From dee23969f5b1cfce7b352d6782a86cac062ec12e Mon Sep 17 00:00:00 2001 From: Mathias Hall-Andersen Date: Thu, 21 Nov 2019 17:12:00 +0100 Subject: Daemonization --- Cargo.lock | 23 +++++++++++++-- Cargo.toml | 3 +- src/configuration/config.rs | 15 +++++----- src/configuration/uapi/get.rs | 17 ++++++----- src/main.rs | 65 ++++++++++++++++++++++++++++++++++--------- src/wireguard/peer.rs | 2 +- src/wireguard/timers.rs | 2 +- src/wireguard/wireguard.rs | 4 +-- 8 files changed, 94 insertions(+), 37 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c33f1f8..3751d0c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -89,6 +89,11 @@ dependencies = [ "opaque-debug 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "boxfnonce" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "bumpalo" version = "2.6.0" @@ -198,6 +203,15 @@ dependencies = [ "subtle 2.1.1 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "daemonize" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "boxfnonce 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "digest" version = "0.8.1" @@ -305,7 +319,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] name = "hjul" -version = "0.2.0" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "mio 0.6.19 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1196,12 +1210,13 @@ dependencies = [ "chacha20poly1305 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", "clear_on_drop 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", "crossbeam-channel 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", + "daemonize 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)", "digest 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", "env_logger 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)", "futures 0.1.28 (registry+https://github.com/rust-lang/crates.io-index)", "generic-array 0.12.3 (registry+https://github.com/rust-lang/crates.io-index)", "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", - "hjul 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "hjul 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "hmac 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)", "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)", "log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1275,6 +1290,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum bitflags 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "4f67931368edf3a9a51d29886d245f1c3db2f1ef0dcc9e35ff70341b78c10d23" "checksum bitflags 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3d155346769a6855b86399e9bc3814ab343cd3d62c7e985113d46a0ec3c281fd" "checksum blake2 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "94cb07b0da6a73955f8fb85d24c466778e70cda767a568229b104f0264089330" +"checksum boxfnonce 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "5988cb1d626264ac94100be357308f29ff7cbdd3b36bda27f450a4ee3f713426" "checksum bumpalo 2.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ad807f2fc2bf185eeb98ff3a901bd46dc5ad58163d0fa4577ba0d25674d71708" "checksum byte-tools 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7" "checksum byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a7c3dd8985a7111efc5c80b44e23ecdd8c007de8ade3b96595387e812b957cf5" @@ -1289,6 +1305,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum crossbeam-utils 0.6.6 (registry+https://github.com/rust-lang/crates.io-index)" = "04973fa96e96579258a5091af6003abde64af786b860f18622b82e026cca60e6" "checksum crypto-mac 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5" "checksum curve25519-dalek 1.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "8b7dcd30ba50cdf88b55b033456138b7c0ac4afdc436d82e1b79f370f24cc66d" +"checksum daemonize 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "70c24513e34f53b640819f0ac9f705b673fcf4006d7aab8778bee72ebfc89815" "checksum digest 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" "checksum env_logger 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "aafcde04e90a5226a6443b7aabdb016ba2f8307c847d524724bd9b346dd1a2d3" "checksum failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "795bd83d3abeb9220f257e597aa0080a508b27533824adf336529648f6abf7e2" @@ -1303,7 +1320,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum glob 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb" "checksum heck 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "20564e78d53d2bb135c343b3f47714a56af2061f1c928fdb541dc7b9fdd94205" "checksum hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77" -"checksum hjul 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "151568250ae270811638e74dab09f4dfcb72d6c125f55cd0fa9b8feb0ef8c5fc" +"checksum hjul 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "f3306d10e330382e89dcd079f124c77273ab88920b1f83c237a99a76cc31e179" "checksum hmac 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "5dcb5e64cda4c23119ab41ba960d1e170a774c8e4b9d9e6a9bc18aabf5e59695" "checksum humantime 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3ca7e5f2e110db35f93b837c81797f3714500b81d517bf20c431b16d3ca4f114" "checksum iovec 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "dbe6e417e7d0975db6512b90796e8ce223145ac4e33c377e4a42882a0e88bb08" diff --git a/Cargo.toml b/Cargo.toml index 2b91c06..35140f7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,13 +20,14 @@ futures = "0.1.28" arraydeque = "0.4.5" treebitmap = "^0.4" crossbeam-channel = "0.3.9" -hjul = "^0.2" +hjul = "0.2.1" ring = "0.16.7" chacha20poly1305 = "^0.1" aead = "^0.1.1" clear_on_drop = "0.2.3" env_logger = "0.6" num_cpus = "^1.10" +daemonize = "0.4.1" [target.'cfg(unix)'.dependencies] libc = "0.2" diff --git a/src/configuration/config.rs b/src/configuration/config.rs index f11d90d..2a149ee 100644 --- a/src/configuration/config.rs +++ b/src/configuration/config.rs @@ -18,8 +18,7 @@ use bind::Owner; pub struct PeerState { pub rx_bytes: u64, pub tx_bytes: u64, - pub last_handshake_time_sec: u64, - pub last_handshake_time_nsec: u64, + pub last_handshake_time: Option<(u64, u64)>, pub public_key: PublicKey, pub allowed_ips: Vec<(IpAddr, u32)>, pub endpoint: Option, @@ -289,9 +288,12 @@ impl Configuration for WireguardConfig for p in peers { // convert the system time to (secs, nano) since epoch - let last_handshake = (*p.walltime_last_handshake.lock()) - .duration_since(SystemTime::UNIX_EPOCH) - .unwrap_or(Duration::from_secs(0)); // any time before epoch is mapped to epoch + let last_handshake_time = (*p.walltime_last_handshake.lock()).and_then(|t| { + let duration = t + .duration_since(SystemTime::UNIX_EPOCH) + .unwrap_or(Duration::from_secs(0)); + Some((duration.as_secs(), duration.subsec_nanos() as u64)) + }); if let Some(psk) = self.wireguard.get_psk(&p.pk) { // extract state into PeerState @@ -302,8 +304,7 @@ impl Configuration for WireguardConfig tx_bytes: p.tx_bytes.load(Ordering::Relaxed), persistent_keepalive_interval: p.get_keepalive_interval(), allowed_ips: p.router.list_allowed_ips(), - last_handshake_time_nsec: last_handshake.subsec_nanos() as u64, - last_handshake_time_sec: last_handshake.as_secs(), + last_handshake_time, public_key: p.pk, }) } diff --git a/src/configuration/uapi/get.rs b/src/configuration/uapi/get.rs index f0746b3..9e6ab36 100644 --- a/src/configuration/uapi/get.rs +++ b/src/configuration/uapi/get.rs @@ -32,24 +32,23 @@ pub fn serialize(writer: &mut W, config: &C) -> let mut peers = config.get_peers(); while let Some(p) = peers.pop() { write("public_key", hex::encode(p.public_key.as_bytes()))?; + write("preshared_key", hex::encode(p.preshared_key))?; write("rx_bytes", p.rx_bytes.to_string())?; write("tx_bytes", p.tx_bytes.to_string())?; - write( - "last_handshake_time_sec", - p.last_handshake_time_nsec.to_string(), - )?; - write( - "last_handshake_time_nsec", - p.last_handshake_time_nsec.to_string(), - )?; write( "persistent_keepalive_interval", p.persistent_keepalive_interval.to_string(), )?; + + if let Some((secs, nsecs)) = p.last_handshake_time { + write("last_handshake_time_sec", secs.to_string())?; + write("last_handshake_time_nsec", nsecs.to_string())?; + } + if let Some(endpoint) = p.endpoint { write("endpoint", endpoint.into_address().to_string())?; } - write("preshared_key", hex::encode(p.preshared_key))?; + for (ip, cidr) in p.allowed_ips { write("allowed_ip", ip.to_string() + "/" + &cidr.to_string())?; } diff --git a/src/main.rs b/src/main.rs index 89c6bdb..aa02321 100644 --- a/src/main.rs +++ b/src/main.rs @@ -3,7 +3,9 @@ use log; +use daemonize::Daemonize; use std::env; +use std::process::exit; mod configuration; mod platform; @@ -14,19 +16,57 @@ use platform::uapi::{BindUAPI, PlatformUAPI}; use platform::*; fn main() { - let mut name = String::new(); + // parse commandline arguments + let mut name = None; + let mut drop_privileges = true; let mut foreground = false; + let mut args = env::args(); - for arg in env::args() { - if arg == "--foreground" || arg == "-f" { - foreground = true; - } else { - name = arg; + args.next(); // skip path + + for arg in args { + match arg.as_str() { + "--foreground" | "-f" => { + foreground = true; + } + "--root" => { + drop_privileges = false; + } + dev => name = Some(dev.to_owned()), } } - if name == "" { - return; + // unwrap device name + let name = match name { + None => { + eprintln!("No device name supplied"); + exit(-1); + } + Some(name) => name, + }; + + // create UAPI socket + let uapi = plt::UAPI::bind(name.as_str()).unwrap_or_else(|e| { + eprintln!("Failed to create UAPI listener: {}", e); + exit(-2); + }); + + // create TUN device + let (readers, writer, mtu) = plt::Tun::create(name.as_str()).unwrap_or_else(|e| { + eprintln!("Failed to create TUN device: {}", e); + exit(-3); + }); + + // daemonize + if !foreground { + let daemonize = Daemonize::new() + .pid_file(format!("/tmp/wgrs-{}.pid", name)) + .chown_pid_file(true) + .working_directory("/tmp") + .user("nobody") + .group("daemon") + .umask(0o777); + daemonize.start().expect("Failed to daemonize"); } // start logging @@ -34,16 +74,15 @@ fn main() { .try_init() .expect("Failed to initialize event logger"); - // create UAPI socket - let uapi = plt::UAPI::bind(name.as_str()).unwrap(); - - // create TUN device - let (readers, writer, mtu) = plt::Tun::create(name.as_str()).unwrap(); + // drop privileges + if drop_privileges {} // create WireGuard device let wg: wireguard::Wireguard = wireguard::Wireguard::new(readers, writer, mtu); + // handle TUN updates up/down + // wrap in configuration interface and start UAPI server let cfg = configuration::WireguardConfig::new(wg); loop { diff --git a/src/wireguard/peer.rs b/src/wireguard/peer.rs index 7d95493..92844b6 100644 --- a/src/wireguard/peer.rs +++ b/src/wireguard/peer.rs @@ -30,7 +30,7 @@ pub struct PeerInner { pub wg: Arc>, // handshake state - pub walltime_last_handshake: Mutex, + pub walltime_last_handshake: Mutex>, pub last_handshake_sent: Mutex, // instant for last handshake pub handshake_queued: AtomicBool, // is a handshake job currently queued for the peer? pub queue: Mutex>>, // handshake queue diff --git a/src/wireguard/timers.rs b/src/wireguard/timers.rs index bfd2583..5eb69dc 100644 --- a/src/wireguard/timers.rs +++ b/src/wireguard/timers.rs @@ -139,7 +139,7 @@ impl PeerInner { if timers.enabled { timers.handshake_attempts.store(0, Ordering::SeqCst); timers.sent_lastminute_handshake.store(false, Ordering::SeqCst); - *self.walltime_last_handshake.lock() = SystemTime::now(); + *self.walltime_last_handshake.lock() = Some(SystemTime::now()); } } diff --git a/src/wireguard/wireguard.rs b/src/wireguard/wireguard.rs index e548c8a..eb43512 100644 --- a/src/wireguard/wireguard.rs +++ b/src/wireguard/wireguard.rs @@ -16,7 +16,7 @@ use std::ops::Deref; use std::sync::atomic::{AtomicBool, AtomicU64, AtomicUsize, Ordering}; use std::sync::Arc; use std::thread; -use std::time::{Duration, Instant, SystemTime}; +use std::time::{Duration, Instant}; use std::collections::hash_map::Entry; use std::collections::HashMap; @@ -219,7 +219,7 @@ impl Wireguard { id: rng.gen(), pk, wg: self.state.clone(), - walltime_last_handshake: Mutex::new(SystemTime::UNIX_EPOCH), + walltime_last_handshake: Mutex::new(None), last_handshake_sent: Mutex::new(self.state.start - TIME_HORIZON), handshake_queued: AtomicBool::new(false), queue: Mutex::new(self.state.queue.lock().clone()), -- cgit v1.2.3-59-g8ed1b