netbird/iface/bind.go

package iface

import (
	"errors"
	"fmt"
	"github.com/pion/stun"
	log "github.com/sirupsen/logrus"
	"golang.zx2c4.com/wireguard/conn"
	"net"
	"net/netip"
	"sync"
	"syscall"
)

type BindMux interface {
	HandleSTUNMessage(msg *stun.Message, addr net.Addr) error
	Type() string
}

type ICEBind struct {
	sharedConn net.PacketConn
	udpMux     *UniversalUDPMuxDefault
	iceHostMux *UDPMuxDefault

	endpointMap map[string]net.PacketConn

	mu sync.Mutex // protects following fields
}

func (b *ICEBind) GetICEMux() (UniversalUDPMux, error) {
	b.mu.Lock()
	defer b.mu.Unlock()
	if b.udpMux == nil {
		return nil, fmt.Errorf("ICEBind has not been initialized yet")
	}

	return b.udpMux, nil
}

func (b *ICEBind) GetICEHostMux() (UDPMux, error) {
	b.mu.Lock()
	defer b.mu.Unlock()
	if b.iceHostMux == nil {
		return nil, fmt.Errorf("ICEBind has not been initialized yet")
	}

	return b.iceHostMux, nil
}

func (b *ICEBind) Open(uport uint16) ([]conn.ReceiveFunc, uint16, error) {
	b.mu.Lock()
	defer b.mu.Unlock()

	if b.sharedConn != nil {
		return nil, 0, conn.ErrBindAlreadyOpen
	}

	b.endpointMap = make(map[string]net.PacketConn)

	port := int(uport)
	ipv4Conn, port, err := listenNet("udp4", port)
	if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) {
		return nil, 0, err
	}
	b.sharedConn = ipv4Conn
	b.udpMux = NewUniversalUDPMuxDefault(UniversalUDPMuxParams{UDPConn: b.sharedConn})

	portAddr1, err := netip.ParseAddrPort(ipv4Conn.LocalAddr().String())
	if err != nil {
		return nil, 0, err
	}

	log.Infof("opened ICEBind on %s", ipv4Conn.LocalAddr().String())

	return []conn.ReceiveFunc{
			b.makeReceiveIPv4(b.sharedConn),
		},
		portAddr1.Port(), nil
}

func listenNet(network string, port int) (*net.UDPConn, int, error) {
	conn, err := net.ListenUDP(network, &net.UDPAddr{Port: port})
	if err != nil {
		return nil, 0, err
	}

	// Retrieve port.
	laddr := conn.LocalAddr()
	uaddr, err := net.ResolveUDPAddr(
		laddr.Network(),
		laddr.String(),
	)
	if err != nil {
		return nil, 0, err
	}
	return conn, uaddr.Port, nil
}

func parseSTUNMessage(raw []byte) (*stun.Message, error) {
	msg := &stun.Message{
		Raw: append([]byte{}, raw...),
	}
	if err := msg.Decode(); err != nil {
		return nil, err
	}

	return msg, nil
}

func (b *ICEBind) makeReceiveIPv4(c net.PacketConn) conn.ReceiveFunc {
	return func(buff []byte) (int, conn.Endpoint, error) {
		n, endpoint, err := c.ReadFrom(buff)
		if err != nil {
			return 0, nil, err
		}
		e, err := netip.ParseAddrPort(endpoint.String())
		if err != nil {
			return 0, nil, err
		}
		if !stun.IsMessage(buff[:20]) {
			// WireGuard traffic
			return n, (*conn.StdNetEndpoint)(&net.UDPAddr{
				IP:   e.Addr().AsSlice(),
				Port: int(e.Port()),
				Zone: e.Addr().Zone(),
			}), nil
		}

		msg, err := parseSTUNMessage(buff[:n])
		if err != nil {
			return 0, nil, err
		}

		b.mu.Lock()
		if _, ok := b.endpointMap[e.String()]; !ok {
			b.endpointMap[e.String()] = c
			log.Infof("added endpoint %s", e.String())
		}
		b.mu.Unlock()

		err = b.udpMux.HandleSTUNMessage(msg, endpoint)
		if err != nil {
			return 0, nil, err
		}
		if err != nil {
			log.Warnf("failed to handle packet")
		}

		// discard packets because they are STUN related
		return 0, nil, nil //todo proper return
	}
}

func (b *ICEBind) Close() error {
	b.mu.Lock()
	defer b.mu.Unlock()

	var err1, err2 error
	if b.sharedConn != nil {
		c := b.sharedConn
		b.sharedConn = nil
		err1 = c.Close()
	}

	if b.udpMux != nil {
		m := b.udpMux
		b.udpMux = nil
		err2 = m.Close()
	}

	if err1 != nil {
		return err1
	}

	return err2
}

// SetMark sets the mark for each packet sent through this Bind.
// This mark is passed to the kernel as the socket option SO_MARK.
func (b *ICEBind) SetMark(mark uint32) error {
	return nil
}

func (b *ICEBind) Send(buff []byte, endpoint conn.Endpoint) error {
	nend, ok := endpoint.(*conn.StdNetEndpoint)
	if !ok {
		return conn.ErrWrongEndpointType
	}

	b.mu.Lock()
	co := b.endpointMap[(*net.UDPAddr)(nend).String()]

	if co == nil {
		// todo proper handling
		// todo without it relayed connections didn't work. investigate
		log.Warnf("conn not found for endpoint %s", (*net.UDPAddr)(nend).String())
		co = b.sharedConn
		b.endpointMap[(*net.UDPAddr)(nend).String()] = b.sharedConn
		//return conn.ErrWrongEndpointType
	}
	b.mu.Unlock()

	_, err := co.WriteTo(buff, (*net.UDPAddr)(nend))
	return err
}

// ParseEndpoint creates a new endpoint from a string.
func (b *ICEBind) ParseEndpoint(s string) (ep conn.Endpoint, err error) {
	e, err := netip.ParseAddrPort(s)
	return (*conn.StdNetEndpoint)(&net.UDPAddr{
		IP:   e.Addr().AsSlice(),
		Port: int(e.Port()),
		Zone: e.Addr().Zone(),
	}), err
}
Bind test 2022-09-04 22:52:52 +02:00			`package iface`

			`import (`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`"errors"`
			`"fmt"`
			`"github.com/pion/stun"`
			`log "github.com/sirupsen/logrus"`
Bind test 2022-09-04 22:52:52 +02:00			`"golang.zx2c4.com/wireguard/conn"`
			`"net"`
			`"net/netip"`
			`"sync"`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`"syscall"`
Bind test 2022-09-04 22:52:52 +02:00			`)`

Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`type BindMux interface {`
Refactor UDP mux to handle STUN only messages 2022-09-07 18:49:15 +02:00			`HandleSTUNMessage(msg *stun.Message, addr net.Addr) error`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`Type() string`
			`}`

Implement ICEBind 2022-09-06 20:06:51 +02:00			`type ICEBind struct {`
Single Mux 2022-09-07 18:39:58 +02:00			`sharedConn net.PacketConn`
			`udpMux *UniversalUDPMuxDefault`
			`iceHostMux *UDPMuxDefault`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00
			`endpointMap map[string]net.PacketConn`
Working single channel bind 2022-09-05 02:03:16 +02:00
Implement ICEBind 2022-09-06 20:06:51 +02:00			`mu sync.Mutex // protects following fields`
Bind test 2022-09-04 22:52:52 +02:00			`}`

Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`func (b *ICEBind) GetICEMux() (UniversalUDPMux, error) {`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`b.mu.Lock()`
			`defer b.mu.Unlock()`
Single Mux 2022-09-07 18:39:58 +02:00			`if b.udpMux == nil {`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`return nil, fmt.Errorf("ICEBind has not been initialized yet")`
			`}`
Working single channel bind 2022-09-05 02:03:16 +02:00
Single Mux 2022-09-07 18:39:58 +02:00			`return b.udpMux, nil`
Bind test 2022-09-04 22:52:52 +02:00			`}`

Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`func (b *ICEBind) GetICEHostMux() (UDPMux, error) {`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`b.mu.Lock()`
			`defer b.mu.Unlock()`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`if b.iceHostMux == nil {`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`return nil, fmt.Errorf("ICEBind has not been initialized yet")`
			`}`
Bind test 2022-09-04 22:52:52 +02:00
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`return b.iceHostMux, nil`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`}`
Bind test 2022-09-04 22:52:52 +02:00
Implement ICEBind 2022-09-06 20:06:51 +02:00			`func (b *ICEBind) Open(uport uint16) ([]conn.ReceiveFunc, uint16, error) {`
			`b.mu.Lock()`
			`defer b.mu.Unlock()`
Bind test 2022-09-04 22:52:52 +02:00
Implement ICEBind 2022-09-06 20:06:51 +02:00			`if b.sharedConn != nil {`
			`return nil, 0, conn.ErrBindAlreadyOpen`
			`}`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00
			`b.endpointMap = make(map[string]net.PacketConn)`
Bind test 2022-09-04 22:52:52 +02:00
Implement ICEBind 2022-09-06 20:06:51 +02:00			`port := int(uport)`
			`ipv4Conn, port, err := listenNet("udp4", port)`
			`if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) {`
			`return nil, 0, err`
			`}`
			`b.sharedConn = ipv4Conn`
Single Mux 2022-09-07 18:39:58 +02:00			`b.udpMux = NewUniversalUDPMuxDefault(UniversalUDPMuxParams{UDPConn: b.sharedConn})`
Bind test 2022-09-04 22:52:52 +02:00
Single Mux 2022-09-07 18:39:58 +02:00			`portAddr1, err := netip.ParseAddrPort(ipv4Conn.LocalAddr().String())`
Working single channel bind 2022-09-05 02:03:16 +02:00			`if err != nil {`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`return nil, 0, err`
Bind test 2022-09-04 22:52:52 +02:00			`}`
Single Mux 2022-09-07 18:39:58 +02:00
			`log.Infof("opened ICEBind on %s", ipv4Conn.LocalAddr().String())`

Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`return []conn.ReceiveFunc{`
Single Mux 2022-09-07 18:39:58 +02:00			`b.makeReceiveIPv4(b.sharedConn),`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`},`
Single Mux 2022-09-07 18:39:58 +02:00			`portAddr1.Port(), nil`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`}`

			`func listenNet(network string, port int) (*net.UDPConn, int, error) {`
			`conn, err := net.ListenUDP(network, &net.UDPAddr{Port: port})`
Working single channel bind 2022-09-05 02:03:16 +02:00			`if err != nil {`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`return nil, 0, err`
Bind test 2022-09-04 22:52:52 +02:00			`}`
Implement ICEBind 2022-09-06 20:06:51 +02:00
			`// Retrieve port.`
			`laddr := conn.LocalAddr()`
			`uaddr, err := net.ResolveUDPAddr(`
			`laddr.Network(),`
			`laddr.String(),`
			`)`
			`if err != nil {`
			`return nil, 0, err`
Bind test 2022-09-04 22:52:52 +02:00			`}`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`return conn, uaddr.Port, nil`
Working single channel bind 2022-09-05 02:03:16 +02:00			`}`
Bind test 2022-09-04 22:52:52 +02:00
Add more logging 2022-09-07 19:02:17 +02:00			`func parseSTUNMessage(raw []byte) (*stun.Message, error) {`
Refactor UDP mux to handle STUN only messages 2022-09-07 18:49:15 +02:00			`msg := &stun.Message{`
			`Raw: append([]byte{}, raw...),`
			`}`
			`if err := msg.Decode(); err != nil {`
			`return nil, err`
			`}`

			`return msg, nil`
			`}`

Single Mux 2022-09-07 18:39:58 +02:00			`func (b *ICEBind) makeReceiveIPv4(c net.PacketConn) conn.ReceiveFunc {`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`return func(buff []byte) (int, conn.Endpoint, error) {`
			`n, endpoint, err := c.ReadFrom(buff)`
			`if err != nil {`
			`return 0, nil, err`
			`}`
			`e, err := netip.ParseAddrPort(endpoint.String())`
			`if err != nil {`
			`return 0, nil, err`
			`}`
Check for stun packet with a fixed size 2022-09-06 21:07:21 +02:00			`if !stun.IsMessage(buff[:20]) {`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`// WireGuard traffic`
			`return n, (*conn.StdNetEndpoint)(&net.UDPAddr{`
			`IP: e.Addr().AsSlice(),`
			`Port: int(e.Port()),`
			`Zone: e.Addr().Zone(),`
			`}), nil`
			`}`
Single Mux 2022-09-07 18:39:58 +02:00
Add more logging 2022-09-07 19:02:17 +02:00			`msg, err := parseSTUNMessage(buff[:n])`
Refactor UDP mux to handle STUN only messages 2022-09-07 18:49:15 +02:00			`if err != nil {`
			`return 0, nil, err`
			`}`

			`b.mu.Lock()`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`if _, ok := b.endpointMap[e.String()]; !ok {`
			`b.endpointMap[e.String()] = c`
Single Mux 2022-09-07 18:39:58 +02:00			`log.Infof("added endpoint %s", e.String())`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`}`
			`b.mu.Unlock()`

Refactor UDP mux to handle STUN only messages 2022-09-07 18:49:15 +02:00			`err = b.udpMux.HandleSTUNMessage(msg, endpoint)`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`if err != nil {`
			`return 0, nil, err`
Bind test 2022-09-04 22:52:52 +02:00			`}`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`if err != nil {`
			`log.Warnf("failed to handle packet")`
			`}`

			`// discard packets because they are STUN related`
			`return 0, nil, nil //todo proper return`
Bind test 2022-09-04 22:52:52 +02:00			`}`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`}`

			`func (b *ICEBind) Close() error {`
			`b.mu.Lock()`
			`defer b.mu.Unlock()`

Single Mux 2022-09-07 18:39:58 +02:00			`var err1, err2 error`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`if b.sharedConn != nil {`
			`c := b.sharedConn`
			`b.sharedConn = nil`
			`err1 = c.Close()`
			`}`

Single Mux 2022-09-07 18:39:58 +02:00			`if b.udpMux != nil {`
			`m := b.udpMux`
			`b.udpMux = nil`
			`err2 = m.Close()`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`}`

			`if err1 != nil {`
			`return err1`
			`}`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00
Single Mux 2022-09-07 18:39:58 +02:00			`return err2`
Bind test 2022-09-04 22:52:52 +02:00			`}`

			`// SetMark sets the mark for each packet sent through this Bind.`
			`// This mark is passed to the kernel as the socket option SO_MARK.`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`func (b *ICEBind) SetMark(mark uint32) error {`
Bind test 2022-09-04 22:52:52 +02:00			`return nil`
			`}`

Implement ICEBind 2022-09-06 20:06:51 +02:00			`func (b *ICEBind) Send(buff []byte, endpoint conn.Endpoint) error {`
Bind test 2022-09-04 22:52:52 +02:00			`nend, ok := endpoint.(*conn.StdNetEndpoint)`
			`if !ok {`
			`return conn.ErrWrongEndpointType`
			`}`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00
			`b.mu.Lock()`
			`co := b.endpointMap[(*net.UDPAddr)(nend).String()]`
Fix TURN issue 2022-09-07 11:17:54 +02:00
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`if co == nil {`
			`// todo proper handling`
Fix TURN issue 2022-09-07 11:17:54 +02:00			`// todo without it relayed connections didn't work. investigate`
Proper endpoint log 2022-09-06 20:59:19 +02:00			`log.Warnf("conn not found for endpoint %s", (*net.UDPAddr)(nend).String())`
Fix TURN issue 2022-09-07 11:17:54 +02:00			`co = b.sharedConn`
			`b.endpointMap[(*net.UDPAddr)(nend).String()] = b.sharedConn`
			`//return conn.ErrWrongEndpointType`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00			`}`
Fix TURN issue 2022-09-07 11:17:54 +02:00			`b.mu.Unlock()`
Split UDPMux and UniversalUDPMux 2022-09-06 20:44:49 +02:00
			`_, err := co.WriteTo(buff, (*net.UDPAddr)(nend))`
Bind test 2022-09-04 22:52:52 +02:00			`return err`
			`}`

			`// ParseEndpoint creates a new endpoint from a string.`
Implement ICEBind 2022-09-06 20:06:51 +02:00			`func (b *ICEBind) ParseEndpoint(s string) (ep conn.Endpoint, err error) {`
Working single channel bind 2022-09-05 02:03:16 +02:00			`e, err := netip.ParseAddrPort(s)`
Bind test 2022-09-04 22:52:52 +02:00			`return (*conn.StdNetEndpoint)(&net.UDPAddr{`
Working single channel bind 2022-09-05 02:03:16 +02:00			`IP: e.Addr().AsSlice(),`
			`Port: int(e.Port()),`
			`Zone: e.Addr().Zone(),`
Bind test 2022-09-04 22:52:52 +02:00			`}), err`
			`}`