01:00
|
|
|
}
|
2024-09-02 19:19:14 +02:00
|
|
|
|
|
|
|
func (w *WGIface) waitUntilRemoved() error {
|
|
|
|
maxWaitTime := 5 * time.Second
|
|
|
|
timeout := time.NewTimer(maxWaitTime)
|
|
|
|
defer timeout.Stop()
|
|
|
|
|
|
|
|
for {
|
|
|
|
iface, err := net.InterfaceByName(w.Name())
|
|
|
|
if err != nil {
|
|
|
|
if _, ok := err.(*net.OpError); ok {
|
|
|
|
log.Infof("interface %s has been removed", w.Name())
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
log.Debugf("failed to get interface by name %s: %v", w.Name(), err)
|
|
|
|
} else if iface == nil {
|
|
|
|
log.Infof("interface %s has been removed", w.Name())
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
select {
|
|
|
|
case <-timeout.C:
|
|
|
|
return fmt.Errorf("timeout when waiting for interface %s to be removed", w.Name())
|
|
|
|
default:
|
|
|
|
time.Sleep(100 * time.Millisecond)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|