Home Explore Help
Sign In
golang
/
edgevpn
mirror of https://github.com/mudler/edgevpn
2
0
Fork 0
Files Issues 0 Wiki
Branch: renovate/github.com-labstack-echo-v4-4.x
Branches Tags
edgevpn
/
pkg
/
vpn
/
vpn.go

vpn.go 7.9 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324 
  1. /*
    2. 

  2. Copyright © 2021-2022 Ettore Di Giacinto <[email protected]>
    3. 

  3. Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. you may not use this file except in compliance with the License.
    5. 

  5. You may obtain a copy of the License at
    6. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. Unless required by applicable law or agreed to in writing, software
    8. 

  8. distributed under the License is distributed on an "AS IS" BASIS,
    9. 

  9. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    10. 

  10. See the License for the specific language governing permissions and
    11. 

  11. limitations under the License.
    12. 

  12. */
    13. 

  13. 

  14. package vpn
    15. 

  15. 

  16. import (
    17. 

  17. 	"context"
    18. 

  18. 	"fmt"
    19. 

  19. 	"io"
    20. 

  20. 	"net"
    21. 

  21. 	"os"
    22. 

  22. 	"runtime"
    23. 

  23. 	"sync"
    24. 

  24. 	"time"
    25. 

  25. 

  26. 	"github.com/ipfs/go-log"
    27. 

  27. 	"github.com/libp2p/go-libp2p/core/network"
    28. 

  28. 	"github.com/libp2p/go-libp2p/core/peer"
    29. 

  29. 

  30. 	"github.com/google/gopacket"
    31. 

  31. 	"github.com/google/gopacket/layers"
    32. 

  32. 	"github.com/mudler/edgevpn/internal"
    33. 

  33. 	"github.com/mudler/edgevpn/pkg/blockchain"
    34. 

  34. 	"github.com/mudler/edgevpn/pkg/logger"
    35. 

  35. 	"github.com/mudler/edgevpn/pkg/node"
    36. 

  36. 	"github.com/mudler/edgevpn/pkg/protocol"
    37. 

  37. 	"github.com/mudler/edgevpn/pkg/stream"
    38. 

  38. 	"github.com/mudler/edgevpn/pkg/types"
    39. 

  39. 

  40. 	"github.com/mudler/water"
    41. 

  41. 	"github.com/pkg/errors"
    42. 

  42. 	"github.com/songgao/packets/ethernet"
    43. 

  43. )
    44. 

  44. 

  45. type streamManager interface {
    46. 

  46. 	Connected(n network.Network, c network.Stream)
    47. 

  47. 	Disconnected(n network.Network, c network.Stream)
    48. 

  48. 	HasStream(n network.Network, pid peer.ID) (network.Stream, error)
    49. 

  49. 	Close() error
    50. 

  50. }
    51. 

  51. 

  52. func VPNNetworkService(p ...Option) node.NetworkService {
    53. 

  53. 	return func(ctx context.Context, nc node.Config, n *node.Node, b *blockchain.Ledger) error {
    54. 

  54. 		c := &Config{
    55. 

  55. 			Concurrency:        1,
    56. 

  56. 			LedgerAnnounceTime: 5 * time.Second,
    57. 

  57. 			Timeout:            15 * time.Second,
    58. 

  58. 			Logger:             logger.New(log.LevelDebug),
    59. 

  59. 			MaxStreams:         30,
    60. 

  60. 		}
    61. 

  61. 		if err := c.Apply(p...); err != nil {
    62. 

  62. 			return err
    63. 

  63. 		}
    64. 

  64. 

  65. 		ifce, err := createInterface(c)
    66. 

  66. 		if err != nil {
    67. 

  67. 			return err
    68. 

  68. 		}
    69. 

  69. 		defer ifce.Close()
    70. 

  70. 

  71. 		var mgr streamManager
    72. 

  72. 

  73. 		if c.lowProfile {
    74. 

  74. 			// Create stream manager for outgoing connections
    75. 

  75. 			mgr, err = stream.NewConnManager(10, c.MaxStreams)
    76. 

  76. 			if err != nil {
    77. 

  77. 				return err
    78. 

  78. 			}
    79. 

  79. 			// Attach it to the same context
    80. 

  80. 			go func() {
    81. 

  81. 				<-ctx.Done()
    82. 

  82. 				mgr.Close()
    83. 

  83. 			}()
    84. 

  84. 		}
    85. 

  85. 

  86. 		// Set stream handler during runtime
    87. 

  87. 		n.Host().SetStreamHandler(protocol.EdgeVPN.ID(), streamHandler(b, ifce, c, nc))
    88. 

  88. 

  89. 		// Announce our IP
    90. 

  90. 		ip, _, err := net.ParseCIDR(c.InterfaceAddress)
    91. 

  91. 		if err != nil {
    92. 

  92. 			return err
    93. 

  93. 		}
    94. 

  94. 

  95. 		b.Announce(
    96. 

  96. 			ctx,
    97. 

  97. 			c.LedgerAnnounceTime,
    98. 

  98. 			func() {
    99. 

  99. 				machine := &types.Machine{}
    100. 

  100. 				// Retrieve current ID for ip in the blockchain
    101. 

  101. 				existingValue, found := b.GetKey(protocol.MachinesLedgerKey, ip.String())
    102. 

  102. 				existingValue.Unmarshal(machine)
    103. 

  103. 

  104. 				// If mismatch, update the blockchain
    105. 

  105. 				if !found || machine.PeerID != n.Host().ID().String() {
    106. 

  106. 					updatedMap := map[string]interface{}{}
    107. 

  107. 					updatedMap[ip.String()] = newBlockChainData(n, ip.String())
    108. 

  108. 					b.Add(protocol.MachinesLedgerKey, updatedMap)
    109. 

  109. 				}
    110. 

  110. 			},
    111. 

  111. 		)
    112. 

  112. 

  113. 		if c.NetLinkBootstrap {
    114. 

  114. 			if err := prepareInterface(c); err != nil {
    115. 

  115. 				return err
    116. 

  116. 			}
    117. 

  117. 		}
    118. 

  118. 

  119. 		// read packets from the interface
    120. 

  120. 		return readPackets(ctx, mgr, c, n, b, ifce, nc)
    121. 

  121. 	}
    122. 

  122. }
    123. 

  123. 

  124. // Start the node and the vpn. Returns an error in case of failure
    125. 

  125. // When starting the vpn, there is no need to start the node
    126. 

  126. func Register(p ...Option) ([]node.Option, error) {
    127. 

  127. 	return []node.Option{node.WithNetworkService(VPNNetworkService(p...))}, nil
    128. 

  128. }
    129. 

  129. 

  130. func streamHandler(l *blockchain.Ledger, ifce *water.Interface, c *Config, nc node.Config) func(stream network.Stream) {
    131. 

  131. 	return func(stream network.Stream) {
    132. 

  132. 		if len(nc.PeerTable) == 0 && !l.Exists(protocol.MachinesLedgerKey,
    133. 

  133. 			func(d blockchain.Data) bool {
    134. 

  134. 				machine := &types.Machine{}
    135. 

  135. 				d.Unmarshal(machine)
    136. 

  136. 				return machine.PeerID == stream.Conn().RemotePeer().String()
    137. 

  137. 			}) {
    138. 

  138. 			stream.Reset()
    139. 

  139. 			return
    140. 

  140. 		}
    141. 

  141. 		if len(nc.PeerTable) > 0 {
    142. 

  142. 			found := false
    143. 

  143. 			for _, p := range nc.PeerTable {
    144. 

  144. 				if p.String() == stream.Conn().RemotePeer().String() {
    145. 

  145. 					found = true
    146. 

  146. 				}
    147. 

  147. 			}
    148. 

  148. 			if !found {
    149. 

  149. 				stream.Reset()
    150. 

  150. 				return
    151. 

  151. 			}
    152. 

  152. 		}
    153. 

  153. 		_, err := io.Copy(ifce.ReadWriteCloser, stream)
    154. 

  154. 		if err != nil {
    155. 

  155. 			stream.Reset()
    156. 

  156. 		}
    157. 

  157. 		stream.Close()
    158. 

  158. 	}
    159. 

  159. }
    160. 

  160. 

  161. func newBlockChainData(n *node.Node, address string) types.Machine {
    162. 

  162. 	hostname, _ := os.Hostname()
    163. 

  163. 

  164. 	return types.Machine{
    165. 

  165. 		PeerID:   n.Host().ID().String(),
    166. 

  166. 		Hostname: hostname,
    167. 

  167. 		OS:       runtime.GOOS,
    168. 

  168. 		Arch:     runtime.GOARCH,
    169. 

  169. 		Version:  internal.Version,
    170. 

  170. 		Address:  address,
    171. 

  171. 	}
    172. 

  172. }
    173. 

  173. 

  174. func getFrame(ifce *water.Interface, c *Config) (ethernet.Frame, error) {
    175. 

  175. 	var frame ethernet.Frame
    176. 

  176. 	frame.Resize(c.MTU)
    177. 

  177. 

  178. 	n, err := ifce.Read([]byte(frame))
    179. 

  179. 	if err != nil {
    180. 

  180. 		return frame, errors.Wrap(err, "could not read from interface")
    181. 

  181. 	}
    182. 

  182. 

  183. 	frame = frame[:n]
    184. 

  184. 	return frame, nil
    185. 

  185. }
    186. 

  186. 

  187. func handleFrame(mgr streamManager, frame ethernet.Frame, c *Config, n *node.Node, ip net.IP, ledger *blockchain.Ledger, ifce *water.Interface, nc node.Config) error {
    188. 

  188. 	ctx, cancel := context.WithTimeout(context.Background(), c.Timeout)
    189. 

  189. 	defer cancel()
    190. 

  190. 

  191. 	var dstIP, srcIP net.IP
    192. 

  192. 	var packet layers.IPv4
    193. 

  193. 	if err := packet.DecodeFromBytes(frame, gopacket.NilDecodeFeedback); err != nil {
    194. 

  194. 		var packet layers.IPv6
    195. 

  195. 		if err := packet.DecodeFromBytes(frame, gopacket.NilDecodeFeedback); err != nil {
    196. 

  196. 			return errors.Wrap(err, "could not parse header from frame")
    197. 

  197. 		} else {
    198. 

  198. 			dstIP = packet.DstIP
    199. 

  199. 			srcIP = packet.SrcIP
    200. 

  200. 		}
    201. 

  201. 	} else {
    202. 

  202. 		dstIP = packet.DstIP
    203. 

  203. 		srcIP = packet.SrcIP
    204. 

  204. 	}
    205. 

  205. 

  206. 	dst := dstIP.String()
    207. 

  207. 	if c.RouterAddress != "" && srcIP.Equal(ip) {
    208. 

  208. 		if _, found := ledger.GetKey(protocol.MachinesLedgerKey, dst); !found {
    209. 

  209. 			dst = c.RouterAddress
    210. 

  210. 		}
    211. 

  211. 	}
    212. 

  212. 

  213. 	var d peer.ID
    214. 

  214. 	var err error
    215. 

  215. 	notFoundErr := fmt.Errorf("'%s' not found in the routing table", dst)
    216. 

  216. 	if len(nc.PeerTable) > 0 {
    217. 

  217. 		found := false
    218. 

  218. 		for ip, p := range nc.PeerTable {
    219. 

  219. 			if ip == dst {
    220. 

  220. 				found = true
    221. 

  221. 				d = peer.ID(p)
    222. 

  222. 			}
    223. 

  223. 		}
    224. 

  224. 		if !found {
    225. 

  225. 			return notFoundErr
    226. 

  226. 		}
    227. 

  227. 	} else {
    228. 

  228. 		// Query the routing table
    229. 

  229. 		value, found := ledger.GetKey(protocol.MachinesLedgerKey, dst)
    230. 

  230. 		if !found {
    231. 

  231. 			return notFoundErr
    232. 

  232. 		}
    233. 

  233. 		machine := &types.Machine{}
    234. 

  234. 		value.Unmarshal(machine)
    235. 

  235. 

  236. 		// Decode the Peer
    237. 

  237. 		d, err = peer.Decode(machine.PeerID)
    238. 

  238. 	}
    239. 

  239. 

  240. 	if err != nil {
    241. 

  241. 		return errors.Wrap(err, "could not decode peer")
    242. 

  242. 	}
    243. 

  243. 

  244. 	var stream network.Stream
    245. 

  245. 	if mgr != nil {
    246. 

  246. 		// Open a stream if necessary
    247. 

  247. 		stream, err = mgr.HasStream(n.Host().Network(), d)
    248. 

  248. 		if err == nil {
    249. 

  249. 			_, err = stream.Write(frame)
    250. 

  250. 			if err == nil {
    251. 

  251. 				return nil
    252. 

  252. 			}
    253. 

  253. 			mgr.Disconnected(n.Host().Network(), stream)
    254. 

  254. 		}
    255. 

  255. 	}
    256. 

  256. 

  257. 	stream, err = n.Host().NewStream(ctx, d, protocol.EdgeVPN.ID())
    258. 

  258. 	if err != nil {
    259. 

  259. 		return fmt.Errorf("could not open stream to %s: %w", d.String(), err)
    260. 

  260. 	}
    261. 

  261. 	defer stream.Close()
    262. 

  262. 

  263. 	if mgr != nil {
    264. 

  264. 		mgr.Connected(n.Host().Network(), stream)
    265. 

  265. 	}
    266. 

  266. 

  267. 	_, err = stream.Write(frame)
    268. 

  268. 	return err
    269. 

  269. }
    270. 

  270. 

  271. func connectionWorker(
    272. 

  272. 	p chan ethernet.Frame,
    273. 

  273. 	mgr streamManager,
    274. 

  274. 	c *Config,
    275. 

  275. 	n *node.Node,
    276. 

  276. 	ip net.IP,
    277. 

  277. 	wg *sync.WaitGroup,
    278. 

  278. 	ledger *blockchain.Ledger,
    279. 

  279. 	ifce *water.Interface,
    280. 

  280. 	nc node.Config) {
    281. 

  281. 	defer wg.Done()
    282. 

  282. 	for f := range p {
    283. 

  283. 		if err := handleFrame(mgr, f, c, n, ip, ledger, ifce, nc); err != nil {
    284. 

  284. 			c.Logger.Debugf("could not handle frame: %s", err.Error())
    285. 

  285. 		}
    286. 

  286. 	}
    287. 

  287. }
    288. 

  288. 

  289. // readPackets packets from the interface to the node using the routing table in the blockchain
    290. 

  290. func readPackets(ctx context.Context, mgr streamManager, c *Config, n *node.Node, ledger *blockchain.Ledger, ifce *water.Interface, nc node.Config) error {
    291. 

  291. 	ip, _, err := net.ParseCIDR(c.InterfaceAddress)
    292. 

  292. 	if err != nil {
    293. 

  293. 		return err
    294. 

  294. 	}
    295. 

  295. 

  296. 	wg := new(sync.WaitGroup)
    297. 

  297. 

  298. 	packets := make(chan ethernet.Frame, c.ChannelBufferSize)
    299. 

  299. 

  300. 	defer func() {
    301. 

  301. 		close(packets)
    302. 

  302. 		wg.Wait()
    303. 

  303. 	}()
    304. 

  304. 

  305. 	for i := 0; i < c.Concurrency; i++ {
    306. 

  306. 		wg.Add(1)
    307. 

  307. 		go connectionWorker(packets, mgr, c, n, ip, wg, ledger, ifce, nc)
    308. 

  308. 	}
    309. 

  309. 

  310. 	for {
    311. 

  311. 		select {
    312. 

  312. 		case <-ctx.Done():
    313. 

  313. 			return nil
    314. 

  314. 		default:
    315. 

  315. 			frame, err := getFrame(ifce, c)
    316. 

  316. 			if err != nil {
    317. 

  317. 				c.Logger.Errorf("could not get frame '%s'", err.Error())
    318. 

  318. 				continue
    319. 

  319. 			}
    320. 

  320. 

  321. 			packets <- frame
    322. 

  322. 		}
    323. 

  323. 	}
    324. 

  324. }
    325.