You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

584 lines
16 KiB

#pragma once
#include <llarp/dht/messages/gotrouter.hpp>
#include <llarp/ev/ev.hpp>
#include <llarp/exit/session.hpp>
#include <llarp/net/ip_range_map.hpp>
#include <llarp/net/net.hpp>
#include <llarp/path/path.hpp>
#include <llarp/path/pathbuilder.hpp>
#include "address.hpp"
#include "handler.hpp"
#include "identity.hpp"
#include "pendingbuffer.hpp"
#include "protocol.hpp"
#include "sendcontext.hpp"
#include "service/protocol_type.hpp"
#include "session.hpp"
#include "lookup.hpp"
#include <llarp/util/compare_ptr.hpp>
#include <optional>
4 years ago
#include <unordered_map>
#include <variant>
#include <oxenc/variant.h>
#include "endpoint_types.hpp"
#include "llarp/endpoint_base.hpp"
#include "auth.hpp"
#include <llarp/vpn/egres_packet_router.hpp>
#include <llarp/dns/server.hpp>
// minimum time between introset shifts
6 years ago
namespace llarp
QUIC lokinet integration refactor Refactors how quic packets get handled: the actual tunnels now live in tunnel.hpp's TunnelManager which holds and manages all the quic<->tcp tunnelling. service::Endpoint now holds a TunnelManager rather than a quic::Server. We only need one quic server, but we need a separate quic client instance per outgoing quic tunnel, and TunnelManager handles all that glue now. Adds QUIC packet handling to get to the right tunnel code. This required multiplexing incoming quic packets, as follows: Adds a very small quic tunnel packet header of 4 bytes: [1, SPORT, ECN] for client->server packets, where SPORT is our source "port" (really: just a uint16_t unique quic instance identifier) or [2, DPORT, ECN] for server->client packets where the DPORT is the SPORT from above. (This also reworks ECN bits to get properly carried over lokinet.) We don't need a destination/source port for the server-side because there is only ever one quic server (and we know we're going to it when the first byte of the header is 1). Removes the config option for quic exposing ports; a full lokinet will simply accept anything incoming on quic and tunnel it to the requested port on the the local endpoint IP (this handler will come in a following commit). Replace ConvoTags with full addresses: we need to carry the port, as well, which the ConvoTag can't give us, so change those to more general SockAddrs from which we can extract both the ConvoTag *and* the port. Add a pending connection queue along with new quic-side handlers to call when a stream becomes available (TunnelManager uses this to wire up pending incoming conns with quic streams as streams open up). Completely get rid of tunnel_server/tunnel_client.cpp code; it is now moved to tunnel.hpp. Add listen()/forget() methods in TunnelManager for setting up quic listening sockets (for liblokinet usage). Add open()/close() methods in TunnelManager for spinning up new quic clients for outgoing quic connections.
4 years ago
namespace quic
class TunnelManager;
6 years ago
namespace service
struct AsyncKeyExchange;
struct Context;
struct EndpointState;
struct OutboundContext;
/// minimum interval for publishing introsets
inline constexpr auto IntrosetPublishInterval = path::intro_path_spread / 2;
/// how agressively should we retry publishing introset on failure
inline constexpr auto IntrosetPublishRetryCooldown = 1s;
/// how aggressively should we retry looking up introsets
inline constexpr auto IntrosetLookupCooldown = 250ms;
/// number of unique snodes we want to talk to do to ons lookups
inline constexpr size_t MIN_ENDPOINTS_FOR_LNS_LOOKUP = 2;
struct Endpoint : public path::Builder,
public ILookupHolder,
public IDataHandler,
public EndpointBase
6 years ago
Endpoint(AbstractRouter* r, Context* parent);
~Endpoint() override;
6 years ago
/// return true if we are ready to recv packets from the void.
/// really should be ReadyForInboundTraffic() but the diff is HUGE and we need to rewrite this
/// component anyways.
IsReady() const;
QueueRecvData(RecvDataEvent ev) override;
/// return true if our introset has expired intros
IntrosetIsStale() const;
/// construct parameters for notify hooks
virtual std::unordered_map<std::string, std::string>
NotifyParams() const;
virtual util::StatusObject
ExtractStatus() const;
SetHandler(IDataHandler* h);
6 years ago
virtual bool
Configure(const NetworkConfig& conf, const DnsConfig& dnsConf);
6 years ago
Tick(llarp_time_t now) override;
/// return true if we have a resolvable ip address
virtual bool
HasIfAddr() const
return false;
virtual std::string
GetIfName() const = 0;
GetBestConvoTagFor(std::variant<Address, RouterID> addr) const override;
/// get our ifaddr if it is set
5 years ago
virtual huint128_t
GetIfAddr() const
return {0};
/// get the exit policy for our exit if we have one
/// override me
virtual std::optional<net::TrafficPolicy>
GetExitPolicy() const
return std::nullopt;
/// get the ip ranges we claim to own
/// override me
virtual std::set<IPRange>
GetOwnedRanges() const
return {};
virtual void
ResetInternalState() override;
/// loop (via router)
/// use when sending any data on a path
const EventLoop_ptr&
Loop() override;
virtual bool
6 years ago
virtual bool
6 years ago
Name() const override;
6 years ago
LocalAddress() const override;
GetStatFor(AddressVariant_t remote) const override;
AllRemoteEndpoints() const override;
6 years ago
ShouldPublishDescriptors(llarp_time_t now) const override;
6 years ago
SRVRecordsChanged() override;
HandlePathDied(path::Path_ptr p) override;
virtual vpn::EgresPacketRouter*
return nullptr;
virtual vpn::NetworkInterface*
return nullptr;
6 years ago
PublishIntroSet(const EncryptedIntroSet& i, AbstractRouter* r) override;
6 years ago
const EncryptedIntroSet& i, AbstractRouter* r, path::Path_ptr p, uint64_t relayOrder);
HandleGotIntroMessage(std::shared_ptr<const dht::GotIntroMessage> msg) override;
HandleGotRouterMessage(std::shared_ptr<const dht::GotRouterMessage> msg) override;
HandleGotNameMessage(std::shared_ptr<const dht::GotNameMessage> msg) override;
6 years ago
HandleHiddenServiceFrame(path::Path_ptr p, const service::ProtocolFrame& msg);
6 years ago
SetEndpointAuth(std::shared_ptr<IAuthPolicy> policy);
/// sets how we authenticate with remote address
SetAuthInfoForEndpoint(Address remote, AuthInfo info);
virtual huint128_t ObtainIPForAddr(std::variant<Address, RouterID>) = 0;
/// get a key for ip address
virtual std::optional<std::variant<service::Address, RouterID>>
ObtainAddrForIP(huint128_t ip) const = 0;
6 years ago
// virtual bool
// HasServiceAddress(const AlignedBuffer< 32 >& addr) const = 0;
/// return true if we have a pending job to build to a hidden service but
/// it's not done yet
HasPendingPathToService(const Address& remote) const;
path::Path_ptr path, const PathID_t from, std::shared_ptr<ProtocolMessage> msg) override;
/// handle packet io from service node or hidden service to frontend
virtual bool
const ConvoTag tag, const llarp_buffer_t& pkt, ProtocolType t, uint64_t seqno) = 0;
// virtual bool
// HandleWriteIPPacket(const llarp_buffer_t& pkt,
// std::function< huint128_t(void) > getFromIP) = 0;
ProcessDataMessage(std::shared_ptr<ProtocolMessage> msg);
/// ensure that we know a router, looks up if it doesn't
EnsureRouterIsKnown(const RouterID& router);
/// lookup a router via closest path
5 years ago
LookupRouterAnon(RouterID router, RouterLookupHandler handler);
std::string name,
std::function<void(std::optional<std::variant<Address, RouterID>>)> resultHandler)
4 years ago
std::string name,
std::string service,
std::function<void(std::vector<dns::SRVData>)> resultHandler) override;
6 years ago
/// called on event loop pump
virtual void
Pump(llarp_time_t now);
/// stop this endpoint
Stop() override;
const Identity&
GetIdentity() const
return m_Identity;
MapExitRange(IPRange range, service::Address exit);
UnmapExitRange(IPRange range);
PutLookup(IServiceLookup* lookup, uint64_t txid) override;
HandlePathBuilt(path::Path_ptr path) override;
HandleDataDrop(path::Path_ptr p, const PathID_t& dst, uint64_t s);
CheckPathIsDead(path::Path_ptr p, llarp_time_t latency);
using PendingBufferQueue = std::deque<PendingBuffer>;
6 years ago
RemoveAllConvoTagsFor(service::Address remote);
5 years ago
WantsOutboundSession(const Address&) const override;
/// this MUST be called if you want to call EnsurePathTo on the given address
void MarkAddressOutbound(AddressVariant_t) override;
5 years ago
ShouldBundleRC() const override
return false;
BlacklistSNode(const RouterID snode) override;
/// maybe get an endpoint variant given its convo tag
std::optional<std::variant<Address, RouterID>>
GetEndpointWithConvoTag(ConvoTag t) const override;
6 years ago
HasConvoTag(const ConvoTag& t) const override;
ShouldBuildMore(llarp_time_t now) const override;
virtual llarp_time_t
PathAlignmentTimeout() const
constexpr auto DefaultPathAlignmentTimeout = 30s;
return DefaultPathAlignmentTimeout;
std::variant<Address, RouterID> addr,
std::function<void(std::optional<ConvoTag>)> hook,
llarp_time_t timeout) override;
6 years ago
// passed a sendto context when we have a path established otherwise
// nullptr if the path was not made before the timeout
using PathEnsureHook = std::function<void(Address, OutboundContext*)>;
6 years ago
static constexpr auto DefaultPathEnsureTimeout = 2s;
6 years ago
/// return false if we have already called this function before for this
/// address
const Address remote,
PathEnsureHook h,
llarp_time_t timeoutMS = DefaultPathEnsureTimeout);
6 years ago
using SNodeEnsureHook = std::function<void(const RouterID, exit::BaseSession_ptr, ConvoTag)>;
InformPathToService(const Address remote, OutboundContext* ctx);
/// ensure a path to a service node by public key
EnsurePathToSNode(const RouterID remote, SNodeEnsureHook h);
/// return true if this endpoint is trying to lookup this router right now
HasPendingRouterLookup(const RouterID remote) const;
HasPathToSNode(const RouterID remote) const;
HasFlowToService(const Address remote) const;
PutSenderFor(const ConvoTag& tag, const ServiceInfo& info, bool inbound) override;
HasInboundConvo(const Address& addr) const override;
HasOutboundConvo(const Address& addr) const override;
GetCachedSessionKeyFor(const ConvoTag& remote, SharedSecret& secret) const override;
PutCachedSessionKeyFor(const ConvoTag& remote, const SharedSecret& secret) override;
GetSenderFor(const ConvoTag& remote, ServiceInfo& si) const override;
PutIntroFor(const ConvoTag& remote, const Introduction& intro) override;
GetIntroFor(const ConvoTag& remote, Introduction& intro) const override;
RemoveConvoTag(const ConvoTag& remote) override;
ConvoTagTX(const ConvoTag& remote) override;
ConvoTagRX(const ConvoTag& remote) override;
6 years ago
PutReplyIntroFor(const ConvoTag& remote, const Introduction& intro) override;
6 years ago
GetReplyIntroFor(const ConvoTag& remote, Introduction& intro) const override;
6 years ago
GetConvoTagsForService(const Address& si, std::set<ConvoTag>& tag) const override;
PutNewOutboundContext(const IntroSet& introset, llarp_time_t timeLeftToAlign);
GetSeqNoForConvo(const ConvoTag& tag);
/// count unique endpoints we are talking to
UniqueEndpoints() const;
HasExit() const;
GetHopsForBuild() override;
GetHopsForBuildWithEndpoint(RouterID endpoint);
virtual void
PathBuildStarted(path::Path_ptr path) override;
6 years ago
virtual void
virtual void
4 years ago
std::shared_ptr<ProtocolMessage> msg, std::function<void(AuthResult)> hook);
SendAuthResult(path::Path_ptr path, PathID_t replyPath, ConvoTag tag, AuthResult st);
ResetConvoTag(ConvoTag tag, path::Path_ptr path, PathID_t from);
const std::set<RouterID>&
SnodeBlacklist() const;
// Looks up the ConvoTag and, if it exists, calls SendToOrQueue to send it to a remote client
// or a snode (or nothing, if the convo tag is unknown).
SendToOrQueue(ConvoTag tag, const llarp_buffer_t& payload, ProtocolType t) override;
// Send a to (or queues for sending) to either an address or router id
const std::variant<Address, RouterID>& addr,
const llarp_buffer_t& payload,
ProtocolType t);
// Sends to (or queues for sending) to a remote client
SendToOrQueue(const Address& addr, const llarp_buffer_t& payload, ProtocolType t);
// Sends to (or queues for sending) to a router
SendToOrQueue(const RouterID& addr, const llarp_buffer_t& payload, ProtocolType t);
MaybeGetAuthInfoForEndpoint(service::Address addr);
QUIC lokinet integration refactor Refactors how quic packets get handled: the actual tunnels now live in tunnel.hpp's TunnelManager which holds and manages all the quic<->tcp tunnelling. service::Endpoint now holds a TunnelManager rather than a quic::Server. We only need one quic server, but we need a separate quic client instance per outgoing quic tunnel, and TunnelManager handles all that glue now. Adds QUIC packet handling to get to the right tunnel code. This required multiplexing incoming quic packets, as follows: Adds a very small quic tunnel packet header of 4 bytes: [1, SPORT, ECN] for client->server packets, where SPORT is our source "port" (really: just a uint16_t unique quic instance identifier) or [2, DPORT, ECN] for server->client packets where the DPORT is the SPORT from above. (This also reworks ECN bits to get properly carried over lokinet.) We don't need a destination/source port for the server-side because there is only ever one quic server (and we know we're going to it when the first byte of the header is 1). Removes the config option for quic exposing ports; a full lokinet will simply accept anything incoming on quic and tunnel it to the requested port on the the local endpoint IP (this handler will come in a following commit). Replace ConvoTags with full addresses: we need to carry the port, as well, which the ConvoTag can't give us, so change those to more general SockAddrs from which we can extract both the ConvoTag *and* the port. Add a pending connection queue along with new quic-side handlers to call when a stream becomes available (TunnelManager uses this to wire up pending incoming conns with quic streams as streams open up). Completely get rid of tunnel_server/tunnel_client.cpp code; it is now moved to tunnel.hpp. Add listen()/forget() methods in TunnelManager for setting up quic listening sockets (for liblokinet usage). Add open()/close() methods in TunnelManager for spinning up new quic clients for outgoing quic connections.
4 years ago
/// Returns a pointer to the quic::Tunnel object handling quic connections for this endpoint.
/// Returns nullptr if quic is not supported.
GetQUICTunnel() override;
QUIC lokinet integration refactor Refactors how quic packets get handled: the actual tunnels now live in tunnel.hpp's TunnelManager which holds and manages all the quic<->tcp tunnelling. service::Endpoint now holds a TunnelManager rather than a quic::Server. We only need one quic server, but we need a separate quic client instance per outgoing quic tunnel, and TunnelManager handles all that glue now. Adds QUIC packet handling to get to the right tunnel code. This required multiplexing incoming quic packets, as follows: Adds a very small quic tunnel packet header of 4 bytes: [1, SPORT, ECN] for client->server packets, where SPORT is our source "port" (really: just a uint16_t unique quic instance identifier) or [2, DPORT, ECN] for server->client packets where the DPORT is the SPORT from above. (This also reworks ECN bits to get properly carried over lokinet.) We don't need a destination/source port for the server-side because there is only ever one quic server (and we know we're going to it when the first byte of the header is 1). Removes the config option for quic exposing ports; a full lokinet will simply accept anything incoming on quic and tunnel it to the requested port on the the local endpoint IP (this handler will come in a following commit). Replace ConvoTags with full addresses: we need to carry the port, as well, which the ConvoTag can't give us, so change those to more general SockAddrs from which we can extract both the ConvoTag *and* the port. Add a pending connection queue along with new quic-side handlers to call when a stream becomes available (TunnelManager uses this to wire up pending incoming conns with quic streams as streams open up). Completely get rid of tunnel_server/tunnel_client.cpp code; it is now moved to tunnel.hpp. Add listen()/forget() methods in TunnelManager for setting up quic listening sockets (for liblokinet usage). Add open()/close() methods in TunnelManager for spinning up new quic clients for outgoing quic connections.
4 years ago
/// parent context that owns this endpoint
Context* const context;
5 years ago
virtual bool
SupportsV6() const = 0;
6 years ago
GenerateLookupByTag(const Tag& tag);
PrefetchServicesByTag(const Tag& tag);
HandleVerifyGotRouter(dht::GotRouterMessage_constptr msg, RouterID id, bool valid);
const service::Address& addr,
std::optional<IntroSet> i,
const RouterID& endpoint,
llarp_time_t timeLeft,
uint64_t relayOrder);
6 years ago
DoNetworkIsolation(bool failed);
6 years ago
virtual bool
// XXX: override me
return true;
6 years ago
virtual bool
// XXX: override me
return false;
/// return true if we are ready to do outbound and inbound traffic
ReadyForNetwork() const;
ReadyToDoLookup(size_t num_paths) const;
GetUniqueEndpointsForLookup() const;
IDataHandler* m_DataHandler = nullptr;
Identity m_Identity;
net::IPRangeMap<service::Address> m_ExitMap;
bool m_PublishIntroSet = true;
std::unique_ptr<EndpointState> m_state;
4 years ago
std::shared_ptr<IAuthPolicy> m_AuthPolicy;
std::unordered_map<Address, AuthInfo> m_RemoteAuthInfos;
QUIC lokinet integration refactor Refactors how quic packets get handled: the actual tunnels now live in tunnel.hpp's TunnelManager which holds and manages all the quic<->tcp tunnelling. service::Endpoint now holds a TunnelManager rather than a quic::Server. We only need one quic server, but we need a separate quic client instance per outgoing quic tunnel, and TunnelManager handles all that glue now. Adds QUIC packet handling to get to the right tunnel code. This required multiplexing incoming quic packets, as follows: Adds a very small quic tunnel packet header of 4 bytes: [1, SPORT, ECN] for client->server packets, where SPORT is our source "port" (really: just a uint16_t unique quic instance identifier) or [2, DPORT, ECN] for server->client packets where the DPORT is the SPORT from above. (This also reworks ECN bits to get properly carried over lokinet.) We don't need a destination/source port for the server-side because there is only ever one quic server (and we know we're going to it when the first byte of the header is 1). Removes the config option for quic exposing ports; a full lokinet will simply accept anything incoming on quic and tunnel it to the requested port on the the local endpoint IP (this handler will come in a following commit). Replace ConvoTags with full addresses: we need to carry the port, as well, which the ConvoTag can't give us, so change those to more general SockAddrs from which we can extract both the ConvoTag *and* the port. Add a pending connection queue along with new quic-side handlers to call when a stream becomes available (TunnelManager uses this to wire up pending incoming conns with quic streams as streams open up). Completely get rid of tunnel_server/tunnel_client.cpp code; it is now moved to tunnel.hpp. Add listen()/forget() methods in TunnelManager for setting up quic listening sockets (for liblokinet usage). Add open()/close() methods in TunnelManager for spinning up new quic clients for outgoing quic connections.
4 years ago
std::unique_ptr<quic::TunnelManager> m_quic;
/// (lns name, optional exit range, optional auth info) for looking up on startup
std::unordered_map<std::string, std::pair<std::optional<IPRange>, std::optional<AuthInfo>>>
RecvPacketQueue_t m_InboundTrafficQueue;
SendMessageQueue_t m_SendQueue;
llarp_time_t m_LastIntrosetRegenAttempt = 0s;
friend struct EndpointUtil;
// clang-format off
const IntroSet& introSet() const;
IntroSet& introSet();
using ConvoMap = std::unordered_map<ConvoTag, Session>;
const ConvoMap& Sessions() const;
ConvoMap& Sessions();
// clang-format on
thread::Queue<RecvDataEvent> m_RecvQueue;
/// for rate limiting introset lookups
util::DecayingHashSet<Address> m_IntrosetLookupFilter;
6 years ago
using Endpoint_ptr = std::shared_ptr<Endpoint>;
6 years ago
} // namespace service
} // namespace llarp