yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-11-04 03:05:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Change some mutexes to atomics, change conns map to pointers, sort of works but seems to deadlock very easily

Browse source
This commit is contained in:
Neil Alexander 2019-04-21 11:50:41 +01:00
parent 62621f2960
commit 79bcfbf175
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
6 changed files with 81 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/tuntap/tun.go
View file

@ -30,8 +30,7 @@ type TunAdapter struct {
config *config.NodeState config *config.NodeState
log *log.Logger log *log.Logger
reconfigure chan chan error reconfigure chan chan error
conns map[crypto.NodeID]yggdrasil.Conn conns map[crypto.NodeID]*yggdrasil.Conn
connsMutex sync.RWMutex
listener *yggdrasil.Listener listener *yggdrasil.Listener
dialer *yggdrasil.Dialer dialer *yggdrasil.Dialer
addr address.Address addr address.Address
@ -102,7 +101,7 @@ func (tun *TunAdapter) Init(config *config.NodeState, log *log.Logger, listener
tun.log = log tun.log = log
tun.listener = listener tun.listener = listener
tun.dialer = dialer tun.dialer = dialer
tun.conns = make(map[crypto.NodeID]yggdrasil.Conn) tun.conns = make(map[crypto.NodeID]*yggdrasil.Conn)
} }
// Start the setup process for the TUN/TAP adapter. If successful, starts the // Start the setup process for the TUN/TAP adapter. If successful, starts the
@ -180,6 +179,7 @@ func (tun *TunAdapter) handler() error {
} }
func (tun *TunAdapter) connReader(conn *yggdrasil.Conn) error { func (tun *TunAdapter) connReader(conn *yggdrasil.Conn) error {
tun.conns[conn.RemoteAddr()] = conn
b := make([]byte, 65535) b := make([]byte, 65535)
for { for {
n, err := conn.Read(b) n, err := conn.Read(b)
@ -203,7 +203,6 @@ func (tun *TunAdapter) connReader(conn *yggdrasil.Conn) error {
} }
func (tun *TunAdapter) ifaceReader() error { func (tun *TunAdapter) ifaceReader() error {
tun.log.Println("Start TUN reader")
bs := make([]byte, 65535) bs := make([]byte, 65535)
for { for {
n, err := tun.iface.Read(bs) n, err := tun.iface.Read(bs)
@ -244,6 +243,7 @@ func (tun *TunAdapter) ifaceReader() error {
dstNodeID, dstNodeIDMask = dstAddr.GetNodeIDandMask() dstNodeID, dstNodeIDMask = dstAddr.GetNodeIDandMask()
// Do we have an active connection for this node ID? // Do we have an active connection for this node ID?
if conn, isIn := tun.conns[*dstNodeID]; isIn { if conn, isIn := tun.conns[*dstNodeID]; isIn {
tun.log.Println("Got", &conn)
w, err := conn.Write(bs) w, err := conn.Write(bs)
if err != nil { if err != nil {
tun.log.Println("Unable to write to remote:", err) tun.log.Println("Unable to write to remote:", err)
@ -254,14 +254,12 @@ func (tun *TunAdapter) ifaceReader() error {
} }
} else { } else {
tun.log.Println("Opening connection for", *dstNodeID) tun.log.Println("Opening connection for", *dstNodeID)
tun.connsMutex.Lock()
if conn, err := tun.dialer.DialByNodeIDandMask(dstNodeID, dstNodeIDMask); err == nil { if conn, err := tun.dialer.DialByNodeIDandMask(dstNodeID, dstNodeIDMask); err == nil {
tun.conns[*dstNodeID] = conn tun.conns[*dstNodeID] = &conn
go tun.connReader(&conn) go tun.connReader(&conn)
} else { } else {
tun.log.Println("Error dialing:", err) tun.log.Println("Error dialing:", err)
} }
tun.connsMutex.Unlock()
} }
/*if !r.cryptokey.isValidSource(srcAddr, addrlen) { /*if !r.cryptokey.isValidSource(srcAddr, addrlen) {

41
src/yggdrasil/conn.go
View file

@ -1,8 +1,8 @@
package yggdrasil package yggdrasil
import ( import (
"encoding/hex"
"errors" "errors"
"fmt"
"sync" "sync"
"sync/atomic" "sync/atomic"
"time" "time"
@ -42,27 +42,27 @@ func (c *Conn) startSearch() {
doSearch := func() { doSearch := func() {
sinfo, isIn := c.core.searches.searches[*c.nodeID] sinfo, isIn := c.core.searches.searches[*c.nodeID]
if !isIn { if !isIn {
c.core.log.Debugln("Starting search for", hex.EncodeToString(c.nodeID[:]))
sinfo = c.core.searches.newIterSearch(c.nodeID, c.nodeMask, searchCompleted) sinfo = c.core.searches.newIterSearch(c.nodeID, c.nodeMask, searchCompleted)
} }
c.core.searches.continueSearch(sinfo) c.core.searches.continueSearch(sinfo)
} }
var sinfo *sessionInfo
var isIn bool
switch { switch {
case !isIn || !sinfo.init: case c.session == nil || !c.session.init.Load().(bool):
doSearch() doSearch()
case time.Since(sinfo.time) > 6*time.Second: case time.Since(c.session.time.Load().(time.Time)) > 6*time.Second:
if sinfo.time.Before(sinfo.pingTime) && time.Since(sinfo.pingTime) > 6*time.Second { sTime := c.session.time.Load().(time.Time)
pingTime := c.session.pingTime.Load().(time.Time)
if sTime.Before(pingTime) && time.Since(pingTime) > 6*time.Second {
doSearch() doSearch()
} else { } else {
pingSend := c.session.pingSend.Load().(time.Time)
now := time.Now() now := time.Now()
if !sinfo.time.Before(sinfo.pingTime) { if !sTime.Before(pingTime) {
sinfo.pingTime = now c.session.pingTime.Store(now)
} }
if time.Since(sinfo.pingSend) > time.Second { if time.Since(pingSend) > time.Second {
sinfo.pingSend = now c.session.pingSend.Store(now)
c.core.sessions.sendPingPong(sinfo, false) c.core.sessions.sendPingPong(c.session, false)
} }
} }
} }
@ -77,12 +77,9 @@ func (c *Conn) Read(b []byte) (int, error) {
if c.session == nil { if c.session == nil {
return 0, errors.New("searching for remote side") return 0, errors.New("searching for remote side")
} }
c.session.initMutex.RLock() if !c.session.init.Load().(bool) {
if !c.session.init {
c.session.initMutex.RUnlock()
return 0, errors.New("waiting for remote side to accept") return 0, errors.New("waiting for remote side to accept")
} }
c.session.initMutex.RUnlock()
select { select {
case p, ok := <-c.session.recv: case p, ok := <-c.session.recv:
if !ok { if !ok {
@ -106,9 +103,7 @@ func (c *Conn) Read(b []byte) (int, error) {
b = b[:len(bs)] b = b[:len(bs)]
} }
c.session.updateNonce(&p.Nonce) c.session.updateNonce(&p.Nonce)
c.session.timeMutex.Lock() c.session.time.Store(time.Now())
c.session.time = time.Now()
c.session.timeMutex.Unlock()
return nil return nil
}() }()
if err != nil { if err != nil {
@ -129,22 +124,18 @@ func (c *Conn) Write(b []byte) (bytesWritten int, err error) {
return 0, errors.New("session is closed") return 0, errors.New("session is closed")
} }
if c.session == nil { if c.session == nil {
fmt.Println("No session found, starting search for", &c)
c.core.router.doAdmin(func() { c.core.router.doAdmin(func() {
c.startSearch() c.startSearch()
}) })
return 0, errors.New("searching for remote side") return 0, errors.New("searching for remote side")
} }
defer util.PutBytes(b) defer util.PutBytes(b)
c.session.initMutex.RLock() if !c.session.init.Load().(bool) {
if !c.session.init {
c.session.initMutex.RUnlock()
return 0, errors.New("waiting for remote side to accept") return 0, errors.New("waiting for remote side to accept")
} }
c.session.initMutex.RUnlock()
// code isn't multithreaded so appending to this is safe // code isn't multithreaded so appending to this is safe
c.session.coordsMutex.RLock()
coords := c.session.coords coords := c.session.coords
c.session.coordsMutex.RUnlock()
// Prepare the payload // Prepare the payload
c.session.myNonceMutex.Lock() c.session.myNonceMutex.Lock()
payload, nonce := crypto.BoxSeal(&c.session.sharedSesKey, b, &c.session.myNonce) payload, nonce := crypto.BoxSeal(&c.session.sharedSesKey, b, &c.session.myNonce)

12
src/yggdrasil/dialer.go
View file

@ -35,7 +35,7 @@ func (d *Dialer) Dial(network, address string) (Conn, error) {
return Conn{}, err return Conn{}, err
} }
copy(nodeID[:], dest) copy(nodeID[:], dest)
for idx := 0; idx < len; idx++ { for idx := 0; idx <= len; idx++ {
nodeMask[idx/8] |= 0x80 >> byte(idx%8) nodeMask[idx/8] |= 0x80 >> byte(idx%8)
} }
} else { } else {
@ -59,15 +59,13 @@ func (d *Dialer) Dial(network, address string) (Conn, error) {
// NodeID parameters. // NodeID parameters.
func (d *Dialer) DialByNodeIDandMask(nodeID, nodeMask *crypto.NodeID) (Conn, error) { func (d *Dialer) DialByNodeIDandMask(nodeID, nodeMask *crypto.NodeID) (Conn, error) {
conn := Conn{ conn := Conn{
mutex: &sync.RWMutex{}, core: d.core,
mutex: &sync.RWMutex{},
nodeID: nodeID,
nodeMask: nodeMask,
} }
conn.core = d.core
conn.nodeID = nodeID
conn.nodeMask = nodeMask
conn.core.router.doAdmin(func() { conn.core.router.doAdmin(func() {
conn.startSearch() conn.startSearch()
}) })
conn.mutex.Lock()
defer conn.mutex.Unlock()
return conn, nil return conn, nil
} }

22
src/yggdrasil/router.go
View file

@ -287,16 +287,15 @@ func (r *router) sendPacket(bs []byte) {
if destSnet.IsValid() { if destSnet.IsValid() {
sinfo, isIn = r.core.sessions.getByTheirSubnet(&destSnet) sinfo, isIn = r.core.sessions.getByTheirSubnet(&destSnet)
} }
sinfo.timeMutex.Lock() sTime := sinfo.time.Load().(time.Time)
sinfo.initMutex.RLock() pingTime := sinfo.pingTime.Load().(time.Time)
defer sinfo.timeMutex.Unlock() pingSend := sinfo.pingSend.Load().(time.Time)
defer sinfo.initMutex.RUnlock()
switch { switch {
case !isIn || !sinfo.init: case !isIn || !sinfo.init.Load().(bool):
// No or unintiialized session, so we need to search first // No or unintiialized session, so we need to search first
doSearch(bs) doSearch(bs)
case time.Since(sinfo.time) > 6*time.Second: case time.Since(sTime) > 6*time.Second:
if sinfo.time.Before(sinfo.pingTime) && time.Since(sinfo.pingTime) > 6*time.Second { if sTime.Before(pingTime) && time.Since(pingTime) > 6*time.Second {
// We haven't heard from the dest in a while // We haven't heard from the dest in a while
// We tried pinging but didn't get a response // We tried pinging but didn't get a response
// They may have changed coords // They may have changed coords
@ -307,16 +306,15 @@ func (r *router) sendPacket(bs []byte) {
// We haven't heard about the dest in a while // We haven't heard about the dest in a while
now := time.Now() now := time.Now()
if !sinfo.time.Before(sinfo.pingTime) { if !sTime.Before(pingTime) {
// Update pingTime to start the clock for searches (above) // Update pingTime to start the clock for searches (above)
sinfo.pingTime = now sinfo.pingTime.Store(now)
} }
if time.Since(sinfo.pingSend) > time.Second { if time.Since(pingSend) > time.Second {
// Send at most 1 ping per second // Send at most 1 ping per second
sinfo.pingSend = now sinfo.pingSend.Store(now)
r.core.sessions.sendPingPong(sinfo, false) r.core.sessions.sendPingPong(sinfo, false)
} }
sinfo.timeMutex.Unlock()
} }
fallthrough // Also send the packet fallthrough // Also send the packet
default: default:

2
src/yggdrasil/search.go
View file

@ -212,9 +212,7 @@ func (s *searches) checkDHTRes(info *searchInfo, res *dhtRes) bool {
} }
} }
// FIXME (!) replay attacks could mess with coords? Give it a handle (tstamp)? // FIXME (!) replay attacks could mess with coords? Give it a handle (tstamp)?
sinfo.coordsMutex.Lock()
sinfo.coords = res.Coords sinfo.coords = res.Coords
sinfo.coordsMutex.Unlock()
sinfo.packet = info.packet sinfo.packet = info.packet
s.core.sessions.ping(sinfo) s.core.sessions.ping(sinfo)
info.callback(sinfo, nil) info.callback(sinfo, nil)

107
src/yggdrasil/session.go
View file

@ -18,41 +18,38 @@ import (
// All the information we know about an active session. // All the information we know about an active session.
// This includes coords, permanent and ephemeral keys, handles and nonces, various sorts of timing information for timeout and maintenance, and some metadata for the admin API. // This includes coords, permanent and ephemeral keys, handles and nonces, various sorts of timing information for timeout and maintenance, and some metadata for the admin API.
type sessionInfo struct { type sessionInfo struct {
core *Core core *Core //
reconfigure chan chan error reconfigure chan chan error //
theirAddr address.Address theirAddr address.Address //
theirSubnet address.Subnet theirSubnet address.Subnet //
theirPermPub crypto.BoxPubKey theirPermPub crypto.BoxPubKey //
theirSesPub crypto.BoxPubKey theirSesPub crypto.BoxPubKey //
mySesPub crypto.BoxPubKey mySesPub crypto.BoxPubKey //
mySesPriv crypto.BoxPrivKey mySesPriv crypto.BoxPrivKey //
sharedSesKey crypto.BoxSharedKey // derived from session keys sharedSesKey crypto.BoxSharedKey // derived from session keys
theirHandle crypto.Handle theirHandle crypto.Handle //
myHandle crypto.Handle myHandle crypto.Handle //
theirNonce crypto.BoxNonce theirNonce crypto.BoxNonce //
theirNonceMask uint64 theirNonceMask uint64 //
theirNonceMutex sync.Mutex // protects the above theirNonceMutex sync.Mutex // protects the above
myNonce crypto.BoxNonce myNonce crypto.BoxNonce //
myNonceMutex sync.Mutex // protects the above myNonceMutex sync.Mutex // protects the above
theirMTU uint16 theirMTU uint16 //
myMTU uint16 myMTU uint16 //
wasMTUFixed bool // Was the MTU fixed by a receive error? wasMTUFixed bool // Was the MTU fixed by a receive error?
time time.Time // Time we last received a packet time atomic.Value // time.Time // Time we last received a packet
mtuTime time.Time // time myMTU was last changed mtuTime atomic.Value // time.Time // time myMTU was last changed
pingTime time.Time // time the first ping was sent since the last received packet pingTime atomic.Value // time.Time // time the first ping was sent since the last received packet
pingSend time.Time // time the last ping was sent pingSend atomic.Value // time.Time // time the last ping was sent
timeMutex sync.RWMutex // protects all time fields above coords []byte // coords of destination
coords []byte // coords of destination packet []byte // a buffered packet, sent immediately on ping/pong
coordsMutex sync.RWMutex // protects the above init atomic.Value // bool // Reset if coords change
packet []byte // a buffered packet, sent immediately on ping/pong send chan []byte //
init bool // Reset if coords change recv chan *wire_trafficPacket //
initMutex sync.RWMutex closed chan interface{} //
send chan []byte tstamp int64 // ATOMIC - tstamp from their last session ping, replay attack mitigation
recv chan *wire_trafficPacket bytesSent uint64 // Bytes of real traffic sent in this session
closed chan interface{} bytesRecvd uint64 // Bytes of real traffic received in this session
tstamp int64 // ATOMIC - tstamp from their last session ping, replay attack mitigation
bytesSent uint64 // Bytes of real traffic sent in this session
bytesRecvd uint64 // Bytes of real traffic received in this session
} }
// Represents a session ping/pong packet, andincludes information like public keys, a session handle, coords, a timestamp to prevent replays, and the tun/tap MTU. // Represents a session ping/pong packet, andincludes information like public keys, a session handle, coords, a timestamp to prevent replays, and the tun/tap MTU.
@ -60,10 +57,10 @@ type sessionPing struct {
SendPermPub crypto.BoxPubKey // Sender's permanent key SendPermPub crypto.BoxPubKey // Sender's permanent key
Handle crypto.Handle // Random number to ID session Handle crypto.Handle // Random number to ID session
SendSesPub crypto.BoxPubKey // Session key to use SendSesPub crypto.BoxPubKey // Session key to use
Coords []byte Coords []byte //
Tstamp int64 // unix time, but the only real requirement is that it increases Tstamp int64 // unix time, but the only real requirement is that it increases
IsPong bool IsPong bool //
MTU uint16 MTU uint16 //
} }
// Updates session info in response to a ping, after checking that the ping is OK. // Updates session info in response to a ping, after checking that the ping is OK.
@ -93,21 +90,15 @@ func (s *sessionInfo) update(p *sessionPing) bool {
s.coords = append(make([]byte, 0, len(p.Coords)+11), p.Coords...) s.coords = append(make([]byte, 0, len(p.Coords)+11), p.Coords...)
} }
now := time.Now() now := time.Now()
s.timeMutex.Lock() s.time.Store(now)
s.time = now
s.timeMutex.Unlock()
atomic.StoreInt64(&s.tstamp, p.Tstamp) atomic.StoreInt64(&s.tstamp, p.Tstamp)
s.initMutex.Lock() s.init.Store(true)
s.init = true
s.initMutex.Unlock()
return true return true
} }
// Returns true if the session has been idle for longer than the allowed timeout. // Returns true if the session has been idle for longer than the allowed timeout.
func (s *sessionInfo) timedout() bool { func (s *sessionInfo) timedout() bool {
s.timeMutex.RLock() return time.Since(s.time.Load().(time.Time)) > time.Minute
defer s.timeMutex.RUnlock()
return time.Since(s.time) > time.Minute
} }
// Struct of all active sessions. // Struct of all active sessions.
@ -291,12 +282,10 @@ func (ss *sessions) createSession(theirPermKey *crypto.BoxPubKey) *sessionInfo {
sinfo.theirMTU = 1280 sinfo.theirMTU = 1280
sinfo.myMTU = 1280 sinfo.myMTU = 1280
now := time.Now() now := time.Now()
sinfo.timeMutex.Lock() sinfo.time.Store(now)
sinfo.time = now sinfo.mtuTime.Store(now)
sinfo.mtuTime = now sinfo.pingTime.Store(now)
sinfo.pingTime = now sinfo.pingSend.Store(now)
sinfo.pingSend = now
sinfo.timeMutex.Unlock()
higher := false higher := false
for idx := range ss.core.boxPub { for idx := range ss.core.boxPub {
if ss.core.boxPub[idx] > sinfo.theirPermPub[idx] { if ss.core.boxPub[idx] > sinfo.theirPermPub[idx] {
@ -437,7 +426,6 @@ func (ss *sessions) sendPingPong(sinfo *sessionInfo, isPong bool) {
bs := ping.encode() bs := ping.encode()
shared := ss.getSharedKey(&ss.core.boxPriv, &sinfo.theirPermPub) shared := ss.getSharedKey(&ss.core.boxPriv, &sinfo.theirPermPub)
payload, nonce := crypto.BoxSeal(shared, bs, nil) payload, nonce := crypto.BoxSeal(shared, bs, nil)
sinfo.coordsMutex.RLock()
p := wire_protoTrafficPacket{ p := wire_protoTrafficPacket{
Coords: sinfo.coords, Coords: sinfo.coords,
ToKey: sinfo.theirPermPub, ToKey: sinfo.theirPermPub,
@ -445,13 +433,10 @@ func (ss *sessions) sendPingPong(sinfo *sessionInfo, isPong bool) {
Nonce: *nonce, Nonce: *nonce,
Payload: payload, Payload: payload,
} }
sinfo.coordsMutex.RUnlock()
packet := p.encode() packet := p.encode()
ss.core.router.out(packet) ss.core.router.out(packet)
if !isPong { if !isPong {
sinfo.timeMutex.Lock() sinfo.pingSend.Store(time.Now())
sinfo.pingSend = time.Now()
sinfo.timeMutex.Unlock()
} }
} }
@ -551,8 +536,6 @@ func (sinfo *sessionInfo) updateNonce(theirNonce *crypto.BoxNonce) {
// Called after coord changes, so attemtps to use a session will trigger a new ping and notify the remote end of the coord change. // Called after coord changes, so attemtps to use a session will trigger a new ping and notify the remote end of the coord change.
func (ss *sessions) resetInits() { func (ss *sessions) resetInits() {
for _, sinfo := range ss.sinfos { for _, sinfo := range ss.sinfos {
sinfo.initMutex.Lock() sinfo.init.Store(false)
sinfo.init = false
sinfo.initMutex.Unlock()
} }
} }