Skip to content
This repository has been archived by the owner on Nov 29, 2024. It is now read-only.

Update to latest ProxyGuard #72

Merged
merged 2 commits into from
Oct 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,17 @@
- Cleanup function comments
* Util:
- Add a function to calculate the gateway address for a given IPv4/IPv6 subnet
* ProxyGuard:
- Updated to the latest version
- API breakage:
- `StartProxyguard` function has been removed, use `NewProxyguard` instead
- `NewProxyguard` function has been added which returns a ProxyGuard instance
- `ProxyguardTunnel` to establish a tunnel for an existing ProxyGuard instance
- `ProxyguardPeerIPs` to get the Peer IPs ProxyGuard will attempt to connect to
- types.Server.Proxy JSON no longer returns `listen` but `listen_port`
* HTTP: Enforce TLS >= 1.3 transport
* Exports: Add tests to test the public API
* Translations: Update from Weblate

# 2.1.0 (2024-07-25)
* Discovery:
Expand Down
8 changes: 0 additions & 8 deletions client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,6 @@ type Client struct {
// cfg is the config
cfg *config.Config

// proxy is proxyguard
proxy Proxy

mu sync.Mutex

discoMan *discovery.Manager
Expand Down Expand Up @@ -557,11 +554,6 @@ func (c *Client) retrieveTokens(sid string, t srvtypes.Type) (*eduoauth.Token, e
// Cleanup cleans up the VPN connection by sending a /disconnect
func (c *Client) Cleanup(ck *cookie.Cookie) error {
defer c.TrySave()
// cleanup proxyguard
cerr := c.proxy.Cancel()
if cerr != nil {
log.Logger.Debugf("ProxyGuard cancel gave an error: %v", cerr)
}
srv, err := c.Servers.CurrentServer()
if err != nil {
return i18nerr.WrapInternal(err, "The current server was not found when cleaning up the connection")
Expand Down
125 changes: 0 additions & 125 deletions client/proxy.go

This file was deleted.

36 changes: 0 additions & 36 deletions client/proxy_test.go

This file was deleted.

82 changes: 59 additions & 23 deletions exports/exports.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
"github.com/eduvpn/eduvpn-common/client"
"github.com/eduvpn/eduvpn-common/i18nerr"
"github.com/eduvpn/eduvpn-common/internal/log"
"github.com/eduvpn/eduvpn-common/proxy"
"github.com/eduvpn/eduvpn-common/types/cookie"
errtypes "github.com/eduvpn/eduvpn-common/types/error"
srvtypes "github.com/eduvpn/eduvpn-common/types/server"
Expand Down Expand Up @@ -876,50 +877,85 @@ func StartFailover(c C.uintptr_t, gateway *C.char, mtu C.int, readRxBytes C.Read
return droppedC, nil
}

// StartProxyguard starts the 'proxyguard' procedure in eduvpn-common.
// NewProxyguard creates the 'proxyguard' procedure in eduvpn-common.
// eduvpn-common currently also cleans up the running ProxyGuard process in `cleanup`.
// If the proxy cannot be started it returns an error.
// If the proxy cannot be created it returns an error.
//
// This function proxies WireGuard UDP connections over HTTP: [ProxyGuard on Codeberg](https://codeberg.org/eduvpn/proxyguard).
//
// These input variables can be gotten from the configuration that is retrieved using the `proxy` JSON key
//
// - `c` is the cookie. Note that if you cancel/delete the cookie, ProxyGuard gets cleaned up. Common automatically cleans up ProxyGuard when `Cleanup` is called, but it is good to cleanup yourself too.
// - `listen` is the `ip:port` of the local udp connection, this is what is set to the WireGuard endpoint
// - `lp` is the `port` of the local udp ProxyGuard connection, this is what is set to the WireGuard endpoint
// - `tcpsp` is the TCP source port. Pass 0 if you do not route based on source port, so far only the Linux client has to pass non-zero.
// - `peer` is the `ip:port` of the remote server
// - `proxySetup` is a callback which is called when the socket is setting up, this can be used for configuring routing in the client. It takes two arguments: the file descriptor (integer) and a JSON list of IPs the client connects to
// - `proxyReady` is a callback when the proxy is ready to be used. This is only called when the client is not connected yet. Use this to determine when the actual wireguard connection can be started. This callback returns and takes no arguments
//
// Example Input: ```StartProxyGuard(myCookie, "127.0.0.1:1337", 0, "5.5.5.5:51820", proxySetupCB, proxyReadyCB)```
// Example Input: ```StartProxyGuard(myCookie, 1337, 0, "5.5.5.5:51820", proxySetupCB)```
//
// Example Output: ```null```
//
//export StartProxyguard
func StartProxyguard(c C.uintptr_t, listen *C.char, tcpsp C.int, peer *C.char, proxySetup C.ProxySetup, proxyReady C.ProxyReady) *C.char {
state, stateErr := getVPNState()
if stateErr != nil {
return getCError(stateErr)
}
//export NewProxyguard
func NewProxyguard(c C.uintptr_t, lp C.int, tcpsp C.int, peer *C.char, proxySetup C.ProxySetup) (C.uintptr_t, *C.char) {
ck, err := getCookie(c)
if err != nil {
return getCError(err)
return 0, getCError(err)
}

proxyErr := state.StartProxyguard(ck, C.GoString(listen), int(tcpsp), C.GoString(peer), func(fd int, pips string) {
proxy, proxyErr := proxy.NewProxyguard(ck.Context(), int(lp), int(tcpsp), C.GoString(peer), func(fd int) {
if proxySetup == nil {
return
}
cpip := C.CString(pips)
C.call_proxy_setup(proxySetup, C.int(fd), cpip)
FreeString(cpip)
}, func() {
if proxyReady == nil {
return
}
C.call_proxy_ready(proxyReady)
C.call_proxy_setup(proxySetup, C.int(fd))
})
return getCError(proxyErr)
if proxyErr != nil {
return 0, getCError(proxyErr)
}
return C.uintptr_t(cgo.NewHandle(proxy)), nil
}

func getProxy(proxyH C.uintptr_t) (*proxy.Proxy, error) {
h := cgo.Handle(proxyH)
v, ok := h.Value().(*proxy.Proxy)
if !ok {
return nil, i18nerr.NewInternal("value is not a proxyguard wrapper")
}
return v, nil
}

//export ProxyguardTunnel
func ProxyguardTunnel(c C.uintptr_t, proxyH C.uintptr_t, wglisten C.int) *C.char {
ck, err := getCookie(c)
if err != nil {
return getCError(err)
}
pr, err := getProxy(proxyH)
if err != nil {
return getCError(err)
}
tunnelErr := pr.Tunnel(ck.Context(), int(wglisten))

// after tunneling is done, the handle should be deleted
cgo.Handle(proxyH).Delete()
return getCError(tunnelErr)
}

//export ProxyguardPeerIPs
func ProxyguardPeerIPs(proxyH C.uintptr_t) (*C.char, *C.char) {
pr, err := getProxy(proxyH)
if err != nil {
return nil, getCError(err)
}
pips := pr.PeerIPS

b, err := json.Marshal(pips)
if err != nil {
return nil, getCError(i18nerr.WrapInternal(err, "failed converting Peer IPs to JSON"))
}
ret, err := getReturnData(string(b))
if err != nil {
return nil, getCError(err)
}
return C.CString(ret), nil
}

// SetState sets the state of the state machine.
Expand Down
11 changes: 3 additions & 8 deletions exports/exports.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,7 @@ typedef int (*StateCB)(int oldstate, int newstate, void* data);
typedef void (*RefreshList)();
typedef void (*TokenGetter)(const char* server_id, int server_type, char* out, size_t len);
typedef void (*TokenSetter)(const char* server_id, int server_type, const char* tokens);
typedef void (*ProxySetup)(int fd, const char* peer_ips);
typedef void (*ProxyReady)();
typedef void (*ProxySetup)(int fd);

static long long int get_read_rx_bytes(ReadRxBytes read)
{
Expand All @@ -34,13 +33,9 @@ static void call_token_setter(TokenSetter setter, const char* server_id, int ser
{
setter(server_id, server_type, tokens);
}
static void call_proxy_setup(ProxySetup proxysetup, int fd, const char* peer_ips)
static void call_proxy_setup(ProxySetup proxysetup, int fd)
{
proxysetup(fd, peer_ips);
}
static void call_proxy_ready(ProxyReady ready)
{
ready();
proxysetup(fd);
}

#endif /* EXPORTS_H */
10 changes: 5 additions & 5 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ module github.com/eduvpn/eduvpn-common
go 1.18

require (
codeberg.org/eduVPN/proxyguard v0.0.0-20240924084349-c0250730030d
codeberg.org/eduVPN/proxyguard v0.0.0-20241028155505-e9ee8522373e
github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267
github.com/jwijenbergh/eduoauth-go v1.1.1
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
golang.org/x/text v0.18.0
golang.org/x/text v0.19.0
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6
)

Expand All @@ -18,7 +18,7 @@ require (
)

require (
golang.org/x/crypto v0.27.0 // indirect
golang.org/x/net v0.29.0
golang.org/x/sys v0.25.0 // indirect
golang.org/x/crypto v0.28.0 // indirect
golang.org/x/net v0.30.0
golang.org/x/sys v0.26.0 // indirect
)
Loading
Loading