2019-01-02 01:55:51 +01:00
|
|
|
/* SPDX-License-Identifier: MIT
|
2018-05-03 15:04:00 +02:00
|
|
|
*
|
2025-05-04 17:48:53 +02:00
|
|
|
* Copyright (C) 2017-2025 WireGuard LLC. All Rights Reserved.
|
2018-05-03 15:04:00 +02:00
|
|
|
*/
|
|
|
|
|
|
2019-03-03 04:04:41 +01:00
|
|
|
package device
|
2017-07-01 23:29:22 +02:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/binary"
|
2021-01-08 14:25:37 +01:00
|
|
|
"errors"
|
2017-07-01 23:29:22 +02:00
|
|
|
"net"
|
|
|
|
|
"sync"
|
|
|
|
|
"time"
|
2019-05-14 09:09:52 +02:00
|
|
|
|
|
|
|
|
"golang.org/x/net/ipv4"
|
|
|
|
|
"golang.org/x/net/ipv6"
|
2019-11-07 11:13:05 -05:00
|
|
|
"golang.zx2c4.com/wireguard/conn"
|
2017-07-01 23:29:22 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type QueueHandshakeElement struct {
|
2017-10-07 22:35:23 +02:00
|
|
|
msgType uint32
|
|
|
|
|
packet []byte
|
2019-11-07 11:13:05 -05:00
|
|
|
endpoint conn.Endpoint
|
2017-10-07 22:35:23 +02:00
|
|
|
buffer *[MaxMessageSize]byte
|
2017-07-01 23:29:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type QueueInboundElement struct {
|
2017-11-14 16:27:53 +01:00
|
|
|
buffer *[MaxMessageSize]byte
|
|
|
|
|
packet []byte
|
|
|
|
|
counter uint64
|
2018-05-13 18:23:40 +02:00
|
|
|
keypair *Keypair
|
2019-11-07 11:13:05 -05:00
|
|
|
endpoint conn.Endpoint
|
2017-07-01 23:29:22 +02:00
|
|
|
}
|
|
|
|
|
|
2023-10-02 14:48:28 -07:00
|
|
|
type QueueInboundElementsContainer struct {
|
|
|
|
|
sync.Mutex
|
|
|
|
|
elems []*QueueInboundElement
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-04 15:36:21 -08:00
|
|
|
// clearPointers clears elem fields that contain pointers.
|
|
|
|
|
// This makes the garbage collector's life easier and
|
|
|
|
|
// avoids accidentally keeping other objects around unnecessarily.
|
|
|
|
|
// It also reduces the possible collateral damage from use-after-free bugs.
|
|
|
|
|
func (elem *QueueInboundElement) clearPointers() {
|
|
|
|
|
elem.buffer = nil
|
|
|
|
|
elem.packet = nil
|
|
|
|
|
elem.keypair = nil
|
|
|
|
|
elem.endpoint = nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-07 22:27:03 +02:00
|
|
|
/* Called when a new authenticated message has been received
|
|
|
|
|
*
|
|
|
|
|
* NOTE: Not thread safe, but called by sequential receiver!
|
|
|
|
|
*/
|
|
|
|
|
func (peer *Peer) keepKeyFreshReceiving() {
|
2022-08-30 07:43:11 -07:00
|
|
|
if peer.timers.sentLastMinuteHandshake.Load() {
|
2018-05-07 22:27:03 +02:00
|
|
|
return
|
|
|
|
|
}
|
2018-05-13 23:14:43 +02:00
|
|
|
keypair := peer.keypairs.Current()
|
2019-06-03 15:46:46 -04:00
|
|
|
if keypair != nil && keypair.isInitiator && time.Since(keypair.created) > (RejectAfterTime-KeepaliveTimeout-RekeyTimeout) {
|
2022-08-30 07:43:11 -07:00
|
|
|
peer.timers.sentLastMinuteHandshake.Store(true)
|
2018-05-07 22:27:03 +02:00
|
|
|
peer.SendHandshakeInitiation(false)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-01 23:37:26 +01:00
|
|
|
/* Receives incoming datagrams for the device
|
|
|
|
|
*
|
|
|
|
|
* Every time the bind is updated a new routine is started for
|
|
|
|
|
* IPv4 and IPv6 (separately)
|
|
|
|
|
*/
|
2023-03-02 14:48:02 -08:00
|
|
|
func (device *Device) RoutineReceiveIncoming(maxBatchSize int, recv conn.ReceiveFunc) {
|
2021-04-09 17:21:35 -06:00
|
|
|
recvName := recv.PrettyName()
|
2018-05-01 16:59:13 +02:00
|
|
|
defer func() {
|
2021-04-09 17:21:35 -06:00
|
|
|
device.log.Verbosef("Routine: receive incoming %s - stopped", recvName)
|
2021-01-11 17:34:02 -08:00
|
|
|
device.queue.decryption.wg.Done()
|
2021-01-29 18:24:45 +01:00
|
|
|
device.queue.handshake.wg.Done()
|
2018-05-20 06:19:29 +02:00
|
|
|
device.net.stopping.Done()
|
2018-05-01 16:59:13 +02:00
|
|
|
}()
|
|
|
|
|
|
2021-04-09 17:21:35 -06:00
|
|
|
device.log.Verbosef("Routine: receive incoming %s - started", recvName)
|
2017-07-01 23:29:22 +02:00
|
|
|
|
2017-12-01 00:03:06 +01:00
|
|
|
// receive datagrams until conn is closed
|
|
|
|
|
|
|
|
|
|
var (
|
2023-03-13 17:55:05 +01:00
|
|
|
bufsArrs = make([]*[MaxMessageSize]byte, maxBatchSize)
|
|
|
|
|
bufs = make([][]byte, maxBatchSize)
|
2021-01-08 14:25:37 +01:00
|
|
|
err error
|
2023-03-02 14:48:02 -08:00
|
|
|
sizes = make([]int, maxBatchSize)
|
|
|
|
|
count int
|
|
|
|
|
endpoints = make([]conn.Endpoint, maxBatchSize)
|
2021-01-08 14:25:37 +01:00
|
|
|
deathSpiral int
|
2023-10-02 14:48:28 -07:00
|
|
|
elemsByPeer = make(map[*Peer]*QueueInboundElementsContainer, maxBatchSize)
|
2017-12-01 00:03:06 +01:00
|
|
|
)
|
|
|
|
|
|
2023-03-13 17:55:05 +01:00
|
|
|
for i := range bufsArrs {
|
|
|
|
|
bufsArrs[i] = device.GetMessageBuffer()
|
|
|
|
|
bufs[i] = bufsArrs[i][:]
|
2023-03-02 14:48:02 -08:00
|
|
|
}
|
2017-07-01 23:29:22 +02:00
|
|
|
|
2023-03-02 14:48:02 -08:00
|
|
|
defer func() {
|
|
|
|
|
for i := 0; i < maxBatchSize; i++ {
|
2023-03-13 17:55:05 +01:00
|
|
|
if bufsArrs[i] != nil {
|
|
|
|
|
device.PutMessageBuffer(bufsArrs[i])
|
2023-03-02 14:48:02 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
for {
|
2023-03-13 17:55:05 +01:00
|
|
|
count, err = recv(bufs, sizes, endpoints)
|
2017-12-01 00:03:06 +01:00
|
|
|
if err != nil {
|
2021-02-16 21:05:25 +01:00
|
|
|
if errors.Is(err, net.ErrClosed) {
|
2021-01-08 14:25:37 +01:00
|
|
|
return
|
|
|
|
|
}
|
2021-05-07 12:21:21 +02:00
|
|
|
device.log.Verbosef("Failed to receive %s packet: %v", recvName, err)
|
2021-03-30 12:36:59 -07:00
|
|
|
if neterr, ok := err.(net.Error); ok && !neterr.Temporary() {
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-01-08 14:25:37 +01:00
|
|
|
if deathSpiral < 10 {
|
|
|
|
|
deathSpiral++
|
|
|
|
|
time.Sleep(time.Second / 3)
|
|
|
|
|
continue
|
|
|
|
|
}
|
2017-12-01 00:03:06 +01:00
|
|
|
return
|
|
|
|
|
}
|
2021-01-08 14:25:37 +01:00
|
|
|
deathSpiral = 0
|
2017-11-11 15:43:55 +01:00
|
|
|
|
2023-03-02 14:48:02 -08:00
|
|
|
// handle each packet in the batch
|
|
|
|
|
for i, size := range sizes[:count] {
|
|
|
|
|
if size < MinMessageSize {
|
2017-08-07 15:25:04 +02:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-02 14:48:02 -08:00
|
|
|
// check size of packet
|
2017-08-07 15:25:04 +02:00
|
|
|
|
2023-03-13 17:55:05 +01:00
|
|
|
packet := bufsArrs[i][:size]
|
2023-03-02 14:48:02 -08:00
|
|
|
msgType := binary.LittleEndian.Uint32(packet[:4])
|
|
|
|
|
|
|
|
|
|
switch msgType {
|
|
|
|
|
|
|
|
|
|
// check if transport
|
|
|
|
|
|
|
|
|
|
case MessageTransportType:
|
|
|
|
|
|
|
|
|
|
// check size
|
|
|
|
|
|
|
|
|
|
if len(packet) < MessageTransportSize {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// lookup key pair
|
|
|
|
|
|
|
|
|
|
receiver := binary.LittleEndian.Uint32(
|
|
|
|
|
packet[MessageTransportOffsetReceiver:MessageTransportOffsetCounter],
|
|
|
|
|
)
|
|
|
|
|
value := device.indexTable.Lookup(receiver)
|
|
|
|
|
keypair := value.keypair
|
|
|
|
|
if keypair == nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// check keypair expiry
|
|
|
|
|
|
|
|
|
|
if keypair.created.Add(RejectAfterTime).Before(time.Now()) {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// create work element
|
|
|
|
|
peer := value.peer
|
|
|
|
|
elem := device.GetInboundElement()
|
|
|
|
|
elem.packet = packet
|
2023-03-13 17:55:05 +01:00
|
|
|
elem.buffer = bufsArrs[i]
|
2023-03-02 14:48:02 -08:00
|
|
|
elem.keypair = keypair
|
|
|
|
|
elem.endpoint = endpoints[i]
|
|
|
|
|
elem.counter = 0
|
|
|
|
|
|
|
|
|
|
elemsForPeer, ok := elemsByPeer[peer]
|
|
|
|
|
if !ok {
|
2023-10-02 14:48:28 -07:00
|
|
|
elemsForPeer = device.GetInboundElementsContainer()
|
|
|
|
|
elemsForPeer.Lock()
|
2023-03-02 14:48:02 -08:00
|
|
|
elemsByPeer[peer] = elemsForPeer
|
|
|
|
|
}
|
2023-10-02 14:48:28 -07:00
|
|
|
elemsForPeer.elems = append(elemsForPeer.elems, elem)
|
2023-03-13 17:55:05 +01:00
|
|
|
bufsArrs[i] = device.GetMessageBuffer()
|
|
|
|
|
bufs[i] = bufsArrs[i][:]
|
2023-03-02 14:48:02 -08:00
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
// otherwise it is a fixed size & handshake related packet
|
|
|
|
|
|
|
|
|
|
case MessageInitiationType:
|
|
|
|
|
if len(packet) != MessageInitiationSize {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case MessageResponseType:
|
|
|
|
|
if len(packet) != MessageResponseSize {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case MessageCookieReplyType:
|
|
|
|
|
if len(packet) != MessageCookieReplySize {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
device.log.Verbosef("Received message with unknown type")
|
2017-12-01 00:03:06 +01:00
|
|
|
continue
|
|
|
|
|
}
|
2017-08-07 15:25:04 +02:00
|
|
|
|
2021-01-29 18:24:45 +01:00
|
|
|
select {
|
|
|
|
|
case device.queue.handshake.c <- QueueHandshakeElement{
|
|
|
|
|
msgType: msgType,
|
2023-03-13 17:55:05 +01:00
|
|
|
buffer: bufsArrs[i],
|
2021-01-29 18:24:45 +01:00
|
|
|
packet: packet,
|
2023-03-02 14:48:02 -08:00
|
|
|
endpoint: endpoints[i],
|
2021-01-29 18:24:45 +01:00
|
|
|
}:
|
2023-03-13 17:55:05 +01:00
|
|
|
bufsArrs[i] = device.GetMessageBuffer()
|
|
|
|
|
bufs[i] = bufsArrs[i][:]
|
2021-01-29 18:24:45 +01:00
|
|
|
default:
|
2018-09-16 21:50:58 +02:00
|
|
|
}
|
2017-08-07 15:25:04 +02:00
|
|
|
}
|
2023-10-02 14:48:28 -07:00
|
|
|
for peer, elemsContainer := range elemsByPeer {
|
2023-03-02 14:48:02 -08:00
|
|
|
if peer.isRunning.Load() {
|
2023-10-02 14:48:28 -07:00
|
|
|
peer.queue.inbound.c <- elemsContainer
|
|
|
|
|
device.queue.decryption.c <- elemsContainer
|
2023-03-02 14:48:02 -08:00
|
|
|
} else {
|
2023-10-02 14:48:28 -07:00
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-03-02 14:48:02 -08:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutInboundElement(elem)
|
|
|
|
|
}
|
2023-10-02 14:48:28 -07:00
|
|
|
device.PutInboundElementsContainer(elemsContainer)
|
2023-03-02 14:48:02 -08:00
|
|
|
}
|
|
|
|
|
delete(elemsByPeer, peer)
|
|
|
|
|
}
|
2017-07-01 23:29:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-07 12:21:21 +02:00
|
|
|
func (device *Device) RoutineDecryption(id int) {
|
|
|
|
|
defer device.log.Verbosef("Routine: decryption worker %d - stopped", id)
|
|
|
|
|
device.log.Verbosef("Routine: decryption worker %d - started", id)
|
2017-07-06 15:43:55 +02:00
|
|
|
|
2023-10-02 14:48:28 -07:00
|
|
|
for elemsContainer := range device.queue.decryption.c {
|
|
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-10-02 14:41:04 -07:00
|
|
|
// split message into fields
|
|
|
|
|
counter := elem.packet[MessageTransportOffsetCounter:MessageTransportOffsetContent]
|
|
|
|
|
content := elem.packet[MessageTransportOffsetContent:]
|
2021-01-11 17:34:02 -08:00
|
|
|
|
2025-07-25 17:56:07 +08:00
|
|
|
// pass through content without decryption
|
2023-10-02 14:41:04 -07:00
|
|
|
elem.counter = binary.LittleEndian.Uint64(counter)
|
2025-07-25 17:56:07 +08:00
|
|
|
elem.packet = content
|
2021-01-11 17:34:02 -08:00
|
|
|
}
|
2023-10-02 14:48:28 -07:00
|
|
|
elemsContainer.Unlock()
|
2017-07-01 23:29:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-01 23:37:26 +01:00
|
|
|
/* Handles incoming packets related to handshake
|
2017-07-01 23:29:22 +02:00
|
|
|
*/
|
2021-05-07 12:21:21 +02:00
|
|
|
func (device *Device) RoutineHandshake(id int) {
|
2021-02-09 19:26:45 +01:00
|
|
|
defer func() {
|
2021-05-07 12:21:21 +02:00
|
|
|
device.log.Verbosef("Routine: handshake worker %d - stopped", id)
|
2021-02-09 19:26:45 +01:00
|
|
|
device.queue.encryption.wg.Done()
|
|
|
|
|
}()
|
2021-05-07 12:21:21 +02:00
|
|
|
device.log.Verbosef("Routine: handshake worker %d - started", id)
|
2017-07-01 23:29:22 +02:00
|
|
|
|
2021-01-29 18:24:45 +01:00
|
|
|
for elem := range device.queue.handshake.c {
|
2018-05-01 16:59:13 +02:00
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
// handle cookie fields and ratelimiting
|
2017-07-01 23:29:22 +02:00
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
switch elem.msgType {
|
|
|
|
|
|
|
|
|
|
case MessageCookieReplyType:
|
|
|
|
|
|
2017-08-14 17:09:25 +02:00
|
|
|
// unmarshal packet
|
|
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
var reply MessageCookieReply
|
2024-12-26 20:36:53 +01:00
|
|
|
err := reply.unmarshal(elem.packet)
|
2017-08-07 15:25:04 +02:00
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Failed to decode cookie reply")
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-08-07 15:25:04 +02:00
|
|
|
}
|
2017-08-14 17:09:25 +02:00
|
|
|
|
2018-01-26 22:52:32 +01:00
|
|
|
// lookup peer from index
|
2017-08-14 17:09:25 +02:00
|
|
|
|
2018-05-13 18:23:40 +02:00
|
|
|
entry := device.indexTable.Lookup(reply.Receiver)
|
2018-01-26 22:52:32 +01:00
|
|
|
|
2017-08-14 17:09:25 +02:00
|
|
|
if entry.peer == nil {
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-08-14 17:09:25 +02:00
|
|
|
}
|
2018-01-26 22:52:32 +01:00
|
|
|
|
|
|
|
|
// consume reply
|
|
|
|
|
|
2022-08-30 07:43:11 -07:00
|
|
|
if peer := entry.peer; peer.isRunning.Load() {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Receiving cookie response from %s", elem.endpoint.DstToString())
|
2018-12-19 00:35:53 +01:00
|
|
|
if !peer.cookieGenerator.ConsumeReply(&reply) {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Could not decrypt invalid cookie response")
|
2018-12-19 00:35:53 +01:00
|
|
|
}
|
2018-01-26 22:52:32 +01:00
|
|
|
}
|
|
|
|
|
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-08-07 15:25:04 +02:00
|
|
|
|
|
|
|
|
case MessageInitiationType, MessageResponseType:
|
|
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
// check mac fields and maybe ratelimit
|
2017-07-08 09:23:10 +02:00
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
if !device.cookieChecker.CheckMAC1(elem.packet) {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Received packet with invalid mac1")
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-07-08 09:23:10 +02:00
|
|
|
}
|
|
|
|
|
|
2017-11-17 17:25:45 +01:00
|
|
|
// endpoints destination address is the source of the datagram
|
|
|
|
|
|
2017-08-11 16:18:20 +02:00
|
|
|
if device.IsUnderLoad() {
|
2017-10-08 22:03:32 +02:00
|
|
|
|
|
|
|
|
// verify MAC2 field
|
|
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
if !device.cookieChecker.CheckMAC2(elem.packet, elem.endpoint.DstToBytes()) {
|
|
|
|
|
device.SendHandshakeCookie(&elem)
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-07-01 23:29:22 +02:00
|
|
|
}
|
2017-08-11 16:18:20 +02:00
|
|
|
|
2017-10-08 22:03:32 +02:00
|
|
|
// check ratelimiter
|
|
|
|
|
|
2018-02-02 16:40:14 +01:00
|
|
|
if !device.rate.limiter.Allow(elem.endpoint.DstIP()) {
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-07-07 13:47:09 +02:00
|
|
|
}
|
2017-07-01 23:29:22 +02:00
|
|
|
}
|
2017-08-07 15:25:04 +02:00
|
|
|
|
|
|
|
|
default:
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("Invalid packet ended up in the handshake queue")
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-08-07 15:25:04 +02:00
|
|
|
}
|
|
|
|
|
|
2017-12-01 23:37:26 +01:00
|
|
|
// handle handshake initiation/response content
|
2017-08-07 15:25:04 +02:00
|
|
|
|
|
|
|
|
switch elem.msgType {
|
|
|
|
|
case MessageInitiationType:
|
|
|
|
|
|
|
|
|
|
// unmarshal
|
|
|
|
|
|
|
|
|
|
var msg MessageInitiation
|
2024-12-26 20:36:53 +01:00
|
|
|
err := msg.unmarshal(elem.packet)
|
2017-08-07 15:25:04 +02:00
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("Failed to decode initiation message")
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-08-07 15:25:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// consume initiation
|
|
|
|
|
|
|
|
|
|
peer := device.ConsumeMessageInitiation(&msg)
|
|
|
|
|
if peer == nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Received invalid initiation message from %s", elem.endpoint.DstToString())
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-08-07 15:25:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// update timers
|
|
|
|
|
|
2018-05-07 22:27:03 +02:00
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketReceived()
|
2017-08-07 15:25:04 +02:00
|
|
|
|
|
|
|
|
// update endpoint
|
2018-05-26 02:59:26 +02:00
|
|
|
peer.SetEndpointFromPacket(elem.endpoint)
|
2017-08-07 15:25:04 +02:00
|
|
|
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - Received handshake initiation", peer)
|
2022-08-30 07:43:11 -07:00
|
|
|
peer.rxBytes.Add(uint64(len(elem.packet)))
|
2018-04-20 07:13:40 +02:00
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
peer.SendHandshakeResponse()
|
2017-08-07 15:25:04 +02:00
|
|
|
|
|
|
|
|
case MessageResponseType:
|
|
|
|
|
|
|
|
|
|
// unmarshal
|
|
|
|
|
|
|
|
|
|
var msg MessageResponse
|
2024-12-26 20:36:53 +01:00
|
|
|
err := msg.unmarshal(elem.packet)
|
2017-08-07 15:25:04 +02:00
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("Failed to decode response message")
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-08-07 15:25:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// consume response
|
|
|
|
|
|
|
|
|
|
peer := device.ConsumeMessageResponse(&msg)
|
|
|
|
|
if peer == nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Received invalid response message from %s", elem.endpoint.DstToString())
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2017-08-07 15:25:04 +02:00
|
|
|
}
|
|
|
|
|
|
2017-11-14 16:27:53 +01:00
|
|
|
// update endpoint
|
2018-05-26 02:59:26 +02:00
|
|
|
peer.SetEndpointFromPacket(elem.endpoint)
|
2017-11-14 16:27:53 +01:00
|
|
|
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - Received handshake response", peer)
|
2022-08-30 07:43:11 -07:00
|
|
|
peer.rxBytes.Add(uint64(len(elem.packet)))
|
2017-09-20 09:26:08 +02:00
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
// update timers
|
|
|
|
|
|
2018-05-07 22:27:03 +02:00
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketReceived()
|
2017-08-07 15:25:04 +02:00
|
|
|
|
2018-05-13 19:50:58 +02:00
|
|
|
// derive keypair
|
2017-08-07 15:25:04 +02:00
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
err = peer.BeginSymmetricSession()
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("%v - Failed to derive keypair: %v", peer, err)
|
2021-01-29 18:24:45 +01:00
|
|
|
goto skip
|
2018-05-07 22:27:03 +02:00
|
|
|
}
|
|
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
peer.timersSessionDerived()
|
2018-05-07 22:27:03 +02:00
|
|
|
peer.timersHandshakeComplete()
|
|
|
|
|
peer.SendKeepalive()
|
2017-08-07 15:25:04 +02:00
|
|
|
}
|
2021-01-29 18:24:45 +01:00
|
|
|
skip:
|
|
|
|
|
device.PutMessageBuffer(elem.buffer)
|
2017-07-01 23:29:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-02 14:48:02 -08:00
|
|
|
func (peer *Peer) RoutineSequentialReceiver(maxBatchSize int) {
|
2017-07-01 23:29:22 +02:00
|
|
|
device := peer.device
|
2018-04-18 20:29:48 +02:00
|
|
|
defer func() {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - Routine: sequential receiver - stopped", peer)
|
2021-01-29 14:54:11 +01:00
|
|
|
peer.stopping.Done()
|
2018-02-04 19:18:44 +01:00
|
|
|
}()
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - Routine: sequential receiver - started", peer)
|
2018-02-02 16:40:14 +01:00
|
|
|
|
2023-03-13 17:55:05 +01:00
|
|
|
bufs := make([][]byte, 0, maxBatchSize)
|
2023-03-02 14:48:02 -08:00
|
|
|
|
2023-10-02 14:48:28 -07:00
|
|
|
for elemsContainer := range peer.queue.inbound.c {
|
|
|
|
|
if elemsContainer == nil {
|
2021-02-08 13:02:52 -08:00
|
|
|
return
|
|
|
|
|
}
|
2023-10-02 14:48:28 -07:00
|
|
|
elemsContainer.Lock()
|
2023-11-07 15:24:21 -08:00
|
|
|
validTailPacket := -1
|
|
|
|
|
dataPacketReceived := false
|
2023-12-11 16:35:57 +01:00
|
|
|
rxBytesLen := uint64(0)
|
2023-11-07 15:24:21 -08:00
|
|
|
for i, elem := range elemsContainer.elems {
|
2023-03-02 14:48:02 -08:00
|
|
|
if elem.packet == nil {
|
|
|
|
|
// decryption failed
|
|
|
|
|
continue
|
2019-03-21 14:43:04 -06:00
|
|
|
}
|
|
|
|
|
|
2023-03-02 14:48:02 -08:00
|
|
|
if !elem.keypair.replayFilter.ValidateCounter(elem.counter, RejectAfterMessages) {
|
|
|
|
|
continue
|
2019-03-21 14:43:04 -06:00
|
|
|
}
|
|
|
|
|
|
2023-11-07 15:24:21 -08:00
|
|
|
validTailPacket = i
|
2023-03-02 14:48:02 -08:00
|
|
|
if peer.ReceivedWithKeypair(elem.keypair) {
|
2023-11-07 15:24:21 -08:00
|
|
|
peer.SetEndpointFromPacket(elem.endpoint)
|
2023-03-02 14:48:02 -08:00
|
|
|
peer.timersHandshakeComplete()
|
|
|
|
|
peer.SendStagedPackets()
|
|
|
|
|
}
|
2023-12-11 16:35:57 +01:00
|
|
|
rxBytesLen += uint64(len(elem.packet) + MinMessageSize)
|
2019-03-21 14:43:04 -06:00
|
|
|
|
2023-03-02 14:48:02 -08:00
|
|
|
if len(elem.packet) == 0 {
|
|
|
|
|
device.log.Verbosef("%v - Receiving keepalive packet", peer)
|
|
|
|
|
continue
|
|
|
|
|
}
|
2023-11-07 15:24:21 -08:00
|
|
|
dataPacketReceived = true
|
2023-03-02 14:48:02 -08:00
|
|
|
|
|
|
|
|
switch elem.packet[0] >> 4 {
|
|
|
|
|
case 4:
|
|
|
|
|
if len(elem.packet) < ipv4.HeaderLen {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
field := elem.packet[IPv4offsetTotalLength : IPv4offsetTotalLength+2]
|
|
|
|
|
length := binary.BigEndian.Uint16(field)
|
|
|
|
|
if int(length) > len(elem.packet) || int(length) < ipv4.HeaderLen {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
elem.packet = elem.packet[:length]
|
|
|
|
|
src := elem.packet[IPv4offsetSrc : IPv4offsetSrc+net.IPv4len]
|
|
|
|
|
if device.allowedips.Lookup(src) != peer {
|
|
|
|
|
device.log.Verbosef("IPv4 packet with disallowed source address from %v", peer)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case 6:
|
|
|
|
|
if len(elem.packet) < ipv6.HeaderLen {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
field := elem.packet[IPv6offsetPayloadLength : IPv6offsetPayloadLength+2]
|
|
|
|
|
length := binary.BigEndian.Uint16(field)
|
|
|
|
|
length += ipv6.HeaderLen
|
|
|
|
|
if int(length) > len(elem.packet) {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
elem.packet = elem.packet[:length]
|
|
|
|
|
src := elem.packet[IPv6offsetSrc : IPv6offsetSrc+net.IPv6len]
|
|
|
|
|
if device.allowedips.Lookup(src) != peer {
|
|
|
|
|
device.log.Verbosef("IPv6 packet with disallowed source address from %v", peer)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
device.log.Verbosef("Packet with invalid IP version from %v", peer)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-13 17:55:05 +01:00
|
|
|
bufs = append(bufs, elem.buffer[:MessageTransportOffsetContent+len(elem.packet)])
|
2020-09-21 15:17:16 -07:00
|
|
|
}
|
2023-12-11 16:35:57 +01:00
|
|
|
|
|
|
|
|
peer.rxBytes.Add(rxBytesLen)
|
2023-11-07 15:24:21 -08:00
|
|
|
if validTailPacket >= 0 {
|
|
|
|
|
peer.SetEndpointFromPacket(elemsContainer.elems[validTailPacket].endpoint)
|
|
|
|
|
peer.keepKeyFreshReceiving()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketReceived()
|
|
|
|
|
}
|
|
|
|
|
if dataPacketReceived {
|
|
|
|
|
peer.timersDataReceived()
|
|
|
|
|
}
|
2023-03-13 17:55:05 +01:00
|
|
|
if len(bufs) > 0 {
|
|
|
|
|
_, err := device.tun.device.Write(bufs, MessageTransportOffsetContent)
|
2023-03-02 14:48:02 -08:00
|
|
|
if err != nil && !device.isClosed() {
|
|
|
|
|
device.log.Errorf("Failed to write packets to TUN device: %v", err)
|
2019-07-01 15:23:24 +02:00
|
|
|
}
|
2019-03-21 14:43:04 -06:00
|
|
|
}
|
2023-10-02 14:48:28 -07:00
|
|
|
for _, elem := range elemsContainer.elems {
|
2023-03-02 14:48:02 -08:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutInboundElement(elem)
|
|
|
|
|
}
|
2023-03-13 17:55:05 +01:00
|
|
|
bufs = bufs[:0]
|
2023-10-02 14:48:28 -07:00
|
|
|
device.PutInboundElementsContainer(elemsContainer)
|
2017-07-01 23:29:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
