Merge branch 'develop' into neilalexander/prio

2025-04-29 22:55:06 +03:00 · 2022-10-22 17:00:46 +01:00 · 2022-10-22 17:00:46 +01:00 · 01facc0505
commit 01facc0505
parent bb389dbddd 8fe1c41295
6 changed files with 53 additions and 58 deletions
--- a/src/core/link.go
+++ b/src/core/link.go
@ -281,8 +281,7 @@ func (intf *link) handler() error {
 		var key keyArray
 		copy(key[:], meta.key)
 		if _, allowed := pinned[key]; !allowed {
-			intf.links.core.log.Errorf("Failed to connect to node: %q sent ed25519 key that does not match pinned keys", intf.name())
+			return fmt.Errorf("node public key that does not match pinned keys")
 			return fmt.Errorf("failed to connect: host sent ed25519 key that does not match pinned keys")
 		}
 	}
 	// Check if we're authorized to connect to this key / IP
@ -295,31 +294,33 @@ func (intf *link) handler() error {
 		}
 	}
 	if intf.incoming && !intf.force && !isallowed {
 		intf.links.core.log.Warnf("%s connection from %s forbidden: AllowedEncryptionPublicKeys does not contain key %s",
 			strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.key))
 		_ = intf.close()
-		return fmt.Errorf("forbidden connection")
+		return fmt.Errorf("node public key %q is not in AllowedPublicKeys", hex.EncodeToString(meta.key))
 	}
 	phony.Block(intf.links, func() {
 		intf.links._links[intf.info] = intf
 	})
 	dir := "outbound"
 	if intf.incoming {
 		dir = "inbound"
 	}
 	remoteAddr := net.IP(address.AddrForKey(meta.key)[:]).String()
 	remoteStr := fmt.Sprintf("%s@%s", remoteAddr, intf.info.remote)
 	localStr := intf.conn.LocalAddr()
-	intf.links.core.log.Infof("Connected %s: %s, source %s",
+	intf.links.core.log.Infof("Connected %s %s: %s, source %s",
-		strings.ToUpper(intf.info.linkType), remoteStr, localStr)
+		dir, strings.ToUpper(intf.info.linkType), remoteStr, localStr)
-	// TODO don't report an error if it's just a 'use of closed network connection'
+	err = intf.links.core.HandleConn(meta.key, intf.conn, intf.options.priority)
-	if err = intf.links.core.HandleConn(meta.key, intf.conn, intf.options.priority); err != nil && err != io.EOF {
+	switch err {
-		intf.links.core.log.Infof("Disconnected %s: %s, source %s; error: %s",
+	case io.EOF, net.ErrClosed, nil:
-			strings.ToUpper(intf.info.linkType), remoteStr, localStr, err)
+		intf.links.core.log.Infof("Disconnected %s %s: %s, source %s",
-	} else {
+			dir, strings.ToUpper(intf.info.linkType), remoteStr, localStr)
-		intf.links.core.log.Infof("Disconnected %s: %s, source %s",
+	default:
-			strings.ToUpper(intf.info.linkType), remoteStr, localStr)
+		intf.links.core.log.Infof("Disconnected %s %s: %s, source %s; error: %s",
 			dir, strings.ToUpper(intf.info.linkType), remoteStr, localStr, err)
 	}
 	return nil
 }
@ -327,14 +328,7 @@ func (intf *link) close() error {
 	return intf.conn.Close()
 }
 func (intf *link) name() string {
 	return intf.lname
 }
 func linkInfoFor(linkType, sintf, remote string) linkInfo {
 	if h, _, err := net.SplitHostPort(remote); err == nil {
 		remote = h
 	}
 	return linkInfo{
 		linkType: linkType,
 		local:    sintf,
--- a/src/core/link_socks.go
+++ b/src/core/link_socks.go
@ -23,7 +23,7 @@ func (l *links) newLinkSOCKS() *linkSOCKS {
 func (l *linkSOCKS) dial(url *url.URL, options linkOptions) error {
 	info := linkInfoFor("socks", "", url.Path)
 	if l.links.isConnectedTo(info) {
-		return fmt.Errorf("duplicate connection attempt")
+		return nil
 	}
 	proxyAuth := &proxy.Auth{}
 	proxyAuth.User = url.User.Username()
--- a/src/core/link_tcp.go
+++ b/src/core/link_tcp.go
@ -31,16 +31,15 @@ func (l *links) newLinkTCP() *linkTCP {
 }
 func (l *linkTCP) dial(url *url.URL, options linkOptions, sintf string) error {
 	info := linkInfoFor("tcp", sintf, strings.SplitN(url.Host, "%", 2)[0])
 	if l.links.isConnectedTo(info) {
 		return fmt.Errorf("duplicate connection attempt")
 	}
 	addr, err := net.ResolveTCPAddr("tcp", url.Host)
 	if err != nil {
 		return err
 	}
-	addr.Zone = sintf
+	info := linkInfoFor("tcp", sintf, addr.String())
-	dialer, err := l.dialerFor(addr.String(), sintf)
+	if l.links.isConnectedTo(info) {
 		return nil
 	}
 	dialer, err := l.dialerFor(addr, sintf)
 	if err != nil {
 		return err
 	}
@ -48,7 +47,8 @@ func (l *linkTCP) dial(url *url.URL, options linkOptions, sintf string) error {
 	if err != nil {
 		return err
 	}
-	return l.handler(url.String(), info, conn, options, false)
+	uri := strings.TrimRight(strings.SplitN(url.String(), "?", 2)[0], "/")
 	return l.handler(uri, info, conn, options, false, false)
 }
 func (l *linkTCP) listen(url *url.URL, sintf string) (*Listener, error) {
@ -83,9 +83,9 @@ func (l *linkTCP) listen(url *url.URL, sintf string) (*Listener, error) {
 				break
 			}
 			addr := conn.RemoteAddr().(*net.TCPAddr)
-			name := fmt.Sprintf("tls://%s", addr)
+			name := fmt.Sprintf("tcp://%s", addr)
-			info := linkInfoFor("tcp", sintf, strings.SplitN(addr.IP.String(), "%", 2)[0])
+			info := linkInfoFor("tcp", sintf, addr.String())
-			if err = l.handler(name, info, conn, linkOptionsForListener(url), true); err != nil {
+			if err = l.handler(name, info, conn, linkOptionsForListener(url), true, addr.IP.IsLinkLocalUnicast()); err != nil {
 				l.core.log.Errorln("Failed to create inbound link:", err)
 			}
 		}
@ -96,13 +96,13 @@ func (l *linkTCP) listen(url *url.URL, sintf string) (*Listener, error) {
 	return entry, nil
 }
-func (l *linkTCP) handler(name string, info linkInfo, conn net.Conn, options linkOptions, incoming bool) error {
+func (l *linkTCP) handler(name string, info linkInfo, conn net.Conn, options linkOptions, incoming, force bool) error {
 	return l.links.create(
 		conn,     // connection
 		name,     // connection name
 		info,     // connection info
 		incoming, // not incoming
-		false,    // not forced
+		force,    // not forced
 		options,  // connection options
 	)
 }
@ -121,13 +121,11 @@ func (l *linkTCP) getAddr() *net.TCPAddr {
 	return addr
 }
-func (l *linkTCP) dialerFor(saddr, sintf string) (*net.Dialer, error) {
+func (l *linkTCP) dialerFor(dst *net.TCPAddr, sintf string) (*net.Dialer, error) {
 	dst, err := net.ResolveTCPAddr("tcp", saddr)
 	if err != nil {
 		return nil, err
 	}
 	if dst.IP.IsLinkLocalUnicast() {
-		dst.Zone = sintf
+		if sintf != "" {
 			dst.Zone = sintf
 		}
 		if dst.Zone == "" {
 			return nil, fmt.Errorf("link-local address requires a zone")
 		}
--- a/src/core/link_tls.go
+++ b/src/core/link_tls.go
@ -47,16 +47,15 @@ func (l *links) newLinkTLS(tcp *linkTCP) *linkTLS {
 }
 func (l *linkTLS) dial(url *url.URL, options linkOptions, sintf, sni string) error {
 	info := linkInfoFor("tls", sintf, strings.SplitN(url.Host, "%", 2)[0])
 	if l.links.isConnectedTo(info) {
 		return fmt.Errorf("duplicate connection attempt")
 	}
 	addr, err := net.ResolveTCPAddr("tcp", url.Host)
 	if err != nil {
 		return err
 	}
-	addr.Zone = sintf
+	info := linkInfoFor("tls", sintf, addr.String())
-	dialer, err := l.tcp.dialerFor(addr.String(), sintf)
+	if l.links.isConnectedTo(info) {
 		return nil
 	}
 	dialer, err := l.tcp.dialerFor(addr, sintf)
 	if err != nil {
 		return err
 	}
@ -70,7 +69,8 @@ func (l *linkTLS) dial(url *url.URL, options linkOptions, sintf, sni string) err
 	if err != nil {
 		return err
 	}
-	return l.handler(url.String(), info, conn, options, false)
+	uri := strings.TrimRight(strings.SplitN(url.String(), "?", 2)[0], "/")
 	return l.handler(uri, info, conn, options, false, false)
 }
 func (l *linkTLS) listen(url *url.URL, sintf string) (*Listener, error) {
@ -107,8 +107,8 @@ func (l *linkTLS) listen(url *url.URL, sintf string) (*Listener, error) {
 			}
 			addr := conn.RemoteAddr().(*net.TCPAddr)
 			name := fmt.Sprintf("tls://%s", addr)
-			info := linkInfoFor("tls", sintf, strings.SplitN(addr.IP.String(), "%", 2)[0])
+			info := linkInfoFor("tls", sintf, addr.String())
-			if err = l.handler(name, info, conn, linkOptionsForListener(url), true); err != nil {
+			if err = l.handler(name, info, conn, linkOptionsForListener(url), true, addr.IP.IsLinkLocalUnicast()); err != nil {
 				l.core.log.Errorln("Failed to create inbound link:", err)
 			}
 		}
@ -166,6 +166,6 @@ func (l *linkTLS) generateConfig() (*tls.Config, error) {
 	}, nil
 }
-func (l *linkTLS) handler(name string, info linkInfo, conn net.Conn, options linkOptions, incoming bool) error {
+func (l *linkTLS) handler(name string, info linkInfo, conn net.Conn, options linkOptions, incoming, force bool) error {
-	return l.tcp.handler(name, info, conn, options, incoming)
+	return l.tcp.handler(name, info, conn, options, incoming, force)
 }
--- a/src/core/link_unix.go
+++ b/src/core/link_unix.go
@ -2,7 +2,6 @@ package core
 import (
 	"context"
 	"fmt"
 	"net"
 	"net/url"
 	"time"
@ -36,7 +35,7 @@ func (l *links) newLinkUNIX() *linkUNIX {
 func (l *linkUNIX) dial(url *url.URL, options linkOptions, _ string) error {
 	info := linkInfoFor("unix", "", url.Path)
 	if l.links.isConnectedTo(info) {
-		return fmt.Errorf("duplicate connection attempt")
+		return nil
 	}
 	addr, err := net.ResolveUnixAddr("unix", url.Path)
 	if err != nil {
--- a/src/multicast/multicast_unix.go
+++ b/src/multicast/multicast_unix.go
@ -15,15 +15,19 @@ func (m *Multicast) _multicastStarted() {
 func (m *Multicast) multicastReuse(network string, address string, c syscall.RawConn) error {
 	var control error
-	var reuseport error
+	var reuseaddr error
 	control = c.Control(func(fd uintptr) {
-		reuseport = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1)
+		// Previously we used SO_REUSEPORT here, but that meant that machines running
 		// Yggdrasil nodes as different users would inevitably fail with EADDRINUSE.
 		// The behaviour for multicast is similar with both, so we'll use SO_REUSEADDR
 		// instead.
 		reuseaddr = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEADDR, 1)
 	})
 	switch {
-	case reuseport != nil:
+	case reuseaddr != nil:
-		return reuseport
+		return reuseaddr
 	default:
 		return control
 	}