Compare commits

..

No commits in common. "1eb1771d2a131cbb638da39c3729f6cf52074bd5" and "a86aecfa7ea8d41cc94d6377fd9e4f32c6f41f9f" have entirely different histories.

22 changed files with 618 additions and 1030 deletions

View File

@ -11,7 +11,7 @@ jobs:
- name: Run builder
uses: ./.github/actions/build-deb
with:
rust: '1.49.0'
rust: '1.48.0'
- name: Archive artifacts
uses: actions/upload-artifact@v1
with:
@ -31,7 +31,7 @@ jobs:
- name: Run builder
uses: ./.github/actions/build-rpm
with:
rust: '1.49.0'
rust: '1.48.0'
- name: Archive artifacts
uses: actions/upload-artifact@v1
with:

View File

@ -4,11 +4,9 @@ This project follows [semantic versioning](http://semver.org).
### UNRELEASED
- [added] Support for creating shell completions
- [added] Support for hook scripts to handle certain situations
- [removed] Removed dummy device type
- [changed] Updated dependencies
- [changed] Changed Rust version to 1.49.0
- [changed] Updated depdendencies
- [changed] Changed Rust version to 1.48.0
- [fixed] Added missing peer address propagation
### v2.0.1 (2020-11-07)

555
Cargo.lock generated
View File

@ -11,9 +11,9 @@ dependencies = [
[[package]]
name = "attohttpc"
version = "0.16.1"
version = "0.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba5b30bf3a0aead269fd5dd69b385a3e90c2b55f4f215d1bdf52c3883f5fa7fa"
checksum = "1082810677916862c7704351dfe4696a837aaf34da0dd6431abc60783e71ee8f"
dependencies = [
"http",
"log",
@ -32,12 +32,6 @@ dependencies = [
"winapi",
]
[[package]]
name = "autocfg"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
[[package]]
name = "base-x"
version = "0.2.8"
@ -56,44 +50,23 @@ version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5988cb1d626264ac94100be357308f29ff7cbdd3b36bda27f450a4ee3f713426"
[[package]]
name = "bstr"
version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "473fc6b38233f9af7baa94fb5852dca389e3d95b8e21c8e3719301462c5d9faf"
dependencies = [
"lazy_static",
"memchr",
"regex-automata",
"serde",
]
[[package]]
name = "bumpalo"
version = "3.5.0"
version = "3.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f07aa6688c702439a1be0307b6a94dffe1168569e45b9500c1372bc580740d59"
checksum = "2e8c087f005730276d1096a652e92a8bacee2e2472bcc9715a74d2bec38b5820"
[[package]]
name = "byteorder"
version = "1.4.2"
version = "1.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae44d1a3d5a19df61dd0c8beb138458ac2a53a7ac09eba97d55592540004306b"
checksum = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de"
[[package]]
name = "bytes"
version = "1.0.1"
version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b700ce4376041dcd0a327fd0097c41095743c4c8af8887265942faf1100bd040"
[[package]]
name = "cast"
version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4b9434b9a5aa1450faa3f9cb14ea0e8c53bb5d2b3c1bfd1ab4fc03e9f33fbfb0"
dependencies = [
"rustc_version",
]
checksum = "0e4cec68f03f32e44924783795810fa50a7035d8c8ebe78580ad7e6c703fba38"
[[package]]
name = "cc"
@ -130,113 +103,9 @@ dependencies = [
[[package]]
name = "const_fn"
version = "0.4.5"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "28b9d6de7f49e22cf97ad17fc4036ece69300032f45f78f30b4a4482cdc3f4a6"
[[package]]
name = "criterion"
version = "0.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab327ed7354547cc2ef43cbe20ef68b988e70b4b593cbd66a2a61733123a3d23"
dependencies = [
"atty",
"cast",
"clap",
"criterion-plot",
"csv",
"itertools 0.10.0",
"lazy_static",
"num-traits",
"oorandom",
"plotters",
"rayon",
"regex",
"serde",
"serde_cbor",
"serde_derive",
"serde_json",
"tinytemplate",
"walkdir",
]
[[package]]
name = "criterion-plot"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e022feadec601fba1649cfa83586381a4ad31c6bf3a9ab7d408118b05dd9889d"
dependencies = [
"cast",
"itertools 0.9.0",
]
[[package]]
name = "crossbeam-channel"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dca26ee1f8d361640700bde38b2c37d8c22b3ce2d360e1fc1c74ea4b0aa7d775"
dependencies = [
"cfg-if 1.0.0",
"crossbeam-utils",
]
[[package]]
name = "crossbeam-deque"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94af6efb46fef72616855b036a624cf27ba656ffc9be1b9a3c931cfc7749a9a9"
dependencies = [
"cfg-if 1.0.0",
"crossbeam-epoch",
"crossbeam-utils",
]
[[package]]
name = "crossbeam-epoch"
version = "0.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1aaa739f95311c2c7887a76863f500026092fb1dce0161dab577e559ef3569d"
dependencies = [
"cfg-if 1.0.0",
"const_fn",
"crossbeam-utils",
"lazy_static",
"memoffset",
"scopeguard",
]
[[package]]
name = "crossbeam-utils"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "02d96d1e189ef58269ebe5b97953da3274d83a93af647c2ddd6f9dab28cedb8d"
dependencies = [
"autocfg",
"cfg-if 1.0.0",
"lazy_static",
]
[[package]]
name = "csv"
version = "1.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f9d58633299b24b515ac72a3f869f8b91306a3cec616a602843a383acd6f9e97"
dependencies = [
"bstr",
"csv-core",
"itoa",
"ryu",
"serde",
]
[[package]]
name = "csv-core"
version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2b2466559f260f48ad25fe6317b3c8dac77b5bdb5763ac7d9d6103530663bc90"
dependencies = [
"memchr",
]
checksum = "cd51eab21ab4fd6a3bf889e2d0958c0a6e3a61ad04260325e919e652a2a62826"
[[package]]
name = "daemonize"
@ -256,15 +125,9 @@ checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0"
[[package]]
name = "dtoa"
version = "0.4.7"
version = "0.4.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "88d7ed2934d741c6b37e33e3832298e8850b53fd2d2bea03873375596c7cea4e"
[[package]]
name = "either"
version = "1.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457"
checksum = "134951f4028bdadb9b84baf4232681efbf277da25144b9b0ad65df75946c422b"
[[package]]
name = "fnv"
@ -284,44 +147,49 @@ dependencies = [
[[package]]
name = "getrandom"
version = "0.2.2"
version = "0.1.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8"
checksum = "fc587bc0ec293155d5bfa6b9891ec18a1e330c234f896ea47fbada4cadbe47e6"
dependencies = [
"cfg-if 1.0.0",
"cfg-if 0.1.10",
"libc",
"wasi",
]
[[package]]
name = "half"
version = "1.7.1"
name = "getrandom"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "62aca2aba2d62b4a7f5b33f3712cb1b0692779a56fb510499d5c0aa594daeaf3"
checksum = "ee8025cf36f917e6a52cce185b7c7177689b838b7ec138364e50cc2277a56cf4"
dependencies = [
"cfg-if 0.1.10",
"libc",
"wasi",
]
[[package]]
name = "heck"
version = "0.3.2"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "87cbf45460356b7deeb5e3415b5563308c0a9b057c85e12b06ad551f98d0a6ac"
checksum = "20564e78d53d2bb135c343b3f47714a56af2061f1c928fdb541dc7b9fdd94205"
dependencies = [
"unicode-segmentation",
]
[[package]]
name = "hermit-abi"
version = "0.1.18"
version = "0.1.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "322f4de77956e22ed0e5032c359a0f1273f1f7f0d79bfa3b8ffbc730d7fbcc5c"
checksum = "5aca5565f760fb5b220e499d72710ed156fdb74e631659e99377d9ebfbd13ae8"
dependencies = [
"libc",
]
[[package]]
name = "http"
version = "0.2.3"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7245cd7449cc792608c3c8a9eaf69bd4eabbabf802713748fd739c98b82f0747"
checksum = "84129d298a6d57d246960ff8eb831ca4af3f96d29e2e28848dae275408658e26"
dependencies = [
"bytes",
"fnv",
@ -347,7 +215,7 @@ checksum = "4c4e7ee8b51e541486d7040883fe1f00e2a9954bcc24fd155b7e4f03ed4b93dd"
dependencies = [
"attohttpc",
"log",
"rand",
"rand 0.8.1",
"url",
"xmltree",
]
@ -361,35 +229,17 @@ dependencies = [
"cfg-if 1.0.0",
]
[[package]]
name = "itertools"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "284f18f85651fe11e8a991b2adb42cb078325c996ed026d994719efcfca1d54b"
dependencies = [
"either",
]
[[package]]
name = "itertools"
version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37d572918e350e82412fe766d24b15e6682fb2ed2bbe018280caa810397cb319"
dependencies = [
"either",
]
[[package]]
name = "itoa"
version = "0.4.7"
version = "0.4.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd25036021b0de88a0aff6b850051563c6516d0bf53f8638938edbb9de732736"
checksum = "dc6f3ad7b9d11a0c00842ff8de1b60ee58661048eb8049ed33c73594f359d7e6"
[[package]]
name = "js-sys"
version = "0.3.47"
version = "0.3.46"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5cfb73131c35423a367daf8cbd24100af0d077668c8c2943f0e7dd775fef0f65"
checksum = "cf3d7383929f7c9c7c2d0fa596f325832df98c3704f2c60553080f7127a58175"
dependencies = [
"wasm-bindgen",
]
@ -402,15 +252,15 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]]
name = "libc"
version = "0.2.84"
version = "0.2.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1cca32fa0182e8c0989459524dc356b8f2b5c10f1b9eb521b7d182c03cf8c5ff"
checksum = "1482821306169ec4d07f6aca392a4681f66c75c9918aa49641a2595db64053cb"
[[package]]
name = "linked-hash-map"
version = "0.5.4"
version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7fb9b38af92608140b86b693604b9ffcc5824240a484d1ecd4795bacb2fe88f3"
checksum = "8dd5a6d5999d9907cda8ed67bbd137d3af8085216c2ac62de5be860bd41f304a"
[[package]]
name = "lock_api"
@ -423,11 +273,11 @@ dependencies = [
[[package]]
name = "log"
version = "0.4.14"
version = "0.4.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710"
checksum = "4fabed175da42fed1fa0746b0ea71f412aa9d35e76e95e59b192c64b9dc2bf8b"
dependencies = [
"cfg-if 1.0.0",
"cfg-if 0.1.10",
]
[[package]]
@ -436,21 +286,6 @@ version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ffc5c5338469d4d3ea17d269fa8ea3512ad247247c30bd2df69e68309ed0a08"
[[package]]
name = "memchr"
version = "2.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525"
[[package]]
name = "memoffset"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "157b4208e3059a8f9e78d559edc658e13df41410cb3ae03979c83130067fdd87"
dependencies = [
"autocfg",
]
[[package]]
name = "nix"
version = "0.14.1"
@ -476,37 +311,12 @@ dependencies = [
"libc",
]
[[package]]
name = "num-traits"
version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290"
dependencies = [
"autocfg",
]
[[package]]
name = "num_cpus"
version = "1.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "05499f3756671c15885fee9034446956fff3f243d6077b91e5767df161f766b3"
dependencies = [
"hermit-abi",
"libc",
]
[[package]]
name = "once_cell"
version = "1.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "13bd41f508810a131401606d54ac32a467c97172d74ba7662562ebba5ad07fa0"
[[package]]
name = "oorandom"
version = "11.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575"
[[package]]
name = "parking_lot"
version = "0.11.1"
@ -527,7 +337,7 @@ dependencies = [
"cfg-if 1.0.0",
"instant",
"libc",
"redox_syscall 0.1.57",
"redox_syscall",
"smallvec",
"winapi",
]
@ -538,34 +348,6 @@ version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e"
[[package]]
name = "plotters"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45ca0ae5f169d0917a7c7f5a9c1a3d3d9598f18f529dd2b8373ed988efea307a"
dependencies = [
"num-traits",
"plotters-backend",
"plotters-svg",
"wasm-bindgen",
"web-sys",
]
[[package]]
name = "plotters-backend"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b07fffcddc1cb3a1de753caa4e4df03b79922ba43cf882acc1bdd7e8df9f4590"
[[package]]
name = "plotters-svg"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b38a02e23bd9604b842a812063aec4ef702b57989c37b655254bb61c471ad211"
dependencies = [
"plotters-backend",
]
[[package]]
name = "ppv-lite86"
version = "0.2.10"
@ -623,23 +405,46 @@ dependencies = [
[[package]]
name = "quote"
version = "1.0.8"
version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "991431c3519a3f36861882da93630ce66b52918dcf1b8e2fd66b397fc96f28df"
checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
dependencies = [
"proc-macro2",
]
[[package]]
name = "rand"
version = "0.8.3"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e"
checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
dependencies = [
"getrandom 0.1.15",
"libc",
"rand_chacha 0.2.2",
"rand_core 0.5.1",
"rand_hc 0.2.0",
]
[[package]]
name = "rand"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c24fcd450d3fa2b592732565aa4f17a27a61c65ece4726353e000939b0edee34"
dependencies = [
"libc",
"rand_chacha",
"rand_core",
"rand_hc",
"rand_chacha 0.3.0",
"rand_core 0.6.0",
"rand_hc 0.3.0",
]
[[package]]
name = "rand_chacha"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
dependencies = [
"ppv-lite86",
"rand_core 0.5.1",
]
[[package]]
@ -649,16 +454,34 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e12735cf05c9e10bf21534da50a147b924d555dc7a547c42e6bb2d5b6017ae0d"
dependencies = [
"ppv-lite86",
"rand_core",
"rand_core 0.6.0",
]
[[package]]
name = "rand_core"
version = "0.6.1"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c026d7df8b298d90ccbbc5190bd04d85e159eaf5576caeacf8741da93ccbd2e5"
checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
dependencies = [
"getrandom",
"getrandom 0.1.15",
]
[[package]]
name = "rand_core"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a8b34ba8cfb21243bd8df91854c830ff0d785fff2e82ebd4434c2644cb9ada18"
dependencies = [
"getrandom 0.2.0",
]
[[package]]
name = "rand_hc"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
dependencies = [
"rand_core 0.5.1",
]
[[package]]
@ -667,32 +490,7 @@ version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3190ef7066a446f2e7f42e239d161e905420ccab01eb967c9eb27d21b2322a73"
dependencies = [
"rand_core",
]
[[package]]
name = "rayon"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b0d8e0819fadc20c74ea8373106ead0600e3a67ef1fe8da56e39b9ae7275674"
dependencies = [
"autocfg",
"crossbeam-deque",
"either",
"rayon-core",
]
[[package]]
name = "rayon-core"
version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ab346ac5921dc62ffa9f89b7a773907511cdfa5490c572ae9be1be33e8afa4a"
dependencies = [
"crossbeam-channel",
"crossbeam-deque",
"crossbeam-utils",
"lazy_static",
"num_cpus",
"rand_core 0.6.0",
]
[[package]]
@ -701,39 +499,6 @@ version = "0.1.57"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce"
[[package]]
name = "redox_syscall"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "05ec8ca9416c5ea37062b502703cd7fcb207736bc294f6e0cf367ac6fc234570"
dependencies = [
"bitflags",
]
[[package]]
name = "regex"
version = "1.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9251239e129e16308e70d853559389de218ac275b515068abc96829d05b948a"
dependencies = [
"regex-syntax",
]
[[package]]
name = "regex-automata"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae1ded71d66a4a97f5e961fd0cb25a5f366a42a41570d16a763a69c092c26ae4"
dependencies = [
"byteorder",
]
[[package]]
name = "regex-syntax"
version = "0.6.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5eb417147ba9860a96cfe72a0b93bf88fee1744b5636ec99ab20c1aa9376581"
[[package]]
name = "remove_dir_all"
version = "0.5.3"
@ -773,15 +538,6 @@ version = "1.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"
[[package]]
name = "same-file"
version = "1.0.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
dependencies = [
"winapi-util",
]
[[package]]
name = "scopeguard"
version = "1.1.0"
@ -805,28 +561,15 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
[[package]]
name = "serde"
version = "1.0.123"
version = "1.0.118"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "92d5161132722baa40d802cc70b15262b98258453e85e5d1d365c757c73869ae"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_cbor"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e18acfa2f90e8b735b2836ab8d538de304cbb6729a7360729ea5a895d15a622"
dependencies = [
"half",
"serde",
]
checksum = "06c64263859d87aa2eb554587e2d23183398d617427327cf2b3d0ed8c69e4800"
[[package]]
name = "serde_derive"
version = "1.0.123"
version = "1.0.118"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9391c295d64fc0abb2c556bad848f33cb8296276b1ad2677d1ae1ace4f258f31"
checksum = "c84d3526699cd55261af4b941e4e725444df67aa4f9e6a3564f18030d12672df"
dependencies = [
"proc-macro2",
"quote",
@ -835,9 +578,9 @@ dependencies = [
[[package]]
name = "serde_json"
version = "1.0.61"
version = "1.0.60"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4fceb2595057b6891a4ee808f70054bd2d12f0e97f1cbb78689b59f676df325a"
checksum = "1500e84d27fe482ed1dc791a56eddc2f230046a040fa908c08bda1d9fb615779"
dependencies = [
"itoa",
"ryu",
@ -846,9 +589,9 @@ dependencies = [
[[package]]
name = "serde_yaml"
version = "0.8.15"
version = "0.8.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "971be8f6e4d4a47163b405a3df70d14359186f9ab0f3a3ec37df144ca1ce089f"
checksum = "f7baae0a99f1a324984bcdc5f0718384c1f69775f1c7eec8b859b71b443e3fd7"
dependencies = [
"dtoa",
"linked-hash-map",
@ -874,9 +617,9 @@ dependencies = [
[[package]]
name = "smallvec"
version = "1.6.1"
version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fe0f37c9e8f3c5a4a66ad655a93c74daac4ad00c441533bf5c6e7990bb42604e"
checksum = "1a55ca5f3b68e41c979bf8c46a6f1da892ca4db8f94023ce0bd32407573b1ac0"
[[package]]
name = "spin"
@ -886,9 +629,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]]
name = "standback"
version = "0.2.14"
version = "0.2.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c66a8cff4fa24853fdf6b51f75c6d7f8206d7c75cab4e467bcd7f25c2b1febe0"
checksum = "cf906c8b8fc3f6ecd1046e01da1d8ddec83e48c8b08b84dcc02b585a6bedf5a8"
dependencies = [
"version_check",
]
@ -974,9 +717,9 @@ dependencies = [
[[package]]
name = "syn"
version = "1.0.60"
version = "1.0.54"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c700597eca8a5a762beb35753ef6b94df201c81cca676604f547495a0d7f0081"
checksum = "9a2af957a63d6bd42255c359c93d9bfdb97076bd3b820897ce55ffbfbf107f44"
dependencies = [
"proc-macro2",
"quote",
@ -985,14 +728,14 @@ dependencies = [
[[package]]
name = "tempfile"
version = "3.2.0"
version = "3.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22"
checksum = "7a6e24d9338a0a5be79593e2fa15a648add6138caa803e2d5bc782c371732ca9"
dependencies = [
"cfg-if 1.0.0",
"cfg-if 0.1.10",
"libc",
"rand",
"redox_syscall 0.2.4",
"rand 0.7.3",
"redox_syscall",
"remove_dir_all",
"winapi",
]
@ -1064,21 +807,11 @@ dependencies = [
"syn",
]
[[package]]
name = "tinytemplate"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2ada8616fad06a2d0c455adc530de4ef57605a8120cc65da9653e0e9623ca74"
dependencies = [
"serde",
"serde_json",
]
[[package]]
name = "tinyvec"
version = "1.1.1"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "317cca572a0e89c3ce0ca1f1bdc9369547fe318a683418e42ac8f59d14701023"
checksum = "ccf8dbc19eb42fba10e8feaaec282fb50e2c14b2726d6301dbfeed0f73306a6f"
dependencies = [
"tinyvec_macros",
]
@ -1166,7 +899,6 @@ name = "vpncloud"
version = "2.0.1"
dependencies = [
"byteorder",
"criterion",
"daemonize",
"fnv",
"igd",
@ -1174,9 +906,10 @@ dependencies = [
"log",
"parking_lot",
"privdrop",
"rand",
"rand 0.8.1",
"ring",
"serde",
"serde_derive",
"serde_yaml",
"signal",
"smallvec",
@ -1187,28 +920,17 @@ dependencies = [
"yaml-rust",
]
[[package]]
name = "walkdir"
version = "2.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "777182bc735b6424e1a57516d35ed72cb8019d85c8c9bf536dccb3445c1a2f7d"
dependencies = [
"same-file",
"winapi",
"winapi-util",
]
[[package]]
name = "wasi"
version = "0.10.2+wasi-snapshot-preview1"
version = "0.9.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
[[package]]
name = "wasm-bindgen"
version = "0.2.70"
version = "0.2.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "55c0f7123de74f0dab9b7d00fd614e7b19349cd1e2f5252bbe9b1754b59433be"
checksum = "3cd364751395ca0f68cafb17666eee36b63077fb5ecd972bbcd74c90c4bf736e"
dependencies = [
"cfg-if 1.0.0",
"wasm-bindgen-macro",
@ -1216,9 +938,9 @@ dependencies = [
[[package]]
name = "wasm-bindgen-backend"
version = "0.2.70"
version = "0.2.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7bc45447f0d4573f3d65720f636bbcc3dd6ce920ed704670118650bcd47764c7"
checksum = "1114f89ab1f4106e5b55e688b828c0ab0ea593a1ea7c094b141b14cbaaec2d62"
dependencies = [
"bumpalo",
"lazy_static",
@ -1231,9 +953,9 @@ dependencies = [
[[package]]
name = "wasm-bindgen-macro"
version = "0.2.70"
version = "0.2.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3b8853882eef39593ad4174dd26fc9865a64e84026d223f63bb2c42affcbba2c"
checksum = "7a6ac8995ead1f084a8dea1e65f194d0973800c7f571f6edd70adf06ecf77084"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
@ -1241,9 +963,9 @@ dependencies = [
[[package]]
name = "wasm-bindgen-macro-support"
version = "0.2.70"
version = "0.2.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4133b5e7f2a531fa413b3a1695e925038a05a71cf67e87dafa295cb645a01385"
checksum = "b5a48c72f299d80557c7c62e37e7225369ecc0c963964059509fbafe917c7549"
dependencies = [
"proc-macro2",
"quote",
@ -1254,15 +976,15 @@ dependencies = [
[[package]]
name = "wasm-bindgen-shared"
version = "0.2.70"
version = "0.2.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd4945e4943ae02d15c13962b38a5b1e81eadd4b71214eee75af64a4d6a4fd64"
checksum = "7e7811dd7f9398f14cc76efd356f98f03aa30419dea46aa810d71e819fc97158"
[[package]]
name = "web-sys"
version = "0.3.47"
version = "0.3.46"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c40dc691fc48003eba817c38da7113c15698142da971298003cac3ef175680b3"
checksum = "222b1ef9334f92a21d3fb53dc3fd80f30836959a90f9274a626d7e06315ba3c3"
dependencies = [
"js-sys",
"wasm-bindgen",
@ -1270,9 +992,9 @@ dependencies = [
[[package]]
name = "wildmatch"
version = "1.0.13"
version = "1.0.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d2399814fda0d6999a6bfe9b5c7660d836334deb162a09db8b73d5b38fd8c40a"
checksum = "79346daa5ca66c72db46ee4dac6e605811478ae0807b385d18328be3f5c0eb74"
[[package]]
name = "winapi"
@ -1290,15 +1012,6 @@ version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
[[package]]
name = "winapi-util"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
dependencies = [
"winapi",
]
[[package]]
name = "winapi-x86_64-pc-windows-gnu"
version = "0.4.0"

View File

@ -14,7 +14,8 @@ edition = "2018"
[dependencies]
time = "=0.2.22"
structopt = "0.3"
serde = { version = "1.0", features = ["derive"] }
serde = "1.0"
serde_derive = "1.0"
serde_yaml = "0.8"
log = { version = "0.4", features = ["std"] }
signal = "0.7"
@ -26,24 +27,19 @@ igd = { version = "0.12", optional = true }
daemonize = "0.4"
ring = "0.16"
privdrop = "0.5"
byteorder = "1.4"
byteorder = "1.3"
thiserror = "1.0"
parking_lot = "*"
smallvec = "1.6"
[dev-dependencies]
tempfile = "3"
criterion = "0.3"
[features]
default = ["nat"]
bench = []
nat = ["igd"]
[[bench]]
name = "bench"
harness = false
[profile.release]
lto = true

View File

@ -1,149 +0,0 @@
#![allow(dead_code, unused_macros, unused_imports)]
#[macro_use] extern crate serde;
#[macro_use] extern crate log;
use criterion::{criterion_group, criterion_main, Criterion, Throughput};
use smallvec::smallvec;
use ring::aead;
use std::str::FromStr;
use std::net::{SocketAddr, Ipv4Addr, SocketAddrV4, UdpSocket};
mod util {
include!("../src/util.rs");
}
mod error {
include!("../src/error.rs");
}
mod payload {
include!("../src/payload.rs");
}
mod types {
include!("../src/types.rs");
}
mod table {
include!("../src/table.rs");
}
mod crypto_core {
include!("../src/crypto/core.rs");
}
pub use error::Error;
use util::{MockTimeSource, MsgBuffer};
use types::{Address, Range};
use table::{ClaimTable};
use payload::{Packet, Frame, Protocol};
use crypto_core::{create_dummy_pair, EXTRA_LEN};
fn udp_send(c: &mut Criterion) {
let sock = UdpSocket::bind("127.0.0.1:0").unwrap();
let data = [0; 1400];
let addr = SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 1);
let mut g = c.benchmark_group("udp_send");
g.throughput(Throughput::Bytes(1400));
g.bench_function("udp_send", |b| {
b.iter(|| sock.send_to(&data, &addr).unwrap());
});
g.finish();
}
fn decode_ipv4(c: &mut Criterion) {
let data = [0x40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192, 168, 1, 1, 192, 168, 1, 2];
let mut g = c.benchmark_group("payload");
g.throughput(Throughput::Bytes(1400));
g.bench_function("decode_ipv4", |b| {
b.iter(|| Packet::parse(&data).unwrap());
});
g.finish();
}
fn decode_ipv6(c: &mut Criterion) {
let data = [
0x60, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 0, 9, 8, 7, 6, 5, 4, 3, 2, 1, 6, 5,
4, 3, 2, 1
];
let mut g = c.benchmark_group("payload");
g.throughput(Throughput::Bytes(1400));
g.bench_function("decode_ipv6", |b| {
b.iter(|| Packet::parse(&data).unwrap());
});
g.finish();
}
fn decode_ethernet(c: &mut Criterion) {
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 1, 2, 3, 4, 5, 6, 7, 8];
let mut g = c.benchmark_group("payload");
g.throughput(Throughput::Bytes(1400));
g.bench_function("decode_ethernet", |b| {
b.iter(|| Frame::parse(&data).unwrap());
});
g.finish();
}
fn decode_ethernet_with_vlan(c: &mut Criterion) {
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0, 4, 210, 1, 2, 3, 4, 5, 6, 7, 8];
let mut g = c.benchmark_group("payload");
g.throughput(Throughput::Bytes(1400));
g.bench_function("decode_ethernet_with_vlan", |b| {
b.iter(|| Frame::parse(&data).unwrap());
});
g.finish();
}
fn lookup_warm(c: &mut Criterion) {
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
let addr = Address::from_str("1.2.3.4").unwrap();
table.cache(addr, SocketAddr::from_str("1.2.3.4:3210").unwrap());
let mut g = c.benchmark_group("table");
g.throughput(Throughput::Bytes(1400));
g.bench_function("lookup_warm", |b| {
b.iter(|| table.lookup(addr));
});
g.finish();
}
fn lookup_cold(c: &mut Criterion) {
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
let addr = Address::from_str("1.2.3.4").unwrap();
table.set_claims(SocketAddr::from_str("1.2.3.4:3210").unwrap(), smallvec![Range::from_str("1.2.3.4/32").unwrap()]);
let mut g = c.benchmark_group("table");
g.throughput(Throughput::Bytes(1400));
g.bench_function("lookup_cold", |b| {
b.iter(|| {
table.clear_cache();
table.lookup(addr)
});
});
g.finish();
}
fn crypto_bench(c: &mut Criterion, algo: &'static aead::Algorithm) {
let mut buffer = MsgBuffer::new(EXTRA_LEN);
buffer.set_length(1400);
let (mut sender, mut receiver) = create_dummy_pair(algo);
let mut g = c.benchmark_group("crypto");
g.throughput(Throughput::Bytes(2*1400));
g.bench_function(format!("{:?}", algo), |b| {
b.iter(|| {
sender.encrypt(&mut buffer);
receiver.decrypt(&mut buffer).unwrap();
});
});
g.finish()
}
fn crypto_chacha20(c: &mut Criterion) {
crypto_bench(c, &aead::CHACHA20_POLY1305)
}
fn crypto_aes128(c: &mut Criterion) {
crypto_bench(c, &aead::AES_128_GCM)
}
fn crypto_aes256(c: &mut Criterion) {
crypto_bench(c, &aead::AES_256_GCM)
}
criterion_group!(benches, udp_send, decode_ipv4, decode_ipv6, decode_ethernet, decode_ethernet_with_vlan, lookup_cold, lookup_warm, crypto_chacha20, crypto_aes128, crypto_aes256);
criterion_main!(benches);

View File

@ -19,7 +19,7 @@ RUN useradd -ms /bin/bash user
USER user
WORKDIR /home/user
ENV RUST=1.49.0
ENV RUST=1.48.0
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST}

View File

@ -7,7 +7,7 @@ RUN useradd -ms /bin/bash user
USER user
WORKDIR /home/user
ENV RUST=1.49.0
ENV RUST=1.48.0
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST}

View File

@ -4,20 +4,18 @@
use super::{device::Type, types::Mode, util::Duration};
pub use crate::crypto::Config as CryptoConfig;
use crate::util::run_cmd;
use std::{
cmp::max,
collections::HashMap,
ffi::OsStr,
net::{IpAddr, Ipv6Addr, SocketAddr},
process::Command,
thread
net::{IpAddr, Ipv6Addr, SocketAddr}
};
use structopt::{clap::Shell, StructOpt};
use structopt::StructOpt;
pub const DEFAULT_PEER_TIMEOUT: u16 = 300;
pub const DEFAULT_PORT: u16 = 3210;
fn parse_listen(addr: &str) -> SocketAddr {
if let Some(addr) = addr.strip_prefix("*:") {
let port = try_fail!(addr.parse::<u16>(), "Invalid port: {}");
@ -62,9 +60,7 @@ pub struct Config {
pub statsd_server: Option<String>,
pub statsd_prefix: Option<String>,
pub user: Option<String>,
pub group: Option<String>,
pub hook: Option<String>,
pub hooks: HashMap<String, String>
pub group: Option<String>
}
impl Default for Config {
@ -97,9 +93,7 @@ impl Default for Config {
statsd_server: None,
statsd_prefix: None,
user: None,
group: None,
hook: None,
hooks: HashMap::new()
group: None
}
}
}
@ -204,12 +198,6 @@ impl Config {
if !file.crypto.algorithms.is_empty() {
self.crypto.algorithms = file.crypto.algorithms.clone();
}
if let Some(val) = file.hook {
self.hook = Some(val)
}
for (k, v) in file.hooks {
self.hooks.insert(k, v);
}
}
pub fn merge_args(&mut self, mut args: Args) {
@ -303,16 +291,6 @@ impl Config {
if !args.algorithms.is_empty() {
self.crypto.algorithms = args.algorithms.clone();
}
for s in args.hook {
if s.contains(':') {
let pos = s.find(':').unwrap();
let name = &s[..pos];
let hook = &s[pos+1..];
self.hooks.insert(name.to_string(), hook.to_string());
} else {
self.hook = Some(s);
}
}
}
pub fn get_keepalive(&self) -> Duration {
@ -321,31 +299,8 @@ impl Config {
None => max(self.peer_timeout / 2 - 60, 1)
}
}
}
pub fn call_hook(
&self, event: &'static str, envs: impl IntoIterator<Item = (&'static str, impl AsRef<OsStr>)>, detach: bool
) {
let mut script = None;
if let Some(ref s) = self.hook {
script = Some(s);
}
if let Some(ref s) = self.hooks.get(event) {
script = Some(s);
}
if script.is_none() {
return
}
let script = script.unwrap();
let mut cmd = Command::new("sh");
cmd.arg("-c").arg(script).envs(envs).env("EVENT", event);
debug!("Running event script: {:?}", cmd);
if detach {
thread::spawn(move || run_cmd(cmd));
} else {
run_cmd(cmd)
}
}
}
#[derive(StructOpt, Debug, Default)]
pub struct Args {
@ -370,7 +325,7 @@ pub struct Args {
pub mode: Option<Mode>,
/// The shared password to encrypt all traffic
#[structopt(short, long, required_unless_one = &["private-key", "config", "genkey", "version", "completion"], env)]
#[structopt(short, long, required_unless_one = &["private-key", "config", "genkey", "version"], env)]
pub password: Option<String>,
/// The private key to use
@ -503,15 +458,7 @@ pub struct Args {
/// Migrate an old config file
#[structopt(long, alias = "migrate", requires = "config")]
pub migrate_config: bool,
/// Generate shell completions
#[structopt(long)]
pub completion: Option<Shell>,
/// Call script on event
#[structopt(long)]
pub hook: Vec<String>
pub migrate_config: bool
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Default)]
@ -565,11 +512,10 @@ pub struct ConfigFile {
pub stats_file: Option<String>,
pub statsd: Option<ConfigFileStatsd>,
pub user: Option<String>,
pub group: Option<String>,
pub hook: Option<String>,
pub hooks: HashMap<String, String>
pub group: Option<String>
}
#[test]
fn config_file() {
let config_file = "
@ -636,9 +582,7 @@ statsd:
statsd: Some(ConfigFileStatsd {
server: Some("example.com:1234".to_string()),
prefix: Some("prefix".to_string())
}),
hook: None,
hooks: HashMap::new()
})
})
}
@ -672,12 +616,9 @@ fn default_config_as_default() {
statsd_server: None,
statsd_prefix: None,
user: None,
group: None,
hook: None,
hooks: HashMap::new()
group: None
};
let default_config_file =
serde_yaml::from_str::<ConfigFile>(include_str!("../assets/example.net.disabled")).unwrap();
let default_config_file = serde_yaml::from_str::<ConfigFile>(include_str!("../assets/example.net.disabled")).unwrap();
default_config.merge_file(default_config_file);
assert_eq!(default_config, Config::default());
}
@ -718,9 +659,7 @@ fn config_merge() {
statsd: Some(ConfigFileStatsd {
server: Some("example.com:1234".to_string()),
prefix: Some("prefix".to_string())
}),
hook: None,
hooks: HashMap::new()
})
});
assert_eq!(config, Config {
device_type: Type::Tun,
@ -809,8 +748,6 @@ fn config_merge() {
stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()),
statsd_server: Some("example.com:2345".to_string()),
statsd_prefix: Some("prefix2".to_string()),
daemonize: true,
hook: None,
hooks: HashMap::new()
daemonize: true
});
}

View File

@ -1,41 +1,41 @@
// This module implements a crypto core for encrypting and decrypting message streams
//
// The crypto core only encrypts and decrypts messages, using given keys. Negotiating and rotating the keys is out of
// scope of the crypto core. The crypto core assumes that the remote node will always have the necessary key to decrypt
// the message.
//
// The crypto core encrypts messages in place, writes some extra data (key id and nonce) into a given space and
// includes the given header data in the authentication tag. When decrypting messages, the crypto core reads the extra
// data, uses the key id to find the right key to decrypting the message and then decrypts the message, using the given
// nonce and including the given header data in the verification of the authentication tag.
//
// While the core only uses a single key at a time for encrypting messages, it is ready to decrypt messages based on
// one of 4 stored keys (the encryption key being one of them). An external key rotation is responsible for adding the
// key to the remote peer before switching to the key on the local peer for encryption.
//
// As mentioned, the encryption and decryption works in place. Therefore the parameter payload_and_tag contains (when
// decrypting) or provides space for (when encrypting) the payload and the authentication tag. When encrypting, that
// means, that the last TAG_LEN bytes of payload_and_tag must be reserved for the tag and must not contain payload
// bytes.
//
// The nonce is a value of 12 bytes (192 bits). Since both nodes can use the same key for encryption, the most
// significant byte (msb) of the nonce is initialized differently on both peers: one peer uses the value 0x00 and the
// other one 0x80. That means that the nonce space is essentially divided in two halves, one for each node.
//
// To save space and keep the encrypted data aligned to 64 bits, not all bytes of the nonce are transferred. Instead,
// only 7 bytes are included in messages (another byte is used for the key id, hence 64 bit alignment). The rest of the
// nonce is deduced by the nodes: All other bytes are assumed to be 0x00, except for the most significant byte, which
// is assumed to be the opposite ones own msb. This has two nice effects:
// 1) Long before the nonce could theoretically repeat, the messages can no longer be decrypted by the peer as the
// higher bytes are no longer zero as assumed.
// 2) By deducing the msb to be the opposite of ones own msb, it is no longer possible for an attacker to redirect a
// message back to the sender because then the assumed nonce will be wrong and the message fails to decrypt. Otherwise,
// this could lead to problems as nodes would be able to accidentally decrypt their own messages.
//
// In order to be resistent against replay attacks but allow for reordering of messages, the crypto core uses nonce
// pinning. For every active key, the biggest nonce seen so far is being tracked. Every second, the biggest nonce seen
// one second ago plus 1 becomes the minimum nonce that is accepted for that key. That means, that reordering can
// happen within one second but after a second, old messages will not be accepted anymore.
//! This module implements a crypto core for encrypting and decrypting message streams
//!
//! The crypto core only encrypts and decrypts messages, using given keys. Negotiating and rotating the keys is out of
//! scope of the crypto core. The crypto core assumes that the remote node will always have the necessary key to decrypt
//! the message.
//!
//! The crypto core encrypts messages in place, writes some extra data (key id and nonce) into a given space and
//! includes the given header data in the authentication tag. When decrypting messages, the crypto core reads the extra
//! data, uses the key id to find the right key to decrypting the message and then decrypts the message, using the given
//! nonce and including the given header data in the verification of the authentication tag.
//!
//! While the core only uses a single key at a time for encrypting messages, it is ready to decrypt messages based on
//! one of 4 stored keys (the encryption key being one of them). An external key rotation is responsible for adding the
//! key to the remote peer before switching to the key on the local peer for encryption.
//!
//! As mentioned, the encryption and decryption works in place. Therefore the parameter payload_and_tag contains (when
//! decrypting) or provides space for (when encrypting) the payload and the authentication tag. When encrypting, that
//! means, that the last TAG_LEN bytes of payload_and_tag must be reserved for the tag and must not contain payload
//! bytes.
//!
//! The nonce is a value of 12 bytes (192 bits). Since both nodes can use the same key for encryption, the most
//! significant byte (msb) of the nonce is initialized differently on both peers: one peer uses the value 0x00 and the
//! other one 0x80. That means that the nonce space is essentially divided in two halves, one for each node.
//!
//! To save space and keep the encrypted data aligned to 64 bits, not all bytes of the nonce are transferred. Instead,
//! only 7 bytes are included in messages (another byte is used for the key id, hence 64 bit alignment). The rest of the
//! nonce is deduced by the nodes: All other bytes are assumed to be 0x00, except for the most significant byte, which
//! is assumed to be the opposite ones own msb. This has two nice effects:
//! 1) Long before the nonce could theoretically repeat, the messages can no longer be decrypted by the peer as the
//! higher bytes are no longer zero as assumed.
//! 2) By deducing the msb to be the opposite of ones own msb, it is no longer possible for an attacker to redirect a
//! message back to the sender because then the assumed nonce will be wrong and the message fails to decrypt. Otherwise,
//! this could lead to problems as nodes would be able to accidentally decrypt their own messages.
//!
//! In order to be resistent against replay attacks but allow for reordering of messages, the crypto core uses nonce
//! pinning. For every active key, the biggest nonce seen so far is being tracked. Every second, the biggest nonce seen
//! one second ago plus 1 becomes the minimum nonce that is accepted for that key. That means, that reordering can
//! happen within one second but after a second, old messages will not be accepted anymore.
use byteorder::{ReadBytesExt, WriteBytesExt};
use ring::{
@ -467,3 +467,37 @@ mod tests {
assert!(speed > 10.0);
}
}
#[cfg(feature = "bench")]
mod benches {
use super::*;
use test::Bencher;
fn crypto_bench(b: &mut Bencher, algo: &'static aead::Algorithm) {
let mut buffer = MsgBuffer::new(EXTRA_LEN);
buffer.set_length(1400);
let (mut sender, mut receiver) = create_dummy_pair(algo);
b.iter(|| {
sender.encrypt(&mut buffer);
receiver.decrypt(&mut buffer).unwrap();
});
b.bytes = 1400;
}
#[bench]
fn crypto_chacha20(b: &mut Bencher) {
crypto_bench(b, &aead::CHACHA20_POLY1305)
}
#[bench]
fn crypto_aes128(b: &mut Bencher) {
crypto_bench(b, &aead::AES_128_GCM)
}
#[bench]
fn crypto_aes256(b: &mut Bencher) {
crypto_bench(b, &aead::AES_256_GCM)
}
}

View File

@ -1,61 +1,59 @@
// This module implements a 3-way handshake to initialize an authenticated and encrypted connection.
//
// The handshake assumes that each node has a asymmetric Curve 25519 key pair as well as a list of trusted public keys
// and a set of supported crypto algorithms as well as the expected speed when using them. If successful, the handshake
// will negotiate a crypto algorithm to use and a common ephemeral symmetric key and exchange a given payload between
// the nodes.
//
// The handshake consists of 3 stages, "ping", "pong" and "peng". In the following description, the node that initiates
// the connection is named "A" and the other node is named "B". Since a lot of things are going on in parallel in the
// handshake, those aspects are described separately in the following paragraphs.
//
// Every message contains the node id of the sender. If a node receives a message with its own node id, it just ignores
// it and closes the connection. This is the way nodes avoid to connect to themselves as it is not trivial for a node
// to know its own addresses (especially in the case of NAT).
//
// All initialization messages are signed by the asymmetric key of the sender. Also the messages indicate the public
// key being used, so the receiver can use the correct public key to verify the signature. The public key itself is not
// attached to the message for privacy reasons (the public key is stable over multiple restarts while the node id is
// only valid for a single run). Instead, a 2 byte salt value as well as the last 2 bytes of the salted sha 2 hash of
// the public key are used to identify the public key. This way, a receiver that trusts this public key can identify
// it but a random observer can't. If the public key is unknown or the signature can't be verified, the message is
// ignored.
//
// Every message contains a byte that specifies the stage (ping = 1, pong = 2, peng = 3). If a message with an
// unexpected stage is received, it is ignored and the last message that has been sent is repeated. There is only one
// exception to this rule: if a "pong" message is expected, but a "ping" message is received instead AND the node id of
// the sender is greater than the node id of the receiver, the receiving node will reset its state and assume the role
// of a receiver of the initialization (i.e. "B"). This is used to "negotiate" the roles A and B when both nodes
// initiate the connection in parallel and think they are A.
//
// Upon connection creation, both nodes create a random ephemeral ECDH key pair and exchange the public keys in the
// ping and pong messages. A sends the ping message to B containing A's public key and B replies with a pong message
// containing B's public key. That means, that after receiving the ping message B can calculate the shared key material
// and after receiving the pong message A can calculate the shared key material.
//
// The ping message and the pong message contain a set of supported crypto algorithms together with the estimated
// speeds of the algorithms. When B receives a ping message, or A receives a pong message, it can combine this
// information with its own algorithm list and select the algorithm with the best expected speed for the crypto core.
//
// The pong and peng message contain the payload that the nodes want to exchange in the initialization phase apart from
// the cryptographic initialization. This payload is encoded according to the application and encrypted using the key
// material and the crypto algorithm that have been negotiated via the ping and pong messages. The pong message,
// therefore contains information to set up symmetric encryption as well as a part that is already encrypted.
//
// The handshake ends for A after sending the peng message and for B after receiving this message. At this time both
// nodes initialize the connection using the payload and enter normal operation. The negotiated crypto core is used for
// future communication and the key rotation is started. Since the peng message can be lost, A needs to keep the
// initialization state in order to repeat a lost peng message. After one second, A removes that state.
//
// Once every second, both nodes check whether they have already finished the initialization. If not, they repeat their
// last message. After 5 seconds, the initialization is aborted as failed.
//! This module implements a 3-way handshake to initialize an authenticated and encrypted connection.
//!
//! The handshake assumes that each node has a asymmetric Curve 25519 key pair as well as a list of trusted public keys
//! and a set of supported crypto algorithms as well as the expected speed when using them. If successful, the handshake
//! will negotiate a crypto algorithm to use and a common ephemeral symmetric key and exchange a given payload between
//! the nodes.
//!
//! The handshake consists of 3 stages, "ping", "pong" and "peng". In the following description, the node that initiates
//! the connection is named "A" and the other node is named "B". Since a lot of things are going on in parallel in the
//! handshake, those aspects are described separately in the following paragraphs.
//!
//! Every message contains the node id of the sender. If a node receives a message with its own node id, it just ignores
//! it and closes the connection. This is the way nodes avoid to connect to themselves as it is not trivial for a node
//! to know its own addresses (especially in the case of NAT).
//!
//! All initialization messages are signed by the asymmetric key of the sender. Also the messages indicate the public
//! key being used, so the receiver can use the correct public key to verify the signature. The public key itself is not
//! attached to the message for privacy reasons (the public key is stable over multiple restarts while the node id is
//! only valid for a single run). Instead, a 2 byte salt value as well as the last 2 bytes of the salted sha 2 hash of
//! the public key are used to identify the public key. This way, a receiver that trusts this public key can identify
//! it but a random observer can't. If the public key is unknown or the signature can't be verified, the message is
//! ignored.
//!
//! Every message contains a byte that specifies the stage (ping = 1, pong = 2, peng = 3). If a message with an
//! unexpected stage is received, it is ignored and the last message that has been sent is repeated. There is only one
//! exception to this rule: if a "pong" message is expected, but a "ping" message is received instead AND the node id of
//! the sender is greater than the node id of the receiver, the receiving node will reset its state and assume the role
//! of a receiver of the initialization (i.e. "B"). This is used to "negotiate" the roles A and B when both nodes
//! initiate the connection in parallel and think they are A.
//!
//! Upon connection creation, both nodes create a random ephemeral ECDH key pair and exchange the public keys in the
//! ping and pong messages. A sends the ping message to B containing A's public key and B replies with a pong message
//! containing B's public key. That means, that after receiving the ping message B can calculate the shared key material
//! and after receiving the pong message A can calculate the shared key material.
//!
//! The ping message and the pong message contain a set of supported crypto algorithms together with the estimated
//! speeds of the algorithms. When B receives a ping message, or A receives a pong message, it can combine this
//! information with its own algorithm list and select the algorithm with the best expected speed for the crypto core.
//!
//! The pong and peng message contain the payload that the nodes want to exchange in the initialization phase apart from
//! the cryptographic initialization. This payload is encoded according to the application and encrypted using the key
//! material and the crypto algorithm that have been negotiated via the ping and pong messages. The pong message,
//! therefore contains information to set up symmetric encryption as well as a part that is already encrypted.
//!
//! The handshake ends for A after sending the peng message and for B after receiving this message. At this time both
//! nodes initialize the connection using the payload and enter normal operation. The negotiated crypto core is used for
//! future communication and the key rotation is started. Since the peng message can be lost, A needs to keep the
//! initialization state in order to repeat a lost peng message. After one second, A removes that state.
//!
//! Once every second, both nodes check whether they have already finished the initialization. If not, they repeat their
//! last message. After 5 seconds, the initialization is aborted as failed.
use super::{
core::{CryptoCore, EXTRA_LEN},
rotate::RotationState,
Algorithms, EcdhPrivateKey, EcdhPublicKey, Ed25519PublicKey, Error, MsgBuffer, Payload, PeerCrypto,
MESSAGE_TYPE_ROTATION
Algorithms, EcdhPrivateKey, EcdhPublicKey, Ed25519PublicKey, Error, MsgBuffer, Payload
};
use crate::types::NodeId;
use byteorder::{NetworkEndian, ReadBytesExt, WriteBytesExt};
@ -74,7 +72,6 @@ use std::{
sync::Arc
};
pub const INIT_MESSAGE_FIRST_BYTE: u8 = 0xff;
pub const STAGE_PING: u8 = 1;
pub const STAGE_PONG: u8 = 2;
@ -88,11 +85,6 @@ pub const SALTED_NODE_ID_HASH_LEN: usize = 20;
pub type SaltedNodeIdHash = [u8; SALTED_NODE_ID_HASH_LEN];
pub fn is_init_message(msg: &[u8]) -> bool {
!msg.is_empty() && msg[0] == INIT_MESSAGE_FIRST_BYTE
}
#[allow(clippy::large_enum_variant)]
pub enum InitMsg {
Ping {
@ -149,9 +141,6 @@ impl InitMsg {
fn read_from(buffer: &[u8], trusted_keys: &[Ed25519PublicKey]) -> Result<(Self, Ed25519PublicKey), Error> {
let mut r = Cursor::new(buffer);
if r.read_u8().map_err(|_| Error::Parse("Init message too short"))? != INIT_MESSAGE_FIRST_BYTE {
return Err(Error::Parse("Init message has invalid first byte"))
}
let mut public_key_salt = [0; 4];
r.read_exact(&mut public_key_salt).map_err(|_| Error::Parse("Init message too short"))?;
let mut public_key_hash = [0; 4];
@ -301,7 +290,6 @@ impl InitMsg {
fn write_to(&self, buffer: &mut [u8], key: &Ed25519KeyPair) -> Result<usize, io::Error> {
let mut w = Cursor::new(buffer);
w.write_u8(INIT_MESSAGE_FIRST_BYTE)?;
let rand = SystemRandom::new();
let mut salt = [0; 4];
rand.fill(&mut salt).unwrap();
@ -390,9 +378,9 @@ pub enum InitResult<P: Payload> {
Success { peer_payload: P, is_initiator: bool }
}
pub struct InitState<P: Payload> {
node_id: NodeId,
is_initiator: bool,
salted_node_id_hash: SaltedNodeIdHash,
payload: P,
key_pair: Arc<Ed25519KeyPair>,
@ -401,7 +389,7 @@ pub struct InitState<P: Payload> {
next_stage: u8,
close_time: usize,
last_message: Option<Vec<u8>>,
crypto: Option<Arc<CryptoCore>>,
crypto: Option<CryptoCore>,
algorithms: Algorithms,
selected_algorithm: Option<&'static Algorithm>,
failed_retries: usize
@ -421,7 +409,6 @@ impl<P: Payload> InitState<P> {
hash[4..].clone_from_slice(&d.as_ref()[..16]);
Self {
node_id,
is_initiator: false,
salted_node_id_hash: hash,
payload,
key_pair,
@ -444,7 +431,7 @@ impl<P: Payload> InitState<P> {
// create stage 1 msg
self.send_message(STAGE_PING, Some(ecdh_public_key), out);
self.is_initiator = true;
self.next_stage = STAGE_PONG;
}
@ -601,7 +588,6 @@ impl<P: Payload> InitState<P> {
// the node with the higher node_id "wins" and gets to initialize the connection
if salted_node_id_hash > self.salted_node_id_hash {
// reset to initial state
self.is_initiator = false;
self.next_stage = STAGE_PING;
self.last_message = None;
self.ecdh_private_key = None;
@ -628,8 +614,7 @@ impl<P: Payload> InitState<P> {
self.selected_algorithm = algorithm.map(|a| a.0);
if let Some((algorithm, _speed)) = algorithm {
let master_key = self.derive_master_key(algorithm, my_ecdh_private_key, &ecdh_public_key);
self.crypto =
Some(Arc::new(CryptoCore::new(master_key, self.salted_node_id_hash > salted_node_id_hash)));
self.crypto = Some(CryptoCore::new(master_key, self.salted_node_id_hash > salted_node_id_hash));
}
// create and send stage 2 reply
@ -645,8 +630,7 @@ impl<P: Payload> InitState<P> {
self.selected_algorithm = algorithm.map(|a| a.0);
if let Some((algorithm, _speed)) = algorithm {
let master_key = self.derive_master_key(algorithm, ecdh_private_key, &ecdh_public_key);
self.crypto =
Some(Arc::new(CryptoCore::new(master_key, self.salted_node_id_hash > salted_node_id_hash)));
self.crypto = Some(CryptoCore::new(master_key, self.salted_node_id_hash > salted_node_id_hash));
}
// decrypt the payload
@ -673,19 +657,8 @@ impl<P: Payload> InitState<P> {
}
}
pub fn finish(self, buffer: &mut MsgBuffer) -> PeerCrypto {
assert!(buffer.is_empty());
let rotation = if self.crypto.is_some() { Some(RotationState::new(!self.is_initiator, buffer)) } else { None };
if !buffer.is_empty() {
buffer.prepend_byte(MESSAGE_TYPE_ROTATION);
}
PeerCrypto {
algorithm: self.crypto.map(|c| c.algorithm()),
core: self.crypto,
rotation,
rotate_counter: 0,
last_init_message: self.last_message
}
pub fn take_core(&mut self) -> Option<CryptoCore> {
self.crypto.take()
}
}

View File

@ -2,10 +2,11 @@ mod core;
mod init;
mod rotate;
use self::{core::test_speed, init::InitState, rotate::RotationState};
pub use self::{
core::{CryptoCore, EXTRA_LEN, TAG_LEN},
init::{is_init_message, INIT_MESSAGE_FIRST_BYTE}
pub use self::core::{EXTRA_LEN, TAG_LEN, CryptoCore};
use self::{
core::{test_speed, CryptoCore},
init::{InitResult, InitState, CLOSING},
rotate::RotationState
};
use crate::{
error::Error,
@ -25,7 +26,7 @@ use thiserror::Error;
const SALT: &[u8; 32] = b"vpncloudVPNCLOUDvpncl0udVpnCloud";
const INIT_MESSAGE_FIRST_BYTE: u8 = 0xff;
const MESSAGE_TYPE_ROTATION: u8 = 0x10;
pub type Ed25519PublicKey = [u8; ED25519_PUBLIC_KEY_LEN];
@ -185,35 +186,100 @@ impl Crypto {
Ok(result)
}
pub fn peer_instance<P: Payload>(&self, payload: P) -> InitState<P> {
InitState::new(self.node_id, payload, self.key_pair.clone(), self.trusted_keys.clone(), self.algorithms.clone())
pub fn peer_instance<P: Payload>(&self, payload: P) -> PeerCrypto<P> {
PeerCrypto::new(
self.node_id,
payload,
self.key_pair.clone(),
self.trusted_keys.clone(),
self.algorithms.clone()
)
}
}
#[derive(Debug, PartialEq)]
pub enum MessageResult {
pub enum MessageResult<P: Payload> {
Message(u8),
Initialized(P),
InitializedWithReply(P),
Reply,
None
}
// TODO: completely rewrite
// PeerCrypto is only for initialized crypto
// Init is consumed and generates PeerCrypto
pub struct PeerCrypto {
pub struct PeerCrypto<P: Payload> {
#[allow(dead_code)]
last_init_message: Option<Vec<u8>>,
algorithm: Option<&'static Algorithm>,
node_id: NodeId,
init: Option<InitState<P>>,
rotation: Option<RotationState>,
core: Option<Arc<CryptoCore>>,
unencrypted: bool,
core: Option<CryptoCore>,
rotate_counter: usize
}
impl PeerCrypto {
impl<P: Payload> PeerCrypto<P> {
pub fn new(
node_id: NodeId, init_payload: P, key_pair: Arc<Ed25519KeyPair>, trusted_keys: Arc<[Ed25519PublicKey]>,
algorithms: Algorithms
) -> Self
{
Self {
node_id,
init: Some(InitState::new(node_id, init_payload, key_pair, trusted_keys, algorithms)),
rotation: None,
unencrypted: false,
core: None,
rotate_counter: 0
}
}
fn get_init(&mut self) -> Result<&mut InitState<P>, Error> {
if let Some(init) = &mut self.init {
Ok(init)
} else {
Err(Error::InvalidCryptoState("Initialization already finished"))
}
}
fn get_core(&mut self) -> Result<&mut CryptoCore, Error> {
if let Some(core) = &mut self.core {
Ok(core)
} else {
Err(Error::InvalidCryptoState("Crypto core not ready yet"))
}
}
fn get_rotation(&mut self) -> Result<&mut RotationState, Error> {
if let Some(rotation) = &mut self.rotation {
Ok(rotation)
} else {
Err(Error::InvalidCryptoState("Key rotation not initialized"))
}
}
pub fn initialize(&mut self, out: &mut MsgBuffer) -> Result<(), Error> {
let init = self.get_init()?;
if init.stage() != init::STAGE_PING {
Err(Error::InvalidCryptoState("Initialization already ongoing"))
} else {
init.send_ping(out);
out.prepend_byte(INIT_MESSAGE_FIRST_BYTE);
Ok(())
}
}
pub fn has_init(&self) -> bool {
self.init.is_some()
}
pub fn is_ready(&self) -> bool {
self.core.is_some()
}
pub fn algorithm_name(&self) -> &'static str {
if let Some(algo) = self.algorithm {
if let Some(ref core) = self.core {
let algo = core.algorithm();
if algo == &aead::CHACHA20_POLY1305 {
"CHACHA20"
} else if algo == &aead::AES_128_GCM {
@ -228,54 +294,78 @@ impl PeerCrypto {
}
}
fn handle_init_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult, Error> {
// TODO: parse message stage
// TODO: depending on stage resend last message
Ok(MessageResult::None)
fn handle_init_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult<P>, Error> {
let result = self.get_init()?.handle_init(buffer)?;
if !buffer.is_empty() {
buffer.prepend_byte(INIT_MESSAGE_FIRST_BYTE);
}
match result {
InitResult::Continue => Ok(MessageResult::Reply),
InitResult::Success { peer_payload, is_initiator } => {
self.core = self.get_init()?.take_core();
if self.core.is_none() {
self.unencrypted = true;
}
if self.get_init()?.stage() == init::CLOSING {
self.init = None
}
if self.core.is_some() {
self.rotation = Some(RotationState::new(!is_initiator, buffer));
}
if !is_initiator {
if self.unencrypted {
return Ok(MessageResult::Initialized(peer_payload))
}
assert!(!buffer.is_empty());
buffer.prepend_byte(MESSAGE_TYPE_ROTATION);
self.encrypt_message(buffer)?;
}
Ok(MessageResult::InitializedWithReply(peer_payload))
}
}
}
fn handle_rotate_message(&mut self, data: &[u8]) -> Result<(), Error> {
if let Some(rotation) = &mut self.rotation {
if let Some(rot) = rotation.handle_message(data)? {
let algo = self.algorithm.unwrap();
let key = LessSafeKey::new(UnboundKey::new(algo, &rot.key[..algo.key_len()]).unwrap());
self.core.unwrap().rotate_key(key, rot.id, rot.use_for_sending);
if self.unencrypted {
return Ok(())
}
if let Some(rot) = self.get_rotation()?.handle_message(data)? {
let core = self.get_core()?;
let algo = core.algorithm();
let key = LessSafeKey::new(UnboundKey::new(algo, &rot.key[..algo.key_len()]).unwrap());
core.rotate_key(key, rot.id, rot.use_for_sending);
}
Ok(())
}
fn encrypt_message(&mut self, buffer: &mut MsgBuffer) {
if let Some(core) = &mut self.core {
core.encrypt(buffer)
fn encrypt_message(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> {
if self.unencrypted {
return Ok(())
}
self.get_core()?.encrypt(buffer);
Ok(())
}
fn decrypt_message(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
if let Some(core) = &mut self.core {
core.decrypt(buffer)
} else {
Ok(())
if self.unencrypted {
return Ok(())
}
self.get_core()?.decrypt(buffer)
}
pub fn handle_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult, Error> {
// HOT PATH
pub fn handle_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult<P>, Error> {
if buffer.is_empty() {
return Err(Error::InvalidCryptoState("No message in buffer"))
}
if is_init_message(buffer.buffer()) {
// COLD PATH
debug!("Received init message");
buffer.take_prefix();
self.handle_init_message(buffer)
} else {
// HOT PATH
debug!("Received encrypted message");
self.decrypt_message(buffer)?;
let msg_type = buffer.take_prefix();
if msg_type == MESSAGE_TYPE_ROTATION {
// COLD PATH
debug!("Received rotation message");
self.handle_rotate_message(buffer.buffer())?;
buffer.clear();
@ -286,38 +376,52 @@ impl PeerCrypto {
}
}
pub fn send_message(&mut self, type_: u8, buffer: &mut MsgBuffer) {
// HOT PATH
pub fn send_message(&mut self, type_: u8, buffer: &mut MsgBuffer) -> Result<(), Error> {
assert_ne!(type_, MESSAGE_TYPE_ROTATION);
buffer.prepend_byte(type_);
self.encrypt_message(buffer);
self.encrypt_message(buffer)
}
pub fn every_second(&mut self, out: &mut MsgBuffer) -> MessageResult {
pub fn every_second(&mut self, out: &mut MsgBuffer) -> Result<MessageResult<P>, Error> {
out.clear();
if let Some(ref mut core) = self.core {
core.every_second()
}
if let Some(ref mut init) = self.init {
init.every_second(out)?;
}
if self.init.as_ref().map(|i| i.stage()).unwrap_or(CLOSING) == CLOSING {
self.init = None
}
if !out.is_empty() {
out.prepend_byte(INIT_MESSAGE_FIRST_BYTE);
return Ok(MessageResult::Reply)
}
if let Some(ref mut rotate) = self.rotation {
self.rotate_counter += 1;
if self.rotate_counter >= ROTATE_INTERVAL {
self.rotate_counter = 0;
if let Some(rot) = rotate.cycle(out) {
let algo = self.algorithm.unwrap();
let core = self.get_core()?;
let algo = core.algorithm();
let key = LessSafeKey::new(UnboundKey::new(algo, &rot.key[..algo.key_len()]).unwrap());
self.core.unwrap().rotate_key(key, rot.id, rot.use_for_sending);
core.rotate_key(key, rot.id, rot.use_for_sending);
}
if !out.is_empty() {
out.prepend_byte(MESSAGE_TYPE_ROTATION);
self.encrypt_message(out);
return MessageResult::Reply
self.encrypt_message(out)?;
return Ok(MessageResult::Reply)
}
}
}
MessageResult::None
Ok(MessageResult::None)
}
}
pub fn is_init_message(msg: &[u8]) -> bool {
!msg.is_empty() && msg[0] == INIT_MESSAGE_FIRST_BYTE
}
#[cfg(test)]
mod tests {

View File

@ -1,29 +1,29 @@
// This module implements a turn based key rotation.
//
// The main idea is that both peers periodically create ecdh key pairs and exchange their public keys to create
// common key material. There are always two separate ecdh handshakes going on: one initiated by each peer.
// However, one handshake is always one step ahead of the other. That means that every message being sent contains a
// public key from step 1 of the handshake "proposed key" and a public key from step 2 of the handshake "confirmed
// key" (all messages except first message).
//
// When receiving a message from the peer, the node will create a new ecdh key pair and perform the key
// calculation for the proposed key. The peer will store the public key for the confirmation as pending to be
// confirmed in the next cycle. Also, if the message contains a confirmation (all but the very first message do),
// the node will use the stored private key to perform the ecdh key calculation and emit that key to be used in
// the crypto stream.
//
// Upon each cycle, a node first checks if it still has a proposed key that has not been confirmed by the remote
// peer. If so, a message must have been lost and the whole last message including the proposed key as well as the
// last confirmed key is being resent. If no proposed key is stored, the node will create a new ecdh key pair, and
// store the private key as proposed key. It then sends out a message containing the public key as proposal, as
// well as confirming the pending key. This key is also emitted to be added to the crypto stream but not to be
// used for encrypting.
//
// Monotonically increasing message ids guard the communication from message duplication and also serve as
// identifiers for the keys to be used in the crypto stream. Since the keys are rotating, the last 2 bits of the
// id are enough to identify the key.
//
// The whole communication is sent via the crypto stream and is therefore encrypted and protected against tampering.
//! This module implements a turn based key rotation.
//!
//! The main idea is that both peers periodically create ecdh key pairs and exchange their public keys to create
//! common key material. There are always two separate ecdh handshakes going on: one initiated by each peer.
//! However, one handshake is always one step ahead of the other. That means that every message being sent contains a
//! public key from step 1 of the handshake "proposed key" and a public key from step 2 of the handshake "confirmed
//! key" (all messages except first message).
//!
//! When receiving a message from the peer, the node will create a new ecdh key pair and perform the key
//! calculation for the proposed key. The peer will store the public key for the confirmation as pending to be
//! confirmed in the next cycle. Also, if the message contains a confirmation (all but the very first message do),
//! the node will use the stored private key to perform the ecdh key calculation and emit that key to be used in
//! the crypto stream.
//!
//! Upon each cycle, a node first checks if it still has a proposed key that has not been confirmed by the remote
//! peer. If so, a message must have been lost and the whole last message including the proposed key as well as the
//! last confirmed key is being resent. If no proposed key is stored, the node will create a new ecdh key pair, and
//! store the private key as proposed key. It then sends out a message containing the public key as proposal, as
//! well as confirming the pending key. This key is also emitted to be added to the crypto stream but not to be
//! used for encrypting.
//!
//! Monotonically increasing message ids guard the communication from message duplication and also serve as
//! identifiers for the keys to be used in the crypto stream. Since the keys are rotating, the last 2 bits of the
//! id are enough to identify the key.
//!
//! The whole communication is sent via the crypto stream and is therefore encrypted and protected against tampering.
use super::{Error, Key, MsgBuffer};
use byteorder::{NetworkEndian, ReadBytesExt, WriteBytesExt};

View File

@ -5,12 +5,12 @@
use std::{
cmp,
collections::VecDeque,
convert::TryInto,
fmt,
fs::{self, File},
io::{self, BufRead, BufReader, Cursor, Error as IoError, Read, Write},
net::{Ipv4Addr, UdpSocket},
os::unix::io::{AsRawFd, RawFd},
convert::TryInto,
str,
str::FromStr
};
@ -36,7 +36,7 @@ struct IfReq {
impl IfReq {
fn new(name: &str) -> Self {
assert!(name.len() < libc::IF_NAMESIZE);
let mut ifr_name = [0; libc::IF_NAMESIZE];
let mut ifr_name = [0 as u8; libc::IF_NAMESIZE];
ifr_name[..name.len()].clone_from_slice(name.as_bytes());
Self { ifr_name, data: IfReqData { _dummy: [0; 24] } }
}
@ -329,7 +329,7 @@ impl Device for MockDevice {
}
fn ifname(&self) -> &str {
"mock0"
unimplemented!()
}
fn read(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> {

View File

@ -30,8 +30,7 @@ use crate::{
device::{Device, Type},
error::Error,
messages::{
AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE,
MESSAGE_TYPE_NODE_INFO
AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE, MESSAGE_TYPE_NODE_INFO
},
net::{mapped_addr, Socket},
payload::Protocol,
@ -40,7 +39,7 @@ use crate::{
table::ClaimTable,
traffic::TrafficStats,
types::{Address, Mode, NodeId, Range, RangeList},
util::{addr_nice, bytes_to_hex, resolve, CtrlC, Duration, MsgBuffer, StatsdMsg, Time, TimeSource}
util::{addr_nice, resolve, CtrlC, Duration, MsgBuffer, StatsdMsg, Time, TimeSource}
};
pub type Hash = BuildHasherDefault<FnvHasher>;
@ -130,9 +129,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
info!("Auto-claiming {} due to interface address", range);
claims.push(range);
}
Err(Error::DeviceIo(_, e)) if e.kind() == io::ErrorKind::AddrNotAvailable => {
info!("No address set on interface.")
}
Err(e) => error!("{}", e)
}
}
@ -206,7 +202,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
#[inline]
fn send_to(&mut self, addr: SocketAddr, msg: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
debug!("Sending msg with {} bytes to {}", msg.len(), addr);
self.traffic.count_out_traffic(addr, msg.len());
match self.socket.send(msg.message(), addr) {
@ -218,7 +213,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
#[inline]
fn send_msg(&mut self, addr: SocketAddr, type_: u8, msg: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
debug!("Sending msg with {} bytes to {}", msg.len(), addr);
let peer = match self.peers.get_mut(&addr) {
Some(peer) => peer,
@ -235,7 +229,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
self.own_addresses.push(pfw.get_internal_ip().into());
self.own_addresses.push(pfw.get_external_ip().into());
}
// TODO: detect address changes and call event
Ok(())
}
@ -290,13 +283,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
return Ok(())
}
}
if !addrs.is_empty() {
self.config.call_hook(
"peer_connecting",
vec![("PEER", format!("{:?}", addr_nice(addrs[0]))), ("IFNAME", self.device.ifname().to_owned())],
true
);
}
// Send a message to each resolved address
for a in addrs {
// Ignore error this time
@ -472,7 +458,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
self.next_stats_out = now + STATS_INTERVAL;
self.traffic.period(Some(5));
}
// TODO: every 5 minutes: EVENT periodic
if let Some(peers) = self.beacon_serializer.get_cmd_results() {
debug!("Loaded beacon with peers: {:?}", peers);
for peer in peers {
@ -616,18 +601,15 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
}
pub fn handle_interface_data(&mut self, data: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
let (src, dst) = P::parse(data.message())?;
debug!("Read data from interface: src: {}, dst: {}, {} bytes", src, dst, data.len());
self.traffic.count_out_payload(dst, src, data.len());
match self.table.lookup(dst) {
Some(addr) => {
// HOT PATH
// Peer found for destination
debug!("Found destination for {} => {}", dst, addr);
self.send_msg(addr, MESSAGE_TYPE_DATA, data)?;
if !self.peers.contains_key(&addr) {
// COLD PATH
// If the peer is not actually connected, remove the entry in the table and try
// to reconnect.
warn!("Destination for {} not found in peers: {}", dst, addr_nice(addr));
@ -636,7 +618,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
}
}
None => {
// COLD PATH
if self.broadcast {
debug!("No destination for {} found, broadcasting", dst);
self.broadcast_msg(MESSAGE_TYPE_DATA, data)?;
@ -651,16 +632,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
fn add_new_peer(&mut self, addr: SocketAddr, info: NodeInfo) -> Result<(), Error> {
info!("Added peer {}", addr_nice(addr));
self.config.call_hook(
"peer_connected",
vec![
("PEER", format!("{:?}", addr_nice(addr))),
("IFNAME", self.device.ifname().to_owned()),
("CLAIMS", info.claims.iter().map(|r| format!("{:?}", r)).collect::<Vec<String>>().join(" ")),
("NODE_ID", bytes_to_hex(&info.node_id)),
],
true
);
if let Some(init) = self.pending_inits.remove(&addr) {
self.peers.insert(addr, PeerData {
addrs: info.addrs.clone(),
@ -678,18 +649,9 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
}
fn remove_peer(&mut self, addr: SocketAddr) {
if let Some(peer) = self.peers.remove(&addr) {
if let Some(_peer) = self.peers.remove(&addr) {
info!("Closing connection to {}", addr_nice(addr));
self.table.remove_claims(addr);
self.config.call_hook(
"peer_disconnected",
vec![
("PEER", format!("{:?}", addr)),
("IFNAME", self.device.ifname().to_owned()),
("NODE_ID", bytes_to_hex(&peer.node_id)),
],
true
);
}
}
@ -733,7 +695,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
}
fn handle_payload_from(&mut self, peer: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
let (src, dst) = P::parse(data.message())?;
let len = data.len();
debug!("Writing data to device: {} bytes", len);
@ -752,17 +713,11 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
fn handle_message(
&mut self, src: SocketAddr, msg_result: MessageResult<NodeInfo>, data: &mut MsgBuffer
) -> Result<(), Error> {
// HOT PATH
match msg_result {
MessageResult::Message(type_) => {
// HOT PATH
match type_ {
MESSAGE_TYPE_DATA => {
// HOT PATH
self.handle_payload_from(src, data)?
}
MESSAGE_TYPE_DATA => self.handle_payload_from(src, data)?,
MESSAGE_TYPE_NODE_INFO => {
// COLD PATH
let info = match NodeInfo::decode(Cursor::new(data.message())) {
Ok(val) => val,
Err(err) => {
@ -772,50 +727,31 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
};
self.update_peer_info(src, Some(info))?
}
MESSAGE_TYPE_KEEPALIVE => {
// COLD PATH
self.update_peer_info(src, None)?
}
MESSAGE_TYPE_CLOSE => {
// COLD PATH
self.remove_peer(src)
}
MESSAGE_TYPE_KEEPALIVE => self.update_peer_info(src, None)?,
MESSAGE_TYPE_CLOSE => self.remove_peer(src),
_ => {
// COLD PATH
self.traffic.count_invalid_protocol(data.len());
return Err(Error::Message("Unknown message type"))
}
}
}
MessageResult::Initialized(info) => {
// COLD PATH
self.add_new_peer(src, info)?
}
MessageResult::Initialized(info) => self.add_new_peer(src, info)?,
MessageResult::InitializedWithReply(info) => {
// COLD PATH
self.add_new_peer(src, info)?;
self.send_to(src, data)?
}
MessageResult::Reply => {
// COLD PATH
self.send_to(src, data)?
}
MessageResult::None => {
// COLD PATH
}
MessageResult::Reply => self.send_to(src, data)?,
MessageResult::None => ()
}
Ok(())
}
pub fn handle_net_message(&mut self, src: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
let src = mapped_addr(src);
debug!("Received {} bytes from {}", data.len(), src);
let msg_result = if let Some(init) = self.pending_inits.get_mut(&src) {
// COLD PATH
init.handle_message(data)
} else if is_init_message(data.message()) {
// COLD PATH
let mut result = None;
if let Some(peer) = self.peers.get_mut(&src) {
if peer.crypto.has_init() {
@ -829,14 +765,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
let msg_result = init.handle_message(data);
match msg_result {
Ok(res) => {
self.config.call_hook(
"peer_connecting",
vec![
("PEER", format!("{:?}", addr_nice(src))),
("IFNAME", self.device.ifname().to_owned()),
],
true
);
self.pending_inits.insert(src, init);
Ok(res)
}
@ -847,22 +775,15 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
}
}
} else if let Some(peer) = self.peers.get_mut(&src) {
// HOT PATH
peer.crypto.handle_message(data)
} else {
// COLD PATH
info!("Ignoring non-init message from unknown peer {}", addr_nice(src));
self.traffic.count_invalid_protocol(data.len());
return Ok(())
};
// HOT PATH
match msg_result {
Ok(val) => {
// HOT PATH
self.handle_message(src, val, data)
},
Ok(val) => self.handle_message(src, val, data),
Err(err) => {
// COLD PATH
self.traffic.count_invalid_protocol(data.len());
Err(err)
}
@ -876,36 +797,26 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
}
fn handle_socket_event(&mut self, buffer: &mut MsgBuffer) {
// HOT PATH
let src = try_fail!(self.socket.receive(buffer), "Failed to read from network socket: {}");
self.traffic.count_in_traffic(src, buffer.len());
match self.handle_net_message(src, buffer) {
Err(e @ Error::CryptoInitFatal(_)) => {
// COLD PATH
debug!("Fatal crypto init error from {}: {}", src, e);
info!("Closing pending connection to {} due to error in crypto init", addr_nice(src));
self.pending_inits.remove(&src);
self.config.call_hook(
"peer_disconnected",
vec![("PEER", format!("{:?}", addr_nice(src))), ("IFNAME", self.device.ifname().to_owned())],
true
);
}
Err(e @ Error::CryptoInit(_)) => {
// COLD PATH
debug!("Recoverable init error from {}: {}", src, e);
info!("Ignoring invalid init message from peer {}", addr_nice(src));
}
Err(e) => {
// COLD PATH
error!("{}", e);
}
Ok(_) => {} // HOT PATH
Ok(_) => {}
}
}
fn handle_device_event(&mut self, buffer: &mut MsgBuffer) {
// HOT PATH
try_fail!(self.device.read(buffer), "Failed to read from device: {}");
if let Err(e) = self.handle_interface_data(buffer) {
error!("{}", e);
@ -924,12 +835,9 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
let waiter = try_fail!(WaitImpl::new(&self.socket, &self.device, 1000), "Failed to setup poll: {}");
let mut buffer = MsgBuffer::new(SPACE_BEFORE);
let mut poll_error = false;
self.config.call_hook("vpn_started", vec![("IFNAME", self.device.ifname())], true);
for evt in waiter {
// HOT PATH
match evt {
WaitResult::Error(err) => {
// COLD PATH
if poll_error {
fail!("Poll wait failed again: {}", err);
}
@ -941,7 +849,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
WaitResult::Device => self.handle_device_event(&mut buffer)
}
if self.next_housekeep < TS::now() {
// COLD PATH
poll_error = false;
if ctrlc.was_pressed() {
break
@ -953,7 +860,6 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
}
}
info!("Shutting down...");
self.config.call_hook("vpn_shutdown", vec![("IFNAME", self.device.ifname())], true);
buffer.clear();
self.broadcast_msg(MESSAGE_TYPE_CLOSE, &mut buffer).ok();
if let Some(ref path) = self.config.beacon_store {

View File

@ -12,7 +12,7 @@ use parking_lot::Mutex;
use std::{collections::HashMap, net::SocketAddr, sync::Arc};
pub struct SharedPeerCrypto {
peers: Arc<Mutex<HashMap<SocketAddr, Arc<CryptoCore>, Hash>>>
peers: Arc<Mutex<HashMap<SocketAddr, CryptoCore, Hash>>>
}
impl SharedPeerCrypto {

View File

@ -2,10 +2,13 @@
// Copyright (C) 2015-2020 Dennis Schwerdel
// This software is licensed under GPL-3 or newer (see LICENSE.md)
#![cfg_attr(feature = "bench", feature(test))]
#[macro_use] extern crate log;
#[macro_use] extern crate serde;
#[macro_use] extern crate serde_derive;
#[cfg(test)] extern crate tempfile;
#[cfg(feature = "bench")] extern crate test;
#[macro_use]
pub mod util;
@ -137,7 +140,6 @@ fn setup_device(config: &Config) -> TunTapDevice {
config.device_name
);
info!("Opened device {}", device.ifname());
config.call_hook("device_setup", vec![("IFNAME", device.ifname())], true);
if let Err(err) = device.set_mtu(None) {
error!("Error setting optimal MTU on {}: {}", device.ifname(), err);
}
@ -157,7 +159,6 @@ fn setup_device(config: &Config) -> TunTapDevice {
warn!("Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently {}).", val);
}
}
config.call_hook("device_configured", vec![("IFNAME", device.ifname())], true);
device
}
@ -233,10 +234,6 @@ fn main() {
);
return
}
if let Some(shell) = args.completion {
Args::clap().gen_completions_to(env!("CARGO_PKG_NAME"), shell, &mut io::stdout());
return
}
let logger = try_fail!(DualLogger::new(args.log_file.as_ref()), "Failed to open logfile: {}");
log::set_boxed_logger(Box::new(logger)).unwrap();
assert!(!args.verbose || !args.quiet);

View File

@ -13,7 +13,6 @@ use std::{
use super::util::{MockTimeSource, MsgBuffer, Time, TimeSource};
pub fn mapped_addr(addr: SocketAddr) -> SocketAddr {
// HOT PATH
match addr {
SocketAddr::V4(addr4) => SocketAddr::new(IpAddr::V6(addr4.ip().to_ipv6_mapped()), addr4.port()),
_ => addr
@ -134,3 +133,18 @@ impl Socket for MockSocket {
Ok(self.address)
}
}
#[cfg(feature = "bench")]
mod bench {
use std::net::{Ipv4Addr, SocketAddrV4, UdpSocket};
use test::Bencher;
#[bench]
fn udp_send(b: &mut Bencher) {
let sock = UdpSocket::bind("127.0.0.1:0").unwrap();
let data = [0; 1400];
let addr = SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 1);
b.iter(|| sock.send_to(&data, &addr).unwrap());
b.bytes = 1400;
}
}

View File

@ -1,6 +1,5 @@
use super::{device::Type, types::Mode, util::Duration};
use crate::config::{ConfigFile, ConfigFileBeacon, ConfigFileDevice, ConfigFileStatsd, CryptoConfig};
use std::collections::HashMap;
#[derive(Serialize, Deserialize, Debug, PartialEq, Clone, Copy)]
pub enum OldCryptoMethod {
@ -113,11 +112,12 @@ impl OldConfigFile {
pid_file: self.pid_file,
port_forwarding: self.port_forwarding,
stats_file: self.stats_file,
statsd: Some(ConfigFileStatsd { prefix: self.statsd_prefix, server: self.statsd_server }),
statsd: Some(ConfigFileStatsd {
prefix: self.statsd_prefix,
server: self.statsd_server
}),
switch_timeout: self.dst_timeout,
user: self.user,
hook: None,
hooks: HashMap::new()
user: self.user
}
}
}

View File

@ -23,7 +23,6 @@ impl Protocol for Frame {
/// # Errors
/// This method will fail when the given data is not a valid ethernet frame.
fn parse(data: &[u8]) -> Result<(Address, Address), Error> {
// HOT PATH
let mut cursor = Cursor::new(data);
let mut src = [0; 16];
let mut dst = [0; 16];
@ -78,6 +77,26 @@ fn decode_invalid_frame() {
assert!(Frame::parse(&[6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0x00]).is_err());
}
#[cfg(feature = "bench")]
mod bench_ethernet {
use super::*;
use test::Bencher;
#[bench]
fn decode_ethernet(b: &mut Bencher) {
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 1, 2, 3, 4, 5, 6, 7, 8];
b.iter(|| Frame::parse(&data).unwrap());
b.bytes = 1400;
}
#[bench]
fn decode_ethernet_with_vlan(b: &mut Bencher) {
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0, 4, 210, 1, 2, 3, 4, 5, 6, 7, 8];
b.iter(|| Frame::parse(&data).unwrap());
b.bytes = 1400;
}
}
/// An IP packet dissector
///
/// This dissector is able to extract the source and destination ip addresses of ipv4 packets and
@ -91,7 +110,6 @@ impl Protocol for Packet {
/// # Errors
/// This method will fail when the given data is not a valid ipv4 and ipv6 packet.
fn parse(data: &[u8]) -> Result<(Address, Address), Error> {
// HOT PATH
if data.is_empty() {
return Err(Error::Parse("Empty header"))
}
@ -159,3 +177,27 @@ fn decode_invalid_packet() {
])
.is_err());
}
#[cfg(feature = "bench")]
mod bench_ip {
use super::*;
use test::Bencher;
#[bench]
fn decode_ipv4(b: &mut Bencher) {
let data = [0x40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192, 168, 1, 1, 192, 168, 1, 2];
b.iter(|| Packet::parse(&data).unwrap());
b.bytes = 1400;
}
#[bench]
fn decode_ipv6(b: &mut Bencher) {
let data = [
0x60, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 0, 9, 8, 7, 6, 5, 4, 3, 2, 1, 6,
5, 4, 3, 2, 1
];
b.iter(|| Packet::parse(&data).unwrap());
b.bytes = 1400;
}
}

View File

@ -41,14 +41,9 @@ impl<TS: TimeSource> ClaimTable<TS> {
}
pub fn cache(&mut self, addr: Address, peer: SocketAddr) {
// HOT PATH
self.cache.insert(addr, CacheValue { peer, timeout: TS::now() + self.cache_timeout as Time });
}
pub fn clear_cache(&mut self) {
self.cache.clear()
}
pub fn set_claims(&mut self, peer: SocketAddr, mut claims: RangeList) {
for entry in &mut self.claims {
if entry.peer == peer {
@ -90,11 +85,9 @@ impl<TS: TimeSource> ClaimTable<TS> {
}
pub fn lookup(&mut self, addr: Address) -> Option<SocketAddr> {
// HOT PATH
if let Some(entry) = self.cache.get(&addr) {
return Some(entry.peer)
}
// COLD PATH
let mut found = None;
let mut prefix_len = -1;
for entry in &self.claims {
@ -156,3 +149,36 @@ impl<TS: TimeSource> ClaimTable<TS> {
}
// TODO: test
#[cfg(feature = "bench")]
mod bench {
use super::*;
use crate::util::MockTimeSource;
use smallvec::smallvec;
use std::str::FromStr;
use test::Bencher;
#[bench]
fn lookup_warm(b: &mut Bencher) {
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
let addr = Address::from_str("1.2.3.4").unwrap();
table.cache(addr, SocketAddr::from_str("1.2.3.4:3210").unwrap());
b.iter(|| table.lookup(addr));
b.bytes = 1400;
}
#[bench]
fn lookup_cold(b: &mut Bencher) {
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
let addr = Address::from_str("1.2.3.4").unwrap();
table.set_claims(SocketAddr::from_str("1.2.3.4:3210").unwrap(), smallvec![
Range::from_str("1.2.3.4/32").unwrap()
]);
b.iter(|| {
table.cache.clear();
table.lookup(addr)
});
b.bytes = 1400;
}
}

View File

@ -83,25 +83,21 @@ pub struct TrafficStats {
impl TrafficStats {
#[inline]
pub fn count_out_traffic(&mut self, peer: SocketAddr, bytes: usize) {
// HOT PATH
self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_out(bytes);
}
#[inline]
pub fn count_in_traffic(&mut self, peer: SocketAddr, bytes: usize) {
// HOT PATH
self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_in(bytes);
}
#[inline]
pub fn count_out_payload(&mut self, remote: Address, local: Address, bytes: usize) {
// HOT PATH
self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_out(bytes);
}
#[inline]
pub fn count_in_payload(&mut self, remote: Address, local: Address, bytes: usize) {
// HOT PATH
self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_in(bytes);
}

View File

@ -2,31 +2,31 @@
// Copyright (C) 2015-2020 Dennis Schwerdel
// This software is licensed under GPL-3 or newer (see LICENSE.md)
use std::process::Command;
use std::{
fmt,
net::{Ipv4Addr, SocketAddr, ToSocketAddrs, UdpSocket},
sync::atomic::{AtomicIsize, Ordering},
sync::atomic::{AtomicIsize, Ordering}
};
use crate::error::Error;
#[cfg(not(target_os = "linux"))]
use time;
#[cfg(not(target_os = "linux"))] use time;
use signal::{trap::Trap, Signal};
use smallvec::SmallVec;
use std::time::Instant;
pub type Duration = u32;
pub type Time = i64;
#[derive(Clone)]
pub struct MsgBuffer {
space_before: usize,
buffer: [u8; 65535],
start: usize,
end: usize,
end: usize
}
impl MsgBuffer {
@ -98,6 +98,7 @@ impl MsgBuffer {
}
}
const HEX_CHARS: &[u8] = b"0123456789abcdef";
pub fn bytes_to_hex(bytes: &[u8]) -> String {
@ -112,12 +113,13 @@ pub fn bytes_to_hex(bytes: &[u8]) -> String {
pub fn addr_nice(addr: SocketAddr) -> SocketAddr {
if let SocketAddr::V6(v6addr) = addr {
if let Some(ip) = v6addr.ip().to_ipv4() {
return (ip, addr.port()).into();
return (ip, addr.port()).into()
}
}
addr
}
pub struct Encoder;
impl Encoder {
@ -170,6 +172,7 @@ impl Encoder {
}
}
macro_rules! fail {
($format:expr) => ( {
use std::process;
@ -212,14 +215,17 @@ pub fn get_internal_ip() -> Ipv4Addr {
}
}
#[allow(unknown_lints, clippy::needless_pass_by_value)]
pub fn resolve<Addr: ToSocketAddrs + fmt::Debug>(addr: Addr) -> Result<SmallVec<[SocketAddr; 4]>, Error> {
let mut addrs =
addr.to_socket_addrs().map_err(|_| Error::NameUnresolvable(format!("{:?}", addr)))?.collect::<SmallVec<_>>();
// Try IPv4 first as it usually is faster
addrs.sort_by_key(|addr| match *addr {
addrs.sort_by_key(|addr| {
match *addr {
SocketAddr::V4(_) => 4,
SocketAddr::V6(_) => 6,
SocketAddr::V6(_) => 6
}
});
// Remove duplicates in addrs (why are there duplicates???)
addrs.dedup();
@ -233,6 +239,7 @@ macro_rules! addr {
}};
}
pub struct Bytes(pub u64);
impl fmt::Display for Bytes {
@ -241,30 +248,31 @@ impl fmt::Display for Bytes {
if size >= 512.0 {
size /= 1024.0;
} else {
return write!(formatter, "{:.0} B", size);
return write!(formatter, "{:.0} B", size)
}
if size >= 512.0 {
size /= 1024.0;
} else {
return write!(formatter, "{:.1} KiB", size);
return write!(formatter, "{:.1} KiB", size)
}
if size >= 512.0 {
size /= 1024.0;
} else {
return write!(formatter, "{:.1} MiB", size);
return write!(formatter, "{:.1} MiB", size)
}
if size >= 512.0 {
size /= 1024.0;
} else {
return write!(formatter, "{:.1} GiB", size);
return write!(formatter, "{:.1} GiB", size)
}
write!(formatter, "{:.1} TiB", size)
}
}
pub struct CtrlC {
dummy_time: Instant,
trap: Trap,
trap: Trap
}
impl CtrlC {
@ -285,6 +293,7 @@ impl Default for CtrlC {
}
}
pub trait TimeSource: Sync + Copy + Send + 'static {
fn now() -> Time;
}
@ -327,6 +336,7 @@ impl TimeSource for MockTimeSource {
}
}
/// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it
fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
let mut d: usize = m as usize;
@ -346,7 +356,7 @@ fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
const BASE62: [char; 62] = [
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'
];
pub fn to_base62(data: &[u8]) -> String {
@ -372,7 +382,7 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
'0'..='9' => ((c as usize) % ('0' as usize)),
'A'..='Z' => ((c as usize) % ('A' as usize)) + 10,
'a'..='z' => ((c as usize) % ('a' as usize)) + 36,
_ => return Err(c),
_ => return Err(c)
};
for item in &mut buf {
val += *item as usize * 62;
@ -387,10 +397,11 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
Ok(buf)
}
#[derive(Default)]
pub struct StatsdMsg {
entries: Vec<String>,
key: Vec<String>,
key: Vec<String>
}
impl StatsdMsg {
@ -415,16 +426,6 @@ impl StatsdMsg {
}
}
pub fn run_cmd(mut cmd: Command) {
match cmd.status() {
Ok(status) => {
if !status.success() {
error!("Command returned error: {:?}", status.code())
}
}
Err(e) => error!("Failed to execute command {:?}: {}", cmd, e),
}
}
#[test]
fn base62() {