2019-01-02 01:55:51 +01:00
|
|
|
/* SPDX-License-Identifier: MIT
|
2018-05-03 15:04:00 +02:00
|
|
|
*
|
2021-01-28 17:52:15 +01:00
|
|
|
* Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
|
2018-05-03 15:04:00 +02:00
|
|
|
*/
|
|
|
|
|
|
2019-03-03 04:04:41 +01:00
|
|
|
package device
|
2017-06-26 13:14:02 +02:00
|
|
|
|
|
|
|
|
import (
|
2018-05-07 22:27:03 +02:00
|
|
|
"bytes"
|
2017-06-26 22:07:29 +02:00
|
|
|
"encoding/binary"
|
2017-06-26 13:14:02 +02:00
|
|
|
"net"
|
|
|
|
|
"sync"
|
2017-06-30 14:41:08 +02:00
|
|
|
"sync/atomic"
|
|
|
|
|
"time"
|
2019-05-14 09:09:52 +02:00
|
|
|
|
|
|
|
|
"golang.org/x/crypto/chacha20poly1305"
|
|
|
|
|
"golang.org/x/net/ipv4"
|
|
|
|
|
"golang.org/x/net/ipv6"
|
2017-06-26 13:14:02 +02:00
|
|
|
)
|
|
|
|
|
|
2017-12-01 23:37:26 +01:00
|
|
|
/* Outbound flow
|
2017-06-26 13:14:02 +02:00
|
|
|
*
|
|
|
|
|
* 1. TUN queue
|
2017-06-28 23:45:45 +02:00
|
|
|
* 2. Routing (sequential)
|
|
|
|
|
* 3. Nonce assignment (sequential)
|
|
|
|
|
* 4. Encryption (parallel)
|
|
|
|
|
* 5. Transmission (sequential)
|
2017-06-26 13:14:02 +02:00
|
|
|
*
|
2017-12-01 23:37:26 +01:00
|
|
|
* The functions in this file occur (roughly) in the order in
|
|
|
|
|
* which the packets are processed.
|
|
|
|
|
*
|
|
|
|
|
* Locking, Producers and Consumers
|
|
|
|
|
*
|
|
|
|
|
* The order of packets (per peer) must be maintained,
|
|
|
|
|
* but encryption of packets happen out-of-order:
|
|
|
|
|
*
|
|
|
|
|
* The sequential consumers will attempt to take the lock,
|
2017-07-13 14:32:40 +02:00
|
|
|
* workers release lock when they have completed work (encryption) on the packet.
|
2017-07-06 15:43:55 +02:00
|
|
|
*
|
|
|
|
|
* If the element is inserted into the "encryption queue",
|
2017-12-01 23:37:26 +01:00
|
|
|
* the content is preceded by enough "junk" to contain the transport header
|
2017-07-07 13:47:09 +02:00
|
|
|
* (to allow the construction of transport messages in-place)
|
2017-06-28 23:45:45 +02:00
|
|
|
*/
|
2017-12-01 23:37:26 +01:00
|
|
|
|
2017-06-28 23:45:45 +02:00
|
|
|
type QueueOutboundElement struct {
|
2019-01-03 19:04:00 +01:00
|
|
|
sync.Mutex
|
2017-07-14 14:25:18 +02:00
|
|
|
buffer *[MaxMessageSize]byte // slice holding the packet data
|
2017-09-09 15:03:01 +02:00
|
|
|
packet []byte // slice of "buffer" (always!)
|
2017-07-14 14:25:18 +02:00
|
|
|
nonce uint64 // nonce for encryption
|
2018-05-13 19:50:58 +02:00
|
|
|
keypair *Keypair // keypair for encryption
|
2017-07-14 14:25:18 +02:00
|
|
|
peer *Peer // related peer
|
2017-06-26 13:14:02 +02:00
|
|
|
}
|
|
|
|
|
|
2017-07-06 15:43:55 +02:00
|
|
|
func (device *Device) NewOutboundElement() *QueueOutboundElement {
|
2018-09-22 06:29:02 +02:00
|
|
|
elem := device.GetOutboundElement()
|
|
|
|
|
elem.buffer = device.GetMessageBuffer()
|
2019-01-03 19:04:00 +01:00
|
|
|
elem.Mutex = sync.Mutex{}
|
2018-09-22 06:29:02 +02:00
|
|
|
elem.nonce = 0
|
2020-12-04 15:36:21 -08:00
|
|
|
// keypair and peer were cleared (if necessary) by clearPointers.
|
|
|
|
|
return elem
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// clearPointers clears elem fields that contain pointers.
|
|
|
|
|
// This makes the garbage collector's life easier and
|
|
|
|
|
// avoids accidentally keeping other objects around unnecessarily.
|
|
|
|
|
// It also reduces the possible collateral damage from use-after-free bugs.
|
|
|
|
|
func (elem *QueueOutboundElement) clearPointers() {
|
|
|
|
|
elem.buffer = nil
|
|
|
|
|
elem.packet = nil
|
2018-09-22 06:29:02 +02:00
|
|
|
elem.keypair = nil
|
|
|
|
|
elem.peer = nil
|
2017-06-26 13:14:02 +02:00
|
|
|
}
|
|
|
|
|
|
2018-05-07 22:27:03 +02:00
|
|
|
/* Queues a keepalive if no packets are queued for peer
|
|
|
|
|
*/
|
2021-01-27 18:13:53 +01:00
|
|
|
func (peer *Peer) SendKeepalive() {
|
2021-01-29 14:54:11 +01:00
|
|
|
if len(peer.queue.staged) == 0 && peer.isRunning.Get() {
|
|
|
|
|
elem := peer.device.NewOutboundElement()
|
|
|
|
|
select {
|
|
|
|
|
case peer.queue.staged <- elem:
|
|
|
|
|
peer.device.log.Verbosef("%v - Sending keepalive packet", peer)
|
|
|
|
|
default:
|
|
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
|
|
|
|
}
|
2018-05-07 22:27:03 +02:00
|
|
|
}
|
2021-01-27 18:13:53 +01:00
|
|
|
peer.SendStagedPackets()
|
2018-05-07 22:27:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
|
|
|
|
|
if !isRetry {
|
2018-05-20 06:50:07 +02:00
|
|
|
atomic.StoreUint32(&peer.timers.handshakeAttempts, 0)
|
2018-05-07 22:27:03 +02:00
|
|
|
}
|
|
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
peer.handshake.mutex.RLock()
|
2019-06-03 15:46:46 -04:00
|
|
|
if time.Since(peer.handshake.lastSentHandshake) < RekeyTimeout {
|
2018-05-13 23:14:43 +02:00
|
|
|
peer.handshake.mutex.RUnlock()
|
2018-05-07 22:27:03 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
2018-05-13 23:14:43 +02:00
|
|
|
peer.handshake.mutex.RUnlock()
|
2018-05-07 22:27:03 +02:00
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
peer.handshake.mutex.Lock()
|
2019-06-03 15:46:46 -04:00
|
|
|
if time.Since(peer.handshake.lastSentHandshake) < RekeyTimeout {
|
2018-05-13 23:14:43 +02:00
|
|
|
peer.handshake.mutex.Unlock()
|
|
|
|
|
return nil
|
2018-05-07 22:27:03 +02:00
|
|
|
}
|
2018-05-13 23:14:43 +02:00
|
|
|
peer.handshake.lastSentHandshake = time.Now()
|
|
|
|
|
peer.handshake.mutex.Unlock()
|
2018-05-07 22:27:03 +02:00
|
|
|
|
2021-01-26 23:05:48 +01:00
|
|
|
peer.device.log.Verbosef("%v - Sending handshake initiation", peer)
|
2018-05-07 22:27:03 +02:00
|
|
|
|
2018-05-13 23:14:43 +02:00
|
|
|
msg, err := peer.device.CreateMessageInitiation(peer)
|
|
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
peer.device.log.Errorf("%v - Failed to create initiation message: %v", peer, err)
|
2018-05-13 23:14:43 +02:00
|
|
|
return err
|
|
|
|
|
}
|
2018-05-07 22:27:03 +02:00
|
|
|
|
|
|
|
|
var buff [MessageInitiationSize]byte
|
|
|
|
|
writer := bytes.NewBuffer(buff[:0])
|
|
|
|
|
binary.Write(writer, binary.LittleEndian, msg)
|
|
|
|
|
packet := writer.Bytes()
|
2018-05-13 23:14:43 +02:00
|
|
|
peer.cookieGenerator.AddMacs(packet)
|
2018-05-07 22:27:03 +02:00
|
|
|
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
2018-05-19 01:19:53 +02:00
|
|
|
peer.timersAnyAuthenticatedPacketSent()
|
2018-05-13 23:14:43 +02:00
|
|
|
|
|
|
|
|
err = peer.SendBuffer(packet)
|
|
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
peer.device.log.Errorf("%v - Failed to send handshake initiation: %v", peer, err)
|
2018-05-13 23:14:43 +02:00
|
|
|
}
|
2018-05-07 22:27:03 +02:00
|
|
|
peer.timersHandshakeInitiated()
|
2018-05-13 23:14:43 +02:00
|
|
|
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) SendHandshakeResponse() error {
|
|
|
|
|
peer.handshake.mutex.Lock()
|
|
|
|
|
peer.handshake.lastSentHandshake = time.Now()
|
|
|
|
|
peer.handshake.mutex.Unlock()
|
|
|
|
|
|
2021-01-26 23:05:48 +01:00
|
|
|
peer.device.log.Verbosef("%v - Sending handshake response", peer)
|
2018-05-13 23:14:43 +02:00
|
|
|
|
|
|
|
|
response, err := peer.device.CreateMessageResponse(peer)
|
|
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
peer.device.log.Errorf("%v - Failed to create response message: %v", peer, err)
|
2018-05-13 23:14:43 +02:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var buff [MessageResponseSize]byte
|
|
|
|
|
writer := bytes.NewBuffer(buff[:0])
|
|
|
|
|
binary.Write(writer, binary.LittleEndian, response)
|
|
|
|
|
packet := writer.Bytes()
|
|
|
|
|
peer.cookieGenerator.AddMacs(packet)
|
|
|
|
|
|
|
|
|
|
err = peer.BeginSymmetricSession()
|
|
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
peer.device.log.Errorf("%v - Failed to derive keypair: %v", peer, err)
|
2018-05-13 23:14:43 +02:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
peer.timersSessionDerived()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
2018-05-19 01:19:53 +02:00
|
|
|
peer.timersAnyAuthenticatedPacketSent()
|
2018-05-13 23:14:43 +02:00
|
|
|
|
|
|
|
|
err = peer.SendBuffer(packet)
|
|
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
peer.device.log.Errorf("%v - Failed to send handshake response: %v", peer, err)
|
2018-05-13 23:14:43 +02:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Sending cookie response for denied handshake message for %v", initiatingElem.endpoint.DstToString())
|
2018-05-13 23:14:43 +02:00
|
|
|
|
|
|
|
|
sender := binary.LittleEndian.Uint32(initiatingElem.packet[4:8])
|
|
|
|
|
reply, err := device.cookieChecker.CreateReply(initiatingElem.packet, sender, initiatingElem.endpoint.DstToBytes())
|
|
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("Failed to create cookie reply: %v", err)
|
2018-05-13 23:14:43 +02:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var buff [MessageCookieReplySize]byte
|
|
|
|
|
writer := bytes.NewBuffer(buff[:0])
|
|
|
|
|
binary.Write(writer, binary.LittleEndian, reply)
|
|
|
|
|
device.net.bind.Send(writer.Bytes(), initiatingElem.endpoint)
|
2019-10-21 11:46:54 +02:00
|
|
|
return nil
|
2018-05-07 22:27:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) keepKeyFreshSending() {
|
2018-05-13 23:14:43 +02:00
|
|
|
keypair := peer.keypairs.Current()
|
|
|
|
|
if keypair == nil {
|
2018-05-07 22:27:03 +02:00
|
|
|
return
|
|
|
|
|
}
|
2018-05-13 23:14:43 +02:00
|
|
|
nonce := atomic.LoadUint64(&keypair.sendNonce)
|
2019-06-03 15:46:46 -04:00
|
|
|
if nonce > RekeyAfterMessages || (keypair.isInitiator && time.Since(keypair.created) > RekeyAfterTime) {
|
2018-05-07 22:27:03 +02:00
|
|
|
peer.SendHandshakeInitiation(false)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-28 23:45:45 +02:00
|
|
|
/* Reads packets from the TUN and inserts
|
2021-01-27 18:13:53 +01:00
|
|
|
* into staged queue for peer
|
2017-06-26 13:14:02 +02:00
|
|
|
*
|
2017-06-28 23:45:45 +02:00
|
|
|
* Obs. Single instance per TUN device
|
2017-06-26 13:14:02 +02:00
|
|
|
*/
|
2017-08-04 16:15:53 +02:00
|
|
|
func (device *Device) RoutineReadFromTUN() {
|
2018-05-01 16:59:13 +02:00
|
|
|
defer func() {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Routine: TUN reader - stopped")
|
2018-05-16 22:20:15 +02:00
|
|
|
device.state.stopping.Done()
|
2018-05-01 16:59:13 +02:00
|
|
|
}()
|
|
|
|
|
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Routine: TUN reader - started")
|
2017-07-13 14:32:40 +02:00
|
|
|
|
2018-09-22 06:29:02 +02:00
|
|
|
var elem *QueueOutboundElement
|
|
|
|
|
|
2017-06-28 23:45:45 +02:00
|
|
|
for {
|
2018-09-22 06:29:02 +02:00
|
|
|
if elem != nil {
|
|
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutOutboundElement(elem)
|
|
|
|
|
}
|
|
|
|
|
elem = device.NewOutboundElement()
|
2017-06-28 23:45:45 +02:00
|
|
|
|
2017-08-25 14:53:23 +02:00
|
|
|
// read packet
|
2017-07-06 15:43:55 +02:00
|
|
|
|
2017-12-04 21:39:06 +01:00
|
|
|
offset := MessageTransportHeaderSize
|
|
|
|
|
size, err := device.tun.device.Read(elem.buffer[:], offset)
|
|
|
|
|
|
2017-06-28 23:45:45 +02:00
|
|
|
if err != nil {
|
2018-05-20 23:18:25 -04:00
|
|
|
if !device.isClosed.Get() {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("Failed to read packet from TUN device: %v", err)
|
2018-05-20 23:18:25 -04:00
|
|
|
device.Close()
|
|
|
|
|
}
|
2018-09-16 21:50:58 +02:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
2018-09-22 06:29:02 +02:00
|
|
|
device.PutOutboundElement(elem)
|
2017-07-13 14:32:40 +02:00
|
|
|
return
|
2017-06-28 23:45:45 +02:00
|
|
|
}
|
2017-07-13 14:32:40 +02:00
|
|
|
|
2017-08-25 14:53:23 +02:00
|
|
|
if size == 0 || size > MaxContentSize {
|
2017-06-28 23:45:45 +02:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-04 21:39:06 +01:00
|
|
|
elem.packet = elem.buffer[offset : offset+size]
|
2017-08-04 16:15:53 +02:00
|
|
|
|
2017-06-28 23:45:45 +02:00
|
|
|
// lookup peer
|
|
|
|
|
|
|
|
|
|
var peer *Peer
|
2017-07-06 15:43:55 +02:00
|
|
|
switch elem.packet[0] >> 4 {
|
2017-07-13 14:32:40 +02:00
|
|
|
case ipv4.Version:
|
2017-08-04 16:15:53 +02:00
|
|
|
if len(elem.packet) < ipv4.HeaderLen {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2017-07-06 15:43:55 +02:00
|
|
|
dst := elem.packet[IPv4offsetDst : IPv4offsetDst+net.IPv4len]
|
2018-05-13 23:14:43 +02:00
|
|
|
peer = device.allowedips.LookupIPv4(dst)
|
2017-06-28 23:45:45 +02:00
|
|
|
|
2017-07-13 14:32:40 +02:00
|
|
|
case ipv6.Version:
|
2017-08-04 16:15:53 +02:00
|
|
|
if len(elem.packet) < ipv6.HeaderLen {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2017-07-06 15:43:55 +02:00
|
|
|
dst := elem.packet[IPv6offsetDst : IPv6offsetDst+net.IPv6len]
|
2018-05-13 23:14:43 +02:00
|
|
|
peer = device.allowedips.LookupIPv6(dst)
|
2017-06-28 23:45:45 +02:00
|
|
|
|
|
|
|
|
default:
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("Received packet with unknown IP version")
|
2017-06-28 23:45:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if peer == nil {
|
2017-06-29 14:39:21 +02:00
|
|
|
continue
|
2017-06-28 23:45:45 +02:00
|
|
|
}
|
2018-01-26 22:52:32 +01:00
|
|
|
if peer.isRunning.Get() {
|
2021-01-27 18:13:53 +01:00
|
|
|
peer.StagePacket(elem)
|
2018-09-22 06:29:02 +02:00
|
|
|
elem = nil
|
2021-01-27 18:13:53 +01:00
|
|
|
peer.SendStagedPackets()
|
2018-01-26 22:52:32 +01:00
|
|
|
}
|
2017-06-28 23:45:45 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-27 18:13:53 +01:00
|
|
|
func (peer *Peer) StagePacket(elem *QueueOutboundElement) {
|
2017-09-09 15:03:01 +02:00
|
|
|
for {
|
|
|
|
|
select {
|
2021-01-27 18:13:53 +01:00
|
|
|
case peer.queue.staged <- elem:
|
2017-09-09 15:03:01 +02:00
|
|
|
return
|
2021-01-27 18:13:53 +01:00
|
|
|
default:
|
2021-01-28 18:56:58 +01:00
|
|
|
}
|
|
|
|
|
select {
|
|
|
|
|
case tooOld := <-peer.queue.staged:
|
|
|
|
|
peer.device.PutMessageBuffer(tooOld.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(tooOld)
|
|
|
|
|
default:
|
2021-01-27 18:13:53 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-06-26 13:14:02 +02:00
|
|
|
|
2021-01-27 18:13:53 +01:00
|
|
|
func (peer *Peer) SendStagedPackets() {
|
|
|
|
|
top:
|
|
|
|
|
if len(peer.queue.staged) == 0 || !peer.device.isUp.Get() {
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-06-30 14:41:08 +02:00
|
|
|
|
2021-01-27 18:13:53 +01:00
|
|
|
keypair := peer.keypairs.Current()
|
|
|
|
|
if keypair == nil || atomic.LoadUint64(&keypair.sendNonce) >= RejectAfterMessages || time.Since(keypair.created) >= RejectAfterTime {
|
|
|
|
|
peer.SendHandshakeInitiation(false)
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-06-30 14:41:08 +02:00
|
|
|
|
2021-01-27 18:13:53 +01:00
|
|
|
for {
|
|
|
|
|
select {
|
|
|
|
|
case elem := <-peer.queue.staged:
|
2017-09-09 15:03:01 +02:00
|
|
|
elem.peer = peer
|
2018-05-13 18:23:40 +02:00
|
|
|
elem.nonce = atomic.AddUint64(&keypair.sendNonce, 1) - 1
|
2018-05-07 22:27:03 +02:00
|
|
|
if elem.nonce >= RejectAfterMessages {
|
2018-05-19 00:35:49 +02:00
|
|
|
atomic.StoreUint64(&keypair.sendNonce, RejectAfterMessages)
|
2021-01-27 18:13:53 +01:00
|
|
|
peer.StagePacket(elem) // XXX: Out of order, but we can't front-load go chans
|
|
|
|
|
goto top
|
2018-05-07 22:27:03 +02:00
|
|
|
}
|
2018-05-19 00:35:49 +02:00
|
|
|
|
2018-05-13 18:23:40 +02:00
|
|
|
elem.keypair = keypair
|
2019-01-03 19:04:00 +01:00
|
|
|
elem.Lock()
|
2017-06-30 14:41:08 +02:00
|
|
|
|
2017-09-09 15:03:01 +02:00
|
|
|
// add to parallel and sequential queue
|
2021-01-29 14:54:11 +01:00
|
|
|
peer.queue.RLock()
|
|
|
|
|
if peer.isRunning.Get() {
|
|
|
|
|
peer.queue.outbound <- elem
|
|
|
|
|
peer.device.queue.encryption.c <- elem
|
|
|
|
|
} else {
|
|
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
|
|
|
|
}
|
|
|
|
|
peer.queue.RUnlock()
|
2021-01-27 18:13:53 +01:00
|
|
|
default:
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) FlushStagedPackets() {
|
|
|
|
|
for {
|
|
|
|
|
select {
|
|
|
|
|
case elem := <-peer.queue.staged:
|
|
|
|
|
peer.device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
peer.device.PutOutboundElement(elem)
|
|
|
|
|
default:
|
|
|
|
|
return
|
2017-06-26 13:14:02 +02:00
|
|
|
}
|
2017-09-09 15:03:01 +02:00
|
|
|
}
|
2017-06-26 13:14:02 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-18 14:32:31 -06:00
|
|
|
func calculatePaddingSize(packetSize, mtu int) int {
|
|
|
|
|
lastUnit := packetSize
|
|
|
|
|
if mtu == 0 {
|
|
|
|
|
return ((lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1)) - lastUnit
|
|
|
|
|
}
|
|
|
|
|
if lastUnit > mtu {
|
|
|
|
|
lastUnit %= mtu
|
|
|
|
|
}
|
|
|
|
|
paddedSize := ((lastUnit + PaddingMultiple - 1) & ^(PaddingMultiple - 1))
|
|
|
|
|
if paddedSize > mtu {
|
|
|
|
|
paddedSize = mtu
|
|
|
|
|
}
|
|
|
|
|
return paddedSize - lastUnit
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-28 23:45:45 +02:00
|
|
|
/* Encrypts the elements in the queue
|
|
|
|
|
* and marks them for sequential consumption (by releasing the mutex)
|
2017-06-26 22:07:29 +02:00
|
|
|
*
|
2017-06-28 23:45:45 +02:00
|
|
|
* Obs. One instance per core
|
2017-06-26 22:07:29 +02:00
|
|
|
*/
|
2017-06-28 23:45:45 +02:00
|
|
|
func (device *Device) RoutineEncryption() {
|
2021-01-29 20:10:48 +01:00
|
|
|
var paddingZeros [PaddingMultiple]byte
|
2017-06-26 22:07:29 +02:00
|
|
|
var nonce [chacha20poly1305.NonceSize]byte
|
2017-07-17 16:16:18 +02:00
|
|
|
|
2021-01-26 23:05:48 +01:00
|
|
|
defer device.log.Verbosef("Routine: encryption worker - stopped")
|
|
|
|
|
device.log.Verbosef("Routine: encryption worker - started")
|
2017-07-17 16:16:18 +02:00
|
|
|
|
2020-12-14 15:07:23 -08:00
|
|
|
for elem := range device.queue.encryption.c {
|
|
|
|
|
// populate header fields
|
|
|
|
|
header := elem.buffer[:MessageTransportHeaderSize]
|
|
|
|
|
|
|
|
|
|
fieldType := header[0:4]
|
|
|
|
|
fieldReceiver := header[4:8]
|
|
|
|
|
fieldNonce := header[8:16]
|
|
|
|
|
|
|
|
|
|
binary.LittleEndian.PutUint32(fieldType, MessageTransportType)
|
|
|
|
|
binary.LittleEndian.PutUint32(fieldReceiver, elem.keypair.remoteIndex)
|
|
|
|
|
binary.LittleEndian.PutUint64(fieldNonce, elem.nonce)
|
|
|
|
|
|
|
|
|
|
// pad content to multiple of 16
|
|
|
|
|
paddingSize := calculatePaddingSize(len(elem.packet), int(atomic.LoadInt32(&device.tun.mtu)))
|
2021-01-29 20:10:48 +01:00
|
|
|
elem.packet = append(elem.packet, paddingZeros[:paddingSize]...)
|
2020-12-14 15:07:23 -08:00
|
|
|
|
|
|
|
|
// encrypt content and release to consumer
|
|
|
|
|
|
|
|
|
|
binary.LittleEndian.PutUint64(nonce[4:], elem.nonce)
|
|
|
|
|
elem.packet = elem.keypair.send.Seal(
|
|
|
|
|
header,
|
|
|
|
|
nonce[:],
|
|
|
|
|
elem.packet,
|
|
|
|
|
nil,
|
|
|
|
|
)
|
|
|
|
|
elem.Unlock()
|
2017-06-28 23:45:45 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Sequentially reads packets from queue and sends to endpoint
|
|
|
|
|
*
|
|
|
|
|
* Obs. Single instance per peer.
|
|
|
|
|
* The routine terminates then the outbound queue is closed.
|
|
|
|
|
*/
|
2017-06-30 14:41:08 +02:00
|
|
|
func (peer *Peer) RoutineSequentialSender() {
|
|
|
|
|
device := peer.device
|
2021-01-29 14:54:11 +01:00
|
|
|
defer func() {
|
|
|
|
|
defer device.log.Verbosef("%v - Routine: sequential sender - stopped", peer)
|
|
|
|
|
peer.stopping.Done()
|
|
|
|
|
}()
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Verbosef("%v - Routine: sequential sender - started", peer)
|
2018-05-01 16:59:13 +02:00
|
|
|
|
2020-12-15 15:54:48 -08:00
|
|
|
for elem := range peer.queue.outbound {
|
|
|
|
|
elem.Lock()
|
|
|
|
|
if !peer.isRunning.Get() {
|
|
|
|
|
// peer has been stopped; return re-usable elems to the shared pool.
|
|
|
|
|
// This is an optimization only. It is possible for the peer to be stopped
|
|
|
|
|
// immediately after this check, in which case, elem will get processed.
|
|
|
|
|
// The timers and SendBuffer code are resilient to a few stragglers.
|
|
|
|
|
// TODO(josharian): rework peer shutdown order to ensure
|
|
|
|
|
// that we never accidentally keep timers alive longer than necessary.
|
2017-07-17 16:16:18 +02:00
|
|
|
device.PutMessageBuffer(elem.buffer)
|
2018-09-22 06:29:02 +02:00
|
|
|
device.PutOutboundElement(elem)
|
2020-12-15 15:54:48 -08:00
|
|
|
continue
|
2017-06-30 14:41:08 +02:00
|
|
|
}
|
2020-12-15 15:54:48 -08:00
|
|
|
|
|
|
|
|
peer.timersAnyAuthenticatedPacketTraversal()
|
|
|
|
|
peer.timersAnyAuthenticatedPacketSent()
|
|
|
|
|
|
|
|
|
|
// send message and return buffer to pool
|
|
|
|
|
|
|
|
|
|
err := peer.SendBuffer(elem.packet)
|
|
|
|
|
if len(elem.packet) != MessageKeepaliveSize {
|
|
|
|
|
peer.timersDataSent()
|
|
|
|
|
}
|
|
|
|
|
device.PutMessageBuffer(elem.buffer)
|
|
|
|
|
device.PutOutboundElement(elem)
|
|
|
|
|
if err != nil {
|
2021-01-26 23:05:48 +01:00
|
|
|
device.log.Errorf("%v - Failed to send data packet: %v", peer, err)
|
2020-12-15 15:54:48 -08:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
peer.keepKeyFreshSending()
|
2017-06-26 13:14:02 +02:00
|
|
|
}
|
|
|
|
|
}
|
