Transition to native netlink library bindings (#28)

* caerulean migrated to netlink

* rtnetlink crate migration

* linting errors fixed

* tests fixed

* tests fixed

* lint fixed

* rule changed

---------

Co-authored-by: pseusys <aleksandr.sergeev.ad@gmail.com>

Author: pseusys

caerulean/whirlpool/protocol/port_server.go

@@ -56,7 +56,8 @@ func (p *PortServer) Read(buffer *betterbuf.Buffer, viridianDict *users.Viridian
 	logrus.Debugf("Parsed packet header from viridian %d: type %d, data %d, tail %d", p.peerID, msgType, dataLength, tailLength)
 
 	var value *betterbuf.Buffer
-	if msgType == TYPE_DATA {
+	switch msgType {
+	case TYPE_DATA:
 		dataBuffer := buffer.Rebuffer(encryptedHeaderLength, encryptedHeaderLength+int(dataLength))
 		s, err := io.ReadFull(p.socket, dataBuffer.Slice())
 		if err != nil {
@@ -79,9 +80,9 @@ func (p *PortServer) Read(buffer *betterbuf.Buffer, viridianDict *users.Viridian
 		}
 		logrus.Debugf("Parsed packet data from viridian %d", p.peerID)
 
-	} else if msgType == TYPE_TERMINATION {
+	case TYPE_TERMINATION:
 		return nil, fmt.Errorf("connection with viridian %d terminated", p.peerID)
-	} else {
+	default:
 		return nil, fmt.Errorf("unexpected message type received from viridian %d: %d", p.peerID, msgType)
 	}
 

caerulean/whirlpool/tunnel/interface.go

@@ -2,9 +2,10 @@ package tunnel
 
 import (
 	"fmt"
-	"strconv"
+	"os"
 
 	"github.com/sirupsen/logrus"
+	"github.com/vishvananda/netlink"
 )
 
 // Create and open tunnel interface.
@@ -14,7 +15,7 @@ import (
 // Accept external IP address as a string.
 // Return nil if interface opened successfully, error otherwise.
 func (conf *TunnelConfig) openInterface(extIP string) error {
-	// Cast sunnel name, ip and CIDR to string
+	// Cast tunnel name, ip and CIDR to string
 	tunnelName := conf.Tunnel.Name()
 	tunnelString := conf.IP.String()
 	tunnelCIDR, _ := conf.Network.Mask.Size()
@@ -27,28 +28,38 @@ func (conf *TunnelConfig) openInterface(extIP string) error {
 		}
 		conf.mtu = int32(tunnelInterface.MTU)
 	}
-	tunnelMTU := strconv.FormatInt(int64(conf.mtu), 10)
 
-	// Setup tunnel interface MTU
-	_, err := runCommand("ip", "link", "set", "dev", tunnelName, "mtu", tunnelMTU)
+	// Lookup tunnel link by name
+	link, err := netlink.LinkByName(tunnelName)
 	if err != nil {
+		return fmt.Errorf("could not get link %s: %v", tunnelName, err)
+	}
+
+	// Setup tunnel interface MTU
+	if err := netlink.LinkSetMTU(link, int(conf.mtu)); err != nil {
 		return fmt.Errorf("error setting tunnel MTU: %v", err)
 	}
 
-	// Setup IP address for tunnel interface
-	_, err = runCommand("ip", "addr", "add", fmt.Sprintf("%s/%d", tunnelString, tunnelCIDR), "dev", tunnelName)
+	// Parse tunnel IP and CIDR
+	addr, err := netlink.ParseAddr(fmt.Sprintf("%s/%d", tunnelString, tunnelCIDR))
 	if err != nil {
-		return fmt.Errorf("error setting tunnel IP address: %v", err)
+		return fmt.Errorf("invalid tunnel address: %v", err)
 	}
 
-	// Enable tunnel interfaces
-	_, err = runCommand("ip", "link", "set", "dev", tunnelName, "up")
-	if err != nil {
+	// Setup IP address for tunnel interface
+	if err := netlink.AddrAdd(link, addr); err != nil {
+		if !os.IsExist(err) {
+			return fmt.Errorf("error adding tunnel address: %v", err)
+		}
+	}
+
+	// Enable tunnel interface
+	if err := netlink.LinkSetUp(link); err != nil {
 		return fmt.Errorf("error setting tunnel UP: %v", err)
 	}
 
 	// Log and return no error
-	logrus.Infof("Interface %s opened (IP: %s, MTU: %s)", tunnelName, tunnelString, tunnelMTU)
+	logrus.Infof("Interface %s opened (IP: %s, MTU: %d)", tunnelName, tunnelString, conf.mtu)
 	return nil
 }
 
@@ -59,14 +70,18 @@ func (conf *TunnelConfig) closeInterface() error {
 	// Receive tunnel name
 	tunnelName := conf.Tunnel.Name()
 
-	// Disable and remove tunnel
-	_, err := runCommand("ip", "link", "set", "dev", tunnelName, "down")
+	// Lookup tunnel link by name
+	link, err := netlink.LinkByName(tunnelName)
 	if err != nil {
+		return fmt.Errorf("could not get link %s: %v", tunnelName, err)
+	}
+
+	// Disable and remove tunnel
+	if err := netlink.LinkSetDown(link); err != nil {
 		return fmt.Errorf("error shutting down tunnel interface: %v", err)
 	}
 
-	_, err = runCommand("ip", "link", "del", "dev", tunnelName)
-	if err != nil {
+	if err := netlink.LinkDel(link); err != nil {
 		return fmt.Errorf("error deleting tunnel interface: %v", err)
 	}
 

caerulean/whirlpool/tunnel/utils.go

@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"os/exec"
 	"strings"
 
 	"github.com/sirupsen/logrus"
@@ -14,20 +13,6 @@ import (
 
 var DEFAULT_IP_ADDRESS = []byte{0, 0, 0, 0}
 
-// Execute console command.
-// Accept executable name and vararg command arguments.
-// Return stdout and stderr as a string, terminate if command execution failed.
-func runCommand(cmd string, args ...string) (string, error) {
-	command := exec.Command(cmd, args...)
-	output, err := command.CombinedOutput()
-	if err != nil {
-		logrus.Errorf("Command %s output: %s", cmd, output)
-		return "", fmt.Errorf("error running command: %v", args)
-	} else {
-		return string(output), nil
-	}
-}
-
 func findDefaultInterface() (*net.IPNet, error) {
 	routes, err := netlink.RouteList(nil, netlink.FAMILY_ALL)
 	if err != nil {

viridian/reef/Cargo.toml

@@ -34,7 +34,7 @@ x25519-dalek = { version = "^2.0.1", features = ["static_secrets"] }
 
 [target.'cfg(target_os = "linux")'.dependencies]
 nftables = "^0.6.3"
-neli = "^0.6.4"
+rtnetlink = "^0.17.0"
 tun = { version = "^0.7.1", features = ["async"] }
 
 [target.'cfg(target_os = "windows")'.dependencies]

viridian/reef/README.md

@@ -103,6 +103,8 @@ iptables -t mangle -I INPUT 1 -i <INPUT_INTERFACE> -j ACCEPT
 iptables -t mangle -I INPUT 1 -i <INPUT_INTERFACE> -j MARK --set-mark <SVR_CODE>
 ```
 
+And don't forget enabling IPv4 packet forwarding by running: `echo 1 > /proc/sys/net/ipv4/ip_forward`.
+
 ### Windows
 
 > Depends on: `WinDivert`, `WMI`, `IP Helper`

viridian/reef/src/lib/mod.rs

@@ -8,18 +8,12 @@ pub mod crypto;
 pub mod general;
 pub mod link;
 pub mod protocol;
+pub mod rng;
 pub mod runtime;
 pub mod tunnel;
 pub mod utils;
 pub mod viridian;
 
-#[cfg(test)]
-#[path = "../../tests/rng.rs"]
-pub mod rng;
-
-#[cfg(not(test))]
-pub mod rng;
-
 pub type DynResult<T> = Result<T, Box<dyn Error + Sync + Send>>;
 
 pub trait Reader: Send + 'static {

viridian/reef/src/lib/rng.rs

@@ -1,8 +1,39 @@
-use rand::rngs::OsRng;
 use rand::CryptoRng;
 use rand::Rng;
 
+#[cfg(test)]
+struct MockRng;
+
+#[cfg(test)]
+impl rand::RngCore for MockRng {
+    fn next_u32(&mut self) -> u32 {
+        0u32
+    }
+
+    fn next_u64(&mut self) -> u64 {
+        0u64
+    }
+
+    fn fill_bytes(&mut self, dest: &mut [u8]) {
+        dest.fill(0u8)
+    }
+
+    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
+        Ok(dest.fill(0u8))
+    }
+}
+
+#[cfg(test)]
+impl CryptoRng for MockRng {}
+
+#[inline]
+#[cfg(test)]
+pub(crate) fn get_rng() -> impl Rng + CryptoRng {
+    MockRng
+}
+
 #[inline]
+#[cfg(not(test))]
 pub(crate) fn get_rng() -> impl Rng + CryptoRng {
-    OsRng
+    rand::rngs::OsRng
 }

viridian/reef/src/lib/runtime.rs

@@ -5,6 +5,16 @@ lazy_static! {
     pub static ref LocalTokioRuntime: Runtime = Builder::new_multi_thread().enable_all().build().expect("Failed to start TYPHOON runtime!");
 }
 
+#[macro_export]
+macro_rules! run_coroutine_async {
+    ($future:expr) => {{
+        match tokio::runtime::Handle::try_current() {
+            Ok(res) => res.spawn($future),
+            Err(_) => $crate::runtime::LocalTokioRuntime.spawn($future),
+        }
+    }};
+}
+
 #[macro_export]
 macro_rules! run_coroutine_sync {
     ($future:expr) => {{