void/amneziawg-go
2
0
Fork 0
mirror of https://github.com/amnezia-vpn/amneziawg-go.git synced 2025-06-06 21:33:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #3 from amnezia-vpn/bugfix/uapi_adv_sec_onoff

Browse source 
Manage advanced security via uapi
This commit is contained in:
pokamest 2023-10-09 06:07:20 -07:00 committed by GitHub
commit b34974c476
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 52 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
device/device.go
View file

@ -98,6 +98,7 @@ type Device struct {
} }
type aSecCfgType struct { type aSecCfgType struct {
isSet bool
junkPacketCount int junkPacketCount int
junkPacketMinSize int junkPacketMinSize int
junkPacketMaxSize int junkPacketMaxSize int
@ -567,15 +568,7 @@ func (device *Device) isAdvancedSecurityOn() bool {
func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) { func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
if tempASecCfg.junkPacketCount == 0 && if !tempASecCfg.isSet {
tempASecCfg.junkPacketMaxSize == 0 &&
tempASecCfg.junkPacketMinSize == 0 &&
tempASecCfg.initPacketJunkSize == 0 &&
tempASecCfg.responsePacketJunkSize == 0 &&
tempASecCfg.initPacketMagicHeader == 0 &&
tempASecCfg.responsePacketMagicHeader == 0 &&
tempASecCfg.underloadPacketMagicHeader == 0 &&
tempASecCfg.transportPacketMagicHeader == 0 {
return err return err
} }

14
device/send.go
View file

@ -126,25 +126,31 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
if peer.device.isAdvancedSecurityOn() { if peer.device.isAdvancedSecurityOn() {
peer.device.aSecMux.RLock() peer.device.aSecMux.RLock()
junks, err := peer.createJunkPackets() junks, err := peer.createJunkPackets()
if err != nil {
peer.device.aSecMux.RUnlock() peer.device.aSecMux.RUnlock()
if err != nil {
peer.device.log.Errorf("%v - %v", peer, err) peer.device.log.Errorf("%v - %v", peer, err)
return err return err
} }
sendBuffer = append(sendBuffer, junks...)
err = peer.SendBuffers(junks)
if err != nil {
peer.device.log.Errorf("%v - Failed to send junk packets: %v", peer, err)
return err
}
if peer.device.aSecCfg.initPacketJunkSize != 0 { if peer.device.aSecCfg.initPacketJunkSize != 0 {
buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize) buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
writer := bytes.NewBuffer(buf[:0]) writer := bytes.NewBuffer(buf[:0])
err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize) err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
if err != nil { if err != nil {
peer.device.aSecMux.RUnlock()
peer.device.log.Errorf("%v - %v", peer, err) peer.device.log.Errorf("%v - %v", peer, err)
return err return err
} }
junkedHeader = writer.Bytes() junkedHeader = writer.Bytes()
} }
peer.device.aSecMux.RUnlock()
} }
var buf [MessageInitiationSize]byte var buf [MessageInitiationSize]byte
writer := bytes.NewBuffer(buf[:0]) writer := bytes.NewBuffer(buf[:0])
binary.Write(writer, binary.LittleEndian, msg) binary.Write(writer, binary.LittleEndian, msg)

10
device/uapi.go
View file

@ -295,6 +295,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
} }
device.log.Verbosef("UAPI: Updating junk_packet_count") device.log.Verbosef("UAPI: Updating junk_packet_count")
tempASecCfg.junkPacketCount = junkPacketCount tempASecCfg.junkPacketCount = junkPacketCount
tempASecCfg.isSet = true
case "jmin": case "jmin":
junkPacketMinSize, err := strconv.Atoi(value) junkPacketMinSize, err := strconv.Atoi(value)
@ -303,6 +304,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
} }
device.log.Verbosef("UAPI: Updating junk_packet_min_size") device.log.Verbosef("UAPI: Updating junk_packet_min_size")
tempASecCfg.junkPacketMinSize = junkPacketMinSize tempASecCfg.junkPacketMinSize = junkPacketMinSize
tempASecCfg.isSet = true
case "jmax": case "jmax":
junkPacketMaxSize, err := strconv.Atoi(value) junkPacketMaxSize, err := strconv.Atoi(value)
@ -311,6 +313,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
} }
device.log.Verbosef("UAPI: Updating junk_packet_max_size") device.log.Verbosef("UAPI: Updating junk_packet_max_size")
tempASecCfg.junkPacketMaxSize = junkPacketMaxSize tempASecCfg.junkPacketMaxSize = junkPacketMaxSize
tempASecCfg.isSet = true
case "s1": case "s1":
initPacketJunkSize, err := strconv.Atoi(value) initPacketJunkSize, err := strconv.Atoi(value)
@ -319,6 +322,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
} }
device.log.Verbosef("UAPI: Updating init_packet_junk_size") device.log.Verbosef("UAPI: Updating init_packet_junk_size")
tempASecCfg.initPacketJunkSize = initPacketJunkSize tempASecCfg.initPacketJunkSize = initPacketJunkSize
tempASecCfg.isSet = true
case "s2": case "s2":
responsePacketJunkSize, err := strconv.Atoi(value) responsePacketJunkSize, err := strconv.Atoi(value)
@ -327,6 +331,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
} }
device.log.Verbosef("UAPI: Updating response_packet_junk_size") device.log.Verbosef("UAPI: Updating response_packet_junk_size")
tempASecCfg.responsePacketJunkSize = responsePacketJunkSize tempASecCfg.responsePacketJunkSize = responsePacketJunkSize
tempASecCfg.isSet = true
case "h1": case "h1":
initPacketMagicHeader, err := strconv.ParseUint(value, 10, 32) initPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
@ -334,6 +339,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse init_packet_magic_header %w", err) return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse init_packet_magic_header %w", err)
} }
tempASecCfg.initPacketMagicHeader = uint32(initPacketMagicHeader) tempASecCfg.initPacketMagicHeader = uint32(initPacketMagicHeader)
tempASecCfg.isSet = true
case "h2": case "h2":
responsePacketMagicHeader, err := strconv.ParseUint(value, 10, 32) responsePacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
@ -341,6 +347,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse response_packet_magic_header %w", err) return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse response_packet_magic_header %w", err)
} }
tempASecCfg.responsePacketMagicHeader = uint32(responsePacketMagicHeader) tempASecCfg.responsePacketMagicHeader = uint32(responsePacketMagicHeader)
tempASecCfg.isSet = true
case "h3": case "h3":
underloadPacketMagicHeader, err := strconv.ParseUint(value, 10, 32) underloadPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
@ -348,6 +355,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse underload_packet_magic_header %w", err) return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse underload_packet_magic_header %w", err)
} }
tempASecCfg.underloadPacketMagicHeader = uint32(underloadPacketMagicHeader) tempASecCfg.underloadPacketMagicHeader = uint32(underloadPacketMagicHeader)
tempASecCfg.isSet = true
case "h4": case "h4":
transportPacketMagicHeader, err := strconv.ParseUint(value, 10, 32) transportPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
@ -355,6 +363,8 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse transport_packet_magic_header %w", err) return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse transport_packet_magic_header %w", err)
} }
tempASecCfg.transportPacketMagicHeader = uint32(transportPacketMagicHeader) tempASecCfg.transportPacketMagicHeader = uint32(transportPacketMagicHeader)
tempASecCfg.isSet = true
default: default:
return ipcErrorf(ipc.IpcErrorInvalid, "invalid UAPI device key: %v", key) return ipcErrorf(ipc.IpcErrorInvalid, "invalid UAPI device key: %v", key)
} }