yggdrasil-go/src/yggdrasil/tun.go

package yggdrasil

// This manages the tun driver to send/recv packets to/from applications

import (
	"bytes"
	"errors"
	"time"
	"yggdrasil/defaults"

	"github.com/songgao/packets/ethernet"
	"github.com/yggdrasil-network/water"
)

const tun_IPv6_HEADER_LENGTH = 40
const tun_ETHER_HEADER_LENGTH = 14

// Represents a running TUN/TAP interface.
type tunDevice struct {
	core   *Core
	icmpv6 icmpv6
	send   chan<- []byte
	recv   <-chan []byte
	mtu    int
	iface  *water.Interface
}

// Gets the maximum supported MTU for the platform based on the defaults in
// defaults.GetDefaults().
func getSupportedMTU(mtu int) int {
	if mtu > defaults.GetDefaults().MaximumIfMTU {
		return defaults.GetDefaults().MaximumIfMTU
	}
	return mtu
}

// Initialises the TUN/TAP adapter.
func (tun *tunDevice) init(core *Core) {
	tun.core = core
	tun.icmpv6.init(tun)
}

// Starts the setup process for the TUN/TAP adapter, and if successful, starts
// the read/write goroutines to handle packets on that interface.
func (tun *tunDevice) start(ifname string, iftapmode bool, addr string, mtu int) error {
	if ifname == "none" {
		return nil
	}
	if err := tun.setup(ifname, iftapmode, addr, mtu); err != nil {
		return err
	}
	go func() { panic(tun.read()) }()
	go func() { panic(tun.write()) }()
	if iftapmode {
		go func() {
			for {
				if _, ok := tun.icmpv6.peermacs[tun.core.router.addr]; ok {
					break
				}
				request, err := tun.icmpv6.create_ndp_tap(tun.core.router.addr)
				if err != nil {
					panic(err)
				}
				if _, err := tun.iface.Write(request); err != nil {
					panic(err)
				}
				time.Sleep(time.Second)
			}
		}()
	}
	return nil
}

// Writes a packet to the TUN/TAP adapter. If the adapter is running in TAP
// mode then additional ethernet encapsulation is added for the benefit of the
// host operating system.
func (tun *tunDevice) write() error {
	for {
		data := <-tun.recv
		if tun.iface == nil {
			continue
		}
		if tun.iface.IsTAP() {
			var destAddr address
			if data[0]&0xf0 == 0x60 {
				if len(data) < 40 {
					panic("Tried to send a packet shorter than an IPv6 header...")
				}
				copy(destAddr[:16], data[24:])
			} else if data[0]&0xf0 == 0x40 {
				if len(data) < 20 {
					panic("Tried to send a packet shorter than an IPv4 header...")
				}
				copy(destAddr[:4], data[16:])
			} else {
				return errors.New("Invalid address family")
			}
			sendndp := func(destAddr address) {
				neigh, known := tun.icmpv6.peermacs[destAddr]
				known = known && (time.Since(neigh.lastsolicitation).Seconds() < 30)
				if !known {
					request, err := tun.icmpv6.create_ndp_tap(destAddr)
					if err != nil {
						panic(err)
					}
					if _, err := tun.iface.Write(request); err != nil {
						panic(err)
					}
					tun.icmpv6.peermacs[destAddr] = neighbor{
						lastsolicitation: time.Now(),
					}
				}
			}
			var peermac macAddress
			var peerknown bool
			if data[0]&0xf0 == 0x40 {
				destAddr = tun.core.router.addr
			} else if data[0]&0xf0 == 0x60 {
				if !bytes.Equal(tun.core.router.addr[:16], destAddr[:16]) && !bytes.Equal(tun.core.router.subnet[:8], destAddr[:8]) {
					destAddr = tun.core.router.addr
				}
			}
			if neighbor, ok := tun.icmpv6.peermacs[destAddr]; ok && neighbor.learned {
				peermac = neighbor.mac
				peerknown = true
			} else if neighbor, ok := tun.icmpv6.peermacs[tun.core.router.addr]; ok && neighbor.learned {
				peermac = neighbor.mac
				peerknown = true
				sendndp(destAddr)
			} else {
				sendndp(tun.core.router.addr)
			}
			if peerknown {
				var proto ethernet.Ethertype
				switch {
				case data[0]&0xf0 == 0x60:
					proto = ethernet.IPv6
				case data[0]&0xf0 == 0x40:
					proto = ethernet.IPv4
				}
				var frame ethernet.Frame
				frame.Prepare(
					peermac[:6],          // Destination MAC address
					tun.icmpv6.mymac[:6], // Source MAC address
					ethernet.NotTagged,   // VLAN tagging
					proto,                // Ethertype
					len(data))            // Payload length
				copy(frame[tun_ETHER_HEADER_LENGTH:], data[:])
				if _, err := tun.iface.Write(frame); err != nil {
					panic(err)
				}
			}
		} else {
			if _, err := tun.iface.Write(data); err != nil {
				panic(err)
			}
		}
		util_putBytes(data)
	}
}

// Reads any packets that are waiting on the TUN/TAP adapter. If the adapter
// is running in TAP mode then the ethernet headers will automatically be
// processed and stripped if necessary. If an ICMPv6 packet is found, then
// the relevant helper functions in icmpv6.go are called.
func (tun *tunDevice) read() error {
	mtu := tun.mtu
	if tun.iface.IsTAP() {
		mtu += tun_ETHER_HEADER_LENGTH
	}
	buf := make([]byte, mtu)
	for {
		n, err := tun.iface.Read(buf)
		if err != nil {
			// panic(err)
			return err
		}
		o := 0
		if tun.iface.IsTAP() {
			o = tun_ETHER_HEADER_LENGTH
		}
		switch {
		case buf[o]&0xf0 == 0x60 && n == 256*int(buf[o+4])+int(buf[o+5])+tun_IPv6_HEADER_LENGTH+o:
		case buf[o]&0xf0 == 0x40 && n == 256*int(buf[o+2])+int(buf[o+3])+o:
		default:
			continue
		}
		if buf[o+6] == 58 {
			// Found an ICMPv6 packet
			b := make([]byte, n)
			copy(b, buf)
			// tun.icmpv6.recv <- b
			go tun.icmpv6.parse_packet(b)
		}
		packet := append(util_getBytes(), buf[o:n]...)
		tun.send <- packet
	}
}

// Closes the TUN/TAP adapter. This is only usually called when the Yggdrasil
// process stops. Typically this operation will happen quickly, but on macOS
// it can block until a read operation is completed.
func (tun *tunDevice) close() error {
	if tun.iface == nil {
		return nil
	}
	return tun.iface.Close()
}
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`package yggdrasil`

			`// This manages the tun driver to send/recv packets to/from applications`

code cleanup 2018-06-13 01:50:08 +03:00			`import (`
Fix CKR (IPv4/IPv6) in TAP mode so frames sent to node MAC, base MAC/LL from node IPv6 address 2018-11-10 21:33:52 +03:00			`"bytes"`
More complete NDP implementation for TAP mode, which tracks individual MAC addresses for neighbors 2018-11-10 18:46:10 +03:00			`"errors"`
Track further neighbor state, don't send more NDPs than needed 2018-11-10 20:32:03 +03:00			`"time"`
Centralise platform defaults into the 'defaults' package 2018-07-07 14:08:52 +03:00			`"yggdrasil/defaults"`

code cleanup 2018-06-13 01:50:08 +03:00			`"github.com/songgao/packets/ethernet"`
			`"github.com/yggdrasil-network/water"`
			`)`
first code/readme/license commit 2017-12-29 07:16:20 +03:00
Clean up some exported constants 2018-05-28 01:31:34 +03:00			`const tun_IPv6_HEADER_LENGTH = 40`
			`const tun_ETHER_HEADER_LENGTH = 14`
first code/readme/license commit 2017-12-29 07:16:20 +03:00
Document ICMPv6 and TUN/TAP 2018-06-13 00:45:53 +03:00			`// Represents a running TUN/TAP interface.`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`type tunDevice struct {`
Remove ndp.go and add icmpv6.go 2018-02-12 21:19:31 +03:00			`core *Core`
			`icmpv6 icmpv6`
			`send chan<- []byte`
			`recv <-chan []byte`
			`mtu int`
get the fd instead of depending on water to do it 2018-03-04 22:57:34 +03:00			`iface *water.Interface`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`}`

Document ICMPv6 and TUN/TAP 2018-06-13 00:45:53 +03:00			`// Gets the maximum supported MTU for the platform based on the defaults in`
Centralise platform defaults into the 'defaults' package 2018-07-07 14:08:52 +03:00			`// defaults.GetDefaults().`
Per-platform TUN defaults 2018-03-03 15:30:54 +03:00			`func getSupportedMTU(mtu int) int {`
Centralise platform defaults into the 'defaults' package 2018-07-07 14:08:52 +03:00			`if mtu > defaults.GetDefaults().MaximumIfMTU {`
			`return defaults.GetDefaults().MaximumIfMTU`
Don't allow exceeding maximum MTU for a given platform 2018-03-03 14:47:14 +03:00			`}`
			`return mtu`
			`}`

Document ICMPv6 and TUN/TAP 2018-06-13 00:45:53 +03:00			`// Initialises the TUN/TAP adapter.`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`func (tun tunDevice) init(core Core) {`
Run gofmt -s -w . 2018-01-05 01:37:51 +03:00			`tun.core = core`
Remove ndp.go and add icmpv6.go 2018-02-12 21:19:31 +03:00			`tun.icmpv6.init(tun)`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`}`

Document ICMPv6 and TUN/TAP 2018-06-13 00:45:53 +03:00			`// Starts the setup process for the TUN/TAP adapter, and if successful, starts`
			`// the read/write goroutines to handle packets on that interface.`
Fix starting TUN read/write 2018-05-28 00:35:30 +03:00			`func (tun *tunDevice) start(ifname string, iftapmode bool, addr string, mtu int) error {`
Fix IfName='none' 2018-06-03 01:29:06 +03:00			`if ifname == "none" {`
			`return nil`
			`}`
Fix starting TUN read/write 2018-05-28 00:35:30 +03:00			`if err := tun.setup(ifname, iftapmode, addr, mtu); err != nil {`
			`return err`
			`}`
			`go func() { panic(tun.read()) }()`
			`go func() { panic(tun.write()) }()`
fix crash when starting in tun mode 2018-11-11 07:39:15 +03:00			`if iftapmode {`
			`go func() {`
			`for {`
			`if _, ok := tun.icmpv6.peermacs[tun.core.router.addr]; ok {`
			`break`
			`}`
			`request, err := tun.icmpv6.create_ndp_tap(tun.core.router.addr)`
			`if err != nil {`
			`panic(err)`
			`}`
			`if _, err := tun.iface.Write(request); err != nil {`
			`panic(err)`
			`}`
			`time.Sleep(time.Second)`
Track further neighbor state, don't send more NDPs than needed 2018-11-10 20:32:03 +03:00			`}`
fix crash when starting in tun mode 2018-11-11 07:39:15 +03:00			`}()`
			`}`
Fix starting TUN read/write 2018-05-28 00:35:30 +03:00			`return nil`
			`}`

Document ICMPv6 and TUN/TAP 2018-06-13 00:45:53 +03:00			`// Writes a packet to the TUN/TAP adapter. If the adapter is running in TAP`
			`// mode then additional ethernet encapsulation is added for the benefit of the`
			`// host operating system.`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`func (tun *tunDevice) write() error {`
Run gofmt -s -w . 2018-01-05 01:37:51 +03:00			`for {`
			`data := <-tun.recv`
Allow setting IfName to 'none' to run without TUN/TAP 2018-02-16 01:29:13 +03:00			`if tun.iface == nil {`
			`continue`
			`}`
TAP support added - Supports Windows using OpenVPN NDIS 6 TAP driver - Supports NDP Neighbor Solicitation and Advertisements in ndp.go - Supports TAP encapsulation and decapsulation in tun.go 2018-01-24 13:59:01 +03:00			`if tun.iface.IsTAP() {`
More complete NDP implementation for TAP mode, which tracks individual MAC addresses for neighbors 2018-11-10 18:46:10 +03:00			`var destAddr address`
			`if data[0]&0xf0 == 0x60 {`
			`if len(data) < 40 {`
			`panic("Tried to send a packet shorter than an IPv6 header...")`
			`}`
			`copy(destAddr[:16], data[24:])`
			`} else if data[0]&0xf0 == 0x40 {`
			`if len(data) < 20 {`
			`panic("Tried to send a packet shorter than an IPv4 header...")`
			`}`
			`copy(destAddr[:4], data[16:])`
			`} else {`
			`return errors.New("Invalid address family")`
			`}`
Track further neighbor state, don't send more NDPs than needed 2018-11-10 20:32:03 +03:00			`sendndp := func(destAddr address) {`
			`neigh, known := tun.icmpv6.peermacs[destAddr]`
			`known = known && (time.Since(neigh.lastsolicitation).Seconds() < 30)`
			`if !known {`
			`request, err := tun.icmpv6.create_ndp_tap(destAddr)`
			`if err != nil {`
			`panic(err)`
			`}`
			`if _, err := tun.iface.Write(request); err != nil {`
			`panic(err)`
			`}`
			`tun.icmpv6.peermacs[destAddr] = neighbor{`
			`lastsolicitation: time.Now(),`
			`}`
			`}`
			`}`
			`var peermac macAddress`
			`var peerknown bool`
Fix CKR (IPv4/IPv6) in TAP mode so frames sent to node MAC, base MAC/LL from node IPv6 address 2018-11-10 21:33:52 +03:00			`if data[0]&0xf0 == 0x40 {`
			`destAddr = tun.core.router.addr`
			`} else if data[0]&0xf0 == 0x60 {`
			`if !bytes.Equal(tun.core.router.addr[:16], destAddr[:16]) && !bytes.Equal(tun.core.router.subnet[:8], destAddr[:8]) {`
			`destAddr = tun.core.router.addr`
			`}`
			`}`
Track further neighbor state, don't send more NDPs than needed 2018-11-10 20:32:03 +03:00			`if neighbor, ok := tun.icmpv6.peermacs[destAddr]; ok && neighbor.learned {`
			`peermac = neighbor.mac`
			`peerknown = true`
			`} else if neighbor, ok := tun.icmpv6.peermacs[tun.core.router.addr]; ok && neighbor.learned {`
			`peermac = neighbor.mac`
			`peerknown = true`
			`sendndp(destAddr)`
			`} else {`
			`sendndp(tun.core.router.addr)`
			`}`
			`if peerknown {`
Fix CKR (IPv4/IPv6) in TAP mode so frames sent to node MAC, base MAC/LL from node IPv6 address 2018-11-10 21:33:52 +03:00			`var proto ethernet.Ethertype`
			`switch {`
			`case data[0]&0xf0 == 0x60:`
			`proto = ethernet.IPv6`
			`case data[0]&0xf0 == 0x40:`
			`proto = ethernet.IPv4`
			`}`
More complete NDP implementation for TAP mode, which tracks individual MAC addresses for neighbors 2018-11-10 18:46:10 +03:00			`var frame ethernet.Frame`
			`frame.Prepare(`
			`peermac[:6], // Destination MAC address`
			`tun.icmpv6.mymac[:6], // Source MAC address`
			`ethernet.NotTagged, // VLAN tagging`
Fix CKR (IPv4/IPv6) in TAP mode so frames sent to node MAC, base MAC/LL from node IPv6 address 2018-11-10 21:33:52 +03:00			`proto, // Ethertype`
More complete NDP implementation for TAP mode, which tracks individual MAC addresses for neighbors 2018-11-10 18:46:10 +03:00			`len(data)) // Payload length`
			`copy(frame[tun_ETHER_HEADER_LENGTH:], data[:])`
			`if _, err := tun.iface.Write(frame); err != nil {`
			`panic(err)`
			`}`
TAP support added - Supports Windows using OpenVPN NDIS 6 TAP driver - Supports NDP Neighbor Solicitation and Advertisements in ndp.go - Supports TAP encapsulation and decapsulation in tun.go 2018-01-24 13:59:01 +03:00			`}`
			`} else {`
			`if _, err := tun.iface.Write(data); err != nil {`
Fix MTU issues with TAP adapters 2018-01-25 20:44:56 +03:00			`panic(err)`
TAP support added - Supports Windows using OpenVPN NDIS 6 TAP driver - Supports NDP Neighbor Solicitation and Advertisements in ndp.go - Supports TAP encapsulation and decapsulation in tun.go 2018-01-24 13:59:01 +03:00			`}`
Run gofmt -s -w . 2018-01-05 01:37:51 +03:00			`}`
			`util_putBytes(data)`
			`}`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`}`

Document ICMPv6 and TUN/TAP 2018-06-13 00:45:53 +03:00			`// Reads any packets that are waiting on the TUN/TAP adapter. If the adapter`
			`// is running in TAP mode then the ethernet headers will automatically be`
			`// processed and stripped if necessary. If an ICMPv6 packet is found, then`
			`// the relevant helper functions in icmpv6.go are called.`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`func (tun *tunDevice) read() error {`
Fix MTU issues with TAP adapters 2018-01-25 20:44:56 +03:00			`mtu := tun.mtu`
			`if tun.iface.IsTAP() {`
Clean up some exported constants 2018-05-28 01:31:34 +03:00			`mtu += tun_ETHER_HEADER_LENGTH`
Fix MTU issues with TAP adapters 2018-01-25 20:44:56 +03:00			`}`
			`buf := make([]byte, mtu)`
Run gofmt -s -w . 2018-01-05 01:37:51 +03:00			`for {`
			`n, err := tun.iface.Read(buf)`
			`if err != nil {`
Add setTunTap 2018-02-28 18:15:57 +03:00			`// panic(err)`
			`return err`
Run gofmt -s -w . 2018-01-05 01:37:51 +03:00			`}`
TAP support added - Supports Windows using OpenVPN NDIS 6 TAP driver - Supports NDP Neighbor Solicitation and Advertisements in ndp.go - Supports TAP encapsulation and decapsulation in tun.go 2018-01-24 13:59:01 +03:00			`o := 0`
			`if tun.iface.IsTAP() {`
Clean up some exported constants 2018-05-28 01:31:34 +03:00			`o = tun_ETHER_HEADER_LENGTH`
TAP support added - Supports Windows using OpenVPN NDIS 6 TAP driver - Supports NDP Neighbor Solicitation and Advertisements in ndp.go - Supports TAP encapsulation and decapsulation in tun.go 2018-01-24 13:59:01 +03:00			`}`
Reinstate length/bounds check in tun.go 2018-11-07 01:35:28 +03:00			`switch {`
			`case buf[o]&0xf0 == 0x60 && n == 256*int(buf[o+4])+int(buf[o+5])+tun_IPv6_HEADER_LENGTH+o:`
			`case buf[o]&0xf0 == 0x40 && n == 256*int(buf[o+2])+int(buf[o+3])+o:`
			`default:`
			`continue`
Run gofmt -s -w . 2018-01-05 01:37:51 +03:00			`}`
Remove ndp.go and add icmpv6.go 2018-02-12 21:19:31 +03:00			`if buf[o+6] == 58 {`
			`// Found an ICMPv6 packet`
			`b := make([]byte, n)`
			`copy(b, buf)`
Don't use channels for ICMPv6 packets 2018-02-12 23:00:55 +03:00			`// tun.icmpv6.recv <- b`
Improve icmpv6.go - Now doesn't use unsafe - Much cleaner - Doesn't run in a goroutine perpetually - Has a function to create ICMPv6 packets 2018-02-14 14:21:23 +03:00			`go tun.icmpv6.parse_packet(b)`
Remove ndp.go and add icmpv6.go 2018-02-12 21:19:31 +03:00			`}`
TAP support added - Supports Windows using OpenVPN NDIS 6 TAP driver - Supports NDP Neighbor Solicitation and Advertisements in ndp.go - Supports TAP encapsulation and decapsulation in tun.go 2018-01-24 13:59:01 +03:00			`packet := append(util_getBytes(), buf[o:n]...)`
Run gofmt -s -w . 2018-01-05 01:37:51 +03:00			`tun.send <- packet`
			`}`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`}`

Document ICMPv6 and TUN/TAP 2018-06-13 00:45:53 +03:00			`// Closes the TUN/TAP adapter. This is only usually called when the Yggdrasil`
			`// process stops. Typically this operation will happen quickly, but on macOS`
code cleanup 2018-06-13 01:50:08 +03:00			`// it can block until a read operation is completed.`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`func (tun *tunDevice) close() error {`
Allow setting IfName to 'none' to run without TUN/TAP 2018-02-16 01:29:13 +03:00			`if tun.iface == nil {`
			`return nil`
			`}`
Run gofmt -s -w . 2018-01-05 01:37:51 +03:00			`return tun.iface.Close()`
first code/readme/license commit 2017-12-29 07:16:20 +03:00			`}`