lynatic/wgautomesh
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'yuka/main'

Browse source 
# Conflicts:
#	Cargo.lock
#	Cargo.toml
#	src/main.rs
This commit is contained in:
Lyn 2025-01-11 13:41:56 +01:00
commit a46acbb85c
1 changed files with 71 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

148
src/main.rs
View file

@ -1,8 +1,8 @@
#![feature(ip)] #![feature(ip)]
mod igd; mod igd;
use igd::*; use igd::*;
use std::collections::HashMap; use std::collections::{HashMap, HashSet};
use std::net::{IpAddr, SocketAddr, ToSocketAddrs, UdpSocket}; use std::net::{IpAddr, SocketAddr, SocketAddrV4, ToSocketAddrs, UdpSocket};
use std::process::Command; use std::process::Command;
use std::sync::Mutex; use std::sync::Mutex;
use std::thread; use std::thread;
@ -33,8 +33,6 @@ type Pubkey = String;
#[derive(Deserialize)] #[derive(Deserialize)]
struct Config { struct Config {
/// The Wireguard interface name
interface: Pubkey,
/// The port to use for gossip inside the Wireguard mesh (must be the same on all nodes) /// The port to use for gossip inside the Wireguard mesh (must be the same on all nodes)
gossip_port: u16, gossip_port: u16,
/// The secret to use to authenticate nodes between them /// The secret to use to authenticate nodes between them
@ -43,10 +41,6 @@ struct Config {
/// The file where to persist known peer addresses /// The file where to persist known peer addresses
persist_file: Option<String>, persist_file: Option<String>,
/// Use IPv6 instead of IPv4
#[serde(default)]
ipv6: bool,
/// Enable LAN discovery /// Enable LAN discovery
#[serde(default)] #[serde(default)]
lan_discovery: bool, lan_discovery: bool,
@ -63,10 +57,14 @@ struct Config {
struct Peer { struct Peer {
/// The peer's Wireguard public key /// The peer's Wireguard public key
pubkey: Pubkey, pubkey: Pubkey,
/// The peer's Wireguard address /// The destination used for gossip packets
address: IpAddr, address: IpAddr,
/// The Wireguard interface name
interface: String,
/// The endpoint port
port: u16,
/// An optionnal Wireguard endpoint used to initialize a connection to this peer /// An optionnal Wireguard endpoint used to initialize a connection to this peer
endpoint: Option<SocketAddr>, endpoint: Option<String>,
} }
fn main() -> Result<()> { fn main() -> Result<()> {
@ -120,9 +118,15 @@ fn kdf(secret: &str) -> xsalsa20poly1305::Key {
hash.as_bytes().clone().into() hash.as_bytes().clone().into()
} }
fn wg_dump(config: &Config) -> Result<(Pubkey, u16, Vec<(Pubkey, Option<SocketAddr>, u64)>)> { struct IfInfo {
our_pubkey: Pubkey,
listen_port: u16,
peers: Vec<(Pubkey, Option<SocketAddr>, u64)>,
}
fn wg_dump(interface: &str) -> Result<IfInfo> {
let output = Command::new("wg") let output = Command::new("wg")
.args(["show", &config.interface, "dump"]) .args(["show", interface, "dump"])
.output()?; .output()?;
let mut lines = std::str::from_utf8(&output.stdout)?.split('\n'); let mut lines = std::str::from_utf8(&output.stdout)?.split('\n');
@ -130,7 +134,7 @@ fn wg_dump(config: &Config) -> Result<(Pubkey, u16, Vec<(Pubkey, Option<SocketAd
if ourself.len() < 3 { if ourself.len() < 3 {
bail!( bail!(
"Unable to fetch wireguard status for interface {}", "Unable to fetch wireguard status for interface {}",
config.interface interface
); );
} }
let our_pubkey = ourself[1].to_string(); let our_pubkey = ourself[1].to_string();
@ -151,7 +155,7 @@ fn wg_dump(config: &Config) -> Result<(Pubkey, u16, Vec<(Pubkey, Option<SocketAd
}) })
.collect::<Vec<_>>(); .collect::<Vec<_>>();
Ok((our_pubkey, listen_port, peers)) Ok(IfInfo { our_pubkey, listen_port, peers })
} }
// ============ DAEMON CODE ================= // ============ DAEMON CODE =================
@ -159,10 +163,9 @@ fn wg_dump(config: &Config) -> Result<(Pubkey, u16, Vec<(Pubkey, Option<SocketAd
struct Daemon { struct Daemon {
config: Config, config: Config,
gossip_key: xsalsa20poly1305::Key, gossip_key: xsalsa20poly1305::Key,
our_pubkey: Pubkey,
listen_port: u16,
socket: UdpSocket, socket: UdpSocket,
state: Mutex<State>, state: Mutex<State>,
our_pubkey: Pubkey,
} }
struct PeerInfo { struct PeerInfo {
@ -170,10 +173,10 @@ struct PeerInfo {
gossip_ip: IpAddr, gossip_ip: IpAddr,
gossip_prio: u64, gossip_prio: u64,
// Info retrieved from wireguard // Info retrieved from wireguard
endpoint: Option<SocketAddr>, endpoint: Option<IpAddr>,
last_seen: u64, last_seen: u64,
// Info received by LAN broadcast // Info received by LAN broadcast
lan_endpoint: Option<(SocketAddr, u64)>, lan_endpoint: Option<(IpAddr, u64)>,
} }
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
@ -182,35 +185,47 @@ enum Gossip {
Pong, Pong,
Announce { Announce {
pubkey: Pubkey, pubkey: Pubkey,
endpoints: Vec<(SocketAddr, u64)>, endpoints: Vec<(IpAddr, u64)>,
}, },
Request, Request,
LanBroadcast { LanBroadcast {
pubkey: Pubkey, pubkey: Pubkey,
listen_port: u16,
}, },
} }
impl Daemon { impl Daemon {
fn new(config: Config) -> Result<Self> { fn new(config: Config) -> Result<Self> {
let gossip_key = kdf(config.gossip_secret.as_deref().unwrap_or_default()); let gossip_key = kdf(config.gossip_secret.as_deref().unwrap_or_default());
let (our_pubkey, listen_port, _peers) = wg_dump(&config)?;
let bind_addr = if config.ipv6 { let interface_names = config.peers.iter().map(|peer| peer.interface.clone()).collect::<HashSet<_>>();
SocketAddr::new("::".parse()?, config.gossip_port) // IPv6 let interfaces = interface_names.into_iter().map(|interface_name| wg_dump(&interface_name).map(|ifinfo| (interface_name, ifinfo))).collect::<Result<HashMap<_, _>>>()?;
} else { let socket = UdpSocket::bind(SocketAddr::new("::".parse()?, config.gossip_port))?;
SocketAddr::new("0.0.0.0".parse()?, config.gossip_port) // IPv4 //socket.set_broadcast(true)?;
}; socket.set_ttl(1)?;
let socket = UdpSocket::bind(bind_addr)?;
socket.set_broadcast(true)?; let our_pubkey = interfaces.iter().next().unwrap().1.our_pubkey.clone();
let peers = config.peers.iter().map(|peer_cfg| {
(
peer_cfg.pubkey.clone(),
PeerInfo {
gossip_ip: peer_cfg.address,
gossip_prio: fasthash(format!("{}-{}", our_pubkey, peer_cfg.pubkey).as_bytes()),
endpoint: None, // Is resolved as DNS name later
last_seen: u64::MAX,
lan_endpoint: None,
}
)
}).collect();
Ok(Daemon { Ok(Daemon {
config, config,
gossip_key, gossip_key,
our_pubkey,
listen_port,
socket, socket,
our_pubkey,
state: Mutex::new(State { state: Mutex::new(State {
peers: HashMap::new(), interfaces,
peers,
gossip: HashMap::new(), gossip: HashMap::new(),
}), }),
}) })
@ -245,7 +260,7 @@ impl Daemon {
fn initialize(&self) -> Result<()> { fn initialize(&self) -> Result<()> {
let mut state = self.state.lock().unwrap(); let mut state = self.state.lock().unwrap();
state.read_wg_peers(self)?; state.read_wg_peers()?;
state.setup_wg_peers(self, 0)?; state.setup_wg_peers(self, 0)?;
Ok(()) Ok(())
} }
@ -276,7 +291,7 @@ impl Daemon {
let mut state = self.state.lock().unwrap(); let mut state = self.state.lock().unwrap();
// 1. Update local peers info of peers // 1. Update local peers info of peers
state.read_wg_peers(self)?; state.read_wg_peers()?;
// 2. Send gossip for peers where there is a big update // 2. Send gossip for peers where there is a big update
let announces = state let announces = state
@ -331,12 +346,10 @@ impl Daemon {
} }
Gossip::LanBroadcast { Gossip::LanBroadcast {
pubkey, pubkey,
listen_port,
} => { } => {
if self.config.lan_discovery { if self.config.lan_discovery {
if let Some(peer) = state.peers.get_mut(&pubkey) { if let Some(peer) = state.peers.get_mut(&pubkey) {
let addr = SocketAddr::new(from.ip(), listen_port); peer.lan_endpoint = Some((from.ip(), time()));
peer.lan_endpoint = Some((addr, time()));
} }
} }
} }
@ -403,7 +416,6 @@ impl Daemon {
fn lan_broadcast_iter(&self) -> Result<()> { fn lan_broadcast_iter(&self) -> Result<()> {
let packet = self.make_packet(&Gossip::LanBroadcast { let packet = self.make_packet(&Gossip::LanBroadcast {
pubkey: self.our_pubkey.clone(), pubkey: self.our_pubkey.clone(),
listen_port: self.listen_port,
})?; })?;
let addr = if self.config.ipv6 { let addr = if self.config.ipv6 {
SocketAddr::new("ff05::1".parse().unwrap(), self.config.gossip_port) SocketAddr::new("ff05::1".parse().unwrap(), self.config.gossip_port)
@ -446,10 +458,10 @@ impl Daemon {
} }
} }
struct State { struct State {
peers: HashMap<Pubkey, PeerInfo>, peers: HashMap<Pubkey, PeerInfo>,
gossip: HashMap<Pubkey, Vec<(SocketAddr, u64)>>, gossip: HashMap<Pubkey, Vec<(IpAddr, u64)>>,
interfaces: HashMap<String, IfInfo>,
} }
impl State { impl State {
@ -479,7 +491,7 @@ impl State {
&mut self, &mut self,
daemon: &Daemon, daemon: &Daemon,
pubkey: Pubkey, pubkey: Pubkey,
mut endpoints: Vec<(SocketAddr, u64)>, mut endpoints: Vec<(IpAddr, u64)>,
) -> Result<()> { ) -> Result<()> {
let propagate = { let propagate = {
match self.gossip.get_mut(&pubkey) { match self.gossip.get_mut(&pubkey) {
@ -521,36 +533,21 @@ impl State {
Ok(()) Ok(())
} }
fn read_wg_peers(&mut self, daemon: &Daemon) -> Result<()> { fn read_wg_peers(&mut self) -> Result<()> {
let (_, _, wg_peers) = wg_dump(&daemon.config)?;
// Clear old known endpoints if any // Clear old known endpoints if any
for (_, peer) in self.peers.iter_mut() { for (_, peer) in self.peers.iter_mut() {
peer.endpoint = None; peer.endpoint = None;
} }
for (pk, endpoint, last_seen) in wg_peers { for (ifname, ifinfo) in &mut self.interfaces {
match self.peers.get_mut(&pk) { *ifinfo = wg_dump(&ifname)?;
Some(i) => { for (pk, endpoint, last_seen) in &mut ifinfo.peers {
i.endpoint = endpoint; if let Some(i) = self.peers.get_mut(&*pk) {
i.last_seen = last_seen; i.endpoint = endpoint.as_ref().map(SocketAddr::ip);
} i.last_seen = *last_seen;
None => { } else {
let gossip_ip = match daemon.config.peers.iter().find(|x| x.pubkey == pk) { warn!("unknown peer: {}", pk);
Some(x) => x.address,
None => continue,
};
let gossip_prio = fasthash(format!("{}-{}", daemon.our_pubkey, pk).as_bytes());
self.peers.insert(
pk,
PeerInfo {
endpoint,
lan_endpoint: None,
gossip_prio,
gossip_ip,
last_seen,
},
);
} }
} }
} }
@ -585,7 +582,7 @@ impl State {
Command::new("wg") Command::new("wg")
.args([ .args([
"set", "set",
&daemon.config.interface, &peer_cfg.interface,
"peer", "peer",
&peer_cfg.pubkey, &peer_cfg.pubkey,
"persistent-keepalive", "persistent-keepalive",
@ -611,11 +608,11 @@ impl State {
.cloned() .cloned()
.unwrap_or_default(); .unwrap_or_default();
if let Some(endpoint) = &peer_cfg.endpoint { if let Some(endpoint) = &peer_cfg.endpoint {
match endpoint.to_socket_addrs() { match format!("{}:0", endpoint).to_socket_addrs() {
Err(e) => error!("Could not resolve DNS for {}: {}", endpoint, e), Err(e) => error!("Could not resolve DNS for {}: {}", endpoint, e),
Ok(iter) => { Ok(iter) => {
for addr in iter { for addr in iter {
endpoints.push((addr, 0)); endpoints.push((addr.ip(), 0));
} }
} }
} }
@ -624,11 +621,7 @@ impl State {
endpoints endpoints
} }
}; };
let single_ip_cidr:u8 = if peer_cfg.address.is_ipv6(){
128
} else {
32
};
if !endpoints.is_empty() { if !endpoints.is_empty() {
let endpoint = endpoints[i % endpoints.len()].0; let endpoint = endpoints[i % endpoints.len()].0;
@ -641,19 +634,20 @@ impl State {
// Skip if we are already using that endpoint // Skip if we are already using that endpoint
continue; continue;
} }
info!("Configure {} with endpoint {}", peer_cfg.pubkey, endpoint); info!("Configure {} with endpoint {}", peer_cfg.pubkey, endpoint);
Command::new("wg") Command::new("wg")
.args([ .args([
"set", "set",
&daemon.config.interface, &peer_cfg.interface,
"peer", "peer",
&peer_cfg.pubkey, &peer_cfg.pubkey,
"endpoint", "endpoint",
&endpoint.to_string(), &SocketAddr::new(endpoint, peer_cfg.port).to_string(),
"persistent-keepalive", "persistent-keepalive",
"10", "10",
"allowed-ips", "allowed-ips",
&format!("{}/{}", peer_cfg.address, single_ip_cidr), "::/0,0.0.0.0/0"
]) ])
.output()?; .output()?;
let packet = daemon.make_packet(&Gossip::Ping)?; let packet = daemon.make_packet(&Gossip::Ping)?;
@ -666,11 +660,11 @@ impl State {
Command::new("wg") Command::new("wg")
.args([ .args([
"set", "set",
&daemon.config.interface, &peer_cfg.interface,
"peer", "peer",
&peer_cfg.pubkey, &peer_cfg.pubkey,
"allowed-ips", "allowed-ips",
&format!("{}/{}", peer_cfg.address, single_ip_cidr), "::/0,0.0.0.0/0"
]) ])
.output()?; .output()?;
} }