dsnet/configtypes.go

package dsnet

import (
	"encoding/json"
	"io/ioutil"
	"net"
	"os"
	"time"

	"github.com/go-playground/validator/v10"
	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
)

// see https://github.com/WireGuard/wgctrl-go/blob/master/wgtypes/types.go for definitions
type PeerConfig struct {
	// Used to update DNS
	Hostname string `validate:"required,gte=1,lte=255"`
	// username of person running this host/router
	Owner string `validate:"required,gte=1,lte=255"`
	// Description of what the host is and/or does
	Description string `validate:"required,gte=1,lte=255"`
	// Internal VPN IP address. Added to AllowedIPs in server config as a /32
	IP           net.IP  `validate:"required`
	PublicKey    JSONKey `validate:"required,len=44"`
	PrivateKey   JSONKey `json:"-"` // omitted from config!
	PresharedKey JSONKey `validate:"required,len=44"`
	// TODO ExternalIP support (Endpoint)
	//ExternalIP     net.UDPAddr `validate:"required,udp4_addr"`
	// TODO support routing additional networks (AllowedIPs)
	Networks []JSONIPNet `validate:"required"`
}

type DsnetConfig struct {
	// domain to append to hostnames. Relies on separate DNS server for
	// resolution. Informational only.
	ExternalIP    net.IP `validate:"required"`
	ListenPort    int    `validate:"gte=1024,lte=65535"`
	Domain        string `validate:"required,gte=1,lte=255"`
	InterfaceName string `validate:"required,gte=1,lte=255"`
	// IP network from which to allocate automatic sequential addresses
	// Network is chosen randomly when not specified
	Network JSONIPNet `validate:"required"`
	IP      net.IP    `validate:"required"`
	DNS     net.IP    `validate:"required"`
	// TODO Default subnets to route via VPN
	ReportFile   string       `validate:"required"`
	PrivateKey   JSONKey      `validate:"required,len=44"`
	PresharedKey JSONKey      `validate:"required,len=44"`
	Peers        []PeerConfig `validate:"dive"`
}

func MustLoadDsnetConfig() *DsnetConfig {
	raw, err := ioutil.ReadFile(CONFIG_FILE)

	if os.IsNotExist(err) {
		ExitFail("%s does not exist. `dsnet init` may be required.", CONFIG_FILE)
	} else if os.IsPermission(err) {
		ExitFail("%s cannot be accessed. Sudo may be required.", CONFIG_FILE)
	} else {
		check(err)
	}

	conf := DsnetConfig{}
	err = json.Unmarshal(raw, &conf)
	check(err)

	err = validator.New().Struct(conf)
	check(err)

	return &conf
}

func (conf *DsnetConfig) MustSave() {
	_json, _ := json.MarshalIndent(conf, "", "    ")
	err := ioutil.WriteFile(CONFIG_FILE, _json, 0600)
	check(err)
}

func (conf *DsnetConfig) MustAddPeer(peer PeerConfig) {
	// TODO validate all PeerConfig (keys etc)

	for _, p := range conf.Peers {
		if peer.Hostname == p.Hostname {
			ExitFail("%s is not an unique hostname", peer.Hostname)
		}
	}

	if conf.IPAllocated(peer.IP) {
		ExitFail("%s is already allocated", peer.IP)
	}

	for _, peerIPNet := range peer.Networks {
		if conf.IPAllocated(peerIPNet.IPNet.IP) {
			ExitFail("%s is already allocated", peerIPNet)
		}
	}

	conf.Peers = append(conf.Peers, peer)
}

func (conf DsnetConfig) IPAllocated(IP net.IP) bool {
	if IP.Equal(conf.IP) {
		return true
	}

	for _, peer := range conf.Peers {
		if IP.Equal(peer.IP) {
			return true
		}

		for _, peerIPNet := range peer.Networks {
			if IP.Equal(peerIPNet.IPNet.IP) {
				return true
			}
		}
	}

	return false
}

// choose a free IP for a new Peer
func (conf DsnetConfig) MustAllocateIP() net.IP {
	network := conf.Network.IPNet
	ones, bits := network.Mask.Size()
	zeros := bits - ones
	min := 1                // avoids network addr
	max := (1 << zeros) - 2 // avoids broadcast addr + overflow

	for i := min; i <= max; i++ {
		IP := make(net.IP, len(network.IP))
		copy(IP, network.IP)

		// OR the host part with the network part
		for j := 0; j < len(IP); j++ {
			shift := (len(IP) - j - 1) * 8
			IP[j] = IP[j] | byte(i>>shift)
		}

		if !conf.IPAllocated(IP) {
			return IP
		}
	}

	ExitFail("IP range exhausted")

	return net.IP{}
}

func (conf DsnetConfig) GetWgPeerConfigs() []wgtypes.PeerConfig {
	wgPeers := make([]wgtypes.PeerConfig, 0, len(conf.Peers))

	interval := time.Second * KEEPALIVE_SECONDS

	for _, peer := range conf.Peers {
		wgPeers = append(wgPeers, wgtypes.PeerConfig{
			PublicKey:                   peer.PublicKey.Key,
			Remove:                      false,
			UpdateOnly:                  false,
			PresharedKey:                &peer.PresharedKey.Key,
			Endpoint:                    nil,
			PersistentKeepaliveInterval: &interval,
			ReplaceAllowedIPs:           true,
			AllowedIPs: []net.IPNet{
				net.IPNet{
					IP:   peer.IP,
					Mask: net.IPMask{255, 255, 255, 255},
				},
			},
		})
	}

	return wgPeers
}
define initial peer type 2020-02-10 20:58:13 +01:00			`package dsnet`

			`import (`
fn/method to load/save conf 2020-03-02 03:54:43 +01:00			`"encoding/json"`
			`"io/ioutil"`
define initial peer type 2020-02-10 20:58:13 +01:00			`"net"`
check config file early for init/add 2020-03-03 23:33:48 +01:00			`"os"`
successful adding of peers! 2020-03-04 21:30:05 +01:00			`"time"`
enable validation where appropriate 2020-03-04 00:09:54 +01:00
			`"github.com/go-playground/validator/v10"`
correct mask 2020-03-04 21:34:11 +01:00			`"golang.zx2c4.com/wireguard/wgctrl/wgtypes"`
define initial peer type 2020-02-10 20:58:13 +01:00			`)`

			`// see https://github.com/WireGuard/wgctrl-go/blob/master/wgtypes/types.go for definitions`
initial config/actual types 2020-02-20 20:08:07 +01:00			`type PeerConfig struct {`
			`// Used to update DNS`
go fmt 2020-03-02 00:08:10 +01:00			Hostname string `validate:"required,gte=1,lte=255"`
fix net JSON parsing 2020-03-02 20:38:00 +01:00			`// username of person running this host/router`
			Owner string `validate:"required,gte=1,lte=255"`
initial config/actual types 2020-02-20 20:08:07 +01:00			`// Description of what the host is and/or does`
go fmt 2020-03-02 00:08:10 +01:00			Description string `validate:"required,gte=1,lte=255"`
deal with private IP separately 2020-03-03 23:30:36 +01:00			`// Internal VPN IP address. Added to AllowedIPs in server config as a /32`
enable validation where appropriate 2020-03-04 00:09:54 +01:00			IP net.IP `validate:"required`
separate internal/external IP 2020-03-02 22:02:21 +01:00			PublicKey JSONKey `validate:"required,len=44"`
fallback to icanhazip for external IP detection 2020-03-02 23:31:52 +01:00			PrivateKey JSONKey `json:"-"` // omitted from config!
separate internal/external IP 2020-03-02 22:02:21 +01:00			PresharedKey JSONKey `validate:"required,len=44"`
deal with private IP separately 2020-03-03 23:30:36 +01:00			`// TODO ExternalIP support (Endpoint)`
			//ExternalIP net.UDPAddr `validate:"required,udp4_addr"`
			`// TODO support routing additional networks (AllowedIPs)`
make networks required for peer 2020-03-04 20:46:39 +01:00			Networks []JSONIPNet `validate:"required"`
initial config/actual types 2020-02-20 20:08:07 +01:00			`}`

			`type DsnetConfig struct {`
add domain + cidr validation 2020-02-27 23:19:48 +01:00			`// domain to append to hostnames. Relies on separate DNS server for`
			`// resolution. Informational only.`
start attempt at interface creation 2020-03-04 20:38:48 +01:00			ExternalIP net.IP `validate:"required"`
			ListenPort int `validate:"gte=1024,lte=65535"`
			Domain string `validate:"required,gte=1,lte=255"`
			InterfaceName string `validate:"required,gte=1,lte=255"`
reorder dsnet config 2020-03-02 20:41:36 +01:00			`// IP network from which to allocate automatic sequential addresses`
			`// Network is chosen randomly when not specified`
deal with private IP separately 2020-03-03 23:30:36 +01:00			Network JSONIPNet `validate:"required"`
enable validation where appropriate 2020-03-04 00:09:54 +01:00			IP net.IP `validate:"required"`
			DNS net.IP `validate:"required"`
embed IPNet for MarshalJSON 2020-03-01 23:03:31 +01:00			`// TODO Default subnets to route via VPN`
enable validation where appropriate 2020-03-04 00:09:54 +01:00			ReportFile string `validate:"required"`
			PrivateKey JSONKey `validate:"required,len=44"`
			PresharedKey JSONKey `validate:"required,len=44"`
			Peers []PeerConfig `validate:"dive"`
initial config/actual types 2020-02-20 20:08:07 +01:00			`}`

fn/method to load/save conf 2020-03-02 03:54:43 +01:00			`func MustLoadDsnetConfig() *DsnetConfig {`
			`raw, err := ioutil.ReadFile(CONFIG_FILE)`
check config file early for init/add 2020-03-03 23:33:48 +01:00
			`if os.IsNotExist(err) {`
			ExitFail("%s does not exist. `dsnet init` may be required.", CONFIG_FILE)
			`} else if os.IsPermission(err) {`
			`ExitFail("%s cannot be accessed. Sudo may be required.", CONFIG_FILE)`
			`} else {`
			`check(err)`
			`}`

fn/method to load/save conf 2020-03-02 03:54:43 +01:00			`conf := DsnetConfig{}`
			`err = json.Unmarshal(raw, &conf)`
			`check(err)`
enable validation where appropriate 2020-03-04 00:09:54 +01:00
			`err = validator.New().Struct(conf)`
			`check(err)`

fn/method to load/save conf 2020-03-02 03:54:43 +01:00			`return &conf`
			`}`

			`func (conf *DsnetConfig) MustSave() {`
			`_json, _ := json.MarshalIndent(conf, "", " ")`
			`err := ioutil.WriteFile(CONFIG_FILE, _json, 0600)`
			`check(err)`
			`}`

working incomplete adding of peers. Now sleep. 2020-03-02 04:08:28 +01:00			`func (conf *DsnetConfig) MustAddPeer(peer PeerConfig) {`
add validationof hostname + IP 2020-03-02 20:26:08 +01:00			`// TODO validate all PeerConfig (keys etc)`

			`for _, p := range conf.Peers {`
			`if peer.Hostname == p.Hostname {`
			`ExitFail("%s is not an unique hostname", peer.Hostname)`
			`}`
			`}`

deal with private IP separately 2020-03-03 23:30:36 +01:00			`if conf.IPAllocated(peer.IP) {`
			`ExitFail("%s is already allocated", peer.IP)`
			`}`

			`for _, peerIPNet := range peer.Networks {`
add validationof hostname + IP 2020-03-02 20:26:08 +01:00			`if conf.IPAllocated(peerIPNet.IPNet.IP) {`
correct IPAllocated() 2020-03-02 20:31:29 +01:00			`ExitFail("%s is already allocated", peerIPNet)`
add validationof hostname + IP 2020-03-02 20:26:08 +01:00			`}`
			`}`

working incomplete adding of peers. Now sleep. 2020-03-02 04:08:28 +01:00			`conf.Peers = append(conf.Peers, peer)`
			`}`

check to see if IP is already allocated 2020-03-02 19:53:10 +01:00			`func (conf DsnetConfig) IPAllocated(IP net.IP) bool {`
deal with private IP separately 2020-03-03 23:30:36 +01:00			`if IP.Equal(conf.IP) {`
record / allocate IP 2020-03-02 21:10:48 +01:00			`return true`
			`}`

check to see if IP is already allocated 2020-03-02 19:53:10 +01:00			`for _, peer := range conf.Peers {`
deal with private IP separately 2020-03-03 23:30:36 +01:00			`if IP.Equal(peer.IP) {`
			`return true`
			`}`

			`for _, peerIPNet := range peer.Networks {`
correct IP enumeration 2020-03-02 20:13:38 +01:00			`if IP.Equal(peerIPNet.IPNet.IP) {`
correct IPAllocated() 2020-03-02 20:31:29 +01:00			`return true`
check to see if IP is already allocated 2020-03-02 19:53:10 +01:00			`}`
			`}`
			`}`

correct IPAllocated() 2020-03-02 20:31:29 +01:00			`return false`
check to see if IP is already allocated 2020-03-02 19:53:10 +01:00			`}`

POC IP range enumeration 2020-03-02 19:44:19 +01:00			`// choose a free IP for a new Peer`
MustChooseIP -> MustAllocateIP 2020-03-02 21:11:33 +01:00			`func (conf DsnetConfig) MustAllocateIP() net.IP {`
POC IP range enumeration 2020-03-02 19:44:19 +01:00			`network := conf.Network.IPNet`
			`ones, bits := network.Mask.Size()`
			`zeros := bits - ones`
go fmt 2020-03-02 20:03:00 +01:00			`min := 1 // avoids network addr`
			`max := (1 << zeros) - 2 // avoids broadcast addr + overflow`
POC IP range enumeration 2020-03-02 19:44:19 +01:00
			`for i := min; i <= max; i++ {`
			`IP := make(net.IP, len(network.IP))`
			`copy(IP, network.IP)`

			`// OR the host part with the network part`
			`for j := 0; j < len(IP); j++ {`
			`shift := (len(IP) - j - 1) * 8`
			`IP[j] = IP[j] \| byte(i>>shift)`
correct IP enumeration 2020-03-02 20:13:38 +01:00			`}`
POC IP range enumeration 2020-03-02 19:44:19 +01:00
separate internal/external IP 2020-03-02 22:02:21 +01:00			`if !conf.IPAllocated(IP) {`
ChooseIP -> MustChooseIP 2020-03-02 20:29:08 +01:00			`return IP`
check to see if IP is already allocated 2020-03-02 19:53:10 +01:00			`}`
POC IP range enumeration 2020-03-02 19:44:19 +01:00			`}`

ChooseIP -> MustChooseIP 2020-03-02 20:29:08 +01:00			`ExitFail("IP range exhausted")`

			`return net.IP{}`
POC IP range enumeration 2020-03-02 19:44:19 +01:00			`}`
successful adding of peers! 2020-03-04 21:30:05 +01:00
			`func (conf DsnetConfig) GetWgPeerConfigs() []wgtypes.PeerConfig {`
			`wgPeers := make([]wgtypes.PeerConfig, 0, len(conf.Peers))`

correct mask 2020-03-04 21:34:11 +01:00			`interval := time.Second * KEEPALIVE_SECONDS`
successful adding of peers! 2020-03-04 21:30:05 +01:00
			`for _, peer := range conf.Peers {`
			`wgPeers = append(wgPeers, wgtypes.PeerConfig{`
correct mask 2020-03-04 21:34:11 +01:00			`PublicKey: peer.PublicKey.Key,`
			`Remove: false,`
			`UpdateOnly: false,`
			`PresharedKey: &peer.PresharedKey.Key,`
			`Endpoint: nil,`
successful adding of peers! 2020-03-04 21:30:05 +01:00			`PersistentKeepaliveInterval: &interval,`
correct mask 2020-03-04 21:34:11 +01:00			`ReplaceAllowedIPs: true,`
successful adding of peers! 2020-03-04 21:30:05 +01:00			`AllowedIPs: []net.IPNet{`
			`net.IPNet{`
correct mask 2020-03-04 21:34:11 +01:00			`IP: peer.IP,`
			`Mask: net.IPMask{255, 255, 255, 255},`
successful adding of peers! 2020-03-04 21:30:05 +01:00			`},`
			`},`
			`})`
			`}`

			`return wgPeers`
			`}`