diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/configuration/config.rs | 15 | ||||
| -rw-r--r-- | src/configuration/uapi/get.rs | 17 | ||||
| -rw-r--r-- | src/main.rs | 65 | ||||
| -rw-r--r-- | src/wireguard/peer.rs | 2 | ||||
| -rw-r--r-- | src/wireguard/timers.rs | 2 | ||||
| -rw-r--r-- | src/wireguard/wireguard.rs | 4 |
6 files changed, 72 insertions, 33 deletions
diff --git a/src/configuration/config.rs b/src/configuration/config.rs index f11d90d..2a149ee 100644 --- a/src/configuration/config.rs +++ b/src/configuration/config.rs @@ -18,8 +18,7 @@ use bind::Owner; pub struct PeerState { pub rx_bytes: u64, pub tx_bytes: u64, - pub last_handshake_time_sec: u64, - pub last_handshake_time_nsec: u64, + pub last_handshake_time: Option<(u64, u64)>, pub public_key: PublicKey, pub allowed_ips: Vec<(IpAddr, u32)>, pub endpoint: Option<SocketAddr>, @@ -289,9 +288,12 @@ impl<T: tun::Tun, B: bind::PlatformBind> Configuration for WireguardConfig<T, B> for p in peers { // convert the system time to (secs, nano) since epoch - let last_handshake = (*p.walltime_last_handshake.lock()) - .duration_since(SystemTime::UNIX_EPOCH) - .unwrap_or(Duration::from_secs(0)); // any time before epoch is mapped to epoch + let last_handshake_time = (*p.walltime_last_handshake.lock()).and_then(|t| { + let duration = t + .duration_since(SystemTime::UNIX_EPOCH) + .unwrap_or(Duration::from_secs(0)); + Some((duration.as_secs(), duration.subsec_nanos() as u64)) + }); if let Some(psk) = self.wireguard.get_psk(&p.pk) { // extract state into PeerState @@ -302,8 +304,7 @@ impl<T: tun::Tun, B: bind::PlatformBind> Configuration for WireguardConfig<T, B> tx_bytes: p.tx_bytes.load(Ordering::Relaxed), persistent_keepalive_interval: p.get_keepalive_interval(), allowed_ips: p.router.list_allowed_ips(), - last_handshake_time_nsec: last_handshake.subsec_nanos() as u64, - last_handshake_time_sec: last_handshake.as_secs(), + last_handshake_time, public_key: p.pk, }) } diff --git a/src/configuration/uapi/get.rs b/src/configuration/uapi/get.rs index f0746b3..9e6ab36 100644 --- a/src/configuration/uapi/get.rs +++ b/src/configuration/uapi/get.rs @@ -32,24 +32,23 @@ pub fn serialize<C: Configuration, W: io::Write>(writer: &mut W, config: &C) -> let mut peers = config.get_peers(); while let Some(p) = peers.pop() { write("public_key", hex::encode(p.public_key.as_bytes()))?; + write("preshared_key", hex::encode(p.preshared_key))?; write("rx_bytes", p.rx_bytes.to_string())?; write("tx_bytes", p.tx_bytes.to_string())?; write( - "last_handshake_time_sec", - p.last_handshake_time_nsec.to_string(), - )?; - write( - "last_handshake_time_nsec", - p.last_handshake_time_nsec.to_string(), - )?; - write( "persistent_keepalive_interval", p.persistent_keepalive_interval.to_string(), )?; + + if let Some((secs, nsecs)) = p.last_handshake_time { + write("last_handshake_time_sec", secs.to_string())?; + write("last_handshake_time_nsec", nsecs.to_string())?; + } + if let Some(endpoint) = p.endpoint { write("endpoint", endpoint.into_address().to_string())?; } - write("preshared_key", hex::encode(p.preshared_key))?; + for (ip, cidr) in p.allowed_ips { write("allowed_ip", ip.to_string() + "/" + &cidr.to_string())?; } diff --git a/src/main.rs b/src/main.rs index 89c6bdb..aa02321 100644 --- a/src/main.rs +++ b/src/main.rs @@ -3,7 +3,9 @@ use log; +use daemonize::Daemonize; use std::env; +use std::process::exit; mod configuration; mod platform; @@ -14,19 +16,57 @@ use platform::uapi::{BindUAPI, PlatformUAPI}; use platform::*; fn main() { - let mut name = String::new(); + // parse commandline arguments + let mut name = None; + let mut drop_privileges = true; let mut foreground = false; + let mut args = env::args(); - for arg in env::args() { - if arg == "--foreground" || arg == "-f" { - foreground = true; - } else { - name = arg; + args.next(); // skip path + + for arg in args { + match arg.as_str() { + "--foreground" | "-f" => { + foreground = true; + } + "--root" => { + drop_privileges = false; + } + dev => name = Some(dev.to_owned()), } } - if name == "" { - return; + // unwrap device name + let name = match name { + None => { + eprintln!("No device name supplied"); + exit(-1); + } + Some(name) => name, + }; + + // create UAPI socket + let uapi = plt::UAPI::bind(name.as_str()).unwrap_or_else(|e| { + eprintln!("Failed to create UAPI listener: {}", e); + exit(-2); + }); + + // create TUN device + let (readers, writer, mtu) = plt::Tun::create(name.as_str()).unwrap_or_else(|e| { + eprintln!("Failed to create TUN device: {}", e); + exit(-3); + }); + + // daemonize + if !foreground { + let daemonize = Daemonize::new() + .pid_file(format!("/tmp/wgrs-{}.pid", name)) + .chown_pid_file(true) + .working_directory("/tmp") + .user("nobody") + .group("daemon") + .umask(0o777); + daemonize.start().expect("Failed to daemonize"); } // start logging @@ -34,16 +74,15 @@ fn main() { .try_init() .expect("Failed to initialize event logger"); - // create UAPI socket - let uapi = plt::UAPI::bind(name.as_str()).unwrap(); - - // create TUN device - let (readers, writer, mtu) = plt::Tun::create(name.as_str()).unwrap(); + // drop privileges + if drop_privileges {} // create WireGuard device let wg: wireguard::Wireguard<plt::Tun, plt::Bind> = wireguard::Wireguard::new(readers, writer, mtu); + // handle TUN updates up/down + // wrap in configuration interface and start UAPI server let cfg = configuration::WireguardConfig::new(wg); loop { diff --git a/src/wireguard/peer.rs b/src/wireguard/peer.rs index 7d95493..92844b6 100644 --- a/src/wireguard/peer.rs +++ b/src/wireguard/peer.rs @@ -30,7 +30,7 @@ pub struct PeerInner<T: Tun, B: Bind> { pub wg: Arc<WireguardInner<T, B>>, // handshake state - pub walltime_last_handshake: Mutex<SystemTime>, + pub walltime_last_handshake: Mutex<Option<SystemTime>>, pub last_handshake_sent: Mutex<Instant>, // instant for last handshake pub handshake_queued: AtomicBool, // is a handshake job currently queued for the peer? pub queue: Mutex<Sender<HandshakeJob<B::Endpoint>>>, // handshake queue diff --git a/src/wireguard/timers.rs b/src/wireguard/timers.rs index bfd2583..5eb69dc 100644 --- a/src/wireguard/timers.rs +++ b/src/wireguard/timers.rs @@ -139,7 +139,7 @@ impl<T: tun::Tun, B: bind::Bind> PeerInner<T, B> { if timers.enabled { timers.handshake_attempts.store(0, Ordering::SeqCst); timers.sent_lastminute_handshake.store(false, Ordering::SeqCst); - *self.walltime_last_handshake.lock() = SystemTime::now(); + *self.walltime_last_handshake.lock() = Some(SystemTime::now()); } } diff --git a/src/wireguard/wireguard.rs b/src/wireguard/wireguard.rs index e548c8a..eb43512 100644 --- a/src/wireguard/wireguard.rs +++ b/src/wireguard/wireguard.rs @@ -16,7 +16,7 @@ use std::ops::Deref; use std::sync::atomic::{AtomicBool, AtomicU64, AtomicUsize, Ordering}; use std::sync::Arc; use std::thread; -use std::time::{Duration, Instant, SystemTime}; +use std::time::{Duration, Instant}; use std::collections::hash_map::Entry; use std::collections::HashMap; @@ -219,7 +219,7 @@ impl<T: Tun, B: Bind> Wireguard<T, B> { id: rng.gen(), pk, wg: self.state.clone(), - walltime_last_handshake: Mutex::new(SystemTime::UNIX_EPOCH), + walltime_last_handshake: Mutex::new(None), last_handshake_sent: Mutex::new(self.state.start - TIME_HORIZON), handshake_queued: AtomicBool::new(false), queue: Mutex::new(self.state.queue.lock().clone()), |