Simple lie test (#427)
This commit is contained in:
Nathan Brown
113
hostmap.go
113
hostmap.go
@ -40,7 +40,7 @@ type HostInfo struct {
|
||||
sync.RWMutex
|
||||
|
||||
remote *udpAddr
|
||||
Remotes []*HostInfoDest
|
||||
Remotes []*udpAddr
|
||||
promoteCounter uint32
|
||||
ConnectionState *ConnectionState
|
||||
handshakeStart time.Time
|
||||
@ -55,6 +55,10 @@ type HostInfo struct {
|
||||
recvError int
|
||||
remoteCidr *CIDRTree
|
||||
|
||||
// This is a list of remotes that we have tried to handshake with and have returned from the wrong vpn ip.
|
||||
// They should not be tried again during a handshake
|
||||
badRemotes []*udpAddr
|
||||
|
||||
// lastRebindCount is the other side of Interface.rebindCount, if these values don't match then we need to ask LH
|
||||
// for a punch from the remote end of this tunnel. The goal being to prime their conntrack for our traffic just like
|
||||
// with a handshake
|
||||
@ -138,7 +142,7 @@ func (hm *HostMap) AddVpnIP(vpnIP uint32) *HostInfo {
|
||||
if _, ok := hm.Hosts[vpnIP]; !ok {
|
||||
hm.RUnlock()
|
||||
h = &HostInfo{
|
||||
Remotes: []*HostInfoDest{},
|
||||
Remotes: []*udpAddr{},
|
||||
promoteCounter: 0,
|
||||
hostId: vpnIP,
|
||||
HandshakePacket: make(map[uint8][]byte, 0),
|
||||
@ -308,12 +312,12 @@ func (hm *HostMap) AddRemote(vpnIp uint32, remote *udpAddr) *HostInfo {
|
||||
i.AddRemote(remote)
|
||||
} else {
|
||||
i = &HostInfo{
|
||||
Remotes: []*HostInfoDest{NewHostInfoDest(remote)},
|
||||
Remotes: []*udpAddr{remote.Copy()},
|
||||
promoteCounter: 0,
|
||||
hostId: vpnIp,
|
||||
HandshakePacket: make(map[uint8][]byte, 0),
|
||||
}
|
||||
i.remote = i.Remotes[0].addr
|
||||
i.remote = i.Remotes[0]
|
||||
hm.Hosts[vpnIp] = i
|
||||
if hm.l.Level >= logrus.DebugLevel {
|
||||
hm.l.WithField("hostMap", m{"mapName": hm.name, "vpnIp": IntIp(vpnIp), "udpAddr": remote, "mapTotalSize": len(hm.Hosts)}).
|
||||
@ -409,7 +413,7 @@ func (hm *HostMap) PunchList() []*udpAddr {
|
||||
hm.RLock()
|
||||
for _, v := range hm.Hosts {
|
||||
for _, r := range v.Remotes {
|
||||
list = append(list, r.addr)
|
||||
list = append(list, r)
|
||||
}
|
||||
// if h, ok := hm.Hosts[vpnIp]; ok {
|
||||
// hm.Hosts[vpnIp].PromoteBest(hm.preferredRanges, false)
|
||||
@ -511,16 +515,14 @@ func (i *HostInfo) ForcePromoteBest(preferredRanges []*net.IPNet) {
|
||||
func (i *HostInfo) getBestRemote(preferredRanges []*net.IPNet) (best *udpAddr, preferred bool) {
|
||||
if len(i.Remotes) > 0 {
|
||||
for _, r := range i.Remotes {
|
||||
rIP := r.addr.IP
|
||||
|
||||
for _, l := range preferredRanges {
|
||||
if l.Contains(rIP) {
|
||||
return r.addr, true
|
||||
if l.Contains(r.IP) {
|
||||
return r, true
|
||||
}
|
||||
}
|
||||
|
||||
if best == nil || !PrivateIP(rIP) {
|
||||
best = r.addr
|
||||
if best == nil || !PrivateIP(r.IP) {
|
||||
best = r
|
||||
}
|
||||
/*
|
||||
for _, r := range i.Remotes {
|
||||
@ -553,21 +555,21 @@ func (i *HostInfo) rotateRemote() {
|
||||
}
|
||||
|
||||
if i.remote == nil {
|
||||
i.remote = i.Remotes[0].addr
|
||||
i.remote = i.Remotes[0]
|
||||
return
|
||||
}
|
||||
|
||||
// We want to look at all but the very last entry since that is handled at the end
|
||||
for x := 0; x < len(i.Remotes)-1; x++ {
|
||||
// Find our current position and move to the next one in the list
|
||||
if i.Remotes[x].addr.Equals(i.remote) {
|
||||
i.remote = i.Remotes[x+1].addr
|
||||
if i.Remotes[x].Equals(i.remote) {
|
||||
i.remote = i.Remotes[x+1]
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Our current position was likely the last in the list, start over at 0
|
||||
i.remote = i.Remotes[0].addr
|
||||
i.remote = i.Remotes[0]
|
||||
}
|
||||
|
||||
func (i *HostInfo) cachePacket(l *logrus.Logger, t NebulaMessageType, st NebulaMessageSubType, packet []byte, f packetCallback) {
|
||||
@ -616,18 +618,21 @@ func (i *HostInfo) handshakeComplete(l *logrus.Logger) {
|
||||
}
|
||||
}
|
||||
|
||||
i.badRemotes = make([]*udpAddr, 0)
|
||||
i.packetStore = make([]*cachedPacket, 0)
|
||||
i.ConnectionState.ready = true
|
||||
i.ConnectionState.queueLock.Unlock()
|
||||
i.ConnectionState.certState = nil
|
||||
}
|
||||
|
||||
func (i *HostInfo) RemoteUDPAddrs() []*udpAddr {
|
||||
var addrs []*udpAddr
|
||||
for _, r := range i.Remotes {
|
||||
addrs = append(addrs, r.addr)
|
||||
func (i *HostInfo) CopyRemotes() []*udpAddr {
|
||||
i.RLock()
|
||||
rc := make([]*udpAddr, len(i.Remotes), len(i.Remotes))
|
||||
for x, addr := range i.Remotes {
|
||||
rc[x] = addr.Copy()
|
||||
}
|
||||
return addrs
|
||||
i.RUnlock()
|
||||
return rc
|
||||
}
|
||||
|
||||
func (i *HostInfo) GetCert() *cert.NebulaCertificate {
|
||||
@ -638,30 +643,57 @@ func (i *HostInfo) GetCert() *cert.NebulaCertificate {
|
||||
}
|
||||
|
||||
func (i *HostInfo) AddRemote(remote *udpAddr) *udpAddr {
|
||||
//add := true
|
||||
if i.unlockedIsBadRemote(remote) {
|
||||
return i.remote
|
||||
}
|
||||
|
||||
for _, r := range i.Remotes {
|
||||
if r.addr.Equals(remote) {
|
||||
return r.addr
|
||||
//add = false
|
||||
if r.Equals(remote) {
|
||||
return r
|
||||
}
|
||||
}
|
||||
|
||||
// Trim this down if necessary
|
||||
if len(i.Remotes) > MaxRemotes {
|
||||
i.Remotes = i.Remotes[len(i.Remotes)-MaxRemotes:]
|
||||
}
|
||||
r := NewHostInfoDest(remote)
|
||||
i.Remotes = append(i.Remotes, r)
|
||||
return r.addr
|
||||
//l.Debugf("Added remote %s for vpn ip", remote)
|
||||
|
||||
rc := remote.Copy()
|
||||
i.Remotes = append(i.Remotes, rc)
|
||||
return rc
|
||||
}
|
||||
|
||||
func (i *HostInfo) SetRemote(remote *udpAddr) {
|
||||
i.remote = i.AddRemote(remote)
|
||||
}
|
||||
|
||||
func (i *HostInfo) unlockedBlockRemote(remote *udpAddr) {
|
||||
if !i.unlockedIsBadRemote(remote) {
|
||||
// We copy here because we are taking something else's memory and we can't trust everything
|
||||
i.badRemotes = append(i.badRemotes, remote.Copy())
|
||||
}
|
||||
|
||||
for k, v := range i.Remotes {
|
||||
if v.Equals(remote) {
|
||||
i.Remotes[k] = i.Remotes[len(i.Remotes)-1]
|
||||
i.Remotes = i.Remotes[:len(i.Remotes)-1]
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (i *HostInfo) unlockedIsBadRemote(remote *udpAddr) bool {
|
||||
for _, v := range i.badRemotes {
|
||||
if v.Equals(remote) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (i *HostInfo) ClearRemotes() {
|
||||
i.remote = nil
|
||||
i.Remotes = []*HostInfoDest{}
|
||||
i.Remotes = []*udpAddr{}
|
||||
}
|
||||
|
||||
func (i *HostInfo) ClearConnectionState() {
|
||||
@ -711,20 +743,6 @@ func (i *HostInfo) logger(l *logrus.Logger) *logrus.Entry {
|
||||
|
||||
//########################
|
||||
|
||||
func NewHostInfoDest(addr *udpAddr) *HostInfoDest {
|
||||
i := &HostInfoDest{
|
||||
addr: addr.Copy(),
|
||||
}
|
||||
return i
|
||||
}
|
||||
|
||||
func (hid *HostInfoDest) MarshalJSON() ([]byte, error) {
|
||||
return json.Marshal(m{
|
||||
"address": hid.addr,
|
||||
"probe_count": hid.probeCounter,
|
||||
})
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
func (hm *HostMap) DebugRemotes(vpnIp uint32) string {
|
||||
@ -814,7 +832,10 @@ func localIps(l *logrus.Logger, allowList *AllowList) *[]net.IP {
|
||||
ifaces, _ := net.Interfaces()
|
||||
for _, i := range ifaces {
|
||||
allow := allowList.AllowName(i.Name)
|
||||
l.WithField("interfaceName", i.Name).WithField("allow", allow).Debug("localAllowList.AllowName")
|
||||
if l.Level >= logrus.TraceLevel {
|
||||
l.WithField("interfaceName", i.Name).WithField("allow", allow).Trace("localAllowList.AllowName")
|
||||
}
|
||||
|
||||
if !allow {
|
||||
continue
|
||||
}
|
||||
@ -833,7 +854,9 @@ func localIps(l *logrus.Logger, allowList *AllowList) *[]net.IP {
|
||||
//TODO: Would be nice to filter out SLAAC MAC based ips as well
|
||||
if ip.IsLoopback() == false && !ip.IsLinkLocalUnicast() {
|
||||
allow := allowList.Allow(ip)
|
||||
l.WithField("localIp", ip).WithField("allow", allow).Debug("localAllowList.Allow")
|
||||
if l.Level >= logrus.TraceLevel {
|
||||
l.WithField("localIp", ip).WithField("allow", allow).Trace("localAllowList.Allow")
|
||||
}
|
||||
if !allow {
|
||||
continue
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user