From 1cf9cc880dcf8aa348006a3fe336ea495a6ed4ca Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Fri, 9 Apr 2021 18:50:00 +0100 Subject: [PATCH 1/9] disable producer/consumer --- config/builder.go | 16 ++++++++++++---- config/config.go | 3 +++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/config/builder.go b/config/builder.go index b83995c..afe29f3 100644 --- a/config/builder.go +++ b/config/builder.go @@ -75,8 +75,12 @@ func buildTcp(ctx context.Context, p *proxy.Proxy, peer Peer, g func() proxy.Mac return err } - p.AddConsumer(ctx, f, g()) - p.AddProducer(ctx, f, v()) + if !peer.DisableConsumer { + p.AddConsumer(ctx, f, g()) + } + if !peer.DisableProducer { + p.AddProducer(ctx, f, v()) + } return nil } @@ -121,8 +125,12 @@ func buildUdp(ctx context.Context, p *proxy.Proxy, peer Peer, g func() proxy.Mac return err } - p.AddConsumer(ctx, f, g()) - p.AddProducer(ctx, f, v()) + if !peer.DisableConsumer { + p.AddConsumer(ctx, f, g()) + } + if !peer.DisableProducer { + p.AddProducer(ctx, f, v()) + } return nil } diff --git a/config/config.go b/config/config.go index 1328116..ed7bea5 100644 --- a/config/config.go +++ b/config/config.go @@ -57,6 +57,9 @@ type Peer struct { KeepAlive uint Timeout uint RetryWait uint + + DisableConsumer bool `validate:"omitempty,nefield=DisableProducer"` + DisableProducer bool `validate:"omitempty,nefield=DisableConsumer"` } func (p Peer) GetLocalHost() string { From a0654b001684ea82ceeb6a1f6de5601cacc4efc2 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Fri, 9 Apr 2021 19:00:35 +0100 Subject: [PATCH 2/9] enable/disable for listeners --- config/builder.go | 4 ++-- tcp/listener.go | 10 +++++++--- udp/listener.go | 10 +++++++--- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/config/builder.go b/config/builder.go index afe29f3..c5bea4f 100644 --- a/config/builder.go +++ b/config/builder.go @@ -85,7 +85,7 @@ func buildTcp(ctx context.Context, p *proxy.Proxy, peer Peer, g func() proxy.Mac return nil } - err := tcp.NewListener(ctx, p, laddr(), v, g) + err := tcp.NewListener(ctx, p, laddr(), v, g, !peer.DisableConsumer, !peer.DisableProducer) if err != nil { return err } @@ -135,7 +135,7 @@ func buildUdp(ctx context.Context, p *proxy.Proxy, peer Peer, g func() proxy.Mac return nil } - err := udp.NewListener(ctx, p, laddr(), v, g, c) + err := udp.NewListener(ctx, p, laddr(), v, g, c, !peer.DisableConsumer, !peer.DisableProducer) if err != nil { return err } diff --git a/tcp/listener.go b/tcp/listener.go index aa4c789..ba44492 100644 --- a/tcp/listener.go +++ b/tcp/listener.go @@ -7,7 +7,7 @@ import ( "net" ) -func NewListener(ctx context.Context, p *proxy.Proxy, local string, v func() proxy.MacVerifier, g func() proxy.MacGenerator) error { +func NewListener(ctx context.Context, p *proxy.Proxy, local string, v func() proxy.MacVerifier, g func() proxy.MacGenerator, enableConsumers bool, enableProducers bool) error { laddr, err := net.ResolveTCPAddr("tcp", local) if err != nil { return err @@ -33,8 +33,12 @@ func NewListener(ctx context.Context, p *proxy.Proxy, local string, v func() pro log.Printf("received new tcp connection: %v\n", f) - p.AddConsumer(ctx, &f, g()) - p.AddProducer(ctx, &f, v()) + if enableConsumers { + p.AddConsumer(ctx, &f, g()) + } + if enableProducers { + p.AddProducer(ctx, &f, v()) + } } }() diff --git a/udp/listener.go b/udp/listener.go index cf3e04f..7c91679 100644 --- a/udp/listener.go +++ b/udp/listener.go @@ -27,7 +27,7 @@ func fromUdpAddress(address net.UDPAddr) ComparableUdpAddress { } } -func NewListener(ctx context.Context, p *proxy.Proxy, local string, v func() proxy.MacVerifier, g func() proxy.MacGenerator, c func() Congestion) error { +func NewListener(ctx context.Context, p *proxy.Proxy, local string, v func() proxy.MacVerifier, g func() proxy.MacGenerator, c func() Congestion, enableConsumers bool, enableProducers bool) error { laddr, err := net.ResolveUDPAddr("udp", local) if err != nil { return err @@ -85,8 +85,12 @@ func NewListener(ctx context.Context, p *proxy.Proxy, local string, v func() pro receivedConnections[raddr] = &f - p.AddConsumer(ctx, &f, g) - p.AddProducer(ctx, &f, v) + if enableConsumers { + p.AddConsumer(ctx, &f, g) + } + if enableProducers { + p.AddProducer(ctx, &f, v) + } log.Println("handling...") if err := f.queueDatagram(ctx, buf[:n]); err != nil { From edfd5a900979c46a2f3295c1d0189c81d8af92a4 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Tue, 11 May 2021 21:43:47 +0100 Subject: [PATCH 3/9] tcp context fixes --- .gitignore | 2 +- tcp/flow.go | 16 ++++++++-------- tcp/listener.go | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index 7d235d7..42e21ef 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -config.ini +*.conf logs/ # Created by https://www.toptal.com/developers/gitignore/api/intellij+all,go diff --git a/tcp/flow.go b/tcp/flow.go index cf59fde..bf54675 100644 --- a/tcp/flow.go +++ b/tcp/flow.go @@ -53,7 +53,7 @@ func NewFlow() Flow { } } -func NewFlowConn(conn Conn) Flow { +func NewFlowConn(ctx context.Context, conn Conn) Flow { f := Flow{ conn: conn, isAlive: true, @@ -64,8 +64,8 @@ func NewFlowConn(conn Conn) Flow { produceErrors: make(chan error), } - go f.produceMarshalled() - go f.consumeMarshalled() + go f.produceMarshalled(ctx) + go f.consumeMarshalled(ctx) return f } @@ -89,7 +89,7 @@ func InitiateFlow(local func() string, remote string) (*InitiatedFlow, error) { return &f, nil } -func (f *InitiatedFlow) Reconnect() error { +func (f *InitiatedFlow) Reconnect(ctx context.Context) error { f.mu.Lock() defer f.mu.Unlock() @@ -119,8 +119,8 @@ func (f *InitiatedFlow) Reconnect() error { f.conn = conn f.isAlive = true - go f.produceMarshalled() - go f.consumeMarshalled() + go f.produceMarshalled(ctx) + go f.consumeMarshalled(ctx) return nil } @@ -191,7 +191,7 @@ func (f *Flow) Produce(ctx context.Context, v proxy.MacVerifier) (proxy.Packet, return proxy.SimplePacket(b), nil } -func (f *Flow) consumeMarshalled() { +func (f *Flow) consumeMarshalled(ctx context.Context) { for { data := <-f.toConsume @@ -208,7 +208,7 @@ func (f *Flow) consumeMarshalled() { } } -func (f *Flow) produceMarshalled() { +func (f *Flow) produceMarshalled(ctx context.Context) { buf := bufio.NewReader(f.conn) for { diff --git a/tcp/listener.go b/tcp/listener.go index ba44492..cf87400 100644 --- a/tcp/listener.go +++ b/tcp/listener.go @@ -29,7 +29,7 @@ func NewListener(ctx context.Context, p *proxy.Proxy, local string, v func() pro panic(err) } - f := NewFlowConn(conn) + f := NewFlowConn(ctx, conn) log.Printf("received new tcp connection: %v\n", f) From 44c0d24ecabed3840424220b711c0e1edc94e9e4 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Tue, 11 May 2021 21:45:06 +0100 Subject: [PATCH 4/9] tcp text context --- tcp/flow_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tcp/flow_test.go b/tcp/flow_test.go index 3d0b49c..eba5a0a 100644 --- a/tcp/flow_test.go +++ b/tcp/flow_test.go @@ -18,7 +18,7 @@ func TestFlow_Consume(t *testing.T) { t.Run("Length", func(t *testing.T) { testConn := mocks.NewMockPerfectBiStreamConn(100) - flowA := NewFlowConn(testConn.SideA()) + flowA := NewFlowConn(context.Background(), testConn.SideA()) err := flowA.Consume(context.Background(), testPacket, testMac) require.Nil(t, err) @@ -42,7 +42,7 @@ func TestFlow_Produce(t *testing.T) { t.Run("Length", func(t *testing.T) { testConn := mocks.NewMockPerfectBiStreamConn(100) - flowA := NewFlowConn(testConn.SideA()) + flowA := NewFlowConn(context.Background(), testConn.SideA()) _, err := testConn.SideB().Write(testMarshalled) require.Nil(t, err) @@ -55,7 +55,7 @@ func TestFlow_Produce(t *testing.T) { t.Run("Value", func(t *testing.T) { testConn := mocks.NewMockPerfectBiStreamConn(100) - flowA := NewFlowConn(testConn.SideA()) + flowA := NewFlowConn(context.Background(), testConn.SideA()) _, err := testConn.SideB().Write(testMarshalled) require.Nil(t, err) From 7f7818115ff77f4c239c869c7a84ca9172a09933 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Tue, 11 May 2021 22:36:53 +0100 Subject: [PATCH 5/9] Updated validator Fixed nefield errors with booleans. --- go.mod | 2 +- go.sum | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 7682057..7a73cee 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module mpbl3p go 1.15 require ( - github.com/go-playground/validator/v10 v10.4.1 + github.com/go-playground/validator/v10 v10.6.0 github.com/jessevdk/go-flags v1.5.0 github.com/smartystreets/goconvey v1.6.4 // indirect github.com/stretchr/testify v1.4.0 diff --git a/go.sum b/go.sum index 04dd5cd..a201b0b 100644 --- a/go.sum +++ b/go.sum @@ -8,6 +8,8 @@ github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD87 github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= +github.com/go-playground/validator/v10 v10.6.0 h1:UGIt4xR++fD9QrBOoo/ascJfGe3AGHEB9s6COnss4Rk= +github.com/go-playground/validator/v10 v10.6.0/go.mod h1:xm76BBt941f7yWdGnI2DVPFFg1UK3YY04qifoXU3lOk= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc= @@ -49,6 +51,7 @@ golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXR golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= From 6b6aab0cd972822951913b93ceac31447ae0a584 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Tue, 11 May 2021 22:37:15 +0100 Subject: [PATCH 6/9] Cleaner config error reporting --- main.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index 0c31e25..db3e4b4 100644 --- a/main.go +++ b/main.go @@ -42,7 +42,8 @@ func main() { c, err := config.LoadConfig(o.ConfigFile) if err != nil { - panic(err) + log.Fatalf("error validating config: %s", err.Error()) + return } log.Println("creating tun adapter...") From 648aab7817a08cfaee94a4278a76732fa8a02a86 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Tue, 11 May 2021 22:37:39 +0100 Subject: [PATCH 7/9] corrected tun offset and improved mtu --- tun/tun.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tun/tun.go b/tun/tun.go index 7cdecad..a1c1f91 100644 --- a/tun/tun.go +++ b/tun/tun.go @@ -10,7 +10,6 @@ import ( type SourceSink struct { tun wgtun.Device - mtu int } func NewTun(name string, mtu int) (t wgtun.Device, err error) { @@ -26,7 +25,6 @@ func NewFromFile(fd uintptr, mtu int) (ss *SourceSink, err error) { return } - ss.mtu = mtu return } @@ -35,7 +33,12 @@ func (t *SourceSink) Close() error { } func (t *SourceSink) Source() (proxy.Packet, error) { - buf := make([]byte, t.mtu) + mtu, err := t.tun.MTU() + if err != nil { + return nil, err + } + + buf := make([]byte, mtu+4) read, err := t.tun.Read(buf, 4) if err != nil { @@ -46,7 +49,7 @@ func (t *SourceSink) Source() (proxy.Packet, error) { return nil, io.EOF } - return proxy.SimplePacket(buf[4:read]), nil + return proxy.SimplePacket(buf[4:read+4]), nil } var good, bad float64 From 6ae0ef54a4836280a216eb3c53bd40d8a102150c Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Tue, 11 May 2021 23:26:14 +0100 Subject: [PATCH 8/9] Blake2s tests --- crypto/sharedkey/blake2s_test.go | 45 ++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 crypto/sharedkey/blake2s_test.go diff --git a/crypto/sharedkey/blake2s_test.go b/crypto/sharedkey/blake2s_test.go new file mode 100644 index 0000000..f6cc546 --- /dev/null +++ b/crypto/sharedkey/blake2s_test.go @@ -0,0 +1,45 @@ +package sharedkey + +import ( + "github.com/stretchr/testify/assert" + "math/rand" + "mpbl3p/shared" + "testing" +) + +func TestBlake2s_GenerateVerify(t *testing.T) { + t.Run("GeneratedVerifies", func(t *testing.T) { + // ASSIGN + key := make([]byte, 16) + rand.Read(key) + buf := make([]byte, 500) + rand.Read(buf) + + // ACT + b := Blake2s{key} + code := b.Generate(buf) + + // ASSERT + err := b.Verify(buf, code) + assert.Nil(t, err) + }) + + t.Run("FlippedBitFailsVerify", func(t *testing.T) { + // ASSIGN + key := make([]byte, 16) + rand.Read(key) + buf := make([]byte, 500) + rand.Read(buf) + + // ACT + b := Blake2s{key} + code := b.Generate(buf) + + offset := rand.Intn(len(buf) * 8) + buf[offset/8] ^= 1 << (offset % 8) + + // ASSERT + err := b.Verify(buf, code) + assert.Equal(t, shared.ErrBadChecksum, err) + }) +} From 58a65b10ca35dd5bc0b111f40a03abe99dc3c94a Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Tue, 11 May 2021 23:26:54 +0100 Subject: [PATCH 9/9] formatting --- tun/tun.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tun/tun.go b/tun/tun.go index a1c1f91..252140e 100644 --- a/tun/tun.go +++ b/tun/tun.go @@ -49,7 +49,7 @@ func (t *SourceSink) Source() (proxy.Packet, error) { return nil, io.EOF } - return proxy.SimplePacket(buf[4:read+4]), nil + return proxy.SimplePacket(buf[4 : read+4]), nil } var good, bad float64