zrok/endpoints/vpn/backend.go

206 lines
4.3 KiB
Go
Raw Normal View History

2024-04-11 14:25:44 +02:00
package vpn
import (
"encoding/json"
2024-04-11 19:01:34 +02:00
"github.com/net-byte/vtun/common/config"
"github.com/net-byte/vtun/tun"
2024-04-11 14:25:44 +02:00
_ "github.com/net-byte/vtun/tun"
2024-04-11 19:01:34 +02:00
"github.com/net-byte/water"
2024-04-11 14:25:44 +02:00
"github.com/openziti/sdk-golang/ziti"
"github.com/openziti/sdk-golang/ziti/edge"
"github.com/openziti/zrok/endpoints"
2024-04-11 19:01:34 +02:00
cmap "github.com/orcaman/concurrent-map/v2"
2024-04-11 14:25:44 +02:00
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/songgao/water/waterutil"
2024-04-11 20:02:14 +02:00
"io"
2024-04-11 14:25:44 +02:00
"net"
2024-04-11 19:01:34 +02:00
"sync/atomic"
2024-04-11 14:25:44 +02:00
"time"
)
type BackendConfig struct {
IdentityPath string
EndpointAddress string
ShrToken string
RequestsChan chan *endpoints.Request
}
2024-04-11 19:01:34 +02:00
type client struct {
conn net.Conn
}
2024-04-11 14:25:44 +02:00
type Backend struct {
cfg *BackendConfig
listener edge.Listener
cidr net.IPAddr
2024-04-11 19:01:34 +02:00
tun *water.Interface
mtu int
counter atomic.Uint32
clients cmap.ConcurrentMap[dest, *client]
2024-04-11 14:25:44 +02:00
}
func NewBackend(cfg *BackendConfig) (*Backend, error) {
options := ziti.ListenOptions{
ConnectTimeout: 5 * time.Minute,
WaitForNEstablishedListeners: 1,
}
zcfg, err := ziti.NewConfigFromFile(cfg.IdentityPath)
if err != nil {
return nil, errors.Wrap(err, "error loading config")
}
zctx, err := ziti.NewContext(zcfg)
if err != nil {
return nil, errors.Wrap(err, "error loading ziti context")
}
listener, err := zctx.ListenWithOptions(cfg.ShrToken, &options)
if err != nil {
return nil, errors.Wrap(err, "error listening")
}
b := &Backend{
cfg: cfg,
listener: listener,
2024-04-11 19:01:34 +02:00
mtu: ZROK_VPN_MTU,
clients: cmap.NewWithCustomShardingFunction[dest, *client](func(key dest) uint32 {
return key.toInt32()
}),
2024-04-11 14:25:44 +02:00
}
2024-04-11 19:01:34 +02:00
b.counter.Store(1)
2024-04-11 14:25:44 +02:00
return b, nil
}
2024-04-11 19:01:34 +02:00
func (b *Backend) readTun() {
buf := make([]byte, ZROK_VPN_MTU)
for {
n, err := b.tun.Read(buf)
if err != nil {
logrus.WithError(err).Error("failed to read tun device")
// handle? error
panic(err)
return
}
pkt := packet(buf[:n])
if !waterutil.IsIPv4(pkt) {
continue
}
logrus.WithField("packet", pkt).Trace("read from tun device")
dest := pkt.destination()
if clt, ok := b.clients.Get(dest); ok {
_, err := clt.conn.Write(pkt)
if err != nil {
2024-04-11 20:02:14 +02:00
b.cfg.RequestsChan <- &endpoints.Request{
Stamp: time.Now(),
RemoteAddr: dest.String(),
Method: "DISCONNECTED",
}
2024-04-11 19:01:34 +02:00
logrus.WithError(err).Errorf("failed to write packet to clt[%v]", dest)
_ = clt.conn.Close()
b.clients.Remove(dest)
}
} else {
logrus.Errorf("no client with address[%v]", dest)
}
}
}
2024-04-11 14:25:44 +02:00
func (b *Backend) Run() error {
logrus.Info("started")
defer logrus.Info("exited")
2024-04-11 19:01:34 +02:00
tunCfg := config.Config{
ServerIP: "192.168.127.1",
ServerIPv6: "fced::ffff:c0a8:7f01",
CIDR: "192.168.127.1/24",
CIDRv6: "fced::ffff:c0a8:7f01/64",
MTU: ZROK_VPN_MTU,
Verbose: true,
}
b.tun = tun.CreateTun(tunCfg)
defer func() {
_ = b.tun.Close()
}()
go b.readTun()
2024-04-11 14:25:44 +02:00
for {
if conn, err := b.listener.Accept(); err == nil {
go b.handle(conn)
} else {
return err
}
}
}
func (b *Backend) handle(conn net.Conn) {
defer func(conn net.Conn) {
_ = conn.Close()
}(conn)
2024-04-11 19:01:34 +02:00
num := uint32(0)
for num == 0 || num == 1 {
num = b.counter.Add(1)
num = num % 256
}
ipv4 := net.IPv4(192, 168, 127, byte(num))
ip := ipToDest(ipv4)
2024-04-11 14:25:44 +02:00
cfg := &ClientConfig{
Greeting: "Welcome to zrok VPN",
2024-04-11 19:01:34 +02:00
IP: ipv4.String(),
ServerIP: "192.168.127.1",
CIDR: ipv4.String() + "/24",
MTU: b.mtu,
2024-04-11 14:25:44 +02:00
}
2024-04-11 19:01:34 +02:00
2024-04-11 20:02:14 +02:00
b.cfg.RequestsChan <- &endpoints.Request{
Stamp: time.Now(),
RemoteAddr: ipv4.String(),
Method: "CONNECTED",
Path: cfg.ServerIP,
}
2024-04-11 14:25:44 +02:00
j, err := json.Marshal(&cfg)
if err != nil {
2024-04-11 19:01:34 +02:00
logrus.WithError(err).Error("failed to write client VPN config")
return
}
_, err = conn.Write(j)
if err != nil {
logrus.WithError(err).Error("failed to write client VPN config")
2024-04-11 14:25:44 +02:00
return
}
2024-04-11 19:01:34 +02:00
clt := &client{conn: conn}
b.clients.Set(ip, clt)
buf := make([]byte, b.mtu)
2024-04-11 14:25:44 +02:00
for {
read, err := conn.Read(buf)
if err != nil {
2024-04-11 20:02:14 +02:00
if err != io.EOF {
logrus.WithError(err).Error("read error")
}
b.cfg.RequestsChan <- &endpoints.Request{
Stamp: time.Now(),
RemoteAddr: ipv4.String(),
Method: "DISCONNECTED",
}
2024-04-11 14:25:44 +02:00
return
}
2024-04-11 19:01:34 +02:00
pkt := packet(buf[:read])
2024-04-11 20:02:14 +02:00
logrus.WithField("packet", pkt).Trace("read from ziti")
2024-04-11 19:01:34 +02:00
_, err = b.tun.Write(pkt)
if err != nil {
logrus.WithError(err).Error("failed to write packet to tun")
2024-04-11 20:02:14 +02:00
return
2024-04-11 19:01:34 +02:00
}
2024-04-11 14:25:44 +02:00
}
}