Manage advanced sec via uapi

2025-04-13 20:46:55 +02:00 · 2023-10-09 13:22:49 +01:00 · 2023-10-09 13:22:49 +01:00 · f30419e0d1
commit f30419e0d1
parent 8f1a6a10b2
3 changed files with 52 additions and 43 deletions
--- a/device/device.go
+++ b/device/device.go
@ -98,6 +98,7 @@ type Device struct {
 }

 type aSecCfgType struct {
+	isSet                      bool
 	junkPacketCount            int
 	junkPacketMinSize          int
 	junkPacketMaxSize          int
@ -545,7 +546,7 @@ func (device *Device) BindUpdate() error {
 	// start receiving routines
 	device.net.stopping.Add(len(recvFns))
 	device.queue.decryption.wg.Add(len(recvFns)) // each RoutineReceiveIncoming goroutine writes to device.queue.decryption
-	device.queue.handshake.wg.Add(len(recvFns)) // each RoutineReceiveIncoming goroutine writes to device.queue.handshake
+	device.queue.handshake.wg.Add(len(recvFns))  // each RoutineReceiveIncoming goroutine writes to device.queue.handshake
 	batchSize := netc.bind.BatchSize()
 	for _, fn := range recvFns {
 		go device.RoutineReceiveIncoming(batchSize, fn)
@ -565,25 +566,17 @@ func (device *Device) isAdvancedSecurityOn() bool {
 	return device.isASecOn.IsSet()
 }

-func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {	
-	
-	if tempASecCfg.junkPacketCount == 0 &&
-		tempASecCfg.junkPacketMaxSize == 0 &&
-		tempASecCfg.junkPacketMinSize == 0 &&
-		tempASecCfg.initPacketJunkSize == 0 &&
-		tempASecCfg.responsePacketJunkSize == 0 &&
-		tempASecCfg.initPacketMagicHeader == 0 &&
-		tempASecCfg.responsePacketMagicHeader == 0 &&
-		tempASecCfg.underloadPacketMagicHeader == 0 &&
-		tempASecCfg.transportPacketMagicHeader == 0 {
+func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
+
+	if !tempASecCfg.isSet {
 		return err
 	}
-	
+
 	isASecOn := false
 	device.aSecMux.Lock()
 	if tempASecCfg.junkPacketCount < 0 {
 		err = ipcErrorf(
-			ipc.IpcErrorInvalid, 
+			ipc.IpcErrorInvalid,
 			"JunkPacketCount should be non negative",
 		)
 	}
@ -591,24 +584,24 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 	if tempASecCfg.junkPacketCount != 0 {
 		isASecOn = true
 	}
-	
+
 	device.aSecCfg.junkPacketMinSize = tempASecCfg.junkPacketMinSize
 	if tempASecCfg.junkPacketMinSize != 0 {
 		isASecOn = true
 	}

-	if device.aSecCfg.junkPacketCount > 0 && 
+	if device.aSecCfg.junkPacketCount > 0 &&
 		tempASecCfg.junkPacketMaxSize == tempASecCfg.junkPacketMinSize {
-			
+
 		tempASecCfg.junkPacketMaxSize++ // to make rand gen work
 	}

-	if tempASecCfg.junkPacketMaxSize >= MaxSegmentSize{
+	if tempASecCfg.junkPacketMaxSize >= MaxSegmentSize {
 		device.aSecCfg.junkPacketMinSize = 0
 		device.aSecCfg.junkPacketMaxSize = 1
 		if err != nil {
 			err = ipcErrorf(
-				ipc.IpcErrorInvalid, 
+				ipc.IpcErrorInvalid,
 				"JunkPacketMaxSize: %d; should be smaller than maxSegmentSize: %d; %w",
 				tempASecCfg.junkPacketMaxSize,
 				MaxSegmentSize,
@ -616,7 +609,7 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 			)
 		} else {
 			err = ipcErrorf(
-				ipc.IpcErrorInvalid, 
+				ipc.IpcErrorInvalid,
 				"JunkPacketMaxSize: %d; should be smaller than maxSegmentSize: %d",
 				tempASecCfg.junkPacketMaxSize,
 				MaxSegmentSize,
@ -625,18 +618,18 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 	} else if tempASecCfg.junkPacketMaxSize < tempASecCfg.junkPacketMinSize {
 		if err != nil {
 			err = ipcErrorf(
-				ipc.IpcErrorInvalid, 
+				ipc.IpcErrorInvalid,
 				"maxSize: %d; should be greater than minSize: %d; %w",
 				tempASecCfg.junkPacketMaxSize,
-				tempASecCfg.junkPacketMinSize, 
+				tempASecCfg.junkPacketMinSize,
 				err,
 			)
 		} else {
 			err = ipcErrorf(
-				ipc.IpcErrorInvalid, 
+				ipc.IpcErrorInvalid,
 				"maxSize: %d; should be greater than minSize: %d",
 				tempASecCfg.junkPacketMaxSize,
-				tempASecCfg.junkPacketMinSize, 
+				tempASecCfg.junkPacketMinSize,
 			)
 		}
 	} else {
@ -664,10 +657,10 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 				MaxSegmentSize,
 			)
 		}
-	} else {	
+	} else {
 		device.aSecCfg.initPacketJunkSize = tempASecCfg.initPacketJunkSize
 	}
-	
+
 	if tempASecCfg.initPacketJunkSize != 0 {
 		isASecOn = true
 	}
@ -689,7 +682,7 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 				MaxSegmentSize,
 			)
 		}
-	} else {	
+	} else {
 		device.aSecCfg.responsePacketJunkSize = tempASecCfg.responsePacketJunkSize
 	}

@ -706,7 +699,7 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 		device.log.Verbosef("UAPI: Using default init type")
 		MessageInitiationType = 1
 	}
-	
+
 	if tempASecCfg.responsePacketMagicHeader > 4 {
 		isASecOn = true
 		device.log.Verbosef("UAPI: Updating response_packet_magic_header")
@ -716,7 +709,7 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 		device.log.Verbosef("UAPI: Using default response type")
 		MessageResponseType = 2
 	}
-	
+
 	if tempASecCfg.underloadPacketMagicHeader > 4 {
 		isASecOn = true
 		device.log.Verbosef("UAPI: Updating underload_packet_magic_header")
@ -787,14 +780,14 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {
 				newResponseSize,
 			)
 		}
-	} else {		
+	} else {
 		packetSizeToMsgType = map[int]uint32{
-			newInitSize:   MessageInitiationType,
-			newResponseSize: MessageResponseType,
+			newInitSize:            MessageInitiationType,
+			newResponseSize:        MessageResponseType,
 			MessageCookieReplySize: MessageCookieReplyType,
 			MessageTransportSize:   MessageTransportType,
 		}
-	
+
 		msgTypeToJunkSize = map[uint32]int{
 			MessageInitiationType:  device.aSecCfg.initPacketJunkSize,
 			MessageResponseType:    device.aSecCfg.responsePacketJunkSize,
@ -805,6 +798,6 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) {

 	device.isASecOn.SetTo(isASecOn)
 	device.aSecMux.Unlock()
-	
+
 	return err
 }
--- a/device/send.go
+++ b/device/send.go
@ -126,25 +126,31 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
 	if peer.device.isAdvancedSecurityOn() {
 		peer.device.aSecMux.RLock()
 		junks, err := peer.createJunkPackets()
+		peer.device.aSecMux.RUnlock()
+
 		if err != nil {
-			peer.device.aSecMux.RUnlock()
 			peer.device.log.Errorf("%v - %v", peer, err)
 			return err
 		}
-		sendBuffer = append(sendBuffer, junks...)
+
+		err = peer.SendBuffers(junks)
+		if err != nil {
+			peer.device.log.Errorf("%v - Failed to send junk packets: %v", peer, err)
+			return err
+		}
+
 		if peer.device.aSecCfg.initPacketJunkSize != 0 {
 			buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
 			writer := bytes.NewBuffer(buf[:0])
 			err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
 			if err != nil {
-				peer.device.aSecMux.RUnlock()
 				peer.device.log.Errorf("%v - %v", peer, err)
 				return err
 			}
 			junkedHeader = writer.Bytes()
 		}
-		peer.device.aSecMux.RUnlock()
 	}
+
 	var buf [MessageInitiationSize]byte
 	writer := bytes.NewBuffer(buf[:0])
 	binary.Write(writer, binary.LittleEndian, msg)
@ -154,9 +160,9 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {

 	peer.timersAnyAuthenticatedPacketTraversal()
 	peer.timersAnyAuthenticatedPacketSent()
-	
+
 	sendBuffer = append(sendBuffer, junkedHeader)
-	
+
 	err = peer.SendBuffers(sendBuffer)
 	if err != nil {
 		peer.device.log.Errorf("%v - Failed to send handshake initiation: %v", peer, err)
@ -191,7 +197,7 @@ func (peer *Peer) SendHandshakeResponse() error {
 				return err
 			}
 			junkedHeader = writer.Bytes()
-		} 
+		}
 		peer.device.aSecMux.RUnlock()
 	}
 	var buf [MessageResponseSize]byte
--- a/device/uapi.go
+++ b/device/uapi.go
@ -295,6 +295,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
 		}
 		device.log.Verbosef("UAPI: Updating junk_packet_count")
 		tempASecCfg.junkPacketCount = junkPacketCount
+		tempASecCfg.isSet = true

 	case "jmin":
 		junkPacketMinSize, err := strconv.Atoi(value)
@ -303,6 +304,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
 		}
 		device.log.Verbosef("UAPI: Updating junk_packet_min_size")
 		tempASecCfg.junkPacketMinSize = junkPacketMinSize
+		tempASecCfg.isSet = true

 	case "jmax":
 		junkPacketMaxSize, err := strconv.Atoi(value)
@ -311,6 +313,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
 		}
 		device.log.Verbosef("UAPI: Updating junk_packet_max_size")
 		tempASecCfg.junkPacketMaxSize = junkPacketMaxSize
+		tempASecCfg.isSet = true

 	case "s1":
 		initPacketJunkSize, err := strconv.Atoi(value)
@ -319,6 +322,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
 		}
 		device.log.Verbosef("UAPI: Updating init_packet_junk_size")
 		tempASecCfg.initPacketJunkSize = initPacketJunkSize
+		tempASecCfg.isSet = true

 	case "s2":
 		responsePacketJunkSize, err := strconv.Atoi(value)
@ -327,6 +331,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
 		}
 		device.log.Verbosef("UAPI: Updating response_packet_junk_size")
 		tempASecCfg.responsePacketJunkSize = responsePacketJunkSize
+		tempASecCfg.isSet = true

 	case "h1":
 		initPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
@ -334,6 +339,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
 			return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse init_packet_magic_header %w", err)
 		}
 		tempASecCfg.initPacketMagicHeader = uint32(initPacketMagicHeader)
+		tempASecCfg.isSet = true

 	case "h2":
 		responsePacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
@ -341,6 +347,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
 			return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse response_packet_magic_header %w", err)
 		}
 		tempASecCfg.responsePacketMagicHeader = uint32(responsePacketMagicHeader)
+		tempASecCfg.isSet = true

 	case "h3":
 		underloadPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
@ -348,6 +355,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
 			return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse underload_packet_magic_header %w", err)
 		}
 		tempASecCfg.underloadPacketMagicHeader = uint32(underloadPacketMagicHeader)
+		tempASecCfg.isSet = true

 	case "h4":
 		transportPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
@ -355,8 +363,10 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy
 			return ipcErrorf(ipc.IpcErrorInvalid, "faield to parse transport_packet_magic_header %w", err)
 		}
 		tempASecCfg.transportPacketMagicHeader = uint32(transportPacketMagicHeader)
+		tempASecCfg.isSet = true
+
 	default:
-		return ipcErrorf(ipc.IpcErrorInvalid, "invalid UAPI device key: %v",key)
+		return ipcErrorf(ipc.IpcErrorInvalid, "invalid UAPI device key: %v", key)
 	}

 	return nil
@ -463,7 +473,7 @@ func (device *Device) handlePeerLine(
 		device.log.Verbosef("%v - UAPI: Updating endpoint", peer.Peer)
 		endpoint, err := device.net.bind.ParseEndpoint(value)
 		if err != nil {
-			return ipcErrorf(ipc.IpcErrorInvalid, "failed to set endpoint %v: %w", value,  err)
+			return ipcErrorf(ipc.IpcErrorInvalid, "failed to set endpoint %v: %w", value, err)
 		}
 		peer.Lock()
 		defer peer.Unlock()