commit
f32b7b2d9a
28
Makefile
28
Makefile
|
@ -3,7 +3,7 @@ BUILD_NUMBER ?= dev+$(shell date -u '+%Y%m%d%H%M%S')
|
||||||
GO111MODULE = on
|
GO111MODULE = on
|
||||||
export GO111MODULE
|
export GO111MODULE
|
||||||
|
|
||||||
all: bin-linux bin-arm bin-arm6 bin-arm64 bin-darwin bin-windows
|
all: bin-linux bin-arm bin-arm6 bin-arm64 bin-darwin bin-windows bin-mips bin-mipsle bin-mips64 bin-mips64le
|
||||||
|
|
||||||
bin:
|
bin:
|
||||||
go build -ldflags "-X main.Build=$(BUILD_NUMBER)" -o ./nebula ${NEBULA_CMD_PATH}
|
go build -ldflags "-X main.Build=$(BUILD_NUMBER)" -o ./nebula ${NEBULA_CMD_PATH}
|
||||||
|
@ -47,6 +47,28 @@ bin-linux:
|
||||||
GOARCH=amd64 GOOS=linux go build -o build/linux/nebula -ldflags "-X main.Build=$(BUILD_NUMBER)" ${NEBULA_CMD_PATH}
|
GOARCH=amd64 GOOS=linux go build -o build/linux/nebula -ldflags "-X main.Build=$(BUILD_NUMBER)" ${NEBULA_CMD_PATH}
|
||||||
GOARCH=amd64 GOOS=linux go build -o build/linux/nebula-cert -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula-cert
|
GOARCH=amd64 GOOS=linux go build -o build/linux/nebula-cert -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula-cert
|
||||||
|
|
||||||
|
|
||||||
|
bin-mips:
|
||||||
|
mkdir -p build/mips
|
||||||
|
GOARCH=mips GOOS=linux go build -o build/mips/nebula -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula
|
||||||
|
GOARCH=mips GOOS=linux go build -o build/mips/nebula-cert -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula-cert
|
||||||
|
|
||||||
|
|
||||||
|
bin-mipsle:
|
||||||
|
mkdir -p build/mipsle
|
||||||
|
GOARCH=mipsle GOOS=linux go build -o build/mipsle/nebula -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula
|
||||||
|
GOARCH=mipsle GOOS=linux go build -o build/mipsle/nebula-cert -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula-cert
|
||||||
|
|
||||||
|
bin-mips64:
|
||||||
|
mkdir -p build/mips64
|
||||||
|
GOARCH=mips64 GOOS=linux go build -o build/mips64/nebula -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula
|
||||||
|
GOARCH=mips64 GOOS=linux go build -o build/mips64/nebula-cert -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula-cert
|
||||||
|
|
||||||
|
bin-mips64le:
|
||||||
|
mkdir -p build/mips64le
|
||||||
|
GOARCH=mips64le GOOS=linux go build -o build/mips64le/nebula -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula
|
||||||
|
GOARCH=mips64le GOOS=linux go build -o build/mips64le/nebula-cert -ldflags "-X main.Build=$(BUILD_NUMBER)" ./cmd/nebula-cert
|
||||||
|
|
||||||
release: all
|
release: all
|
||||||
tar -zcv -C build/arm/ -f nebula-linux-arm.tar.gz nebula nebula-cert
|
tar -zcv -C build/arm/ -f nebula-linux-arm.tar.gz nebula nebula-cert
|
||||||
tar -zcv -C build/arm6/ -f nebula-linux-arm6.tar.gz nebula nebula-cert
|
tar -zcv -C build/arm6/ -f nebula-linux-arm6.tar.gz nebula nebula-cert
|
||||||
|
@ -54,6 +76,10 @@ release: all
|
||||||
tar -zcv -C build/darwin/ -f nebula-darwin-amd64.tar.gz nebula nebula-cert
|
tar -zcv -C build/darwin/ -f nebula-darwin-amd64.tar.gz nebula nebula-cert
|
||||||
tar -zcv -C build/windows/ -f nebula-windows-amd64.tar.gz nebula.exe nebula-cert.exe
|
tar -zcv -C build/windows/ -f nebula-windows-amd64.tar.gz nebula.exe nebula-cert.exe
|
||||||
tar -zcv -C build/linux/ -f nebula-linux-amd64.tar.gz nebula nebula-cert
|
tar -zcv -C build/linux/ -f nebula-linux-amd64.tar.gz nebula nebula-cert
|
||||||
|
tar -zcv -C build/mips/ -f nebula-linux-mips.tar.gz nebula nebula-cert
|
||||||
|
tar -zcv -C build/mipsle/ -f nebula-linux-mipsle.tar.gz nebula nebula-cert
|
||||||
|
tar -zcv -C build/mips64/ -f nebula-linux-mips64.tar.gz nebula nebula-cert
|
||||||
|
tar -zcv -C build/mips64le/ -f nebula-linux-mips64le.tar.gz nebula nebula-cert
|
||||||
|
|
||||||
vet:
|
vet:
|
||||||
go vet -v ./...
|
go vet -v ./...
|
||||||
|
|
14
main.go
14
main.go
|
@ -59,20 +59,20 @@ func Main(configPath string, configTest bool, buildVersion string) {
|
||||||
trustedCAs, err = loadCAFromConfig(config)
|
trustedCAs, err = loadCAFromConfig(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
//The errors coming out of loadCA are already nicely formatted
|
//The errors coming out of loadCA are already nicely formatted
|
||||||
l.Fatal(err)
|
l.WithError(err).Fatal("Failed to load ca from config")
|
||||||
}
|
}
|
||||||
l.WithField("fingerprints", trustedCAs.GetFingerprints()).Debug("Trusted CA fingerprints")
|
l.WithField("fingerprints", trustedCAs.GetFingerprints()).Debug("Trusted CA fingerprints")
|
||||||
|
|
||||||
cs, err := NewCertStateFromConfig(config)
|
cs, err := NewCertStateFromConfig(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
//The errors coming out of NewCertStateFromConfig are already nicely formatted
|
//The errors coming out of NewCertStateFromConfig are already nicely formatted
|
||||||
l.Fatal(err)
|
l.WithError(err).Fatal("Failed to load certificate from config")
|
||||||
}
|
}
|
||||||
l.WithField("cert", cs.certificate).Debug("Client nebula certificate")
|
l.WithField("cert", cs.certificate).Debug("Client nebula certificate")
|
||||||
|
|
||||||
fw, err := NewFirewallFromConfig(cs.certificate, config)
|
fw, err := NewFirewallFromConfig(cs.certificate, config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.Fatal("Error while loading firewall rules: ", err)
|
l.WithError(err).Fatal("Error while loading firewall rules")
|
||||||
}
|
}
|
||||||
l.WithField("firewallHash", fw.GetRuleHash()).Info("Firewall started")
|
l.WithField("firewallHash", fw.GetRuleHash()).Info("Firewall started")
|
||||||
|
|
||||||
|
@ -131,7 +131,7 @@ func Main(configPath string, configTest bool, buildVersion string) {
|
||||||
for _, rawPreferredRange := range rawPreferredRanges {
|
for _, rawPreferredRange := range rawPreferredRanges {
|
||||||
_, preferredRange, err := net.ParseCIDR(rawPreferredRange)
|
_, preferredRange, err := net.ParseCIDR(rawPreferredRange)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.Fatal(err)
|
l.WithError(err).Fatal("Failed to parse preferred ranges")
|
||||||
}
|
}
|
||||||
preferredRanges = append(preferredRanges, preferredRange)
|
preferredRanges = append(preferredRanges, preferredRange)
|
||||||
}
|
}
|
||||||
|
@ -144,7 +144,7 @@ func Main(configPath string, configTest bool, buildVersion string) {
|
||||||
if rawLocalRange != "" {
|
if rawLocalRange != "" {
|
||||||
_, localRange, err := net.ParseCIDR(rawLocalRange)
|
_, localRange, err := net.ParseCIDR(rawLocalRange)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.Fatal(err)
|
l.WithError(err).Fatal("Failed to parse local range")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the entry for local_range was already specified in
|
// Check if the entry for local_range was already specified in
|
||||||
|
@ -294,7 +294,7 @@ func Main(configPath string, configTest bool, buildVersion string) {
|
||||||
|
|
||||||
ifce, err := NewInterface(ifConfig)
|
ifce, err := NewInterface(ifConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.Fatal(err)
|
l.WithError(err).Fatal("Failed to initialize interface")
|
||||||
}
|
}
|
||||||
|
|
||||||
ifce.RegisterConfigChangeCallbacks(config)
|
ifce.RegisterConfigChangeCallbacks(config)
|
||||||
|
@ -304,7 +304,7 @@ func Main(configPath string, configTest bool, buildVersion string) {
|
||||||
|
|
||||||
err = startStats(config)
|
err = startStats(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.Fatal(err)
|
l.WithError(err).Fatal("Failed to start stats emitter")
|
||||||
}
|
}
|
||||||
|
|
||||||
//TODO: check if we _should_ be emitting stats
|
//TODO: check if we _should_ be emitting stats
|
||||||
|
|
24
tun_linux.go
24
tun_linux.go
|
@ -65,13 +65,13 @@ type ifreqAddr struct {
|
||||||
|
|
||||||
type ifreqMTU struct {
|
type ifreqMTU struct {
|
||||||
Name [16]byte
|
Name [16]byte
|
||||||
MTU int
|
MTU int32
|
||||||
pad [8]byte
|
pad [8]byte
|
||||||
}
|
}
|
||||||
|
|
||||||
type ifreqQLEN struct {
|
type ifreqQLEN struct {
|
||||||
Name [16]byte
|
Name [16]byte
|
||||||
Value int
|
Value int32
|
||||||
pad [8]byte
|
pad [8]byte
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -168,43 +168,43 @@ func (c Tun) Activate() error {
|
||||||
|
|
||||||
// Set the device ip address
|
// Set the device ip address
|
||||||
if err = ioctl(fd, syscall.SIOCSIFADDR, uintptr(unsafe.Pointer(&ifra))); err != nil {
|
if err = ioctl(fd, syscall.SIOCSIFADDR, uintptr(unsafe.Pointer(&ifra))); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to set tun address: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the device network
|
// Set the device network
|
||||||
ifra.Addr.Addr = mask
|
ifra.Addr.Addr = mask
|
||||||
if err = ioctl(fd, syscall.SIOCSIFNETMASK, uintptr(unsafe.Pointer(&ifra))); err != nil {
|
if err = ioctl(fd, syscall.SIOCSIFNETMASK, uintptr(unsafe.Pointer(&ifra))); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to set tun netmask: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the device name
|
// Set the device name
|
||||||
ifrf := ifReq{Name: devName}
|
ifrf := ifReq{Name: devName}
|
||||||
if err = ioctl(fd, syscall.SIOCGIFFLAGS, uintptr(unsafe.Pointer(&ifrf))); err != nil {
|
if err = ioctl(fd, syscall.SIOCGIFFLAGS, uintptr(unsafe.Pointer(&ifrf))); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to set tun device name: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the MTU on the device
|
// Set the MTU on the device
|
||||||
ifm := ifreqMTU{Name: devName, MTU: c.MaxMTU}
|
ifm := ifreqMTU{Name: devName, MTU: int32(c.MaxMTU)}
|
||||||
if err = ioctl(fd, syscall.SIOCSIFMTU, uintptr(unsafe.Pointer(&ifm))); err != nil {
|
if err = ioctl(fd, syscall.SIOCSIFMTU, uintptr(unsafe.Pointer(&ifm))); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to set tun mtu: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the transmit queue length
|
// Set the transmit queue length
|
||||||
ifrq := ifreqQLEN{Name: devName, Value: c.TXQueueLen}
|
ifrq := ifreqQLEN{Name: devName, Value: int32(c.TXQueueLen)}
|
||||||
if err = ioctl(fd, syscall.SIOCSIFTXQLEN, uintptr(unsafe.Pointer(&ifrq))); err != nil {
|
if err = ioctl(fd, syscall.SIOCSIFTXQLEN, uintptr(unsafe.Pointer(&ifrq))); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to set tun tx queue length: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Bring up the interface
|
// Bring up the interface
|
||||||
ifrf.Flags = ifrf.Flags | syscall.IFF_UP
|
ifrf.Flags = ifrf.Flags | syscall.IFF_UP
|
||||||
if err = ioctl(fd, syscall.SIOCSIFFLAGS, uintptr(unsafe.Pointer(&ifrf))); err != nil {
|
if err = ioctl(fd, syscall.SIOCSIFFLAGS, uintptr(unsafe.Pointer(&ifrf))); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to bring the tun device up: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the routes
|
// Set the routes
|
||||||
link, err := netlink.LinkByName(c.Device)
|
link, err := netlink.LinkByName(c.Device)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to get tun device link: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Default route
|
// Default route
|
||||||
|
@ -242,7 +242,7 @@ func (c Tun) Activate() error {
|
||||||
// Run the interface
|
// Run the interface
|
||||||
ifrf.Flags = ifrf.Flags | syscall.IFF_UP | syscall.IFF_RUNNING
|
ifrf.Flags = ifrf.Flags | syscall.IFF_UP | syscall.IFF_RUNNING
|
||||||
if err = ioctl(fd, syscall.SIOCSIFFLAGS, uintptr(unsafe.Pointer(&ifrf))); err != nil {
|
if err = ioctl(fd, syscall.SIOCSIFFLAGS, uintptr(unsafe.Pointer(&ifrf))); err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to run tun device: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
15
udp_linux.go
15
udp_linux.go
|
@ -63,25 +63,18 @@ func NewListener(ip string, port int, multi bool) (*udpConn, error) {
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
syscall.Close(fd)
|
syscall.Close(fd)
|
||||||
return nil, err
|
return nil, fmt.Errorf("unable to open socket: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
var lip [4]byte
|
var lip [4]byte
|
||||||
copy(lip[:], net.ParseIP(ip).To4())
|
copy(lip[:], net.ParseIP(ip).To4())
|
||||||
|
|
||||||
if err = syscall.SetsockoptInt(fd, syscall.SOL_SOCKET, 0x0F, 1); err != nil {
|
if err = syscall.SetsockoptInt(fd, syscall.SOL_SOCKET, unix.SO_REUSEPORT, 1); err != nil {
|
||||||
return nil, err
|
return nil, fmt.Errorf("unable to set SO_REUSEPORT: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = syscall.Bind(fd, &syscall.SockaddrInet4{Port: port}); err != nil {
|
if err = syscall.Bind(fd, &syscall.SockaddrInet4{Port: port}); err != nil {
|
||||||
return nil, err
|
return nil, fmt.Errorf("unable to bind to socket: %s", err)
|
||||||
}
|
|
||||||
|
|
||||||
// SO_REUSEADDR does not load balance so we use PORT
|
|
||||||
if multi {
|
|
||||||
if err = syscall.SetsockoptInt(fd, syscall.SOL_SOCKET, unix.SO_REUSEPORT, 1); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//TODO: this may be useful for forcing threads into specific cores
|
//TODO: this may be useful for forcing threads into specific cores
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
// +build linux
|
||||||
|
// +build 386 amd64p32 arm mips mipsle
|
||||||
|
|
||||||
package nebula
|
package nebula
|
||||||
|
|
||||||
import "unsafe"
|
import "unsafe"
|
|
@ -1,3 +1,6 @@
|
||||||
|
// +build linux
|
||||||
|
// +build amd64 arm64 ppc64 ppc64le mips64 mips64le s390x
|
||||||
|
|
||||||
package nebula
|
package nebula
|
||||||
|
|
||||||
import "unsafe"
|
import "unsafe"
|
|
@ -1,50 +0,0 @@
|
||||||
package nebula
|
|
||||||
|
|
||||||
import "unsafe"
|
|
||||||
|
|
||||||
type iovec struct {
|
|
||||||
Base *byte
|
|
||||||
Len uint64
|
|
||||||
}
|
|
||||||
|
|
||||||
type msghdr struct {
|
|
||||||
Name *byte
|
|
||||||
Namelen uint32
|
|
||||||
Pad0 [4]byte
|
|
||||||
Iov *iovec
|
|
||||||
Iovlen uint64
|
|
||||||
Control *byte
|
|
||||||
Controllen uint64
|
|
||||||
Flags int32
|
|
||||||
Pad1 [4]byte
|
|
||||||
}
|
|
||||||
|
|
||||||
type rawMessage struct {
|
|
||||||
Hdr msghdr
|
|
||||||
Len uint32
|
|
||||||
Pad0 [4]byte
|
|
||||||
}
|
|
||||||
|
|
||||||
func (u *udpConn) PrepareRawMessages(n int) ([]rawMessage, [][]byte, [][]byte) {
|
|
||||||
msgs := make([]rawMessage, n)
|
|
||||||
buffers := make([][]byte, n)
|
|
||||||
names := make([][]byte, n)
|
|
||||||
|
|
||||||
for i := range msgs {
|
|
||||||
buffers[i] = make([]byte, mtu)
|
|
||||||
names[i] = make([]byte, 0x1c) //TODO = sizeofSockaddrInet6
|
|
||||||
|
|
||||||
//TODO: this is still silly, no need for an array
|
|
||||||
vs := []iovec{
|
|
||||||
{Base: (*byte)(unsafe.Pointer(&buffers[i][0])), Len: uint64(len(buffers[i]))},
|
|
||||||
}
|
|
||||||
|
|
||||||
msgs[i].Hdr.Iov = &vs[0]
|
|
||||||
msgs[i].Hdr.Iovlen = uint64(len(vs))
|
|
||||||
|
|
||||||
msgs[i].Hdr.Name = (*byte)(unsafe.Pointer(&names[i][0]))
|
|
||||||
msgs[i].Hdr.Namelen = uint32(len(names[i]))
|
|
||||||
}
|
|
||||||
|
|
||||||
return msgs, buffers, names
|
|
||||||
}
|
|
Loading…
Reference in New Issue