mirror of
https://github.com/openziti/zrok.git
synced 2024-12-29 01:58:56 +01:00
268 lines
5.5 KiB
Go
268 lines
5.5 KiB
Go
package vpn
|
|
|
|
import (
|
|
"encoding/json"
|
|
"github.com/google/go-cmp/cmp"
|
|
"github.com/net-byte/vtun/common/config"
|
|
"github.com/net-byte/vtun/tun"
|
|
_ "github.com/net-byte/vtun/tun"
|
|
"github.com/net-byte/water"
|
|
"github.com/openziti/sdk-golang/ziti"
|
|
"github.com/openziti/sdk-golang/ziti/edge"
|
|
"github.com/openziti/zrok/endpoints"
|
|
cmap "github.com/orcaman/concurrent-map/v2"
|
|
"github.com/pkg/errors"
|
|
"github.com/sirupsen/logrus"
|
|
"github.com/songgao/water/waterutil"
|
|
"io"
|
|
"net"
|
|
"strconv"
|
|
"sync/atomic"
|
|
"time"
|
|
)
|
|
|
|
type BackendConfig struct {
|
|
IdentityPath string
|
|
EndpointAddress string
|
|
ShrToken string
|
|
RequestsChan chan *endpoints.Request
|
|
}
|
|
|
|
type client struct {
|
|
conn net.Conn
|
|
}
|
|
|
|
type Backend struct {
|
|
cfg *BackendConfig
|
|
listener edge.Listener
|
|
|
|
addr net.IP
|
|
addr6 net.IP
|
|
subnet *net.IPNet
|
|
subnet6 *net.IPNet
|
|
tun *water.Interface
|
|
mtu int
|
|
|
|
counter atomic.Uint32
|
|
clients cmap.ConcurrentMap[dest, *client]
|
|
}
|
|
|
|
func NewBackend(cfg *BackendConfig) (*Backend, error) {
|
|
|
|
options := ziti.ListenOptions{
|
|
ConnectTimeout: 5 * time.Minute,
|
|
WaitForNEstablishedListeners: 1,
|
|
}
|
|
zcfg, err := ziti.NewConfigFromFile(cfg.IdentityPath)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "error loading config")
|
|
}
|
|
zctx, err := ziti.NewContext(zcfg)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "error loading ziti context")
|
|
}
|
|
listener, err := zctx.ListenWithOptions(cfg.ShrToken, &options)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "error listening")
|
|
}
|
|
|
|
addr6 := zrokIPv6Addr
|
|
addr4 := zrokIPv4Addr
|
|
sub4 := zrokIPv4
|
|
sub6 := zrokIPv6
|
|
|
|
if cfg.EndpointAddress != "" {
|
|
addr4, sub4, err = net.ParseCIDR(cfg.EndpointAddress)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "failed to parse VPN subnet config")
|
|
}
|
|
}
|
|
|
|
b := &Backend{
|
|
cfg: cfg,
|
|
listener: listener,
|
|
mtu: ZROK_VPN_MTU,
|
|
clients: cmap.NewWithCustomShardingFunction[dest, *client](func(key dest) uint32 {
|
|
return key.toInt32()
|
|
}),
|
|
addr: addr4,
|
|
addr6: addr6,
|
|
subnet: sub4,
|
|
subnet6: sub6,
|
|
}
|
|
b.counter.Store(1)
|
|
return b, nil
|
|
}
|
|
|
|
func (b *Backend) readTun() {
|
|
buf := make([]byte, ZROK_VPN_MTU)
|
|
for {
|
|
n, err := b.tun.Read(buf)
|
|
if err != nil {
|
|
logrus.WithError(err).Error("failed to read tun device")
|
|
// handle? error
|
|
panic(err)
|
|
return
|
|
}
|
|
pkt := packet(buf[:n])
|
|
if !waterutil.IsIPv4(pkt) {
|
|
continue
|
|
}
|
|
|
|
logrus.WithField("packet", pkt).Trace("read from tun device")
|
|
dest := pkt.destination()
|
|
if clt, ok := b.clients.Get(dest); ok {
|
|
_, err := clt.conn.Write(pkt)
|
|
if err != nil {
|
|
b.cfg.RequestsChan <- &endpoints.Request{
|
|
Stamp: time.Now(),
|
|
RemoteAddr: dest.String(),
|
|
Method: "DISCONNECTED",
|
|
}
|
|
|
|
logrus.WithError(err).Errorf("failed to write packet to clt[%v]", dest)
|
|
_ = clt.conn.Close()
|
|
b.clients.Remove(dest)
|
|
}
|
|
} else {
|
|
if b.subnet.Contains(net.IP(dest.addr[:])) {
|
|
logrus.Errorf("no client with address[%v]", dest)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func (b *Backend) Run() error {
|
|
logrus.Info("started")
|
|
defer logrus.Info("exited")
|
|
|
|
bits, _ := b.subnet.Mask.Size()
|
|
bits6, _ := b.subnet6.Mask.Size()
|
|
|
|
tunCfg := config.Config{
|
|
ServerIP: b.addr.String(),
|
|
ServerIPv6: b.addr6.String(),
|
|
CIDR: b.addr.String() + "/" + strconv.Itoa(bits),
|
|
CIDRv6: b.addr6.String() + "/" + strconv.Itoa(bits6),
|
|
MTU: ZROK_VPN_MTU,
|
|
Verbose: true,
|
|
}
|
|
logrus.Infof("%+v", tunCfg)
|
|
b.tun = tun.CreateTun(tunCfg)
|
|
defer func() {
|
|
_ = b.tun.Close()
|
|
}()
|
|
|
|
go b.readTun()
|
|
|
|
for {
|
|
if conn, err := b.listener.Accept(); err == nil {
|
|
go b.handle(conn)
|
|
} else {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
|
|
func (b *Backend) handle(conn net.Conn) {
|
|
defer func(conn net.Conn) {
|
|
_ = conn.Close()
|
|
}(conn)
|
|
|
|
ipv4, ipv6 := b.nextIP()
|
|
ip := ipToDest(ipv4)
|
|
|
|
bits, _ := b.subnet.Mask.Size()
|
|
bits6, _ := b.subnet6.Mask.Size()
|
|
|
|
cfg := &ClientConfig{
|
|
Greeting: "Welcome to zrok VPN",
|
|
ServerIP: b.addr.String(),
|
|
ServerIPv6: b.addr6.String(),
|
|
CIDR: ipv4.String() + "/" + strconv.Itoa(bits),
|
|
CIDR6: ipv6.String() + "/" + strconv.Itoa(bits6),
|
|
MTU: b.mtu,
|
|
}
|
|
|
|
b.cfg.RequestsChan <- &endpoints.Request{
|
|
Stamp: time.Now(),
|
|
RemoteAddr: ipv4.String(),
|
|
Method: "CONNECTED",
|
|
Path: cfg.ServerIP,
|
|
}
|
|
|
|
j, err := json.Marshal(&cfg)
|
|
if err != nil {
|
|
logrus.WithError(err).Error("failed to write client VPN config")
|
|
return
|
|
}
|
|
_, err = conn.Write(j)
|
|
if err != nil {
|
|
logrus.WithError(err).Error("failed to write client VPN config")
|
|
return
|
|
}
|
|
|
|
clt := &client{conn: conn}
|
|
b.clients.Set(ip, clt)
|
|
|
|
buf := make([]byte, b.mtu)
|
|
for {
|
|
read, err := conn.Read(buf)
|
|
if err != nil {
|
|
if err != io.EOF {
|
|
logrus.WithError(err).Error("read error")
|
|
}
|
|
b.cfg.RequestsChan <- &endpoints.Request{
|
|
Stamp: time.Now(),
|
|
RemoteAddr: ipv4.String(),
|
|
Method: "DISCONNECTED",
|
|
}
|
|
return
|
|
}
|
|
pkt := packet(buf[:read])
|
|
logrus.WithField("packet", pkt).Trace("read from ziti")
|
|
_, err = b.tun.Write(pkt)
|
|
if err != nil {
|
|
logrus.WithError(err).Error("failed to write packet to tun")
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
func (b *Backend) nextIP() (net.IP, net.IP) {
|
|
ip4 := make([]byte, len(b.subnet.IP))
|
|
for {
|
|
copy(ip4, b.subnet.IP)
|
|
n := b.counter.Add(1)
|
|
if n == 0 {
|
|
continue
|
|
}
|
|
|
|
for i := 0; i < len(ip4); i++ {
|
|
b := (n >> (i * 8)) % 0xff
|
|
ip4[len(ip4)-1-i] ^= byte(b)
|
|
}
|
|
|
|
// subnet overflow
|
|
if !b.subnet.Contains(ip4) {
|
|
b.counter.Store(1)
|
|
continue
|
|
}
|
|
|
|
if cmp.Equal(b.addr, ip4) {
|
|
continue
|
|
}
|
|
|
|
if b.clients.Has(ipToDest(ip4)) {
|
|
continue
|
|
}
|
|
|
|
break
|
|
}
|
|
|
|
ip6 := append([]byte{}, b.subnet6.IP...)
|
|
copy(ip6[net.IPv6len-net.IPv4len:], ip4)
|
|
|
|
return ip4, ip6
|
|
}
|