From 22f978f0142286b26b48a25364236436b9bad56d Mon Sep 17 00:00:00 2001 From: Mathias Hall-Andersen Date: Mon, 16 Dec 2019 16:37:16 +0100 Subject: Clean dead code --- src/configuration/config.rs | 6 ------ src/configuration/error.rs | 2 -- src/main.rs | 1 - src/platform/linux/tun.rs | 17 ++--------------- src/wireguard/endpoint.rs | 29 ----------------------------- src/wireguard/handshake/device.rs | 2 +- src/wireguard/handshake/noise.rs | 2 -- src/wireguard/handshake/peer.rs | 8 -------- src/wireguard/handshake/tests.rs | 4 ++-- src/wireguard/mod.rs | 1 - src/wireguard/queue.rs | 2 +- src/wireguard/router/constants.rs | 2 +- src/wireguard/router/device.rs | 5 ++++- src/wireguard/router/inbound.rs | 34 ++++++++++++++++------------------ src/wireguard/router/outbound.rs | 17 ++++++++--------- src/wireguard/router/types.rs | 4 +--- src/wireguard/timers.rs | 8 +------- src/wireguard/wireguard.rs | 11 ++++++++--- 18 files changed, 45 insertions(+), 110 deletions(-) delete mode 100644 src/wireguard/endpoint.rs diff --git a/src/configuration/config.rs b/src/configuration/config.rs index c045d1e..94b79f7 100644 --- a/src/configuration/config.rs +++ b/src/configuration/config.rs @@ -29,12 +29,6 @@ pub struct PeerState { pub struct WireguardConfig(Arc>>); -struct State { - port: u16, - bind: Option, - fwmark: Option, -} - struct Inner { wireguard: Wireguard, port: u16, diff --git a/src/configuration/error.rs b/src/configuration/error.rs index b7d7bb0..fca194f 100644 --- a/src/configuration/error.rs +++ b/src/configuration/error.rs @@ -3,7 +3,6 @@ use std::fmt; #[derive(Debug)] pub enum ConfigError { - NoSuchPeer, NotListening, FailedToBind, InvalidHexValue, @@ -40,7 +39,6 @@ impl ConfigError { pub fn errno(&self) -> i32 { // TODO: obtain the correct errorno values match self { - ConfigError::NoSuchPeer => 1, ConfigError::NotListening => 2, ConfigError::FailedToBind => 3, ConfigError::InvalidHexValue => 4, diff --git a/src/main.rs b/src/main.rs index 59b21e5..0cf7ae6 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,6 +1,5 @@ #![feature(test)] #![feature(weak_into_raw)] -#![allow(dead_code)] #[cfg(feature = "profiler")] extern crate cpuprofiler; diff --git a/src/platform/linux/tun.rs b/src/platform/linux/tun.rs index fb905b9..3c98c34 100644 --- a/src/platform/linux/tun.rs +++ b/src/platform/linux/tun.rs @@ -8,20 +8,9 @@ use std::mem; use std::os::raw::c_short; use std::os::unix::io::RawFd; -const IFNAMSIZ: usize = 16; const TUNSETIFF: u64 = 0x4004_54ca; - -const IFF_UP: i16 = 0x1; -const IFF_RUNNING: i16 = 0x40; - -const IFF_TUN: c_short = 0x0001; -const IFF_NO_PI: c_short = 0x1000; - const CLONE_DEVICE_PATH: &'static [u8] = b"/dev/net/tun\0"; -const TUN_MAGIC: u8 = b'T'; -const TUN_SET_IFF: u8 = 202; - #[repr(C)] struct Ifreq { name: [u8; libc::IFNAMSIZ], @@ -41,9 +30,7 @@ struct IfInfomsg { ifi_change: libc::c_uint, } -pub struct LinuxTun { - events: Vec, -} +pub struct LinuxTun {} pub struct LinuxTunReader { fd: RawFd, @@ -312,7 +299,7 @@ impl LinuxTunStatus { Err(LinuxTunError::Closed) } else { Ok(LinuxTunStatus { - events: vec![TunEvent::Up(1500)], // TODO: for testing + events: vec![], index: get_ifindex(&name), fd, name, diff --git a/src/wireguard/endpoint.rs b/src/wireguard/endpoint.rs deleted file mode 100644 index f6a560b..0000000 --- a/src/wireguard/endpoint.rs +++ /dev/null @@ -1,29 +0,0 @@ -use spin::{Mutex, MutexGuard}; -use std::sync::Arc; - -use super::super::platform::Endpoint; - -#[derive(Clone)] -struct EndpointStore { - endpoint: Arc>>, -} - -impl EndpointStore { - pub fn new() -> EndpointStore { - EndpointStore { - endpoint: Arc::new(Mutex::new(None)), - } - } - - pub fn set(&self, endpoint: E) { - *self.endpoint.lock() = Some(endpoint); - } - - pub fn get(&self) -> MutexGuard> { - self.endpoint.lock() - } - - pub fn clear_src(&self) { - (*self.endpoint.lock()).as_mut().map(|e| e.clear_src()); - } -} diff --git a/src/wireguard/handshake/device.rs b/src/wireguard/handshake/device.rs index 8e16248..c684965 100644 --- a/src/wireguard/handshake/device.rs +++ b/src/wireguard/handshake/device.rs @@ -154,7 +154,7 @@ impl Device { /// # Returns /// /// The call might fail if the public key is not found - pub fn remove(&mut self, pk: PublicKey) -> Result<(), ConfigError> { + pub fn remove(&mut self, pk: &PublicKey) -> Result<(), ConfigError> { // take write-lock on receive id table let mut id_map = self.id_map.write(); diff --git a/src/wireguard/handshake/noise.rs b/src/wireguard/handshake/noise.rs index 46188b4..072ac13 100644 --- a/src/wireguard/handshake/noise.rs +++ b/src/wireguard/handshake/noise.rs @@ -43,8 +43,6 @@ type TemporaryState = (u32, PublicKey, GenericArray, GenericArray Option { match mem::replace(&mut *self.state.lock(), State::Reset) { State::InitiationSent { local, .. } => Some(local), diff --git a/src/wireguard/handshake/tests.rs b/src/wireguard/handshake/tests.rs index 6be7b51..1df046d 100644 --- a/src/wireguard/handshake/tests.rs +++ b/src/wireguard/handshake/tests.rs @@ -192,6 +192,6 @@ fn handshake_no_load() { wait(); } - dev1.remove(pk2).unwrap(); - dev2.remove(pk1).unwrap(); + dev1.remove(&pk2).unwrap(); + dev2.remove(&pk1).unwrap(); } diff --git a/src/wireguard/mod.rs b/src/wireguard/mod.rs index f899359..ac7d9be 100644 --- a/src/wireguard/mod.rs +++ b/src/wireguard/mod.rs @@ -2,7 +2,6 @@ mod constants; mod timers; mod wireguard; -mod endpoint; mod handshake; mod peer; mod queue; diff --git a/src/wireguard/queue.rs b/src/wireguard/queue.rs index 4c004c4..75b9104 100644 --- a/src/wireguard/queue.rs +++ b/src/wireguard/queue.rs @@ -2,7 +2,7 @@ use crossbeam_channel::{bounded, Receiver, Sender}; use std::sync::Mutex; pub struct ParallelQueue { - queue: Mutex>>, // work queues (1 per thread) + queue: Mutex>>, } impl ParallelQueue { diff --git a/src/wireguard/router/constants.rs b/src/wireguard/router/constants.rs index 6129fd7..82360bb 100644 --- a/src/wireguard/router/constants.rs +++ b/src/wireguard/router/constants.rs @@ -4,6 +4,6 @@ pub const MAX_STAGED_PACKETS: usize = 128; // performance constants -pub const PARALLEL_QUEUE_SIZE: usize = MAX_STAGED_PACKETS; +pub const PARALLEL_QUEUE_SIZE: usize = 256; pub const INORDER_QUEUE_SIZE: usize = PARALLEL_QUEUE_SIZE; pub const MAX_INORDER_CONSUME: usize = INORDER_QUEUE_SIZE; diff --git a/src/wireguard/router/device.rs b/src/wireguard/router/device.rs index 1d3b743..a12a657 100644 --- a/src/wireguard/router/device.rs +++ b/src/wireguard/router/device.rs @@ -211,7 +211,10 @@ impl> DeviceHandle< /// A new secret key has been set for the device. /// According to WireGuard semantics, this should cause all "sending" keys to be discarded. - pub fn new_sk(&self) {} + pub fn clear_sending_keys(&self) { + log::debug!("Clear sending keys"); + // TODO: Implement. Consider: The device does not have an explicit list of peers + } /// Adds a new peer to the device /// diff --git a/src/wireguard/router/inbound.rs b/src/wireguard/router/inbound.rs index 96c2e33..dc2c44e 100644 --- a/src/wireguard/router/inbound.rs +++ b/src/wireguard/router/inbound.rs @@ -1,22 +1,20 @@ +use std::mem; +use std::sync::atomic::Ordering; +use std::sync::Arc; + +use crossbeam_channel::Receiver; +use ring::aead::{Aad, LessSafeKey, Nonce, UnboundKey, CHACHA20_POLY1305}; +use zerocopy::{AsBytes, LayoutVerified}; + use super::constants::MAX_INORDER_CONSUME; use super::device::DecryptionState; use super::device::Device; use super::messages::TransportHeader; use super::peer::Peer; use super::pool::*; -use super::runq::RunQueue; use super::types::Callbacks; use super::{tun, udp, Endpoint}; - -use crossbeam_channel::Receiver; -use ring::aead::{Aad, LessSafeKey, Nonce, UnboundKey, CHACHA20_POLY1305}; -use zerocopy::{AsBytes, LayoutVerified}; - -use std::mem; -use std::sync::atomic::Ordering; -use std::sync::Arc; - -pub const SIZE_TAG: usize = 16; +use super::{REJECT_AFTER_MESSAGES, SIZE_TAG}; pub struct Inbound> { msg: Vec, @@ -45,14 +43,8 @@ pub fn parallel>( device: Device, receiver: Receiver, Inbound>>, ) { - // run queue to schedule - fn queue>( - device: &Device, - ) -> &RunQueue> { - &device.run_inbound - } - // parallel work to apply + #[inline(always)] fn work>( peer: &Peer, body: &mut Inbound, @@ -94,6 +86,12 @@ pub fn parallel>( } } + // check that counter not after reject + if header.f_counter.get() >= REJECT_AFTER_MESSAGES { + body.failed = true; + return; + } + // cryptokey route and strip padding let inner_len = { let length = packet.len() - SIZE_TAG; diff --git a/src/wireguard/router/outbound.rs b/src/wireguard/router/outbound.rs index a0a1c72..1edb2fb 100644 --- a/src/wireguard/router/outbound.rs +++ b/src/wireguard/router/outbound.rs @@ -1,3 +1,9 @@ +use std::sync::Arc; + +use crossbeam_channel::Receiver; +use ring::aead::{Aad, LessSafeKey, Nonce, UnboundKey, CHACHA20_POLY1305}; +use zerocopy::{AsBytes, LayoutVerified}; + use super::constants::MAX_INORDER_CONSUME; use super::device::Device; use super::messages::{TransportHeader, TYPE_TRANSPORT}; @@ -5,16 +11,8 @@ use super::peer::Peer; use super::pool::*; use super::types::Callbacks; use super::KeyPair; -use super::REJECT_AFTER_MESSAGES; use super::{tun, udp, Endpoint}; - -use std::sync::Arc; - -use crossbeam_channel::Receiver; -use ring::aead::{Aad, LessSafeKey, Nonce, UnboundKey, CHACHA20_POLY1305}; -use zerocopy::{AsBytes, LayoutVerified}; - -pub const SIZE_TAG: usize = 16; +use super::{REJECT_AFTER_MESSAGES, SIZE_TAG}; pub struct Outbound { msg: Vec, @@ -37,6 +35,7 @@ pub fn parallel>( device: Device, receiver: Receiver, Outbound>>, ) { + #[inline(always)] fn work>( _peer: &Peer, body: &mut Outbound, diff --git a/src/wireguard/router/types.rs b/src/wireguard/router/types.rs index 194f0d4..ae37a6b 100644 --- a/src/wireguard/router/types.rs +++ b/src/wireguard/router/types.rs @@ -35,7 +35,6 @@ pub trait Callbacks: Send + Sync + 'static { #[derive(Debug)] pub enum RouterError { NoCryptoKeyRoute, - MalformedIPHeader, MalformedTransportMessage, UnknownReceiverId, NoEndpoint, @@ -46,8 +45,7 @@ impl fmt::Display for RouterError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { RouterError::NoCryptoKeyRoute => write!(f, "No cryptokey route configured for subnet"), - RouterError::MalformedIPHeader => write!(f, "IP header is malformed"), - RouterError::MalformedTransportMessage => write!(f, "IP header is malformed"), + RouterError::MalformedTransportMessage => write!(f, "Transport header is malformed"), RouterError::UnknownReceiverId => { write!(f, "No decryption state associated with receiver id") } diff --git a/src/wireguard/timers.rs b/src/wireguard/timers.rs index f292afd..8f8a244 100644 --- a/src/wireguard/timers.rs +++ b/src/wireguard/timers.rs @@ -172,13 +172,6 @@ impl PeerInner { } } - pub fn timers_session_derieved(&self) { - let timers = self.timers(); - if timers.enabled { - timers.zero_key_material.reset(REJECT_AFTER_TIME * 3); - } - } - fn timers_set_retransmit_handshake(&self) { let timers = self.timers(); if timers.enabled { @@ -190,6 +183,7 @@ impl PeerInner { */ pub fn sent_handshake_initiation(&self) { *self.last_handshake_sent.lock() = Instant::now(); + self.timers_handshake_initiated(); self.timers_set_retransmit_handshake(); self.timers_any_authenticated_packet_traversal(); self.timers_any_authenticated_packet_sent(); diff --git a/src/wireguard/wireguard.rs b/src/wireguard/wireguard.rs index 2cd6ce4..45b1fcb 100644 --- a/src/wireguard/wireguard.rs +++ b/src/wireguard/wireguard.rs @@ -236,7 +236,9 @@ impl Wireguard { } pub fn remove_peer(&self, pk: &PublicKey) { - self.state.peers.write().remove(pk.as_bytes()); + if self.handshake.write().remove(pk).is_ok() { + self.state.peers.write().remove(pk.as_bytes()); + } } pub fn lookup_peer(&self, pk: &PublicKey) -> Option> { @@ -258,7 +260,10 @@ impl Wireguard { } pub fn set_key(&self, sk: Option) { - self.handshake.write().set_sk(sk); + let mut handshake = self.handshake.write(); + handshake.set_sk(sk); + self.router.clear_sending_keys(); + // handshake lock is released and new handshakes can be initated } pub fn get_sk(&self) -> Option { @@ -577,7 +582,7 @@ impl Wireguard { ); // this means that a handshake response was processed or sent - peer.timers_session_derieved(); + peer.timers_session_derived(); // free any unused ids for id in peer.router.add_keypair(kp) { -- cgit v1.2.3-59-g8ed1b