diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-02-22 02:01:50 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-02-23 20:00:57 +0100 |
commit | a4f8e83d5d9f477554971e90e9ab85922f506ea9 (patch) | |
tree | 5249ac2dbdc8cbb6a7d2d40814b07d7d1f38ad4d | |
parent | c69481f1b3b4b37b9c16f997a5d8d91367d9bfee (diff) |
conn: make binds replacable
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | conn/bind_linux.go (renamed from conn/conn_linux.go) | 108 | ||||
-rw-r--r-- | conn/bind_std.go (renamed from conn/conn_default.go) | 81 | ||||
-rw-r--r-- | conn/boundif_android.go | 4 | ||||
-rw-r--r-- | conn/boundif_windows.go | 4 | ||||
-rw-r--r-- | conn/conn.go | 43 | ||||
-rw-r--r-- | conn/default.go | 10 | ||||
-rw-r--r-- | conn/mark_default.go | 2 | ||||
-rw-r--r-- | conn/mark_unix.go | 4 | ||||
-rw-r--r-- | device/device.go | 13 | ||||
-rw-r--r-- | device/device_test.go | 5 | ||||
-rw-r--r-- | device/peer.go | 9 | ||||
-rw-r--r-- | device/sticky_default.go | 2 | ||||
-rw-r--r-- | device/sticky_linux.go | 15 | ||||
-rw-r--r-- | device/uapi.go | 3 | ||||
-rw-r--r-- | main.go | 3 | ||||
-rw-r--r-- | main_windows.go | 3 |
16 files changed, 160 insertions, 149 deletions
diff --git a/conn/conn_linux.go b/conn/bind_linux.go index 58b7de1..4199809 100644 --- a/conn/conn_linux.go +++ b/conn/bind_linux.go @@ -1,5 +1,3 @@ -// +build !android - /* SPDX-License-Identifier: MIT * * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved. @@ -18,55 +16,59 @@ import ( "golang.org/x/sys/unix" ) -type IPv4Source struct { +type ipv4Source struct { Src [4]byte Ifindex int32 } -type IPv6Source struct { +type ipv6Source struct { src [16]byte - //ifindex belongs in dst.ZoneId + // ifindex belongs in dst.ZoneId } -type NativeEndpoint struct { +type LinuxSocketEndpoint struct { sync.Mutex dst [unsafe.Sizeof(unix.SockaddrInet6{})]byte - src [unsafe.Sizeof(IPv6Source{})]byte + src [unsafe.Sizeof(ipv6Source{})]byte isV6 bool } -func (endpoint *NativeEndpoint) Src4() *IPv4Source { return endpoint.src4() } -func (endpoint *NativeEndpoint) Dst4() *unix.SockaddrInet4 { return endpoint.dst4() } -func (endpoint *NativeEndpoint) IsV6() bool { return endpoint.isV6 } +func (endpoint *LinuxSocketEndpoint) Src4() *ipv4Source { return endpoint.src4() } +func (endpoint *LinuxSocketEndpoint) Dst4() *unix.SockaddrInet4 { return endpoint.dst4() } +func (endpoint *LinuxSocketEndpoint) IsV6() bool { return endpoint.isV6 } -func (endpoint *NativeEndpoint) src4() *IPv4Source { - return (*IPv4Source)(unsafe.Pointer(&endpoint.src[0])) +func (endpoint *LinuxSocketEndpoint) src4() *ipv4Source { + return (*ipv4Source)(unsafe.Pointer(&endpoint.src[0])) } -func (endpoint *NativeEndpoint) src6() *IPv6Source { - return (*IPv6Source)(unsafe.Pointer(&endpoint.src[0])) +func (endpoint *LinuxSocketEndpoint) src6() *ipv6Source { + return (*ipv6Source)(unsafe.Pointer(&endpoint.src[0])) } -func (endpoint *NativeEndpoint) dst4() *unix.SockaddrInet4 { +func (endpoint *LinuxSocketEndpoint) dst4() *unix.SockaddrInet4 { return (*unix.SockaddrInet4)(unsafe.Pointer(&endpoint.dst[0])) } -func (endpoint *NativeEndpoint) dst6() *unix.SockaddrInet6 { +func (endpoint *LinuxSocketEndpoint) dst6() *unix.SockaddrInet6 { return (*unix.SockaddrInet6)(unsafe.Pointer(&endpoint.dst[0])) } -type nativeBind struct { +// LinuxSocketBind uses sendmsg and recvmsg to implement a full bind with sticky sockets on Linux. +type LinuxSocketBind struct { sock4 int sock6 int lastMark uint32 closing sync.RWMutex } -var _ Endpoint = (*NativeEndpoint)(nil) -var _ Bind = (*nativeBind)(nil) +func NewLinuxSocketBind() Bind { return &LinuxSocketBind{sock4: -1, sock6: -1} } +func NewDefaultBind() Bind { return NewLinuxSocketBind() } + +var _ Endpoint = (*LinuxSocketEndpoint)(nil) +var _ Bind = (*LinuxSocketBind)(nil) -func CreateEndpoint(s string) (Endpoint, error) { - var end NativeEndpoint +func (*LinuxSocketBind) ParseEndpoint(s string) (Endpoint, error) { + var end LinuxSocketEndpoint addr, err := parseEndpoint(s) if err != nil { return nil, err @@ -97,14 +99,18 @@ func CreateEndpoint(s string) (Endpoint, error) { return &end, nil } - return nil, errors.New("Invalid IP address") + return nil, errors.New("invalid IP address") } -func createBind(port uint16) (Bind, uint16, error) { +func (bind *LinuxSocketBind) Open(port uint16) (uint16, error) { var err error - var bind nativeBind var newPort uint16 var tries int + + if bind.sock4 != -1 || bind.sock6 != -1 { + return 0, ErrBindAlreadyOpen + } + originalPort := port again: @@ -113,7 +119,7 @@ again: bind.sock6, newPort, err = create6(port) if err != nil { if err != syscall.EAFNOSUPPORT { - return nil, 0, err + return 0, err } } else { port = newPort @@ -129,24 +135,19 @@ again: } if err != syscall.EAFNOSUPPORT { unix.Close(bind.sock6) - return nil, 0, err + return 0, err } } else { port = newPort } if bind.sock4 == -1 && bind.sock6 == -1 { - return nil, 0, errors.New("ipv4 and ipv6 not supported") + return 0, syscall.EAFNOSUPPORT } - - return &bind, port, nil -} - -func (bind *nativeBind) LastMark() uint32 { - return bind.lastMark + return port, nil } -func (bind *nativeBind) SetMark(value uint32) error { +func (bind *LinuxSocketBind) SetMark(value uint32) error { bind.closing.RLock() defer bind.closing.RUnlock() @@ -180,7 +181,7 @@ func (bind *nativeBind) SetMark(value uint32) error { return nil } -func (bind *nativeBind) Close() error { +func (bind *LinuxSocketBind) Close() error { var err1, err2 error bind.closing.RLock() if bind.sock6 != -1 { @@ -207,11 +208,11 @@ func (bind *nativeBind) Close() error { return err2 } -func (bind *nativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) { +func (bind *LinuxSocketBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) { bind.closing.RLock() defer bind.closing.RUnlock() - var end NativeEndpoint + var end LinuxSocketEndpoint if bind.sock6 == -1 { return 0, nil, net.ErrClosed } @@ -223,11 +224,11 @@ func (bind *nativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) { return n, &end, err } -func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) { +func (bind *LinuxSocketBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) { bind.closing.RLock() defer bind.closing.RUnlock() - var end NativeEndpoint + var end LinuxSocketEndpoint if bind.sock4 == -1 { return 0, nil, net.ErrClosed } @@ -239,11 +240,14 @@ func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) { return n, &end, err } -func (bind *nativeBind) Send(buff []byte, end Endpoint) error { +func (bind *LinuxSocketBind) Send(buff []byte, end Endpoint) error { bind.closing.RLock() defer bind.closing.RUnlock() - nend := end.(*NativeEndpoint) + nend, ok := end.(*LinuxSocketEndpoint) + if !ok { + return ErrWrongEndpointType + } if !nend.isV6 { if bind.sock4 == -1 { return net.ErrClosed @@ -257,7 +261,7 @@ func (bind *nativeBind) Send(buff []byte, end Endpoint) error { } } -func (end *NativeEndpoint) SrcIP() net.IP { +func (end *LinuxSocketEndpoint) SrcIP() net.IP { if !end.isV6 { return net.IPv4( end.src4().Src[0], @@ -270,7 +274,7 @@ func (end *NativeEndpoint) SrcIP() net.IP { } } -func (end *NativeEndpoint) DstIP() net.IP { +func (end *LinuxSocketEndpoint) DstIP() net.IP { if !end.isV6 { return net.IPv4( end.dst4().Addr[0], @@ -283,7 +287,7 @@ func (end *NativeEndpoint) DstIP() net.IP { } } -func (end *NativeEndpoint) DstToBytes() []byte { +func (end *LinuxSocketEndpoint) DstToBytes() []byte { if !end.isV6 { return (*[unsafe.Offsetof(end.dst4().Addr) + unsafe.Sizeof(end.dst4().Addr)]byte)(unsafe.Pointer(end.dst4()))[:] } else { @@ -291,11 +295,11 @@ func (end *NativeEndpoint) DstToBytes() []byte { } } -func (end *NativeEndpoint) SrcToString() string { +func (end *LinuxSocketEndpoint) SrcToString() string { return end.SrcIP().String() } -func (end *NativeEndpoint) DstToString() string { +func (end *LinuxSocketEndpoint) DstToString() string { var udpAddr net.UDPAddr udpAddr.IP = end.DstIP() if !end.isV6 { @@ -306,13 +310,13 @@ func (end *NativeEndpoint) DstToString() string { return udpAddr.String() } -func (end *NativeEndpoint) ClearDst() { +func (end *LinuxSocketEndpoint) ClearDst() { for i := range end.dst { end.dst[i] = 0 } } -func (end *NativeEndpoint) ClearSrc() { +func (end *LinuxSocketEndpoint) ClearSrc() { for i := range end.src { end.src[i] = 0 } @@ -427,7 +431,7 @@ func create6(port uint16) (int, uint16, error) { return fd, uint16(addr.Port), err } -func send4(sock int, end *NativeEndpoint, buff []byte) error { +func send4(sock int, end *LinuxSocketEndpoint, buff []byte) error { // construct message header @@ -467,7 +471,7 @@ func send4(sock int, end *NativeEndpoint, buff []byte) error { return err } -func send6(sock int, end *NativeEndpoint, buff []byte) error { +func send6(sock int, end *LinuxSocketEndpoint, buff []byte) error { // construct message header @@ -511,7 +515,7 @@ func send6(sock int, end *NativeEndpoint, buff []byte) error { return err } -func receive4(sock int, buff []byte, end *NativeEndpoint) (int, error) { +func receive4(sock int, buff []byte, end *LinuxSocketEndpoint) (int, error) { // construct message header @@ -543,7 +547,7 @@ func receive4(sock int, buff []byte, end *NativeEndpoint) (int, error) { return size, nil } -func receive6(sock int, buff []byte, end *NativeEndpoint) (int, error) { +func receive6(sock int, buff []byte, end *LinuxSocketEndpoint) (int, error) { // construct message header diff --git a/conn/conn_default.go b/conn/bind_std.go index 82a1e42..193c4fe 100644 --- a/conn/conn_default.go +++ b/conn/bind_std.go @@ -1,5 +1,3 @@ -// +build !linux android - /* SPDX-License-Identifier: MIT * * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved. @@ -13,41 +11,40 @@ import ( "syscall" ) -/* This code is meant to be a temporary solution - * on platforms for which the sticky socket / source caching behavior - * has not yet been implemented. - * - * See conn_linux.go for an implementation on the linux platform. - */ - -type nativeBind struct { +// StdNetBind is meant to be a temporary solution on platforms for which +// the sticky socket / source caching behavior has not yet been implemented. +// It uses the Go's net package to implement networking. +// See LinuxSocketBind for a proper implementation on the Linux platform. +type StdNetBind struct { ipv4 *net.UDPConn ipv6 *net.UDPConn blackhole4 bool blackhole6 bool } -type NativeEndpoint net.UDPAddr +func NewStdNetBind() Bind { return &StdNetBind{} } -var _ Bind = (*nativeBind)(nil) -var _ Endpoint = (*NativeEndpoint)(nil) +type StdNetEndpoint net.UDPAddr -func CreateEndpoint(s string) (Endpoint, error) { +var _ Bind = (*StdNetBind)(nil) +var _ Endpoint = (*StdNetEndpoint)(nil) + +func (*StdNetBind) ParseEndpoint(s string) (Endpoint, error) { addr, err := parseEndpoint(s) - return (*NativeEndpoint)(addr), err + return (*StdNetEndpoint)(addr), err } -func (*NativeEndpoint) ClearSrc() {} +func (*StdNetEndpoint) ClearSrc() {} -func (e *NativeEndpoint) DstIP() net.IP { +func (e *StdNetEndpoint) DstIP() net.IP { return (*net.UDPAddr)(e).IP } -func (e *NativeEndpoint) SrcIP() net.IP { +func (e *StdNetEndpoint) SrcIP() net.IP { return nil // not supported } -func (e *NativeEndpoint) DstToBytes() []byte { +func (e *StdNetEndpoint) DstToBytes() []byte { addr := (*net.UDPAddr)(e) out := addr.IP.To4() if out == nil { @@ -58,11 +55,11 @@ func (e *NativeEndpoint) DstToBytes() []byte { return out } -func (e *NativeEndpoint) DstToString() string { +func (e *StdNetEndpoint) DstToString() string { return (*net.UDPAddr)(e).String() } -func (e *NativeEndpoint) SrcToString() string { +func (e *StdNetEndpoint) SrcToString() string { return "" } @@ -84,41 +81,52 @@ func listenNet(network string, port int) (*net.UDPConn, int, error) { return conn, uaddr.Port, nil } -func createBind(uport uint16) (Bind, uint16, error) { +func (bind *StdNetBind) Open(uport uint16) (uint16, error) { var err error - var bind nativeBind var tries int + if bind.ipv4 != nil || bind.ipv6 != nil { + return 0, ErrBindAlreadyOpen + } + again: port := int(uport) bind.ipv4, port, err = listenNet("udp4", port) if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) { - return nil, 0, err + bind.ipv4 = nil + return 0, err } bind.ipv6, port, err = listenNet("udp6", port) if uport == 0 && err != nil && errors.Is(err, syscall.EADDRINUSE) && tries < 100 { bind.ipv4.Close() + bind.ipv4 = nil + bind.ipv6 = nil tries++ goto again } if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) { bind.ipv4.Close() bind.ipv4 = nil - return nil, 0, err + bind.ipv6 = nil + return 0, err } - - return &bind, uint16(port), nil + if bind.ipv4 == nil && bind.ipv6 == nil { + return 0, syscall.EAFNOSUPPORT + } + return uint16(port), nil } -func (bind *nativeBind) Close() error { +func (bind *StdNetBind) Close() error { var err1, err2 error if bind.ipv4 != nil { err1 = bind.ipv4.Close() + bind.ipv4 = nil } if bind.ipv6 != nil { err2 = bind.ipv6.Close() + bind.ipv6 = nil } if err1 != nil { return err1 @@ -126,9 +134,7 @@ func (bind *nativeBind) Close() error { return err2 } -func (bind *nativeBind) LastMark() uint32 { return 0 } - -func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) { +func (bind *StdNetBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) { if bind.ipv4 == nil { return 0, nil, syscall.EAFNOSUPPORT } @@ -136,20 +142,23 @@ func (bind *nativeBind) ReceiveIPv4(buff []byte) (int, Endpoint, error) { if endpoint != nil { endpoint.IP = endpoint.IP.To4() } - return n, (*NativeEndpoint)(endpoint), err + return n, (*StdNetEndpoint)(endpoint), err } -func (bind *nativeBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) { +func (bind *StdNetBind) ReceiveIPv6(buff []byte) (int, Endpoint, error) { if bind.ipv6 == nil { return 0, nil, syscall.EAFNOSUPPORT } n, endpoint, err := bind.ipv6.ReadFromUDP(buff) - return n, (*NativeEndpoint)(endpoint), err + return n, (*StdNetEndpoint)(endpoint), err } -func (bind *nativeBind) Send(buff []byte, endpoint Endpoint) error { +func (bind *StdNetBind) Send(buff []byte, endpoint Endpoint) error { var err error - nend := endpoint.(*NativeEndpoint) + nend, ok := endpoint.(*StdNetEndpoint) + if !ok { + return ErrWrongEndpointType + } if nend.IP.To4() != nil { if bind.ipv4 == nil { return syscall.EAFNOSUPPORT diff --git a/conn/boundif_android.go b/conn/boundif_android.go index 2c68d57..8b82bfc 100644 --- a/conn/boundif_android.go +++ b/conn/boundif_android.go @@ -5,7 +5,7 @@ package conn -func (bind *nativeBind) PeekLookAtSocketFd4() (fd int, err error) { +func (bind *StdNetBind) PeekLookAtSocketFd4() (fd int, err error) { sysconn, err := bind.ipv4.SyscallConn() if err != nil { return -1, err @@ -19,7 +19,7 @@ func (bind *nativeBind) PeekLookAtSocketFd4() (fd int, err error) { return } -func (bind *nativeBind) PeekLookAtSocketFd6() (fd int, err error) { +func (bind *StdNetBind) PeekLookAtSocketFd6() (fd int, err error) { sysconn, err := bind.ipv6.SyscallConn() if err != nil { return -1, err diff --git a/conn/boundif_windows.go b/conn/boundif_windows.go index e425d23..6f6fdd8 100644 --- a/conn/boundif_windows.go +++ b/conn/boundif_windows.go @@ -17,7 +17,7 @@ const ( sockoptIPV6_UNICAST_IF = 31 ) -func (bind *nativeBind) BindSocketToInterface4(interfaceIndex uint32, blackhole bool) error { +func (bind *StdNetBind) BindSocketToInterface4(interfaceIndex uint32, blackhole bool) error { /* MSDN says for IPv4 this needs to be in net byte order, so that it's like an IP address with leading zeros. */ bytes := make([]byte, 4) binary.BigEndian.PutUint32(bytes, interfaceIndex) @@ -40,7 +40,7 @@ func (bind *nativeBind) BindSocketToInterface4(interfaceIndex uint32, blackhole return nil } -func (bind *nativeBind) BindSocketToInterface6(interfaceIndex uint32, blackhole bool) error { +func (bind *StdNetBind) BindSocketToInterface6(interfaceIndex uint32, blackhole bool) error { sysconn, err := bind.ipv6.SyscallConn() if err != nil { return err diff --git a/conn/conn.go b/conn/conn.go index 6e7939c..6fd232f 100644 --- a/conn/conn.go +++ b/conn/conn.go @@ -17,40 +17,30 @@ import ( // A Bind interface may also be a PeekLookAtSocketFd or BindSocketToInterface, // depending on the platform-specific implementation. type Bind interface { - // LastMark reports the last mark set for this Bind. - LastMark() uint32 + // Open puts the Bind into a listening state on a given port and reports the actual + // port that it bound to. Passing zero results in a random selection. + Open(port uint16) (actualPort uint16, err error) + + // Close closes the Bind listener. + Close() error // SetMark sets the mark for each packet sent through this Bind. // This mark is passed to the kernel as the socket option SO_MARK. SetMark(mark uint32) error - // ReceiveIPv6 reads an IPv6 UDP packet into b. - // - // It reports the number of bytes read, n, - // the packet source address ep, - // and any error. + // ReceiveIPv6 reads an IPv6 UDP packet into b. It reports the number of bytes read, + // n, the packet source address ep, and any error. ReceiveIPv6(b []byte) (n int, ep Endpoint, err error) - // ReceiveIPv4 reads an IPv4 UDP packet into b. - // - // It reports the number of bytes read, n, - // the packet source address ep, - // and any error. + // ReceiveIPv4 reads an IPv4 UDP packet into b. It reports the number of bytes read, + // n, the packet source address ep, and any error. ReceiveIPv4(b []byte) (n int, ep Endpoint, err error) // Send writes a packet b to address ep. Send(b []byte, ep Endpoint) error - // Close closes the Bind connection. - Close() error -} - -// CreateBind creates a Bind bound to a port. -// -// The value actualPort reports the actual port number the Bind -// object gets bound to. -func CreateBind(port uint16) (b Bind, actualPort uint16, err error) { - return createBind(port) + // ParseEndpoint creates a new endpoint from a string. + ParseEndpoint(s string) (Endpoint, error) } // BindSocketToInterface is implemented by Bind objects that support being @@ -69,8 +59,8 @@ type PeekLookAtSocketFd interface { // An Endpoint maintains the source/destination caching for a peer. // -// dst : the remote address of a peer ("endpoint" in uapi terminology) -// src : the local address from which datagrams originate going to the peer +// dst: the remote address of a peer ("endpoint" in uapi terminology) +// src: the local address from which datagrams originate going to the peer type Endpoint interface { ClearSrc() // clears the source address SrcToString() string // returns the local source address (ip:port) @@ -109,3 +99,8 @@ func parseEndpoint(s string) (*net.UDPAddr, error) { } return addr, err } + +var ( + ErrBindAlreadyOpen = errors.New("bind is already open") + ErrWrongEndpointType = errors.New("endpoint type does not correspond with bind type") +) diff --git a/conn/default.go b/conn/default.go new file mode 100644 index 0000000..cd9bfb0 --- /dev/null +++ b/conn/default.go @@ -0,0 +1,10 @@ +// +build !linux + +/* SPDX-License-Identifier: MIT + * + * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved. + */ + +package conn + +func NewDefaultBind() Bind { return NewStdNetBind() } diff --git a/conn/mark_default.go b/conn/mark_default.go index 0f00f6f..c315f4b 100644 --- a/conn/mark_default.go +++ b/conn/mark_default.go @@ -7,6 +7,6 @@ package conn -func (bind *nativeBind) SetMark(mark uint32) error { +func (bind *StdNetBind) SetMark(mark uint32) error { return nil } diff --git a/conn/mark_unix.go b/conn/mark_unix.go index c29f247..18eb581 100644 --- a/conn/mark_unix.go +++ b/conn/mark_unix.go @@ -1,4 +1,4 @@ -// +build android openbsd freebsd +// +build linux openbsd freebsd /* SPDX-License-Identifier: MIT * @@ -26,7 +26,7 @@ func init() { } } -func (bind *nativeBind) SetMark(mark uint32) error { +func (bind *StdNetBind) SetMark(mark uint32) error { var operr error if fwmarkIoctl == 0 { return nil diff --git a/device/device.go b/device/device.go index 432549d..4b131a2 100644 --- a/device/device.go +++ b/device/device.go @@ -279,11 +279,12 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error { return nil } -func NewDevice(tunDevice tun.Device, logger *Logger) *Device { +func NewDevice(tunDevice tun.Device, bind conn.Bind, logger *Logger) *Device { device := new(Device) device.state.state = uint32(deviceStateDown) device.closed = make(chan struct{}) device.log = logger + device.net.bind = bind device.tun.device = tunDevice mtu, err := device.tun.device.MTU() if err != nil { @@ -302,11 +303,6 @@ func NewDevice(tunDevice tun.Device, logger *Logger) *Device { device.queue.encryption = newOutboundQueue() device.queue.decryption = newInboundQueue() - // prepare net - - device.net.port = 0 - device.net.bind = nil - // start workers cpus := runtime.NumCPU() @@ -414,7 +410,6 @@ func unsafeCloseBind(device *Device) error { } if netc.bind != nil { err = netc.bind.Close() - netc.bind = nil } netc.stopping.Wait() return err @@ -474,16 +469,14 @@ func (device *Device) BindUpdate() error { // bind to new port var err error netc := &device.net - netc.bind, netc.port, err = conn.CreateBind(netc.port) + netc.port, err = netc.bind.Open(netc.port) if err != nil { - netc.bind = nil netc.port = 0 return err } netc.netlinkCancel, err = device.startRouteListener(netc.bind) if err != nil { netc.bind.Close() - netc.bind = nil netc.port = 0 return err } diff --git a/device/device_test.go b/device/device_test.go index 7958fb9..01ee2ac 100644 --- a/device/device_test.go +++ b/device/device_test.go @@ -21,6 +21,7 @@ import ( "testing" "time" + "golang.zx2c4.com/wireguard/conn" "golang.zx2c4.com/wireguard/tun/tuntest" ) @@ -158,7 +159,7 @@ func genTestPair(tb testing.TB) (pair testPair) { if _, ok := tb.(*testing.B); ok && !testing.Verbose() { level = LogLevelError } - p.dev = NewDevice(p.tun.TUN(), NewLogger(level, fmt.Sprintf("dev%d: ", i))) + p.dev = NewDevice(p.tun.TUN(), conn.NewDefaultBind(), NewLogger(level, fmt.Sprintf("dev%d: ", i))) if err := p.dev.IpcSet(cfg[i]); err != nil { tb.Errorf("failed to configure device %d: %v", i, err) p.dev.Close() @@ -332,7 +333,7 @@ func randDevice(t *testing.T) *Device { } tun := newDummyTUN("dummy") logger := NewLogger(LogLevelError, "") - device := NewDevice(tun, logger) + device := NewDevice(tun, conn.NewDefaultBind(), logger) device.SetPrivateKey(sk) return device } diff --git a/device/peer.go b/device/peer.go index 499888d..332f7bd 100644 --- a/device/peer.go +++ b/device/peer.go @@ -126,13 +126,8 @@ func (peer *Peer) SendBuffer(buffer []byte) error { peer.device.net.RLock() defer peer.device.net.RUnlock() - if peer.device.net.bind == nil { - // Packets can leak through to SendBuffer while the device is closing. - // When that happens, drop them silently to avoid spurious errors. - if peer.device.isClosed() { - return nil - } - return errors.New("no bind") + if peer.device.isClosed() { + return nil } peer.RLock() diff --git a/device/sticky_default.go b/device/sticky_default.go index 56da4eb..1cc52f6 100644 --- a/device/sticky_default.go +++ b/device/sticky_default.go @@ -1,4 +1,4 @@ -// +build !linux android +// +build !linux package device diff --git a/device/sticky_linux.go b/device/sticky_linux.go index a984f24..6193ea3 100644 --- a/device/sticky_linux.go +++ b/device/sticky_linux.go @@ -1,5 +1,3 @@ -// +build !android - /* SPDX-License-Identifier: MIT * * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved. @@ -21,11 +19,16 @@ import ( "unsafe" "golang.org/x/sys/unix" + "golang.zx2c4.com/wireguard/conn" "golang.zx2c4.com/wireguard/rwcancel" ) func (device *Device) startRouteListener(bind conn.Bind) (*rwcancel.RWCancel, error) { + if _, ok := bind.(*conn.LinuxSocketBind); !ok { + return nil, nil + } + netlinkSock, err := createNetlinkRouteSocket() if err != nil { return nil, err @@ -109,11 +112,11 @@ func (device *Device) routineRouteListener(bind conn.Bind, netlinkSock int, netl pePtr.peer.Unlock() break } - if uint32(pePtr.peer.endpoint.(*conn.NativeEndpoint).Src4().Ifindex) == ifidx { + if uint32(pePtr.peer.endpoint.(*conn.LinuxSocketEndpoint).Src4().Ifindex) == ifidx { pePtr.peer.Unlock() break } - pePtr.peer.endpoint.(*conn.NativeEndpoint).ClearSrc() + pePtr.peer.endpoint.(*conn.LinuxSocketEndpoint).ClearSrc() pePtr.peer.Unlock() } attr = attr[attrhdr.Len:] @@ -133,7 +136,7 @@ func (device *Device) routineRouteListener(bind conn.Bind, netlinkSock int, netl peer.RUnlock() continue } - nativeEP, _ := peer.endpoint.(*conn.NativeEndpoint) + nativeEP, _ := peer.endpoint.(*conn.LinuxSocketEndpoint) if nativeEP == nil { peer.RUnlock() continue @@ -176,7 +179,7 @@ func (device *Device) routineRouteListener(bind conn.Bind, netlinkSock int, netl Len: 8, Type: unix.RTA_MARK, }, - uint32(bind.LastMark()), + device.net.fwmark, } nlmsg.hdr.Len = uint32(unsafe.Sizeof(nlmsg)) reqPeerLock.Lock() diff --git a/device/uapi.go b/device/uapi.go index 406880f..659af0a 100644 --- a/device/uapi.go +++ b/device/uapi.go @@ -18,7 +18,6 @@ import ( "sync/atomic" "time" - "golang.zx2c4.com/wireguard/conn" "golang.zx2c4.com/wireguard/ipc" ) @@ -331,7 +330,7 @@ func (device *Device) handlePeerLine(peer *ipcSetPeer, key, value string) error case "endpoint": device.log.Verbosef("%v - UAPI: Updating endpoint", peer.Peer) - endpoint, err := conn.CreateEndpoint(value) + endpoint, err := device.net.bind.ParseEndpoint(value) if err != nil { return ipcErrorf(ipc.IpcErrorInvalid, "failed to set endpoint %v: %w", value, err) } @@ -15,6 +15,7 @@ import ( "strconv" "syscall" + "golang.zx2c4.com/wireguard/conn" "golang.zx2c4.com/wireguard/device" "golang.zx2c4.com/wireguard/ipc" "golang.zx2c4.com/wireguard/tun" @@ -219,7 +220,7 @@ func main() { return } - device := device.NewDevice(tun, logger) + device := device.NewDevice(tun, conn.NewDefaultBind(), logger) logger.Verbosef("Device started") diff --git a/main_windows.go b/main_windows.go index 128a0cd..5a7b136 100644 --- a/main_windows.go +++ b/main_windows.go @@ -11,6 +11,7 @@ import ( "os/signal" "syscall" + "golang.zx2c4.com/wireguard/conn" "golang.zx2c4.com/wireguard/device" "golang.zx2c4.com/wireguard/ipc" @@ -47,7 +48,7 @@ func main() { os.Exit(ExitSetupFailed) } - device := device.NewDevice(tun, logger) + device := device.NewDevice(tun, conn.NewDefaultBind(), logger) err = device.Up() if err != nil { logger.Errorf("Failed to bring up device: %v", err) |