2024-10-22 20:53:14 +02:00
|
|
|
package udp
|
2024-09-25 18:50:10 +02:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2024-10-24 11:43:14 +02:00
|
|
|
"errors"
|
2024-09-25 18:50:10 +02:00
|
|
|
"fmt"
|
2024-10-24 11:43:14 +02:00
|
|
|
"io"
|
2024-09-25 18:50:10 +02:00
|
|
|
"net"
|
|
|
|
|
"sync"
|
|
|
|
|
|
|
|
|
|
"github.com/hashicorp/go-multierror"
|
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
|
|
2024-10-24 11:43:14 +02:00
|
|
|
cerrors "github.com/netbirdio/netbird/client/errors"
|
2024-09-25 18:50:10 +02:00
|
|
|
)
|
|
|
|
|
|
2024-10-22 20:53:14 +02:00
|
|
|
// WGUDPProxy proxies
|
|
|
|
|
type WGUDPProxy struct {
|
2024-09-25 18:50:10 +02:00
|
|
|
localWGListenPort int
|
|
|
|
|
|
|
|
|
|
remoteConn net.Conn
|
|
|
|
|
localConn net.Conn
|
2024-10-11 16:24:30 +02:00
|
|
|
ctx context.Context
|
|
|
|
|
cancel context.CancelFunc
|
2024-09-25 18:50:10 +02:00
|
|
|
closeMu sync.Mutex
|
|
|
|
|
closed bool
|
2024-10-11 16:24:30 +02:00
|
|
|
|
|
|
|
|
pausedMu sync.Mutex
|
|
|
|
|
paused bool
|
|
|
|
|
isStarted bool
|
2024-09-25 18:50:10 +02:00
|
|
|
}
|
|
|
|
|
|
2024-10-22 20:53:14 +02:00
|
|
|
// NewWGUDPProxy instantiate a UDP based WireGuard proxy. This is not a thread safe implementation
|
|
|
|
|
func NewWGUDPProxy(wgPort int) *WGUDPProxy {
|
2024-09-25 18:50:10 +02:00
|
|
|
log.Debugf("Initializing new user space proxy with port %d", wgPort)
|
2024-10-22 20:53:14 +02:00
|
|
|
p := &WGUDPProxy{
|
2024-09-25 18:50:10 +02:00
|
|
|
localWGListenPort: wgPort,
|
|
|
|
|
}
|
|
|
|
|
return p
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-11 16:24:30 +02:00
|
|
|
// AddTurnConn
|
|
|
|
|
// The provided Context must be non-nil. If the context expires before
|
|
|
|
|
// the connection is complete, an error is returned. Once successfully
|
|
|
|
|
// connected, any expiration of the context will not affect the
|
|
|
|
|
// connection.
|
2024-10-22 20:53:14 +02:00
|
|
|
func (p *WGUDPProxy) AddTurnConn(ctx context.Context, endpoint *net.UDPAddr, remoteConn net.Conn) error {
|
2024-09-25 18:50:10 +02:00
|
|
|
dialer := net.Dialer{}
|
2024-10-11 16:24:30 +02:00
|
|
|
localConn, err := dialer.DialContext(ctx, "udp", fmt.Sprintf(":%d", p.localWGListenPort))
|
2024-09-25 18:50:10 +02:00
|
|
|
if err != nil {
|
|
|
|
|
log.Errorf("failed dialing to local Wireguard port %s", err)
|
2024-10-11 16:24:30 +02:00
|
|
|
return err
|
2024-09-25 18:50:10 +02:00
|
|
|
}
|
|
|
|
|
|
2024-10-11 16:24:30 +02:00
|
|
|
p.ctx, p.cancel = context.WithCancel(ctx)
|
|
|
|
|
p.localConn = localConn
|
|
|
|
|
p.remoteConn = remoteConn
|
2024-09-25 18:50:10 +02:00
|
|
|
|
2024-10-11 16:24:30 +02:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-22 20:53:14 +02:00
|
|
|
func (p *WGUDPProxy) EndpointAddr() *net.UDPAddr {
|
2024-10-11 16:24:30 +02:00
|
|
|
if p.localConn == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
endpointUdpAddr, _ := net.ResolveUDPAddr(p.localConn.LocalAddr().Network(), p.localConn.LocalAddr().String())
|
|
|
|
|
return endpointUdpAddr
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Work starts the proxy or resumes it if it was paused
|
2024-10-22 20:53:14 +02:00
|
|
|
func (p *WGUDPProxy) Work() {
|
2024-10-11 16:24:30 +02:00
|
|
|
if p.remoteConn == nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p.pausedMu.Lock()
|
|
|
|
|
p.paused = false
|
|
|
|
|
p.pausedMu.Unlock()
|
|
|
|
|
|
|
|
|
|
if !p.isStarted {
|
|
|
|
|
p.isStarted = true
|
|
|
|
|
go p.proxyToRemote(p.ctx)
|
|
|
|
|
go p.proxyToLocal(p.ctx)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Pause pauses the proxy from receiving data from the remote peer
|
2024-10-22 20:53:14 +02:00
|
|
|
func (p *WGUDPProxy) Pause() {
|
2024-10-11 16:24:30 +02:00
|
|
|
if p.remoteConn == nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p.pausedMu.Lock()
|
|
|
|
|
p.paused = true
|
|
|
|
|
p.pausedMu.Unlock()
|
2024-09-25 18:50:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CloseConn close the localConn
|
2024-10-22 20:53:14 +02:00
|
|
|
func (p *WGUDPProxy) CloseConn() error {
|
2024-09-25 18:50:10 +02:00
|
|
|
if p.cancel == nil {
|
|
|
|
|
return fmt.Errorf("proxy not started")
|
|
|
|
|
}
|
|
|
|
|
return p.close()
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-22 20:53:14 +02:00
|
|
|
func (p *WGUDPProxy) close() error {
|
2024-09-25 18:50:10 +02:00
|
|
|
p.closeMu.Lock()
|
|
|
|
|
defer p.closeMu.Unlock()
|
|
|
|
|
|
|
|
|
|
// prevent double close
|
|
|
|
|
if p.closed {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
p.closed = true
|
|
|
|
|
|
|
|
|
|
p.cancel()
|
|
|
|
|
|
|
|
|
|
var result *multierror.Error
|
2024-11-11 14:18:38 +01:00
|
|
|
if err := p.remoteConn.Close(); err != nil && !errors.Is(err, net.ErrClosed) {
|
2024-09-25 18:50:10 +02:00
|
|
|
result = multierror.Append(result, fmt.Errorf("remote conn: %s", err))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := p.localConn.Close(); err != nil {
|
|
|
|
|
result = multierror.Append(result, fmt.Errorf("local conn: %s", err))
|
|
|
|
|
}
|
2024-10-24 11:43:14 +02:00
|
|
|
return cerrors.FormatErrorOrNil(result)
|
2024-09-25 18:50:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// proxyToRemote proxies from Wireguard to the RemoteKey
|
2024-10-22 20:53:14 +02:00
|
|
|
func (p *WGUDPProxy) proxyToRemote(ctx context.Context) {
|
2024-09-25 18:50:10 +02:00
|
|
|
defer func() {
|
|
|
|
|
if err := p.close(); err != nil {
|
|
|
|
|
log.Warnf("error in proxy to remote loop: %s", err)
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
buf := make([]byte, 1500)
|
2024-10-11 16:24:30 +02:00
|
|
|
for ctx.Err() == nil {
|
2024-09-25 18:50:10 +02:00
|
|
|
n, err := p.localConn.Read(buf)
|
|
|
|
|
if err != nil {
|
2024-10-11 16:24:30 +02:00
|
|
|
if ctx.Err() != nil {
|
2024-09-25 18:50:10 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
log.Debugf("failed to read from wg interface conn: %s", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, err = p.remoteConn.Write(buf[:n])
|
|
|
|
|
if err != nil {
|
2024-10-11 16:24:30 +02:00
|
|
|
if ctx.Err() != nil {
|
2024-09-25 18:50:10 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Debugf("failed to write to remote conn: %s", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// proxyToLocal proxies from the Remote peer to local WireGuard
|
2024-10-11 16:24:30 +02:00
|
|
|
// if the proxy is paused it will drain the remote conn and drop the packets
|
2024-10-22 20:53:14 +02:00
|
|
|
func (p *WGUDPProxy) proxyToLocal(ctx context.Context) {
|
2024-09-25 18:50:10 +02:00
|
|
|
defer func() {
|
|
|
|
|
if err := p.close(); err != nil {
|
2024-10-24 11:43:14 +02:00
|
|
|
if !errors.Is(err, io.EOF) {
|
|
|
|
|
log.Warnf("error in proxy to local loop: %s", err)
|
|
|
|
|
}
|
2024-09-25 18:50:10 +02:00
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
buf := make([]byte, 1500)
|
2024-10-11 16:24:30 +02:00
|
|
|
for {
|
2024-10-24 11:43:14 +02:00
|
|
|
n, err := p.remoteConnRead(ctx, buf)
|
2024-09-25 18:50:10 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-11 16:24:30 +02:00
|
|
|
p.pausedMu.Lock()
|
|
|
|
|
if p.paused {
|
|
|
|
|
p.pausedMu.Unlock()
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-25 18:50:10 +02:00
|
|
|
_, err = p.localConn.Write(buf[:n])
|
2024-10-11 16:24:30 +02:00
|
|
|
p.pausedMu.Unlock()
|
|
|
|
|
|
2024-09-25 18:50:10 +02:00
|
|
|
if err != nil {
|
2024-10-11 16:24:30 +02:00
|
|
|
if ctx.Err() != nil {
|
2024-09-25 18:50:10 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
log.Debugf("failed to write to wg interface conn: %s", err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-10-24 11:43:14 +02:00
|
|
|
|
|
|
|
|
func (p *WGUDPProxy) remoteConnRead(ctx context.Context, buf []byte) (n int, err error) {
|
|
|
|
|
n, err = p.remoteConn.Read(buf)
|
|
|
|
|
if err != nil {
|
|
|
|
|
if ctx.Err() != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
log.Errorf("failed to read from remote conn: %s, %s", p.remoteConn.LocalAddr(), err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
