2023-07-26 14:00:47 +02:00
|
|
|
package wgproxy
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"fmt"
|
2024-06-21 00:55:30 +02:00
|
|
|
"io"
|
2023-07-26 14:00:47 +02:00
|
|
|
"net"
|
|
|
|
|
|
|
|
log "github.com/sirupsen/logrus"
|
2024-04-08 18:56:52 +02:00
|
|
|
|
|
|
|
nbnet "github.com/netbirdio/netbird/util/net"
|
2023-07-26 14:00:47 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// WGUserSpaceProxy proxies
|
|
|
|
type WGUserSpaceProxy struct {
|
|
|
|
localWGListenPort int
|
|
|
|
ctx context.Context
|
|
|
|
cancel context.CancelFunc
|
|
|
|
|
|
|
|
remoteConn net.Conn
|
|
|
|
localConn net.Conn
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewWGUserSpaceProxy instantiate a user space WireGuard proxy
|
2024-05-07 18:50:34 +02:00
|
|
|
func NewWGUserSpaceProxy(ctx context.Context, wgPort int) *WGUserSpaceProxy {
|
|
|
|
log.Debugf("Initializing new user space proxy with port %d", wgPort)
|
2023-07-26 14:00:47 +02:00
|
|
|
p := &WGUserSpaceProxy{
|
|
|
|
localWGListenPort: wgPort,
|
|
|
|
}
|
2024-05-07 18:50:34 +02:00
|
|
|
p.ctx, p.cancel = context.WithCancel(ctx)
|
2023-07-26 14:00:47 +02:00
|
|
|
return p
|
|
|
|
}
|
|
|
|
|
|
|
|
// AddTurnConn start the proxy with the given remote conn
|
2024-05-07 18:50:34 +02:00
|
|
|
func (p *WGUserSpaceProxy) AddTurnConn(turnConn net.Conn) (net.Addr, error) {
|
|
|
|
p.remoteConn = turnConn
|
2023-07-26 14:00:47 +02:00
|
|
|
|
|
|
|
var err error
|
2024-05-07 18:50:34 +02:00
|
|
|
p.localConn, err = nbnet.NewDialer().DialContext(p.ctx, "udp", fmt.Sprintf(":%d", p.localWGListenPort))
|
2023-07-26 14:00:47 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Errorf("failed dialing to local Wireguard port %s", err)
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
go p.proxyToRemote()
|
|
|
|
go p.proxyToLocal()
|
|
|
|
|
|
|
|
return p.localConn.LocalAddr(), err
|
|
|
|
}
|
|
|
|
|
|
|
|
// CloseConn close the localConn
|
|
|
|
func (p *WGUserSpaceProxy) CloseConn() error {
|
|
|
|
p.cancel()
|
|
|
|
if p.localConn == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return p.localConn.Close()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Free doing nothing because this implementation of proxy does not have global state
|
|
|
|
func (p *WGUserSpaceProxy) Free() error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// proxyToRemote proxies everything from Wireguard to the RemoteKey peer
|
|
|
|
// blocks
|
|
|
|
func (p *WGUserSpaceProxy) proxyToRemote() {
|
|
|
|
buf := make([]byte, 1500)
|
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case <-p.ctx.Done():
|
|
|
|
return
|
|
|
|
default:
|
|
|
|
n, err := p.localConn.Read(buf)
|
|
|
|
if err != nil {
|
2024-06-25 15:13:08 +02:00
|
|
|
log.Debugf("failed to read from wg interface conn: %s", err)
|
2023-07-26 14:00:47 +02:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err = p.remoteConn.Write(buf[:n])
|
|
|
|
if err != nil {
|
2024-06-21 00:55:30 +02:00
|
|
|
if err == io.EOF {
|
|
|
|
p.cancel()
|
2024-06-25 15:13:08 +02:00
|
|
|
} else {
|
|
|
|
log.Debugf("failed to write to remote conn: %s", err)
|
2024-06-21 00:55:30 +02:00
|
|
|
}
|
2023-07-26 14:00:47 +02:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// proxyToLocal proxies everything from the RemoteKey peer to local Wireguard
|
|
|
|
// blocks
|
|
|
|
func (p *WGUserSpaceProxy) proxyToLocal() {
|
|
|
|
|
|
|
|
buf := make([]byte, 1500)
|
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case <-p.ctx.Done():
|
|
|
|
return
|
|
|
|
default:
|
|
|
|
n, err := p.remoteConn.Read(buf)
|
|
|
|
if err != nil {
|
2024-06-21 00:55:30 +02:00
|
|
|
if err == io.EOF {
|
|
|
|
p.cancel()
|
|
|
|
return
|
|
|
|
}
|
2024-06-25 15:13:08 +02:00
|
|
|
log.Errorf("failed to read from remote conn: %s", err)
|
2023-07-26 14:00:47 +02:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err = p.localConn.Write(buf[:n])
|
|
|
|
if err != nil {
|
2024-06-25 15:13:08 +02:00
|
|
|
log.Debugf("failed to write to wg interface conn: %s", err)
|
2023-07-26 14:00:47 +02:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|