mirror of https://github.com/dswd/vpncloud.git
Merge branch 'master' into wsproxy
This commit is contained in:
commit
f0d9ad2ccd
|
@ -11,7 +11,7 @@ jobs:
|
||||||
- name: Run builder
|
- name: Run builder
|
||||||
uses: ./.github/actions/build-deb
|
uses: ./.github/actions/build-deb
|
||||||
with:
|
with:
|
||||||
rust: '1.48.0'
|
rust: '1.49.0'
|
||||||
- name: Archive artifacts
|
- name: Archive artifacts
|
||||||
uses: actions/upload-artifact@v1
|
uses: actions/upload-artifact@v1
|
||||||
with:
|
with:
|
||||||
|
@ -31,7 +31,7 @@ jobs:
|
||||||
- name: Run builder
|
- name: Run builder
|
||||||
uses: ./.github/actions/build-rpm
|
uses: ./.github/actions/build-rpm
|
||||||
with:
|
with:
|
||||||
rust: '1.48.0'
|
rust: '1.49.0'
|
||||||
- name: Archive artifacts
|
- name: Archive artifacts
|
||||||
uses: actions/upload-artifact@v1
|
uses: actions/upload-artifact@v1
|
||||||
with:
|
with:
|
||||||
|
|
|
@ -4,9 +4,11 @@ This project follows [semantic versioning](http://semver.org).
|
||||||
|
|
||||||
### UNRELEASED
|
### UNRELEASED
|
||||||
|
|
||||||
|
- [added] Support for creating shell completions
|
||||||
|
- [added] Support for hook scripts to handle certain situations
|
||||||
- [removed] Removed dummy device type
|
- [removed] Removed dummy device type
|
||||||
- [changed] Updated depdendencies
|
- [changed] Updated dependencies
|
||||||
- [changed] Changed Rust version to 1.48.0
|
- [changed] Changed Rust version to 1.49.0
|
||||||
- [fixed] Added missing peer address propagation
|
- [fixed] Added missing peer address propagation
|
||||||
|
|
||||||
### v2.0.1 (2020-11-07)
|
### v2.0.1 (2020-11-07)
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
18
Cargo.toml
18
Cargo.toml
|
@ -14,8 +14,7 @@ edition = "2018"
|
||||||
[dependencies]
|
[dependencies]
|
||||||
time = "=0.2.22"
|
time = "=0.2.22"
|
||||||
structopt = "0.3"
|
structopt = "0.3"
|
||||||
serde = "1.0"
|
serde = { version = "1.0", features = ["derive"] }
|
||||||
serde_derive = "1.0"
|
|
||||||
serde_yaml = "0.8"
|
serde_yaml = "0.8"
|
||||||
log = { version = "0.4", features = ["std"] }
|
log = { version = "0.4", features = ["std"] }
|
||||||
signal = "0.7"
|
signal = "0.7"
|
||||||
|
@ -23,24 +22,29 @@ libc = "0.2"
|
||||||
rand = "0.8"
|
rand = "0.8"
|
||||||
fnv = "1"
|
fnv = "1"
|
||||||
yaml-rust = "0.4"
|
yaml-rust = "0.4"
|
||||||
igd = { version = "0.11", optional = true }
|
igd = { version = "0.12", optional = true }
|
||||||
daemonize = "0.4"
|
daemonize = "0.4"
|
||||||
ring = "0.16"
|
ring = "0.16"
|
||||||
privdrop = "0.5"
|
privdrop = "0.5"
|
||||||
byteorder = "1.3"
|
byteorder = "1.4"
|
||||||
thiserror = "1.0"
|
thiserror = "1.0"
|
||||||
smallvec = "1.5"
|
smallvec = "1.6"
|
||||||
tungstenite = "*"
|
tungstenite = "0.12"
|
||||||
url = "*"
|
url = "2.2"
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
tempfile = "3"
|
tempfile = "3"
|
||||||
|
criterion = "0.3"
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["nat"]
|
default = ["nat"]
|
||||||
bench = []
|
bench = []
|
||||||
nat = ["igd"]
|
nat = ["igd"]
|
||||||
|
|
||||||
|
[[bench]]
|
||||||
|
name = "bench"
|
||||||
|
harness = false
|
||||||
|
|
||||||
[profile.release]
|
[profile.release]
|
||||||
lto = true
|
lto = true
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,149 @@
|
||||||
|
#![allow(dead_code, unused_macros, unused_imports)]
|
||||||
|
#[macro_use] extern crate serde;
|
||||||
|
#[macro_use] extern crate log;
|
||||||
|
|
||||||
|
use criterion::{criterion_group, criterion_main, Criterion, Throughput};
|
||||||
|
|
||||||
|
use smallvec::smallvec;
|
||||||
|
use ring::aead;
|
||||||
|
|
||||||
|
use std::str::FromStr;
|
||||||
|
use std::net::{SocketAddr, Ipv4Addr, SocketAddrV4, UdpSocket};
|
||||||
|
|
||||||
|
mod util {
|
||||||
|
include!("../src/util.rs");
|
||||||
|
}
|
||||||
|
mod error {
|
||||||
|
include!("../src/error.rs");
|
||||||
|
}
|
||||||
|
mod payload {
|
||||||
|
include!("../src/payload.rs");
|
||||||
|
}
|
||||||
|
mod types {
|
||||||
|
include!("../src/types.rs");
|
||||||
|
}
|
||||||
|
mod table {
|
||||||
|
include!("../src/table.rs");
|
||||||
|
}
|
||||||
|
mod crypto_core {
|
||||||
|
include!("../src/crypto/core.rs");
|
||||||
|
}
|
||||||
|
|
||||||
|
pub use error::Error;
|
||||||
|
use util::{MockTimeSource, MsgBuffer};
|
||||||
|
use types::{Address, Range};
|
||||||
|
use table::{ClaimTable};
|
||||||
|
use payload::{Packet, Frame, Protocol};
|
||||||
|
use crypto_core::{create_dummy_pair, EXTRA_LEN};
|
||||||
|
|
||||||
|
fn udp_send(c: &mut Criterion) {
|
||||||
|
let sock = UdpSocket::bind("127.0.0.1:0").unwrap();
|
||||||
|
let data = [0; 1400];
|
||||||
|
let addr = SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 1);
|
||||||
|
let mut g = c.benchmark_group("udp_send");
|
||||||
|
g.throughput(Throughput::Bytes(1400));
|
||||||
|
g.bench_function("udp_send", |b| {
|
||||||
|
b.iter(|| sock.send_to(&data, &addr).unwrap());
|
||||||
|
});
|
||||||
|
g.finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn decode_ipv4(c: &mut Criterion) {
|
||||||
|
let data = [0x40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192, 168, 1, 1, 192, 168, 1, 2];
|
||||||
|
let mut g = c.benchmark_group("payload");
|
||||||
|
g.throughput(Throughput::Bytes(1400));
|
||||||
|
g.bench_function("decode_ipv4", |b| {
|
||||||
|
b.iter(|| Packet::parse(&data).unwrap());
|
||||||
|
});
|
||||||
|
g.finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn decode_ipv6(c: &mut Criterion) {
|
||||||
|
let data = [
|
||||||
|
0x60, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 0, 9, 8, 7, 6, 5, 4, 3, 2, 1, 6, 5,
|
||||||
|
4, 3, 2, 1
|
||||||
|
];
|
||||||
|
let mut g = c.benchmark_group("payload");
|
||||||
|
g.throughput(Throughput::Bytes(1400));
|
||||||
|
g.bench_function("decode_ipv6", |b| {
|
||||||
|
b.iter(|| Packet::parse(&data).unwrap());
|
||||||
|
});
|
||||||
|
g.finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn decode_ethernet(c: &mut Criterion) {
|
||||||
|
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 1, 2, 3, 4, 5, 6, 7, 8];
|
||||||
|
let mut g = c.benchmark_group("payload");
|
||||||
|
g.throughput(Throughput::Bytes(1400));
|
||||||
|
g.bench_function("decode_ethernet", |b| {
|
||||||
|
b.iter(|| Frame::parse(&data).unwrap());
|
||||||
|
});
|
||||||
|
g.finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn decode_ethernet_with_vlan(c: &mut Criterion) {
|
||||||
|
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0, 4, 210, 1, 2, 3, 4, 5, 6, 7, 8];
|
||||||
|
let mut g = c.benchmark_group("payload");
|
||||||
|
g.throughput(Throughput::Bytes(1400));
|
||||||
|
g.bench_function("decode_ethernet_with_vlan", |b| {
|
||||||
|
b.iter(|| Frame::parse(&data).unwrap());
|
||||||
|
});
|
||||||
|
g.finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn lookup_warm(c: &mut Criterion) {
|
||||||
|
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
|
||||||
|
let addr = Address::from_str("1.2.3.4").unwrap();
|
||||||
|
table.cache(addr, SocketAddr::from_str("1.2.3.4:3210").unwrap());
|
||||||
|
let mut g = c.benchmark_group("table");
|
||||||
|
g.throughput(Throughput::Bytes(1400));
|
||||||
|
g.bench_function("lookup_warm", |b| {
|
||||||
|
b.iter(|| table.lookup(addr));
|
||||||
|
});
|
||||||
|
g.finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn lookup_cold(c: &mut Criterion) {
|
||||||
|
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
|
||||||
|
let addr = Address::from_str("1.2.3.4").unwrap();
|
||||||
|
table.set_claims(SocketAddr::from_str("1.2.3.4:3210").unwrap(), smallvec![Range::from_str("1.2.3.4/32").unwrap()]);
|
||||||
|
let mut g = c.benchmark_group("table");
|
||||||
|
g.throughput(Throughput::Bytes(1400));
|
||||||
|
g.bench_function("lookup_cold", |b| {
|
||||||
|
b.iter(|| {
|
||||||
|
table.clear_cache();
|
||||||
|
table.lookup(addr)
|
||||||
|
});
|
||||||
|
});
|
||||||
|
g.finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn crypto_bench(c: &mut Criterion, algo: &'static aead::Algorithm) {
|
||||||
|
let mut buffer = MsgBuffer::new(EXTRA_LEN);
|
||||||
|
buffer.set_length(1400);
|
||||||
|
let (mut sender, mut receiver) = create_dummy_pair(algo);
|
||||||
|
let mut g = c.benchmark_group("crypto");
|
||||||
|
g.throughput(Throughput::Bytes(2*1400));
|
||||||
|
g.bench_function(format!("{:?}", algo), |b| {
|
||||||
|
b.iter(|| {
|
||||||
|
sender.encrypt(&mut buffer);
|
||||||
|
receiver.decrypt(&mut buffer).unwrap();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
g.finish()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn crypto_chacha20(c: &mut Criterion) {
|
||||||
|
crypto_bench(c, &aead::CHACHA20_POLY1305)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn crypto_aes128(c: &mut Criterion) {
|
||||||
|
crypto_bench(c, &aead::AES_128_GCM)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn crypto_aes256(c: &mut Criterion) {
|
||||||
|
crypto_bench(c, &aead::AES_256_GCM)
|
||||||
|
}
|
||||||
|
|
||||||
|
criterion_group!(benches, udp_send, decode_ipv4, decode_ipv6, decode_ethernet, decode_ethernet_with_vlan, lookup_cold, lookup_warm, crypto_chacha20, crypto_aes128, crypto_aes256);
|
||||||
|
criterion_main!(benches);
|
|
@ -19,7 +19,7 @@ RUN useradd -ms /bin/bash user
|
||||||
USER user
|
USER user
|
||||||
WORKDIR /home/user
|
WORKDIR /home/user
|
||||||
|
|
||||||
ENV RUST=1.48.0
|
ENV RUST=1.49.0
|
||||||
|
|
||||||
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST}
|
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST}
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ RUN useradd -ms /bin/bash user
|
||||||
USER user
|
USER user
|
||||||
WORKDIR /home/user
|
WORKDIR /home/user
|
||||||
|
|
||||||
ENV RUST=1.48.0
|
ENV RUST=1.49.0
|
||||||
|
|
||||||
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST}
|
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST}
|
||||||
|
|
||||||
|
|
116
src/cloud.rs
116
src/cloud.rs
|
@ -26,7 +26,8 @@ use crate::{
|
||||||
device::{Device, Type},
|
device::{Device, Type},
|
||||||
error::Error,
|
error::Error,
|
||||||
messages::{
|
messages::{
|
||||||
AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE, MESSAGE_TYPE_NODE_INFO
|
AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE,
|
||||||
|
MESSAGE_TYPE_NODE_INFO
|
||||||
},
|
},
|
||||||
net::{mapped_addr, Socket},
|
net::{mapped_addr, Socket},
|
||||||
payload::Protocol,
|
payload::Protocol,
|
||||||
|
@ -35,7 +36,7 @@ use crate::{
|
||||||
table::ClaimTable,
|
table::ClaimTable,
|
||||||
traffic::TrafficStats,
|
traffic::TrafficStats,
|
||||||
types::{Address, Mode, NodeId, Range, RangeList},
|
types::{Address, Mode, NodeId, Range, RangeList},
|
||||||
util::{addr_nice, resolve, CtrlC, Duration, MsgBuffer, StatsdMsg, Time, TimeSource}
|
util::{addr_nice, bytes_to_hex, resolve, CtrlC, Duration, MsgBuffer, StatsdMsg, Time, TimeSource}
|
||||||
};
|
};
|
||||||
|
|
||||||
pub type Hash = BuildHasherDefault<FnvHasher>;
|
pub type Hash = BuildHasherDefault<FnvHasher>;
|
||||||
|
@ -121,6 +122,9 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
info!("Auto-claiming {} due to interface address", range);
|
info!("Auto-claiming {} due to interface address", range);
|
||||||
claims.push(range);
|
claims.push(range);
|
||||||
}
|
}
|
||||||
|
Err(Error::DeviceIo(_, e)) if e.kind() == io::ErrorKind::AddrNotAvailable => {
|
||||||
|
info!("No address set on interface.")
|
||||||
|
}
|
||||||
Err(e) => error!("{}", e)
|
Err(e) => error!("{}", e)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -194,6 +198,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
fn send_to(&mut self, addr: SocketAddr, msg: &mut MsgBuffer) -> Result<(), Error> {
|
fn send_to(&mut self, addr: SocketAddr, msg: &mut MsgBuffer) -> Result<(), Error> {
|
||||||
|
// HOT PATH
|
||||||
debug!("Sending msg with {} bytes to {}", msg.len(), addr);
|
debug!("Sending msg with {} bytes to {}", msg.len(), addr);
|
||||||
self.traffic.count_out_traffic(addr, msg.len());
|
self.traffic.count_out_traffic(addr, msg.len());
|
||||||
match self.socket.send(msg.message(), addr) {
|
match self.socket.send(msg.message(), addr) {
|
||||||
|
@ -205,6 +210,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
fn send_msg(&mut self, addr: SocketAddr, type_: u8, msg: &mut MsgBuffer) -> Result<(), Error> {
|
fn send_msg(&mut self, addr: SocketAddr, type_: u8, msg: &mut MsgBuffer) -> Result<(), Error> {
|
||||||
|
// HOT PATH
|
||||||
debug!("Sending msg with {} bytes to {}", msg.len(), addr);
|
debug!("Sending msg with {} bytes to {}", msg.len(), addr);
|
||||||
let peer = match self.peers.get_mut(&addr) {
|
let peer = match self.peers.get_mut(&addr) {
|
||||||
Some(peer) => peer,
|
Some(peer) => peer,
|
||||||
|
@ -222,6 +228,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
self.own_addresses.push(pfw.get_external_ip().into());
|
self.own_addresses.push(pfw.get_external_ip().into());
|
||||||
}
|
}
|
||||||
debug!("Own addresses: {:?}", self.own_addresses);
|
debug!("Own addresses: {:?}", self.own_addresses);
|
||||||
|
// TODO: detect address changes and call event
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -276,6 +283,13 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
return Ok(())
|
return Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if !addrs.is_empty() {
|
||||||
|
self.config.call_hook(
|
||||||
|
"peer_connecting",
|
||||||
|
vec![("PEER", format!("{:?}", addr_nice(addrs[0]))), ("IFNAME", self.device.ifname().to_owned())],
|
||||||
|
true
|
||||||
|
);
|
||||||
|
}
|
||||||
// Send a message to each resolved address
|
// Send a message to each resolved address
|
||||||
for a in addrs {
|
for a in addrs {
|
||||||
// Ignore error this time
|
// Ignore error this time
|
||||||
|
@ -451,6 +465,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
self.next_stats_out = now + STATS_INTERVAL;
|
self.next_stats_out = now + STATS_INTERVAL;
|
||||||
self.traffic.period(Some(5));
|
self.traffic.period(Some(5));
|
||||||
}
|
}
|
||||||
|
// TODO: every 5 minutes: EVENT periodic
|
||||||
if let Some(peers) = self.beacon_serializer.get_cmd_results() {
|
if let Some(peers) = self.beacon_serializer.get_cmd_results() {
|
||||||
debug!("Loaded beacon with peers: {:?}", peers);
|
debug!("Loaded beacon with peers: {:?}", peers);
|
||||||
for peer in peers {
|
for peer in peers {
|
||||||
|
@ -594,15 +609,18 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn handle_interface_data(&mut self, data: &mut MsgBuffer) -> Result<(), Error> {
|
pub fn handle_interface_data(&mut self, data: &mut MsgBuffer) -> Result<(), Error> {
|
||||||
|
// HOT PATH
|
||||||
let (src, dst) = P::parse(data.message())?;
|
let (src, dst) = P::parse(data.message())?;
|
||||||
debug!("Read data from interface: src: {}, dst: {}, {} bytes", src, dst, data.len());
|
debug!("Read data from interface: src: {}, dst: {}, {} bytes", src, dst, data.len());
|
||||||
self.traffic.count_out_payload(dst, src, data.len());
|
self.traffic.count_out_payload(dst, src, data.len());
|
||||||
match self.table.lookup(dst) {
|
match self.table.lookup(dst) {
|
||||||
Some(addr) => {
|
Some(addr) => {
|
||||||
|
// HOT PATH
|
||||||
// Peer found for destination
|
// Peer found for destination
|
||||||
debug!("Found destination for {} => {}", dst, addr);
|
debug!("Found destination for {} => {}", dst, addr);
|
||||||
self.send_msg(addr, MESSAGE_TYPE_DATA, data)?;
|
self.send_msg(addr, MESSAGE_TYPE_DATA, data)?;
|
||||||
if !self.peers.contains_key(&addr) {
|
if !self.peers.contains_key(&addr) {
|
||||||
|
// COLD PATH
|
||||||
// If the peer is not actually connected, remove the entry in the table and try
|
// If the peer is not actually connected, remove the entry in the table and try
|
||||||
// to reconnect.
|
// to reconnect.
|
||||||
warn!("Destination for {} not found in peers: {}", dst, addr_nice(addr));
|
warn!("Destination for {} not found in peers: {}", dst, addr_nice(addr));
|
||||||
|
@ -611,6 +629,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
|
// COLD PATH
|
||||||
if self.broadcast {
|
if self.broadcast {
|
||||||
debug!("No destination for {} found, broadcasting", dst);
|
debug!("No destination for {} found, broadcasting", dst);
|
||||||
self.broadcast_msg(MESSAGE_TYPE_DATA, data)?;
|
self.broadcast_msg(MESSAGE_TYPE_DATA, data)?;
|
||||||
|
@ -625,6 +644,16 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
|
|
||||||
fn add_new_peer(&mut self, addr: SocketAddr, info: NodeInfo) -> Result<(), Error> {
|
fn add_new_peer(&mut self, addr: SocketAddr, info: NodeInfo) -> Result<(), Error> {
|
||||||
info!("Added peer {}", addr_nice(addr));
|
info!("Added peer {}", addr_nice(addr));
|
||||||
|
self.config.call_hook(
|
||||||
|
"peer_connected",
|
||||||
|
vec![
|
||||||
|
("PEER", format!("{:?}", addr_nice(addr))),
|
||||||
|
("IFNAME", self.device.ifname().to_owned()),
|
||||||
|
("CLAIMS", info.claims.iter().map(|r| format!("{:?}", r)).collect::<Vec<String>>().join(" ")),
|
||||||
|
("NODE_ID", bytes_to_hex(&info.node_id)),
|
||||||
|
],
|
||||||
|
true
|
||||||
|
);
|
||||||
if let Some(init) = self.pending_inits.remove(&addr) {
|
if let Some(init) = self.pending_inits.remove(&addr) {
|
||||||
self.peers.insert(addr, PeerData {
|
self.peers.insert(addr, PeerData {
|
||||||
addrs: info.addrs.clone(),
|
addrs: info.addrs.clone(),
|
||||||
|
@ -642,9 +671,18 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
}
|
}
|
||||||
|
|
||||||
fn remove_peer(&mut self, addr: SocketAddr) {
|
fn remove_peer(&mut self, addr: SocketAddr) {
|
||||||
if let Some(_peer) = self.peers.remove(&addr) {
|
if let Some(peer) = self.peers.remove(&addr) {
|
||||||
info!("Closing connection to {}", addr_nice(addr));
|
info!("Closing connection to {}", addr_nice(addr));
|
||||||
self.table.remove_claims(addr);
|
self.table.remove_claims(addr);
|
||||||
|
self.config.call_hook(
|
||||||
|
"peer_disconnected",
|
||||||
|
vec![
|
||||||
|
("PEER", format!("{:?}", addr)),
|
||||||
|
("IFNAME", self.device.ifname().to_owned()),
|
||||||
|
("NODE_ID", bytes_to_hex(&peer.node_id)),
|
||||||
|
],
|
||||||
|
true
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -688,6 +726,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
}
|
}
|
||||||
|
|
||||||
fn handle_payload_from(&mut self, peer: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> {
|
fn handle_payload_from(&mut self, peer: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> {
|
||||||
|
// HOT PATH
|
||||||
let (src, dst) = P::parse(data.message())?;
|
let (src, dst) = P::parse(data.message())?;
|
||||||
let len = data.len();
|
let len = data.len();
|
||||||
debug!("Writing data to device: {} bytes", len);
|
debug!("Writing data to device: {} bytes", len);
|
||||||
|
@ -706,11 +745,17 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
fn handle_message(
|
fn handle_message(
|
||||||
&mut self, src: SocketAddr, msg_result: MessageResult<NodeInfo>, data: &mut MsgBuffer
|
&mut self, src: SocketAddr, msg_result: MessageResult<NodeInfo>, data: &mut MsgBuffer
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
|
// HOT PATH
|
||||||
match msg_result {
|
match msg_result {
|
||||||
MessageResult::Message(type_) => {
|
MessageResult::Message(type_) => {
|
||||||
|
// HOT PATH
|
||||||
match type_ {
|
match type_ {
|
||||||
MESSAGE_TYPE_DATA => self.handle_payload_from(src, data)?,
|
MESSAGE_TYPE_DATA => {
|
||||||
|
// HOT PATH
|
||||||
|
self.handle_payload_from(src, data)?
|
||||||
|
}
|
||||||
MESSAGE_TYPE_NODE_INFO => {
|
MESSAGE_TYPE_NODE_INFO => {
|
||||||
|
// COLD PATH
|
||||||
let info = match NodeInfo::decode(Cursor::new(data.message())) {
|
let info = match NodeInfo::decode(Cursor::new(data.message())) {
|
||||||
Ok(val) => val,
|
Ok(val) => val,
|
||||||
Err(err) => {
|
Err(err) => {
|
||||||
|
@ -720,31 +765,50 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
};
|
};
|
||||||
self.update_peer_info(src, Some(info))?
|
self.update_peer_info(src, Some(info))?
|
||||||
}
|
}
|
||||||
MESSAGE_TYPE_KEEPALIVE => self.update_peer_info(src, None)?,
|
MESSAGE_TYPE_KEEPALIVE => {
|
||||||
MESSAGE_TYPE_CLOSE => self.remove_peer(src),
|
// COLD PATH
|
||||||
|
self.update_peer_info(src, None)?
|
||||||
|
}
|
||||||
|
MESSAGE_TYPE_CLOSE => {
|
||||||
|
// COLD PATH
|
||||||
|
self.remove_peer(src)
|
||||||
|
}
|
||||||
_ => {
|
_ => {
|
||||||
|
// COLD PATH
|
||||||
self.traffic.count_invalid_protocol(data.len());
|
self.traffic.count_invalid_protocol(data.len());
|
||||||
return Err(Error::Message("Unknown message type"))
|
return Err(Error::Message("Unknown message type"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
MessageResult::Initialized(info) => self.add_new_peer(src, info)?,
|
MessageResult::Initialized(info) => {
|
||||||
|
// COLD PATH
|
||||||
|
self.add_new_peer(src, info)?
|
||||||
|
}
|
||||||
MessageResult::InitializedWithReply(info) => {
|
MessageResult::InitializedWithReply(info) => {
|
||||||
|
// COLD PATH
|
||||||
self.add_new_peer(src, info)?;
|
self.add_new_peer(src, info)?;
|
||||||
self.send_to(src, data)?
|
self.send_to(src, data)?
|
||||||
}
|
}
|
||||||
MessageResult::Reply => self.send_to(src, data)?,
|
MessageResult::Reply => {
|
||||||
MessageResult::None => ()
|
// COLD PATH
|
||||||
|
self.send_to(src, data)?
|
||||||
|
}
|
||||||
|
MessageResult::None => {
|
||||||
|
// COLD PATH
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn handle_net_message(&mut self, src: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> {
|
pub fn handle_net_message(&mut self, src: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> {
|
||||||
|
// HOT PATH
|
||||||
let src = mapped_addr(src);
|
let src = mapped_addr(src);
|
||||||
debug!("Received {} bytes from {}", data.len(), src);
|
debug!("Received {} bytes from {}", data.len(), src);
|
||||||
let msg_result = if let Some(init) = self.pending_inits.get_mut(&src) {
|
let msg_result = if let Some(init) = self.pending_inits.get_mut(&src) {
|
||||||
|
// COLD PATH
|
||||||
init.handle_message(data)
|
init.handle_message(data)
|
||||||
} else if is_init_message(data.message()) {
|
} else if is_init_message(data.message()) {
|
||||||
|
// COLD PATH
|
||||||
let mut result = None;
|
let mut result = None;
|
||||||
if let Some(peer) = self.peers.get_mut(&src) {
|
if let Some(peer) = self.peers.get_mut(&src) {
|
||||||
if peer.crypto.has_init() {
|
if peer.crypto.has_init() {
|
||||||
|
@ -758,6 +822,14 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
let msg_result = init.handle_message(data);
|
let msg_result = init.handle_message(data);
|
||||||
match msg_result {
|
match msg_result {
|
||||||
Ok(res) => {
|
Ok(res) => {
|
||||||
|
self.config.call_hook(
|
||||||
|
"peer_connecting",
|
||||||
|
vec![
|
||||||
|
("PEER", format!("{:?}", addr_nice(src))),
|
||||||
|
("IFNAME", self.device.ifname().to_owned()),
|
||||||
|
],
|
||||||
|
true
|
||||||
|
);
|
||||||
self.pending_inits.insert(src, init);
|
self.pending_inits.insert(src, init);
|
||||||
Ok(res)
|
Ok(res)
|
||||||
}
|
}
|
||||||
|
@ -768,15 +840,22 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if let Some(peer) = self.peers.get_mut(&src) {
|
} else if let Some(peer) = self.peers.get_mut(&src) {
|
||||||
|
// HOT PATH
|
||||||
peer.crypto.handle_message(data)
|
peer.crypto.handle_message(data)
|
||||||
} else {
|
} else {
|
||||||
|
// COLD PATH
|
||||||
info!("Ignoring non-init message from unknown peer {}", addr_nice(src));
|
info!("Ignoring non-init message from unknown peer {}", addr_nice(src));
|
||||||
self.traffic.count_invalid_protocol(data.len());
|
self.traffic.count_invalid_protocol(data.len());
|
||||||
return Ok(())
|
return Ok(())
|
||||||
};
|
};
|
||||||
|
// HOT PATH
|
||||||
match msg_result {
|
match msg_result {
|
||||||
Ok(val) => self.handle_message(src, val, data),
|
Ok(val) => {
|
||||||
|
// HOT PATH
|
||||||
|
self.handle_message(src, val, data)
|
||||||
|
},
|
||||||
Err(err) => {
|
Err(err) => {
|
||||||
|
// COLD PATH
|
||||||
self.traffic.count_invalid_protocol(data.len());
|
self.traffic.count_invalid_protocol(data.len());
|
||||||
Err(err)
|
Err(err)
|
||||||
}
|
}
|
||||||
|
@ -790,26 +869,36 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
}
|
}
|
||||||
|
|
||||||
fn handle_socket_event(&mut self, buffer: &mut MsgBuffer) {
|
fn handle_socket_event(&mut self, buffer: &mut MsgBuffer) {
|
||||||
|
// HOT PATH
|
||||||
let src = try_fail!(self.socket.receive(buffer), "Failed to read from network socket: {}");
|
let src = try_fail!(self.socket.receive(buffer), "Failed to read from network socket: {}");
|
||||||
self.traffic.count_in_traffic(src, buffer.len());
|
self.traffic.count_in_traffic(src, buffer.len());
|
||||||
match self.handle_net_message(src, buffer) {
|
match self.handle_net_message(src, buffer) {
|
||||||
Err(e @ Error::CryptoInitFatal(_)) => {
|
Err(e @ Error::CryptoInitFatal(_)) => {
|
||||||
|
// COLD PATH
|
||||||
debug!("Fatal crypto init error from {}: {}", src, e);
|
debug!("Fatal crypto init error from {}: {}", src, e);
|
||||||
info!("Closing pending connection to {} due to error in crypto init", addr_nice(src));
|
info!("Closing pending connection to {} due to error in crypto init", addr_nice(src));
|
||||||
self.pending_inits.remove(&src);
|
self.pending_inits.remove(&src);
|
||||||
|
self.config.call_hook(
|
||||||
|
"peer_disconnected",
|
||||||
|
vec![("PEER", format!("{:?}", addr_nice(src))), ("IFNAME", self.device.ifname().to_owned())],
|
||||||
|
true
|
||||||
|
);
|
||||||
}
|
}
|
||||||
Err(e @ Error::CryptoInit(_)) => {
|
Err(e @ Error::CryptoInit(_)) => {
|
||||||
|
// COLD PATH
|
||||||
debug!("Recoverable init error from {}: {}", src, e);
|
debug!("Recoverable init error from {}: {}", src, e);
|
||||||
info!("Ignoring invalid init message from peer {}", addr_nice(src));
|
info!("Ignoring invalid init message from peer {}", addr_nice(src));
|
||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
|
// COLD PATH
|
||||||
error!("{}", e);
|
error!("{}", e);
|
||||||
}
|
}
|
||||||
Ok(_) => {}
|
Ok(_) => {} // HOT PATH
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn handle_device_event(&mut self, buffer: &mut MsgBuffer) {
|
fn handle_device_event(&mut self, buffer: &mut MsgBuffer) {
|
||||||
|
// HOT PATH
|
||||||
try_fail!(self.device.read(buffer), "Failed to read from device: {}");
|
try_fail!(self.device.read(buffer), "Failed to read from device: {}");
|
||||||
if let Err(e) = self.handle_interface_data(buffer) {
|
if let Err(e) = self.handle_interface_data(buffer) {
|
||||||
error!("{}", e);
|
error!("{}", e);
|
||||||
|
@ -828,9 +917,12 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
let waiter = try_fail!(WaitImpl::new(self.socket.as_raw_fd(), self.device.as_raw_fd(), 1000), "Failed to setup poll: {}");
|
let waiter = try_fail!(WaitImpl::new(self.socket.as_raw_fd(), self.device.as_raw_fd(), 1000), "Failed to setup poll: {}");
|
||||||
let mut buffer = MsgBuffer::new(SPACE_BEFORE);
|
let mut buffer = MsgBuffer::new(SPACE_BEFORE);
|
||||||
let mut poll_error = false;
|
let mut poll_error = false;
|
||||||
|
self.config.call_hook("vpn_started", vec![("IFNAME", self.device.ifname())], true);
|
||||||
for evt in waiter {
|
for evt in waiter {
|
||||||
|
// HOT PATH
|
||||||
match evt {
|
match evt {
|
||||||
WaitResult::Error(err) => {
|
WaitResult::Error(err) => {
|
||||||
|
// COLD PATH
|
||||||
if poll_error {
|
if poll_error {
|
||||||
fail!("Poll wait failed again: {}", err);
|
fail!("Poll wait failed again: {}", err);
|
||||||
}
|
}
|
||||||
|
@ -842,6 +934,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
WaitResult::Device => self.handle_device_event(&mut buffer)
|
WaitResult::Device => self.handle_device_event(&mut buffer)
|
||||||
}
|
}
|
||||||
if self.next_housekeep < TS::now() {
|
if self.next_housekeep < TS::now() {
|
||||||
|
// COLD PATH
|
||||||
poll_error = false;
|
poll_error = false;
|
||||||
if ctrlc.was_pressed() {
|
if ctrlc.was_pressed() {
|
||||||
break
|
break
|
||||||
|
@ -853,6 +946,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
info!("Shutting down...");
|
info!("Shutting down...");
|
||||||
|
self.config.call_hook("vpn_shutdown", vec![("IFNAME", self.device.ifname())], true);
|
||||||
buffer.clear();
|
buffer.clear();
|
||||||
self.broadcast_msg(MESSAGE_TYPE_CLOSE, &mut buffer).ok();
|
self.broadcast_msg(MESSAGE_TYPE_CLOSE, &mut buffer).ok();
|
||||||
if let Some(ref path) = self.config.beacon_store {
|
if let Some(ref path) = self.config.beacon_store {
|
||||||
|
|
216
src/config.rs
216
src/config.rs
|
@ -2,15 +2,23 @@
|
||||||
// Copyright (C) 2015-2020 Dennis Schwerdel
|
// Copyright (C) 2015-2020 Dennis Schwerdel
|
||||||
// This software is licensed under GPL-3 or newer (see LICENSE.md)
|
// This software is licensed under GPL-3 or newer (see LICENSE.md)
|
||||||
|
|
||||||
use super::{device::Type, types::Mode, util::Duration};
|
use super::{device::Type, types::Mode, util::Duration, util::run_cmd};
|
||||||
pub use crate::crypto::Config as CryptoConfig;
|
pub use crate::crypto::Config as CryptoConfig;
|
||||||
|
|
||||||
use std::cmp::max;
|
use std::{
|
||||||
use structopt::StructOpt;
|
cmp::max,
|
||||||
|
collections::HashMap,
|
||||||
|
ffi::OsStr,
|
||||||
|
net::{IpAddr, Ipv6Addr, SocketAddr},
|
||||||
|
process,
|
||||||
|
thread
|
||||||
|
};
|
||||||
|
use structopt::{clap::Shell, StructOpt};
|
||||||
|
|
||||||
pub const DEFAULT_PEER_TIMEOUT: u16 = 300;
|
pub const DEFAULT_PEER_TIMEOUT: u16 = 300;
|
||||||
pub const DEFAULT_PORT: u16 = 3210;
|
pub const DEFAULT_PORT: u16 = 3210;
|
||||||
|
|
||||||
|
|
||||||
#[derive(Deserialize, Debug, PartialEq, Clone)]
|
#[derive(Deserialize, Debug, PartialEq, Clone)]
|
||||||
pub struct Config {
|
pub struct Config {
|
||||||
pub device_type: Type,
|
pub device_type: Type,
|
||||||
|
@ -44,6 +52,8 @@ pub struct Config {
|
||||||
pub statsd_prefix: Option<String>,
|
pub statsd_prefix: Option<String>,
|
||||||
pub user: Option<String>,
|
pub user: Option<String>,
|
||||||
pub group: Option<String>,
|
pub group: Option<String>,
|
||||||
|
pub hook: Option<String>,
|
||||||
|
pub hooks: HashMap<String, String>
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Default for Config {
|
impl Default for Config {
|
||||||
|
@ -57,7 +67,7 @@ impl Default for Config {
|
||||||
ifup: None,
|
ifup: None,
|
||||||
ifdown: None,
|
ifdown: None,
|
||||||
crypto: CryptoConfig::default(),
|
crypto: CryptoConfig::default(),
|
||||||
listen: "[::]:3210".to_string(),
|
listen: "3210".to_string(),
|
||||||
peers: vec![],
|
peers: vec![],
|
||||||
peer_timeout: DEFAULT_PEER_TIMEOUT as Duration,
|
peer_timeout: DEFAULT_PEER_TIMEOUT as Duration,
|
||||||
keepalive: None,
|
keepalive: None,
|
||||||
|
@ -77,6 +87,8 @@ impl Default for Config {
|
||||||
statsd_prefix: None,
|
statsd_prefix: None,
|
||||||
user: None,
|
user: None,
|
||||||
group: None,
|
group: None,
|
||||||
|
hook: None,
|
||||||
|
hooks: HashMap::new()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -181,6 +193,12 @@ impl Config {
|
||||||
if !file.crypto.algorithms.is_empty() {
|
if !file.crypto.algorithms.is_empty() {
|
||||||
self.crypto.algorithms = file.crypto.algorithms.clone();
|
self.crypto.algorithms = file.crypto.algorithms.clone();
|
||||||
}
|
}
|
||||||
|
if let Some(val) = file.hook {
|
||||||
|
self.hook = Some(val)
|
||||||
|
}
|
||||||
|
for (k, v) in file.hooks {
|
||||||
|
self.hooks.insert(k, v);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn merge_args(&mut self, mut args: Args) {
|
pub fn merge_args(&mut self, mut args: Args) {
|
||||||
|
@ -274,6 +292,16 @@ impl Config {
|
||||||
if !args.algorithms.is_empty() {
|
if !args.algorithms.is_empty() {
|
||||||
self.crypto.algorithms = args.algorithms.clone();
|
self.crypto.algorithms = args.algorithms.clone();
|
||||||
}
|
}
|
||||||
|
for s in args.hook {
|
||||||
|
if s.contains(':') {
|
||||||
|
let pos = s.find(':').unwrap();
|
||||||
|
let name = &s[..pos];
|
||||||
|
let hook = &s[pos+1..];
|
||||||
|
self.hooks.insert(name.to_string(), hook.to_string());
|
||||||
|
} else {
|
||||||
|
self.hook = Some(s);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn get_keepalive(&self) -> Duration {
|
pub fn get_keepalive(&self) -> Duration {
|
||||||
|
@ -282,6 +310,30 @@ impl Config {
|
||||||
None => max(self.peer_timeout / 2 - 60, 1),
|
None => max(self.peer_timeout / 2 - 60, 1),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn call_hook(
|
||||||
|
&self, event: &'static str, envs: impl IntoIterator<Item = (&'static str, impl AsRef<OsStr>)>, detach: bool
|
||||||
|
) {
|
||||||
|
let mut script = None;
|
||||||
|
if let Some(ref s) = self.hook {
|
||||||
|
script = Some(s);
|
||||||
|
}
|
||||||
|
if let Some(ref s) = self.hooks.get(event) {
|
||||||
|
script = Some(s);
|
||||||
|
}
|
||||||
|
if script.is_none() {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
let script = script.unwrap();
|
||||||
|
let mut cmd = process::Command::new("sh");
|
||||||
|
cmd.arg("-c").arg(script).envs(envs).env("EVENT", event);
|
||||||
|
debug!("Running event script: {:?}", cmd);
|
||||||
|
if detach {
|
||||||
|
thread::spawn(move || run_cmd(cmd));
|
||||||
|
} else {
|
||||||
|
run_cmd(cmd)
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(StructOpt, Debug, Default)]
|
#[derive(StructOpt, Debug, Default)]
|
||||||
|
@ -307,7 +359,7 @@ pub struct Args {
|
||||||
pub mode: Option<Mode>,
|
pub mode: Option<Mode>,
|
||||||
|
|
||||||
/// The shared password to encrypt all traffic
|
/// The shared password to encrypt all traffic
|
||||||
#[structopt(short, long, env, global = true)]
|
#[structopt(short, long, required_unless_one = &["private-key", "config", "genkey", "version", "completion"], env)]
|
||||||
pub password: Option<String>,
|
pub password: Option<String>,
|
||||||
|
|
||||||
/// The private key to use
|
/// The private key to use
|
||||||
|
@ -434,6 +486,10 @@ pub struct Args {
|
||||||
#[structopt(long)]
|
#[structopt(long)]
|
||||||
pub log_file: Option<String>,
|
pub log_file: Option<String>,
|
||||||
|
|
||||||
|
/// Call script on event
|
||||||
|
#[structopt(long)]
|
||||||
|
pub hook: Vec<String>,
|
||||||
|
|
||||||
#[structopt(subcommand)]
|
#[structopt(subcommand)]
|
||||||
pub cmd: Option<Command>,
|
pub cmd: Option<Command>,
|
||||||
}
|
}
|
||||||
|
@ -446,12 +502,20 @@ pub enum Command {
|
||||||
|
|
||||||
WsProxy,
|
WsProxy,
|
||||||
|
|
||||||
|
/// Migrate an old config file
|
||||||
#[structopt(alias = "migrate")]
|
#[structopt(alias = "migrate")]
|
||||||
MigrateConfig {
|
MigrateConfig {
|
||||||
/// Config file
|
/// Config file
|
||||||
#[structopt(long)]
|
#[structopt(long)]
|
||||||
config_file: String,
|
config_file: String,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
/// Generate shell completions
|
||||||
|
Completion {
|
||||||
|
/// Shell to create completions for
|
||||||
|
#[structopt(long)]
|
||||||
|
shell: Shell
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize, Debug, PartialEq, Default)]
|
#[derive(Serialize, Deserialize, Debug, PartialEq, Default)]
|
||||||
|
@ -506,6 +570,8 @@ pub struct ConfigFile {
|
||||||
pub statsd: Option<ConfigFileStatsd>,
|
pub statsd: Option<ConfigFileStatsd>,
|
||||||
pub user: Option<String>,
|
pub user: Option<String>,
|
||||||
pub group: Option<String>,
|
pub group: Option<String>,
|
||||||
|
pub hook: Option<String>,
|
||||||
|
pub hooks: HashMap<String, String>
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
@ -576,7 +642,9 @@ statsd:
|
||||||
statsd: Some(ConfigFileStatsd {
|
statsd: Some(ConfigFileStatsd {
|
||||||
server: Some("example.com:1234".to_string()),
|
server: Some("example.com:1234".to_string()),
|
||||||
prefix: Some("prefix".to_string())
|
prefix: Some("prefix".to_string())
|
||||||
})
|
}),
|
||||||
|
hook: None,
|
||||||
|
hooks: HashMap::new()
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
@ -612,6 +680,8 @@ fn default_config_as_default() {
|
||||||
statsd_prefix: None,
|
statsd_prefix: None,
|
||||||
user: None,
|
user: None,
|
||||||
group: None,
|
group: None,
|
||||||
|
hook: None,
|
||||||
|
hooks: HashMap::new()
|
||||||
};
|
};
|
||||||
let default_config_file =
|
let default_config_file =
|
||||||
serde_yaml::from_str::<ConfigFile>(include_str!("../assets/example.net.disabled")).unwrap();
|
serde_yaml::from_str::<ConfigFile>(include_str!("../assets/example.net.disabled")).unwrap();
|
||||||
|
@ -656,37 +726,36 @@ fn config_merge() {
|
||||||
server: Some("example.com:1234".to_string()),
|
server: Some("example.com:1234".to_string()),
|
||||||
prefix: Some("prefix".to_string()),
|
prefix: Some("prefix".to_string()),
|
||||||
}),
|
}),
|
||||||
|
hook: None,
|
||||||
|
hooks: HashMap::new()
|
||||||
|
});
|
||||||
|
assert_eq!(config, Config {
|
||||||
|
device_type: Type::Tun,
|
||||||
|
device_name: "vpncloud%d".to_string(),
|
||||||
|
device_path: None,
|
||||||
|
ip: None,
|
||||||
|
ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()),
|
||||||
|
ifdown: Some("true".to_string()),
|
||||||
|
listen: "3210".to_string(),
|
||||||
|
peers: vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()],
|
||||||
|
peer_timeout: 600,
|
||||||
|
keepalive: Some(840),
|
||||||
|
switch_timeout: 300,
|
||||||
|
beacon_store: Some("/run/vpncloud.beacon.out".to_string()),
|
||||||
|
beacon_load: Some("/run/vpncloud.beacon.in".to_string()),
|
||||||
|
beacon_interval: 7200,
|
||||||
|
beacon_password: Some("test123".to_string()),
|
||||||
|
mode: Mode::Normal,
|
||||||
|
port_forwarding: true,
|
||||||
|
claims: vec!["10.0.1.0/24".to_string()],
|
||||||
|
user: Some("nobody".to_string()),
|
||||||
|
group: Some("nogroup".to_string()),
|
||||||
|
pid_file: Some("/run/vpncloud.run".to_string()),
|
||||||
|
stats_file: Some("/var/log/vpncloud.stats".to_string()),
|
||||||
|
statsd_server: Some("example.com:1234".to_string()),
|
||||||
|
statsd_prefix: Some("prefix".to_string()),
|
||||||
|
..Default::default()
|
||||||
});
|
});
|
||||||
assert_eq!(
|
|
||||||
config,
|
|
||||||
Config {
|
|
||||||
device_type: Type::Tun,
|
|
||||||
device_name: "vpncloud%d".to_string(),
|
|
||||||
device_path: None,
|
|
||||||
ip: None,
|
|
||||||
ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()),
|
|
||||||
ifdown: Some("true".to_string()),
|
|
||||||
listen: "[::]:3210".to_string(),
|
|
||||||
peers: vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()],
|
|
||||||
peer_timeout: 600,
|
|
||||||
keepalive: Some(840),
|
|
||||||
switch_timeout: 300,
|
|
||||||
beacon_store: Some("/run/vpncloud.beacon.out".to_string()),
|
|
||||||
beacon_load: Some("/run/vpncloud.beacon.in".to_string()),
|
|
||||||
beacon_interval: 7200,
|
|
||||||
beacon_password: Some("test123".to_string()),
|
|
||||||
mode: Mode::Normal,
|
|
||||||
port_forwarding: true,
|
|
||||||
claims: vec!["10.0.1.0/24".to_string()],
|
|
||||||
user: Some("nobody".to_string()),
|
|
||||||
group: Some("nogroup".to_string()),
|
|
||||||
pid_file: Some("/run/vpncloud.run".to_string()),
|
|
||||||
stats_file: Some("/var/log/vpncloud.stats".to_string()),
|
|
||||||
statsd_server: Some("example.com:1234".to_string()),
|
|
||||||
statsd_prefix: Some("prefix".to_string()),
|
|
||||||
..Default::default()
|
|
||||||
}
|
|
||||||
);
|
|
||||||
config.merge_args(Args {
|
config.merge_args(Args {
|
||||||
type_: Some(Type::Tap),
|
type_: Some(Type::Tap),
|
||||||
device: Some("vpncloud0".to_string()),
|
device: Some("vpncloud0".to_string()),
|
||||||
|
@ -694,7 +763,7 @@ fn config_merge() {
|
||||||
ifup: Some("ifconfig $IFNAME 10.0.1.2/16 mtu 1400 up".to_string()),
|
ifup: Some("ifconfig $IFNAME 10.0.1.2/16 mtu 1400 up".to_string()),
|
||||||
ifdown: Some("ifconfig $IFNAME down".to_string()),
|
ifdown: Some("ifconfig $IFNAME down".to_string()),
|
||||||
password: Some("anothersecret".to_string()),
|
password: Some("anothersecret".to_string()),
|
||||||
listen: Some("3211".to_string()),
|
listen: Some("[::]:3211".to_string()),
|
||||||
peer_timeout: Some(1801),
|
peer_timeout: Some(1801),
|
||||||
keepalive: Some(850),
|
keepalive: Some(850),
|
||||||
switch_timeout: Some(301),
|
switch_timeout: Some(301),
|
||||||
|
@ -715,41 +784,40 @@ fn config_merge() {
|
||||||
group: Some("root".to_string()),
|
group: Some("root".to_string()),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
});
|
});
|
||||||
assert_eq!(
|
assert_eq!(config, Config {
|
||||||
config,
|
device_type: Type::Tap,
|
||||||
Config {
|
device_name: "vpncloud0".to_string(),
|
||||||
device_type: Type::Tap,
|
device_path: Some("/dev/null".to_string()),
|
||||||
device_name: "vpncloud0".to_string(),
|
fix_rp_filter: false,
|
||||||
device_path: Some("/dev/null".to_string()),
|
ip: None,
|
||||||
fix_rp_filter: false,
|
ifup: Some("ifconfig $IFNAME 10.0.1.2/16 mtu 1400 up".to_string()),
|
||||||
ip: None,
|
ifdown: Some("ifconfig $IFNAME down".to_string()),
|
||||||
ifup: Some("ifconfig $IFNAME 10.0.1.2/16 mtu 1400 up".to_string()),
|
crypto: CryptoConfig { password: Some("anothersecret".to_string()), ..CryptoConfig::default() },
|
||||||
ifdown: Some("ifconfig $IFNAME down".to_string()),
|
listen: "[::]:3211".to_string(),
|
||||||
crypto: CryptoConfig { password: Some("anothersecret".to_string()), ..CryptoConfig::default() },
|
peers: vec![
|
||||||
listen: "[::]:3211".to_string(),
|
"remote.machine.foo:3210".to_string(),
|
||||||
peers: vec![
|
"remote.machine.bar:3210".to_string(),
|
||||||
"remote.machine.foo:3210".to_string(),
|
"another:3210".to_string()
|
||||||
"remote.machine.bar:3210".to_string(),
|
],
|
||||||
"another:3210".to_string()
|
peer_timeout: 1801,
|
||||||
],
|
keepalive: Some(850),
|
||||||
peer_timeout: 1801,
|
switch_timeout: 301,
|
||||||
keepalive: Some(850),
|
beacon_store: Some("/run/vpncloud.beacon.out2".to_string()),
|
||||||
switch_timeout: 301,
|
beacon_load: Some("/run/vpncloud.beacon.in2".to_string()),
|
||||||
beacon_store: Some("/run/vpncloud.beacon.out2".to_string()),
|
beacon_interval: 3600,
|
||||||
beacon_load: Some("/run/vpncloud.beacon.in2".to_string()),
|
beacon_password: Some("test1234".to_string()),
|
||||||
beacon_interval: 3600,
|
mode: Mode::Switch,
|
||||||
beacon_password: Some("test1234".to_string()),
|
port_forwarding: false,
|
||||||
mode: Mode::Switch,
|
claims: vec!["10.0.1.0/24".to_string()],
|
||||||
port_forwarding: false,
|
auto_claim: true,
|
||||||
claims: vec!["10.0.1.0/24".to_string()],
|
user: Some("root".to_string()),
|
||||||
auto_claim: true,
|
group: Some("root".to_string()),
|
||||||
user: Some("root".to_string()),
|
pid_file: Some("/run/vpncloud-mynet.run".to_string()),
|
||||||
group: Some("root".to_string()),
|
stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()),
|
||||||
pid_file: Some("/run/vpncloud-mynet.run".to_string()),
|
statsd_server: Some("example.com:2345".to_string()),
|
||||||
stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()),
|
statsd_prefix: Some("prefix2".to_string()),
|
||||||
statsd_server: Some("example.com:2345".to_string()),
|
daemonize: true,
|
||||||
statsd_prefix: Some("prefix2".to_string()),
|
hook: None,
|
||||||
daemonize: true
|
hooks: HashMap::new()
|
||||||
}
|
});
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,41 +1,41 @@
|
||||||
//! This module implements a crypto core for encrypting and decrypting message streams
|
// This module implements a crypto core for encrypting and decrypting message streams
|
||||||
//!
|
//
|
||||||
//! The crypto core only encrypts and decrypts messages, using given keys. Negotiating and rotating the keys is out of
|
// The crypto core only encrypts and decrypts messages, using given keys. Negotiating and rotating the keys is out of
|
||||||
//! scope of the crypto core. The crypto core assumes that the remote node will always have the necessary key to decrypt
|
// scope of the crypto core. The crypto core assumes that the remote node will always have the necessary key to decrypt
|
||||||
//! the message.
|
// the message.
|
||||||
//!
|
//
|
||||||
//! The crypto core encrypts messages in place, writes some extra data (key id and nonce) into a given space and
|
// The crypto core encrypts messages in place, writes some extra data (key id and nonce) into a given space and
|
||||||
//! includes the given header data in the authentication tag. When decrypting messages, the crypto core reads the extra
|
// includes the given header data in the authentication tag. When decrypting messages, the crypto core reads the extra
|
||||||
//! data, uses the key id to find the right key to decrypting the message and then decrypts the message, using the given
|
// data, uses the key id to find the right key to decrypting the message and then decrypts the message, using the given
|
||||||
//! nonce and including the given header data in the verification of the authentication tag.
|
// nonce and including the given header data in the verification of the authentication tag.
|
||||||
//!
|
//
|
||||||
//! While the core only uses a single key at a time for encrypting messages, it is ready to decrypt messages based on
|
// While the core only uses a single key at a time for encrypting messages, it is ready to decrypt messages based on
|
||||||
//! one of 4 stored keys (the encryption key being one of them). An external key rotation is responsible for adding the
|
// one of 4 stored keys (the encryption key being one of them). An external key rotation is responsible for adding the
|
||||||
//! key to the remote peer before switching to the key on the local peer for encryption.
|
// key to the remote peer before switching to the key on the local peer for encryption.
|
||||||
//!
|
//
|
||||||
//! As mentioned, the encryption and decryption works in place. Therefore the parameter payload_and_tag contains (when
|
// As mentioned, the encryption and decryption works in place. Therefore the parameter payload_and_tag contains (when
|
||||||
//! decrypting) or provides space for (when encrypting) the payload and the authentication tag. When encrypting, that
|
// decrypting) or provides space for (when encrypting) the payload and the authentication tag. When encrypting, that
|
||||||
//! means, that the last TAG_LEN bytes of payload_and_tag must be reserved for the tag and must not contain payload
|
// means, that the last TAG_LEN bytes of payload_and_tag must be reserved for the tag and must not contain payload
|
||||||
//! bytes.
|
// bytes.
|
||||||
//!
|
//
|
||||||
//! The nonce is a value of 12 bytes (192 bits). Since both nodes can use the same key for encryption, the most
|
// The nonce is a value of 12 bytes (192 bits). Since both nodes can use the same key for encryption, the most
|
||||||
//! significant byte (msb) of the nonce is initialized differently on both peers: one peer uses the value 0x00 and the
|
// significant byte (msb) of the nonce is initialized differently on both peers: one peer uses the value 0x00 and the
|
||||||
//! other one 0x80. That means that the nonce space is essentially divided in two halves, one for each node.
|
// other one 0x80. That means that the nonce space is essentially divided in two halves, one for each node.
|
||||||
//!
|
//
|
||||||
//! To save space and keep the encrypted data aligned to 64 bits, not all bytes of the nonce are transferred. Instead,
|
// To save space and keep the encrypted data aligned to 64 bits, not all bytes of the nonce are transferred. Instead,
|
||||||
//! only 7 bytes are included in messages (another byte is used for the key id, hence 64 bit alignment). The rest of the
|
// only 7 bytes are included in messages (another byte is used for the key id, hence 64 bit alignment). The rest of the
|
||||||
//! nonce is deduced by the nodes: All other bytes are assumed to be 0x00, except for the most significant byte, which
|
// nonce is deduced by the nodes: All other bytes are assumed to be 0x00, except for the most significant byte, which
|
||||||
//! is assumed to be the opposite ones own msb. This has two nice effects:
|
// is assumed to be the opposite ones own msb. This has two nice effects:
|
||||||
//! 1) Long before the nonce could theoretically repeat, the messages can no longer be decrypted by the peer as the
|
// 1) Long before the nonce could theoretically repeat, the messages can no longer be decrypted by the peer as the
|
||||||
//! higher bytes are no longer zero as assumed.
|
// higher bytes are no longer zero as assumed.
|
||||||
//! 2) By deducing the msb to be the opposite of ones own msb, it is no longer possible for an attacker to redirect a
|
// 2) By deducing the msb to be the opposite of ones own msb, it is no longer possible for an attacker to redirect a
|
||||||
//! message back to the sender because then the assumed nonce will be wrong and the message fails to decrypt. Otherwise,
|
// message back to the sender because then the assumed nonce will be wrong and the message fails to decrypt. Otherwise,
|
||||||
//! this could lead to problems as nodes would be able to accidentally decrypt their own messages.
|
// this could lead to problems as nodes would be able to accidentally decrypt their own messages.
|
||||||
//!
|
//
|
||||||
//! In order to be resistent against replay attacks but allow for reordering of messages, the crypto core uses nonce
|
// In order to be resistent against replay attacks but allow for reordering of messages, the crypto core uses nonce
|
||||||
//! pinning. For every active key, the biggest nonce seen so far is being tracked. Every second, the biggest nonce seen
|
// pinning. For every active key, the biggest nonce seen so far is being tracked. Every second, the biggest nonce seen
|
||||||
//! one second ago plus 1 becomes the minimum nonce that is accepted for that key. That means, that reordering can
|
// one second ago plus 1 becomes the minimum nonce that is accepted for that key. That means, that reordering can
|
||||||
//! happen within one second but after a second, old messages will not be accepted anymore.
|
// happen within one second but after a second, old messages will not be accepted anymore.
|
||||||
|
|
||||||
use byteorder::{ReadBytesExt, WriteBytesExt};
|
use byteorder::{ReadBytesExt, WriteBytesExt};
|
||||||
use ring::{
|
use ring::{
|
||||||
|
@ -454,37 +454,3 @@ mod tests {
|
||||||
assert!(speed > 10.0);
|
assert!(speed > 10.0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "bench")]
|
|
||||||
mod benches {
|
|
||||||
|
|
||||||
use super::*;
|
|
||||||
use test::Bencher;
|
|
||||||
|
|
||||||
fn crypto_bench(b: &mut Bencher, algo: &'static aead::Algorithm) {
|
|
||||||
let mut buffer = MsgBuffer::new(EXTRA_LEN);
|
|
||||||
buffer.set_length(1400);
|
|
||||||
let (mut sender, mut receiver) = create_dummy_pair(algo);
|
|
||||||
b.iter(|| {
|
|
||||||
sender.encrypt(&mut buffer);
|
|
||||||
receiver.decrypt(&mut buffer).unwrap();
|
|
||||||
});
|
|
||||||
b.bytes = 1400;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#[bench]
|
|
||||||
fn crypto_chacha20(b: &mut Bencher) {
|
|
||||||
crypto_bench(b, &aead::CHACHA20_POLY1305)
|
|
||||||
}
|
|
||||||
|
|
||||||
#[bench]
|
|
||||||
fn crypto_aes128(b: &mut Bencher) {
|
|
||||||
crypto_bench(b, &aead::AES_128_GCM)
|
|
||||||
}
|
|
||||||
|
|
||||||
#[bench]
|
|
||||||
fn crypto_aes256(b: &mut Bencher) {
|
|
||||||
crypto_bench(b, &aead::AES_256_GCM)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,54 +1,54 @@
|
||||||
//! This module implements a 3-way handshake to initialize an authenticated and encrypted connection.
|
// This module implements a 3-way handshake to initialize an authenticated and encrypted connection.
|
||||||
//!
|
//
|
||||||
//! The handshake assumes that each node has a asymmetric Curve 25519 key pair as well as a list of trusted public keys
|
// The handshake assumes that each node has a asymmetric Curve 25519 key pair as well as a list of trusted public keys
|
||||||
//! and a set of supported crypto algorithms as well as the expected speed when using them. If successful, the handshake
|
// and a set of supported crypto algorithms as well as the expected speed when using them. If successful, the handshake
|
||||||
//! will negotiate a crypto algorithm to use and a common ephemeral symmetric key and exchange a given payload between
|
// will negotiate a crypto algorithm to use and a common ephemeral symmetric key and exchange a given payload between
|
||||||
//! the nodes.
|
// the nodes.
|
||||||
//!
|
//
|
||||||
//! The handshake consists of 3 stages, "ping", "pong" and "peng". In the following description, the node that initiates
|
// The handshake consists of 3 stages, "ping", "pong" and "peng". In the following description, the node that initiates
|
||||||
//! the connection is named "A" and the other node is named "B". Since a lot of things are going on in parallel in the
|
// the connection is named "A" and the other node is named "B". Since a lot of things are going on in parallel in the
|
||||||
//! handshake, those aspects are described separately in the following paragraphs.
|
// handshake, those aspects are described separately in the following paragraphs.
|
||||||
//!
|
//
|
||||||
//! Every message contains the node id of the sender. If a node receives a message with its own node id, it just ignores
|
// Every message contains the node id of the sender. If a node receives a message with its own node id, it just ignores
|
||||||
//! it and closes the connection. This is the way nodes avoid to connect to themselves as it is not trivial for a node
|
// it and closes the connection. This is the way nodes avoid to connect to themselves as it is not trivial for a node
|
||||||
//! to know its own addresses (especially in the case of NAT).
|
// to know its own addresses (especially in the case of NAT).
|
||||||
//!
|
//
|
||||||
//! All initialization messages are signed by the asymmetric key of the sender. Also the messages indicate the public
|
// All initialization messages are signed by the asymmetric key of the sender. Also the messages indicate the public
|
||||||
//! key being used, so the receiver can use the correct public key to verify the signature. The public key itself is not
|
// key being used, so the receiver can use the correct public key to verify the signature. The public key itself is not
|
||||||
//! attached to the message for privacy reasons (the public key is stable over multiple restarts while the node id is
|
// attached to the message for privacy reasons (the public key is stable over multiple restarts while the node id is
|
||||||
//! only valid for a single run). Instead, a 2 byte salt value as well as the last 2 bytes of the salted sha 2 hash of
|
// only valid for a single run). Instead, a 2 byte salt value as well as the last 2 bytes of the salted sha 2 hash of
|
||||||
//! the public key are used to identify the public key. This way, a receiver that trusts this public key can identify
|
// the public key are used to identify the public key. This way, a receiver that trusts this public key can identify
|
||||||
//! it but a random observer can't. If the public key is unknown or the signature can't be verified, the message is
|
// it but a random observer can't. If the public key is unknown or the signature can't be verified, the message is
|
||||||
//! ignored.
|
// ignored.
|
||||||
//!
|
//
|
||||||
//! Every message contains a byte that specifies the stage (ping = 1, pong = 2, peng = 3). If a message with an
|
// Every message contains a byte that specifies the stage (ping = 1, pong = 2, peng = 3). If a message with an
|
||||||
//! unexpected stage is received, it is ignored and the last message that has been sent is repeated. There is only one
|
// unexpected stage is received, it is ignored and the last message that has been sent is repeated. There is only one
|
||||||
//! exception to this rule: if a "pong" message is expected, but a "ping" message is received instead AND the node id of
|
// exception to this rule: if a "pong" message is expected, but a "ping" message is received instead AND the node id of
|
||||||
//! the sender is greater than the node id of the receiver, the receiving node will reset its state and assume the role
|
// the sender is greater than the node id of the receiver, the receiving node will reset its state and assume the role
|
||||||
//! of a receiver of the initialization (i.e. "B"). This is used to "negotiate" the roles A and B when both nodes
|
// of a receiver of the initialization (i.e. "B"). This is used to "negotiate" the roles A and B when both nodes
|
||||||
//! initiate the connection in parallel and think they are A.
|
// initiate the connection in parallel and think they are A.
|
||||||
//!
|
//
|
||||||
//! Upon connection creation, both nodes create a random ephemeral ECDH key pair and exchange the public keys in the
|
// Upon connection creation, both nodes create a random ephemeral ECDH key pair and exchange the public keys in the
|
||||||
//! ping and pong messages. A sends the ping message to B containing A's public key and B replies with a pong message
|
// ping and pong messages. A sends the ping message to B containing A's public key and B replies with a pong message
|
||||||
//! containing B's public key. That means, that after receiving the ping message B can calculate the shared key material
|
// containing B's public key. That means, that after receiving the ping message B can calculate the shared key material
|
||||||
//! and after receiving the pong message A can calculate the shared key material.
|
// and after receiving the pong message A can calculate the shared key material.
|
||||||
//!
|
//
|
||||||
//! The ping message and the pong message contain a set of supported crypto algorithms together with the estimated
|
// The ping message and the pong message contain a set of supported crypto algorithms together with the estimated
|
||||||
//! speeds of the algorithms. When B receives a ping message, or A receives a pong message, it can combine this
|
// speeds of the algorithms. When B receives a ping message, or A receives a pong message, it can combine this
|
||||||
//! information with its own algorithm list and select the algorithm with the best expected speed for the crypto core.
|
// information with its own algorithm list and select the algorithm with the best expected speed for the crypto core.
|
||||||
//!
|
//
|
||||||
//! The pong and peng message contain the payload that the nodes want to exchange in the initialization phase apart from
|
// The pong and peng message contain the payload that the nodes want to exchange in the initialization phase apart from
|
||||||
//! the cryptographic initialization. This payload is encoded according to the application and encrypted using the key
|
// the cryptographic initialization. This payload is encoded according to the application and encrypted using the key
|
||||||
//! material and the crypto algorithm that have been negotiated via the ping and pong messages. The pong message,
|
// material and the crypto algorithm that have been negotiated via the ping and pong messages. The pong message,
|
||||||
//! therefore contains information to set up symmetric encryption as well as a part that is already encrypted.
|
// therefore contains information to set up symmetric encryption as well as a part that is already encrypted.
|
||||||
//!
|
//
|
||||||
//! The handshake ends for A after sending the peng message and for B after receiving this message. At this time both
|
// The handshake ends for A after sending the peng message and for B after receiving this message. At this time both
|
||||||
//! nodes initialize the connection using the payload and enter normal operation. The negotiated crypto core is used for
|
// nodes initialize the connection using the payload and enter normal operation. The negotiated crypto core is used for
|
||||||
//! future communication and the key rotation is started. Since the peng message can be lost, A needs to keep the
|
// future communication and the key rotation is started. Since the peng message can be lost, A needs to keep the
|
||||||
//! initialization state in order to repeat a lost peng message. After one second, A removes that state.
|
// initialization state in order to repeat a lost peng message. After one second, A removes that state.
|
||||||
//!
|
//
|
||||||
//! Once every second, both nodes check whether they have already finished the initialization. If not, they repeat their
|
// Once every second, both nodes check whether they have already finished the initialization. If not, they repeat their
|
||||||
//! last message. After 5 seconds, the initialization is aborted as failed.
|
// last message. After 5 seconds, the initialization is aborted as failed.
|
||||||
|
|
||||||
|
|
||||||
use super::{
|
use super::{
|
||||||
|
|
|
@ -347,6 +347,7 @@ impl<P: Payload> PeerCrypto<P> {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn decrypt_message(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> {
|
fn decrypt_message(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> {
|
||||||
|
// HOT PATH
|
||||||
if self.unencrypted {
|
if self.unencrypted {
|
||||||
return Ok(())
|
return Ok(())
|
||||||
}
|
}
|
||||||
|
@ -354,18 +355,22 @@ impl<P: Payload> PeerCrypto<P> {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn handle_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult<P>, Error> {
|
pub fn handle_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult<P>, Error> {
|
||||||
|
// HOT PATH
|
||||||
if buffer.is_empty() {
|
if buffer.is_empty() {
|
||||||
return Err(Error::InvalidCryptoState("No message in buffer"))
|
return Err(Error::InvalidCryptoState("No message in buffer"))
|
||||||
}
|
}
|
||||||
if is_init_message(buffer.buffer()) {
|
if is_init_message(buffer.buffer()) {
|
||||||
|
// COLD PATH
|
||||||
debug!("Received init message");
|
debug!("Received init message");
|
||||||
buffer.take_prefix();
|
buffer.take_prefix();
|
||||||
self.handle_init_message(buffer)
|
self.handle_init_message(buffer)
|
||||||
} else {
|
} else {
|
||||||
|
// HOT PATH
|
||||||
debug!("Received encrypted message");
|
debug!("Received encrypted message");
|
||||||
self.decrypt_message(buffer)?;
|
self.decrypt_message(buffer)?;
|
||||||
let msg_type = buffer.take_prefix();
|
let msg_type = buffer.take_prefix();
|
||||||
if msg_type == MESSAGE_TYPE_ROTATION {
|
if msg_type == MESSAGE_TYPE_ROTATION {
|
||||||
|
// COLD PATH
|
||||||
debug!("Received rotation message");
|
debug!("Received rotation message");
|
||||||
self.handle_rotate_message(buffer.buffer())?;
|
self.handle_rotate_message(buffer.buffer())?;
|
||||||
buffer.clear();
|
buffer.clear();
|
||||||
|
@ -377,6 +382,7 @@ impl<P: Payload> PeerCrypto<P> {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn send_message(&mut self, type_: u8, buffer: &mut MsgBuffer) -> Result<(), Error> {
|
pub fn send_message(&mut self, type_: u8, buffer: &mut MsgBuffer) -> Result<(), Error> {
|
||||||
|
// HOT PATH
|
||||||
assert_ne!(type_, MESSAGE_TYPE_ROTATION);
|
assert_ne!(type_, MESSAGE_TYPE_ROTATION);
|
||||||
buffer.prepend_byte(type_);
|
buffer.prepend_byte(type_);
|
||||||
self.encrypt_message(buffer)
|
self.encrypt_message(buffer)
|
||||||
|
@ -419,6 +425,7 @@ impl<P: Payload> PeerCrypto<P> {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn is_init_message(msg: &[u8]) -> bool {
|
pub fn is_init_message(msg: &[u8]) -> bool {
|
||||||
|
// HOT PATH
|
||||||
!msg.is_empty() && msg[0] == INIT_MESSAGE_FIRST_BYTE
|
!msg.is_empty() && msg[0] == INIT_MESSAGE_FIRST_BYTE
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,29 +1,29 @@
|
||||||
//! This module implements a turn based key rotation.
|
// This module implements a turn based key rotation.
|
||||||
//!
|
//
|
||||||
//! The main idea is that both peers periodically create ecdh key pairs and exchange their public keys to create
|
// The main idea is that both peers periodically create ecdh key pairs and exchange their public keys to create
|
||||||
//! common key material. There are always two separate ecdh handshakes going on: one initiated by each peer.
|
// common key material. There are always two separate ecdh handshakes going on: one initiated by each peer.
|
||||||
//! However, one handshake is always one step ahead of the other. That means that every message being sent contains a
|
// However, one handshake is always one step ahead of the other. That means that every message being sent contains a
|
||||||
//! public key from step 1 of the handshake "proposed key" and a public key from step 2 of the handshake "confirmed
|
// public key from step 1 of the handshake "proposed key" and a public key from step 2 of the handshake "confirmed
|
||||||
//! key" (all messages except first message).
|
// key" (all messages except first message).
|
||||||
//!
|
//
|
||||||
//! When receiving a message from the peer, the node will create a new ecdh key pair and perform the key
|
// When receiving a message from the peer, the node will create a new ecdh key pair and perform the key
|
||||||
//! calculation for the proposed key. The peer will store the public key for the confirmation as pending to be
|
// calculation for the proposed key. The peer will store the public key for the confirmation as pending to be
|
||||||
//! confirmed in the next cycle. Also, if the message contains a confirmation (all but the very first message do),
|
// confirmed in the next cycle. Also, if the message contains a confirmation (all but the very first message do),
|
||||||
//! the node will use the stored private key to perform the ecdh key calculation and emit that key to be used in
|
// the node will use the stored private key to perform the ecdh key calculation and emit that key to be used in
|
||||||
//! the crypto stream.
|
// the crypto stream.
|
||||||
//!
|
//
|
||||||
//! Upon each cycle, a node first checks if it still has a proposed key that has not been confirmed by the remote
|
// Upon each cycle, a node first checks if it still has a proposed key that has not been confirmed by the remote
|
||||||
//! peer. If so, a message must have been lost and the whole last message including the proposed key as well as the
|
// peer. If so, a message must have been lost and the whole last message including the proposed key as well as the
|
||||||
//! last confirmed key is being resent. If no proposed key is stored, the node will create a new ecdh key pair, and
|
// last confirmed key is being resent. If no proposed key is stored, the node will create a new ecdh key pair, and
|
||||||
//! store the private key as proposed key. It then sends out a message containing the public key as proposal, as
|
// store the private key as proposed key. It then sends out a message containing the public key as proposal, as
|
||||||
//! well as confirming the pending key. This key is also emitted to be added to the crypto stream but not to be
|
// well as confirming the pending key. This key is also emitted to be added to the crypto stream but not to be
|
||||||
//! used for encrypting.
|
// used for encrypting.
|
||||||
//!
|
//
|
||||||
//! Monotonically increasing message ids guard the communication from message duplication and also serve as
|
// Monotonically increasing message ids guard the communication from message duplication and also serve as
|
||||||
//! identifiers for the keys to be used in the crypto stream. Since the keys are rotating, the last 2 bits of the
|
// identifiers for the keys to be used in the crypto stream. Since the keys are rotating, the last 2 bits of the
|
||||||
//! id are enough to identify the key.
|
// id are enough to identify the key.
|
||||||
//!
|
//
|
||||||
//! The whole communication is sent via the crypto stream and is therefore encrypted and protected against tampering.
|
// The whole communication is sent via the crypto stream and is therefore encrypted and protected against tampering.
|
||||||
|
|
||||||
use super::{Error, Key, MsgBuffer};
|
use super::{Error, Key, MsgBuffer};
|
||||||
use byteorder::{NetworkEndian, ReadBytesExt, WriteBytesExt};
|
use byteorder::{NetworkEndian, ReadBytesExt, WriteBytesExt};
|
||||||
|
|
|
@ -5,12 +5,12 @@
|
||||||
use std::{
|
use std::{
|
||||||
cmp,
|
cmp,
|
||||||
collections::VecDeque,
|
collections::VecDeque,
|
||||||
|
convert::TryInto,
|
||||||
fmt,
|
fmt,
|
||||||
fs::{self, File},
|
fs::{self, File},
|
||||||
io::{self, BufRead, BufReader, Cursor, Error as IoError, Read, Write},
|
io::{self, BufRead, BufReader, Cursor, Error as IoError, Read, Write},
|
||||||
net::{Ipv4Addr, UdpSocket},
|
net::{Ipv4Addr, UdpSocket},
|
||||||
os::unix::io::{AsRawFd, RawFd},
|
os::unix::io::{AsRawFd, RawFd},
|
||||||
convert::TryInto,
|
|
||||||
str,
|
str,
|
||||||
str::FromStr
|
str::FromStr
|
||||||
};
|
};
|
||||||
|
@ -36,7 +36,7 @@ struct IfReq {
|
||||||
impl IfReq {
|
impl IfReq {
|
||||||
fn new(name: &str) -> Self {
|
fn new(name: &str) -> Self {
|
||||||
assert!(name.len() < libc::IF_NAMESIZE);
|
assert!(name.len() < libc::IF_NAMESIZE);
|
||||||
let mut ifr_name = [0 as u8; libc::IF_NAMESIZE];
|
let mut ifr_name = [0; libc::IF_NAMESIZE];
|
||||||
ifr_name[..name.len()].clone_from_slice(name.as_bytes());
|
ifr_name[..name.len()].clone_from_slice(name.as_bytes());
|
||||||
Self { ifr_name, data: IfReqData { _dummy: [0; 24] } }
|
Self { ifr_name, data: IfReqData { _dummy: [0; 24] } }
|
||||||
}
|
}
|
||||||
|
@ -329,7 +329,7 @@ impl Device for MockDevice {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn ifname(&self) -> &str {
|
fn ifname(&self) -> &str {
|
||||||
unimplemented!()
|
"mock0"
|
||||||
}
|
}
|
||||||
|
|
||||||
fn read(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> {
|
fn read(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> {
|
||||||
|
|
41
src/main.rs
41
src/main.rs
|
@ -2,17 +2,10 @@
|
||||||
// Copyright (C) 2015-2020 Dennis Schwerdel
|
// Copyright (C) 2015-2020 Dennis Schwerdel
|
||||||
// This software is licensed under GPL-3 or newer (see LICENSE.md)
|
// This software is licensed under GPL-3 or newer (see LICENSE.md)
|
||||||
|
|
||||||
#![cfg_attr(feature = "bench", feature(test))]
|
#[macro_use] extern crate log;
|
||||||
|
#[macro_use] extern crate serde;
|
||||||
|
|
||||||
#[macro_use]
|
#[cfg(test)] extern crate tempfile;
|
||||||
extern crate log;
|
|
||||||
#[macro_use]
|
|
||||||
extern crate serde_derive;
|
|
||||||
|
|
||||||
#[cfg(test)]
|
|
||||||
extern crate tempfile;
|
|
||||||
#[cfg(feature = "bench")]
|
|
||||||
extern crate test;
|
|
||||||
|
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
pub mod util;
|
pub mod util;
|
||||||
|
@ -47,7 +40,7 @@ use std::{
|
||||||
process,
|
process,
|
||||||
str::FromStr,
|
str::FromStr,
|
||||||
sync::Mutex,
|
sync::Mutex,
|
||||||
thread,
|
thread
|
||||||
};
|
};
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
|
@ -59,11 +52,11 @@ use crate::{
|
||||||
oldconfig::OldConfigFile,
|
oldconfig::OldConfigFile,
|
||||||
payload::Protocol,
|
payload::Protocol,
|
||||||
util::SystemTimeSource,
|
util::SystemTimeSource,
|
||||||
wsproxy::ProxyConnection,
|
wsproxy::ProxyConnection
|
||||||
};
|
};
|
||||||
|
|
||||||
struct DualLogger {
|
struct DualLogger {
|
||||||
file: Option<Mutex<File>>,
|
file: Option<Mutex<File>>
|
||||||
}
|
}
|
||||||
|
|
||||||
impl DualLogger {
|
impl DualLogger {
|
||||||
|
@ -119,18 +112,18 @@ fn run_script(script: &str, ifname: &str) {
|
||||||
error!("Script returned with error: {:?}", status.code())
|
error!("Script returned with error: {:?}", status.code())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Err(e) => error!("Failed to execute script {:?}: {}", script, e),
|
Err(e) => error!("Failed to execute script {:?}: {}", script, e)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn parse_ip_netmask(addr: &str) -> Result<(Ipv4Addr, Ipv4Addr), String> {
|
fn parse_ip_netmask(addr: &str) -> Result<(Ipv4Addr, Ipv4Addr), String> {
|
||||||
let (ip_str, len_str) = match addr.find('/') {
|
let (ip_str, len_str) = match addr.find('/') {
|
||||||
Some(pos) => (&addr[..pos], &addr[pos + 1..]),
|
Some(pos) => (&addr[..pos], &addr[pos + 1..]),
|
||||||
None => (addr, "24"),
|
None => (addr, "24")
|
||||||
};
|
};
|
||||||
let prefix_len = u8::from_str(len_str).map_err(|_| format!("Invalid prefix length: {}", len_str))?;
|
let prefix_len = u8::from_str(len_str).map_err(|_| format!("Invalid prefix length: {}", len_str))?;
|
||||||
if prefix_len > 32 {
|
if prefix_len > 32 {
|
||||||
return Err(format!("Invalid prefix length: {}", prefix_len));
|
return Err(format!("Invalid prefix length: {}", prefix_len))
|
||||||
}
|
}
|
||||||
let ip = Ipv4Addr::from_str(ip_str).map_err(|_| format!("Invalid ip address: {}", ip_str))?;
|
let ip = Ipv4Addr::from_str(ip_str).map_err(|_| format!("Invalid ip address: {}", ip_str))?;
|
||||||
let netmask = Ipv4Addr::from(u32::max_value().checked_shl(32 - prefix_len as u32).unwrap());
|
let netmask = Ipv4Addr::from(u32::max_value().checked_shl(32 - prefix_len as u32).unwrap());
|
||||||
|
@ -145,6 +138,7 @@ fn setup_device(config: &Config) -> TunTapDevice {
|
||||||
config.device_name
|
config.device_name
|
||||||
);
|
);
|
||||||
info!("Opened device {}", device.ifname());
|
info!("Opened device {}", device.ifname());
|
||||||
|
config.call_hook("device_setup", vec![("IFNAME", device.ifname())], true);
|
||||||
if let Err(err) = device.set_mtu(None) {
|
if let Err(err) = device.set_mtu(None) {
|
||||||
error!("Error setting optimal MTU on {}: {}", device.ifname(), err);
|
error!("Error setting optimal MTU on {}: {}", device.ifname(), err);
|
||||||
}
|
}
|
||||||
|
@ -164,6 +158,7 @@ fn setup_device(config: &Config) -> TunTapDevice {
|
||||||
warn!("Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently {}).", val);
|
warn!("Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently {}).", val);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
config.call_hook("device_configured", vec![("IFNAME", device.ifname())], true);
|
||||||
device
|
device
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -228,7 +223,7 @@ fn main() {
|
||||||
let args: Args = Args::from_args();
|
let args: Args = Args::from_args();
|
||||||
if args.version {
|
if args.version {
|
||||||
println!("VpnCloud v{}", env!("CARGO_PKG_VERSION"));
|
println!("VpnCloud v{}", env!("CARGO_PKG_VERSION"));
|
||||||
return;
|
return
|
||||||
}
|
}
|
||||||
let logger = try_fail!(DualLogger::new(args.log_file.as_ref()), "Failed to open logfile: {}");
|
let logger = try_fail!(DualLogger::new(args.log_file.as_ref()), "Failed to open logfile: {}");
|
||||||
log::set_boxed_logger(Box::new(logger)).unwrap();
|
log::set_boxed_logger(Box::new(logger)).unwrap();
|
||||||
|
@ -269,11 +264,15 @@ fn main() {
|
||||||
);
|
);
|
||||||
try_fail!(serde_yaml::to_writer(f, &new_config), "Failed to write converted config: {:?}");
|
try_fail!(serde_yaml::to_writer(f, &new_config), "Failed to write converted config: {:?}");
|
||||||
}
|
}
|
||||||
|
Command::Completion { shell } => {
|
||||||
|
Args::clap().gen_completions_to(env!("CARGO_PKG_NAME"), shell, &mut io::stdout());
|
||||||
|
return
|
||||||
|
}
|
||||||
Command::WsProxy => {
|
Command::WsProxy => {
|
||||||
wsproxy::run_proxy();
|
wsproxy::run_proxy();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return;
|
return
|
||||||
}
|
}
|
||||||
let mut config = Config::default();
|
let mut config = Config::default();
|
||||||
if let Some(ref file) = args.config {
|
if let Some(ref file) = args.config {
|
||||||
|
@ -298,19 +297,19 @@ fn main() {
|
||||||
debug!("Config: {:?}", config);
|
debug!("Config: {:?}", config);
|
||||||
if config.crypto.password.is_none() && config.crypto.private_key.is_none() {
|
if config.crypto.password.is_none() && config.crypto.private_key.is_none() {
|
||||||
error!("Either password or private key must be set in config or given as parameter");
|
error!("Either password or private key must be set in config or given as parameter");
|
||||||
return;
|
return
|
||||||
}
|
}
|
||||||
if config.listen.starts_with("ws://") {
|
if config.listen.starts_with("ws://") {
|
||||||
let socket = try_fail!(ProxyConnection::listen(&config.listen), "Failed to open socket {}: {}", config.listen);
|
let socket = try_fail!(ProxyConnection::listen(&config.listen), "Failed to open socket {}: {}", config.listen);
|
||||||
match config.device_type {
|
match config.device_type {
|
||||||
Type::Tap => run::<payload::Frame, _>(config, socket),
|
Type::Tap => run::<payload::Frame, _>(config, socket),
|
||||||
Type::Tun => run::<payload::Packet, _>(config, socket),
|
Type::Tun => run::<payload::Packet, _>(config, socket)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
let socket = try_fail!(UdpSocket::listen(&config.listen), "Failed to open socket {}: {}", config.listen);
|
let socket = try_fail!(UdpSocket::listen(&config.listen), "Failed to open socket {}: {}", config.listen);
|
||||||
match config.device_type {
|
match config.device_type {
|
||||||
Type::Tap => run::<payload::Frame, _>(config, socket),
|
Type::Tap => run::<payload::Frame, _>(config, socket),
|
||||||
Type::Tun => run::<payload::Packet, _>(config, socket),
|
Type::Tun => run::<payload::Packet, _>(config, socket)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,6 +14,7 @@ use super::util::{MockTimeSource, MsgBuffer, Time, TimeSource};
|
||||||
use crate::port_forwarding::PortForwarding;
|
use crate::port_forwarding::PortForwarding;
|
||||||
|
|
||||||
pub fn mapped_addr(addr: SocketAddr) -> SocketAddr {
|
pub fn mapped_addr(addr: SocketAddr) -> SocketAddr {
|
||||||
|
// HOT PATH
|
||||||
match addr {
|
match addr {
|
||||||
SocketAddr::V4(addr4) => SocketAddr::new(IpAddr::V6(addr4.ip().to_ipv6_mapped()), addr4.port()),
|
SocketAddr::V4(addr4) => SocketAddr::new(IpAddr::V6(addr4.ip().to_ipv6_mapped()), addr4.port()),
|
||||||
_ => addr
|
_ => addr
|
||||||
|
@ -177,4 +178,4 @@ mod bench {
|
||||||
b.iter(|| sock.send_to(&data, &addr).unwrap());
|
b.iter(|| sock.send_to(&data, &addr).unwrap());
|
||||||
b.bytes = 1400;
|
b.bytes = 1400;
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -1,5 +1,6 @@
|
||||||
use super::{device::Type, types::Mode, util::Duration};
|
use super::{device::Type, types::Mode, util::Duration};
|
||||||
use crate::config::{ConfigFile, ConfigFileBeacon, ConfigFileDevice, ConfigFileStatsd, CryptoConfig};
|
use crate::config::{ConfigFile, ConfigFileBeacon, ConfigFileDevice, ConfigFileStatsd, CryptoConfig};
|
||||||
|
use std::collections::HashMap;
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize, Debug, PartialEq, Clone, Copy)]
|
#[derive(Serialize, Deserialize, Debug, PartialEq, Clone, Copy)]
|
||||||
pub enum OldCryptoMethod {
|
pub enum OldCryptoMethod {
|
||||||
|
@ -112,12 +113,11 @@ impl OldConfigFile {
|
||||||
pid_file: self.pid_file,
|
pid_file: self.pid_file,
|
||||||
port_forwarding: self.port_forwarding,
|
port_forwarding: self.port_forwarding,
|
||||||
stats_file: self.stats_file,
|
stats_file: self.stats_file,
|
||||||
statsd: Some(ConfigFileStatsd {
|
statsd: Some(ConfigFileStatsd { prefix: self.statsd_prefix, server: self.statsd_server }),
|
||||||
prefix: self.statsd_prefix,
|
|
||||||
server: self.statsd_server
|
|
||||||
}),
|
|
||||||
switch_timeout: self.dst_timeout,
|
switch_timeout: self.dst_timeout,
|
||||||
user: self.user
|
user: self.user,
|
||||||
|
hook: None,
|
||||||
|
hooks: HashMap::new()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,7 @@ impl Protocol for Frame {
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// This method will fail when the given data is not a valid ethernet frame.
|
/// This method will fail when the given data is not a valid ethernet frame.
|
||||||
fn parse(data: &[u8]) -> Result<(Address, Address), Error> {
|
fn parse(data: &[u8]) -> Result<(Address, Address), Error> {
|
||||||
|
// HOT PATH
|
||||||
let mut cursor = Cursor::new(data);
|
let mut cursor = Cursor::new(data);
|
||||||
let mut src = [0; 16];
|
let mut src = [0; 16];
|
||||||
let mut dst = [0; 16];
|
let mut dst = [0; 16];
|
||||||
|
@ -77,26 +78,6 @@ fn decode_invalid_frame() {
|
||||||
assert!(Frame::parse(&[6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0x00]).is_err());
|
assert!(Frame::parse(&[6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0x00]).is_err());
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "bench")]
|
|
||||||
mod bench_ethernet {
|
|
||||||
use super::*;
|
|
||||||
use test::Bencher;
|
|
||||||
|
|
||||||
#[bench]
|
|
||||||
fn decode_ethernet(b: &mut Bencher) {
|
|
||||||
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 1, 2, 3, 4, 5, 6, 7, 8];
|
|
||||||
b.iter(|| Frame::parse(&data).unwrap());
|
|
||||||
b.bytes = 1400;
|
|
||||||
}
|
|
||||||
|
|
||||||
#[bench]
|
|
||||||
fn decode_ethernet_with_vlan(b: &mut Bencher) {
|
|
||||||
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0, 4, 210, 1, 2, 3, 4, 5, 6, 7, 8];
|
|
||||||
b.iter(|| Frame::parse(&data).unwrap());
|
|
||||||
b.bytes = 1400;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// An IP packet dissector
|
/// An IP packet dissector
|
||||||
///
|
///
|
||||||
/// This dissector is able to extract the source and destination ip addresses of ipv4 packets and
|
/// This dissector is able to extract the source and destination ip addresses of ipv4 packets and
|
||||||
|
@ -110,6 +91,7 @@ impl Protocol for Packet {
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// This method will fail when the given data is not a valid ipv4 and ipv6 packet.
|
/// This method will fail when the given data is not a valid ipv4 and ipv6 packet.
|
||||||
fn parse(data: &[u8]) -> Result<(Address, Address), Error> {
|
fn parse(data: &[u8]) -> Result<(Address, Address), Error> {
|
||||||
|
// HOT PATH
|
||||||
if data.is_empty() {
|
if data.is_empty() {
|
||||||
return Err(Error::Parse("Empty header"))
|
return Err(Error::Parse("Empty header"))
|
||||||
}
|
}
|
||||||
|
@ -176,28 +158,4 @@ fn decode_invalid_packet() {
|
||||||
4, 3, 2
|
4, 3, 2
|
||||||
])
|
])
|
||||||
.is_err());
|
.is_err());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#[cfg(feature = "bench")]
|
|
||||||
mod bench_ip {
|
|
||||||
use super::*;
|
|
||||||
use test::Bencher;
|
|
||||||
|
|
||||||
#[bench]
|
|
||||||
fn decode_ipv4(b: &mut Bencher) {
|
|
||||||
let data = [0x40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192, 168, 1, 1, 192, 168, 1, 2];
|
|
||||||
b.iter(|| Packet::parse(&data).unwrap());
|
|
||||||
b.bytes = 1400;
|
|
||||||
}
|
|
||||||
|
|
||||||
#[bench]
|
|
||||||
fn decode_ipv6(b: &mut Bencher) {
|
|
||||||
let data = [
|
|
||||||
0x60, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 0, 9, 8, 7, 6, 5, 4, 3, 2, 1, 6,
|
|
||||||
5, 4, 3, 2, 1
|
|
||||||
];
|
|
||||||
b.iter(|| Packet::parse(&data).unwrap());
|
|
||||||
b.bytes = 1400;
|
|
||||||
}
|
|
||||||
}
|
|
42
src/table.rs
42
src/table.rs
|
@ -41,9 +41,14 @@ impl<TS: TimeSource> ClaimTable<TS> {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn cache(&mut self, addr: Address, peer: SocketAddr) {
|
pub fn cache(&mut self, addr: Address, peer: SocketAddr) {
|
||||||
|
// HOT PATH
|
||||||
self.cache.insert(addr, CacheValue { peer, timeout: TS::now() + self.cache_timeout as Time });
|
self.cache.insert(addr, CacheValue { peer, timeout: TS::now() + self.cache_timeout as Time });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn clear_cache(&mut self) {
|
||||||
|
self.cache.clear()
|
||||||
|
}
|
||||||
|
|
||||||
pub fn set_claims(&mut self, peer: SocketAddr, mut claims: RangeList) {
|
pub fn set_claims(&mut self, peer: SocketAddr, mut claims: RangeList) {
|
||||||
for entry in &mut self.claims {
|
for entry in &mut self.claims {
|
||||||
if entry.peer == peer {
|
if entry.peer == peer {
|
||||||
|
@ -85,9 +90,11 @@ impl<TS: TimeSource> ClaimTable<TS> {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn lookup(&mut self, addr: Address) -> Option<SocketAddr> {
|
pub fn lookup(&mut self, addr: Address) -> Option<SocketAddr> {
|
||||||
|
// HOT PATH
|
||||||
if let Some(entry) = self.cache.get(&addr) {
|
if let Some(entry) = self.cache.get(&addr) {
|
||||||
return Some(entry.peer)
|
return Some(entry.peer)
|
||||||
}
|
}
|
||||||
|
// COLD PATH
|
||||||
let mut found = None;
|
let mut found = None;
|
||||||
let mut prefix_len = -1;
|
let mut prefix_len = -1;
|
||||||
for entry in &self.claims {
|
for entry in &self.claims {
|
||||||
|
@ -148,37 +155,4 @@ impl<TS: TimeSource> ClaimTable<TS> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: test
|
// TODO: test
|
||||||
|
|
||||||
#[cfg(feature = "bench")]
|
|
||||||
mod bench {
|
|
||||||
use super::*;
|
|
||||||
use crate::util::MockTimeSource;
|
|
||||||
|
|
||||||
use smallvec::smallvec;
|
|
||||||
use std::str::FromStr;
|
|
||||||
use test::Bencher;
|
|
||||||
|
|
||||||
#[bench]
|
|
||||||
fn lookup_warm(b: &mut Bencher) {
|
|
||||||
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
|
|
||||||
let addr = Address::from_str("1.2.3.4").unwrap();
|
|
||||||
table.cache(addr, SocketAddr::from_str("1.2.3.4:3210").unwrap());
|
|
||||||
b.iter(|| table.lookup(addr));
|
|
||||||
b.bytes = 1400;
|
|
||||||
}
|
|
||||||
|
|
||||||
#[bench]
|
|
||||||
fn lookup_cold(b: &mut Bencher) {
|
|
||||||
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
|
|
||||||
let addr = Address::from_str("1.2.3.4").unwrap();
|
|
||||||
table.set_claims(SocketAddr::from_str("1.2.3.4:3210").unwrap(), smallvec![
|
|
||||||
Range::from_str("1.2.3.4/32").unwrap()
|
|
||||||
]);
|
|
||||||
b.iter(|| {
|
|
||||||
table.cache.clear();
|
|
||||||
table.lookup(addr)
|
|
||||||
});
|
|
||||||
b.bytes = 1400;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -9,7 +9,8 @@ mod peers;
|
||||||
use std::{
|
use std::{
|
||||||
collections::{HashMap, VecDeque},
|
collections::{HashMap, VecDeque},
|
||||||
io::Write,
|
io::Write,
|
||||||
net::{IpAddr, Ipv6Addr, SocketAddr},
|
net::SocketAddr,
|
||||||
|
str::FromStr,
|
||||||
sync::{
|
sync::{
|
||||||
atomic::{AtomicUsize, Ordering},
|
atomic::{AtomicUsize, Ordering},
|
||||||
Once
|
Once
|
||||||
|
@ -89,16 +90,17 @@ impl<P: Protocol> Simulator<P> {
|
||||||
pub fn add_node(&mut self, nat: bool, config: &Config) -> SocketAddr {
|
pub fn add_node(&mut self, nat: bool, config: &Config) -> SocketAddr {
|
||||||
let mut config = config.clone();
|
let mut config = config.clone();
|
||||||
MockSocket::set_nat(nat);
|
MockSocket::set_nat(nat);
|
||||||
config.listen = SocketAddr::new(IpAddr::V6(Ipv6Addr::UNSPECIFIED), self.next_port);
|
config.listen = format!("[::]:{}", self.next_port);
|
||||||
if config.crypto.password.is_none() && config.crypto.private_key.is_none() {
|
if config.crypto.password.is_none() && config.crypto.private_key.is_none() {
|
||||||
config.crypto.password = Some("test123".to_string())
|
config.crypto.password = Some("test123".to_string())
|
||||||
}
|
}
|
||||||
DebugLogger::set_node(self.next_port as usize);
|
DebugLogger::set_node(self.next_port as usize);
|
||||||
self.next_port += 1;
|
self.next_port += 1;
|
||||||
let node = TestNode::new(&config, MockDevice::new(), None, None);
|
let addr = SocketAddr::from_str(&config.listen).unwrap();
|
||||||
|
let node = TestNode::new(&config, MockSocket::new(addr), MockDevice::new(), None, None);
|
||||||
DebugLogger::set_node(0);
|
DebugLogger::set_node(0);
|
||||||
self.nodes.insert(config.listen, node);
|
self.nodes.insert(addr, node);
|
||||||
config.listen
|
addr
|
||||||
}
|
}
|
||||||
|
|
||||||
#[allow(dead_code)]
|
#[allow(dead_code)]
|
||||||
|
|
|
@ -83,21 +83,25 @@ pub struct TrafficStats {
|
||||||
impl TrafficStats {
|
impl TrafficStats {
|
||||||
#[inline]
|
#[inline]
|
||||||
pub fn count_out_traffic(&mut self, peer: SocketAddr, bytes: usize) {
|
pub fn count_out_traffic(&mut self, peer: SocketAddr, bytes: usize) {
|
||||||
|
// HOT PATH
|
||||||
self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_out(bytes);
|
self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_out(bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
pub fn count_in_traffic(&mut self, peer: SocketAddr, bytes: usize) {
|
pub fn count_in_traffic(&mut self, peer: SocketAddr, bytes: usize) {
|
||||||
|
// HOT PATH
|
||||||
self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_in(bytes);
|
self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_in(bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
pub fn count_out_payload(&mut self, remote: Address, local: Address, bytes: usize) {
|
pub fn count_out_payload(&mut self, remote: Address, local: Address, bytes: usize) {
|
||||||
|
// HOT PATH
|
||||||
self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_out(bytes);
|
self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_out(bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
pub fn count_in_payload(&mut self, remote: Address, local: Address, bytes: usize) {
|
pub fn count_in_payload(&mut self, remote: Address, local: Address, bytes: usize) {
|
||||||
|
// HOT PATH
|
||||||
self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_in(bytes);
|
self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_in(bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
55
src/util.rs
55
src/util.rs
|
@ -2,31 +2,31 @@
|
||||||
// Copyright (C) 2015-2020 Dennis Schwerdel
|
// Copyright (C) 2015-2020 Dennis Schwerdel
|
||||||
// This software is licensed under GPL-3 or newer (see LICENSE.md)
|
// This software is licensed under GPL-3 or newer (see LICENSE.md)
|
||||||
|
|
||||||
|
use std::process::Command;
|
||||||
use std::{
|
use std::{
|
||||||
fmt,
|
fmt,
|
||||||
net::{Ipv4Addr, SocketAddr, ToSocketAddrs, UdpSocket},
|
net::{Ipv4Addr, SocketAddr, ToSocketAddrs, UdpSocket},
|
||||||
sync::atomic::{AtomicIsize, Ordering}
|
sync::atomic::{AtomicIsize, Ordering},
|
||||||
};
|
};
|
||||||
|
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
|
|
||||||
#[cfg(not(target_os = "linux"))] use time;
|
#[cfg(not(target_os = "linux"))]
|
||||||
|
use time;
|
||||||
|
|
||||||
use signal::{trap::Trap, Signal};
|
use signal::{trap::Trap, Signal};
|
||||||
use smallvec::SmallVec;
|
use smallvec::SmallVec;
|
||||||
use std::time::Instant;
|
use std::time::Instant;
|
||||||
|
|
||||||
|
|
||||||
pub type Duration = u32;
|
pub type Duration = u32;
|
||||||
pub type Time = i64;
|
pub type Time = i64;
|
||||||
|
|
||||||
|
|
||||||
#[derive(Clone)]
|
#[derive(Clone)]
|
||||||
pub struct MsgBuffer {
|
pub struct MsgBuffer {
|
||||||
space_before: usize,
|
space_before: usize,
|
||||||
buffer: [u8; 65535],
|
buffer: [u8; 65535],
|
||||||
start: usize,
|
start: usize,
|
||||||
end: usize
|
end: usize,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl MsgBuffer {
|
impl MsgBuffer {
|
||||||
|
@ -98,7 +98,6 @@ impl MsgBuffer {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
const HEX_CHARS: &[u8] = b"0123456789abcdef";
|
const HEX_CHARS: &[u8] = b"0123456789abcdef";
|
||||||
|
|
||||||
pub fn bytes_to_hex(bytes: &[u8]) -> String {
|
pub fn bytes_to_hex(bytes: &[u8]) -> String {
|
||||||
|
@ -113,13 +112,12 @@ pub fn bytes_to_hex(bytes: &[u8]) -> String {
|
||||||
pub fn addr_nice(addr: SocketAddr) -> SocketAddr {
|
pub fn addr_nice(addr: SocketAddr) -> SocketAddr {
|
||||||
if let SocketAddr::V6(v6addr) = addr {
|
if let SocketAddr::V6(v6addr) = addr {
|
||||||
if let Some(ip) = v6addr.ip().to_ipv4() {
|
if let Some(ip) = v6addr.ip().to_ipv4() {
|
||||||
return (ip, addr.port()).into()
|
return (ip, addr.port()).into();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
addr
|
addr
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub struct Encoder;
|
pub struct Encoder;
|
||||||
|
|
||||||
impl Encoder {
|
impl Encoder {
|
||||||
|
@ -172,7 +170,6 @@ impl Encoder {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
macro_rules! fail {
|
macro_rules! fail {
|
||||||
($format:expr) => ( {
|
($format:expr) => ( {
|
||||||
use std::process;
|
use std::process;
|
||||||
|
@ -215,17 +212,14 @@ pub fn get_internal_ip() -> Ipv4Addr {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#[allow(unknown_lints, clippy::needless_pass_by_value)]
|
#[allow(unknown_lints, clippy::needless_pass_by_value)]
|
||||||
pub fn resolve<Addr: ToSocketAddrs + fmt::Debug>(addr: Addr) -> Result<SmallVec<[SocketAddr; 4]>, Error> {
|
pub fn resolve<Addr: ToSocketAddrs + fmt::Debug>(addr: Addr) -> Result<SmallVec<[SocketAddr; 4]>, Error> {
|
||||||
let mut addrs =
|
let mut addrs =
|
||||||
addr.to_socket_addrs().map_err(|_| Error::NameUnresolvable(format!("{:?}", addr)))?.collect::<SmallVec<_>>();
|
addr.to_socket_addrs().map_err(|_| Error::NameUnresolvable(format!("{:?}", addr)))?.collect::<SmallVec<_>>();
|
||||||
// Try IPv4 first as it usually is faster
|
// Try IPv4 first as it usually is faster
|
||||||
addrs.sort_by_key(|addr| {
|
addrs.sort_by_key(|addr| match *addr {
|
||||||
match *addr {
|
SocketAddr::V4(_) => 4,
|
||||||
SocketAddr::V4(_) => 4,
|
SocketAddr::V6(_) => 6,
|
||||||
SocketAddr::V6(_) => 6
|
|
||||||
}
|
|
||||||
});
|
});
|
||||||
// Remove duplicates in addrs (why are there duplicates???)
|
// Remove duplicates in addrs (why are there duplicates???)
|
||||||
addrs.dedup();
|
addrs.dedup();
|
||||||
|
@ -239,7 +233,6 @@ macro_rules! addr {
|
||||||
}};
|
}};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub struct Bytes(pub u64);
|
pub struct Bytes(pub u64);
|
||||||
|
|
||||||
impl fmt::Display for Bytes {
|
impl fmt::Display for Bytes {
|
||||||
|
@ -248,31 +241,30 @@ impl fmt::Display for Bytes {
|
||||||
if size >= 512.0 {
|
if size >= 512.0 {
|
||||||
size /= 1024.0;
|
size /= 1024.0;
|
||||||
} else {
|
} else {
|
||||||
return write!(formatter, "{:.0} B", size)
|
return write!(formatter, "{:.0} B", size);
|
||||||
}
|
}
|
||||||
if size >= 512.0 {
|
if size >= 512.0 {
|
||||||
size /= 1024.0;
|
size /= 1024.0;
|
||||||
} else {
|
} else {
|
||||||
return write!(formatter, "{:.1} KiB", size)
|
return write!(formatter, "{:.1} KiB", size);
|
||||||
}
|
}
|
||||||
if size >= 512.0 {
|
if size >= 512.0 {
|
||||||
size /= 1024.0;
|
size /= 1024.0;
|
||||||
} else {
|
} else {
|
||||||
return write!(formatter, "{:.1} MiB", size)
|
return write!(formatter, "{:.1} MiB", size);
|
||||||
}
|
}
|
||||||
if size >= 512.0 {
|
if size >= 512.0 {
|
||||||
size /= 1024.0;
|
size /= 1024.0;
|
||||||
} else {
|
} else {
|
||||||
return write!(formatter, "{:.1} GiB", size)
|
return write!(formatter, "{:.1} GiB", size);
|
||||||
}
|
}
|
||||||
write!(formatter, "{:.1} TiB", size)
|
write!(formatter, "{:.1} TiB", size)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub struct CtrlC {
|
pub struct CtrlC {
|
||||||
dummy_time: Instant,
|
dummy_time: Instant,
|
||||||
trap: Trap
|
trap: Trap,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl CtrlC {
|
impl CtrlC {
|
||||||
|
@ -293,7 +285,6 @@ impl Default for CtrlC {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub trait TimeSource: Sync + Copy + Send + 'static {
|
pub trait TimeSource: Sync + Copy + Send + 'static {
|
||||||
fn now() -> Time;
|
fn now() -> Time;
|
||||||
}
|
}
|
||||||
|
@ -336,7 +327,6 @@ impl TimeSource for MockTimeSource {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it
|
/// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it
|
||||||
fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
|
fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
|
||||||
let mut d: usize = m as usize;
|
let mut d: usize = m as usize;
|
||||||
|
@ -356,7 +346,7 @@ fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
|
||||||
const BASE62: [char; 62] = [
|
const BASE62: [char; 62] = [
|
||||||
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
|
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
|
||||||
'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
|
'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
|
||||||
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'
|
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
|
||||||
];
|
];
|
||||||
|
|
||||||
pub fn to_base62(data: &[u8]) -> String {
|
pub fn to_base62(data: &[u8]) -> String {
|
||||||
|
@ -382,7 +372,7 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
|
||||||
'0'..='9' => ((c as usize) % ('0' as usize)),
|
'0'..='9' => ((c as usize) % ('0' as usize)),
|
||||||
'A'..='Z' => ((c as usize) % ('A' as usize)) + 10,
|
'A'..='Z' => ((c as usize) % ('A' as usize)) + 10,
|
||||||
'a'..='z' => ((c as usize) % ('a' as usize)) + 36,
|
'a'..='z' => ((c as usize) % ('a' as usize)) + 36,
|
||||||
_ => return Err(c)
|
_ => return Err(c),
|
||||||
};
|
};
|
||||||
for item in &mut buf {
|
for item in &mut buf {
|
||||||
val += *item as usize * 62;
|
val += *item as usize * 62;
|
||||||
|
@ -397,11 +387,10 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
|
||||||
Ok(buf)
|
Ok(buf)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#[derive(Default)]
|
#[derive(Default)]
|
||||||
pub struct StatsdMsg {
|
pub struct StatsdMsg {
|
||||||
entries: Vec<String>,
|
entries: Vec<String>,
|
||||||
key: Vec<String>
|
key: Vec<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl StatsdMsg {
|
impl StatsdMsg {
|
||||||
|
@ -426,6 +415,16 @@ impl StatsdMsg {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn run_cmd(mut cmd: Command) {
|
||||||
|
match cmd.status() {
|
||||||
|
Ok(status) => {
|
||||||
|
if !status.success() {
|
||||||
|
error!("Command returned error: {:?}", status.code())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Err(e) => error!("Failed to execute command {:?}: {}", cmd, e),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn base62() {
|
fn base62() {
|
||||||
|
|
Loading…
Reference in New Issue