From 901333cc9929f5598634b2111ad423c76b03fcad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Wed, 30 Jan 2019 13:12:46 +0200 Subject: [PATCH 01/61] Update Dockerfile --- contrib/docker/Dockerfile | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile index fb4fbfaaa..baeb1f041 100644 --- a/contrib/docker/Dockerfile +++ b/contrib/docker/Dockerfile @@ -1,18 +1,21 @@ FROM docker.io/golang:alpine as builder -COPY . /src WORKDIR /src +RUN apk add git + +RUN git clone https://github.com/yggdrasil-network/yggdrasil-go.git . + ENV CGO_ENABLED=0 -RUN apk add git && ./build +RUN ./build FROM docker.io/alpine LABEL maintainer="Christer Waren/CWINFO " COPY --from=builder /src/yggdrasil /usr/bin/yggdrasil COPY --from=builder /src/yggdrasilctl /usr/bin/yggdrasilctl -COPY contrib/docker/entrypoint.sh /usr/bin/entrypoint.sh +COPY --from=builder /src/contrib/docker/entrypoint.sh /usr/bin/entrypoint.sh # RUN addgroup -g 1000 -S yggdrasil-network \ # && adduser -u 1000 -S -g 1000 --home /etc/yggdrasil-network yggdrasil-network From 74ac535d550d30577dcefa8bc6d397356e6f65e2 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Fri, 8 Feb 2019 19:46:11 -0600 Subject: [PATCH 02/61] slightly faster switch logic, should be easier to have a useful tie-breaker for peers that are equally close to the destination via the tree metric --- misc/sim/treesim.go | 4 +++- src/yggdrasil/switch.go | 45 +++++++++++++++++++++-------------------- 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/misc/sim/treesim.go b/misc/sim/treesim.go index f4cd75fa3..a62f9ff46 100644 --- a/misc/sim/treesim.go +++ b/misc/sim/treesim.go @@ -6,13 +6,15 @@ import "os" import "strings" import "strconv" import "time" -import "log" import "runtime" import "runtime/pprof" import "flag" +import "github.com/gologme/log" + import . "github.com/yggdrasil-network/yggdrasil-go/src/yggdrasil" +import . "github.com/yggdrasil-network/yggdrasil-go/src/crypto" //////////////////////////////////////////////////////////////////////////////// diff --git a/src/yggdrasil/switch.go b/src/yggdrasil/switch.go index db39d010d..b777d8996 100644 --- a/src/yggdrasil/switch.go +++ b/src/yggdrasil/switch.go @@ -569,23 +569,23 @@ func (t *switchTable) start() error { return nil } -// Check if a packet should go to the self node -// This means there's no node closer to the destination than us -// This is mainly used to identify packets addressed to us, or that hit a blackhole -func (t *switchTable) selfIsClosest(dest []byte) bool { +// Return a map of ports onto distance, keeping only ports closer to the destination than this node +// If the map is empty (or nil), then no peer is closer +func (t *switchTable) getCloser(dest []byte) map[switchPort]int { table := t.getTable() myDist := table.self.dist(dest) if myDist == 0 { // Skip the iteration step if it's impossible to be closer - return true + return nil } + closer := make(map[switchPort]int, len(table.elems)) for _, info := range table.elems { dist := info.locator.dist(dest) if dist < myDist { - return false + closer[info.port] = dist } } - return true + return closer } // Returns true if the peer is closer to the destination than ourself @@ -639,25 +639,26 @@ func (t *switchTable) bestPortForCoords(coords []byte) switchPort { func (t *switchTable) handleIn(packet []byte, idle map[switchPort]struct{}) bool { coords := switch_getPacketCoords(packet) ports := t.core.peers.getPorts() - if t.selfIsClosest(coords) { + closer := t.getCloser(coords) + if len(closer) == 0 { // TODO? call the router directly, and remove the whole concept of a self peer? ports[0].sendPacket(packet) return true } - table := t.getTable() - myDist := table.self.dist(coords) var best *peer - bestDist := myDist - for port := range idle { - if to := ports[port]; to != nil { - if info, isIn := table.elems[to.port]; isIn { - dist := info.locator.dist(coords) - if !(dist < bestDist) { - continue - } - best = to - bestDist = dist - } + var bestDist int + for port, dist := range closer { + to := ports[port] + _, isIdle := idle[port] + switch { + case to == nil: // skip + case !isIdle: // skip + case best == nil: // keep + fallthrough + case dist < bestDist: // keep + best = to + bestDist = dist + default: // skip } } if best != nil { @@ -696,7 +697,7 @@ func (b *switch_buffers) cleanup(t *switchTable) { // Remove queues for which we have no next hop packet := buf.packets[0] coords := switch_getPacketCoords(packet.bytes) - if t.selfIsClosest(coords) { + if len(t.getCloser(coords)) == 0 { for _, packet := range buf.packets { util.PutBytes(packet.bytes) } From 21cecf4630bf365a400ada8aa8fdcfa696029830 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Sat, 9 Feb 2019 17:44:25 -0600 Subject: [PATCH 03/61] consistently prioritize which peer to forward to instead of letting it be partly random --- src/yggdrasil/switch.go | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/src/yggdrasil/switch.go b/src/yggdrasil/switch.go index b777d8996..cc989d97d 100644 --- a/src/yggdrasil/switch.go +++ b/src/yggdrasil/switch.go @@ -645,20 +645,39 @@ func (t *switchTable) handleIn(packet []byte, idle map[switchPort]struct{}) bool ports[0].sendPacket(packet) return true } + table := t.getTable() var best *peer var bestDist int + var bestCoordLen int for port, dist := range closer { to := ports[port] _, isIdle := idle[port] + coordLen := len(table.elems[port].locator.coords) + var update bool switch { - case to == nil: // skip - case !isIdle: // skip - case best == nil: // keep - fallthrough - case dist < bestDist: // keep + case to == nil: + //nothing + case !isIdle: + //nothing + case best == nil: + update = true + case dist < bestDist: + update = true + case dist > bestDist: + //nothing + case coordLen < bestCoordLen: + update = true + case coordLen > bestCoordLen: + //nothing + case port < best.port: + update = true + default: + //nothing + } + if update { best = to bestDist = dist - default: // skip + bestCoordLen = coordLen } } if best != nil { From c2561c90c7d74d082eb291e8e7f0ed17d953242a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Mon, 11 Feb 2019 16:50:22 +0200 Subject: [PATCH 04/61] Update Dockerfile Making easier to install and update, because dont have to download Github repository manually. --- contrib/docker/Dockerfile | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile index baeb1f041..a91f775d8 100644 --- a/contrib/docker/Dockerfile +++ b/contrib/docker/Dockerfile @@ -1,16 +1,14 @@ -FROM docker.io/golang:alpine as builder +FROM golang:alpine as builder WORKDIR /src -RUN apk add git - -RUN git clone https://github.com/yggdrasil-network/yggdrasil-go.git . - ENV CGO_ENABLED=0 -RUN ./build +RUN apk add git && \ + git clone https://github.com/yggdrasil-network/yggdrasil-go.git . && \ + ./build -FROM docker.io/alpine +FROM alpine LABEL maintainer="Christer Waren/CWINFO " COPY --from=builder /src/yggdrasil /usr/bin/yggdrasil From 042adb0516e4516f0d316b786ff611bbb5da5ad8 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Sat, 23 Feb 2019 00:07:00 -0600 Subject: [PATCH 05/61] make sure the only place traffic is ever dropped is in the switch. this currently disables the dedicated crypto workers --- src/yggdrasil/link.go | 10 +++++----- src/yggdrasil/router.go | 41 ++++++++++++++++++++++++++++++---------- src/yggdrasil/session.go | 4 +++- src/yggdrasil/switch.go | 12 +++++++----- 4 files changed, 46 insertions(+), 21 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index ad4b1facc..3cd344d5f 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -216,8 +216,8 @@ func (intf *linkInterface) handler() error { case signalReady <- struct{}{}: default: } - intf.link.core.log.Debugf("Sending packet to %s: %s, source %s", - strings.ToUpper(intf.info.linkType), themString, intf.info.local) + //intf.link.core.log.Debugf("Sending packet to %s: %s, source %s", + // strings.ToUpper(intf.info.linkType), themString, intf.info.local) } } }() @@ -237,9 +237,9 @@ func (intf *linkInterface) handler() error { recvTimer := time.NewTimer(recvTime) defer util.TimerStop(recvTimer) for { - intf.link.core.log.Debugf("State of %s: %s, source %s :: isAlive %t isReady %t sendTimerRunning %t recvTimerRunning %t", - strings.ToUpper(intf.info.linkType), themString, intf.info.local, - isAlive, isReady, sendTimerRunning, recvTimerRunning) + //intf.link.core.log.Debugf("State of %s: %s, source %s :: isAlive %t isReady %t sendTimerRunning %t recvTimerRunning %t", + // strings.ToUpper(intf.info.linkType), themString, intf.info.local, + // isAlive, isReady, sendTimerRunning, recvTimerRunning) select { case gotMsg, ok := <-signalAlive: if !ok { diff --git a/src/yggdrasil/router.go b/src/yggdrasil/router.go index 99e69828e..d84b935bb 100644 --- a/src/yggdrasil/router.go +++ b/src/yggdrasil/router.go @@ -68,17 +68,34 @@ func (r *router) init(core *Core) { r.subnet = *address.SubnetForNodeID(&r.core.dht.nodeID) in := make(chan []byte, 32) // TODO something better than this... p := r.core.peers.newPeer(&r.core.boxPub, &r.core.sigPub, &crypto.BoxSharedKey{}, "(self)", nil) - p.out = func(packet []byte) { - // This is to make very sure it never blocks - select { - case in <- packet: - return - default: - util.PutBytes(packet) - } - } + p.out = func(packet []byte) { in <- packet } r.in = in - r.out = func(packet []byte) { p.handlePacket(packet) } // The caller is responsible for go-ing if it needs to not block + out := make(chan []byte, 32) + go func() { + for packet := range out { + p.handlePacket(packet) + } + }() + out2 := make(chan []byte, 32) + go func() { + // This worker makes sure r.out never blocks + // It will buffer traffic long enough for the switch worker to take it + // If (somehow) you can send faster than the switch can receive, then this would use unbounded memory + // But crypto slows sends enough that the switch should always be able to take the packets... + var buf [][]byte + for { + buf = append(buf, <-out2) + for len(buf) > 0 { + select { + case bs := <-out2: + buf = append(buf, bs) + case out <- buf[0]: + buf = buf[1:] + } + } + } + }() + r.out = func(packet []byte) { out2 <- packet } r.toRecv = make(chan router_recvPacket, 32) recv := make(chan []byte, 32) send := make(chan []byte, 32) @@ -306,6 +323,8 @@ func (r *router) sendPacket(bs []byte) { return } + sinfo.doSend(bs) + return sinfo.send <- bs } } @@ -385,6 +404,8 @@ func (r *router) handleTraffic(packet []byte) { if !isIn { return } + sinfo.doRecv(&p) + return sinfo.recv <- &p } diff --git a/src/yggdrasil/session.go b/src/yggdrasil/session.go index cdabaf2b7..bffc149b3 100644 --- a/src/yggdrasil/session.go +++ b/src/yggdrasil/session.go @@ -304,7 +304,7 @@ func (ss *sessions) createSession(theirPermKey *crypto.BoxPubKey) *sessionInfo { sinfo.theirSubnet = *address.SubnetForNodeID(crypto.GetNodeID(&sinfo.theirPermPub)) sinfo.send = make(chan []byte, 32) sinfo.recv = make(chan *wire_trafficPacket, 32) - go sinfo.doWorker() + //go sinfo.doWorker() ss.sinfos[sinfo.myHandle] = &sinfo ss.byMySes[sinfo.mySesPub] = &sinfo.myHandle ss.byTheirPerm[sinfo.theirPermPub] = &sinfo.myHandle @@ -625,6 +625,8 @@ func (sinfo *sessionInfo) doRecv(p *wire_trafficPacket) { sinfo.updateNonce(&p.Nonce) sinfo.time = time.Now() sinfo.bytesRecvd += uint64(len(bs)) + sinfo.core.router.recvPacket(bs, sinfo) + return select { case sinfo.core.router.toRecv <- router_recvPacket{bs, sinfo}: default: // avoid deadlocks, maybe do this somewhere else?... diff --git a/src/yggdrasil/switch.go b/src/yggdrasil/switch.go index 9b8c8398f..d45b88559 100644 --- a/src/yggdrasil/switch.go +++ b/src/yggdrasil/switch.go @@ -668,10 +668,12 @@ func (t *switchTable) handleIn(packet []byte, idle map[switchPort]struct{}) bool //nothing case coordLen < bestCoordLen: update = true - case coordLen > bestCoordLen: - //nothing - case port < best.port: - update = true + /* + case coordLen > bestCoordLen: + //nothing + case port < best.port: + update = true + */ default: //nothing } @@ -800,7 +802,7 @@ func (t *switchTable) doWorker() { t.queues.bufs = make(map[string]switch_buffer) // Packets per PacketStreamID (string) idle := make(map[switchPort]struct{}) // this is to deduplicate things for { - t.core.log.Debugf("Switch state: idle = %d, buffers = %d", len(idle), len(t.queues.bufs)) + //t.core.log.Debugf("Switch state: idle = %d, buffers = %d", len(idle), len(t.queues.bufs)) select { case bytes := <-t.packetIn: // Try to send it somewhere (or drop it if it's corrupt or at a dead end) From bb3edd5e556fdb09f83eb8c2d5708f2de7f0dd56 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Sun, 24 Feb 2019 12:59:30 -0600 Subject: [PATCH 06/61] add the relevant error to the default logging when a connection is closed --- src/yggdrasil/link.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 3cd344d5f..27c3aa239 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -162,8 +162,6 @@ func (intf *linkInterface) handler() error { themString := fmt.Sprintf("%s@%s", themAddrString, intf.info.remote) intf.link.core.log.Infof("Connected %s: %s, source %s", strings.ToUpper(intf.info.linkType), themString, intf.info.local) - defer intf.link.core.log.Infof("Disconnected %s: %s, source %s", - strings.ToUpper(intf.info.linkType), themString, intf.info.local) // Start the link loop go intf.peer.linkLoop() // Start the writer @@ -304,12 +302,13 @@ func (intf *linkInterface) handler() error { }() // Run reader loop for { - msg, err := intf.msgIO.readMsg() + var msg []byte + msg, err = intf.msgIO.readMsg() if len(msg) > 0 { intf.peer.handlePacket(msg) } if err != nil { - return err + break } select { case signalAlive <- len(msg) > 0: @@ -317,5 +316,8 @@ func (intf *linkInterface) handler() error { } } //////////////////////////////////////////////////////////////////////////////// - return nil + // Remember to set `err` to something useful before returning + intf.link.core.log.Infof("Disconnected %s: %s, source %s, reason: %s", + strings.ToUpper(intf.info.linkType), themString, intf.info.local, err) + return err } From 654407dc6d1dc5724420d7e08f2064d0e5b32a68 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Sun, 24 Feb 2019 13:24:55 -0600 Subject: [PATCH 07/61] close long-dead connections in link.go instead of in switch.go, this is important in case a connection opens but never bothers to send even one switch message --- src/yggdrasil/link.go | 12 +++++++++++- src/yggdrasil/switch.go | 23 ----------------------- 2 files changed, 11 insertions(+), 24 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 27c3aa239..df9625d07 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -228,12 +228,15 @@ func (intf *linkInterface) handler() error { var isReady bool var sendTimerRunning bool var recvTimerRunning bool - recvTime := 6 * time.Second // TODO set to ReadTimeout from the config, reset if it gets changed + recvTime := 6 * time.Second // TODO set to ReadTimeout from the config, reset if it gets changed + closeTime := 2 * switch_timeout // TODO or maybe this makes more sense for ReadTimeout?... sendTime := time.Second sendTimer := time.NewTimer(sendTime) defer util.TimerStop(sendTimer) recvTimer := time.NewTimer(recvTime) defer util.TimerStop(recvTimer) + closeTimer := time.NewTimer(closeTime) + defer util.TimerStop(closeTimer) for { //intf.link.core.log.Debugf("State of %s: %s, source %s :: isAlive %t isReady %t sendTimerRunning %t recvTimerRunning %t", // strings.ToUpper(intf.info.linkType), themString, intf.info.local, @@ -243,6 +246,7 @@ func (intf *linkInterface) handler() error { if !ok { return } + util.TimerStop(closeTimer) util.TimerStop(recvTimer) recvTimerRunning = false isAlive = true @@ -274,6 +278,8 @@ func (intf *linkInterface) handler() error { // Start a timer, if it expires and we haven't gotten any return traffic (including a 0-sized ack), then assume there's a problem util.TimerStop(recvTimer) recvTimer.Reset(recvTime) + util.TimerStop(closeTimer) + closeTimer.Reset(closeTime) recvTimerRunning = true } case _, ok := <-signalReady: @@ -297,6 +303,10 @@ func (intf *linkInterface) handler() error { case <-recvTimer.C: // We haven't received anything, so assume there's a problem and don't return this node to the switch until they start responding isAlive = false + case <-closeTimer.C: + // We haven't received anything in a really long time, so things have died at the switch level and then some... + // Just close the connection at this point... + intf.msgIO.close() } } }() diff --git a/src/yggdrasil/switch.go b/src/yggdrasil/switch.go index d45b88559..1b611af2e 100644 --- a/src/yggdrasil/switch.go +++ b/src/yggdrasil/switch.go @@ -215,7 +215,6 @@ func (t *switchTable) doMaintenance() { defer t.mutex.Unlock() // Release lock when we're done t.cleanRoot() t.cleanDropped() - t.cleanPeers() } // Updates the root periodically if it is ourself, or promotes ourself to root if we're better than the current root or if the current root has timed out. @@ -272,28 +271,6 @@ func (t *switchTable) forgetPeer(port switchPort) { } } -// Clean all unresponsive peers from the table, needed in case a peer stops updating. -// Needed in case a non-parent peer keeps the connection open but stops sending updates. -// Also reclaims space from deleted peers by copying the map. -func (t *switchTable) cleanPeers() { - now := time.Now() - for port, peer := range t.data.peers { - if now.Sub(peer.time) > switch_timeout+switch_throttle { - // Longer than switch_timeout to make sure we don't remove a working peer because the root stopped responding. - delete(t.data.peers, port) - go t.core.peers.removePeer(port) // TODO figure out if it's safe to do this without a goroutine, or make it safe - } - } - if _, isIn := t.data.peers[t.parent]; !isIn { - // The root timestamp would probably time out before this happens, but better safe than sorry. - // We removed the current parent, so find a new one. - t.parent = 0 - for _, peer := range t.data.peers { - t.unlockedHandleMsg(&peer.msg, peer.port, true) - } - } -} - // Dropped is a list of roots that are better than the current root, but stopped sending new timestamps. // If we switch to a new root, and that root is better than an old root that previously timed out, then we can clean up the old dropped root infos. // This function is called periodically to do that cleanup. From def4fb358787a73f9e2f44180b5363e560ceb29a Mon Sep 17 00:00:00 2001 From: Arceliar Date: Sun, 24 Feb 2019 14:48:16 -0600 Subject: [PATCH 08/61] fix timeout and improve logging on connection close --- src/yggdrasil/link.go | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index df9625d07..443b59431 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -4,6 +4,7 @@ import ( "encoding/hex" "errors" "fmt" + "io" "net" "strings" "sync" @@ -223,6 +224,7 @@ func (intf *linkInterface) handler() error { // Used to enable/disable activity in the switch signalAlive := make(chan bool, 1) // True = real packet, false = keep-alive defer close(signalAlive) + ret := make(chan error, 1) // How we signal the return value when multiple goroutines are involved go func() { var isAlive bool var isReady bool @@ -247,6 +249,7 @@ func (intf *linkInterface) handler() error { return } util.TimerStop(closeTimer) + closeTimer.Reset(closeTime) util.TimerStop(recvTimer) recvTimerRunning = false isAlive = true @@ -278,8 +281,6 @@ func (intf *linkInterface) handler() error { // Start a timer, if it expires and we haven't gotten any return traffic (including a 0-sized ack), then assume there's a problem util.TimerStop(recvTimer) recvTimer.Reset(recvTime) - util.TimerStop(closeTimer) - closeTimer.Reset(closeTime) recvTimerRunning = true } case _, ok := <-signalReady: @@ -306,18 +307,27 @@ func (intf *linkInterface) handler() error { case <-closeTimer.C: // We haven't received anything in a really long time, so things have died at the switch level and then some... // Just close the connection at this point... + select { + case ret <- errors.New("timeout"): + default: + } intf.msgIO.close() } } }() // Run reader loop for { - var msg []byte - msg, err = intf.msgIO.readMsg() + msg, err := intf.msgIO.readMsg() if len(msg) > 0 { intf.peer.handlePacket(msg) } if err != nil { + if err != io.EOF { + select { + case ret <- err: + default: + } + } break } select { @@ -327,7 +337,14 @@ func (intf *linkInterface) handler() error { } //////////////////////////////////////////////////////////////////////////////// // Remember to set `err` to something useful before returning - intf.link.core.log.Infof("Disconnected %s: %s, source %s, reason: %s", - strings.ToUpper(intf.info.linkType), themString, intf.info.local, err) + select { + case err = <-ret: + intf.link.core.log.Infof("Disconnected %s: %s, source %s; error: %s", + strings.ToUpper(intf.info.linkType), themString, intf.info.local, err) + default: + err = nil + intf.link.core.log.Infof("Disconnected %s: %s, source %s", + strings.ToUpper(intf.info.linkType), themString, intf.info.local) + } return err } From 25692420501e7252c2615382b8115d7119008eb2 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Tue, 26 Feb 2019 21:07:56 -0600 Subject: [PATCH 09/61] fixes to linkInterface.handler() --- src/util/util.go | 20 ++++++++++++++++++++ src/yggdrasil/link.go | 11 ++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/src/util/util.go b/src/util/util.go index 45be3b196..df15ff2c0 100644 --- a/src/util/util.go +++ b/src/util/util.go @@ -56,3 +56,23 @@ func TimerStop(t *time.Timer) bool { } return true } + +// Run a blocking function with a timeout. +// Returns true if the function returns. +// Returns false if the timer fires. +// The blocked function remains blocked--the caller is responsible for somehow killing it. +func FuncTimeout(f func(), timeout time.Duration) bool { + success := make(chan struct{}) + go func() { + defer close(success) + f() + }() + timer := time.NewTimer(timeout) + defer TimerStop(timer) + select { + case <-success: + return true + case <-timer.C: + return false + } +} diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 443b59431..06020cd7b 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -92,11 +92,16 @@ func (intf *linkInterface) handler() error { meta.link = *myLinkPub metaBytes := meta.encode() // TODO timeouts on send/recv (goroutine for send/recv, channel select w/ timer) - err := intf.msgIO._sendMetaBytes(metaBytes) + var err error + if !util.FuncTimeout(func() { err = intf.msgIO._sendMetaBytes(metaBytes) }, 30*time.Second) { + return errors.New("timeout on metadata send") + } if err != nil { return err } - metaBytes, err = intf.msgIO._recvMetaBytes() + if !util.FuncTimeout(func() { metaBytes, err = intf.msgIO._recvMetaBytes() }, 30*time.Second) { + return errors.New("timeout on metadata recv") + } if err != nil { return err } @@ -110,7 +115,7 @@ func (intf *linkInterface) handler() error { return errors.New("failed to connect: wrong version") } // Check if we're authorized to connect to this key / IP - if !intf.force && !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) { + if !intf.incoming && !intf.force && !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) { intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKeys does not contain key %s", strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:])) intf.msgIO.close() From 371b5ca6a2115d88fa5fe5f21f8d9624c65a766e Mon Sep 17 00:00:00 2001 From: Arceliar Date: Thu, 28 Feb 2019 18:49:34 -0600 Subject: [PATCH 10/61] Change log message about AllowedEncryptionPublicKeys from Debug to Warn --- src/yggdrasil/link.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 06020cd7b..6fc7687b1 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -116,7 +116,7 @@ func (intf *linkInterface) handler() error { } // Check if we're authorized to connect to this key / IP if !intf.incoming && !intf.force && !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) { - intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKeys does not contain key %s", + intf.link.core.log.Warnf("%s connection to %s forbidden: AllowedEncryptionPublicKeys does not contain key %s", strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:])) intf.msgIO.close() return nil From 06df791efc20ceec653c81dd624ff789eecd5fb6 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Thu, 28 Feb 2019 19:08:56 -0600 Subject: [PATCH 11/61] buffer packets moving from the switch to the router, allow them front drop if there's too many --- src/yggdrasil/switch.go | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/src/yggdrasil/switch.go b/src/yggdrasil/switch.go index 1b611af2e..bf6b9194e 100644 --- a/src/yggdrasil/switch.go +++ b/src/yggdrasil/switch.go @@ -176,6 +176,7 @@ type switchTable struct { admin chan func() // Pass a lambda for the admin socket to query stuff queues switch_buffers // Queues - not atomic so ONLY use through admin chan queueTotalMaxSize uint64 // Maximum combined size of queues + toRouter chan []byte // Packets to be sent to the router } // Minimum allowed total size of switch queues. @@ -199,6 +200,7 @@ func (t *switchTable) init(core *Core) { t.idleIn = make(chan switchPort, 1024) t.admin = make(chan func()) t.queueTotalMaxSize = SwitchQueueTotalMinSize + t.toRouter = make(chan []byte, 1) } // Safely gets a copy of this node's locator. @@ -616,17 +618,17 @@ func (t *switchTable) bestPortForCoords(coords []byte) switchPort { // Returns true if the packet has been handled somehow, false if it should be queued func (t *switchTable) handleIn(packet []byte, idle map[switchPort]struct{}) bool { coords := switch_getPacketCoords(packet) - ports := t.core.peers.getPorts() closer := t.getCloser(coords) if len(closer) == 0 { // TODO? call the router directly, and remove the whole concept of a self peer? - ports[0].sendPacket(packet) + t.toRouter <- packet return true } table := t.getTable() var best *peer var bestDist int var bestCoordLen int + ports := t.core.peers.getPorts() for port, dist := range closer { to := ports[port] _, isIdle := idle[port] @@ -775,6 +777,33 @@ func (t *switchTable) handleIdle(port switchPort) bool { // The switch worker does routing lookups and sends packets to where they need to be func (t *switchTable) doWorker() { + sendingToRouter := make(chan []byte, 1) + go func() { + // Keep sending packets to the router + self := t.core.peers.getPorts()[0] + for bs := range sendingToRouter { + self.sendPacket(bs) + } + }() + go func() { + // Keep taking packets from the idle worker and sending them to the above whenever it's idle, keeping anything extra in a (fifo, head-drop) buffer + var buf [][]byte + for { + buf = append(buf, <-t.toRouter) + for len(buf) > 0 { + select { + case bs := <-t.toRouter: + buf = append(buf, bs) + for len(buf) > 32 { + util.PutBytes(buf[0]) + buf = buf[1:] + } + case sendingToRouter <- buf[0]: + buf = buf[1:] + } + } + } + }() t.queues.switchTable = t t.queues.bufs = make(map[string]switch_buffer) // Packets per PacketStreamID (string) idle := make(map[switchPort]struct{}) // this is to deduplicate things From 304f22dc1d23807d7f612f3d32433121b4876c5c Mon Sep 17 00:00:00 2001 From: Arceliar Date: Thu, 28 Feb 2019 20:05:21 -0600 Subject: [PATCH 12/61] re-enable session workers in a way that doesn't block and drops packets before decrypting if necessary --- src/yggdrasil/router.go | 7 +------ src/yggdrasil/session.go | 32 +++++++++++++++++++++++--------- 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/src/yggdrasil/router.go b/src/yggdrasil/router.go index d84b935bb..6acd4735c 100644 --- a/src/yggdrasil/router.go +++ b/src/yggdrasil/router.go @@ -66,7 +66,7 @@ func (r *router) init(core *Core) { r.reconfigure = make(chan chan error, 1) r.addr = *address.AddrForNodeID(&r.core.dht.nodeID) r.subnet = *address.SubnetForNodeID(&r.core.dht.nodeID) - in := make(chan []byte, 32) // TODO something better than this... + in := make(chan []byte, 1) // TODO something better than this... p := r.core.peers.newPeer(&r.core.boxPub, &r.core.sigPub, &crypto.BoxSharedKey{}, "(self)", nil) p.out = func(packet []byte) { in <- packet } r.in = in @@ -322,9 +322,6 @@ func (r *router) sendPacket(bs []byte) { // Don't continue - drop the packet return } - - sinfo.doSend(bs) - return sinfo.send <- bs } } @@ -404,8 +401,6 @@ func (r *router) handleTraffic(packet []byte) { if !isIn { return } - sinfo.doRecv(&p) - return sinfo.recv <- &p } diff --git a/src/yggdrasil/session.go b/src/yggdrasil/session.go index bffc149b3..012af579d 100644 --- a/src/yggdrasil/session.go +++ b/src/yggdrasil/session.go @@ -304,7 +304,7 @@ func (ss *sessions) createSession(theirPermKey *crypto.BoxPubKey) *sessionInfo { sinfo.theirSubnet = *address.SubnetForNodeID(crypto.GetNodeID(&sinfo.theirPermPub)) sinfo.send = make(chan []byte, 32) sinfo.recv = make(chan *wire_trafficPacket, 32) - //go sinfo.doWorker() + go sinfo.doWorker() ss.sinfos[sinfo.myHandle] = &sinfo ss.byMySes[sinfo.mySesPub] = &sinfo.myHandle ss.byTheirPerm[sinfo.theirPermPub] = &sinfo.myHandle @@ -525,17 +525,36 @@ func (ss *sessions) resetInits() { // It handles calling the relatively expensive crypto operations. // It's also responsible for checking nonces and dropping out-of-date/duplicate packets, or else calling the function to update nonces if the packet is OK. func (sinfo *sessionInfo) doWorker() { + send := make(chan []byte, 32) + defer close(send) + go func() { + for bs := range send { + sinfo.doSend(bs) + } + }() + recv := make(chan *wire_trafficPacket, 32) + defer close(recv) + go func() { + for p := range recv { + sinfo.doRecv(p) + } + }() for { select { case p, ok := <-sinfo.recv: if ok { - sinfo.doRecv(p) + select { + case recv <- p: + default: + // We need something to not block, and it's best to drop it before we decrypt + util.PutBytes(p.Payload) + } } else { return } case bs, ok := <-sinfo.send: if ok { - sinfo.doSend(bs) + send <- bs } else { return } @@ -625,10 +644,5 @@ func (sinfo *sessionInfo) doRecv(p *wire_trafficPacket) { sinfo.updateNonce(&p.Nonce) sinfo.time = time.Now() sinfo.bytesRecvd += uint64(len(bs)) - sinfo.core.router.recvPacket(bs, sinfo) - return - select { - case sinfo.core.router.toRecv <- router_recvPacket{bs, sinfo}: - default: // avoid deadlocks, maybe do this somewhere else?... - } + sinfo.core.router.toRecv <- router_recvPacket{bs, sinfo} } From ef7782289762770e8992aa880572418360ad2f81 Mon Sep 17 00:00:00 2001 From: William Wennerstr?m Date: Fri, 1 Mar 2019 17:26:07 +0100 Subject: [PATCH 13/61] contrib/busybox-init: add init.d script for busybox init --- contrib/busybox-init/S42yggdrasil | 71 +++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100755 contrib/busybox-init/S42yggdrasil diff --git a/contrib/busybox-init/S42yggdrasil b/contrib/busybox-init/S42yggdrasil new file mode 100755 index 000000000..d09c3a794 --- /dev/null +++ b/contrib/busybox-init/S42yggdrasil @@ -0,0 +1,71 @@ +#!/bin/sh + +CONFFILE="/etc/yggdrasil.conf" + +genconf() { + /usr/bin/yggdrasil -genconf > "$1" + return $? +} + +probetun() { + modprobe tun + return $? +} + +start() { + if [ ! -f "$CONFFILE" ]; then + printf 'Generating configuration file: ' + if genconf "$CONFFILE"; then + echo "OK" + else + echo "FAIL" + return 1 + fi + fi + + if [ ! -e /dev/net/tun ]; then + printf 'Inserting TUN module: ' + if probetun; then + echo "OK" + else + echo "FAIL" + return 1 + fi + fi + + printf 'Starting yggdrasil: ' + if start-stop-daemon -S -b -x /usr/bin/yggdrasil \ + -- --useconf < "$CONFFILE"; then + echo "OK" + else + echo "FAIL" + fi +} + +stop() { + printf "Stopping yggdrasil: " + if start-stop-daemon -K -q -x /usr/bin/yggdrasil; then + echo "OK" + else + echo "FAIL" + fi +} + +restart() { + stop + start +} + +reload() { + restart +} + +case "$1" in + start|stop|restart|reload) + "$1";; + *) + echo "Usage: $0 {start|stop|restart}" + exit 1 +esac + +exit 0 From a6ae159329938f8252f2495fcc79abafcc1eaf86 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 1 Mar 2019 18:26:52 +0000 Subject: [PATCH 14/61] Give some more feedback that a configuration reload actually happens --- src/yggdrasil/core.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/yggdrasil/core.go b/src/yggdrasil/core.go index 2e23dd197..04433282e 100644 --- a/src/yggdrasil/core.go +++ b/src/yggdrasil/core.go @@ -125,11 +125,15 @@ func (c *Core) addPeerLoop() { // UpdateConfig updates the configuration in Core and then signals the // various module goroutines to reconfigure themselves if needed func (c *Core) UpdateConfig(config *config.NodeConfig) { + c.log.Infoln("Reloading configuration...") + c.configMutex.Lock() c.configOld = c.config c.config = *config c.configMutex.Unlock() + errors := 0 + components := []chan chan error{ c.admin.reconfigure, c.searches.reconfigure, @@ -148,9 +152,16 @@ func (c *Core) UpdateConfig(config *config.NodeConfig) { response := make(chan error) component <- response if err := <-response; err != nil { - c.log.Println(err) + c.log.Errorln(err) + errors++ } } + + if errors > 0 { + c.log.Warnln(errors, "modules reported errors during configuration reload") + } else { + c.log.Infoln("Configuration reloaded successfully") + } } // GetBuildName gets the current build name. This is usually injected if built From e99903bf725de434b76ea3c790afdd2b43e894cb Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 1 Mar 2019 19:26:50 +0000 Subject: [PATCH 15/61] Wake up AWDL on Darwin if awdl0 is an enabled multicast interface --- src/yggdrasil/multicast.go | 3 ++- src/yggdrasil/multicast_darwin.go | 25 ++++++++++++++++++++++++- src/yggdrasil/multicast_other.go | 6 +++++- src/yggdrasil/multicast_unix.go | 6 +++++- src/yggdrasil/multicast_windows.go | 6 +++++- 5 files changed, 41 insertions(+), 5 deletions(-) diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index 42651deb6..b20ee94d5 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -50,7 +50,7 @@ func (m *multicast) start() error { } listenString := fmt.Sprintf("[::]:%v", addr.Port) lc := net.ListenConfig{ - Control: multicastReuse, + Control: m.multicastReuse, } conn, err := lc.ListenPacket(context.Background(), "udp6", listenString) if err != nil { @@ -61,6 +61,7 @@ func (m *multicast) start() error { // Windows can't set this flag, so we need to handle it in other ways } + m.multicastWake() go m.listen() go m.announce() } diff --git a/src/yggdrasil/multicast_darwin.go b/src/yggdrasil/multicast_darwin.go index 71eecce4c..9c5d0b2d9 100644 --- a/src/yggdrasil/multicast_darwin.go +++ b/src/yggdrasil/multicast_darwin.go @@ -2,10 +2,33 @@ package yggdrasil +/* +#cgo CFLAGS: -x objective-c +#cgo LDFLAGS: -framework Foundation +#import +void WakeUpAWDL() { + id delegateObject; // Assume this exists. + NSNetServiceBrowser *serviceBrowser; + + serviceBrowser = [[NSNetServiceBrowser alloc] init]; + serviceBrowser.includesPeerToPeer = YES; + [serviceBrowser searchForServicesOfType:@"_yggdrasil._tcp" inDomain:@""]; +} +*/ +import "C" import "syscall" import "golang.org/x/sys/unix" -func multicastReuse(network string, address string, c syscall.RawConn) error { +func (m *multicast) multicastWake() { + for _, intf := range m.interfaces() { + if intf.Name == "awdl0" { + m.core.log.Infoln("Multicast discovery is waking up AWDL") + C.WakeUpAWDL() + } + } +} + +func (m *multicast) multicastReuse(network string, address string, c syscall.RawConn) error { var control error var reuseport error var recvanyif error diff --git a/src/yggdrasil/multicast_other.go b/src/yggdrasil/multicast_other.go index 8a4ce56cf..043dd3ae7 100644 --- a/src/yggdrasil/multicast_other.go +++ b/src/yggdrasil/multicast_other.go @@ -4,6 +4,10 @@ package yggdrasil import "syscall" -func multicastReuse(network string, address string, c syscall.RawConn) error { +func (m *multicast) multicastWake() { + +} + +func (m *multicast) multicastReuse(network string, address string, c syscall.RawConn) error { return nil } diff --git a/src/yggdrasil/multicast_unix.go b/src/yggdrasil/multicast_unix.go index 54bbc645e..4237481c7 100644 --- a/src/yggdrasil/multicast_unix.go +++ b/src/yggdrasil/multicast_unix.go @@ -5,7 +5,11 @@ package yggdrasil import "syscall" import "golang.org/x/sys/unix" -func multicastReuse(network string, address string, c syscall.RawConn) error { +func (m *multicast) multicastWake() { + +} + +func (m *multicast) multicastReuse(network string, address string, c syscall.RawConn) error { var control error var reuseport error diff --git a/src/yggdrasil/multicast_windows.go b/src/yggdrasil/multicast_windows.go index 13f203157..14c931295 100644 --- a/src/yggdrasil/multicast_windows.go +++ b/src/yggdrasil/multicast_windows.go @@ -5,7 +5,11 @@ package yggdrasil import "syscall" import "golang.org/x/sys/windows" -func multicastReuse(network string, address string, c syscall.RawConn) error { +func (m *multicast) multicastWake() { + +} + +func (m *multicast) multicastReuse(network string, address string, c syscall.RawConn) error { var control error var reuseaddr error From 12e088ab9e282663d48334b30a27b4975e9bee6d Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 1 Mar 2019 19:34:53 +0000 Subject: [PATCH 16/61] Remove unnecessary Cgo line --- src/yggdrasil/multicast_darwin.go | 1 - 1 file changed, 1 deletion(-) diff --git a/src/yggdrasil/multicast_darwin.go b/src/yggdrasil/multicast_darwin.go index 9c5d0b2d9..66c18241d 100644 --- a/src/yggdrasil/multicast_darwin.go +++ b/src/yggdrasil/multicast_darwin.go @@ -7,7 +7,6 @@ package yggdrasil #cgo LDFLAGS: -framework Foundation #import void WakeUpAWDL() { - id delegateObject; // Assume this exists. NSNetServiceBrowser *serviceBrowser; serviceBrowser = [[NSNetServiceBrowser alloc] init]; From b401b92a75a8da0fba86d2d2e4b34fb05f097e97 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sat, 2 Mar 2019 00:38:18 +0000 Subject: [PATCH 17/61] Try updating circleci workflow --- .circleci/config.yml | 119 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 107 insertions(+), 12 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 82a68aad8..871d2faf9 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,7 +3,7 @@ # Check https://circleci.com/docs/2.0/language-go/ for more details version: 2 jobs: - build: + build-linux: docker: - image: circleci/golang:1.11 @@ -43,17 +43,97 @@ jobs: sudo alien --to-rpm yggdrasil*.deb --scripts --keep-version && mv *.rpm /tmp/upload/; mv *.deb /tmp/upload/ + - run: + name: Build for EdgeRouter + command: | + rm -f {yggdrasil,yggdrasilctl} + git clone https://github.com/neilalexander/vyatta-yggdrasil /tmp/vyatta-yggdrasil; + cd /tmp/vyatta-yggdrasil; + BUILDDIR_YGG=$CIRCLE_WORKING_DIRECTORY ./build-edgerouter-x $CIRCLE_BRANCH; + BUILDDIR_YGG=$CIRCLE_WORKING_DIRECTORY ./build-edgerouter-lite $CIRCLE_BRANCH; + mv *.deb /tmp/upload; + + - persist_to_workspace: + root: /tmp + paths: + - upload + + build-macos: + macos: + xcode: "10.0.0" + + working_directory: ~/go/src/github.com/yggdrasil-network/yggdrasil-go + + steps: + - checkout + + - run: + name: Create artifact upload directory and set variables + command: | + mkdir /tmp/upload + echo 'export CINAME=$(sh contrib/semver/name.sh)' >> $BASH_ENV + echo 'export CIVERSION=$(sh contrib/semver/version.sh --bare)' >> $BASH_ENV + echo 'export PATH=$PATH:/usr/local/go/bin:~/go/bin' >> $BASH_ENV + git config --global user.email "$(git log --format='%ae' HEAD -1)"; + git config --global user.name "$(git log --format='%an' HEAD -1)"; + echo -e "Host *\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config + + - run: + name: Install Go 1.11 + command: | + cd /tmp + curl -LO https://dl.google.com/go/go1.11.5.darwin-amd64.pkg + sudo installer -pkg /tmp/go1.11.5.darwin-amd64.pkg -target / + + - run: + name: Install Gomobile + command: | + GO111MODULE=off go get golang.org/x/mobile/cmd/gomobile + gomobile init + - run: name: Build for macOS command: | rm -f {yggdrasil,yggdrasilctl} - GOOS=darwin GOARCH=amd64 ./build && mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-darwin-amd64 && mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-darwin-amd64; + GO111MODULE=on GOOS=darwin GOARCH=amd64 ./build + mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-darwin-amd64 + mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-darwin-amd64; - run: name: Build for macOS (.pkg format) command: | rm -rf {yggdrasil,yggdrasilctl} - GOOS=darwin GOARCH=amd64 ./build && PKGARCH=amd64 sh contrib/macos/create-pkg.sh && mv *.pkg /tmp/upload/ + PKGARCH=amd64 sh contrib/macos/create-pkg.sh + mv *.pkg /tmp/upload/ + + #- run: + # name: Build framework for iOS (.framework format) + # command: | + # sudo GO111MODULE=off go get -v github.com/yggdrasil-network/yggdrasil-go/cmd/... + # sudo GO111MODULE=off go get -v github.com/yggdrasil-network/yggdrasil-go/src/... + # GO111MODULE=off ./build -i + # mv *.framework /tmp/upload + + - persist_to_workspace: + root: /tmp + paths: + - upload + + build-other: + docker: + - image: circleci/golang:1.11 + + steps: + - checkout + + - run: + name: Create artifact upload directory and set variables + command: | + mkdir /tmp/upload + echo 'export CINAME=$(sh contrib/semver/name.sh)' >> $BASH_ENV + echo 'export CIVERSION=$(sh contrib/semver/version.sh --bare)' >> $BASH_ENV + git config --global user.email "$(git log --format='%ae' HEAD -1)"; + git config --global user.name "$(git log --format='%an' HEAD -1)"; - run: name: Build for OpenBSD @@ -83,16 +163,31 @@ jobs: GOOS=windows GOARCH=amd64 ./build && mv yggdrasil.exe /tmp/upload/$CINAME-$CIVERSION-windows-amd64.exe && mv yggdrasilctl.exe /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-windows-amd64.exe; GOOS=windows GOARCH=386 ./build && mv yggdrasil.exe /tmp/upload/$CINAME-$CIVERSION-windows-i386.exe && mv yggdrasilctl.exe /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-windows-i386.exe; - - run: - name: Build for EdgeRouter - command: | - rm -f {yggdrasil,yggdrasilctl} - git clone https://github.com/neilalexander/vyatta-yggdrasil /tmp/vyatta-yggdrasil; - cd /tmp/vyatta-yggdrasil; - BUILDDIR_YGG=$CIRCLE_WORKING_DIRECTORY ./build-edgerouter-x $CIRCLE_BRANCH; - BUILDDIR_YGG=$CIRCLE_WORKING_DIRECTORY ./build-edgerouter-lite $CIRCLE_BRANCH; - mv *.deb /tmp/upload; + - persist_to_workspace: + root: /tmp + paths: + - upload + + upload: + machine: true + + steps: + - attach_workspace: + at: /tmp - store_artifacts: path: /tmp/upload destination: / + +workflows: + version: 2 + build-all: + jobs: + - build-linux + - build-macos + - build-other + - upload: + requires: + - build-linux + - build-macos + - build-other From 857a33c91bb9151817eef3d706e1f543a997bf5f Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sat, 2 Mar 2019 15:26:55 +0000 Subject: [PATCH 18/61] Revert "Simplifying Dockerfile" --- contrib/docker/Dockerfile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile index a91f775d8..fb4fbfaaa 100644 --- a/contrib/docker/Dockerfile +++ b/contrib/docker/Dockerfile @@ -1,19 +1,18 @@ -FROM golang:alpine as builder +FROM docker.io/golang:alpine as builder +COPY . /src WORKDIR /src ENV CGO_ENABLED=0 -RUN apk add git && \ - git clone https://github.com/yggdrasil-network/yggdrasil-go.git . && \ - ./build +RUN apk add git && ./build -FROM alpine +FROM docker.io/alpine LABEL maintainer="Christer Waren/CWINFO " COPY --from=builder /src/yggdrasil /usr/bin/yggdrasil COPY --from=builder /src/yggdrasilctl /usr/bin/yggdrasilctl -COPY --from=builder /src/contrib/docker/entrypoint.sh /usr/bin/entrypoint.sh +COPY contrib/docker/entrypoint.sh /usr/bin/entrypoint.sh # RUN addgroup -g 1000 -S yggdrasil-network \ # && adduser -u 1000 -S -g 1000 --home /etc/yggdrasil-network yggdrasil-network From 8f66d5b8ddc756ce7b888e826fba753b9e24c342 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sun, 3 Mar 2019 14:09:54 +0000 Subject: [PATCH 19/61] Try to clean up UNIX admin socket --- src/yggdrasil/admin.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index f8347f0d8..6e9414996 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -402,7 +402,18 @@ func (a *admin) listen() { switch strings.ToLower(u.Scheme) { case "unix": if _, err := os.Stat(a.listenaddr[7:]); err == nil { - a.core.log.Warnln("WARNING:", a.listenaddr[7:], "already exists and may be in use by another process") + a.core.log.Debugln("Admin socket", a.listenaddr[7:], "already exists, trying to clean up") + if _, err := net.Dial("unix", a.listenaddr[7:]); err == nil { + a.core.log.Errorln("Admin socket", a.listenaddr[7:], "is already in use by another process") + os.Exit(1) + } else { + if err := os.Remove(a.listenaddr[7:]); err == nil { + a.core.log.Debugln(a.listenaddr[7:], "was cleaned up") + } else { + a.core.log.Errorln(a.listenaddr[7:], "already exists and was not cleaned up:", err) + os.Exit(1) + } + } } a.listener, err = net.Listen("unix", a.listenaddr[7:]) if err == nil { From c940bae9e3587bea0519b5b10eaecc29006fc07b Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sun, 3 Mar 2019 14:15:01 +0000 Subject: [PATCH 20/61] Update output --- src/yggdrasil/admin.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index 6e9414996..211f3c2dd 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -404,7 +404,7 @@ func (a *admin) listen() { if _, err := os.Stat(a.listenaddr[7:]); err == nil { a.core.log.Debugln("Admin socket", a.listenaddr[7:], "already exists, trying to clean up") if _, err := net.Dial("unix", a.listenaddr[7:]); err == nil { - a.core.log.Errorln("Admin socket", a.listenaddr[7:], "is already in use by another process") + a.core.log.Errorln("Admin socket", a.listenaddr[7:], "already exists and is in use by another process") os.Exit(1) } else { if err := os.Remove(a.listenaddr[7:]); err == nil { From 918ce5a3fcf9f89e63685d1ffa7cf50e1889a41e Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sun, 3 Mar 2019 19:32:36 +0000 Subject: [PATCH 21/61] Add a timeout on the UNIX admin socket check --- src/yggdrasil/admin.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index 211f3c2dd..62803395b 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -403,7 +403,7 @@ func (a *admin) listen() { case "unix": if _, err := os.Stat(a.listenaddr[7:]); err == nil { a.core.log.Debugln("Admin socket", a.listenaddr[7:], "already exists, trying to clean up") - if _, err := net.Dial("unix", a.listenaddr[7:]); err == nil { + if _, err := net.DialTimeout("unix", a.listenaddr[7:], time.Second*2); err == nil || err.(net.Error).Timeout() { a.core.log.Errorln("Admin socket", a.listenaddr[7:], "already exists and is in use by another process") os.Exit(1) } else { From 7c435e6c1ba5d5cb104df4a356256507eb612ebd Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 08:35:45 +0000 Subject: [PATCH 22/61] Fix macOS package --- .circleci/config.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 871d2faf9..225571671 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -94,15 +94,13 @@ jobs: - run: name: Build for macOS command: | - rm -f {yggdrasil,yggdrasilctl} GO111MODULE=on GOOS=darwin GOARCH=amd64 ./build - mv yggdrasil /tmp/upload/$CINAME-$CIVERSION-darwin-amd64 - mv yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-darwin-amd64; + cp yggdrasil /tmp/upload/$CINAME-$CIVERSION-darwin-amd64 + cp yggdrasilctl /tmp/upload/$CINAME-$CIVERSION-yggdrasilctl-darwin-amd64; - run: name: Build for macOS (.pkg format) command: | - rm -rf {yggdrasil,yggdrasilctl} PKGARCH=amd64 sh contrib/macos/create-pkg.sh mv *.pkg /tmp/upload/ From ddd1ac460604162870bc30b2a83a409e2542f8b4 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 08:44:25 +0000 Subject: [PATCH 23/61] Fix launchd file for macOS to use -useconffile --- contrib/macos/yggdrasil.plist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/macos/yggdrasil.plist b/contrib/macos/yggdrasil.plist index e5d302408..c436d4bd4 100644 --- a/contrib/macos/yggdrasil.plist +++ b/contrib/macos/yggdrasil.plist @@ -8,7 +8,7 @@ sh -c - /usr/local/bin/yggdrasil -useconf < /etc/yggdrasil.conf + /usr/local/bin/yggdrasil -useconffile /etc/yggdrasil.conf KeepAlive From ae79246a66dadfdd3a84599731597cf9a1c3ed8e Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 17:09:48 +0000 Subject: [PATCH 24/61] Move TCP under link.go --- src/yggdrasil/admin.go | 4 ++-- src/yggdrasil/core.go | 8 +------- src/yggdrasil/link.go | 9 ++++++++- src/yggdrasil/multicast.go | 6 +++--- src/yggdrasil/tcp.go | 32 ++++++++++++++++---------------- 5 files changed, 30 insertions(+), 29 deletions(-) diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index 62803395b..d0d4cc908 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -577,9 +577,9 @@ func (a *admin) addPeer(addr string, sintf string) error { if err == nil { switch strings.ToLower(u.Scheme) { case "tcp": - a.core.tcp.connect(u.Host, sintf) + a.core.link.tcp.connect(u.Host, sintf) case "socks": - a.core.tcp.connectSOCKS(u.Host, u.Path[1:]) + a.core.link.tcp.connectSOCKS(u.Host, u.Path[1:]) default: return errors.New("invalid peer: " + addr) } diff --git a/src/yggdrasil/core.go b/src/yggdrasil/core.go index 04433282e..b2a85ec5a 100644 --- a/src/yggdrasil/core.go +++ b/src/yggdrasil/core.go @@ -44,7 +44,6 @@ type Core struct { admin admin searches searches multicast multicast - tcp tcpInterface link link log *log.Logger } @@ -144,7 +143,7 @@ func (c *Core) UpdateConfig(config *config.NodeConfig) { c.router.tun.reconfigure, c.router.cryptokey.reconfigure, c.switchTable.reconfigure, - c.tcp.reconfigure, + // c.link.reconfigure, c.multicast.reconfigure, } @@ -205,11 +204,6 @@ func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) error { c.init() - if err := c.tcp.init(c); err != nil { - c.log.Errorln("Failed to start TCP interface") - return err - } - if err := c.link.init(c); err != nil { c.log.Errorln("Failed to start link interfaces") return err diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 6fc7687b1..8c03e0860 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -8,6 +8,7 @@ import ( "net" "strings" "sync" + //"sync/atomic" "time" @@ -20,7 +21,8 @@ type link struct { core *Core mutex sync.RWMutex // protects interfaces below interfaces map[linkInfo]*linkInterface - awdl awdl // AWDL interface support + awdl awdl // AWDL interface support + tcp tcpInterface // TCP interface support // TODO timeout (to remove from switch), read from config.ReadTimeout } @@ -58,6 +60,11 @@ func (l *link) init(c *Core) error { l.interfaces = make(map[linkInfo]*linkInterface) l.mutex.Unlock() + if err := l.tcp.init(l); err != nil { + c.log.Errorln("Failed to start TCP interface") + return err + } + if err := l.awdl.init(l); err != nil { l.core.log.Errorln("Failed to start AWDL interface") return err diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index b20ee94d5..f416ea26a 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -27,7 +27,7 @@ func (m *multicast) init(core *Core) { for { e := <-m.reconfigure m.myAddrMutex.Lock() - m.myAddr = m.core.tcp.getAddr() + m.myAddr = m.core.link.tcp.getAddr() m.myAddrMutex.Unlock() e <- nil } @@ -109,7 +109,7 @@ func (m *multicast) interfaces() []net.Interface { func (m *multicast) announce() { var anAddr net.TCPAddr m.myAddrMutex.Lock() - m.myAddr = m.core.tcp.getAddr() + m.myAddr = m.core.link.tcp.getAddr() m.myAddrMutex.Unlock() groupAddr, err := net.ResolveUDPAddr("udp6", m.groupAddr) if err != nil { @@ -183,6 +183,6 @@ func (m *multicast) listen() { } addr.Zone = from.Zone saddr := addr.String() - m.core.tcp.connect(saddr, addr.Zone) + m.core.link.tcp.connect(saddr, addr.Zone) } } diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index c65e2e664..989480dbe 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -32,7 +32,7 @@ const tcp_ping_interval = (default_timeout * 2 / 3) // The TCP listener and information about active TCP connections, to avoid duplication. type tcpInterface struct { - core *Core + link *link reconfigure chan chan error serv net.Listener stop chan bool @@ -77,16 +77,16 @@ func (iface *tcpInterface) connectSOCKS(socksaddr, peeraddr string) { } // Initializes the struct. -func (iface *tcpInterface) init(core *Core) (err error) { - iface.core = core +func (iface *tcpInterface) init(l *link) (err error) { + iface.link = l iface.stop = make(chan bool, 1) iface.reconfigure = make(chan chan error, 1) go func() { for { e := <-iface.reconfigure - iface.core.configMutex.RLock() - updated := iface.core.config.Listen != iface.core.configOld.Listen - iface.core.configMutex.RUnlock() + iface.link.core.configMutex.RLock() + updated := iface.link.core.config.Listen != iface.link.core.configOld.Listen + iface.link.core.configMutex.RUnlock() if updated { iface.stop <- true iface.serv.Close() @@ -103,9 +103,9 @@ func (iface *tcpInterface) init(core *Core) (err error) { func (iface *tcpInterface) listen() error { var err error - iface.core.configMutex.RLock() - iface.addr = iface.core.config.Listen - iface.core.configMutex.RUnlock() + iface.link.core.configMutex.RLock() + iface.addr = iface.link.core.config.Listen + iface.link.core.configMutex.RUnlock() ctx := context.Background() lc := net.ListenConfig{ @@ -127,16 +127,16 @@ func (iface *tcpInterface) listen() error { // Runs the listener, which spawns off goroutines for incoming connections. func (iface *tcpInterface) listener() { defer iface.serv.Close() - iface.core.log.Infoln("Listening for TCP on:", iface.serv.Addr().String()) + iface.link.core.log.Infoln("Listening for TCP on:", iface.serv.Addr().String()) for { sock, err := iface.serv.Accept() if err != nil { - iface.core.log.Errorln("Failed to accept connection:", err) + iface.link.core.log.Errorln("Failed to accept connection:", err) return } select { case <-iface.stop: - iface.core.log.Errorln("Stopping listener") + iface.link.core.log.Errorln("Stopping listener") return default: if err != nil { @@ -280,12 +280,12 @@ func (iface *tcpInterface) handler(sock net.Conn, incoming bool) { remote, _, _ := net.SplitHostPort(sock.RemoteAddr().String()) remotelinklocal := net.ParseIP(remote).IsLinkLocalUnicast() name := "tcp://" + sock.RemoteAddr().String() - link, err := iface.core.link.create(&stream, name, "tcp", local, remote, incoming, remotelinklocal) + link, err := iface.link.core.link.create(&stream, name, "tcp", local, remote, incoming, remotelinklocal) if err != nil { - iface.core.log.Println(err) + iface.link.core.log.Println(err) panic(err) } - iface.core.log.Debugln("DEBUG: starting handler for", name) + iface.link.core.log.Debugln("DEBUG: starting handler for", name) err = link.handler() - iface.core.log.Debugln("DEBUG: stopped handler for", name, err) + iface.link.core.log.Debugln("DEBUG: stopped handler for", name, err) } From be8db0c120b48c233e29318138cb62cda94a2296 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 17:52:57 +0000 Subject: [PATCH 25/61] Support multiple TCP listeners --- cmd/yggdrasil/main.go | 10 ++- src/config/config.go | 6 +- src/yggdrasil/link.go | 9 ++- src/yggdrasil/tcp.go | 155 +++++++++++++++++++++--------------- src/yggdrasil/tcp_darwin.go | 2 +- src/yggdrasil/tcp_other.go | 2 +- 6 files changed, 110 insertions(+), 74 deletions(-) diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go index aa5a74945..e0c764e7b 100644 --- a/cmd/yggdrasil/main.go +++ b/cmd/yggdrasil/main.go @@ -134,12 +134,20 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *nodeCo } } } + // Do a quick check for old-format Listen statement so that mapstructure + // doesn't fail and crash + if listen, ok := dat["Listen"].(string); ok { + if strings.HasPrefix(listen, "tcp://") { + dat["Listen"] = []string{listen} + } else { + dat["Listen"] = []string{"tcp://" + listen} + } + } // Overlay our newly mapped configuration onto the autoconf node config that // we generated above. if err = mapstructure.Decode(dat, &cfg); err != nil { panic(err) } - return cfg } diff --git a/src/config/config.go b/src/config/config.go index 14b164909..807ce25b5 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -12,7 +12,7 @@ import ( // NodeConfig defines all configuration values needed to run a signle yggdrasil node type NodeConfig struct { - Listen string `comment:"Listen address for peer connections. Default is to listen for all\nTCP connections over IPv4 and IPv6 with a random port."` + Listen []string `comment:"Listen address for peer connections. Default is to listen for all\nTCP connections over IPv4 and IPv6 with a random port."` AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."` Peers []string `comment:"List of connection strings for static peers in URI format, e.g.\ntcp://a.b.c.d:e or socks://a.b.c.d:e/f.g.h.i:j."` InterfacePeers map[string][]string `comment:"List of connection strings for static peers in URI format, arranged\nby source interface, e.g. { \"eth0\": [ tcp://a.b.c.d:e ] }. Note that\nSOCKS peerings will NOT be affected by this option and should go in\nthe \"Peers\" section instead."` @@ -79,10 +79,10 @@ func GenerateConfig(isAutoconf bool) *NodeConfig { // Create a node configuration and populate it. cfg := NodeConfig{} if isAutoconf { - cfg.Listen = "[::]:0" + cfg.Listen = []string{"tcp://[::]:0"} } else { r1 := rand.New(rand.NewSource(time.Now().UnixNano())) - cfg.Listen = fmt.Sprintf("[::]:%d", r1.Intn(65534-32768)+32768) + cfg.Listen = []string{fmt.Sprintf("[::]:%d", r1.Intn(65534-32768)+32768)} } cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:]) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 8c03e0860..277f24c00 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -21,8 +21,9 @@ type link struct { core *Core mutex sync.RWMutex // protects interfaces below interfaces map[linkInfo]*linkInterface - awdl awdl // AWDL interface support - tcp tcpInterface // TCP interface support + handlers map[string]linkListener + awdl awdl // AWDL interface support + tcp tcp // TCP interface support // TODO timeout (to remove from switch), read from config.ReadTimeout } @@ -34,6 +35,10 @@ type linkInfo struct { remote string // Remote name or address } +type linkListener interface { + init(*link) error +} + type linkInterfaceMsgIO interface { readMsg() ([]byte, error) writeMsg([]byte) (int, error) diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 989480dbe..45b15f94f 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -31,13 +31,12 @@ const default_timeout = 6 * time.Second const tcp_ping_interval = (default_timeout * 2 / 3) // The TCP listener and information about active TCP connections, to avoid duplication. -type tcpInterface struct { +type tcp struct { link *link reconfigure chan chan error - serv net.Listener stop chan bool - addr string mutex sync.Mutex // Protecting the below + listeners map[string]net.Listener calls map[string]struct{} conns map[tcpInfo](chan struct{}) } @@ -52,7 +51,7 @@ type tcpInfo struct { } // Wrapper function to set additional options for specific connection types. -func (iface *tcpInterface) setExtraOptions(c net.Conn) { +func (t *tcp) setExtraOptions(c net.Conn) { switch sock := c.(type) { case *net.TCPConn: sock.SetNoDelay(true) @@ -62,62 +61,81 @@ func (iface *tcpInterface) setExtraOptions(c net.Conn) { } // Returns the address of the listener. -func (iface *tcpInterface) getAddr() *net.TCPAddr { - return iface.serv.Addr().(*net.TCPAddr) +func (t *tcp) getAddr() *net.TCPAddr { + for _, listener := range t.listeners { + return listener.Addr().(*net.TCPAddr) + } + return nil } // Attempts to initiate a connection to the provided address. -func (iface *tcpInterface) connect(addr string, intf string) { - iface.call(addr, nil, intf) +func (t *tcp) connect(addr string, intf string) { + t.call(addr, nil, intf) } // Attempst to initiate a connection to the provided address, viathe provided socks proxy address. -func (iface *tcpInterface) connectSOCKS(socksaddr, peeraddr string) { - iface.call(peeraddr, &socksaddr, "") +func (t *tcp) connectSOCKS(socksaddr, peeraddr string) { + t.call(peeraddr, &socksaddr, "") } // Initializes the struct. -func (iface *tcpInterface) init(l *link) (err error) { - iface.link = l - iface.stop = make(chan bool, 1) - iface.reconfigure = make(chan chan error, 1) +func (t *tcp) init(l *link) error { + t.link = l + t.stop = make(chan bool, 1) + t.reconfigure = make(chan chan error, 1) + go func() { for { - e := <-iface.reconfigure - iface.link.core.configMutex.RLock() - updated := iface.link.core.config.Listen != iface.link.core.configOld.Listen - iface.link.core.configMutex.RUnlock() + e := <-t.reconfigure + t.link.core.configMutex.RLock() + //updated := t.link.core.config.Listen != t.link.core.configOld.Listen + updated := false + t.link.core.configMutex.RUnlock() if updated { - iface.stop <- true - iface.serv.Close() - e <- iface.listen() + /* t.stop <- true + for _, listener := range t.listeners { + listener.Close() + } + e <- t.listen() */ } else { e <- nil } } }() - return iface.listen() + t.mutex.Lock() + t.calls = make(map[string]struct{}) + t.conns = make(map[tcpInfo](chan struct{})) + t.listeners = make(map[string]net.Listener) + t.mutex.Unlock() + + t.link.core.configMutex.RLock() + defer t.link.core.configMutex.RUnlock() + for _, listenaddr := range t.link.core.config.Listen { + if listenaddr[:6] != "tcp://" { + continue + } + if err := t.listen(listenaddr[6:]); err != nil { + return err + } + } + + return nil } -func (iface *tcpInterface) listen() error { +func (t *tcp) listen(listenaddr string) error { var err error - iface.link.core.configMutex.RLock() - iface.addr = iface.link.core.config.Listen - iface.link.core.configMutex.RUnlock() - ctx := context.Background() lc := net.ListenConfig{ - Control: iface.tcpContext, + Control: t.tcpContext, } - iface.serv, err = lc.Listen(ctx, "tcp", iface.addr) + listener, err := lc.Listen(ctx, "tcp", listenaddr) if err == nil { - iface.mutex.Lock() - iface.calls = make(map[string]struct{}) - iface.conns = make(map[tcpInfo](chan struct{})) - iface.mutex.Unlock() - go iface.listener() + t.mutex.Lock() + t.listeners[listenaddr] = listener + t.mutex.Unlock() + go t.listener(listenaddr) return nil } @@ -125,41 +143,46 @@ func (iface *tcpInterface) listen() error { } // Runs the listener, which spawns off goroutines for incoming connections. -func (iface *tcpInterface) listener() { - defer iface.serv.Close() - iface.link.core.log.Infoln("Listening for TCP on:", iface.serv.Addr().String()) +func (t *tcp) listener(listenaddr string) { + listener, ok := t.listeners[listenaddr] + if !ok { + t.link.core.log.Errorln("Tried to start TCP listener for", listenaddr, "which doesn't exist") + return + } + defer listener.Close() + t.link.core.log.Infoln("Listening for TCP on:", listener.Addr().String()) for { - sock, err := iface.serv.Accept() + sock, err := listener.Accept() if err != nil { - iface.link.core.log.Errorln("Failed to accept connection:", err) + t.link.core.log.Errorln("Failed to accept connection:", err) return } select { - case <-iface.stop: - iface.link.core.log.Errorln("Stopping listener") + case <-t.stop: + t.link.core.log.Errorln("Stopping listener") return default: if err != nil { panic(err) } - go iface.handler(sock, true) + go t.handler(sock, true) } } } // Checks if we already have a connection to this node -func (iface *tcpInterface) isAlreadyConnected(info tcpInfo) bool { - iface.mutex.Lock() - defer iface.mutex.Unlock() - _, isIn := iface.conns[info] +func (t *tcp) isAlreadyConnected(info tcpInfo) bool { + t.mutex.Lock() + defer t.mutex.Unlock() + _, isIn := t.conns[info] return isIn } // Checks if we already are calling this address -func (iface *tcpInterface) isAlreadyCalling(saddr string) bool { - iface.mutex.Lock() - defer iface.mutex.Unlock() - _, isIn := iface.calls[saddr] +func (t *tcp) isAlreadyCalling(saddr string) bool { + t.mutex.Lock() + defer t.mutex.Unlock() + _, isIn := t.calls[saddr] return isIn } @@ -168,25 +191,25 @@ func (iface *tcpInterface) isAlreadyCalling(saddr string) bool { // If the dial is successful, it launches the handler. // When finished, it removes the outgoing call, so reconnection attempts can be made later. // This all happens in a separate goroutine that it spawns. -func (iface *tcpInterface) call(saddr string, socksaddr *string, sintf string) { +func (t *tcp) call(saddr string, socksaddr *string, sintf string) { go func() { callname := saddr if sintf != "" { callname = fmt.Sprintf("%s/%s", saddr, sintf) } - if iface.isAlreadyCalling(callname) { + if t.isAlreadyCalling(callname) { return } - iface.mutex.Lock() - iface.calls[callname] = struct{}{} - iface.mutex.Unlock() + t.mutex.Lock() + t.calls[callname] = struct{}{} + t.mutex.Unlock() defer func() { // Block new calls for a little while, to mitigate livelock scenarios time.Sleep(default_timeout) time.Sleep(time.Duration(rand.Intn(1000)) * time.Millisecond) - iface.mutex.Lock() - delete(iface.calls, callname) - iface.mutex.Unlock() + t.mutex.Lock() + delete(t.calls, callname) + t.mutex.Unlock() }() var conn net.Conn var err error @@ -212,7 +235,7 @@ func (iface *tcpInterface) call(saddr string, socksaddr *string, sintf string) { } } else { dialer := net.Dialer{ - Control: iface.tcpContext, + Control: t.tcpContext, } if sintf != "" { ief, err := net.InterfaceByName(sintf) @@ -267,25 +290,25 @@ func (iface *tcpInterface) call(saddr string, socksaddr *string, sintf string) { return } } - iface.handler(conn, false) + t.handler(conn, false) }() } -func (iface *tcpInterface) handler(sock net.Conn, incoming bool) { +func (t *tcp) handler(sock net.Conn, incoming bool) { defer sock.Close() - iface.setExtraOptions(sock) + t.setExtraOptions(sock) stream := stream{} stream.init(sock) local, _, _ := net.SplitHostPort(sock.LocalAddr().String()) remote, _, _ := net.SplitHostPort(sock.RemoteAddr().String()) remotelinklocal := net.ParseIP(remote).IsLinkLocalUnicast() name := "tcp://" + sock.RemoteAddr().String() - link, err := iface.link.core.link.create(&stream, name, "tcp", local, remote, incoming, remotelinklocal) + link, err := t.link.core.link.create(&stream, name, "tcp", local, remote, incoming, remotelinklocal) if err != nil { - iface.link.core.log.Println(err) + t.link.core.log.Println(err) panic(err) } - iface.link.core.log.Debugln("DEBUG: starting handler for", name) + t.link.core.log.Debugln("DEBUG: starting handler for", name) err = link.handler() - iface.link.core.log.Debugln("DEBUG: stopped handler for", name, err) + t.link.core.log.Debugln("DEBUG: stopped handler for", name, err) } diff --git a/src/yggdrasil/tcp_darwin.go b/src/yggdrasil/tcp_darwin.go index 6483ef86d..9d55a1dbf 100644 --- a/src/yggdrasil/tcp_darwin.go +++ b/src/yggdrasil/tcp_darwin.go @@ -10,7 +10,7 @@ import ( // WARNING: This context is used both by net.Dialer and net.Listen in tcp.go -func (iface *tcpInterface) tcpContext(network, address string, c syscall.RawConn) error { +func (t *tcp) tcpContext(network, address string, c syscall.RawConn) error { var control error var recvanyif error diff --git a/src/yggdrasil/tcp_other.go b/src/yggdrasil/tcp_other.go index 5d62b5308..47bd772c3 100644 --- a/src/yggdrasil/tcp_other.go +++ b/src/yggdrasil/tcp_other.go @@ -8,6 +8,6 @@ import ( // WARNING: This context is used both by net.Dialer and net.Listen in tcp.go -func (iface *tcpInterface) tcpContext(network, address string, c syscall.RawConn) error { +func (t *tcp) tcpContext(network, address string, c syscall.RawConn) error { return nil } From 82bb95b77f2e64264f67c627df56812637705c4f Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 18:41:32 +0000 Subject: [PATCH 26/61] Some more (inelegant) multiple listener code plus some reconfigure support --- src/util/util.go | 17 +++++++++++ src/yggdrasil/awdl.go | 15 ++++++++-- src/yggdrasil/core.go | 2 +- src/yggdrasil/link.go | 31 +++++++++++++++---- src/yggdrasil/tcp.go | 69 ++++++++++++++++++++++++++++++------------- 5 files changed, 103 insertions(+), 31 deletions(-) diff --git a/src/util/util.go b/src/util/util.go index df15ff2c0..d669fa5e6 100644 --- a/src/util/util.go +++ b/src/util/util.go @@ -76,3 +76,20 @@ func FuncTimeout(f func(), timeout time.Duration) bool { return false } } + +// This calculates the difference between two arrays and returns items +// that appear in A but not in B - useful somewhat when reconfiguring +// and working out what configuration items changed +func Difference(a, b []string) []string { + ab := []string{} + mb := map[string]bool{} + for _, x := range b { + mb[x] = true + } + for _, x := range a { + if _, ok := mb[x]; !ok { + ab = append(ab, x) + } + } + return ab +} diff --git a/src/yggdrasil/awdl.go b/src/yggdrasil/awdl.go index 423668883..fe64e8bd7 100644 --- a/src/yggdrasil/awdl.go +++ b/src/yggdrasil/awdl.go @@ -7,9 +7,10 @@ import ( ) type awdl struct { - link *link - mutex sync.RWMutex // protects interfaces below - interfaces map[string]*awdlInterface + link *link + reconfigure chan chan error + mutex sync.RWMutex // protects interfaces below + interfaces map[string]*awdlInterface } type awdlInterface struct { @@ -49,8 +50,16 @@ func (a *awdl) init(l *link) error { a.link = l a.mutex.Lock() a.interfaces = make(map[string]*awdlInterface) + a.reconfigure = make(chan chan error, 1) a.mutex.Unlock() + go func() { + for { + e := <-a.reconfigure + e <- nil + } + }() + return nil } diff --git a/src/yggdrasil/core.go b/src/yggdrasil/core.go index b2a85ec5a..12ff14fcc 100644 --- a/src/yggdrasil/core.go +++ b/src/yggdrasil/core.go @@ -143,7 +143,7 @@ func (c *Core) UpdateConfig(config *config.NodeConfig) { c.router.tun.reconfigure, c.router.cryptokey.reconfigure, c.switchTable.reconfigure, - // c.link.reconfigure, + c.link.reconfigure, c.multicast.reconfigure, } diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 277f24c00..d040aac6e 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -18,12 +18,13 @@ import ( ) type link struct { - core *Core - mutex sync.RWMutex // protects interfaces below - interfaces map[linkInfo]*linkInterface - handlers map[string]linkListener - awdl awdl // AWDL interface support - tcp tcp // TCP interface support + core *Core + reconfigure chan chan error + mutex sync.RWMutex // protects interfaces below + interfaces map[linkInfo]*linkInterface + handlers map[string]linkListener + awdl awdl // AWDL interface support + tcp tcp // TCP interface support // TODO timeout (to remove from switch), read from config.ReadTimeout } @@ -63,6 +64,7 @@ func (l *link) init(c *Core) error { l.core = c l.mutex.Lock() l.interfaces = make(map[linkInfo]*linkInterface) + l.reconfigure = make(chan chan error) l.mutex.Unlock() if err := l.tcp.init(l); err != nil { @@ -75,6 +77,23 @@ func (l *link) init(c *Core) error { return err } + go func() { + for { + e := <-l.reconfigure + tcpresponse := make(chan error) + awdlresponse := make(chan error) + l.tcp.reconfigure <- tcpresponse + l.awdl.reconfigure <- awdlresponse + if err := <-tcpresponse; err != nil { + e <- err + } + if err := <-awdlresponse; err != nil { + e <- err + } + e <- nil + } + }() + return nil } diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 45b15f94f..bacb346fe 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -25,6 +25,7 @@ import ( "golang.org/x/net/proxy" "github.com/yggdrasil-network/yggdrasil-go/src/crypto" + "github.com/yggdrasil-network/yggdrasil-go/src/util" ) const default_timeout = 6 * time.Second @@ -32,13 +33,13 @@ const tcp_ping_interval = (default_timeout * 2 / 3) // The TCP listener and information about active TCP connections, to avoid duplication. type tcp struct { - link *link - reconfigure chan chan error - stop chan bool - mutex sync.Mutex // Protecting the below - listeners map[string]net.Listener - calls map[string]struct{} - conns map[tcpInfo](chan struct{}) + link *link + reconfigure chan chan error + mutex sync.Mutex // Protecting the below + listeners map[string]net.Listener + listenerstops map[string]chan bool + calls map[string]struct{} + conns map[tcpInfo](chan struct{}) } // This is used as the key to a map that tracks existing connections, to prevent multiple connections to the same keys and local/remote address pair from occuring. @@ -81,22 +82,38 @@ func (t *tcp) connectSOCKS(socksaddr, peeraddr string) { // Initializes the struct. func (t *tcp) init(l *link) error { t.link = l - t.stop = make(chan bool, 1) t.reconfigure = make(chan chan error, 1) go func() { for { e := <-t.reconfigure t.link.core.configMutex.RLock() - //updated := t.link.core.config.Listen != t.link.core.configOld.Listen - updated := false + added := util.Difference(t.link.core.config.Listen, t.link.core.configOld.Listen) + deleted := util.Difference(t.link.core.configOld.Listen, t.link.core.config.Listen) + updated := len(added) > 0 || len(deleted) > 0 t.link.core.configMutex.RUnlock() if updated { - /* t.stop <- true - for _, listener := range t.listeners { + for _, add := range added { + if add[:6] != "tcp://" { + continue + } + if err := t.listen(add[6:]); err != nil { + e <- err + continue + } + } + for _, delete := range deleted { + t.link.core.log.Warnln("Removing listener", delete, "not currently implemented") + /*t.mutex.Lock() + if listener, ok := t.listeners[delete]; ok { listener.Close() } - e <- t.listen() */ + if listener, ok := t.listenerstops[delete]; ok { + listener <- true + } + t.mutex.Unlock()*/ + } + e <- nil } else { e <- nil } @@ -107,6 +124,7 @@ func (t *tcp) init(l *link) error { t.calls = make(map[string]struct{}) t.conns = make(map[tcpInfo](chan struct{})) t.listeners = make(map[string]net.Listener) + t.listenerstops = make(map[string]chan bool) t.mutex.Unlock() t.link.core.configMutex.RLock() @@ -134,6 +152,7 @@ func (t *tcp) listen(listenaddr string) error { if err == nil { t.mutex.Lock() t.listeners[listenaddr] = listener + t.listenerstops[listenaddr] = make(chan bool, 1) t.mutex.Unlock() go t.listener(listenaddr) return nil @@ -149,17 +168,25 @@ func (t *tcp) listener(listenaddr string) { t.link.core.log.Errorln("Tried to start TCP listener for", listenaddr, "which doesn't exist") return } + reallistenaddr := listener.Addr().String() defer listener.Close() - t.link.core.log.Infoln("Listening for TCP on:", listener.Addr().String()) + t.link.core.log.Infoln("Listening for TCP on:", reallistenaddr) for { - sock, err := listener.Accept() - if err != nil { - t.link.core.log.Errorln("Failed to accept connection:", err) - return - } + var sock net.Conn + var err error + accepted := make(chan bool) + go func() { + sock, err = listener.Accept() + accepted <- true + }() select { - case <-t.stop: - t.link.core.log.Errorln("Stopping listener") + case <-accepted: + if err != nil { + t.link.core.log.Errorln("Failed to accept connection:", err) + return + } + case <-t.listenerstops[listenaddr]: + t.link.core.log.Errorln("Stopping TCP listener on:", reallistenaddr) return default: if err != nil { From eeede4e6d0c0d221a25f8e5816569f3400d89cfc Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 18:47:40 +0000 Subject: [PATCH 27/61] Fix some obvious concurrency bugs --- src/yggdrasil/tcp.go | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index bacb346fe..8dcd4c036 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -63,9 +63,14 @@ func (t *tcp) setExtraOptions(c net.Conn) { // Returns the address of the listener. func (t *tcp) getAddr() *net.TCPAddr { + // TODO: Fix this, because this will currently only give a single address + // to multicast.go, which obviously is not great, but right now multicast.go + // doesn't have the ability to send more than one address in a packet either + t.mutex.Lock() for _, listener := range t.listeners { return listener.Addr().(*net.TCPAddr) } + t.mutex.Unlock() return nil } @@ -83,6 +88,12 @@ func (t *tcp) connectSOCKS(socksaddr, peeraddr string) { func (t *tcp) init(l *link) error { t.link = l t.reconfigure = make(chan chan error, 1) + t.mutex.Lock() + t.calls = make(map[string]struct{}) + t.conns = make(map[tcpInfo](chan struct{})) + t.listeners = make(map[string]net.Listener) + t.listenerstops = make(map[string]chan bool) + t.mutex.Unlock() go func() { for { @@ -90,9 +101,8 @@ func (t *tcp) init(l *link) error { t.link.core.configMutex.RLock() added := util.Difference(t.link.core.config.Listen, t.link.core.configOld.Listen) deleted := util.Difference(t.link.core.configOld.Listen, t.link.core.config.Listen) - updated := len(added) > 0 || len(deleted) > 0 t.link.core.configMutex.RUnlock() - if updated { + if len(added) > 0 || len(deleted) > 0 { for _, add := range added { if add[:6] != "tcp://" { continue @@ -120,13 +130,6 @@ func (t *tcp) init(l *link) error { } }() - t.mutex.Lock() - t.calls = make(map[string]struct{}) - t.conns = make(map[tcpInfo](chan struct{})) - t.listeners = make(map[string]net.Listener) - t.listenerstops = make(map[string]chan bool) - t.mutex.Unlock() - t.link.core.configMutex.RLock() defer t.link.core.configMutex.RUnlock() for _, listenaddr := range t.link.core.config.Listen { @@ -163,8 +166,11 @@ func (t *tcp) listen(listenaddr string) error { // Runs the listener, which spawns off goroutines for incoming connections. func (t *tcp) listener(listenaddr string) { + t.mutex.Lock() listener, ok := t.listeners[listenaddr] - if !ok { + listenerstop, ok2 := t.listenerstops[listenaddr] + t.mutex.Unlock() + if !ok || !ok2 { t.link.core.log.Errorln("Tried to start TCP listener for", listenaddr, "which doesn't exist") return } @@ -185,7 +191,7 @@ func (t *tcp) listener(listenaddr string) { t.link.core.log.Errorln("Failed to accept connection:", err) return } - case <-t.listenerstops[listenaddr]: + case <-listenerstop: t.link.core.log.Errorln("Stopping TCP listener on:", reallistenaddr) return default: From 0be0b078cbe08b0752b5eece2b2aeef5c919a79a Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 19:00:06 +0000 Subject: [PATCH 28/61] Remove unused types in link.go --- src/yggdrasil/link.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index d040aac6e..ac869389f 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -22,7 +22,6 @@ type link struct { reconfigure chan chan error mutex sync.RWMutex // protects interfaces below interfaces map[linkInfo]*linkInterface - handlers map[string]linkListener awdl awdl // AWDL interface support tcp tcp // TCP interface support // TODO timeout (to remove from switch), read from config.ReadTimeout @@ -36,10 +35,6 @@ type linkInfo struct { remote string // Remote name or address } -type linkListener interface { - init(*link) error -} - type linkInterfaceMsgIO interface { readMsg() ([]byte, error) writeMsg([]byte) (int, error) From 2b8648e2b346daef301cd2d968c1315d40617e38 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 19:04:09 +0000 Subject: [PATCH 29/61] Fix debug builds --- src/yggdrasil/debug.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/yggdrasil/debug.go b/src/yggdrasil/debug.go index 94faba408..8405714a9 100644 --- a/src/yggdrasil/debug.go +++ b/src/yggdrasil/debug.go @@ -449,19 +449,19 @@ func (c *Core) DEBUG_addSOCKSConn(socksaddr, peeraddr string) { //* func (c *Core) DEBUG_setupAndStartGlobalTCPInterface(addrport string) { - c.config.Listen = addrport - if err := c.tcp.init(c /*, addrport, 0*/); err != nil { - c.log.Println("Failed to start TCP interface:", err) + c.config.Listen = []string{addrport} + if err := c.link.init(c); err != nil { + c.log.Println("Failed to start interfaces:", err) panic(err) } } func (c *Core) DEBUG_getGlobalTCPAddr() *net.TCPAddr { - return c.tcp.serv.Addr().(*net.TCPAddr) + return c.link.tcp.getAddr() } func (c *Core) DEBUG_addTCPConn(saddr string) { - c.tcp.call(saddr, nil, "") + c.link.tcp.call(saddr, nil, "") } //*/ From 61774aed3bfe286422bdb4a92e5bd3e4f84848e0 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 20:33:08 +0000 Subject: [PATCH 30/61] Show proto in admin socket, link linkInfo from peer, other fixes --- src/yggdrasil/admin.go | 6 ++++-- src/yggdrasil/debug.go | 10 +++++++++- src/yggdrasil/link.go | 2 +- src/yggdrasil/peer.go | 8 +++++--- src/yggdrasil/router.go | 10 +++++++++- src/yggdrasil/tcp.go | 34 ++++++---------------------------- 6 files changed, 34 insertions(+), 36 deletions(-) diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index d0d4cc908..ae5b02a24 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -666,7 +666,8 @@ func (a *admin) getData_getPeers() []admin_nodeInfo { {"uptime", int(time.Since(p.firstSeen).Seconds())}, {"bytes_sent", atomic.LoadUint64(&p.bytesSent)}, {"bytes_recvd", atomic.LoadUint64(&p.bytesRecvd)}, - {"endpoint", p.endpoint}, + {"proto", p.intf.info.linkType}, + {"endpoint", p.intf.info.remote}, {"box_pub_key", hex.EncodeToString(p.box[:])}, } peerInfos = append(peerInfos, info) @@ -692,7 +693,8 @@ func (a *admin) getData_getSwitchPeers() []admin_nodeInfo { {"port", elem.port}, {"bytes_sent", atomic.LoadUint64(&peer.bytesSent)}, {"bytes_recvd", atomic.LoadUint64(&peer.bytesRecvd)}, - {"endpoint", peer.endpoint}, + {"proto", peer.intf.info.linkType}, + {"endpoint", peer.intf.info.remote}, {"box_pub_key", hex.EncodeToString(peer.box[:])}, } peerInfos = append(peerInfos, info) diff --git a/src/yggdrasil/debug.go b/src/yggdrasil/debug.go index 8405714a9..e575b72db 100644 --- a/src/yggdrasil/debug.go +++ b/src/yggdrasil/debug.go @@ -97,7 +97,15 @@ func (c *Core) DEBUG_getPeers() *peers { } func (ps *peers) DEBUG_newPeer(box crypto.BoxPubKey, sig crypto.SigPubKey, link crypto.BoxSharedKey) *peer { - return ps.newPeer(&box, &sig, &link, "(simulator)", nil) + sim := linkInterface{ + name: "(simulator)", + info: linkInfo{ + local: "(simulator)", + remote: "(simulator)", + linkType: "sim", + }, + } + return ps.newPeer(&box, &sig, &link, &sim, nil) } /* diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index ac869389f..4f7c6e1fd 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -173,7 +173,7 @@ func (intf *linkInterface) handler() error { intf.link.mutex.Unlock() // Create peer shared := crypto.GetSharedKey(myLinkPriv, &meta.link) - intf.peer = intf.link.core.peers.newPeer(&meta.box, &meta.sig, shared, intf.name, func() { intf.msgIO.close() }) + intf.peer = intf.link.core.peers.newPeer(&meta.box, &meta.sig, shared, intf, func() { intf.msgIO.close() }) if intf.peer == nil { return errors.New("failed to create peer") } diff --git a/src/yggdrasil/peer.go b/src/yggdrasil/peer.go index 237d6f61a..ce3593682 100644 --- a/src/yggdrasil/peer.go +++ b/src/yggdrasil/peer.go @@ -98,6 +98,7 @@ type peer struct { bytesRecvd uint64 // To track bandwidth usage for getPeers // BUG: sync/atomic, 32 bit platforms need the above to be the first element core *Core + intf *linkInterface port switchPort box crypto.BoxPubKey sig crypto.SigPubKey @@ -113,18 +114,19 @@ type peer struct { } // Creates a new peer with the specified box, sig, and linkShared keys, using the lowest unoccupied port number. -func (ps *peers) newPeer(box *crypto.BoxPubKey, sig *crypto.SigPubKey, linkShared *crypto.BoxSharedKey, endpoint string, closer func()) *peer { +func (ps *peers) newPeer(box *crypto.BoxPubKey, sig *crypto.SigPubKey, linkShared *crypto.BoxSharedKey, intf *linkInterface, closer func()) *peer { now := time.Now() p := peer{box: *box, sig: *sig, shared: *crypto.GetSharedKey(&ps.core.boxPriv, box), linkShared: *linkShared, - endpoint: endpoint, firstSeen: now, doSend: make(chan struct{}, 1), dinfo: make(chan *dhtInfo, 1), close: closer, - core: ps.core} + core: ps.core, + intf: intf, + } ps.mutex.Lock() defer ps.mutex.Unlock() oldPorts := ps.getPorts() diff --git a/src/yggdrasil/router.go b/src/yggdrasil/router.go index 6acd4735c..1d4c0771d 100644 --- a/src/yggdrasil/router.go +++ b/src/yggdrasil/router.go @@ -67,7 +67,15 @@ func (r *router) init(core *Core) { r.addr = *address.AddrForNodeID(&r.core.dht.nodeID) r.subnet = *address.SubnetForNodeID(&r.core.dht.nodeID) in := make(chan []byte, 1) // TODO something better than this... - p := r.core.peers.newPeer(&r.core.boxPub, &r.core.sigPub, &crypto.BoxSharedKey{}, "(self)", nil) + self := linkInterface{ + name: "(self)", + info: linkInfo{ + local: "(self)", + remote: "(self)", + linkType: "self", + }, + } + p := r.core.peers.newPeer(&r.core.boxPub, &r.core.sigPub, &crypto.BoxSharedKey{}, &self, nil) p.out = func(packet []byte) { in <- packet } r.in = in out := make(chan []byte, 32) diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 8dcd4c036..c0d568a53 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -24,7 +24,6 @@ import ( "golang.org/x/net/proxy" - "github.com/yggdrasil-network/yggdrasil-go/src/crypto" "github.com/yggdrasil-network/yggdrasil-go/src/util" ) @@ -39,16 +38,7 @@ type tcp struct { listeners map[string]net.Listener listenerstops map[string]chan bool calls map[string]struct{} - conns map[tcpInfo](chan struct{}) -} - -// This is used as the key to a map that tracks existing connections, to prevent multiple connections to the same keys and local/remote address pair from occuring. -// Different address combinations are allowed, so multi-homing is still technically possible (but not necessarily advisable). -type tcpInfo struct { - box crypto.BoxPubKey - sig crypto.SigPubKey - localAddr string - remoteAddr string + conns map[linkInfo](chan struct{}) } // Wrapper function to set additional options for specific connection types. @@ -90,7 +80,7 @@ func (t *tcp) init(l *link) error { t.reconfigure = make(chan chan error, 1) t.mutex.Lock() t.calls = make(map[string]struct{}) - t.conns = make(map[tcpInfo](chan struct{})) + t.conns = make(map[linkInfo](chan struct{})) t.listeners = make(map[string]net.Listener) t.listenerstops = make(map[string]chan bool) t.mutex.Unlock() @@ -167,20 +157,20 @@ func (t *tcp) listen(listenaddr string) error { // Runs the listener, which spawns off goroutines for incoming connections. func (t *tcp) listener(listenaddr string) { t.mutex.Lock() - listener, ok := t.listeners[listenaddr] + listener, ok1 := t.listeners[listenaddr] listenerstop, ok2 := t.listenerstops[listenaddr] t.mutex.Unlock() - if !ok || !ok2 { + if !ok1 || !ok2 { t.link.core.log.Errorln("Tried to start TCP listener for", listenaddr, "which doesn't exist") return } reallistenaddr := listener.Addr().String() defer listener.Close() t.link.core.log.Infoln("Listening for TCP on:", reallistenaddr) + accepted := make(chan bool) for { var sock net.Conn var err error - accepted := make(chan bool) go func() { sock, err = listener.Accept() accepted <- true @@ -191,26 +181,14 @@ func (t *tcp) listener(listenaddr string) { t.link.core.log.Errorln("Failed to accept connection:", err) return } + go t.handler(sock, true) case <-listenerstop: t.link.core.log.Errorln("Stopping TCP listener on:", reallistenaddr) return - default: - if err != nil { - panic(err) - } - go t.handler(sock, true) } } } -// Checks if we already have a connection to this node -func (t *tcp) isAlreadyConnected(info tcpInfo) bool { - t.mutex.Lock() - defer t.mutex.Unlock() - _, isIn := t.conns[info] - return isIn -} - // Checks if we already are calling this address func (t *tcp) isAlreadyCalling(saddr string) bool { t.mutex.Lock() From 88925d3e06921107a603eb96def354cc938bea52 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 22:45:35 +0000 Subject: [PATCH 31/61] Centralise call/listen functions in link.go --- src/yggdrasil/admin.go | 15 +++---------- src/yggdrasil/link.go | 44 ++++++++++++++++++++++++++++++++------ src/yggdrasil/multicast.go | 2 +- src/yggdrasil/tcp.go | 25 ++++------------------ 4 files changed, 45 insertions(+), 41 deletions(-) diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index ae5b02a24..228c43c6c 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -573,18 +573,9 @@ func (a *admin) printInfos(infos []admin_nodeInfo) string { // addPeer triggers a connection attempt to a node. func (a *admin) addPeer(addr string, sintf string) error { - u, err := url.Parse(addr) - if err == nil { - switch strings.ToLower(u.Scheme) { - case "tcp": - a.core.link.tcp.connect(u.Host, sintf) - case "socks": - a.core.link.tcp.connectSOCKS(u.Host, u.Path[1:]) - default: - return errors.New("invalid peer: " + addr) - } - } else { - return errors.New("invalid peer: " + addr) + err := a.core.link.call(addr, sintf) + if err != nil { + return err } return nil } diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 4f7c6e1fd..cbbdb5e96 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "net" + "net/url" "strings" "sync" @@ -68,21 +69,20 @@ func (l *link) init(c *Core) error { } if err := l.awdl.init(l); err != nil { - l.core.log.Errorln("Failed to start AWDL interface") + c.log.Errorln("Failed to start AWDL interface") return err } go func() { for { e := <-l.reconfigure - tcpresponse := make(chan error) - awdlresponse := make(chan error) - l.tcp.reconfigure <- tcpresponse - l.awdl.reconfigure <- awdlresponse - if err := <-tcpresponse; err != nil { + response := make(chan error) + l.tcp.reconfigure <- response + if err := <-response; err != nil { e <- err } - if err := <-awdlresponse; err != nil { + l.awdl.reconfigure <- response + if err := <-response; err != nil { e <- err } e <- nil @@ -92,6 +92,36 @@ func (l *link) init(c *Core) error { return nil } +func (l *link) call(uri string, sintf string) error { + u, err := url.Parse(uri) + if err != nil { + return err + } + pathtokens := strings.Split(strings.Trim(u.Path, "/"), "/") + switch u.Scheme { + case "tcp": + l.tcp.call(u.Host, nil, sintf) + case "socks": + l.tcp.call(pathtokens[0], &u.Host, sintf) + default: + return errors.New("unknown call scheme: " + u.Scheme) + } + return nil +} + +func (l *link) listen(uri string) error { + u, err := url.Parse(uri) + if err != nil { + return err + } + switch u.Scheme { + case "tcp": + return l.tcp.listen(u.Host) + default: + return errors.New("unknown listen scheme: " + u.Scheme) + } +} + func (l *link) create(msgIO linkInterfaceMsgIO, name, linkType, local, remote string, incoming, force bool) (*linkInterface, error) { // Technically anything unique would work for names, but lets pick something human readable, just for debugging intf := linkInterface{ diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index f416ea26a..59f0eea5a 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -183,6 +183,6 @@ func (m *multicast) listen() { } addr.Zone = from.Zone saddr := addr.String() - m.core.link.tcp.connect(saddr, addr.Zone) + m.core.link.call("tcp://"+saddr, addr.Zone) } } diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index c0d568a53..74f14d8ac 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -64,16 +64,6 @@ func (t *tcp) getAddr() *net.TCPAddr { return nil } -// Attempts to initiate a connection to the provided address. -func (t *tcp) connect(addr string, intf string) { - t.call(addr, nil, intf) -} - -// Attempst to initiate a connection to the provided address, viathe provided socks proxy address. -func (t *tcp) connectSOCKS(socksaddr, peeraddr string) { - t.call(peeraddr, &socksaddr, "") -} - // Initializes the struct. func (t *tcp) init(l *link) error { t.link = l @@ -104,14 +94,6 @@ func (t *tcp) init(l *link) error { } for _, delete := range deleted { t.link.core.log.Warnln("Removing listener", delete, "not currently implemented") - /*t.mutex.Lock() - if listener, ok := t.listeners[delete]; ok { - listener.Close() - } - if listener, ok := t.listenerstops[delete]; ok { - listener <- true - } - t.mutex.Unlock()*/ } e <- nil } else { @@ -202,7 +184,7 @@ func (t *tcp) isAlreadyCalling(saddr string) bool { // If the dial is successful, it launches the handler. // When finished, it removes the outgoing call, so reconnection attempts can be made later. // This all happens in a separate goroutine that it spawns. -func (t *tcp) call(saddr string, socksaddr *string, sintf string) { +func (t *tcp) call(saddr string, options interface{}, sintf string) { go func() { callname := saddr if sintf != "" { @@ -224,12 +206,13 @@ func (t *tcp) call(saddr string, socksaddr *string, sintf string) { }() var conn net.Conn var err error - if socksaddr != nil { + socksaddr, issocks := options.(string) + if issocks { if sintf != "" { return } var dialer proxy.Dialer - dialer, err = proxy.SOCKS5("tcp", *socksaddr, nil, proxy.Direct) + dialer, err = proxy.SOCKS5("tcp", socksaddr, nil, proxy.Direct) if err != nil { return } From 2ef823e69c7fd25cb6f1b18e3d9ca7ac965e4a9d Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 4 Mar 2019 23:16:46 +0000 Subject: [PATCH 32/61] Fix deadlock when reconfiguring multicast --- src/yggdrasil/link.go | 13 ++++++++----- src/yggdrasil/tcp.go | 4 +++- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index cbbdb5e96..c4f52a382 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -76,14 +76,17 @@ func (l *link) init(c *Core) error { go func() { for { e := <-l.reconfigure - response := make(chan error) - l.tcp.reconfigure <- response - if err := <-response; err != nil { + tcpresponse := make(chan error) + awdlresponse := make(chan error) + l.tcp.reconfigure <- tcpresponse + if err := <-tcpresponse; err != nil { e <- err + continue } - l.awdl.reconfigure <- response - if err := <-response; err != nil { + l.awdl.reconfigure <- awdlresponse + if err := <-awdlresponse; err != nil { e <- err + continue } e <- nil } diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 74f14d8ac..80d9ccdbe 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -16,6 +16,7 @@ package yggdrasil import ( "context" + "errors" "fmt" "math/rand" "net" @@ -57,10 +58,10 @@ func (t *tcp) getAddr() *net.TCPAddr { // to multicast.go, which obviously is not great, but right now multicast.go // doesn't have the ability to send more than one address in a packet either t.mutex.Lock() + defer t.mutex.Unlock() for _, listener := range t.listeners { return listener.Addr().(*net.TCPAddr) } - t.mutex.Unlock() return nil } @@ -85,6 +86,7 @@ func (t *tcp) init(l *link) error { if len(added) > 0 || len(deleted) > 0 { for _, add := range added { if add[:6] != "tcp://" { + e <- errors.New("unknown scheme: " + add) continue } if err := t.listen(add[6:]); err != nil { From e71108dd26537ba3fffe6e228f160808d1c3785d Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Tue, 5 Mar 2019 09:16:44 +0000 Subject: [PATCH 33/61] Fix date in changelog.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c290c894..3aa0b8182 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,7 +25,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - in case of vulnerabilities. --> -## [0.3.3] - 2018-02-18 +## [0.3.3] - 2019-02-18 ### Added - Dynamic reconfiguration, which allows reloading the configuration file to make changes during runtime by sending a `SIGHUP` signal (note: this only works with `-useconffile` and not `-useconf` and currently reconfiguring TUN/TAP is not supported) - Support for building Yggdrasil as an iOS or Android framework if the appropriate tools (e.g. `gomobile`/`gobind` + SDKs) are available From a17d6d3a688b772cb0b725d7228174b4fba1e672 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Tue, 5 Mar 2019 17:37:26 +0000 Subject: [PATCH 34/61] Fix getTunTap (fixes #363) --- src/yggdrasil/admin.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index 62803395b..b42b2315e 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -173,9 +173,10 @@ func (a *admin) init(c *Core) { }) a.addHandler("getTunTap", []string{}, func(in admin_info) (r admin_info, e error) { defer func() { - recover() - r = admin_info{"none": admin_info{}} - e = nil + if err := recover(); err != nil { + r = admin_info{"none": admin_info{}} + e = nil + } }() return admin_info{ From 236692bdc42accdfecd43ffd6730df80f20a7a22 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Tue, 5 Mar 2019 17:55:46 +0000 Subject: [PATCH 35/61] Add getTunnelRouting and setTunnelRouting (fixes #362) --- src/yggdrasil/admin.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index b42b2315e..a7b5bd953 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -252,6 +252,23 @@ func (a *admin) init(c *Core) { }, errors.New("Failed to remove allowed key") } }) + a.addHandler("getTunnelRouting", []string{}, func(in admin_info) (admin_info, error) { + enabled := false + a.core.router.doAdmin(func() { + enabled = a.core.router.cryptokey.isEnabled() + }) + return admin_info{"enabled": enabled}, nil + }) + a.addHandler("setTunnelRouting", []string{"enabled"}, func(in admin_info) (admin_info, error) { + enabled := false + if e, ok := in["enabled"].(bool); ok { + enabled = e + } + a.core.router.doAdmin(func() { + a.core.router.cryptokey.setEnabled(enabled) + }) + return admin_info{"enabled": enabled}, nil + }) a.addHandler("addSourceSubnet", []string{"subnet"}, func(in admin_info) (admin_info, error) { var err error a.core.router.doAdmin(func() { From 26a952aa6c179831ec3de30fe58c8c3cbf49d9df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?William=20Wennerstr=C3=B6m?= Date: Tue, 5 Mar 2019 20:30:06 +0100 Subject: [PATCH 36/61] contrib/openrc: add init file for OpenRC --- contrib/openrc/yggdrasil | 49 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100755 contrib/openrc/yggdrasil diff --git a/contrib/openrc/yggdrasil b/contrib/openrc/yggdrasil new file mode 100755 index 000000000..fa819ed76 --- /dev/null +++ b/contrib/openrc/yggdrasil @@ -0,0 +1,49 @@ +#!/sbin/openrc-run + +description="An experiment in scalable routing as an encrypted IPv6 overlay network." + +CONFFILE="/etc/yggdrasil.conf" +pidfile="/run/${RC_SVCNAME}.pid" + +command="/usr/bin/yggdrasil" + +depend() { + use net dns logger +} + +start_pre() { + if [ ! -f "${CONFFILE}" ]; then + ebegin "Generating new configuration file into ${CONFFILE}" + if ! eval ${command} -genconf > ${CONFFILE}; then + eerror "Failed to generate configuration file" + exit 1 + fi + fi + + if [ ! -e /dev/net/tun ]; then + ebegin "Inserting TUN module" + + if ! modprobe tun; then + eerror "Failed to insert TUN kernel module" + exit 1 + fi + fi +} + +start() { + ebegin "Starting Yggdrasil" + start-stop-daemon --start --quiet \ + --pidfile "${pidfile}" \ + --make-pidfile \ + --background \ + --stdout /var/log/yggdrasil.stdout.log \ + --stderr /var/log/yggdrasil.stderr.log \ + --exec "${command}" -- -useconf < "${CONFFILE}" + eend $? +} + +stop() { + ebegin "Stopping Yggdrasil" + start-stop-daemon --stop --pidfile "${pidfile}" --exec "${command}" + eend $? +} From 1097c1c0c964ef1e9df95fd3a3321ef46be93485 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?William=20Wennerstr=C3=B6m?= Date: Tue, 5 Mar 2019 20:50:24 +0100 Subject: [PATCH 37/61] contrib/openrc: add reload command --- contrib/openrc/yggdrasil | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/contrib/openrc/yggdrasil b/contrib/openrc/yggdrasil index fa819ed76..3c8b09b8b 100755 --- a/contrib/openrc/yggdrasil +++ b/contrib/openrc/yggdrasil @@ -6,6 +6,7 @@ CONFFILE="/etc/yggdrasil.conf" pidfile="/run/${RC_SVCNAME}.pid" command="/usr/bin/yggdrasil" +extra_started_commands="reload" depend() { use net dns logger @@ -31,19 +32,25 @@ start_pre() { } start() { - ebegin "Starting Yggdrasil" + ebegin "Starting ${RC_SVCNAME}" start-stop-daemon --start --quiet \ --pidfile "${pidfile}" \ --make-pidfile \ --background \ --stdout /var/log/yggdrasil.stdout.log \ --stderr /var/log/yggdrasil.stderr.log \ - --exec "${command}" -- -useconf < "${CONFFILE}" + --exec "${command}" -- -useconffile "${CONFFILE}" + eend $? +} + +reload() { + ebegin "Reloading ${RC_SVCNAME}" + start-stop-daemon --signal HUP --pidfile "${pidfile}" eend $? } stop() { - ebegin "Stopping Yggdrasil" + ebegin "Stopping ${RC_SVCNAME}" start-stop-daemon --stop --pidfile "${pidfile}" --exec "${command}" eend $? } From 76dd1f6345ac2a151d4110d2c35625db5bb1e81c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?William=20Wennerstr=C3=B6m?= Date: Tue, 5 Mar 2019 22:27:51 +0100 Subject: [PATCH 38/61] contrib/openrc: I like symmetry --- contrib/openrc/yggdrasil | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/openrc/yggdrasil b/contrib/openrc/yggdrasil index 3c8b09b8b..4a2e0a139 100755 --- a/contrib/openrc/yggdrasil +++ b/contrib/openrc/yggdrasil @@ -23,7 +23,6 @@ start_pre() { if [ ! -e /dev/net/tun ]; then ebegin "Inserting TUN module" - if ! modprobe tun; then eerror "Failed to insert TUN kernel module" exit 1 From f4ccbe6c94fa2a49e8b54392d42f5a1c7879cebf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?William=20Wennerstr=C3=B6m?= Date: Wed, 6 Mar 2019 11:30:49 +0100 Subject: [PATCH 39/61] contrib/busybox-init: add reload and use -useconffile + Added reload command. + Use -useconffile instead, as it's required for reloading. --- contrib/busybox-init/S42yggdrasil | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/contrib/busybox-init/S42yggdrasil b/contrib/busybox-init/S42yggdrasil index d09c3a794..862efc257 100755 --- a/contrib/busybox-init/S42yggdrasil +++ b/contrib/busybox-init/S42yggdrasil @@ -34,8 +34,8 @@ start() { fi printf 'Starting yggdrasil: ' - if start-stop-daemon -S -b -x /usr/bin/yggdrasil \ - -- --useconf < "$CONFFILE"; then + if start-stop-daemon -S -q -b -x /usr/bin/yggdrasil \ + -- -useconffile "$CONFFILE"; then echo "OK" else echo "FAIL" @@ -51,20 +51,26 @@ stop() { fi } +reload() { + printf "Reloading yggdrasil: " + if start-stop-daemon -K -q -s HUP -x /usr/bin/yggdrasil; then + echo "OK" + else + echo "FAIL" + start + fi +} + restart() { stop start } -reload() { - restart -} - case "$1" in start|stop|restart|reload) "$1";; *) - echo "Usage: $0 {start|stop|restart}" + echo "Usage: $0 {start|stop|restart|reload}" exit 1 esac From de2aff27583c51cdc1a0bd428235f3c391519ffd Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 Mar 2019 11:06:13 +0000 Subject: [PATCH 40/61] Refactor multicast so that it creates a new TCP listener for each interface with LL addresses (so that it will not break if Listen is not set with a wildcard address) --- src/yggdrasil/link.go | 3 +- src/yggdrasil/multicast.go | 54 ++++++++++++++++++++------------- src/yggdrasil/tcp.go | 61 ++++++++++++++++++++------------------ 3 files changed, 68 insertions(+), 50 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index c4f52a382..07adbe845 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -119,7 +119,8 @@ func (l *link) listen(uri string) error { } switch u.Scheme { case "tcp": - return l.tcp.listen(u.Host) + _, err := l.tcp.listen(u.Host) + return err default: return errors.New("unknown listen scheme: " + u.Scheme) } diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index 59f0eea5a..401f6783c 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -5,7 +5,6 @@ import ( "fmt" "net" "regexp" - "sync" "time" "golang.org/x/net/ipv6" @@ -16,19 +15,16 @@ type multicast struct { reconfigure chan chan error sock *ipv6.PacketConn groupAddr string - myAddr *net.TCPAddr - myAddrMutex sync.RWMutex + listeners map[string]*tcpListener } func (m *multicast) init(core *Core) { m.core = core m.reconfigure = make(chan chan error, 1) + m.listeners = make(map[string]*tcpListener) go func() { for { e := <-m.reconfigure - m.myAddrMutex.Lock() - m.myAddr = m.core.link.tcp.getAddr() - m.myAddrMutex.Unlock() e <- nil } }() @@ -94,10 +90,12 @@ func (m *multicast) interfaces() []net.Interface { continue } for _, expr := range exprs { + // Compile each regular expression e, err := regexp.Compile(expr) if err != nil { panic(err) } + // Does the interface match the regular expression? Store it if so if e.MatchString(iface.Name) { interfaces = append(interfaces, iface) } @@ -107,10 +105,6 @@ func (m *multicast) interfaces() []net.Interface { } func (m *multicast) announce() { - var anAddr net.TCPAddr - m.myAddrMutex.Lock() - m.myAddr = m.core.link.tcp.getAddr() - m.myAddrMutex.Unlock() groupAddr, err := net.ResolveUDPAddr("udp6", m.groupAddr) if err != nil { panic(err) @@ -121,27 +115,47 @@ func (m *multicast) announce() { } for { for _, iface := range m.interfaces() { - m.sock.JoinGroup(&iface, groupAddr) + // Find interface addresses addrs, err := iface.Addrs() if err != nil { panic(err) } - m.myAddrMutex.RLock() - anAddr.Port = m.myAddr.Port - m.myAddrMutex.RUnlock() for _, addr := range addrs { addrIP, _, _ := net.ParseCIDR(addr.String()) + // Ignore IPv4 addresses if addrIP.To4() != nil { continue - } // IPv6 only + } + // Ignore non-link-local addresses if !addrIP.IsLinkLocalUnicast() { continue } - anAddr.IP = addrIP - anAddr.Zone = iface.Name - destAddr.Zone = iface.Name - msg := []byte(anAddr.String()) - m.sock.WriteTo(msg, nil, destAddr) + // Join the multicast group + m.sock.JoinGroup(&iface, groupAddr) + // Try and see if we already have a TCP listener for this interface + var listener *tcpListener + if _, ok := m.listeners[iface.Name]; !ok { + // No listener was found - let's create one + listenaddr := fmt.Sprintf("[%s%%%s]:0", addrIP, iface.Name) + if l, err := m.core.link.tcp.listen(listenaddr); err == nil { + // Store the listener so that we can stop it later if needed + listener = &tcpListener{ + listener: l, + stop: make(chan bool), + } + m.listeners[iface.Name] = listener + } + } else { + // An existing listener was found + listener = m.listeners[iface.Name] + } + // Get the listener details and construct the multicast beacon + lladdr := (*listener.listener).Addr().String() + if a, err := net.ResolveTCPAddr("tcp6", lladdr); err == nil { + destAddr.Zone = iface.Name + msg := []byte(a.String()) + m.sock.WriteTo(msg, nil, destAddr) + } break } time.Sleep(time.Second) diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 80d9ccdbe..652f5abe7 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -33,13 +33,17 @@ const tcp_ping_interval = (default_timeout * 2 / 3) // The TCP listener and information about active TCP connections, to avoid duplication. type tcp struct { - link *link - reconfigure chan chan error - mutex sync.Mutex // Protecting the below - listeners map[string]net.Listener - listenerstops map[string]chan bool - calls map[string]struct{} - conns map[linkInfo](chan struct{}) + link *link + reconfigure chan chan error + mutex sync.Mutex // Protecting the below + listeners map[string]*tcpListener + calls map[string]struct{} + conns map[linkInfo](chan struct{}) +} + +type tcpListener struct { + listener *net.Listener + stop chan bool } // Wrapper function to set additional options for specific connection types. @@ -60,7 +64,7 @@ func (t *tcp) getAddr() *net.TCPAddr { t.mutex.Lock() defer t.mutex.Unlock() for _, listener := range t.listeners { - return listener.Addr().(*net.TCPAddr) + return (*listener.listener).Addr().(*net.TCPAddr) } return nil } @@ -72,8 +76,7 @@ func (t *tcp) init(l *link) error { t.mutex.Lock() t.calls = make(map[string]struct{}) t.conns = make(map[linkInfo](chan struct{})) - t.listeners = make(map[string]net.Listener) - t.listenerstops = make(map[string]chan bool) + t.listeners = make(map[string]*tcpListener) t.mutex.Unlock() go func() { @@ -89,7 +92,7 @@ func (t *tcp) init(l *link) error { e <- errors.New("unknown scheme: " + add) continue } - if err := t.listen(add[6:]); err != nil { + if _, err := t.listen(add[6:]); err != nil { e <- err continue } @@ -110,7 +113,7 @@ func (t *tcp) init(l *link) error { if listenaddr[:6] != "tcp://" { continue } - if err := t.listen(listenaddr[6:]); err != nil { + if _, err := t.listen(listenaddr[6:]); err != nil { return err } } @@ -118,7 +121,7 @@ func (t *tcp) init(l *link) error { return nil } -func (t *tcp) listen(listenaddr string) error { +func (t *tcp) listen(listenaddr string) (*net.Listener, error) { var err error ctx := context.Background() @@ -127,36 +130,36 @@ func (t *tcp) listen(listenaddr string) error { } listener, err := lc.Listen(ctx, "tcp", listenaddr) if err == nil { + l := tcpListener{ + listener: &listener, + stop: make(chan bool, 1), + } t.mutex.Lock() - t.listeners[listenaddr] = listener - t.listenerstops[listenaddr] = make(chan bool, 1) + t.listeners[listenaddr[6:]] = &l t.mutex.Unlock() - go t.listener(listenaddr) - return nil + go t.listener(&l) + return &listener, nil } - return err + return nil, err } // Runs the listener, which spawns off goroutines for incoming connections. -func (t *tcp) listener(listenaddr string) { - t.mutex.Lock() - listener, ok1 := t.listeners[listenaddr] - listenerstop, ok2 := t.listenerstops[listenaddr] - t.mutex.Unlock() - if !ok1 || !ok2 { - t.link.core.log.Errorln("Tried to start TCP listener for", listenaddr, "which doesn't exist") +func (t *tcp) listener(listener *tcpListener) { + if listener == nil { return } - reallistenaddr := listener.Addr().String() - defer listener.Close() + reallistener := *listener.listener + reallistenaddr := reallistener.Addr().String() + stop := listener.stop + defer reallistener.Close() t.link.core.log.Infoln("Listening for TCP on:", reallistenaddr) accepted := make(chan bool) for { var sock net.Conn var err error go func() { - sock, err = listener.Accept() + sock, err = reallistener.Accept() accepted <- true }() select { @@ -166,7 +169,7 @@ func (t *tcp) listener(listenaddr string) { return } go t.handler(sock, true) - case <-listenerstop: + case <-stop: t.link.core.log.Errorln("Stopping TCP listener on:", reallistenaddr) return } From f4e17b9a9f10bab9292cddc4bd20f146d2582fa2 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 Mar 2019 12:07:33 +0000 Subject: [PATCH 41/61] Properly handle multicast interfaces going up and down --- src/yggdrasil/link.go | 8 +++---- src/yggdrasil/multicast.go | 37 ++++++++++++++++++---------- src/yggdrasil/tcp.go | 49 ++++++++++++++++++++++---------------- 3 files changed, 57 insertions(+), 37 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 07adbe845..a81b50d0a 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -261,11 +261,11 @@ func (intf *linkInterface) handler() error { // Now block until something is ready or the timer triggers keepalive traffic select { case <-tcpTimer.C: - intf.link.core.log.Debugf("Sending (legacy) keep-alive to %s: %s, source %s", + intf.link.core.log.Tracef("Sending (legacy) keep-alive to %s: %s, source %s", strings.ToUpper(intf.info.linkType), themString, intf.info.local) send(nil) case <-sendAck: - intf.link.core.log.Debugf("Sending ack to %s: %s, source %s", + intf.link.core.log.Tracef("Sending ack to %s: %s, source %s", strings.ToUpper(intf.info.linkType), themString, intf.info.local) send(nil) case msg := <-intf.peer.linkOut: @@ -280,7 +280,7 @@ func (intf *linkInterface) handler() error { case signalReady <- struct{}{}: default: } - //intf.link.core.log.Debugf("Sending packet to %s: %s, source %s", + //intf.link.core.log.Tracef("Sending packet to %s: %s, source %s", // strings.ToUpper(intf.info.linkType), themString, intf.info.local) } } @@ -331,7 +331,7 @@ func (intf *linkInterface) handler() error { sendTimerRunning = true } if !gotMsg { - intf.link.core.log.Debugf("Received ack from %s: %s, source %s", + intf.link.core.log.Tracef("Received ack from %s: %s, source %s", strings.ToUpper(intf.info.linkType), themString, intf.info.local) } case sentMsg, ok := <-signalSent: diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index 401f6783c..d4a03ff37 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -64,13 +64,13 @@ func (m *multicast) start() error { return nil } -func (m *multicast) interfaces() []net.Interface { +func (m *multicast) interfaces() map[string]net.Interface { // Get interface expressions from config m.core.configMutex.RLock() exprs := m.core.config.MulticastInterfaces m.core.configMutex.RUnlock() // Ask the system for network interfaces - var interfaces []net.Interface + interfaces := make(map[string]net.Interface) allifaces, err := net.Interfaces() if err != nil { panic(err) @@ -97,7 +97,7 @@ func (m *multicast) interfaces() []net.Interface { } // Does the interface match the regular expression? Store it if so if e.MatchString(iface.Name) { - interfaces = append(interfaces, iface) + interfaces[iface.Name] = iface } } } @@ -114,7 +114,10 @@ func (m *multicast) announce() { panic(err) } for { - for _, iface := range m.interfaces() { + interfaces := m.interfaces() + // Now that we have a list of valid interfaces from the operating system, + // we can start checking if we can send multicasts on them + for _, iface := range interfaces { // Find interface addresses addrs, err := iface.Addrs() if err != nil { @@ -134,23 +137,24 @@ func (m *multicast) announce() { m.sock.JoinGroup(&iface, groupAddr) // Try and see if we already have a TCP listener for this interface var listener *tcpListener - if _, ok := m.listeners[iface.Name]; !ok { + if l, ok := m.listeners[iface.Name]; !ok || l.listener == nil { // No listener was found - let's create one listenaddr := fmt.Sprintf("[%s%%%s]:0", addrIP, iface.Name) if l, err := m.core.link.tcp.listen(listenaddr); err == nil { + m.core.log.Debugln("Started multicasting on", iface.Name) // Store the listener so that we can stop it later if needed - listener = &tcpListener{ - listener: l, - stop: make(chan bool), - } - m.listeners[iface.Name] = listener + m.listeners[iface.Name] = l } } else { // An existing listener was found listener = m.listeners[iface.Name] } + // Make sure nothing above failed for some reason + if listener == nil { + continue + } // Get the listener details and construct the multicast beacon - lladdr := (*listener.listener).Addr().String() + lladdr := listener.listener.Addr().String() if a, err := net.ResolveTCPAddr("tcp6", lladdr); err == nil { destAddr.Zone = iface.Name msg := []byte(a.String()) @@ -160,7 +164,16 @@ func (m *multicast) announce() { } time.Sleep(time.Second) } - time.Sleep(time.Second) + // There might be interfaces that we configured listeners for but are no + // longer up - if that's the case then we should stop the listeners + for name, listener := range m.listeners { + if _, ok := interfaces[name]; !ok { + listener.stop <- true + delete(m.listeners, name) + m.core.log.Debugln("No longer multicasting on", name) + } + } + time.Sleep(time.Second * 5) } } diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 652f5abe7..f46dc56c1 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -42,7 +42,7 @@ type tcp struct { } type tcpListener struct { - listener *net.Listener + listener net.Listener stop chan bool } @@ -63,8 +63,8 @@ func (t *tcp) getAddr() *net.TCPAddr { // doesn't have the ability to send more than one address in a packet either t.mutex.Lock() defer t.mutex.Unlock() - for _, listener := range t.listeners { - return (*listener.listener).Addr().(*net.TCPAddr) + for _, l := range t.listeners { + return l.listener.Addr().(*net.TCPAddr) } return nil } @@ -121,7 +121,7 @@ func (t *tcp) init(l *link) error { return nil } -func (t *tcp) listen(listenaddr string) (*net.Listener, error) { +func (t *tcp) listen(listenaddr string) (*tcpListener, error) { var err error ctx := context.Background() @@ -131,37 +131,40 @@ func (t *tcp) listen(listenaddr string) (*net.Listener, error) { listener, err := lc.Listen(ctx, "tcp", listenaddr) if err == nil { l := tcpListener{ - listener: &listener, - stop: make(chan bool, 1), + listener: listener, + stop: make(chan bool), } - t.mutex.Lock() - t.listeners[listenaddr[6:]] = &l - t.mutex.Unlock() - go t.listener(&l) - return &listener, nil + go t.listener(&l, listenaddr[6:]) + return &l, nil } return nil, err } // Runs the listener, which spawns off goroutines for incoming connections. -func (t *tcp) listener(listener *tcpListener) { - if listener == nil { +func (t *tcp) listener(l *tcpListener, listenaddr string) { + if l == nil { return } - reallistener := *listener.listener - reallistenaddr := reallistener.Addr().String() - stop := listener.stop - defer reallistener.Close() - t.link.core.log.Infoln("Listening for TCP on:", reallistenaddr) + // Track the listener so that we can find it again in future + t.mutex.Lock() + t.listeners[listenaddr] = l + t.mutex.Unlock() + // And here we go! accepted := make(chan bool) + defer l.listener.Close() + t.link.core.log.Infoln("Listening for TCP on:", l.listener.Addr().String()) for { var sock net.Conn var err error + // Listen in a separate goroutine, as that way it does not block us from + // receiving "stop" events go func() { - sock, err = reallistener.Accept() + sock, err = l.listener.Accept() accepted <- true }() + // Wait for either an accepted connection, or a message telling us to stop + // the TCP listener select { case <-accepted: if err != nil { @@ -169,8 +172,12 @@ func (t *tcp) listener(listener *tcpListener) { return } go t.handler(sock, true) - case <-stop: - t.link.core.log.Errorln("Stopping TCP listener on:", reallistenaddr) + case <-l.stop: + t.link.core.log.Infoln("Stopping TCP listener on:", l.listener.Addr().String()) + l.listener.Close() + t.mutex.Lock() + delete(t.listeners, listenaddr) + t.mutex.Unlock() return } } From c0d5a8c0bd8e9de113edc01063f98b2665ca56a3 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 Mar 2019 12:09:57 +0000 Subject: [PATCH 42/61] Clean up old listeners first --- src/yggdrasil/multicast.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index d4a03ff37..0b913ed70 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -115,6 +115,15 @@ func (m *multicast) announce() { } for { interfaces := m.interfaces() + // There might be interfaces that we configured listeners for but are no + // longer up - if that's the case then we should stop the listeners + for name, listener := range m.listeners { + if _, ok := interfaces[name]; !ok { + listener.stop <- true + delete(m.listeners, name) + m.core.log.Debugln("No longer multicasting on", name) + } + } // Now that we have a list of valid interfaces from the operating system, // we can start checking if we can send multicasts on them for _, iface := range interfaces { @@ -164,15 +173,6 @@ func (m *multicast) announce() { } time.Sleep(time.Second) } - // There might be interfaces that we configured listeners for but are no - // longer up - if that's the case then we should stop the listeners - for name, listener := range m.listeners { - if _, ok := interfaces[name]; !ok { - listener.stop <- true - delete(m.listeners, name) - m.core.log.Debugln("No longer multicasting on", name) - } - } time.Sleep(time.Second * 5) } } From 531d9f39ca03fae52a397b8e1a87ba436574b132 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 Mar 2019 12:15:40 +0000 Subject: [PATCH 43/61] Fix multicast bug, set static multicast interval 15 seconds --- src/yggdrasil/multicast.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index 0b913ed70..50891bcb0 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -153,6 +153,7 @@ func (m *multicast) announce() { m.core.log.Debugln("Started multicasting on", iface.Name) // Store the listener so that we can stop it later if needed m.listeners[iface.Name] = l + listener = l } } else { // An existing listener was found @@ -171,9 +172,8 @@ func (m *multicast) announce() { } break } - time.Sleep(time.Second) } - time.Sleep(time.Second * 5) + time.Sleep(time.Second * 15) } } From 18ef28a4772e402785c48e5df59c0fb020563da4 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 Mar 2019 13:00:45 +0000 Subject: [PATCH 44/61] Fix default Listen config --- src/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/config.go b/src/config/config.go index 807ce25b5..28756f177 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -82,7 +82,7 @@ func GenerateConfig(isAutoconf bool) *NodeConfig { cfg.Listen = []string{"tcp://[::]:0"} } else { r1 := rand.New(rand.NewSource(time.Now().UnixNano())) - cfg.Listen = []string{fmt.Sprintf("[::]:%d", r1.Intn(65534-32768)+32768)} + cfg.Listen = []string{fmt.Sprintf("tcp://[::]:%d", r1.Intn(65534-32768)+32768)} } cfg.AdminListen = defaults.GetDefaults().DefaultAdminListen cfg.EncryptionPublicKey = hex.EncodeToString(bpub[:]) From b8cabf321276911bca9238726c67f7fe30560ee0 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 Mar 2019 16:40:48 +0000 Subject: [PATCH 45/61] Support removing Listen interfaces at runtime properly --- src/yggdrasil/multicast.go | 6 +++--- src/yggdrasil/tcp.go | 23 +++++++++++++++-------- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index 50891bcb0..1c67044ff 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -149,11 +149,11 @@ func (m *multicast) announce() { if l, ok := m.listeners[iface.Name]; !ok || l.listener == nil { // No listener was found - let's create one listenaddr := fmt.Sprintf("[%s%%%s]:0", addrIP, iface.Name) - if l, err := m.core.link.tcp.listen(listenaddr); err == nil { + if li, err := m.core.link.tcp.listen(listenaddr); err == nil { m.core.log.Debugln("Started multicasting on", iface.Name) // Store the listener so that we can stop it later if needed - m.listeners[iface.Name] = l - listener = l + m.listeners[iface.Name] = li + listener = li } } else { // An existing listener was found diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index f46dc56c1..0179c209f 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -16,7 +16,6 @@ package yggdrasil import ( "context" - "errors" "fmt" "math/rand" "net" @@ -87,18 +86,26 @@ func (t *tcp) init(l *link) error { deleted := util.Difference(t.link.core.configOld.Listen, t.link.core.config.Listen) t.link.core.configMutex.RUnlock() if len(added) > 0 || len(deleted) > 0 { - for _, add := range added { - if add[:6] != "tcp://" { - e <- errors.New("unknown scheme: " + add) + for _, a := range added { + if a[:6] != "tcp://" { continue } - if _, err := t.listen(add[6:]); err != nil { + if _, err := t.listen(a[6:]); err != nil { e <- err continue } } - for _, delete := range deleted { - t.link.core.log.Warnln("Removing listener", delete, "not currently implemented") + for _, d := range deleted { + if d[:6] != "tcp://" { + continue + } + t.mutex.Lock() + if listener, ok := t.listeners[d[6:]]; ok { + t.mutex.Unlock() + listener.stop <- true + } else { + t.mutex.Unlock() + } } e <- nil } else { @@ -134,7 +141,7 @@ func (t *tcp) listen(listenaddr string) (*tcpListener, error) { listener: listener, stop: make(chan bool), } - go t.listener(&l, listenaddr[6:]) + go t.listener(&l, listenaddr) return &l, nil } From ad7e392afe0236ec3d0c3e4353f615129c7515b0 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 Mar 2019 17:32:25 +0000 Subject: [PATCH 46/61] Fix getRoutes (#339) --- cmd/yggdrasilctl/main.go | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/cmd/yggdrasilctl/main.go b/cmd/yggdrasilctl/main.go index bbe3cd2e1..528006208 100644 --- a/cmd/yggdrasilctl/main.go +++ b/cmd/yggdrasilctl/main.go @@ -388,14 +388,18 @@ func main() { } } case "getroutes": - if _, ok := res["routes"]; !ok { - fmt.Println("No routes found") - } else if res["routes"] == nil { + if routes, ok := res["routes"].(map[string]interface{}); !ok { fmt.Println("No routes found") } else { - fmt.Println("Routes:") - for _, v := range res["routes"].([]interface{}) { - fmt.Println("-", v) + if res["routes"] == nil || len(routes) == 0 { + fmt.Println("No routes found") + } else { + fmt.Println("Routes:") + for k, v := range routes { + if pv, ok := v.(string); ok { + fmt.Println("-", k, " via ", pv) + } + } } } default: From 3bc3002fff885b892b5f7cb13ea63fe7740f578b Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 Mar 2019 17:37:48 +0000 Subject: [PATCH 47/61] Add handlers for setTunnelRouting/getTunnelRouting --- cmd/yggdrasilctl/main.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cmd/yggdrasilctl/main.go b/cmd/yggdrasilctl/main.go index 528006208..b8864dc3a 100644 --- a/cmd/yggdrasilctl/main.go +++ b/cmd/yggdrasilctl/main.go @@ -402,6 +402,16 @@ func main() { } } } + case "settunnelrouting": + fallthrough + case "gettunnelrouting": + if enabled, ok := res["enabled"].(bool); !ok { + fmt.Println("Tunnel routing is disabled") + } else if !enabled { + fmt.Println("Tunnel routing is disabled") + } else { + fmt.Println("Tunnel routing is enabled") + } default: if json, err := json.MarshalIndent(recv["response"], "", " "); err == nil { fmt.Println(string(json)) From 57eb6eaeb0c095d66ff4fa19912c81f820c2303a Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Wed, 6 Mar 2019 17:45:47 +0000 Subject: [PATCH 48/61] Clean up config package --- src/config/config.go | 11 +---------- src/config/i2p.go | 8 -------- src/config/tor.go | 8 -------- 3 files changed, 1 insertion(+), 26 deletions(-) delete mode 100644 src/config/i2p.go delete mode 100644 src/config/tor.go diff --git a/src/config/config.go b/src/config/config.go index 28756f177..3c8bbcc69 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -12,7 +12,7 @@ import ( // NodeConfig defines all configuration values needed to run a signle yggdrasil node type NodeConfig struct { - Listen []string `comment:"Listen address for peer connections. Default is to listen for all\nTCP connections over IPv4 and IPv6 with a random port."` + Listen []string `comment:"Listen addresses for peer connections. Default is to listen for all\nTCP connections over IPv4 and IPv6 with a random port."` AdminListen string `comment:"Listen address for admin connections. Default is to listen for local\nconnections either on TCP/9001 or a UNIX socket depending on your\nplatform. Use this value for yggdrasilctl -endpoint=X. To disable\nthe admin socket, use the value \"none\" instead."` Peers []string `comment:"List of connection strings for static peers in URI format, e.g.\ntcp://a.b.c.d:e or socks://a.b.c.d:e/f.g.h.i:j."` InterfacePeers map[string][]string `comment:"List of connection strings for static peers in URI format, arranged\nby source interface, e.g. { \"eth0\": [ tcp://a.b.c.d:e ] }. Note that\nSOCKS peerings will NOT be affected by this option and should go in\nthe \"Peers\" section instead."` @@ -30,13 +30,6 @@ type NodeConfig struct { SwitchOptions SwitchOptions `comment:"Advanced options for tuning the switch. Normally you will not need\nto edit these options."` NodeInfoPrivacy bool `comment:"By default, nodeinfo contains some defaults including the platform,\narchitecture and Yggdrasil version. These can help when surveying\nthe network and diagnosing network routing problems. Enabling\nnodeinfo privacy prevents this, so that only items specified in\n\"NodeInfo\" are sent back if specified."` NodeInfo map[string]interface{} `comment:"Optional node info. This must be a { \"key\": \"value\", ... } map\nor set as null. This is entirely optional but, if set, is visible\nto the whole network on request."` - //Net NetConfig `comment:"Extended options for connecting to peers over other networks."` -} - -// NetConfig defines network/proxy related configuration values -type NetConfig struct { - Tor TorConfig `comment:"Experimental options for configuring peerings over Tor."` - I2P I2PConfig `comment:"Experimental options for configuring peerings over I2P."` } // SessionFirewall controls the session firewall configuration @@ -71,8 +64,6 @@ type SwitchOptions struct { // isAutoconf is that the TCP and UDP ports will likely end up with different // port numbers. func GenerateConfig(isAutoconf bool) *NodeConfig { - // Create a new core. - //core := Core{} // Generate encryption keys. bpub, bpriv := crypto.NewBoxKeys() spub, spriv := crypto.NewSigKeys() diff --git a/src/config/i2p.go b/src/config/i2p.go deleted file mode 100644 index 0ee4a2b74..000000000 --- a/src/config/i2p.go +++ /dev/null @@ -1,8 +0,0 @@ -package config - -// I2PConfig is the configuration structure for i2p related configuration -type I2PConfig struct { - Keyfile string // private key file or empty string for ephemeral keys - Addr string // address of i2p api connector - Enabled bool -} diff --git a/src/config/tor.go b/src/config/tor.go deleted file mode 100644 index c169cbbe4..000000000 --- a/src/config/tor.go +++ /dev/null @@ -1,8 +0,0 @@ -package config - -// TorConfig is the configuration structure for Tor Proxy related values -type TorConfig struct { - OnionKeyfile string // hidden service private key for ADD_ONION (currently unimplemented) - ControlAddr string // tor control port address - Enabled bool -} From 02b1892cc583a554cb1a63f9db15790d17b3a092 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Thu, 7 Mar 2019 21:36:12 -0600 Subject: [PATCH 49/61] try to switch parents if a parent link is blocked --- src/yggdrasil/link.go | 1 + src/yggdrasil/switch.go | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index 6fc7687b1..253e077f3 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -309,6 +309,7 @@ func (intf *linkInterface) handler() error { case <-recvTimer.C: // We haven't received anything, so assume there's a problem and don't return this node to the switch until they start responding isAlive = false + intf.link.core.switchTable.blockPeer(intf.peer.port) case <-closeTimer.C: // We haven't received anything in a really long time, so things have died at the switch level and then some... // Just close the connection at this point... diff --git a/src/yggdrasil/switch.go b/src/yggdrasil/switch.go index bf6b9194e..1576ef53e 100644 --- a/src/yggdrasil/switch.go +++ b/src/yggdrasil/switch.go @@ -131,6 +131,7 @@ type peerInfo struct { faster map[switchPort]uint64 // Counter of how often a node is faster than the current parent, penalized extra if slower port switchPort // Interface number of this peer msg switchMsg // The wire switchMsg used + blocked bool // True if the link is blocked, used to avoid parenting a blocked link } // This is just a uint64 with a named type for clarity reasons. @@ -256,6 +257,29 @@ func (t *switchTable) cleanRoot() { } } +// Blocks and, if possible, unparents a peer +func (t *switchTable) blockPeer(port switchPort) { + t.mutex.Lock() + defer t.mutex.Unlock() + peer, isIn := t.data.peers[port] + if !isIn { + return + } + peer.blocked = true + t.data.peers[port] = peer + if port != t.parent { + return + } + t.parent = 0 + for _, info := range t.data.peers { + if info.port == port { + continue + } + t.unlockedHandleMsg(&info.msg, info.port, true) + } + t.unlockedHandleMsg(&peer.msg, peer.port, true) +} + // Removes a peer. // Must be called by the router mainLoop goroutine, e.g. call router.doAdmin with a lambda that calls this. // If the removed peer was this node's parent, it immediately tries to find a new parent. @@ -395,6 +419,7 @@ func (t *switchTable) unlockedHandleMsg(msg *switchMsg, fromPort switchPort, rep if reprocessing { sender.faster = oldSender.faster sender.time = oldSender.time + sender.blocked = oldSender.blocked } else { sender.faster = make(map[switchPort]uint64, len(oldSender.faster)) for port, peer := range t.data.peers { @@ -454,6 +479,11 @@ func (t *switchTable) unlockedHandleMsg(msg *switchMsg, fromPort switchPort, rep case sender.faster[t.parent] >= switch_faster_threshold: // The is reliably faster than the current parent. updateRoot = true + case !sender.blocked && oldParent.blocked: + // Replace a blocked parent + updateRoot = true + case reprocessing && sender.blocked && !oldParent.blocked: + // Don't replace an unblocked parent when reprocessing case reprocessing && sender.faster[t.parent] > oldParent.faster[sender.port]: // The sender seems to be reliably faster than the current parent, so switch to them instead. updateRoot = true From 917ca6c1c58696a13c58b4dc44a66644d1165d53 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 8 Mar 2019 10:26:46 +0000 Subject: [PATCH 50/61] Make changes based on review comments --- src/util/util.go | 2 +- src/yggdrasil/admin.go | 2 +- src/yggdrasil/awdl.go | 3 +-- src/yggdrasil/link.go | 2 +- src/yggdrasil/tcp.go | 38 ++++++++++++++++++++++++++------------ 5 files changed, 30 insertions(+), 17 deletions(-) diff --git a/src/util/util.go b/src/util/util.go index d669fa5e6..49e0207a1 100644 --- a/src/util/util.go +++ b/src/util/util.go @@ -87,7 +87,7 @@ func Difference(a, b []string) []string { mb[x] = true } for _, x := range a { - if _, ok := mb[x]; !ok { + if !mb[x] { ab = append(ab, x) } } diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index 8cb195e14..a0854f228 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -676,7 +676,7 @@ func (a *admin) getData_getPeers() []admin_nodeInfo { {"bytes_sent", atomic.LoadUint64(&p.bytesSent)}, {"bytes_recvd", atomic.LoadUint64(&p.bytesRecvd)}, {"proto", p.intf.info.linkType}, - {"endpoint", p.intf.info.remote}, + {"endpoint", p.intf.name}, {"box_pub_key", hex.EncodeToString(p.box[:])}, } peerInfos = append(peerInfos, info) diff --git a/src/yggdrasil/awdl.go b/src/yggdrasil/awdl.go index fe64e8bd7..5e8cce167 100644 --- a/src/yggdrasil/awdl.go +++ b/src/yggdrasil/awdl.go @@ -54,8 +54,7 @@ func (a *awdl) init(l *link) error { a.mutex.Unlock() go func() { - for { - e := <-a.reconfigure + for e := range a.reconfigure { e <- nil } }() diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index a81b50d0a..67ce5c17d 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -105,7 +105,7 @@ func (l *link) call(uri string, sintf string) error { case "tcp": l.tcp.call(u.Host, nil, sintf) case "socks": - l.tcp.call(pathtokens[0], &u.Host, sintf) + l.tcp.call(pathtokens[0], u.Host, sintf) default: return errors.New("unknown call scheme: " + u.Scheme) } diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 0179c209f..2a177c03d 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -159,7 +159,13 @@ func (t *tcp) listener(l *tcpListener, listenaddr string) { t.mutex.Unlock() // And here we go! accepted := make(chan bool) - defer l.listener.Close() + defer func() { + t.link.core.log.Infoln("Stopping TCP listener on:", l.listener.Addr().String()) + l.listener.Close() + t.mutex.Lock() + delete(t.listeners, listenaddr) + t.mutex.Unlock() + }() t.link.core.log.Infoln("Listening for TCP on:", l.listener.Addr().String()) for { var sock net.Conn @@ -178,13 +184,8 @@ func (t *tcp) listener(l *tcpListener, listenaddr string) { t.link.core.log.Errorln("Failed to accept connection:", err) return } - go t.handler(sock, true) + go t.handler(sock, true, nil) case <-l.stop: - t.link.core.log.Infoln("Stopping TCP listener on:", l.listener.Addr().String()) - l.listener.Close() - t.mutex.Lock() - delete(t.listeners, listenaddr) - t.mutex.Unlock() return } } @@ -230,8 +231,12 @@ func (t *tcp) call(saddr string, options interface{}, sintf string) { if sintf != "" { return } + dialerdst, er := net.ResolveTCPAddr("tcp", socksaddr) + if er != nil { + return + } var dialer proxy.Dialer - dialer, err = proxy.SOCKS5("tcp", socksaddr, nil, proxy.Direct) + dialer, err = proxy.SOCKS5("tcp", dialerdst.String(), nil, proxy.Direct) if err != nil { return } @@ -246,6 +251,7 @@ func (t *tcp) call(saddr string, options interface{}, sintf string) { addr: saddr, }, } + t.handler(conn, false, dialerdst.String()) } else { dialer := net.Dialer{ Control: t.tcpContext, @@ -302,12 +308,12 @@ func (t *tcp) call(saddr string, options interface{}, sintf string) { if err != nil { return } + t.handler(conn, false, nil) } - t.handler(conn, false) }() } -func (t *tcp) handler(sock net.Conn, incoming bool) { +func (t *tcp) handler(sock net.Conn, incoming bool, options interface{}) { defer sock.Close() t.setExtraOptions(sock) stream := stream{} @@ -315,8 +321,16 @@ func (t *tcp) handler(sock net.Conn, incoming bool) { local, _, _ := net.SplitHostPort(sock.LocalAddr().String()) remote, _, _ := net.SplitHostPort(sock.RemoteAddr().String()) remotelinklocal := net.ParseIP(remote).IsLinkLocalUnicast() - name := "tcp://" + sock.RemoteAddr().String() - link, err := t.link.core.link.create(&stream, name, "tcp", local, remote, incoming, remotelinklocal) + var name string + var proto string + if socksaddr, issocks := options.(string); issocks { + name = "socks://" + socksaddr + "/" + sock.RemoteAddr().String() + proto = "socks" + } else { + name = "tcp://" + sock.RemoteAddr().String() + proto = "tcp" + } + link, err := t.link.core.link.create(&stream, name, proto, local, remote, incoming, remotelinklocal) if err != nil { t.link.core.log.Println(err) panic(err) From 426d1570259dedec8d527b8c832b24b4829d4765 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Fri, 8 Mar 2019 18:51:07 -0600 Subject: [PATCH 51/61] make sure we don't replace an existing listener --- src/yggdrasil/tcp.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 2a177c03d..43ea44319 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -155,8 +155,14 @@ func (t *tcp) listener(l *tcpListener, listenaddr string) { } // Track the listener so that we can find it again in future t.mutex.Lock() - t.listeners[listenaddr] = l - t.mutex.Unlock() + if _, isIn := t.listeners[listenaddr]; isIn { + t.mutex.Unlock() + l.listener.Close() + return + } else { + t.listeners[listenaddr] = l + t.mutex.Unlock() + } // And here we go! accepted := make(chan bool) defer func() { From 03eec4b14d6dc42af4177176b2d8a6d3dfc5d160 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sat, 9 Mar 2019 09:24:52 +0000 Subject: [PATCH 52/61] Don't leak interface name via multicast, ensure zone is always correct when dialling link-local --- src/yggdrasil/multicast.go | 8 +++++--- src/yggdrasil/tcp.go | 18 ++++++++++++------ 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index 1c67044ff..bf4b2a74b 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -166,6 +166,7 @@ func (m *multicast) announce() { // Get the listener details and construct the multicast beacon lladdr := listener.listener.Addr().String() if a, err := net.ResolveTCPAddr("tcp6", lladdr); err == nil { + a.Zone = "" destAddr.Zone = iface.Name msg := []byte(a.String()) m.sock.WriteTo(msg, nil, destAddr) @@ -208,8 +209,9 @@ func (m *multicast) listen() { if addr.IP.String() != from.IP.String() { continue } - addr.Zone = from.Zone - saddr := addr.String() - m.core.link.call("tcp://"+saddr, addr.Zone) + addr.Zone = "" + if err := m.core.link.call("tcp://"+addr.String(), from.Zone); err != nil { + m.core.log.Debugln("Call from multicast failed:", err) + } } } diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 43ea44319..8b91457ae 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -259,6 +259,16 @@ func (t *tcp) call(saddr string, options interface{}, sintf string) { } t.handler(conn, false, dialerdst.String()) } else { + dst, err := net.ResolveTCPAddr("tcp", saddr) + if err != nil { + return + } + if dst.IP.IsLinkLocalUnicast() { + dst.Zone = sintf + if dst.Zone == "" { + return + } + } dialer := net.Dialer{ Control: t.tcpContext, } @@ -272,10 +282,6 @@ func (t *tcp) call(saddr string, options interface{}, sintf string) { } addrs, err := ief.Addrs() if err == nil { - dst, err := net.ResolveTCPAddr("tcp", saddr) - if err != nil { - return - } for addrindex, addr := range addrs { src, _, err := net.ParseCIDR(addr.String()) if err != nil { @@ -309,9 +315,9 @@ func (t *tcp) call(saddr string, options interface{}, sintf string) { } } } - - conn, err = dialer.Dial("tcp", saddr) + conn, err = dialer.Dial("tcp", dst.String()) if err != nil { + t.link.core.log.Debugln("Failed to dial TCP:", err) return } t.handler(conn, false, nil) From 00ad8e594e6d757a02caccc3638b44741c903cc4 Mon Sep 17 00:00:00 2001 From: Viktor Villainov Date: Sat, 9 Mar 2019 08:15:14 -0500 Subject: [PATCH 53/61] Add AppArmor profile --- contrib/apparmor/usr.bin.yggdrasil | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 contrib/apparmor/usr.bin.yggdrasil diff --git a/contrib/apparmor/usr.bin.yggdrasil b/contrib/apparmor/usr.bin.yggdrasil new file mode 100644 index 000000000..2d178d6c1 --- /dev/null +++ b/contrib/apparmor/usr.bin.yggdrasil @@ -0,0 +1,22 @@ +# Last Modified: Sat Mar 9 06:08:02 2019 +#include + +/usr/bin/yggdrasil { + #include + + capability net_admin, + + network inet stream, + network inet6 dgram, + network inet6 stream, + network netlink raw, + + /lib/x86_64-linux-gnu/ld-*.so mr, + /proc/sys/net/core/somaxconn r, + /dev/net/tun rw, + + /usr/bin/yggdrasil mr, + /etc/yggdrasil.conf rw, + /run/yggdrasil.sock rw, + +} From 98d66ed0480f47eb110362a3b85f5f261724b975 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sat, 9 Mar 2019 23:13:06 +0000 Subject: [PATCH 54/61] Update CHANGELOG.md --- CHANGELOG.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3aa0b8182..c43ca7f14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,31 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - in case of vulnerabilities. --> +## [0.3.4] - 2019-03-09 +### Added +- Support for multiple listeners (although currently only TCP listeners are supported) +- New multicast behaviour where each multicast interface is given it's own link-local listener and does not depend on the `Listen` configuration +- Blocking detection in the switch to avoid parenting a blocked peer +- Support for adding and removing listeners and multicast interfaces when reloading configuration during runtime +- Yggdrasil will now attempt to clean up UNIX admin sockets on startup if left behind by a previous crash +- Admin socket `getTunnelRouting` and `setTunnelRouting` calls for enabling and disabling crypto-key routing during runtime +- On macOS, Yggdrasil will now try to wake up AWDL on start-up when `awdl0` is a configured multicast interface + +### Changed +- The `Listen` configuration statement is now an array instead of a string +- The `Listen` configuration statement should now conform to the same formatting as peers with the protocol prefix, e.g. `tcp://[::]:0` +- Session workers are now non-blocking +- Multicast interval is now fixed at every 15 seconds and network interfaces are reevaluated for eligibility on each interval (where before the interval depended upon the number of configured multicast interfaces and evaluation only took place at startup) +- Dead connections are now closed in the link handler as opposed to the switch +- Peer forwarding is now prioritised instead of randomised + +### Fixed +- Admin socket `getTunTap` call now returns properly instead of claiming no interface is enabled in all cases +- Handling of `getRoutes` etc in `yggdrasilctl` is now working +- Local interface names are no longer leaked in multicast packets +- Link-local TCP connections, particularly those initiated because of multicast beacons, are now always correctly scoped for the target interface +- Yggdrasil now correctly responds to multicast interfaces going up and down during runtime + ## [0.3.3] - 2019-02-18 ### Added - Dynamic reconfiguration, which allows reloading the configuration file to make changes during runtime by sending a `SIGHUP` signal (note: this only works with `-useconffile` and not `-useconf` and currently reconfiguring TUN/TAP is not supported) From c7b4bfcef5ddb440ac7ab234609ac0ef89baa9b3 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Sat, 9 Mar 2019 18:08:26 -0600 Subject: [PATCH 55/61] misc fixes --- src/yggdrasil/link.go | 11 ++++++++++- src/yggdrasil/switch.go | 12 ++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go index b24c4cc66..9c9223b7f 100644 --- a/src/yggdrasil/link.go +++ b/src/yggdrasil/link.go @@ -234,6 +234,9 @@ func (intf *linkInterface) handler() error { signalReady := make(chan struct{}, 1) signalSent := make(chan bool, 1) sendAck := make(chan struct{}, 1) + sendBlocked := time.NewTimer(time.Second) + defer util.TimerStop(sendBlocked) + util.TimerStop(sendBlocked) go func() { defer close(signalReady) defer close(signalSent) @@ -241,7 +244,9 @@ func (intf *linkInterface) handler() error { tcpTimer := time.NewTimer(interval) // used for backwards compat with old tcp defer util.TimerStop(tcpTimer) send := func(bs []byte) { + sendBlocked.Reset(time.Second) intf.msgIO.writeMsg(bs) + util.TimerStop(sendBlocked) select { case signalSent <- len(bs) > 0: default: @@ -269,7 +274,7 @@ func (intf *linkInterface) handler() error { strings.ToUpper(intf.info.linkType), themString, intf.info.local) send(nil) case msg := <-intf.peer.linkOut: - intf.msgIO.writeMsg(msg) + send(msg) case msg, ok := <-out: if !ok { return @@ -360,6 +365,10 @@ func (intf *linkInterface) handler() error { intf.link.core.switchTable.idleIn <- intf.peer.port isReady = true } + case <-sendBlocked.C: + // We blocked while trying to send something + isReady = false + intf.link.core.switchTable.blockPeer(intf.peer.port) case <-sendTimer.C: // We haven't sent anything, so signal a send of a 0 packet to let them know we're alive select { diff --git a/src/yggdrasil/switch.go b/src/yggdrasil/switch.go index 1576ef53e..bff2ae39f 100644 --- a/src/yggdrasil/switch.go +++ b/src/yggdrasil/switch.go @@ -677,12 +677,12 @@ func (t *switchTable) handleIn(packet []byte, idle map[switchPort]struct{}) bool //nothing case coordLen < bestCoordLen: update = true - /* - case coordLen > bestCoordLen: - //nothing - case port < best.port: - update = true - */ + /* + case coordLen > bestCoordLen: + //nothing + case port < best.port: + update = true + */ default: //nothing } From 3c696c3e55fef4e58f6a60ebfc148ff349aa39b5 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Sat, 9 Mar 2019 19:27:52 -0600 Subject: [PATCH 56/61] use idle time in switch decisions to force it to try all links --- src/yggdrasil/switch.go | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/src/yggdrasil/switch.go b/src/yggdrasil/switch.go index bff2ae39f..490b15f35 100644 --- a/src/yggdrasil/switch.go +++ b/src/yggdrasil/switch.go @@ -646,7 +646,7 @@ func (t *switchTable) bestPortForCoords(coords []byte) switchPort { // Handle an incoming packet // Either send it to ourself, or to the first idle peer that's free // Returns true if the packet has been handled somehow, false if it should be queued -func (t *switchTable) handleIn(packet []byte, idle map[switchPort]struct{}) bool { +func (t *switchTable) handleIn(packet []byte, idle map[switchPort]time.Time) bool { coords := switch_getPacketCoords(packet) closer := t.getCloser(coords) if len(closer) == 0 { @@ -654,15 +654,13 @@ func (t *switchTable) handleIn(packet []byte, idle map[switchPort]struct{}) bool t.toRouter <- packet return true } - table := t.getTable() var best *peer var bestDist int - var bestCoordLen int + var bestTime time.Time ports := t.core.peers.getPorts() for port, dist := range closer { to := ports[port] - _, isIdle := idle[port] - coordLen := len(table.elems[port].locator.coords) + thisTime, isIdle := idle[port] var update bool switch { case to == nil: @@ -675,21 +673,15 @@ func (t *switchTable) handleIn(packet []byte, idle map[switchPort]struct{}) bool update = true case dist > bestDist: //nothing - case coordLen < bestCoordLen: + case thisTime.Before(bestTime): update = true - /* - case coordLen > bestCoordLen: - //nothing - case port < best.port: - update = true - */ default: //nothing } if update { best = to bestDist = dist - bestCoordLen = coordLen + bestTime = thisTime } } if best != nil { @@ -836,7 +828,7 @@ func (t *switchTable) doWorker() { }() t.queues.switchTable = t t.queues.bufs = make(map[string]switch_buffer) // Packets per PacketStreamID (string) - idle := make(map[switchPort]struct{}) // this is to deduplicate things + idle := make(map[switchPort]time.Time) // this is to deduplicate things for { //t.core.log.Debugf("Switch state: idle = %d, buffers = %d", len(idle), len(t.queues.bufs)) select { @@ -869,7 +861,7 @@ func (t *switchTable) doWorker() { // Try to find something to send to this peer if !t.handleIdle(port) { // Didn't find anything ready to send yet, so stay idle - idle[port] = struct{}{} + idle[port] = time.Now() } case f := <-t.admin: f() From f5c6c191ea6d52173716f77ab4204345d2c4f8ab Mon Sep 17 00:00:00 2001 From: Viktor Villainov Date: Sat, 9 Mar 2019 22:34:26 -0500 Subject: [PATCH 57/61] AppArmor: multiarch support and allow datagram transports --- contrib/apparmor/usr.bin.yggdrasil | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/apparmor/usr.bin.yggdrasil b/contrib/apparmor/usr.bin.yggdrasil index 2d178d6c1..e31a27b05 100644 --- a/contrib/apparmor/usr.bin.yggdrasil +++ b/contrib/apparmor/usr.bin.yggdrasil @@ -7,11 +7,12 @@ capability net_admin, network inet stream, + network inet dgram, network inet6 dgram, network inet6 stream, network netlink raw, - /lib/x86_64-linux-gnu/ld-*.so mr, + /lib/@{multiarch}/ld-*.so mr, /proc/sys/net/core/somaxconn r, /dev/net/tun rw, From 3c2cdfea1c14ca1099fe21387f0611a162d01f9c Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sun, 10 Mar 2019 18:05:27 +0000 Subject: [PATCH 58/61] Keep AWDL awake, or wake it up again after a minute if suspended for some reason (e.g. sleep) --- src/yggdrasil/multicast.go | 2 +- src/yggdrasil/multicast_darwin.go | 48 ++++++++++++++++++++++-------- src/yggdrasil/multicast_other.go | 2 +- src/yggdrasil/multicast_unix.go | 2 +- src/yggdrasil/multicast_windows.go | 2 +- 5 files changed, 39 insertions(+), 17 deletions(-) diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index bf4b2a74b..a29bbc7e8 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -57,7 +57,7 @@ func (m *multicast) start() error { // Windows can't set this flag, so we need to handle it in other ways } - m.multicastWake() + go m.multicastStarted() go m.listen() go m.announce() } diff --git a/src/yggdrasil/multicast_darwin.go b/src/yggdrasil/multicast_darwin.go index 66c18241d..536461131 100644 --- a/src/yggdrasil/multicast_darwin.go +++ b/src/yggdrasil/multicast_darwin.go @@ -6,24 +6,46 @@ package yggdrasil #cgo CFLAGS: -x objective-c #cgo LDFLAGS: -framework Foundation #import -void WakeUpAWDL() { - NSNetServiceBrowser *serviceBrowser; - - serviceBrowser = [[NSNetServiceBrowser alloc] init]; - serviceBrowser.includesPeerToPeer = YES; +NSNetServiceBrowser *serviceBrowser; +void StartAWDLBrowsing() { + if (serviceBrowser == nil) { + serviceBrowser = [[NSNetServiceBrowser alloc] init]; + serviceBrowser.includesPeerToPeer = YES; + } [serviceBrowser searchForServicesOfType:@"_yggdrasil._tcp" inDomain:@""]; } +void StopAWDLBrowsing() { + if (serviceBrowser == nil) { + return; + } + [serviceBrowser stop]; +} */ import "C" -import "syscall" -import "golang.org/x/sys/unix" - -func (m *multicast) multicastWake() { - for _, intf := range m.interfaces() { - if intf.Name == "awdl0" { - m.core.log.Infoln("Multicast discovery is waking up AWDL") - C.WakeUpAWDL() +import ( + "syscall" + "time" + + "golang.org/x/sys/unix" +) + +var awdlGoroutineStarted bool + +func (m *multicast) multicastStarted() { + if awdlGoroutineStarted { + return + } + m.core.log.Infoln("Multicast discovery will wake up AWDL if required") + awdlGoroutineStarted = true + for { + C.StopAWDLBrowsing() + for _, intf := range m.interfaces() { + if intf.Name == "awdl0" { + C.StartAWDLBrowsing() + break + } } + time.Sleep(time.Minute) } } diff --git a/src/yggdrasil/multicast_other.go b/src/yggdrasil/multicast_other.go index 043dd3ae7..e20bbda32 100644 --- a/src/yggdrasil/multicast_other.go +++ b/src/yggdrasil/multicast_other.go @@ -4,7 +4,7 @@ package yggdrasil import "syscall" -func (m *multicast) multicastWake() { +func (m *multicast) multicastStarted() { } diff --git a/src/yggdrasil/multicast_unix.go b/src/yggdrasil/multicast_unix.go index 4237481c7..3da1ab4e3 100644 --- a/src/yggdrasil/multicast_unix.go +++ b/src/yggdrasil/multicast_unix.go @@ -5,7 +5,7 @@ package yggdrasil import "syscall" import "golang.org/x/sys/unix" -func (m *multicast) multicastWake() { +func (m *multicast) multicastStarted() { } diff --git a/src/yggdrasil/multicast_windows.go b/src/yggdrasil/multicast_windows.go index 14c931295..3e07f6ccb 100644 --- a/src/yggdrasil/multicast_windows.go +++ b/src/yggdrasil/multicast_windows.go @@ -5,7 +5,7 @@ package yggdrasil import "syscall" import "golang.org/x/sys/windows" -func (m *multicast) multicastWake() { +func (m *multicast) multicastStarted() { } From 07822a74c7decd0adfbf125722df3972c6d293e1 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sun, 10 Mar 2019 18:32:10 +0000 Subject: [PATCH 59/61] Update CHANGELOG.md in preparation for v0.3.4 --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c43ca7f14..ae3b42cce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,7 +25,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - in case of vulnerabilities. --> -## [0.3.4] - 2019-03-09 +## [0.3.4] - 2019-03-12 ### Added - Support for multiple listeners (although currently only TCP listeners are supported) - New multicast behaviour where each multicast interface is given it's own link-local listener and does not depend on the `Listen` configuration @@ -33,7 +33,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Support for adding and removing listeners and multicast interfaces when reloading configuration during runtime - Yggdrasil will now attempt to clean up UNIX admin sockets on startup if left behind by a previous crash - Admin socket `getTunnelRouting` and `setTunnelRouting` calls for enabling and disabling crypto-key routing during runtime -- On macOS, Yggdrasil will now try to wake up AWDL on start-up when `awdl0` is a configured multicast interface +- On macOS, Yggdrasil will now try to wake up AWDL on start-up when `awdl0` is a configured multicast interface, to keep it awake after system sleep, and to stop waking it when no longer needed ### Changed - The `Listen` configuration statement is now an array instead of a string From 9d5ca85424ab25fb8244a6238c780a37e2847e1c Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sun, 10 Mar 2019 19:08:56 +0000 Subject: [PATCH 60/61] Add LinkLocalTCPPort option --- CHANGELOG.md | 1 + src/config/config.go | 1 + src/yggdrasil/multicast.go | 8 +++++++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ae3b42cce..b9ec85a32 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Yggdrasil will now attempt to clean up UNIX admin sockets on startup if left behind by a previous crash - Admin socket `getTunnelRouting` and `setTunnelRouting` calls for enabling and disabling crypto-key routing during runtime - On macOS, Yggdrasil will now try to wake up AWDL on start-up when `awdl0` is a configured multicast interface, to keep it awake after system sleep, and to stop waking it when no longer needed +- Added `LinkLocalTCPPort` option for controlling the port number that link-local TCP listeners will listen on by default when setting up `MulticastInterfaces` ### Changed - The `Listen` configuration statement is now an array instead of a string diff --git a/src/config/config.go b/src/config/config.go index 3c8bbcc69..dbccc7855 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -22,6 +22,7 @@ type NodeConfig struct { SigningPublicKey string `comment:"Your public signing key. You should not ordinarily need to share\nthis with anyone."` SigningPrivateKey string `comment:"Your private signing key. DO NOT share this with anyone!"` MulticastInterfaces []string `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."` + LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0."` IfName string `comment:"Local network interface name for TUN/TAP adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN/TAP."` IfTAPMode bool `comment:"Set local network interface to TAP mode rather than TUN mode if\nsupported by your platform - option will be ignored if not."` IfMTU int `comment:"Maximux Transmission Unit (MTU) size for your local TUN/TAP interface.\nDefault is the largest supported size for your platform. The lowest\npossible value is 1280."` diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index a29bbc7e8..dacad27ea 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -16,12 +16,16 @@ type multicast struct { sock *ipv6.PacketConn groupAddr string listeners map[string]*tcpListener + listenPort uint16 } func (m *multicast) init(core *Core) { m.core = core m.reconfigure = make(chan chan error, 1) m.listeners = make(map[string]*tcpListener) + m.core.configMutex.RLock() + m.listenPort = m.core.config.LinkLocalTCPPort + m.core.configMutex.RUnlock() go func() { for { e := <-m.reconfigure @@ -148,12 +152,14 @@ func (m *multicast) announce() { var listener *tcpListener if l, ok := m.listeners[iface.Name]; !ok || l.listener == nil { // No listener was found - let's create one - listenaddr := fmt.Sprintf("[%s%%%s]:0", addrIP, iface.Name) + listenaddr := fmt.Sprintf("[%s%%%s]:%d", addrIP, iface.Name, m.listenPort) if li, err := m.core.link.tcp.listen(listenaddr); err == nil { m.core.log.Debugln("Started multicasting on", iface.Name) // Store the listener so that we can stop it later if needed m.listeners[iface.Name] = li listener = li + } else { + m.core.log.Warnln("Not multicasting on", iface.Name, "due to error:", err) } } else { // An existing listener was found From ec19c479dd31ff342c808df711c50e07808401c9 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sun, 10 Mar 2019 19:17:03 +0000 Subject: [PATCH 61/61] Add comment about no reloading for LinkLocalTCPPort --- CHANGELOG.md | 2 +- src/config/config.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b9ec85a32..76a5d2d71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,7 +34,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Yggdrasil will now attempt to clean up UNIX admin sockets on startup if left behind by a previous crash - Admin socket `getTunnelRouting` and `setTunnelRouting` calls for enabling and disabling crypto-key routing during runtime - On macOS, Yggdrasil will now try to wake up AWDL on start-up when `awdl0` is a configured multicast interface, to keep it awake after system sleep, and to stop waking it when no longer needed -- Added `LinkLocalTCPPort` option for controlling the port number that link-local TCP listeners will listen on by default when setting up `MulticastInterfaces` +- Added `LinkLocalTCPPort` option for controlling the port number that link-local TCP listeners will listen on by default when setting up `MulticastInterfaces` (a node restart is currently required for changes to `LinkLocalTCPPort` to take effect - it cannot be updated by reloading config during runtime) ### Changed - The `Listen` configuration statement is now an array instead of a string diff --git a/src/config/config.go b/src/config/config.go index dbccc7855..270ce963d 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -22,7 +22,7 @@ type NodeConfig struct { SigningPublicKey string `comment:"Your public signing key. You should not ordinarily need to share\nthis with anyone."` SigningPrivateKey string `comment:"Your private signing key. DO NOT share this with anyone!"` MulticastInterfaces []string `comment:"Regular expressions for which interfaces multicast peer discovery\nshould be enabled on. If none specified, multicast peer discovery is\ndisabled. The default value is .* which uses all interfaces."` - LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0."` + LinkLocalTCPPort uint16 `comment:"The port number to be used for the link-local TCP listeners for the\nconfigured MulticastInterfaces. This option does not affect listeners\nspecified in the Listen option. Unless you plan to firewall link-local\ntraffic, it is best to leave this as the default value of 0. This\noption cannot currently be changed by reloading config during runtime."` IfName string `comment:"Local network interface name for TUN/TAP adapter, or \"auto\" to select\nan interface automatically, or \"none\" to run without TUN/TAP."` IfTAPMode bool `comment:"Set local network interface to TAP mode rather than TUN mode if\nsupported by your platform - option will be ignored if not."` IfMTU int `comment:"Maximux Transmission Unit (MTU) size for your local TUN/TAP interface.\nDefault is the largest supported size for your platform. The lowest\npossible value is 1280."`