sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-16 15:26:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: first project flow

Browse Source
This commit is contained in:
braginini
2021-04-14 14:20:25 +02:00
commit 6b3ba0feaf
23 changed files with 2288 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

248
engine/agent.go Normal file
View File

@@ -0,0 +1,248 @@
package engine
import (
"context"
"github.com/pion/ice/v2"
log "github.com/sirupsen/logrus"
"github.com/wiretrustee/wiretrustee/signal"
sProto "github.com/wiretrustee/wiretrustee/signal/proto"
"net"
)
// PeerAgent is responsible for establishing and maintaining of the connection between two peers (local and remote)
// It uses underlying ice.Agent and ice.Conn
type PeerAgent struct {
// a Wireguard public key of the peer
LocalKey string
// a Wireguard public key of the remote peer
RemoteKey string
// ICE iceAgent that actually negotiates and maintains peer-to-peer connection
iceAgent *ice.Agent
// Actual peer-to-peer connection
conn *ice.Conn
// a signal.Client to negotiate initial connection
signal signal.Client
// a connection to a local Wireguard instance to proxy data
wgConn net.Conn
// an address of local Wireguard instance
wgAddr string
}
// NewPeerAgent creates a new PeerAgent with give local and remote Wireguard public keys and initializes an ICE Agent
func NewPeerAgent(localKey string, remoteKey string, stunTurnURLS []*ice.URL, wgAddr string) (*PeerAgent, error) {
// init ICE Agent
iceAgent, err := ice.NewAgent(&ice.AgentConfig{
NetworkTypes: []ice.NetworkType{ice.NetworkTypeUDP4},
Urls: stunTurnURLS,
})
if err != nil {
return nil, err
}
peerAgent := &PeerAgent{
LocalKey: localKey,
RemoteKey: remoteKey,
iceAgent: iceAgent,
wgAddr: wgAddr,
conn: nil,
wgConn: nil,
}
err = peerAgent.onConnectionStateChange()
if err != nil {
//todo close agent
return nil, err
}
err = peerAgent.onCandidate()
if err != nil {
log.Errorf("failed listening on ICE connection state changes %s", err)
//todo close agent
return nil, err
}
return peerAgent, nil
}
// proxyToRemotePeer proxies everything from Wireguard to the remote peer
// blocks
func (pa *PeerAgent) proxyToRemotePeer() {
buf := make([]byte, 1500)
for {
n, err := pa.wgConn.Read(buf)
if err != nil {
log.Warnln("Error reading from peer: ", err.Error())
continue
}
n, err = pa.conn.Write(buf[:n])
if err != nil {
log.Warnln("Error writing to remote peer: ", err.Error())
}
}
}
// proxyToLocalWireguard proxies everything from the remote peer to local Wireguard
// blocks
func (pa *PeerAgent) proxyToLocalWireguard() {
buf := make([]byte, 1500)
for {
n, err := pa.conn.Read(buf)
if err != nil {
log.Errorf("failed reading from remote connection %s", err)
}
n, err = pa.wgConn.Write(buf[:n])
if err != nil {
log.Errorf("failed writing to local Wireguard instance %s", err)
}
}
}
// OpenConnection opens connection to remote peer. Flow:
// 1. start gathering connection candidates
// 2. if the peer was an initiator then it dials to the remote peer
// 3. if the peer wasn't an initiator then it waits for incoming connection from the remote peer
// 4. after connection has been established peer starts to:
// - proxy all local Wireguard's packets to the remote peer
// - proxy all incoming data from the remote peer to local Wireguard
// The returned connection address can be used to be set as Wireguard's remote peer endpoint
func (pa *PeerAgent) OpenConnection(initiator bool) (net.Conn, error) {
// start gathering candidates
err := pa.iceAgent.GatherCandidates()
if err != nil {
return nil, err
}
// by that time it should be already set
frag, pwd, err := pa.iceAgent.GetRemoteUserCredentials()
if err != nil {
log.Errorf("remote credentials are not set for remote peer %s", pa.RemoteKey)
return nil, err
}
// initiate remote connection
// will block until connection was established
var conn *ice.Conn = nil
if initiator {
conn, err = pa.iceAgent.Dial(context.TODO(), frag, pwd)
} else {
conn, err = pa.iceAgent.Accept(context.TODO(), frag, pwd)
}
if err != nil {
log.Fatalf("failed listening on local port %s", err)
return nil, err
}
log.Infof("Local addr %s, remote addr %s", conn.LocalAddr(), conn.RemoteAddr())
pa.conn = conn
// connect to local Wireguard instance
wgConn, err := net.Dial("udp", pa.wgAddr)
if err != nil {
log.Fatalf("failed dialing to local Wireguard port %s", err)
return nil, err
}
pa.wgConn = wgConn
go func() {
pa.proxyToRemotePeer()
}()
go func() {
pa.proxyToLocalWireguard()
}()
return wgConn, nil
}
func (pa *PeerAgent) OnAnswer(msg *sProto.Message) error {
return nil
}
func (pa *PeerAgent) OnRemoteCandidate(msg *sProto.Message) error {
return nil
}
// signalCandidate sends a message with a local ice.Candidate details to the remote peer via signal server
func (pa *PeerAgent) signalCandidate(c ice.Candidate) error {
err := pa.signal.Send(&sProto.Message{
Type: sProto.Message_CANDIDATE,
Key: pa.LocalKey,
RemoteKey: pa.RemoteKey,
Body: c.Marshal(),
})
if err != nil {
return err
}
return nil
}
// onCandidate detects new local ice.Candidate and sends it to the remote peer via signal server
func (pa *PeerAgent) onCandidate() error {
return pa.iceAgent.OnCandidate(func(candidate ice.Candidate) {
if candidate != nil {
err := pa.signalCandidate(candidate)
if err != nil {
log.Errorf("failed signaling candidate to the remote peer %s %s", pa.RemoteKey, err)
//todo ??
return
}
}
})
}
// onConnectionStateChange listens on ice.Agent connection state change events and once connected checks a Candidate pair
// the ice.Conn was established with
// Mostly used for debugging purposes (e.g. connection time, etc)
func (pa *PeerAgent) onConnectionStateChange() error {
return pa.iceAgent.OnConnectionStateChange(func(state ice.ConnectionState) {
log.Debugf("ICE Connection State has changed: %s", state.String())
if state == ice.ConnectionStateConnected {
// once the connection has been established we can check the selected candidate pair
pair, err := pa.iceAgent.GetSelectedCandidatePair()
if err != nil {
log.Errorf("failed selecting active ICE candidate pair %s", err)
return
}
log.Debugf("connected to peer %s via selected candidate pair %s", pa.RemoteKey, pair)
}
})
}
// authenticate sets the signal.Credential of the remote peer
// and sends local signal.Credential to teh remote peer via signal server
func (pa *PeerAgent) Authenticate(credential *signal.Credential) error {
err := pa.iceAgent.SetRemoteCredentials(credential.UFrag, credential.Pwd)
if err != nil {
return err
}
localUFrag, localPwd, err := pa.iceAgent.GetLocalUserCredentials()
if err != nil {
return err
}
// notify the remote peer about our credentials
answer := signal.MarshalCredential(pa.LocalKey, pa.RemoteKey, &signal.Credential{
UFrag: localUFrag,
Pwd: localPwd,
}, sProto.Message_ANSWER)
//notify the remote peer of our credentials
err = pa.signal.Send(answer)
if err != nil {
return err
}
return nil
}

126
engine/engine.go Normal file
View File

@@ -0,0 +1,126 @@
package engine
import (
"fmt"
"github.com/pion/ice/v2"
log "github.com/sirupsen/logrus"
"github.com/wiretrustee/wiretrustee/iface"
signal "github.com/wiretrustee/wiretrustee/signal"
sProto "github.com/wiretrustee/wiretrustee/signal/proto"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
"time"
)
type Engine struct {
// a list of STUN and TURN servers
stunsTurns []*ice.URL
// signal server client
signal *signal.Client
// peer agents indexed by local public key of the remote peers
agents map[string]*PeerAgent
// Wireguard interface
wgIface string
// Wireguard local address
wgAddr string
}
func NewEngine(signal *signal.Client, stunsTurns []*ice.URL) *Engine {
return &Engine{
stunsTurns: stunsTurns,
signal: signal,
}
}
func (e *Engine) Start(localKey string, peers []string) error {
// setup wireguard
myKey, err := wgtypes.ParseKey(localKey)
if err != nil {
log.Errorf("error parsing Wireguard key %s: [%s]", localKey, err.Error())
return err
}
err = iface.Create(e.wgIface, e.wgIface)
if err != nil {
log.Errorf("error while creating interface %s: [%s]", e.wgIface, err.Error())
return err
}
err = iface.Configure(e.wgIface, myKey.String())
if err != nil {
log.Errorf("error while configuring Wireguard interface [%s]: %s", e.wgIface, err.Error())
return err
}
wgPort, err := iface.GetListenPort(e.wgIface)
if err != nil {
log.Errorf("error while getting Wireguard interface port [%s]: %s", e.wgIface, err.Error())
return err
}
// initialize peer agents
for _, peer := range peers {
peerAgent, err := NewPeerAgent(localKey, peer, e.stunsTurns, fmt.Sprintf("127.0.0.1:%d", *wgPort))
if err != nil {
log.Fatalf("failed creating peer agent for pair %s - %s", localKey, peer)
return err
}
e.agents[localKey] = peerAgent
}
e.receiveSignal(localKey)
return nil
}
func (e *Engine) receiveSignal(localKey string) {
// connect to a stream of messages coming from the signal server
e.signal.Receive(localKey, func(msg *sProto.Message) error {
// check if this is our "buddy" peer
peerAgent := e.agents[msg.Key]
if peerAgent == nil {
return fmt.Errorf("unknown peer %s", msg.Key)
}
// the one who send offer (expects answer) is the initiator of teh connection
initiator := msg.Type == sProto.Message_ANSWER
switch msg.Type {
case sProto.Message_OFFER:
case sProto.Message_ANSWER:
remoteCred, err := signal.UnMarshalCredential(msg)
if err != nil {
return err
}
err = peerAgent.Authenticate(remoteCred)
if err != nil {
log.Errorf("error authenticating remote peer %s", msg.Key)
return err
}
conn, err := peerAgent.OpenConnection(initiator)
if err != nil {
log.Errorf("error opening connection ot remote peer %s", msg.Key)
return err
}
err = iface.UpdatePeer(e.wgIface, peerAgent.RemoteKey, "0.0.0.0/0", 15*time.Second, conn.LocalAddr().String())
if err != nil {
log.Errorf("error while configuring Wireguard peer [%s] %s", peerAgent.RemoteKey, err.Error())
return err
}
case sProto.Message_CANDIDATE:
err := peerAgent.OnRemoteCandidate(msg)
if err != nil {
log.Errorf("error handling CANDIATE from %s", msg.Key)
return err
}
}
return nil
})
e.signal.WaitConnected()
}