Compare commits

...

47 Commits

Author SHA1 Message Date
Dennis Schwerdel 1eb1771d2a Merge branch 'master' into threading 2021-01-29 19:33:16 +01:00
Dennis Schwerdel 410b31753d Up deps 2021-01-29 19:29:04 +01:00
Dennis Schwerdel cbd38ed712 Document hot paths 2021-01-28 23:19:20 +01:00
Dennis Schwerdel ca7df77532 Use criterion for benchmarking 2021-01-28 22:54:29 +01:00
dswd 238b8a22f1
Merge pull request #146 from dswd/dependabot/cargo/log-0.4.14
Bump log from 0.4.13 to 0.4.14
2021-01-28 17:56:44 +01:00
dswd 556126572c
Merge pull request #147 from dswd/dependabot/cargo/libc-0.2.83
Bump libc from 0.2.82 to 0.2.83
2021-01-28 17:56:28 +01:00
dependabot[bot] 1b79a9f115
Bump libc from 0.2.82 to 0.2.83
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.82 to 0.2.83.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.82...0.2.83)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-28 05:24:26 +00:00
dependabot[bot] a2c179d4fb
Bump log from 0.4.13 to 0.4.14
Bumps [log](https://github.com/rust-lang/log) from 0.4.13 to 0.4.14.
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/log/compare/0.4.13...0.4.14)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-27 05:28:44 +00:00
Dennis Schwerdel 780cdb6bfe Merge branch 'master' into threading 2021-01-26 19:36:50 +01:00
Dennis Schwerdel e150443891 Deps 2021-01-26 18:30:31 +01:00
dswd cce43cbf49
Merge pull request #141 from dswd/dependabot/cargo/serde-1.0.122
Bump serde from 1.0.121 to 1.0.122
2021-01-25 20:55:49 +01:00
dswd b855789584
Merge pull request #143 from dswd/dependabot/cargo/serde_derive-1.0.122
Bump serde_derive from 1.0.121 to 1.0.122
2021-01-25 20:55:31 +01:00
dependabot[bot] f1d83fe1d4
Bump serde_derive from 1.0.121 to 1.0.122
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.121 to 1.0.122.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.121...v1.0.122)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-25 05:39:35 +00:00
dependabot[bot] 6e5dfc1b81
Bump serde from 1.0.121 to 1.0.122
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.121 to 1.0.122.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.121...v1.0.122)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-25 05:39:29 +00:00
Dennis Schwerdel 13f7d02086 Up deps 2021-01-24 19:26:53 +01:00
Dennis Schwerdel cd619d3980 Merge branch 'hooks' 2021-01-24 19:25:57 +01:00
Dennis Schwerdel 2a8ea5087b Changelog entry 2021-01-24 19:25:34 +01:00
Dennis Schwerdel f95fb17dd4 rename to hook 2021-01-24 19:24:40 +01:00
Dennis Schwerdel b6f4460f29 Fix tests 2021-01-24 17:47:02 +01:00
Dennis Schwerdel 8c4d86a101 node_id formatting 2021-01-23 21:18:25 +01:00
Dennis Schwerdel 8e3cdbddbf Formatting 2021-01-23 21:03:36 +01:00
Dennis Schwerdel e6994e6939 Implement event scripts 2021-01-23 20:29:15 +01:00
dswd a6cc124c56
Merge pull request #139 from dswd/dependabot/cargo/serde-1.0.120
Bump serde from 1.0.119 to 1.0.120
2021-01-22 16:06:08 +01:00
dswd 041368994f
Merge pull request #140 from dswd/dependabot/cargo/serde_derive-1.0.120
Bump serde_derive from 1.0.119 to 1.0.120
2021-01-22 16:05:51 +01:00
dependabot[bot] 4e146065e1
Bump serde from 1.0.119 to 1.0.120
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.119 to 1.0.120.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.119...v1.0.120)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-20 05:11:34 +00:00
dependabot[bot] a664d60e1e
Bump serde_derive from 1.0.119 to 1.0.120
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.119 to 1.0.120.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.119...v1.0.120)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-20 05:11:34 +00:00
Dennis Schwerdel 285940c60a Support for creating shell completions 2021-01-16 23:44:43 +01:00
dswd e6f10929b7
Merge pull request #137 from dswd/dependabot/cargo/rand-0.8.2
Bump rand from 0.8.1 to 0.8.2
2021-01-14 11:54:12 +01:00
dependabot[bot] 386250576f
Bump rand from 0.8.1 to 0.8.2
Bumps [rand](https://github.com/rust-random/rand) from 0.8.1 to 0.8.2.
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-random/rand/compare/0.8.1...0.8.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-14 05:23:39 +00:00
Dennis Schwerdel c941f9c56d Update deps & rust 2021-01-13 09:23:38 +01:00
Dennis Schwerdel 48927b2f48 . 2021-01-13 09:20:05 +01:00
dswd c5626e75ac
Merge pull request #134 from dswd/dependabot/cargo/serde-1.0.119
Bump serde from 1.0.118 to 1.0.119
2021-01-13 08:57:19 +01:00
dswd 4c56917d1e
Merge pull request #133 from dswd/dependabot/cargo/serde_derive-1.0.119
Bump serde_derive from 1.0.118 to 1.0.119
2021-01-13 08:57:07 +01:00
dependabot[bot] 57d26944fb
Bump serde_derive from 1.0.118 to 1.0.119
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.118 to 1.0.119.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.118...v1.0.119)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-13 07:26:30 +00:00
dependabot[bot] e2a2579322
Bump serde from 1.0.118 to 1.0.119
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.118 to 1.0.119.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.118...v1.0.119)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-13 07:24:55 +00:00
dswd 3b95cc0fc3
Merge pull request #135 from dswd/dependabot/cargo/log-0.4.13
Bump log from 0.4.11 to 0.4.13
2021-01-13 08:20:42 +01:00
dswd 895d14615a
Merge pull request #136 from dswd/dependabot/cargo/tempfile-3.2.0
Bump tempfile from 3.1.0 to 3.2.0
2021-01-13 08:20:32 +01:00
dependabot[bot] a06157930a
Bump tempfile from 3.1.0 to 3.2.0
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/Stebalien/tempfile/releases)
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/NEWS)
- [Commits](https://github.com/Stebalien/tempfile/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-13 05:27:12 +00:00
dependabot[bot] 3d28d9e188
Bump log from 0.4.11 to 0.4.13
Bumps [log](https://github.com/rust-lang/log) from 0.4.11 to 0.4.13.
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/log/compare/0.4.11...0.4.13)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-12 05:28:53 +00:00
dswd 3ca6926124
Merge pull request #130 from dswd/dependabot/cargo/byteorder-1.4.2
Bump byteorder from 1.3.4 to 1.4.2
2021-01-11 20:04:23 +01:00
dswd 4ea69b8a2e
Merge pull request #132 from dswd/dependabot/cargo/smallvec-1.6.1
Bump smallvec from 1.6.0 to 1.6.1
2021-01-11 20:03:42 +01:00
dependabot[bot] 107c3cac34
Bump byteorder from 1.3.4 to 1.4.2
Bumps [byteorder](https://github.com/BurntSushi/byteorder) from 1.3.4 to 1.4.2.
- [Release notes](https://github.com/BurntSushi/byteorder/releases)
- [Changelog](https://github.com/BurntSushi/byteorder/blob/master/CHANGELOG.md)
- [Commits](https://github.com/BurntSushi/byteorder/compare/1.3.4...1.4.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-11 05:41:07 +00:00
dependabot[bot] 3effd360a2
Bump smallvec from 1.6.0 to 1.6.1
Bumps [smallvec](https://github.com/servo/rust-smallvec) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/servo/rust-smallvec/releases)
- [Commits](https://github.com/servo/rust-smallvec/compare/v1.6.0...v1.6.1)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-11 05:41:07 +00:00
dswd 2450cc39c5
Merge pull request #129 from dswd/dependabot/cargo/libc-0.2.82
Bump libc from 0.2.81 to 0.2.82
2021-01-08 09:28:29 +01:00
dependabot[bot] 23af339343
Bump libc from 0.2.81 to 0.2.82
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.81 to 0.2.82.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.81...0.2.82)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-08 05:24:33 +00:00
dswd 577500fb0b
Merge pull request #128 from dswd/dependabot/cargo/serde_yaml-0.8.15
Bump serde_yaml from 0.8.14 to 0.8.15
2021-01-06 07:53:05 +01:00
dependabot[bot] cc823ed330
Bump serde_yaml from 0.8.14 to 0.8.15
Bumps [serde_yaml](https://github.com/dtolnay/serde-yaml) from 0.8.14 to 0.8.15.
- [Release notes](https://github.com/dtolnay/serde-yaml/releases)
- [Commits](https://github.com/dtolnay/serde-yaml/compare/0.8.14...0.8.15)

Signed-off-by: dependabot[bot] <support@github.com>
2021-01-06 05:07:39 +00:00
22 changed files with 1034 additions and 622 deletions

View File

@ -11,7 +11,7 @@ jobs:
- name: Run builder - name: Run builder
uses: ./.github/actions/build-deb uses: ./.github/actions/build-deb
with: with:
rust: '1.48.0' rust: '1.49.0'
- name: Archive artifacts - name: Archive artifacts
uses: actions/upload-artifact@v1 uses: actions/upload-artifact@v1
with: with:
@ -31,7 +31,7 @@ jobs:
- name: Run builder - name: Run builder
uses: ./.github/actions/build-rpm uses: ./.github/actions/build-rpm
with: with:
rust: '1.48.0' rust: '1.49.0'
- name: Archive artifacts - name: Archive artifacts
uses: actions/upload-artifact@v1 uses: actions/upload-artifact@v1
with: with:

View File

@ -4,9 +4,11 @@ This project follows [semantic versioning](http://semver.org).
### UNRELEASED ### UNRELEASED
- [added] Support for creating shell completions
- [added] Support for hook scripts to handle certain situations
- [removed] Removed dummy device type - [removed] Removed dummy device type
- [changed] Updated depdendencies - [changed] Updated dependencies
- [changed] Changed Rust version to 1.48.0 - [changed] Changed Rust version to 1.49.0
- [fixed] Added missing peer address propagation - [fixed] Added missing peer address propagation
### v2.0.1 (2020-11-07) ### v2.0.1 (2020-11-07)

563
Cargo.lock generated
View File

@ -11,9 +11,9 @@ dependencies = [
[[package]] [[package]]
name = "attohttpc" name = "attohttpc"
version = "0.16.0" version = "0.16.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1082810677916862c7704351dfe4696a837aaf34da0dd6431abc60783e71ee8f" checksum = "ba5b30bf3a0aead269fd5dd69b385a3e90c2b55f4f215d1bdf52c3883f5fa7fa"
dependencies = [ dependencies = [
"http", "http",
"log", "log",
@ -32,6 +32,12 @@ dependencies = [
"winapi", "winapi",
] ]
[[package]]
name = "autocfg"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
[[package]] [[package]]
name = "base-x" name = "base-x"
version = "0.2.8" version = "0.2.8"
@ -51,22 +57,43 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5988cb1d626264ac94100be357308f29ff7cbdd3b36bda27f450a4ee3f713426" checksum = "5988cb1d626264ac94100be357308f29ff7cbdd3b36bda27f450a4ee3f713426"
[[package]] [[package]]
name = "bumpalo" name = "bstr"
version = "3.4.0" version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2e8c087f005730276d1096a652e92a8bacee2e2472bcc9715a74d2bec38b5820" checksum = "473fc6b38233f9af7baa94fb5852dca389e3d95b8e21c8e3719301462c5d9faf"
dependencies = [
"lazy_static",
"memchr",
"regex-automata",
"serde",
]
[[package]]
name = "bumpalo"
version = "3.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f07aa6688c702439a1be0307b6a94dffe1168569e45b9500c1372bc580740d59"
[[package]] [[package]]
name = "byteorder" name = "byteorder"
version = "1.3.4" version = "1.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de" checksum = "ae44d1a3d5a19df61dd0c8beb138458ac2a53a7ac09eba97d55592540004306b"
[[package]] [[package]]
name = "bytes" name = "bytes"
version = "0.5.6" version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0e4cec68f03f32e44924783795810fa50a7035d8c8ebe78580ad7e6c703fba38" checksum = "b700ce4376041dcd0a327fd0097c41095743c4c8af8887265942faf1100bd040"
[[package]]
name = "cast"
version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4b9434b9a5aa1450faa3f9cb14ea0e8c53bb5d2b3c1bfd1ab4fc03e9f33fbfb0"
dependencies = [
"rustc_version",
]
[[package]] [[package]]
name = "cc" name = "cc"
@ -103,9 +130,113 @@ dependencies = [
[[package]] [[package]]
name = "const_fn" name = "const_fn"
version = "0.4.4" version = "0.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cd51eab21ab4fd6a3bf889e2d0958c0a6e3a61ad04260325e919e652a2a62826" checksum = "28b9d6de7f49e22cf97ad17fc4036ece69300032f45f78f30b4a4482cdc3f4a6"
[[package]]
name = "criterion"
version = "0.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab327ed7354547cc2ef43cbe20ef68b988e70b4b593cbd66a2a61733123a3d23"
dependencies = [
"atty",
"cast",
"clap",
"criterion-plot",
"csv",
"itertools 0.10.0",
"lazy_static",
"num-traits",
"oorandom",
"plotters",
"rayon",
"regex",
"serde",
"serde_cbor",
"serde_derive",
"serde_json",
"tinytemplate",
"walkdir",
]
[[package]]
name = "criterion-plot"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e022feadec601fba1649cfa83586381a4ad31c6bf3a9ab7d408118b05dd9889d"
dependencies = [
"cast",
"itertools 0.9.0",
]
[[package]]
name = "crossbeam-channel"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dca26ee1f8d361640700bde38b2c37d8c22b3ce2d360e1fc1c74ea4b0aa7d775"
dependencies = [
"cfg-if 1.0.0",
"crossbeam-utils",
]
[[package]]
name = "crossbeam-deque"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94af6efb46fef72616855b036a624cf27ba656ffc9be1b9a3c931cfc7749a9a9"
dependencies = [
"cfg-if 1.0.0",
"crossbeam-epoch",
"crossbeam-utils",
]
[[package]]
name = "crossbeam-epoch"
version = "0.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1aaa739f95311c2c7887a76863f500026092fb1dce0161dab577e559ef3569d"
dependencies = [
"cfg-if 1.0.0",
"const_fn",
"crossbeam-utils",
"lazy_static",
"memoffset",
"scopeguard",
]
[[package]]
name = "crossbeam-utils"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "02d96d1e189ef58269ebe5b97953da3274d83a93af647c2ddd6f9dab28cedb8d"
dependencies = [
"autocfg",
"cfg-if 1.0.0",
"lazy_static",
]
[[package]]
name = "csv"
version = "1.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f9d58633299b24b515ac72a3f869f8b91306a3cec616a602843a383acd6f9e97"
dependencies = [
"bstr",
"csv-core",
"itoa",
"ryu",
"serde",
]
[[package]]
name = "csv-core"
version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2b2466559f260f48ad25fe6317b3c8dac77b5bdb5763ac7d9d6103530663bc90"
dependencies = [
"memchr",
]
[[package]] [[package]]
name = "daemonize" name = "daemonize"
@ -125,9 +256,15 @@ checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0"
[[package]] [[package]]
name = "dtoa" name = "dtoa"
version = "0.4.6" version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "134951f4028bdadb9b84baf4232681efbf277da25144b9b0ad65df75946c422b" checksum = "88d7ed2934d741c6b37e33e3832298e8850b53fd2d2bea03873375596c7cea4e"
[[package]]
name = "either"
version = "1.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457"
[[package]] [[package]]
name = "fnv" name = "fnv"
@ -147,49 +284,44 @@ dependencies = [
[[package]] [[package]]
name = "getrandom" name = "getrandom"
version = "0.1.15" version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc587bc0ec293155d5bfa6b9891ec18a1e330c234f896ea47fbada4cadbe47e6" checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8"
dependencies = [ dependencies = [
"cfg-if 0.1.10", "cfg-if 1.0.0",
"libc", "libc",
"wasi", "wasi",
] ]
[[package]] [[package]]
name = "getrandom" name = "half"
version = "0.2.0" version = "1.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee8025cf36f917e6a52cce185b7c7177689b838b7ec138364e50cc2277a56cf4" checksum = "62aca2aba2d62b4a7f5b33f3712cb1b0692779a56fb510499d5c0aa594daeaf3"
dependencies = [
"cfg-if 0.1.10",
"libc",
"wasi",
]
[[package]] [[package]]
name = "heck" name = "heck"
version = "0.3.1" version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "20564e78d53d2bb135c343b3f47714a56af2061f1c928fdb541dc7b9fdd94205" checksum = "87cbf45460356b7deeb5e3415b5563308c0a9b057c85e12b06ad551f98d0a6ac"
dependencies = [ dependencies = [
"unicode-segmentation", "unicode-segmentation",
] ]
[[package]] [[package]]
name = "hermit-abi" name = "hermit-abi"
version = "0.1.17" version = "0.1.18"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5aca5565f760fb5b220e499d72710ed156fdb74e631659e99377d9ebfbd13ae8" checksum = "322f4de77956e22ed0e5032c359a0f1273f1f7f0d79bfa3b8ffbc730d7fbcc5c"
dependencies = [ dependencies = [
"libc", "libc",
] ]
[[package]] [[package]]
name = "http" name = "http"
version = "0.2.2" version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "84129d298a6d57d246960ff8eb831ca4af3f96d29e2e28848dae275408658e26" checksum = "7245cd7449cc792608c3c8a9eaf69bd4eabbabf802713748fd739c98b82f0747"
dependencies = [ dependencies = [
"bytes", "bytes",
"fnv", "fnv",
@ -215,7 +347,7 @@ checksum = "4c4e7ee8b51e541486d7040883fe1f00e2a9954bcc24fd155b7e4f03ed4b93dd"
dependencies = [ dependencies = [
"attohttpc", "attohttpc",
"log", "log",
"rand 0.8.1", "rand",
"url", "url",
"xmltree", "xmltree",
] ]
@ -230,16 +362,34 @@ dependencies = [
] ]
[[package]] [[package]]
name = "itoa" name = "itertools"
version = "0.4.6" version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dc6f3ad7b9d11a0c00842ff8de1b60ee58661048eb8049ed33c73594f359d7e6" checksum = "284f18f85651fe11e8a991b2adb42cb078325c996ed026d994719efcfca1d54b"
dependencies = [
"either",
]
[[package]]
name = "itertools"
version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37d572918e350e82412fe766d24b15e6682fb2ed2bbe018280caa810397cb319"
dependencies = [
"either",
]
[[package]]
name = "itoa"
version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd25036021b0de88a0aff6b850051563c6516d0bf53f8638938edbb9de732736"
[[package]] [[package]]
name = "js-sys" name = "js-sys"
version = "0.3.46" version = "0.3.47"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf3d7383929f7c9c7c2d0fa596f325832df98c3704f2c60553080f7127a58175" checksum = "5cfb73131c35423a367daf8cbd24100af0d077668c8c2943f0e7dd775fef0f65"
dependencies = [ dependencies = [
"wasm-bindgen", "wasm-bindgen",
] ]
@ -252,15 +402,15 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]] [[package]]
name = "libc" name = "libc"
version = "0.2.81" version = "0.2.84"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1482821306169ec4d07f6aca392a4681f66c75c9918aa49641a2595db64053cb" checksum = "1cca32fa0182e8c0989459524dc356b8f2b5c10f1b9eb521b7d182c03cf8c5ff"
[[package]] [[package]]
name = "linked-hash-map" name = "linked-hash-map"
version = "0.5.3" version = "0.5.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8dd5a6d5999d9907cda8ed67bbd137d3af8085216c2ac62de5be860bd41f304a" checksum = "7fb9b38af92608140b86b693604b9ffcc5824240a484d1ecd4795bacb2fe88f3"
[[package]] [[package]]
name = "lock_api" name = "lock_api"
@ -273,11 +423,11 @@ dependencies = [
[[package]] [[package]]
name = "log" name = "log"
version = "0.4.11" version = "0.4.14"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4fabed175da42fed1fa0746b0ea71f412aa9d35e76e95e59b192c64b9dc2bf8b" checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710"
dependencies = [ dependencies = [
"cfg-if 0.1.10", "cfg-if 1.0.0",
] ]
[[package]] [[package]]
@ -286,6 +436,21 @@ version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ffc5c5338469d4d3ea17d269fa8ea3512ad247247c30bd2df69e68309ed0a08" checksum = "7ffc5c5338469d4d3ea17d269fa8ea3512ad247247c30bd2df69e68309ed0a08"
[[package]]
name = "memchr"
version = "2.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525"
[[package]]
name = "memoffset"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "157b4208e3059a8f9e78d559edc658e13df41410cb3ae03979c83130067fdd87"
dependencies = [
"autocfg",
]
[[package]] [[package]]
name = "nix" name = "nix"
version = "0.14.1" version = "0.14.1"
@ -311,12 +476,37 @@ dependencies = [
"libc", "libc",
] ]
[[package]]
name = "num-traits"
version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290"
dependencies = [
"autocfg",
]
[[package]]
name = "num_cpus"
version = "1.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "05499f3756671c15885fee9034446956fff3f243d6077b91e5767df161f766b3"
dependencies = [
"hermit-abi",
"libc",
]
[[package]] [[package]]
name = "once_cell" name = "once_cell"
version = "1.5.2" version = "1.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "13bd41f508810a131401606d54ac32a467c97172d74ba7662562ebba5ad07fa0" checksum = "13bd41f508810a131401606d54ac32a467c97172d74ba7662562ebba5ad07fa0"
[[package]]
name = "oorandom"
version = "11.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575"
[[package]] [[package]]
name = "parking_lot" name = "parking_lot"
version = "0.11.1" version = "0.11.1"
@ -337,7 +527,7 @@ dependencies = [
"cfg-if 1.0.0", "cfg-if 1.0.0",
"instant", "instant",
"libc", "libc",
"redox_syscall", "redox_syscall 0.1.57",
"smallvec", "smallvec",
"winapi", "winapi",
] ]
@ -348,6 +538,34 @@ version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e"
[[package]]
name = "plotters"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45ca0ae5f169d0917a7c7f5a9c1a3d3d9598f18f529dd2b8373ed988efea307a"
dependencies = [
"num-traits",
"plotters-backend",
"plotters-svg",
"wasm-bindgen",
"web-sys",
]
[[package]]
name = "plotters-backend"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b07fffcddc1cb3a1de753caa4e4df03b79922ba43cf882acc1bdd7e8df9f4590"
[[package]]
name = "plotters-svg"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b38a02e23bd9604b842a812063aec4ef702b57989c37b655254bb61c471ad211"
dependencies = [
"plotters-backend",
]
[[package]] [[package]]
name = "ppv-lite86" name = "ppv-lite86"
version = "0.2.10" version = "0.2.10"
@ -405,46 +623,23 @@ dependencies = [
[[package]] [[package]]
name = "quote" name = "quote"
version = "1.0.7" version = "1.0.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37" checksum = "991431c3519a3f36861882da93630ce66b52918dcf1b8e2fd66b397fc96f28df"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
] ]
[[package]] [[package]]
name = "rand" name = "rand"
version = "0.7.3" version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e"
dependencies = [
"getrandom 0.1.15",
"libc",
"rand_chacha 0.2.2",
"rand_core 0.5.1",
"rand_hc 0.2.0",
]
[[package]]
name = "rand"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c24fcd450d3fa2b592732565aa4f17a27a61c65ece4726353e000939b0edee34"
dependencies = [ dependencies = [
"libc", "libc",
"rand_chacha 0.3.0", "rand_chacha",
"rand_core 0.6.0", "rand_core",
"rand_hc 0.3.0", "rand_hc",
]
[[package]]
name = "rand_chacha"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
dependencies = [
"ppv-lite86",
"rand_core 0.5.1",
] ]
[[package]] [[package]]
@ -454,34 +649,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e12735cf05c9e10bf21534da50a147b924d555dc7a547c42e6bb2d5b6017ae0d" checksum = "e12735cf05c9e10bf21534da50a147b924d555dc7a547c42e6bb2d5b6017ae0d"
dependencies = [ dependencies = [
"ppv-lite86", "ppv-lite86",
"rand_core 0.6.0", "rand_core",
] ]
[[package]] [[package]]
name = "rand_core" name = "rand_core"
version = "0.5.1" version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" checksum = "c026d7df8b298d90ccbbc5190bd04d85e159eaf5576caeacf8741da93ccbd2e5"
dependencies = [ dependencies = [
"getrandom 0.1.15", "getrandom",
]
[[package]]
name = "rand_core"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a8b34ba8cfb21243bd8df91854c830ff0d785fff2e82ebd4434c2644cb9ada18"
dependencies = [
"getrandom 0.2.0",
]
[[package]]
name = "rand_hc"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
dependencies = [
"rand_core 0.5.1",
] ]
[[package]] [[package]]
@ -490,7 +667,32 @@ version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3190ef7066a446f2e7f42e239d161e905420ccab01eb967c9eb27d21b2322a73" checksum = "3190ef7066a446f2e7f42e239d161e905420ccab01eb967c9eb27d21b2322a73"
dependencies = [ dependencies = [
"rand_core 0.6.0", "rand_core",
]
[[package]]
name = "rayon"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b0d8e0819fadc20c74ea8373106ead0600e3a67ef1fe8da56e39b9ae7275674"
dependencies = [
"autocfg",
"crossbeam-deque",
"either",
"rayon-core",
]
[[package]]
name = "rayon-core"
version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ab346ac5921dc62ffa9f89b7a773907511cdfa5490c572ae9be1be33e8afa4a"
dependencies = [
"crossbeam-channel",
"crossbeam-deque",
"crossbeam-utils",
"lazy_static",
"num_cpus",
] ]
[[package]] [[package]]
@ -499,6 +701,39 @@ version = "0.1.57"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce" checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce"
[[package]]
name = "redox_syscall"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "05ec8ca9416c5ea37062b502703cd7fcb207736bc294f6e0cf367ac6fc234570"
dependencies = [
"bitflags",
]
[[package]]
name = "regex"
version = "1.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9251239e129e16308e70d853559389de218ac275b515068abc96829d05b948a"
dependencies = [
"regex-syntax",
]
[[package]]
name = "regex-automata"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae1ded71d66a4a97f5e961fd0cb25a5f366a42a41570d16a763a69c092c26ae4"
dependencies = [
"byteorder",
]
[[package]]
name = "regex-syntax"
version = "0.6.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5eb417147ba9860a96cfe72a0b93bf88fee1744b5636ec99ab20c1aa9376581"
[[package]] [[package]]
name = "remove_dir_all" name = "remove_dir_all"
version = "0.5.3" version = "0.5.3"
@ -538,6 +773,15 @@ version = "1.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"
[[package]]
name = "same-file"
version = "1.0.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
dependencies = [
"winapi-util",
]
[[package]] [[package]]
name = "scopeguard" name = "scopeguard"
version = "1.1.0" version = "1.1.0"
@ -561,15 +805,28 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
[[package]] [[package]]
name = "serde" name = "serde"
version = "1.0.118" version = "1.0.123"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "06c64263859d87aa2eb554587e2d23183398d617427327cf2b3d0ed8c69e4800" checksum = "92d5161132722baa40d802cc70b15262b98258453e85e5d1d365c757c73869ae"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_cbor"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e18acfa2f90e8b735b2836ab8d538de304cbb6729a7360729ea5a895d15a622"
dependencies = [
"half",
"serde",
]
[[package]] [[package]]
name = "serde_derive" name = "serde_derive"
version = "1.0.118" version = "1.0.123"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c84d3526699cd55261af4b941e4e725444df67aa4f9e6a3564f18030d12672df" checksum = "9391c295d64fc0abb2c556bad848f33cb8296276b1ad2677d1ae1ace4f258f31"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@ -578,9 +835,9 @@ dependencies = [
[[package]] [[package]]
name = "serde_json" name = "serde_json"
version = "1.0.60" version = "1.0.61"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1500e84d27fe482ed1dc791a56eddc2f230046a040fa908c08bda1d9fb615779" checksum = "4fceb2595057b6891a4ee808f70054bd2d12f0e97f1cbb78689b59f676df325a"
dependencies = [ dependencies = [
"itoa", "itoa",
"ryu", "ryu",
@ -589,9 +846,9 @@ dependencies = [
[[package]] [[package]]
name = "serde_yaml" name = "serde_yaml"
version = "0.8.14" version = "0.8.15"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f7baae0a99f1a324984bcdc5f0718384c1f69775f1c7eec8b859b71b443e3fd7" checksum = "971be8f6e4d4a47163b405a3df70d14359186f9ab0f3a3ec37df144ca1ce089f"
dependencies = [ dependencies = [
"dtoa", "dtoa",
"linked-hash-map", "linked-hash-map",
@ -617,9 +874,9 @@ dependencies = [
[[package]] [[package]]
name = "smallvec" name = "smallvec"
version = "1.6.0" version = "1.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a55ca5f3b68e41c979bf8c46a6f1da892ca4db8f94023ce0bd32407573b1ac0" checksum = "fe0f37c9e8f3c5a4a66ad655a93c74daac4ad00c441533bf5c6e7990bb42604e"
[[package]] [[package]]
name = "spin" name = "spin"
@ -629,9 +886,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]] [[package]]
name = "standback" name = "standback"
version = "0.2.13" version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf906c8b8fc3f6ecd1046e01da1d8ddec83e48c8b08b84dcc02b585a6bedf5a8" checksum = "c66a8cff4fa24853fdf6b51f75c6d7f8206d7c75cab4e467bcd7f25c2b1febe0"
dependencies = [ dependencies = [
"version_check", "version_check",
] ]
@ -717,9 +974,9 @@ dependencies = [
[[package]] [[package]]
name = "syn" name = "syn"
version = "1.0.54" version = "1.0.60"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a2af957a63d6bd42255c359c93d9bfdb97076bd3b820897ce55ffbfbf107f44" checksum = "c700597eca8a5a762beb35753ef6b94df201c81cca676604f547495a0d7f0081"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@ -728,14 +985,14 @@ dependencies = [
[[package]] [[package]]
name = "tempfile" name = "tempfile"
version = "3.1.0" version = "3.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a6e24d9338a0a5be79593e2fa15a648add6138caa803e2d5bc782c371732ca9" checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22"
dependencies = [ dependencies = [
"cfg-if 0.1.10", "cfg-if 1.0.0",
"libc", "libc",
"rand 0.7.3", "rand",
"redox_syscall", "redox_syscall 0.2.4",
"remove_dir_all", "remove_dir_all",
"winapi", "winapi",
] ]
@ -808,10 +1065,20 @@ dependencies = [
] ]
[[package]] [[package]]
name = "tinyvec" name = "tinytemplate"
version = "1.1.0" version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ccf8dbc19eb42fba10e8feaaec282fb50e2c14b2726d6301dbfeed0f73306a6f" checksum = "a2ada8616fad06a2d0c455adc530de4ef57605a8120cc65da9653e0e9623ca74"
dependencies = [
"serde",
"serde_json",
]
[[package]]
name = "tinyvec"
version = "1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "317cca572a0e89c3ce0ca1f1bdc9369547fe318a683418e42ac8f59d14701023"
dependencies = [ dependencies = [
"tinyvec_macros", "tinyvec_macros",
] ]
@ -899,6 +1166,7 @@ name = "vpncloud"
version = "2.0.1" version = "2.0.1"
dependencies = [ dependencies = [
"byteorder", "byteorder",
"criterion",
"daemonize", "daemonize",
"fnv", "fnv",
"igd", "igd",
@ -906,10 +1174,9 @@ dependencies = [
"log", "log",
"parking_lot", "parking_lot",
"privdrop", "privdrop",
"rand 0.8.1", "rand",
"ring", "ring",
"serde", "serde",
"serde_derive",
"serde_yaml", "serde_yaml",
"signal", "signal",
"smallvec", "smallvec",
@ -921,16 +1188,27 @@ dependencies = [
] ]
[[package]] [[package]]
name = "wasi" name = "walkdir"
version = "0.9.0+wasi-snapshot-preview1" version = "2.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" checksum = "777182bc735b6424e1a57516d35ed72cb8019d85c8c9bf536dccb3445c1a2f7d"
dependencies = [
"same-file",
"winapi",
"winapi-util",
]
[[package]]
name = "wasi"
version = "0.10.2+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
[[package]] [[package]]
name = "wasm-bindgen" name = "wasm-bindgen"
version = "0.2.69" version = "0.2.70"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3cd364751395ca0f68cafb17666eee36b63077fb5ecd972bbcd74c90c4bf736e" checksum = "55c0f7123de74f0dab9b7d00fd614e7b19349cd1e2f5252bbe9b1754b59433be"
dependencies = [ dependencies = [
"cfg-if 1.0.0", "cfg-if 1.0.0",
"wasm-bindgen-macro", "wasm-bindgen-macro",
@ -938,9 +1216,9 @@ dependencies = [
[[package]] [[package]]
name = "wasm-bindgen-backend" name = "wasm-bindgen-backend"
version = "0.2.69" version = "0.2.70"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1114f89ab1f4106e5b55e688b828c0ab0ea593a1ea7c094b141b14cbaaec2d62" checksum = "7bc45447f0d4573f3d65720f636bbcc3dd6ce920ed704670118650bcd47764c7"
dependencies = [ dependencies = [
"bumpalo", "bumpalo",
"lazy_static", "lazy_static",
@ -953,9 +1231,9 @@ dependencies = [
[[package]] [[package]]
name = "wasm-bindgen-macro" name = "wasm-bindgen-macro"
version = "0.2.69" version = "0.2.70"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a6ac8995ead1f084a8dea1e65f194d0973800c7f571f6edd70adf06ecf77084" checksum = "3b8853882eef39593ad4174dd26fc9865a64e84026d223f63bb2c42affcbba2c"
dependencies = [ dependencies = [
"quote", "quote",
"wasm-bindgen-macro-support", "wasm-bindgen-macro-support",
@ -963,9 +1241,9 @@ dependencies = [
[[package]] [[package]]
name = "wasm-bindgen-macro-support" name = "wasm-bindgen-macro-support"
version = "0.2.69" version = "0.2.70"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5a48c72f299d80557c7c62e37e7225369ecc0c963964059509fbafe917c7549" checksum = "4133b5e7f2a531fa413b3a1695e925038a05a71cf67e87dafa295cb645a01385"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@ -976,15 +1254,15 @@ dependencies = [
[[package]] [[package]]
name = "wasm-bindgen-shared" name = "wasm-bindgen-shared"
version = "0.2.69" version = "0.2.70"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e7811dd7f9398f14cc76efd356f98f03aa30419dea46aa810d71e819fc97158" checksum = "dd4945e4943ae02d15c13962b38a5b1e81eadd4b71214eee75af64a4d6a4fd64"
[[package]] [[package]]
name = "web-sys" name = "web-sys"
version = "0.3.46" version = "0.3.47"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "222b1ef9334f92a21d3fb53dc3fd80f30836959a90f9274a626d7e06315ba3c3" checksum = "c40dc691fc48003eba817c38da7113c15698142da971298003cac3ef175680b3"
dependencies = [ dependencies = [
"js-sys", "js-sys",
"wasm-bindgen", "wasm-bindgen",
@ -992,9 +1270,9 @@ dependencies = [
[[package]] [[package]]
name = "wildmatch" name = "wildmatch"
version = "1.0.12" version = "1.0.13"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "79346daa5ca66c72db46ee4dac6e605811478ae0807b385d18328be3f5c0eb74" checksum = "d2399814fda0d6999a6bfe9b5c7660d836334deb162a09db8b73d5b38fd8c40a"
[[package]] [[package]]
name = "winapi" name = "winapi"
@ -1012,6 +1290,15 @@ version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
[[package]]
name = "winapi-util"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
dependencies = [
"winapi",
]
[[package]] [[package]]
name = "winapi-x86_64-pc-windows-gnu" name = "winapi-x86_64-pc-windows-gnu"
version = "0.4.0" version = "0.4.0"

View File

@ -14,8 +14,7 @@ edition = "2018"
[dependencies] [dependencies]
time = "=0.2.22" time = "=0.2.22"
structopt = "0.3" structopt = "0.3"
serde = "1.0" serde = { version = "1.0", features = ["derive"] }
serde_derive = "1.0"
serde_yaml = "0.8" serde_yaml = "0.8"
log = { version = "0.4", features = ["std"] } log = { version = "0.4", features = ["std"] }
signal = "0.7" signal = "0.7"
@ -27,19 +26,24 @@ igd = { version = "0.12", optional = true }
daemonize = "0.4" daemonize = "0.4"
ring = "0.16" ring = "0.16"
privdrop = "0.5" privdrop = "0.5"
byteorder = "1.3" byteorder = "1.4"
thiserror = "1.0" thiserror = "1.0"
parking_lot = "*" parking_lot = "*"
smallvec = "1.6" smallvec = "1.6"
[dev-dependencies] [dev-dependencies]
tempfile = "3" tempfile = "3"
criterion = "0.3"
[features] [features]
default = ["nat"] default = ["nat"]
bench = [] bench = []
nat = ["igd"] nat = ["igd"]
[[bench]]
name = "bench"
harness = false
[profile.release] [profile.release]
lto = true lto = true

149
benches/bench.rs Normal file
View File

@ -0,0 +1,149 @@
#![allow(dead_code, unused_macros, unused_imports)]
#[macro_use] extern crate serde;
#[macro_use] extern crate log;
use criterion::{criterion_group, criterion_main, Criterion, Throughput};
use smallvec::smallvec;
use ring::aead;
use std::str::FromStr;
use std::net::{SocketAddr, Ipv4Addr, SocketAddrV4, UdpSocket};
mod util {
include!("../src/util.rs");
}
mod error {
include!("../src/error.rs");
}
mod payload {
include!("../src/payload.rs");
}
mod types {
include!("../src/types.rs");
}
mod table {
include!("../src/table.rs");
}
mod crypto_core {
include!("../src/crypto/core.rs");
}
pub use error::Error;
use util::{MockTimeSource, MsgBuffer};
use types::{Address, Range};
use table::{ClaimTable};
use payload::{Packet, Frame, Protocol};
use crypto_core::{create_dummy_pair, EXTRA_LEN};
fn udp_send(c: &mut Criterion) {
let sock = UdpSocket::bind("127.0.0.1:0").unwrap();
let data = [0; 1400];
let addr = SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 1);
let mut g = c.benchmark_group("udp_send");
g.throughput(Throughput::Bytes(1400));
g.bench_function("udp_send", |b| {
b.iter(|| sock.send_to(&data, &addr).unwrap());
});
g.finish();
}
fn decode_ipv4(c: &mut Criterion) {
let data = [0x40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192, 168, 1, 1, 192, 168, 1, 2];
let mut g = c.benchmark_group("payload");
g.throughput(Throughput::Bytes(1400));
g.bench_function("decode_ipv4", |b| {
b.iter(|| Packet::parse(&data).unwrap());
});
g.finish();
}
fn decode_ipv6(c: &mut Criterion) {
let data = [
0x60, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 0, 9, 8, 7, 6, 5, 4, 3, 2, 1, 6, 5,
4, 3, 2, 1
];
let mut g = c.benchmark_group("payload");
g.throughput(Throughput::Bytes(1400));
g.bench_function("decode_ipv6", |b| {
b.iter(|| Packet::parse(&data).unwrap());
});
g.finish();
}
fn decode_ethernet(c: &mut Criterion) {
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 1, 2, 3, 4, 5, 6, 7, 8];
let mut g = c.benchmark_group("payload");
g.throughput(Throughput::Bytes(1400));
g.bench_function("decode_ethernet", |b| {
b.iter(|| Frame::parse(&data).unwrap());
});
g.finish();
}
fn decode_ethernet_with_vlan(c: &mut Criterion) {
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0, 4, 210, 1, 2, 3, 4, 5, 6, 7, 8];
let mut g = c.benchmark_group("payload");
g.throughput(Throughput::Bytes(1400));
g.bench_function("decode_ethernet_with_vlan", |b| {
b.iter(|| Frame::parse(&data).unwrap());
});
g.finish();
}
fn lookup_warm(c: &mut Criterion) {
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
let addr = Address::from_str("1.2.3.4").unwrap();
table.cache(addr, SocketAddr::from_str("1.2.3.4:3210").unwrap());
let mut g = c.benchmark_group("table");
g.throughput(Throughput::Bytes(1400));
g.bench_function("lookup_warm", |b| {
b.iter(|| table.lookup(addr));
});
g.finish();
}
fn lookup_cold(c: &mut Criterion) {
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
let addr = Address::from_str("1.2.3.4").unwrap();
table.set_claims(SocketAddr::from_str("1.2.3.4:3210").unwrap(), smallvec![Range::from_str("1.2.3.4/32").unwrap()]);
let mut g = c.benchmark_group("table");
g.throughput(Throughput::Bytes(1400));
g.bench_function("lookup_cold", |b| {
b.iter(|| {
table.clear_cache();
table.lookup(addr)
});
});
g.finish();
}
fn crypto_bench(c: &mut Criterion, algo: &'static aead::Algorithm) {
let mut buffer = MsgBuffer::new(EXTRA_LEN);
buffer.set_length(1400);
let (mut sender, mut receiver) = create_dummy_pair(algo);
let mut g = c.benchmark_group("crypto");
g.throughput(Throughput::Bytes(2*1400));
g.bench_function(format!("{:?}", algo), |b| {
b.iter(|| {
sender.encrypt(&mut buffer);
receiver.decrypt(&mut buffer).unwrap();
});
});
g.finish()
}
fn crypto_chacha20(c: &mut Criterion) {
crypto_bench(c, &aead::CHACHA20_POLY1305)
}
fn crypto_aes128(c: &mut Criterion) {
crypto_bench(c, &aead::AES_128_GCM)
}
fn crypto_aes256(c: &mut Criterion) {
crypto_bench(c, &aead::AES_256_GCM)
}
criterion_group!(benches, udp_send, decode_ipv4, decode_ipv6, decode_ethernet, decode_ethernet_with_vlan, lookup_cold, lookup_warm, crypto_chacha20, crypto_aes128, crypto_aes256);
criterion_main!(benches);

View File

@ -19,7 +19,7 @@ RUN useradd -ms /bin/bash user
USER user USER user
WORKDIR /home/user WORKDIR /home/user
ENV RUST=1.48.0 ENV RUST=1.49.0
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST} RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST}

View File

@ -7,7 +7,7 @@ RUN useradd -ms /bin/bash user
USER user USER user
WORKDIR /home/user WORKDIR /home/user
ENV RUST=1.48.0 ENV RUST=1.49.0
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST} RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST}

View File

@ -4,18 +4,20 @@
use super::{device::Type, types::Mode, util::Duration}; use super::{device::Type, types::Mode, util::Duration};
pub use crate::crypto::Config as CryptoConfig; pub use crate::crypto::Config as CryptoConfig;
use crate::util::run_cmd;
use std::{ use std::{
cmp::max, cmp::max,
net::{IpAddr, Ipv6Addr, SocketAddr} collections::HashMap,
ffi::OsStr,
net::{IpAddr, Ipv6Addr, SocketAddr},
process::Command,
thread
}; };
use structopt::StructOpt; use structopt::{clap::Shell, StructOpt};
pub const DEFAULT_PEER_TIMEOUT: u16 = 300; pub const DEFAULT_PEER_TIMEOUT: u16 = 300;
pub const DEFAULT_PORT: u16 = 3210; pub const DEFAULT_PORT: u16 = 3210;
fn parse_listen(addr: &str) -> SocketAddr { fn parse_listen(addr: &str) -> SocketAddr {
if let Some(addr) = addr.strip_prefix("*:") { if let Some(addr) = addr.strip_prefix("*:") {
let port = try_fail!(addr.parse::<u16>(), "Invalid port: {}"); let port = try_fail!(addr.parse::<u16>(), "Invalid port: {}");
@ -60,7 +62,9 @@ pub struct Config {
pub statsd_server: Option<String>, pub statsd_server: Option<String>,
pub statsd_prefix: Option<String>, pub statsd_prefix: Option<String>,
pub user: Option<String>, pub user: Option<String>,
pub group: Option<String> pub group: Option<String>,
pub hook: Option<String>,
pub hooks: HashMap<String, String>
} }
impl Default for Config { impl Default for Config {
@ -93,7 +97,9 @@ impl Default for Config {
statsd_server: None, statsd_server: None,
statsd_prefix: None, statsd_prefix: None,
user: None, user: None,
group: None group: None,
hook: None,
hooks: HashMap::new()
} }
} }
} }
@ -198,6 +204,12 @@ impl Config {
if !file.crypto.algorithms.is_empty() { if !file.crypto.algorithms.is_empty() {
self.crypto.algorithms = file.crypto.algorithms.clone(); self.crypto.algorithms = file.crypto.algorithms.clone();
} }
if let Some(val) = file.hook {
self.hook = Some(val)
}
for (k, v) in file.hooks {
self.hooks.insert(k, v);
}
} }
pub fn merge_args(&mut self, mut args: Args) { pub fn merge_args(&mut self, mut args: Args) {
@ -291,6 +303,16 @@ impl Config {
if !args.algorithms.is_empty() { if !args.algorithms.is_empty() {
self.crypto.algorithms = args.algorithms.clone(); self.crypto.algorithms = args.algorithms.clone();
} }
for s in args.hook {
if s.contains(':') {
let pos = s.find(':').unwrap();
let name = &s[..pos];
let hook = &s[pos+1..];
self.hooks.insert(name.to_string(), hook.to_string());
} else {
self.hook = Some(s);
}
}
} }
pub fn get_keepalive(&self) -> Duration { pub fn get_keepalive(&self) -> Duration {
@ -299,8 +321,31 @@ impl Config {
None => max(self.peer_timeout / 2 - 60, 1) None => max(self.peer_timeout / 2 - 60, 1)
} }
} }
}
pub fn call_hook(
&self, event: &'static str, envs: impl IntoIterator<Item = (&'static str, impl AsRef<OsStr>)>, detach: bool
) {
let mut script = None;
if let Some(ref s) = self.hook {
script = Some(s);
}
if let Some(ref s) = self.hooks.get(event) {
script = Some(s);
}
if script.is_none() {
return
}
let script = script.unwrap();
let mut cmd = Command::new("sh");
cmd.arg("-c").arg(script).envs(envs).env("EVENT", event);
debug!("Running event script: {:?}", cmd);
if detach {
thread::spawn(move || run_cmd(cmd));
} else {
run_cmd(cmd)
}
}
}
#[derive(StructOpt, Debug, Default)] #[derive(StructOpt, Debug, Default)]
pub struct Args { pub struct Args {
@ -325,7 +370,7 @@ pub struct Args {
pub mode: Option<Mode>, pub mode: Option<Mode>,
/// The shared password to encrypt all traffic /// The shared password to encrypt all traffic
#[structopt(short, long, required_unless_one = &["private-key", "config", "genkey", "version"], env)] #[structopt(short, long, required_unless_one = &["private-key", "config", "genkey", "version", "completion"], env)]
pub password: Option<String>, pub password: Option<String>,
/// The private key to use /// The private key to use
@ -458,7 +503,15 @@ pub struct Args {
/// Migrate an old config file /// Migrate an old config file
#[structopt(long, alias = "migrate", requires = "config")] #[structopt(long, alias = "migrate", requires = "config")]
pub migrate_config: bool pub migrate_config: bool,
/// Generate shell completions
#[structopt(long)]
pub completion: Option<Shell>,
/// Call script on event
#[structopt(long)]
pub hook: Vec<String>
} }
#[derive(Serialize, Deserialize, Debug, PartialEq, Default)] #[derive(Serialize, Deserialize, Debug, PartialEq, Default)]
@ -512,10 +565,11 @@ pub struct ConfigFile {
pub stats_file: Option<String>, pub stats_file: Option<String>,
pub statsd: Option<ConfigFileStatsd>, pub statsd: Option<ConfigFileStatsd>,
pub user: Option<String>, pub user: Option<String>,
pub group: Option<String> pub group: Option<String>,
pub hook: Option<String>,
pub hooks: HashMap<String, String>
} }
#[test] #[test]
fn config_file() { fn config_file() {
let config_file = " let config_file = "
@ -582,7 +636,9 @@ statsd:
statsd: Some(ConfigFileStatsd { statsd: Some(ConfigFileStatsd {
server: Some("example.com:1234".to_string()), server: Some("example.com:1234".to_string()),
prefix: Some("prefix".to_string()) prefix: Some("prefix".to_string())
}) }),
hook: None,
hooks: HashMap::new()
}) })
} }
@ -616,9 +672,12 @@ fn default_config_as_default() {
statsd_server: None, statsd_server: None,
statsd_prefix: None, statsd_prefix: None,
user: None, user: None,
group: None group: None,
hook: None,
hooks: HashMap::new()
}; };
let default_config_file = serde_yaml::from_str::<ConfigFile>(include_str!("../assets/example.net.disabled")).unwrap(); let default_config_file =
serde_yaml::from_str::<ConfigFile>(include_str!("../assets/example.net.disabled")).unwrap();
default_config.merge_file(default_config_file); default_config.merge_file(default_config_file);
assert_eq!(default_config, Config::default()); assert_eq!(default_config, Config::default());
} }
@ -659,7 +718,9 @@ fn config_merge() {
statsd: Some(ConfigFileStatsd { statsd: Some(ConfigFileStatsd {
server: Some("example.com:1234".to_string()), server: Some("example.com:1234".to_string()),
prefix: Some("prefix".to_string()) prefix: Some("prefix".to_string())
}) }),
hook: None,
hooks: HashMap::new()
}); });
assert_eq!(config, Config { assert_eq!(config, Config {
device_type: Type::Tun, device_type: Type::Tun,
@ -748,6 +809,8 @@ fn config_merge() {
stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()), stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()),
statsd_server: Some("example.com:2345".to_string()), statsd_server: Some("example.com:2345".to_string()),
statsd_prefix: Some("prefix2".to_string()), statsd_prefix: Some("prefix2".to_string()),
daemonize: true daemonize: true,
hook: None,
hooks: HashMap::new()
}); });
} }

View File

@ -1,41 +1,41 @@
//! This module implements a crypto core for encrypting and decrypting message streams // This module implements a crypto core for encrypting and decrypting message streams
//! //
//! The crypto core only encrypts and decrypts messages, using given keys. Negotiating and rotating the keys is out of // The crypto core only encrypts and decrypts messages, using given keys. Negotiating and rotating the keys is out of
//! scope of the crypto core. The crypto core assumes that the remote node will always have the necessary key to decrypt // scope of the crypto core. The crypto core assumes that the remote node will always have the necessary key to decrypt
//! the message. // the message.
//! //
//! The crypto core encrypts messages in place, writes some extra data (key id and nonce) into a given space and // The crypto core encrypts messages in place, writes some extra data (key id and nonce) into a given space and
//! includes the given header data in the authentication tag. When decrypting messages, the crypto core reads the extra // includes the given header data in the authentication tag. When decrypting messages, the crypto core reads the extra
//! data, uses the key id to find the right key to decrypting the message and then decrypts the message, using the given // data, uses the key id to find the right key to decrypting the message and then decrypts the message, using the given
//! nonce and including the given header data in the verification of the authentication tag. // nonce and including the given header data in the verification of the authentication tag.
//! //
//! While the core only uses a single key at a time for encrypting messages, it is ready to decrypt messages based on // While the core only uses a single key at a time for encrypting messages, it is ready to decrypt messages based on
//! one of 4 stored keys (the encryption key being one of them). An external key rotation is responsible for adding the // one of 4 stored keys (the encryption key being one of them). An external key rotation is responsible for adding the
//! key to the remote peer before switching to the key on the local peer for encryption. // key to the remote peer before switching to the key on the local peer for encryption.
//! //
//! As mentioned, the encryption and decryption works in place. Therefore the parameter payload_and_tag contains (when // As mentioned, the encryption and decryption works in place. Therefore the parameter payload_and_tag contains (when
//! decrypting) or provides space for (when encrypting) the payload and the authentication tag. When encrypting, that // decrypting) or provides space for (when encrypting) the payload and the authentication tag. When encrypting, that
//! means, that the last TAG_LEN bytes of payload_and_tag must be reserved for the tag and must not contain payload // means, that the last TAG_LEN bytes of payload_and_tag must be reserved for the tag and must not contain payload
//! bytes. // bytes.
//! //
//! The nonce is a value of 12 bytes (192 bits). Since both nodes can use the same key for encryption, the most // The nonce is a value of 12 bytes (192 bits). Since both nodes can use the same key for encryption, the most
//! significant byte (msb) of the nonce is initialized differently on both peers: one peer uses the value 0x00 and the // significant byte (msb) of the nonce is initialized differently on both peers: one peer uses the value 0x00 and the
//! other one 0x80. That means that the nonce space is essentially divided in two halves, one for each node. // other one 0x80. That means that the nonce space is essentially divided in two halves, one for each node.
//! //
//! To save space and keep the encrypted data aligned to 64 bits, not all bytes of the nonce are transferred. Instead, // To save space and keep the encrypted data aligned to 64 bits, not all bytes of the nonce are transferred. Instead,
//! only 7 bytes are included in messages (another byte is used for the key id, hence 64 bit alignment). The rest of the // only 7 bytes are included in messages (another byte is used for the key id, hence 64 bit alignment). The rest of the
//! nonce is deduced by the nodes: All other bytes are assumed to be 0x00, except for the most significant byte, which // nonce is deduced by the nodes: All other bytes are assumed to be 0x00, except for the most significant byte, which
//! is assumed to be the opposite ones own msb. This has two nice effects: // is assumed to be the opposite ones own msb. This has two nice effects:
//! 1) Long before the nonce could theoretically repeat, the messages can no longer be decrypted by the peer as the // 1) Long before the nonce could theoretically repeat, the messages can no longer be decrypted by the peer as the
//! higher bytes are no longer zero as assumed. // higher bytes are no longer zero as assumed.
//! 2) By deducing the msb to be the opposite of ones own msb, it is no longer possible for an attacker to redirect a // 2) By deducing the msb to be the opposite of ones own msb, it is no longer possible for an attacker to redirect a
//! message back to the sender because then the assumed nonce will be wrong and the message fails to decrypt. Otherwise, // message back to the sender because then the assumed nonce will be wrong and the message fails to decrypt. Otherwise,
//! this could lead to problems as nodes would be able to accidentally decrypt their own messages. // this could lead to problems as nodes would be able to accidentally decrypt their own messages.
//! //
//! In order to be resistent against replay attacks but allow for reordering of messages, the crypto core uses nonce // In order to be resistent against replay attacks but allow for reordering of messages, the crypto core uses nonce
//! pinning. For every active key, the biggest nonce seen so far is being tracked. Every second, the biggest nonce seen // pinning. For every active key, the biggest nonce seen so far is being tracked. Every second, the biggest nonce seen
//! one second ago plus 1 becomes the minimum nonce that is accepted for that key. That means, that reordering can // one second ago plus 1 becomes the minimum nonce that is accepted for that key. That means, that reordering can
//! happen within one second but after a second, old messages will not be accepted anymore. // happen within one second but after a second, old messages will not be accepted anymore.
use byteorder::{ReadBytesExt, WriteBytesExt}; use byteorder::{ReadBytesExt, WriteBytesExt};
use ring::{ use ring::{
@ -467,37 +467,3 @@ mod tests {
assert!(speed > 10.0); assert!(speed > 10.0);
} }
} }
#[cfg(feature = "bench")]
mod benches {
use super::*;
use test::Bencher;
fn crypto_bench(b: &mut Bencher, algo: &'static aead::Algorithm) {
let mut buffer = MsgBuffer::new(EXTRA_LEN);
buffer.set_length(1400);
let (mut sender, mut receiver) = create_dummy_pair(algo);
b.iter(|| {
sender.encrypt(&mut buffer);
receiver.decrypt(&mut buffer).unwrap();
});
b.bytes = 1400;
}
#[bench]
fn crypto_chacha20(b: &mut Bencher) {
crypto_bench(b, &aead::CHACHA20_POLY1305)
}
#[bench]
fn crypto_aes128(b: &mut Bencher) {
crypto_bench(b, &aead::AES_128_GCM)
}
#[bench]
fn crypto_aes256(b: &mut Bencher) {
crypto_bench(b, &aead::AES_256_GCM)
}
}

View File

@ -1,59 +1,61 @@
//! This module implements a 3-way handshake to initialize an authenticated and encrypted connection. // This module implements a 3-way handshake to initialize an authenticated and encrypted connection.
//! //
//! The handshake assumes that each node has a asymmetric Curve 25519 key pair as well as a list of trusted public keys // The handshake assumes that each node has a asymmetric Curve 25519 key pair as well as a list of trusted public keys
//! and a set of supported crypto algorithms as well as the expected speed when using them. If successful, the handshake // and a set of supported crypto algorithms as well as the expected speed when using them. If successful, the handshake
//! will negotiate a crypto algorithm to use and a common ephemeral symmetric key and exchange a given payload between // will negotiate a crypto algorithm to use and a common ephemeral symmetric key and exchange a given payload between
//! the nodes. // the nodes.
//! //
//! The handshake consists of 3 stages, "ping", "pong" and "peng". In the following description, the node that initiates // The handshake consists of 3 stages, "ping", "pong" and "peng". In the following description, the node that initiates
//! the connection is named "A" and the other node is named "B". Since a lot of things are going on in parallel in the // the connection is named "A" and the other node is named "B". Since a lot of things are going on in parallel in the
//! handshake, those aspects are described separately in the following paragraphs. // handshake, those aspects are described separately in the following paragraphs.
//! //
//! Every message contains the node id of the sender. If a node receives a message with its own node id, it just ignores // Every message contains the node id of the sender. If a node receives a message with its own node id, it just ignores
//! it and closes the connection. This is the way nodes avoid to connect to themselves as it is not trivial for a node // it and closes the connection. This is the way nodes avoid to connect to themselves as it is not trivial for a node
//! to know its own addresses (especially in the case of NAT). // to know its own addresses (especially in the case of NAT).
//! //
//! All initialization messages are signed by the asymmetric key of the sender. Also the messages indicate the public // All initialization messages are signed by the asymmetric key of the sender. Also the messages indicate the public
//! key being used, so the receiver can use the correct public key to verify the signature. The public key itself is not // key being used, so the receiver can use the correct public key to verify the signature. The public key itself is not
//! attached to the message for privacy reasons (the public key is stable over multiple restarts while the node id is // attached to the message for privacy reasons (the public key is stable over multiple restarts while the node id is
//! only valid for a single run). Instead, a 2 byte salt value as well as the last 2 bytes of the salted sha 2 hash of // only valid for a single run). Instead, a 2 byte salt value as well as the last 2 bytes of the salted sha 2 hash of
//! the public key are used to identify the public key. This way, a receiver that trusts this public key can identify // the public key are used to identify the public key. This way, a receiver that trusts this public key can identify
//! it but a random observer can't. If the public key is unknown or the signature can't be verified, the message is // it but a random observer can't. If the public key is unknown or the signature can't be verified, the message is
//! ignored. // ignored.
//! //
//! Every message contains a byte that specifies the stage (ping = 1, pong = 2, peng = 3). If a message with an // Every message contains a byte that specifies the stage (ping = 1, pong = 2, peng = 3). If a message with an
//! unexpected stage is received, it is ignored and the last message that has been sent is repeated. There is only one // unexpected stage is received, it is ignored and the last message that has been sent is repeated. There is only one
//! exception to this rule: if a "pong" message is expected, but a "ping" message is received instead AND the node id of // exception to this rule: if a "pong" message is expected, but a "ping" message is received instead AND the node id of
//! the sender is greater than the node id of the receiver, the receiving node will reset its state and assume the role // the sender is greater than the node id of the receiver, the receiving node will reset its state and assume the role
//! of a receiver of the initialization (i.e. "B"). This is used to "negotiate" the roles A and B when both nodes // of a receiver of the initialization (i.e. "B"). This is used to "negotiate" the roles A and B when both nodes
//! initiate the connection in parallel and think they are A. // initiate the connection in parallel and think they are A.
//! //
//! Upon connection creation, both nodes create a random ephemeral ECDH key pair and exchange the public keys in the // Upon connection creation, both nodes create a random ephemeral ECDH key pair and exchange the public keys in the
//! ping and pong messages. A sends the ping message to B containing A's public key and B replies with a pong message // ping and pong messages. A sends the ping message to B containing A's public key and B replies with a pong message
//! containing B's public key. That means, that after receiving the ping message B can calculate the shared key material // containing B's public key. That means, that after receiving the ping message B can calculate the shared key material
//! and after receiving the pong message A can calculate the shared key material. // and after receiving the pong message A can calculate the shared key material.
//! //
//! The ping message and the pong message contain a set of supported crypto algorithms together with the estimated // The ping message and the pong message contain a set of supported crypto algorithms together with the estimated
//! speeds of the algorithms. When B receives a ping message, or A receives a pong message, it can combine this // speeds of the algorithms. When B receives a ping message, or A receives a pong message, it can combine this
//! information with its own algorithm list and select the algorithm with the best expected speed for the crypto core. // information with its own algorithm list and select the algorithm with the best expected speed for the crypto core.
//! //
//! The pong and peng message contain the payload that the nodes want to exchange in the initialization phase apart from // The pong and peng message contain the payload that the nodes want to exchange in the initialization phase apart from
//! the cryptographic initialization. This payload is encoded according to the application and encrypted using the key // the cryptographic initialization. This payload is encoded according to the application and encrypted using the key
//! material and the crypto algorithm that have been negotiated via the ping and pong messages. The pong message, // material and the crypto algorithm that have been negotiated via the ping and pong messages. The pong message,
//! therefore contains information to set up symmetric encryption as well as a part that is already encrypted. // therefore contains information to set up symmetric encryption as well as a part that is already encrypted.
//! //
//! The handshake ends for A after sending the peng message and for B after receiving this message. At this time both // The handshake ends for A after sending the peng message and for B after receiving this message. At this time both
//! nodes initialize the connection using the payload and enter normal operation. The negotiated crypto core is used for // nodes initialize the connection using the payload and enter normal operation. The negotiated crypto core is used for
//! future communication and the key rotation is started. Since the peng message can be lost, A needs to keep the // future communication and the key rotation is started. Since the peng message can be lost, A needs to keep the
//! initialization state in order to repeat a lost peng message. After one second, A removes that state. // initialization state in order to repeat a lost peng message. After one second, A removes that state.
//! //
//! Once every second, both nodes check whether they have already finished the initialization. If not, they repeat their // Once every second, both nodes check whether they have already finished the initialization. If not, they repeat their
//! last message. After 5 seconds, the initialization is aborted as failed. // last message. After 5 seconds, the initialization is aborted as failed.
use super::{ use super::{
core::{CryptoCore, EXTRA_LEN}, core::{CryptoCore, EXTRA_LEN},
Algorithms, EcdhPrivateKey, EcdhPublicKey, Ed25519PublicKey, Error, MsgBuffer, Payload rotate::RotationState,
Algorithms, EcdhPrivateKey, EcdhPublicKey, Ed25519PublicKey, Error, MsgBuffer, Payload, PeerCrypto,
MESSAGE_TYPE_ROTATION
}; };
use crate::types::NodeId; use crate::types::NodeId;
use byteorder::{NetworkEndian, ReadBytesExt, WriteBytesExt}; use byteorder::{NetworkEndian, ReadBytesExt, WriteBytesExt};
@ -72,6 +74,7 @@ use std::{
sync::Arc sync::Arc
}; };
pub const INIT_MESSAGE_FIRST_BYTE: u8 = 0xff;
pub const STAGE_PING: u8 = 1; pub const STAGE_PING: u8 = 1;
pub const STAGE_PONG: u8 = 2; pub const STAGE_PONG: u8 = 2;
@ -85,6 +88,11 @@ pub const SALTED_NODE_ID_HASH_LEN: usize = 20;
pub type SaltedNodeIdHash = [u8; SALTED_NODE_ID_HASH_LEN]; pub type SaltedNodeIdHash = [u8; SALTED_NODE_ID_HASH_LEN];
pub fn is_init_message(msg: &[u8]) -> bool {
!msg.is_empty() && msg[0] == INIT_MESSAGE_FIRST_BYTE
}
#[allow(clippy::large_enum_variant)] #[allow(clippy::large_enum_variant)]
pub enum InitMsg { pub enum InitMsg {
Ping { Ping {
@ -141,6 +149,9 @@ impl InitMsg {
fn read_from(buffer: &[u8], trusted_keys: &[Ed25519PublicKey]) -> Result<(Self, Ed25519PublicKey), Error> { fn read_from(buffer: &[u8], trusted_keys: &[Ed25519PublicKey]) -> Result<(Self, Ed25519PublicKey), Error> {
let mut r = Cursor::new(buffer); let mut r = Cursor::new(buffer);
if r.read_u8().map_err(|_| Error::Parse("Init message too short"))? != INIT_MESSAGE_FIRST_BYTE {
return Err(Error::Parse("Init message has invalid first byte"))
}
let mut public_key_salt = [0; 4]; let mut public_key_salt = [0; 4];
r.read_exact(&mut public_key_salt).map_err(|_| Error::Parse("Init message too short"))?; r.read_exact(&mut public_key_salt).map_err(|_| Error::Parse("Init message too short"))?;
let mut public_key_hash = [0; 4]; let mut public_key_hash = [0; 4];
@ -290,6 +301,7 @@ impl InitMsg {
fn write_to(&self, buffer: &mut [u8], key: &Ed25519KeyPair) -> Result<usize, io::Error> { fn write_to(&self, buffer: &mut [u8], key: &Ed25519KeyPair) -> Result<usize, io::Error> {
let mut w = Cursor::new(buffer); let mut w = Cursor::new(buffer);
w.write_u8(INIT_MESSAGE_FIRST_BYTE)?;
let rand = SystemRandom::new(); let rand = SystemRandom::new();
let mut salt = [0; 4]; let mut salt = [0; 4];
rand.fill(&mut salt).unwrap(); rand.fill(&mut salt).unwrap();
@ -378,9 +390,9 @@ pub enum InitResult<P: Payload> {
Success { peer_payload: P, is_initiator: bool } Success { peer_payload: P, is_initiator: bool }
} }
pub struct InitState<P: Payload> { pub struct InitState<P: Payload> {
node_id: NodeId, node_id: NodeId,
is_initiator: bool,
salted_node_id_hash: SaltedNodeIdHash, salted_node_id_hash: SaltedNodeIdHash,
payload: P, payload: P,
key_pair: Arc<Ed25519KeyPair>, key_pair: Arc<Ed25519KeyPair>,
@ -389,7 +401,7 @@ pub struct InitState<P: Payload> {
next_stage: u8, next_stage: u8,
close_time: usize, close_time: usize,
last_message: Option<Vec<u8>>, last_message: Option<Vec<u8>>,
crypto: Option<CryptoCore>, crypto: Option<Arc<CryptoCore>>,
algorithms: Algorithms, algorithms: Algorithms,
selected_algorithm: Option<&'static Algorithm>, selected_algorithm: Option<&'static Algorithm>,
failed_retries: usize failed_retries: usize
@ -409,6 +421,7 @@ impl<P: Payload> InitState<P> {
hash[4..].clone_from_slice(&d.as_ref()[..16]); hash[4..].clone_from_slice(&d.as_ref()[..16]);
Self { Self {
node_id, node_id,
is_initiator: false,
salted_node_id_hash: hash, salted_node_id_hash: hash,
payload, payload,
key_pair, key_pair,
@ -431,7 +444,7 @@ impl<P: Payload> InitState<P> {
// create stage 1 msg // create stage 1 msg
self.send_message(STAGE_PING, Some(ecdh_public_key), out); self.send_message(STAGE_PING, Some(ecdh_public_key), out);
self.is_initiator = true;
self.next_stage = STAGE_PONG; self.next_stage = STAGE_PONG;
} }
@ -588,6 +601,7 @@ impl<P: Payload> InitState<P> {
// the node with the higher node_id "wins" and gets to initialize the connection // the node with the higher node_id "wins" and gets to initialize the connection
if salted_node_id_hash > self.salted_node_id_hash { if salted_node_id_hash > self.salted_node_id_hash {
// reset to initial state // reset to initial state
self.is_initiator = false;
self.next_stage = STAGE_PING; self.next_stage = STAGE_PING;
self.last_message = None; self.last_message = None;
self.ecdh_private_key = None; self.ecdh_private_key = None;
@ -614,7 +628,8 @@ impl<P: Payload> InitState<P> {
self.selected_algorithm = algorithm.map(|a| a.0); self.selected_algorithm = algorithm.map(|a| a.0);
if let Some((algorithm, _speed)) = algorithm { if let Some((algorithm, _speed)) = algorithm {
let master_key = self.derive_master_key(algorithm, my_ecdh_private_key, &ecdh_public_key); let master_key = self.derive_master_key(algorithm, my_ecdh_private_key, &ecdh_public_key);
self.crypto = Some(CryptoCore::new(master_key, self.salted_node_id_hash > salted_node_id_hash)); self.crypto =
Some(Arc::new(CryptoCore::new(master_key, self.salted_node_id_hash > salted_node_id_hash)));
} }
// create and send stage 2 reply // create and send stage 2 reply
@ -630,7 +645,8 @@ impl<P: Payload> InitState<P> {
self.selected_algorithm = algorithm.map(|a| a.0); self.selected_algorithm = algorithm.map(|a| a.0);
if let Some((algorithm, _speed)) = algorithm { if let Some((algorithm, _speed)) = algorithm {
let master_key = self.derive_master_key(algorithm, ecdh_private_key, &ecdh_public_key); let master_key = self.derive_master_key(algorithm, ecdh_private_key, &ecdh_public_key);
self.crypto = Some(CryptoCore::new(master_key, self.salted_node_id_hash > salted_node_id_hash)); self.crypto =
Some(Arc::new(CryptoCore::new(master_key, self.salted_node_id_hash > salted_node_id_hash)));
} }
// decrypt the payload // decrypt the payload
@ -657,8 +673,19 @@ impl<P: Payload> InitState<P> {
} }
} }
pub fn take_core(&mut self) -> Option<CryptoCore> { pub fn finish(self, buffer: &mut MsgBuffer) -> PeerCrypto {
self.crypto.take() assert!(buffer.is_empty());
let rotation = if self.crypto.is_some() { Some(RotationState::new(!self.is_initiator, buffer)) } else { None };
if !buffer.is_empty() {
buffer.prepend_byte(MESSAGE_TYPE_ROTATION);
}
PeerCrypto {
algorithm: self.crypto.map(|c| c.algorithm()),
core: self.crypto,
rotation,
rotate_counter: 0,
last_init_message: self.last_message
}
} }
} }

View File

@ -2,11 +2,10 @@ mod core;
mod init; mod init;
mod rotate; mod rotate;
pub use self::core::{EXTRA_LEN, TAG_LEN, CryptoCore}; use self::{core::test_speed, init::InitState, rotate::RotationState};
use self::{ pub use self::{
core::{test_speed, CryptoCore}, core::{CryptoCore, EXTRA_LEN, TAG_LEN},
init::{InitResult, InitState, CLOSING}, init::{is_init_message, INIT_MESSAGE_FIRST_BYTE}
rotate::RotationState
}; };
use crate::{ use crate::{
error::Error, error::Error,
@ -26,7 +25,7 @@ use thiserror::Error;
const SALT: &[u8; 32] = b"vpncloudVPNCLOUDvpncl0udVpnCloud"; const SALT: &[u8; 32] = b"vpncloudVPNCLOUDvpncl0udVpnCloud";
const INIT_MESSAGE_FIRST_BYTE: u8 = 0xff;
const MESSAGE_TYPE_ROTATION: u8 = 0x10; const MESSAGE_TYPE_ROTATION: u8 = 0x10;
pub type Ed25519PublicKey = [u8; ED25519_PUBLIC_KEY_LEN]; pub type Ed25519PublicKey = [u8; ED25519_PUBLIC_KEY_LEN];
@ -186,100 +185,35 @@ impl Crypto {
Ok(result) Ok(result)
} }
pub fn peer_instance<P: Payload>(&self, payload: P) -> PeerCrypto<P> { pub fn peer_instance<P: Payload>(&self, payload: P) -> InitState<P> {
PeerCrypto::new( InitState::new(self.node_id, payload, self.key_pair.clone(), self.trusted_keys.clone(), self.algorithms.clone())
self.node_id,
payload,
self.key_pair.clone(),
self.trusted_keys.clone(),
self.algorithms.clone()
)
} }
} }
#[derive(Debug, PartialEq)] #[derive(Debug, PartialEq)]
pub enum MessageResult<P: Payload> { pub enum MessageResult {
Message(u8), Message(u8),
Initialized(P),
InitializedWithReply(P),
Reply, Reply,
None None
} }
pub struct PeerCrypto<P: Payload> { // TODO: completely rewrite
// PeerCrypto is only for initialized crypto
// Init is consumed and generates PeerCrypto
pub struct PeerCrypto {
#[allow(dead_code)] #[allow(dead_code)]
node_id: NodeId, last_init_message: Option<Vec<u8>>,
init: Option<InitState<P>>, algorithm: Option<&'static Algorithm>,
rotation: Option<RotationState>, rotation: Option<RotationState>,
unencrypted: bool, core: Option<Arc<CryptoCore>>,
core: Option<CryptoCore>,
rotate_counter: usize rotate_counter: usize
} }
impl<P: Payload> PeerCrypto<P> { impl PeerCrypto {
pub fn new(
node_id: NodeId, init_payload: P, key_pair: Arc<Ed25519KeyPair>, trusted_keys: Arc<[Ed25519PublicKey]>,
algorithms: Algorithms
) -> Self
{
Self {
node_id,
init: Some(InitState::new(node_id, init_payload, key_pair, trusted_keys, algorithms)),
rotation: None,
unencrypted: false,
core: None,
rotate_counter: 0
}
}
fn get_init(&mut self) -> Result<&mut InitState<P>, Error> {
if let Some(init) = &mut self.init {
Ok(init)
} else {
Err(Error::InvalidCryptoState("Initialization already finished"))
}
}
fn get_core(&mut self) -> Result<&mut CryptoCore, Error> {
if let Some(core) = &mut self.core {
Ok(core)
} else {
Err(Error::InvalidCryptoState("Crypto core not ready yet"))
}
}
fn get_rotation(&mut self) -> Result<&mut RotationState, Error> {
if let Some(rotation) = &mut self.rotation {
Ok(rotation)
} else {
Err(Error::InvalidCryptoState("Key rotation not initialized"))
}
}
pub fn initialize(&mut self, out: &mut MsgBuffer) -> Result<(), Error> {
let init = self.get_init()?;
if init.stage() != init::STAGE_PING {
Err(Error::InvalidCryptoState("Initialization already ongoing"))
} else {
init.send_ping(out);
out.prepend_byte(INIT_MESSAGE_FIRST_BYTE);
Ok(())
}
}
pub fn has_init(&self) -> bool {
self.init.is_some()
}
pub fn is_ready(&self) -> bool {
self.core.is_some()
}
pub fn algorithm_name(&self) -> &'static str { pub fn algorithm_name(&self) -> &'static str {
if let Some(ref core) = self.core { if let Some(algo) = self.algorithm {
let algo = core.algorithm();
if algo == &aead::CHACHA20_POLY1305 { if algo == &aead::CHACHA20_POLY1305 {
"CHACHA20" "CHACHA20"
} else if algo == &aead::AES_128_GCM { } else if algo == &aead::AES_128_GCM {
@ -294,78 +228,54 @@ impl<P: Payload> PeerCrypto<P> {
} }
} }
fn handle_init_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult<P>, Error> { fn handle_init_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult, Error> {
let result = self.get_init()?.handle_init(buffer)?; // TODO: parse message stage
if !buffer.is_empty() { // TODO: depending on stage resend last message
buffer.prepend_byte(INIT_MESSAGE_FIRST_BYTE); Ok(MessageResult::None)
}
match result {
InitResult::Continue => Ok(MessageResult::Reply),
InitResult::Success { peer_payload, is_initiator } => {
self.core = self.get_init()?.take_core();
if self.core.is_none() {
self.unencrypted = true;
}
if self.get_init()?.stage() == init::CLOSING {
self.init = None
}
if self.core.is_some() {
self.rotation = Some(RotationState::new(!is_initiator, buffer));
}
if !is_initiator {
if self.unencrypted {
return Ok(MessageResult::Initialized(peer_payload))
}
assert!(!buffer.is_empty());
buffer.prepend_byte(MESSAGE_TYPE_ROTATION);
self.encrypt_message(buffer)?;
}
Ok(MessageResult::InitializedWithReply(peer_payload))
}
}
} }
fn handle_rotate_message(&mut self, data: &[u8]) -> Result<(), Error> { fn handle_rotate_message(&mut self, data: &[u8]) -> Result<(), Error> {
if self.unencrypted { if let Some(rotation) = &mut self.rotation {
return Ok(()) if let Some(rot) = rotation.handle_message(data)? {
} let algo = self.algorithm.unwrap();
if let Some(rot) = self.get_rotation()?.handle_message(data)? { let key = LessSafeKey::new(UnboundKey::new(algo, &rot.key[..algo.key_len()]).unwrap());
let core = self.get_core()?; self.core.unwrap().rotate_key(key, rot.id, rot.use_for_sending);
let algo = core.algorithm(); }
let key = LessSafeKey::new(UnboundKey::new(algo, &rot.key[..algo.key_len()]).unwrap());
core.rotate_key(key, rot.id, rot.use_for_sending);
} }
Ok(()) Ok(())
} }
fn encrypt_message(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> { fn encrypt_message(&mut self, buffer: &mut MsgBuffer) {
if self.unencrypted { if let Some(core) = &mut self.core {
return Ok(()) core.encrypt(buffer)
} }
self.get_core()?.encrypt(buffer);
Ok(())
} }
fn decrypt_message(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> { fn decrypt_message(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> {
if self.unencrypted { // HOT PATH
return Ok(()) if let Some(core) = &mut self.core {
core.decrypt(buffer)
} else {
Ok(())
} }
self.get_core()?.decrypt(buffer)
} }
pub fn handle_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult<P>, Error> { pub fn handle_message(&mut self, buffer: &mut MsgBuffer) -> Result<MessageResult, Error> {
// HOT PATH
if buffer.is_empty() { if buffer.is_empty() {
return Err(Error::InvalidCryptoState("No message in buffer")) return Err(Error::InvalidCryptoState("No message in buffer"))
} }
if is_init_message(buffer.buffer()) { if is_init_message(buffer.buffer()) {
// COLD PATH
debug!("Received init message"); debug!("Received init message");
buffer.take_prefix();
self.handle_init_message(buffer) self.handle_init_message(buffer)
} else { } else {
// HOT PATH
debug!("Received encrypted message"); debug!("Received encrypted message");
self.decrypt_message(buffer)?; self.decrypt_message(buffer)?;
let msg_type = buffer.take_prefix(); let msg_type = buffer.take_prefix();
if msg_type == MESSAGE_TYPE_ROTATION { if msg_type == MESSAGE_TYPE_ROTATION {
// COLD PATH
debug!("Received rotation message"); debug!("Received rotation message");
self.handle_rotate_message(buffer.buffer())?; self.handle_rotate_message(buffer.buffer())?;
buffer.clear(); buffer.clear();
@ -376,52 +286,38 @@ impl<P: Payload> PeerCrypto<P> {
} }
} }
pub fn send_message(&mut self, type_: u8, buffer: &mut MsgBuffer) -> Result<(), Error> { pub fn send_message(&mut self, type_: u8, buffer: &mut MsgBuffer) {
// HOT PATH
assert_ne!(type_, MESSAGE_TYPE_ROTATION); assert_ne!(type_, MESSAGE_TYPE_ROTATION);
buffer.prepend_byte(type_); buffer.prepend_byte(type_);
self.encrypt_message(buffer) self.encrypt_message(buffer);
} }
pub fn every_second(&mut self, out: &mut MsgBuffer) -> Result<MessageResult<P>, Error> { pub fn every_second(&mut self, out: &mut MsgBuffer) -> MessageResult {
out.clear(); out.clear();
if let Some(ref mut core) = self.core { if let Some(ref mut core) = self.core {
core.every_second() core.every_second()
} }
if let Some(ref mut init) = self.init {
init.every_second(out)?;
}
if self.init.as_ref().map(|i| i.stage()).unwrap_or(CLOSING) == CLOSING {
self.init = None
}
if !out.is_empty() {
out.prepend_byte(INIT_MESSAGE_FIRST_BYTE);
return Ok(MessageResult::Reply)
}
if let Some(ref mut rotate) = self.rotation { if let Some(ref mut rotate) = self.rotation {
self.rotate_counter += 1; self.rotate_counter += 1;
if self.rotate_counter >= ROTATE_INTERVAL { if self.rotate_counter >= ROTATE_INTERVAL {
self.rotate_counter = 0; self.rotate_counter = 0;
if let Some(rot) = rotate.cycle(out) { if let Some(rot) = rotate.cycle(out) {
let core = self.get_core()?; let algo = self.algorithm.unwrap();
let algo = core.algorithm();
let key = LessSafeKey::new(UnboundKey::new(algo, &rot.key[..algo.key_len()]).unwrap()); let key = LessSafeKey::new(UnboundKey::new(algo, &rot.key[..algo.key_len()]).unwrap());
core.rotate_key(key, rot.id, rot.use_for_sending); self.core.unwrap().rotate_key(key, rot.id, rot.use_for_sending);
} }
if !out.is_empty() { if !out.is_empty() {
out.prepend_byte(MESSAGE_TYPE_ROTATION); out.prepend_byte(MESSAGE_TYPE_ROTATION);
self.encrypt_message(out)?; self.encrypt_message(out);
return Ok(MessageResult::Reply) return MessageResult::Reply
} }
} }
} }
Ok(MessageResult::None) MessageResult::None
} }
} }
pub fn is_init_message(msg: &[u8]) -> bool {
!msg.is_empty() && msg[0] == INIT_MESSAGE_FIRST_BYTE
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {

View File

@ -1,29 +1,29 @@
//! This module implements a turn based key rotation. // This module implements a turn based key rotation.
//! //
//! The main idea is that both peers periodically create ecdh key pairs and exchange their public keys to create // The main idea is that both peers periodically create ecdh key pairs and exchange their public keys to create
//! common key material. There are always two separate ecdh handshakes going on: one initiated by each peer. // common key material. There are always two separate ecdh handshakes going on: one initiated by each peer.
//! However, one handshake is always one step ahead of the other. That means that every message being sent contains a // However, one handshake is always one step ahead of the other. That means that every message being sent contains a
//! public key from step 1 of the handshake "proposed key" and a public key from step 2 of the handshake "confirmed // public key from step 1 of the handshake "proposed key" and a public key from step 2 of the handshake "confirmed
//! key" (all messages except first message). // key" (all messages except first message).
//! //
//! When receiving a message from the peer, the node will create a new ecdh key pair and perform the key // When receiving a message from the peer, the node will create a new ecdh key pair and perform the key
//! calculation for the proposed key. The peer will store the public key for the confirmation as pending to be // calculation for the proposed key. The peer will store the public key for the confirmation as pending to be
//! confirmed in the next cycle. Also, if the message contains a confirmation (all but the very first message do), // confirmed in the next cycle. Also, if the message contains a confirmation (all but the very first message do),
//! the node will use the stored private key to perform the ecdh key calculation and emit that key to be used in // the node will use the stored private key to perform the ecdh key calculation and emit that key to be used in
//! the crypto stream. // the crypto stream.
//! //
//! Upon each cycle, a node first checks if it still has a proposed key that has not been confirmed by the remote // Upon each cycle, a node first checks if it still has a proposed key that has not been confirmed by the remote
//! peer. If so, a message must have been lost and the whole last message including the proposed key as well as the // peer. If so, a message must have been lost and the whole last message including the proposed key as well as the
//! last confirmed key is being resent. If no proposed key is stored, the node will create a new ecdh key pair, and // last confirmed key is being resent. If no proposed key is stored, the node will create a new ecdh key pair, and
//! store the private key as proposed key. It then sends out a message containing the public key as proposal, as // store the private key as proposed key. It then sends out a message containing the public key as proposal, as
//! well as confirming the pending key. This key is also emitted to be added to the crypto stream but not to be // well as confirming the pending key. This key is also emitted to be added to the crypto stream but not to be
//! used for encrypting. // used for encrypting.
//! //
//! Monotonically increasing message ids guard the communication from message duplication and also serve as // Monotonically increasing message ids guard the communication from message duplication and also serve as
//! identifiers for the keys to be used in the crypto stream. Since the keys are rotating, the last 2 bits of the // identifiers for the keys to be used in the crypto stream. Since the keys are rotating, the last 2 bits of the
//! id are enough to identify the key. // id are enough to identify the key.
//! //
//! The whole communication is sent via the crypto stream and is therefore encrypted and protected against tampering. // The whole communication is sent via the crypto stream and is therefore encrypted and protected against tampering.
use super::{Error, Key, MsgBuffer}; use super::{Error, Key, MsgBuffer};
use byteorder::{NetworkEndian, ReadBytesExt, WriteBytesExt}; use byteorder::{NetworkEndian, ReadBytesExt, WriteBytesExt};

View File

@ -5,12 +5,12 @@
use std::{ use std::{
cmp, cmp,
collections::VecDeque, collections::VecDeque,
convert::TryInto,
fmt, fmt,
fs::{self, File}, fs::{self, File},
io::{self, BufRead, BufReader, Cursor, Error as IoError, Read, Write}, io::{self, BufRead, BufReader, Cursor, Error as IoError, Read, Write},
net::{Ipv4Addr, UdpSocket}, net::{Ipv4Addr, UdpSocket},
os::unix::io::{AsRawFd, RawFd}, os::unix::io::{AsRawFd, RawFd},
convert::TryInto,
str, str,
str::FromStr str::FromStr
}; };
@ -36,7 +36,7 @@ struct IfReq {
impl IfReq { impl IfReq {
fn new(name: &str) -> Self { fn new(name: &str) -> Self {
assert!(name.len() < libc::IF_NAMESIZE); assert!(name.len() < libc::IF_NAMESIZE);
let mut ifr_name = [0 as u8; libc::IF_NAMESIZE]; let mut ifr_name = [0; libc::IF_NAMESIZE];
ifr_name[..name.len()].clone_from_slice(name.as_bytes()); ifr_name[..name.len()].clone_from_slice(name.as_bytes());
Self { ifr_name, data: IfReqData { _dummy: [0; 24] } } Self { ifr_name, data: IfReqData { _dummy: [0; 24] } }
} }
@ -329,7 +329,7 @@ impl Device for MockDevice {
} }
fn ifname(&self) -> &str { fn ifname(&self) -> &str {
unimplemented!() "mock0"
} }
fn read(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> { fn read(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> {

View File

@ -30,7 +30,8 @@ use crate::{
device::{Device, Type}, device::{Device, Type},
error::Error, error::Error,
messages::{ messages::{
AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE, MESSAGE_TYPE_NODE_INFO AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE,
MESSAGE_TYPE_NODE_INFO
}, },
net::{mapped_addr, Socket}, net::{mapped_addr, Socket},
payload::Protocol, payload::Protocol,
@ -39,7 +40,7 @@ use crate::{
table::ClaimTable, table::ClaimTable,
traffic::TrafficStats, traffic::TrafficStats,
types::{Address, Mode, NodeId, Range, RangeList}, types::{Address, Mode, NodeId, Range, RangeList},
util::{addr_nice, resolve, CtrlC, Duration, MsgBuffer, StatsdMsg, Time, TimeSource} util::{addr_nice, bytes_to_hex, resolve, CtrlC, Duration, MsgBuffer, StatsdMsg, Time, TimeSource}
}; };
pub type Hash = BuildHasherDefault<FnvHasher>; pub type Hash = BuildHasherDefault<FnvHasher>;
@ -129,6 +130,9 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
info!("Auto-claiming {} due to interface address", range); info!("Auto-claiming {} due to interface address", range);
claims.push(range); claims.push(range);
} }
Err(Error::DeviceIo(_, e)) if e.kind() == io::ErrorKind::AddrNotAvailable => {
info!("No address set on interface.")
}
Err(e) => error!("{}", e) Err(e) => error!("{}", e)
} }
} }
@ -202,6 +206,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
#[inline] #[inline]
fn send_to(&mut self, addr: SocketAddr, msg: &mut MsgBuffer) -> Result<(), Error> { fn send_to(&mut self, addr: SocketAddr, msg: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
debug!("Sending msg with {} bytes to {}", msg.len(), addr); debug!("Sending msg with {} bytes to {}", msg.len(), addr);
self.traffic.count_out_traffic(addr, msg.len()); self.traffic.count_out_traffic(addr, msg.len());
match self.socket.send(msg.message(), addr) { match self.socket.send(msg.message(), addr) {
@ -213,6 +218,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
#[inline] #[inline]
fn send_msg(&mut self, addr: SocketAddr, type_: u8, msg: &mut MsgBuffer) -> Result<(), Error> { fn send_msg(&mut self, addr: SocketAddr, type_: u8, msg: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
debug!("Sending msg with {} bytes to {}", msg.len(), addr); debug!("Sending msg with {} bytes to {}", msg.len(), addr);
let peer = match self.peers.get_mut(&addr) { let peer = match self.peers.get_mut(&addr) {
Some(peer) => peer, Some(peer) => peer,
@ -229,6 +235,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
self.own_addresses.push(pfw.get_internal_ip().into()); self.own_addresses.push(pfw.get_internal_ip().into());
self.own_addresses.push(pfw.get_external_ip().into()); self.own_addresses.push(pfw.get_external_ip().into());
} }
// TODO: detect address changes and call event
Ok(()) Ok(())
} }
@ -283,6 +290,13 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
return Ok(()) return Ok(())
} }
} }
if !addrs.is_empty() {
self.config.call_hook(
"peer_connecting",
vec![("PEER", format!("{:?}", addr_nice(addrs[0]))), ("IFNAME", self.device.ifname().to_owned())],
true
);
}
// Send a message to each resolved address // Send a message to each resolved address
for a in addrs { for a in addrs {
// Ignore error this time // Ignore error this time
@ -458,6 +472,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
self.next_stats_out = now + STATS_INTERVAL; self.next_stats_out = now + STATS_INTERVAL;
self.traffic.period(Some(5)); self.traffic.period(Some(5));
} }
// TODO: every 5 minutes: EVENT periodic
if let Some(peers) = self.beacon_serializer.get_cmd_results() { if let Some(peers) = self.beacon_serializer.get_cmd_results() {
debug!("Loaded beacon with peers: {:?}", peers); debug!("Loaded beacon with peers: {:?}", peers);
for peer in peers { for peer in peers {
@ -601,15 +616,18 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
} }
pub fn handle_interface_data(&mut self, data: &mut MsgBuffer) -> Result<(), Error> { pub fn handle_interface_data(&mut self, data: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
let (src, dst) = P::parse(data.message())?; let (src, dst) = P::parse(data.message())?;
debug!("Read data from interface: src: {}, dst: {}, {} bytes", src, dst, data.len()); debug!("Read data from interface: src: {}, dst: {}, {} bytes", src, dst, data.len());
self.traffic.count_out_payload(dst, src, data.len()); self.traffic.count_out_payload(dst, src, data.len());
match self.table.lookup(dst) { match self.table.lookup(dst) {
Some(addr) => { Some(addr) => {
// HOT PATH
// Peer found for destination // Peer found for destination
debug!("Found destination for {} => {}", dst, addr); debug!("Found destination for {} => {}", dst, addr);
self.send_msg(addr, MESSAGE_TYPE_DATA, data)?; self.send_msg(addr, MESSAGE_TYPE_DATA, data)?;
if !self.peers.contains_key(&addr) { if !self.peers.contains_key(&addr) {
// COLD PATH
// If the peer is not actually connected, remove the entry in the table and try // If the peer is not actually connected, remove the entry in the table and try
// to reconnect. // to reconnect.
warn!("Destination for {} not found in peers: {}", dst, addr_nice(addr)); warn!("Destination for {} not found in peers: {}", dst, addr_nice(addr));
@ -618,6 +636,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
} }
} }
None => { None => {
// COLD PATH
if self.broadcast { if self.broadcast {
debug!("No destination for {} found, broadcasting", dst); debug!("No destination for {} found, broadcasting", dst);
self.broadcast_msg(MESSAGE_TYPE_DATA, data)?; self.broadcast_msg(MESSAGE_TYPE_DATA, data)?;
@ -632,6 +651,16 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
fn add_new_peer(&mut self, addr: SocketAddr, info: NodeInfo) -> Result<(), Error> { fn add_new_peer(&mut self, addr: SocketAddr, info: NodeInfo) -> Result<(), Error> {
info!("Added peer {}", addr_nice(addr)); info!("Added peer {}", addr_nice(addr));
self.config.call_hook(
"peer_connected",
vec![
("PEER", format!("{:?}", addr_nice(addr))),
("IFNAME", self.device.ifname().to_owned()),
("CLAIMS", info.claims.iter().map(|r| format!("{:?}", r)).collect::<Vec<String>>().join(" ")),
("NODE_ID", bytes_to_hex(&info.node_id)),
],
true
);
if let Some(init) = self.pending_inits.remove(&addr) { if let Some(init) = self.pending_inits.remove(&addr) {
self.peers.insert(addr, PeerData { self.peers.insert(addr, PeerData {
addrs: info.addrs.clone(), addrs: info.addrs.clone(),
@ -649,9 +678,18 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
} }
fn remove_peer(&mut self, addr: SocketAddr) { fn remove_peer(&mut self, addr: SocketAddr) {
if let Some(_peer) = self.peers.remove(&addr) { if let Some(peer) = self.peers.remove(&addr) {
info!("Closing connection to {}", addr_nice(addr)); info!("Closing connection to {}", addr_nice(addr));
self.table.remove_claims(addr); self.table.remove_claims(addr);
self.config.call_hook(
"peer_disconnected",
vec![
("PEER", format!("{:?}", addr)),
("IFNAME", self.device.ifname().to_owned()),
("NODE_ID", bytes_to_hex(&peer.node_id)),
],
true
);
} }
} }
@ -695,6 +733,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
} }
fn handle_payload_from(&mut self, peer: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> { fn handle_payload_from(&mut self, peer: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
let (src, dst) = P::parse(data.message())?; let (src, dst) = P::parse(data.message())?;
let len = data.len(); let len = data.len();
debug!("Writing data to device: {} bytes", len); debug!("Writing data to device: {} bytes", len);
@ -713,11 +752,17 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
fn handle_message( fn handle_message(
&mut self, src: SocketAddr, msg_result: MessageResult<NodeInfo>, data: &mut MsgBuffer &mut self, src: SocketAddr, msg_result: MessageResult<NodeInfo>, data: &mut MsgBuffer
) -> Result<(), Error> { ) -> Result<(), Error> {
// HOT PATH
match msg_result { match msg_result {
MessageResult::Message(type_) => { MessageResult::Message(type_) => {
// HOT PATH
match type_ { match type_ {
MESSAGE_TYPE_DATA => self.handle_payload_from(src, data)?, MESSAGE_TYPE_DATA => {
// HOT PATH
self.handle_payload_from(src, data)?
}
MESSAGE_TYPE_NODE_INFO => { MESSAGE_TYPE_NODE_INFO => {
// COLD PATH
let info = match NodeInfo::decode(Cursor::new(data.message())) { let info = match NodeInfo::decode(Cursor::new(data.message())) {
Ok(val) => val, Ok(val) => val,
Err(err) => { Err(err) => {
@ -727,31 +772,50 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
}; };
self.update_peer_info(src, Some(info))? self.update_peer_info(src, Some(info))?
} }
MESSAGE_TYPE_KEEPALIVE => self.update_peer_info(src, None)?, MESSAGE_TYPE_KEEPALIVE => {
MESSAGE_TYPE_CLOSE => self.remove_peer(src), // COLD PATH
self.update_peer_info(src, None)?
}
MESSAGE_TYPE_CLOSE => {
// COLD PATH
self.remove_peer(src)
}
_ => { _ => {
// COLD PATH
self.traffic.count_invalid_protocol(data.len()); self.traffic.count_invalid_protocol(data.len());
return Err(Error::Message("Unknown message type")) return Err(Error::Message("Unknown message type"))
} }
} }
} }
MessageResult::Initialized(info) => self.add_new_peer(src, info)?, MessageResult::Initialized(info) => {
// COLD PATH
self.add_new_peer(src, info)?
}
MessageResult::InitializedWithReply(info) => { MessageResult::InitializedWithReply(info) => {
// COLD PATH
self.add_new_peer(src, info)?; self.add_new_peer(src, info)?;
self.send_to(src, data)? self.send_to(src, data)?
} }
MessageResult::Reply => self.send_to(src, data)?, MessageResult::Reply => {
MessageResult::None => () // COLD PATH
self.send_to(src, data)?
}
MessageResult::None => {
// COLD PATH
}
} }
Ok(()) Ok(())
} }
pub fn handle_net_message(&mut self, src: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> { pub fn handle_net_message(&mut self, src: SocketAddr, data: &mut MsgBuffer) -> Result<(), Error> {
// HOT PATH
let src = mapped_addr(src); let src = mapped_addr(src);
debug!("Received {} bytes from {}", data.len(), src); debug!("Received {} bytes from {}", data.len(), src);
let msg_result = if let Some(init) = self.pending_inits.get_mut(&src) { let msg_result = if let Some(init) = self.pending_inits.get_mut(&src) {
// COLD PATH
init.handle_message(data) init.handle_message(data)
} else if is_init_message(data.message()) { } else if is_init_message(data.message()) {
// COLD PATH
let mut result = None; let mut result = None;
if let Some(peer) = self.peers.get_mut(&src) { if let Some(peer) = self.peers.get_mut(&src) {
if peer.crypto.has_init() { if peer.crypto.has_init() {
@ -765,6 +829,14 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
let msg_result = init.handle_message(data); let msg_result = init.handle_message(data);
match msg_result { match msg_result {
Ok(res) => { Ok(res) => {
self.config.call_hook(
"peer_connecting",
vec![
("PEER", format!("{:?}", addr_nice(src))),
("IFNAME", self.device.ifname().to_owned()),
],
true
);
self.pending_inits.insert(src, init); self.pending_inits.insert(src, init);
Ok(res) Ok(res)
} }
@ -775,15 +847,22 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
} }
} }
} else if let Some(peer) = self.peers.get_mut(&src) { } else if let Some(peer) = self.peers.get_mut(&src) {
// HOT PATH
peer.crypto.handle_message(data) peer.crypto.handle_message(data)
} else { } else {
// COLD PATH
info!("Ignoring non-init message from unknown peer {}", addr_nice(src)); info!("Ignoring non-init message from unknown peer {}", addr_nice(src));
self.traffic.count_invalid_protocol(data.len()); self.traffic.count_invalid_protocol(data.len());
return Ok(()) return Ok(())
}; };
// HOT PATH
match msg_result { match msg_result {
Ok(val) => self.handle_message(src, val, data), Ok(val) => {
// HOT PATH
self.handle_message(src, val, data)
},
Err(err) => { Err(err) => {
// COLD PATH
self.traffic.count_invalid_protocol(data.len()); self.traffic.count_invalid_protocol(data.len());
Err(err) Err(err)
} }
@ -797,26 +876,36 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
} }
fn handle_socket_event(&mut self, buffer: &mut MsgBuffer) { fn handle_socket_event(&mut self, buffer: &mut MsgBuffer) {
// HOT PATH
let src = try_fail!(self.socket.receive(buffer), "Failed to read from network socket: {}"); let src = try_fail!(self.socket.receive(buffer), "Failed to read from network socket: {}");
self.traffic.count_in_traffic(src, buffer.len()); self.traffic.count_in_traffic(src, buffer.len());
match self.handle_net_message(src, buffer) { match self.handle_net_message(src, buffer) {
Err(e @ Error::CryptoInitFatal(_)) => { Err(e @ Error::CryptoInitFatal(_)) => {
// COLD PATH
debug!("Fatal crypto init error from {}: {}", src, e); debug!("Fatal crypto init error from {}: {}", src, e);
info!("Closing pending connection to {} due to error in crypto init", addr_nice(src)); info!("Closing pending connection to {} due to error in crypto init", addr_nice(src));
self.pending_inits.remove(&src); self.pending_inits.remove(&src);
self.config.call_hook(
"peer_disconnected",
vec![("PEER", format!("{:?}", addr_nice(src))), ("IFNAME", self.device.ifname().to_owned())],
true
);
} }
Err(e @ Error::CryptoInit(_)) => { Err(e @ Error::CryptoInit(_)) => {
// COLD PATH
debug!("Recoverable init error from {}: {}", src, e); debug!("Recoverable init error from {}: {}", src, e);
info!("Ignoring invalid init message from peer {}", addr_nice(src)); info!("Ignoring invalid init message from peer {}", addr_nice(src));
} }
Err(e) => { Err(e) => {
// COLD PATH
error!("{}", e); error!("{}", e);
} }
Ok(_) => {} Ok(_) => {} // HOT PATH
} }
} }
fn handle_device_event(&mut self, buffer: &mut MsgBuffer) { fn handle_device_event(&mut self, buffer: &mut MsgBuffer) {
// HOT PATH
try_fail!(self.device.read(buffer), "Failed to read from device: {}"); try_fail!(self.device.read(buffer), "Failed to read from device: {}");
if let Err(e) = self.handle_interface_data(buffer) { if let Err(e) = self.handle_interface_data(buffer) {
error!("{}", e); error!("{}", e);
@ -835,9 +924,12 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
let waiter = try_fail!(WaitImpl::new(&self.socket, &self.device, 1000), "Failed to setup poll: {}"); let waiter = try_fail!(WaitImpl::new(&self.socket, &self.device, 1000), "Failed to setup poll: {}");
let mut buffer = MsgBuffer::new(SPACE_BEFORE); let mut buffer = MsgBuffer::new(SPACE_BEFORE);
let mut poll_error = false; let mut poll_error = false;
self.config.call_hook("vpn_started", vec![("IFNAME", self.device.ifname())], true);
for evt in waiter { for evt in waiter {
// HOT PATH
match evt { match evt {
WaitResult::Error(err) => { WaitResult::Error(err) => {
// COLD PATH
if poll_error { if poll_error {
fail!("Poll wait failed again: {}", err); fail!("Poll wait failed again: {}", err);
} }
@ -849,6 +941,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
WaitResult::Device => self.handle_device_event(&mut buffer) WaitResult::Device => self.handle_device_event(&mut buffer)
} }
if self.next_housekeep < TS::now() { if self.next_housekeep < TS::now() {
// COLD PATH
poll_error = false; poll_error = false;
if ctrlc.was_pressed() { if ctrlc.was_pressed() {
break break
@ -860,6 +953,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
} }
} }
info!("Shutting down..."); info!("Shutting down...");
self.config.call_hook("vpn_shutdown", vec![("IFNAME", self.device.ifname())], true);
buffer.clear(); buffer.clear();
self.broadcast_msg(MESSAGE_TYPE_CLOSE, &mut buffer).ok(); self.broadcast_msg(MESSAGE_TYPE_CLOSE, &mut buffer).ok();
if let Some(ref path) = self.config.beacon_store { if let Some(ref path) = self.config.beacon_store {

View File

@ -12,7 +12,7 @@ use parking_lot::Mutex;
use std::{collections::HashMap, net::SocketAddr, sync::Arc}; use std::{collections::HashMap, net::SocketAddr, sync::Arc};
pub struct SharedPeerCrypto { pub struct SharedPeerCrypto {
peers: Arc<Mutex<HashMap<SocketAddr, CryptoCore, Hash>>> peers: Arc<Mutex<HashMap<SocketAddr, Arc<CryptoCore>, Hash>>>
} }
impl SharedPeerCrypto { impl SharedPeerCrypto {

View File

@ -2,13 +2,10 @@
// Copyright (C) 2015-2020 Dennis Schwerdel // Copyright (C) 2015-2020 Dennis Schwerdel
// This software is licensed under GPL-3 or newer (see LICENSE.md) // This software is licensed under GPL-3 or newer (see LICENSE.md)
#![cfg_attr(feature = "bench", feature(test))]
#[macro_use] extern crate log; #[macro_use] extern crate log;
#[macro_use] extern crate serde_derive; #[macro_use] extern crate serde;
#[cfg(test)] extern crate tempfile; #[cfg(test)] extern crate tempfile;
#[cfg(feature = "bench")] extern crate test;
#[macro_use] #[macro_use]
pub mod util; pub mod util;
@ -140,6 +137,7 @@ fn setup_device(config: &Config) -> TunTapDevice {
config.device_name config.device_name
); );
info!("Opened device {}", device.ifname()); info!("Opened device {}", device.ifname());
config.call_hook("device_setup", vec![("IFNAME", device.ifname())], true);
if let Err(err) = device.set_mtu(None) { if let Err(err) = device.set_mtu(None) {
error!("Error setting optimal MTU on {}: {}", device.ifname(), err); error!("Error setting optimal MTU on {}: {}", device.ifname(), err);
} }
@ -159,6 +157,7 @@ fn setup_device(config: &Config) -> TunTapDevice {
warn!("Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently {}).", val); warn!("Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently {}).", val);
} }
} }
config.call_hook("device_configured", vec![("IFNAME", device.ifname())], true);
device device
} }
@ -234,6 +233,10 @@ fn main() {
); );
return return
} }
if let Some(shell) = args.completion {
Args::clap().gen_completions_to(env!("CARGO_PKG_NAME"), shell, &mut io::stdout());
return
}
let logger = try_fail!(DualLogger::new(args.log_file.as_ref()), "Failed to open logfile: {}"); let logger = try_fail!(DualLogger::new(args.log_file.as_ref()), "Failed to open logfile: {}");
log::set_boxed_logger(Box::new(logger)).unwrap(); log::set_boxed_logger(Box::new(logger)).unwrap();
assert!(!args.verbose || !args.quiet); assert!(!args.verbose || !args.quiet);

View File

@ -13,6 +13,7 @@ use std::{
use super::util::{MockTimeSource, MsgBuffer, Time, TimeSource}; use super::util::{MockTimeSource, MsgBuffer, Time, TimeSource};
pub fn mapped_addr(addr: SocketAddr) -> SocketAddr { pub fn mapped_addr(addr: SocketAddr) -> SocketAddr {
// HOT PATH
match addr { match addr {
SocketAddr::V4(addr4) => SocketAddr::new(IpAddr::V6(addr4.ip().to_ipv6_mapped()), addr4.port()), SocketAddr::V4(addr4) => SocketAddr::new(IpAddr::V6(addr4.ip().to_ipv6_mapped()), addr4.port()),
_ => addr _ => addr
@ -132,19 +133,4 @@ impl Socket for MockSocket {
fn address(&self) -> Result<SocketAddr, io::Error> { fn address(&self) -> Result<SocketAddr, io::Error> {
Ok(self.address) Ok(self.address)
} }
} }
#[cfg(feature = "bench")]
mod bench {
use std::net::{Ipv4Addr, SocketAddrV4, UdpSocket};
use test::Bencher;
#[bench]
fn udp_send(b: &mut Bencher) {
let sock = UdpSocket::bind("127.0.0.1:0").unwrap();
let data = [0; 1400];
let addr = SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 1);
b.iter(|| sock.send_to(&data, &addr).unwrap());
b.bytes = 1400;
}
}

View File

@ -1,5 +1,6 @@
use super::{device::Type, types::Mode, util::Duration}; use super::{device::Type, types::Mode, util::Duration};
use crate::config::{ConfigFile, ConfigFileBeacon, ConfigFileDevice, ConfigFileStatsd, CryptoConfig}; use crate::config::{ConfigFile, ConfigFileBeacon, ConfigFileDevice, ConfigFileStatsd, CryptoConfig};
use std::collections::HashMap;
#[derive(Serialize, Deserialize, Debug, PartialEq, Clone, Copy)] #[derive(Serialize, Deserialize, Debug, PartialEq, Clone, Copy)]
pub enum OldCryptoMethod { pub enum OldCryptoMethod {
@ -112,12 +113,11 @@ impl OldConfigFile {
pid_file: self.pid_file, pid_file: self.pid_file,
port_forwarding: self.port_forwarding, port_forwarding: self.port_forwarding,
stats_file: self.stats_file, stats_file: self.stats_file,
statsd: Some(ConfigFileStatsd { statsd: Some(ConfigFileStatsd { prefix: self.statsd_prefix, server: self.statsd_server }),
prefix: self.statsd_prefix,
server: self.statsd_server
}),
switch_timeout: self.dst_timeout, switch_timeout: self.dst_timeout,
user: self.user user: self.user,
hook: None,
hooks: HashMap::new()
} }
} }
} }

View File

@ -23,6 +23,7 @@ impl Protocol for Frame {
/// # Errors /// # Errors
/// This method will fail when the given data is not a valid ethernet frame. /// This method will fail when the given data is not a valid ethernet frame.
fn parse(data: &[u8]) -> Result<(Address, Address), Error> { fn parse(data: &[u8]) -> Result<(Address, Address), Error> {
// HOT PATH
let mut cursor = Cursor::new(data); let mut cursor = Cursor::new(data);
let mut src = [0; 16]; let mut src = [0; 16];
let mut dst = [0; 16]; let mut dst = [0; 16];
@ -77,26 +78,6 @@ fn decode_invalid_frame() {
assert!(Frame::parse(&[6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0x00]).is_err()); assert!(Frame::parse(&[6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0x00]).is_err());
} }
#[cfg(feature = "bench")]
mod bench_ethernet {
use super::*;
use test::Bencher;
#[bench]
fn decode_ethernet(b: &mut Bencher) {
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 1, 2, 3, 4, 5, 6, 7, 8];
b.iter(|| Frame::parse(&data).unwrap());
b.bytes = 1400;
}
#[bench]
fn decode_ethernet_with_vlan(b: &mut Bencher) {
let data = [6, 5, 4, 3, 2, 1, 1, 2, 3, 4, 5, 6, 0x81, 0, 4, 210, 1, 2, 3, 4, 5, 6, 7, 8];
b.iter(|| Frame::parse(&data).unwrap());
b.bytes = 1400;
}
}
/// An IP packet dissector /// An IP packet dissector
/// ///
/// This dissector is able to extract the source and destination ip addresses of ipv4 packets and /// This dissector is able to extract the source and destination ip addresses of ipv4 packets and
@ -110,6 +91,7 @@ impl Protocol for Packet {
/// # Errors /// # Errors
/// This method will fail when the given data is not a valid ipv4 and ipv6 packet. /// This method will fail when the given data is not a valid ipv4 and ipv6 packet.
fn parse(data: &[u8]) -> Result<(Address, Address), Error> { fn parse(data: &[u8]) -> Result<(Address, Address), Error> {
// HOT PATH
if data.is_empty() { if data.is_empty() {
return Err(Error::Parse("Empty header")) return Err(Error::Parse("Empty header"))
} }
@ -176,28 +158,4 @@ fn decode_invalid_packet() {
4, 3, 2 4, 3, 2
]) ])
.is_err()); .is_err());
} }
#[cfg(feature = "bench")]
mod bench_ip {
use super::*;
use test::Bencher;
#[bench]
fn decode_ipv4(b: &mut Bencher) {
let data = [0x40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192, 168, 1, 1, 192, 168, 1, 2];
b.iter(|| Packet::parse(&data).unwrap());
b.bytes = 1400;
}
#[bench]
fn decode_ipv6(b: &mut Bencher) {
let data = [
0x60, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 0, 9, 8, 7, 6, 5, 4, 3, 2, 1, 6,
5, 4, 3, 2, 1
];
b.iter(|| Packet::parse(&data).unwrap());
b.bytes = 1400;
}
}

View File

@ -41,9 +41,14 @@ impl<TS: TimeSource> ClaimTable<TS> {
} }
pub fn cache(&mut self, addr: Address, peer: SocketAddr) { pub fn cache(&mut self, addr: Address, peer: SocketAddr) {
// HOT PATH
self.cache.insert(addr, CacheValue { peer, timeout: TS::now() + self.cache_timeout as Time }); self.cache.insert(addr, CacheValue { peer, timeout: TS::now() + self.cache_timeout as Time });
} }
pub fn clear_cache(&mut self) {
self.cache.clear()
}
pub fn set_claims(&mut self, peer: SocketAddr, mut claims: RangeList) { pub fn set_claims(&mut self, peer: SocketAddr, mut claims: RangeList) {
for entry in &mut self.claims { for entry in &mut self.claims {
if entry.peer == peer { if entry.peer == peer {
@ -85,9 +90,11 @@ impl<TS: TimeSource> ClaimTable<TS> {
} }
pub fn lookup(&mut self, addr: Address) -> Option<SocketAddr> { pub fn lookup(&mut self, addr: Address) -> Option<SocketAddr> {
// HOT PATH
if let Some(entry) = self.cache.get(&addr) { if let Some(entry) = self.cache.get(&addr) {
return Some(entry.peer) return Some(entry.peer)
} }
// COLD PATH
let mut found = None; let mut found = None;
let mut prefix_len = -1; let mut prefix_len = -1;
for entry in &self.claims { for entry in &self.claims {
@ -148,37 +155,4 @@ impl<TS: TimeSource> ClaimTable<TS> {
} }
} }
// TODO: test // TODO: test
#[cfg(feature = "bench")]
mod bench {
use super::*;
use crate::util::MockTimeSource;
use smallvec::smallvec;
use std::str::FromStr;
use test::Bencher;
#[bench]
fn lookup_warm(b: &mut Bencher) {
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
let addr = Address::from_str("1.2.3.4").unwrap();
table.cache(addr, SocketAddr::from_str("1.2.3.4:3210").unwrap());
b.iter(|| table.lookup(addr));
b.bytes = 1400;
}
#[bench]
fn lookup_cold(b: &mut Bencher) {
let mut table = ClaimTable::<MockTimeSource>::new(60, 60);
let addr = Address::from_str("1.2.3.4").unwrap();
table.set_claims(SocketAddr::from_str("1.2.3.4:3210").unwrap(), smallvec![
Range::from_str("1.2.3.4/32").unwrap()
]);
b.iter(|| {
table.cache.clear();
table.lookup(addr)
});
b.bytes = 1400;
}
}

View File

@ -83,21 +83,25 @@ pub struct TrafficStats {
impl TrafficStats { impl TrafficStats {
#[inline] #[inline]
pub fn count_out_traffic(&mut self, peer: SocketAddr, bytes: usize) { pub fn count_out_traffic(&mut self, peer: SocketAddr, bytes: usize) {
// HOT PATH
self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_out(bytes); self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_out(bytes);
} }
#[inline] #[inline]
pub fn count_in_traffic(&mut self, peer: SocketAddr, bytes: usize) { pub fn count_in_traffic(&mut self, peer: SocketAddr, bytes: usize) {
// HOT PATH
self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_in(bytes); self.peers.entry(peer).or_insert_with(TrafficEntry::default).count_in(bytes);
} }
#[inline] #[inline]
pub fn count_out_payload(&mut self, remote: Address, local: Address, bytes: usize) { pub fn count_out_payload(&mut self, remote: Address, local: Address, bytes: usize) {
// HOT PATH
self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_out(bytes); self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_out(bytes);
} }
#[inline] #[inline]
pub fn count_in_payload(&mut self, remote: Address, local: Address, bytes: usize) { pub fn count_in_payload(&mut self, remote: Address, local: Address, bytes: usize) {
// HOT PATH
self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_in(bytes); self.payload.entry((remote, local)).or_insert_with(TrafficEntry::default).count_in(bytes);
} }

View File

@ -2,31 +2,31 @@
// Copyright (C) 2015-2020 Dennis Schwerdel // Copyright (C) 2015-2020 Dennis Schwerdel
// This software is licensed under GPL-3 or newer (see LICENSE.md) // This software is licensed under GPL-3 or newer (see LICENSE.md)
use std::process::Command;
use std::{ use std::{
fmt, fmt,
net::{Ipv4Addr, SocketAddr, ToSocketAddrs, UdpSocket}, net::{Ipv4Addr, SocketAddr, ToSocketAddrs, UdpSocket},
sync::atomic::{AtomicIsize, Ordering} sync::atomic::{AtomicIsize, Ordering},
}; };
use crate::error::Error; use crate::error::Error;
#[cfg(not(target_os = "linux"))] use time; #[cfg(not(target_os = "linux"))]
use time;
use signal::{trap::Trap, Signal}; use signal::{trap::Trap, Signal};
use smallvec::SmallVec; use smallvec::SmallVec;
use std::time::Instant; use std::time::Instant;
pub type Duration = u32; pub type Duration = u32;
pub type Time = i64; pub type Time = i64;
#[derive(Clone)] #[derive(Clone)]
pub struct MsgBuffer { pub struct MsgBuffer {
space_before: usize, space_before: usize,
buffer: [u8; 65535], buffer: [u8; 65535],
start: usize, start: usize,
end: usize end: usize,
} }
impl MsgBuffer { impl MsgBuffer {
@ -98,7 +98,6 @@ impl MsgBuffer {
} }
} }
const HEX_CHARS: &[u8] = b"0123456789abcdef"; const HEX_CHARS: &[u8] = b"0123456789abcdef";
pub fn bytes_to_hex(bytes: &[u8]) -> String { pub fn bytes_to_hex(bytes: &[u8]) -> String {
@ -113,13 +112,12 @@ pub fn bytes_to_hex(bytes: &[u8]) -> String {
pub fn addr_nice(addr: SocketAddr) -> SocketAddr { pub fn addr_nice(addr: SocketAddr) -> SocketAddr {
if let SocketAddr::V6(v6addr) = addr { if let SocketAddr::V6(v6addr) = addr {
if let Some(ip) = v6addr.ip().to_ipv4() { if let Some(ip) = v6addr.ip().to_ipv4() {
return (ip, addr.port()).into() return (ip, addr.port()).into();
} }
} }
addr addr
} }
pub struct Encoder; pub struct Encoder;
impl Encoder { impl Encoder {
@ -172,7 +170,6 @@ impl Encoder {
} }
} }
macro_rules! fail { macro_rules! fail {
($format:expr) => ( { ($format:expr) => ( {
use std::process; use std::process;
@ -215,17 +212,14 @@ pub fn get_internal_ip() -> Ipv4Addr {
} }
} }
#[allow(unknown_lints, clippy::needless_pass_by_value)] #[allow(unknown_lints, clippy::needless_pass_by_value)]
pub fn resolve<Addr: ToSocketAddrs + fmt::Debug>(addr: Addr) -> Result<SmallVec<[SocketAddr; 4]>, Error> { pub fn resolve<Addr: ToSocketAddrs + fmt::Debug>(addr: Addr) -> Result<SmallVec<[SocketAddr; 4]>, Error> {
let mut addrs = let mut addrs =
addr.to_socket_addrs().map_err(|_| Error::NameUnresolvable(format!("{:?}", addr)))?.collect::<SmallVec<_>>(); addr.to_socket_addrs().map_err(|_| Error::NameUnresolvable(format!("{:?}", addr)))?.collect::<SmallVec<_>>();
// Try IPv4 first as it usually is faster // Try IPv4 first as it usually is faster
addrs.sort_by_key(|addr| { addrs.sort_by_key(|addr| match *addr {
match *addr { SocketAddr::V4(_) => 4,
SocketAddr::V4(_) => 4, SocketAddr::V6(_) => 6,
SocketAddr::V6(_) => 6
}
}); });
// Remove duplicates in addrs (why are there duplicates???) // Remove duplicates in addrs (why are there duplicates???)
addrs.dedup(); addrs.dedup();
@ -239,7 +233,6 @@ macro_rules! addr {
}}; }};
} }
pub struct Bytes(pub u64); pub struct Bytes(pub u64);
impl fmt::Display for Bytes { impl fmt::Display for Bytes {
@ -248,31 +241,30 @@ impl fmt::Display for Bytes {
if size >= 512.0 { if size >= 512.0 {
size /= 1024.0; size /= 1024.0;
} else { } else {
return write!(formatter, "{:.0} B", size) return write!(formatter, "{:.0} B", size);
} }
if size >= 512.0 { if size >= 512.0 {
size /= 1024.0; size /= 1024.0;
} else { } else {
return write!(formatter, "{:.1} KiB", size) return write!(formatter, "{:.1} KiB", size);
} }
if size >= 512.0 { if size >= 512.0 {
size /= 1024.0; size /= 1024.0;
} else { } else {
return write!(formatter, "{:.1} MiB", size) return write!(formatter, "{:.1} MiB", size);
} }
if size >= 512.0 { if size >= 512.0 {
size /= 1024.0; size /= 1024.0;
} else { } else {
return write!(formatter, "{:.1} GiB", size) return write!(formatter, "{:.1} GiB", size);
} }
write!(formatter, "{:.1} TiB", size) write!(formatter, "{:.1} TiB", size)
} }
} }
pub struct CtrlC { pub struct CtrlC {
dummy_time: Instant, dummy_time: Instant,
trap: Trap trap: Trap,
} }
impl CtrlC { impl CtrlC {
@ -293,7 +285,6 @@ impl Default for CtrlC {
} }
} }
pub trait TimeSource: Sync + Copy + Send + 'static { pub trait TimeSource: Sync + Copy + Send + 'static {
fn now() -> Time; fn now() -> Time;
} }
@ -336,7 +327,6 @@ impl TimeSource for MockTimeSource {
} }
} }
/// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it /// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it
fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize { fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
let mut d: usize = m as usize; let mut d: usize = m as usize;
@ -356,7 +346,7 @@ fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
const BASE62: [char; 62] = [ const BASE62: [char; 62] = [
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
]; ];
pub fn to_base62(data: &[u8]) -> String { pub fn to_base62(data: &[u8]) -> String {
@ -382,7 +372,7 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
'0'..='9' => ((c as usize) % ('0' as usize)), '0'..='9' => ((c as usize) % ('0' as usize)),
'A'..='Z' => ((c as usize) % ('A' as usize)) + 10, 'A'..='Z' => ((c as usize) % ('A' as usize)) + 10,
'a'..='z' => ((c as usize) % ('a' as usize)) + 36, 'a'..='z' => ((c as usize) % ('a' as usize)) + 36,
_ => return Err(c) _ => return Err(c),
}; };
for item in &mut buf { for item in &mut buf {
val += *item as usize * 62; val += *item as usize * 62;
@ -397,11 +387,10 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
Ok(buf) Ok(buf)
} }
#[derive(Default)] #[derive(Default)]
pub struct StatsdMsg { pub struct StatsdMsg {
entries: Vec<String>, entries: Vec<String>,
key: Vec<String> key: Vec<String>,
} }
impl StatsdMsg { impl StatsdMsg {
@ -426,6 +415,16 @@ impl StatsdMsg {
} }
} }
pub fn run_cmd(mut cmd: Command) {
match cmd.status() {
Ok(status) => {
if !status.success() {
error!("Command returned error: {:?}", status.code())
}
}
Err(e) => error!("Failed to execute command {:?}: {}", cmd, e),
}
}
#[test] #[test]
fn base62() { fn base62() {