Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-03-31 04:23:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

misc networking fixes

Browse Source
This commit is contained in:
Aiden McClelland
2025-11-14 17:56:24 -07:00
parent 10c14b4d0a
commit df636b7a78
16 changed files with 171 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@@ -160,7 +160,7 @@ results/$(REGISTRY_BASENAME).deb: dpkg-build.sh $(call ls-files,debian/start-reg
tunnel-deb: results/$(TUNNEL_BASENAME).deb tunnel-deb: results/$(TUNNEL_BASENAME).deb
results/$(TUNNEL_BASENAME).deb: dpkg-build.sh $(call ls-files,debian/start-tunnel) $(TUNNEL_TARGETS) results/$(TUNNEL_BASENAME).deb: dpkg-build.sh $(call ls-files,debian/start-tunnel) $(TUNNEL_TARGETS)
PROJECT=start-tunnel PLATFORM=$(ARCH) REQUIRES=debian DEPENDS=wireguard-tools,iptables ./build/os-compat/run-compat.sh ./dpkg-build.sh PROJECT=start-tunnel PLATFORM=$(ARCH) REQUIRES=debian DEPENDS=wireguard-tools,iptables,conntrack ./build/os-compat/run-compat.sh ./dpkg-build.sh
$(IMAGE_TYPE): results/$(BASENAME).$(IMAGE_TYPE) $(IMAGE_TYPE): results/$(BASENAME).$(IMAGE_TYPE)

1
build/dpkg-deps/depends
View File

@@ -7,6 +7,7 @@ bmon
btrfs-progs btrfs-progs
ca-certificates ca-certificates
cifs-utils cifs-utils
conntrack
cryptsetup cryptsetup
curl curl
dmidecode dmidecode

33
build/lib/scripts/forward-port
View File

@@ -5,34 +5,25 @@ if [ -z "$sip" ] || [ -z "$dip" ] || [ -z "$sport" ] || [ -z "$dport" ]; then
exit 1 exit 1
fi fi
# Helper function to check if a rule exists rule_exists() {
nat_rule_exists() {
iptables -t nat -C "$@" 2>/dev/null iptables -t nat -C "$@" 2>/dev/null
} }
# Helper function to add or delete a rule idempotently apply_rule() {
# Usage: apply_rule [add|del] <iptables args...> if [ "$UNDO" = "1" ]; then
apply_nat_rule() {
local action="$1"
shift
if [ "$action" = "add" ]; then
# Only add if rule doesn't exist
if ! rule_exists "$@"; then
iptables -t nat -A "$@"
fi
elif [ "$action" = "del" ]; then
if rule_exists "$@"; then if rule_exists "$@"; then
iptables -t nat -D "$@" iptables -t nat -D "$@"
fi fi
else
if ! rule_exists "$@"; then
iptables -t nat -A "$@"
fi
fi fi
} }
if [ "$UNDO" = 1 ]; then apply_rule PREROUTING -p tcp -d $sip --dport $sport -j DNAT --to-destination $dip:$dport
action="del" apply_rule OUTPUT -p tcp -d $sip --dport $sport -j DNAT --to-destination $dip:$dport
else
action="add"
fi
apply_nat_rule "$action" PREROUTING -p tcp -d $sip --dport $sport -j DNAT --to-destination $dip:$dport if [ "$UNDO" = 1 ]; then
apply_nat_rule "$action" OUTPUT -p tcp -d $sip --dport $sport -j DNAT --to-destination $dip:$dport conntrack -D -p tcp -d $sip --dport $sport
fi

1
core/Cargo.lock generated
View File

@@ -7916,7 +7916,6 @@ dependencies = [
"async-compression", "async-compression",
"async-stream", "async-stream",
"async-trait", "async-trait",
"aws-lc-sys",
"axum 0.8.6", "axum 0.8.6",
"backtrace-on-stack-overflow", "backtrace-on-stack-overflow",
"barrage", "barrage",

13
core/build-cli.sh
View File

@@ -2,6 +2,8 @@
cd "$(dirname "${BASH_SOURCE[0]}")" cd "$(dirname "${BASH_SOURCE[0]}")"
source ./builder-alias.sh
set -ea set -ea
shopt -s expand_aliases shopt -s expand_aliases
@@ -18,15 +20,20 @@ if [ "$ARCH" = "arm64" ]; then
ARCH="aarch64" ARCH="aarch64"
fi fi
RUST_ARCH="$ARCH"
if [ "$ARCH" = "riscv64" ]; then
RUST_ARCH="riscv64gc"
fi
if [ -z "${KERNEL_NAME:-}" ]; then if [ -z "${KERNEL_NAME:-}" ]; then
KERNEL_NAME=$(uname -s) KERNEL_NAME=$(uname -s)
fi fi
if [ -z "${TARGET:-}" ]; then if [ -z "${TARGET:-}" ]; then
if [ "$KERNEL_NAME" = "Linux" ]; then if [ "$KERNEL_NAME" = "Linux" ]; then
TARGET="$ARCH-unknown-linux-musl" TARGET="$RUST_ARCH-unknown-linux-musl"
elif [ "$KERNEL_NAME" = "Darwin" ]; then elif [ "$KERNEL_NAME" = "Darwin" ]; then
TARGET="$ARCH-apple-darwin" TARGET="$RUST_ARCH-apple-darwin"
else else
>&2 echo "unknown kernel $KERNEL_NAME" >&2 echo "unknown kernel $KERNEL_NAME"
exit 1 exit 1
@@ -53,4 +60,4 @@ fi
echo "FEATURES=\"$FEATURES\"" echo "FEATURES=\"$FEATURES\""
echo "RUSTFLAGS=\"$RUSTFLAGS\"" echo "RUSTFLAGS=\"$RUSTFLAGS\""
cross build --manifest-path=./core/Cargo.toml $BUILD_FLAGS --no-default-features --features $FEATURE_ARGS --locked --bin start-cli --target=$TARGET rust-zig-builder cargo zigbuild --manifest-path=./core/Cargo.toml $BUILD_FLAGS --no-default-features --features $FEATURE_ARGS --locked --bin start-cli --target=$TARGET

7
core/builder-alias.sh
View File

@@ -1,3 +1,8 @@
#!/bin/bash #!/bin/bash
alias 'rust-musl-builder'='docker run $USE_TTY --rm -e "RUSTFLAGS=$RUSTFLAGS" -e SCCACHE_GHA_ENABLED -e SCCACHE_GHA_VERSION -e ACTIONS_RESULTS_URL -e ACTIONS_RUNTIME_TOKEN -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$HOME/.cargo/git":/root/.cargo/git -v "$HOME/.cache/sccache":/root/.cache/sccache -v "$(pwd)":/home/rust/src -w /home/rust/src -P start9/rust-musl-cross:$ARCH-musl' USE_TTY=
if tty -s; then
USE_TTY="-it"
fi
alias 'rust-zig-builder'='docker run '"$USE_TTY"' --rm -e "RUSTFLAGS=$RUSTFLAGS" -e "CFLAGS=-D_FORTIFY_SOURCE=2" -e "CXXFLAGS=-D_FORTIFY_SOURCE=2" -e SCCACHE_GHA_ENABLED -e SCCACHE_GHA_VERSION -e ACTIONS_RESULTS_URL -e ACTIONS_RUNTIME_TOKEN -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$HOME/.cargo/git":/root/.cargo/git -v "$HOME/.cache/sccache":/root/.cache/sccache -v "$(pwd)":/workdir -w /workdir -P start9/cargo-zigbuild'

3
core/startos/Cargo.toml
View File

@@ -93,7 +93,6 @@ async-compression = { version = "0.4.32", features = [
] } ] }
async-stream = "0.3.5" async-stream = "0.3.5"
async-trait = "0.1.74" async-trait = "0.1.74"
aws-lc-sys = { version = "0.32", features = ["bindgen"] }
axum = { version = "0.8.4", features = ["ws"] } axum = { version = "0.8.4", features = ["ws"] }
backtrace-on-stack-overflow = { version = "0.3.0", optional = true } backtrace-on-stack-overflow = { version = "0.3.0", optional = true }
barrage = "0.2.3" barrage = "0.2.3"
@@ -252,7 +251,7 @@ termion = "4.0.5"
textwrap = "0.16.1" textwrap = "0.16.1"
thiserror = "2.0.12" thiserror = "2.0.12"
tokio = { version = "1.38.1", features = ["full"] } tokio = { version = "1.38.1", features = ["full"] }
tokio-rustls = "0.26.0" tokio-rustls = "0.26.4"
tokio-stream = { version = "0.1.14", features = ["io-util", "net", "sync"] } tokio-stream = { version = "0.1.14", features = ["io-util", "net", "sync"] }
tokio-tar = { git = "https://github.com/dr-bonez/tokio-tar.git" } tokio-tar = { git = "https://github.com/dr-bonez/tokio-tar.git" }
tokio-tungstenite = { version = "0.26.2", features = ["native-tls", "url"] } tokio-tungstenite = { version = "0.26.2", features = ["native-tls", "url"] }

2
core/startos/src/bins/tunnel.rs
View File

@@ -22,7 +22,7 @@ use crate::tunnel::tunnel_router;
use crate::tunnel::web::TunnelCertHandler; use crate::tunnel::web::TunnelCertHandler;
use crate::util::logger::LOGGER; use crate::util::logger::LOGGER;
#[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord)] #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
enum WebserverListener { enum WebserverListener {
Http, Http,
Https(SocketAddr), Https(SocketAddr),

4
core/startos/src/net/forward.rs
View File

@@ -437,7 +437,8 @@ impl InterfaceForwardState {
for mut entry in self.state.iter_mut() { for mut entry in self.state.iter_mut() {
entry.gc(ip_info, &self.port_forward).await?; entry.gc(ip_info, &self.port_forward).await?;
} }
Ok(())
self.port_forward.gc().await
} }
} }
@@ -537,7 +538,6 @@ impl InterfacePortForwardController {
_ = ip_info.changed() => { _ = ip_info.changed() => {
interfaces = ip_info.read(); interfaces = ip_info.read();
state.sync(&interfaces).await.log_err(); state.sync(&interfaces).await.log_err();
state.port_forward.gc().await.log_err();
} }
} }
} }

45
core/startos/src/net/gateway.rs
View File

@@ -1,5 +1,6 @@
use std::any::Any; use std::any::Any;
use std::collections::{BTreeMap, BTreeSet, HashMap}; use std::collections::{BTreeMap, BTreeSet, HashMap};
use std::fmt;
use std::future::Future; use std::future::Future;
use std::net::{IpAddr, Ipv4Addr, SocketAddr, SocketAddrV6}; use std::net::{IpAddr, Ipv4Addr, SocketAddr, SocketAddrV6};
use std::sync::{Arc, Weak}; use std::sync::{Arc, Weak};
@@ -1551,6 +1552,14 @@ pub struct NetworkInterfaceListenerAcceptMetadata<B: Bind> {
pub inner: <B::Accept as Accept>::Metadata, pub inner: <B::Accept as Accept>::Metadata,
pub info: GatewayInfo, pub info: GatewayInfo,
} }
impl<B: Bind> fmt::Debug for NetworkInterfaceListenerAcceptMetadata<B> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("NetworkInterfaceListenerAcceptMetadata")
.field("inner", &self.inner)
.field("info", &self.info)
.finish()
}
}
impl<B: Bind> Clone for NetworkInterfaceListenerAcceptMetadata<B> impl<B: Bind> Clone for NetworkInterfaceListenerAcceptMetadata<B>
where where
<B::Accept as Accept>::Metadata: Clone, <B::Accept as Accept>::Metadata: Clone,
@@ -1627,3 +1636,39 @@ where
Self::new(Some(Either::Left(listener))) Self::new(Some(Either::Left(listener)))
} }
} }
#[test]
fn test_filter() {
use crate::net::host::binding::NetInfo;
let wg1 = "wg1".parse::<GatewayId>().unwrap();
assert!(!InterfaceFilter::filter(
&AndFilter(
NetInfo {
private_disabled: [wg1.clone()].into_iter().collect(),
public_enabled: Default::default(),
assigned_port: None,
assigned_ssl_port: None,
},
AndFilter(IdFilter(wg1.clone()), PublicFilter { public: false }),
)
.into_dyn(),
&wg1,
&NetworkInterfaceInfo {
name: None,
public: None,
secure: None,
ip_info: Some(Arc::new(IpInfo {
name: "".into(),
scope_id: 3,
device_type: Some(NetworkInterfaceType::Wireguard),
subnets: ["10.59.0.2/24".parse::<IpNet>().unwrap()]
.into_iter()
.collect(),
lan_ip: Default::default(),
wan_ip: None,
ntp_servers: Default::default(),
dns_servers: Default::default(),
})),
},
));
}

50
core/startos/src/net/vhost.rs
View File

@@ -1,5 +1,6 @@
use std::any::Any; use std::any::Any;
use std::collections::{BTreeMap, BTreeSet}; use std::collections::{BTreeMap, BTreeSet};
use std::fmt;
use std::net::{IpAddr, SocketAddr}; use std::net::{IpAddr, SocketAddr};
use std::sync::{Arc, Weak}; use std::sync::{Arc, Weak};
use std::task::{Poll, ready}; use std::task::{Poll, ready};
@@ -41,6 +42,7 @@ use crate::net::tls::{
use crate::net::web_server::{Accept, AcceptStream, ExtractVisitor, TcpMetadata, extract}; use crate::net::web_server::{Accept, AcceptStream, ExtractVisitor, TcpMetadata, extract};
use crate::prelude::*; use crate::prelude::*;
use crate::util::collections::EqSet; use crate::util::collections::EqSet;
use crate::util::future::WeakFuture;
use crate::util::serde::{HandlerExtSerde, MaybeUtf8String, display_serializable}; use crate::util::serde::{HandlerExtSerde, MaybeUtf8String, display_serializable};
use crate::util::sync::{SyncMutex, Watch}; use crate::util::sync::{SyncMutex, Watch};
@@ -134,7 +136,6 @@ impl VHostController {
pub fn dump_table( pub fn dump_table(
&self, &self,
) -> BTreeMap<JsonKey<u16>, BTreeMap<JsonKey<Option<InternedString>>, EqSet<String>>> { ) -> BTreeMap<JsonKey<u16>, BTreeMap<JsonKey<Option<InternedString>>, EqSet<String>>> {
let ip_info = self.interfaces.watcher.ip_info();
self.servers.peek(|s| { self.servers.peek(|s| {
s.iter() s.iter()
.map(|(k, v)| { .map(|(k, v)| {
@@ -187,7 +188,7 @@ pub trait VHostTarget<A: Accept>: std::fmt::Debug + Eq {
hello: &'a ClientHello<'a>, hello: &'a ClientHello<'a>,
metadata: &'a <A as Accept>::Metadata, metadata: &'a <A as Accept>::Metadata,
) -> impl Future<Output = Option<(ServerConfig, Self::PreprocessRes)>> + Send + 'a; ) -> impl Future<Output = Option<(ServerConfig, Self::PreprocessRes)>> + Send + 'a;
fn handle_stream(&self, stream: AcceptStream, prev: Self::PreprocessRes); fn handle_stream(&self, stream: AcceptStream, prev: Self::PreprocessRes, rc: Weak<()>);
} }
pub trait DynVHostTargetT<A: Accept>: std::fmt::Debug + Any { pub trait DynVHostTargetT<A: Accept>: std::fmt::Debug + Any {
@@ -199,7 +200,7 @@ pub trait DynVHostTargetT<A: Accept>: std::fmt::Debug + Any {
hello: &'a ClientHello<'a>, hello: &'a ClientHello<'a>,
metadata: &'a <A as Accept>::Metadata, metadata: &'a <A as Accept>::Metadata,
) -> BoxFuture<'a, Option<(ServerConfig, Box<dyn Any + Send>)>>; ) -> BoxFuture<'a, Option<(ServerConfig, Box<dyn Any + Send>)>>;
fn handle_stream(&self, stream: AcceptStream, prev: Box<dyn Any + Send>); fn handle_stream(&self, stream: AcceptStream, prev: Box<dyn Any + Send>, rc: Weak<()>);
fn eq(&self, other: &dyn DynVHostTargetT<A>) -> bool; fn eq(&self, other: &dyn DynVHostTargetT<A>) -> bool;
} }
impl<A: Accept, T: VHostTarget<A> + 'static> DynVHostTargetT<A> for T { impl<A: Accept, T: VHostTarget<A> + 'static> DynVHostTargetT<A> for T {
@@ -219,9 +220,9 @@ impl<A: Accept, T: VHostTarget<A> + 'static> DynVHostTargetT<A> for T {
.map(|o| o.map(|(cfg, res)| (cfg, Box::new(res) as Box<dyn Any + Send>))) .map(|o| o.map(|(cfg, res)| (cfg, Box::new(res) as Box<dyn Any + Send>)))
.boxed() .boxed()
} }
fn handle_stream(&self, stream: AcceptStream, prev: Box<dyn Any + Send>) { fn handle_stream(&self, stream: AcceptStream, prev: Box<dyn Any + Send>, rc: Weak<()>) {
if let Ok(prev) = prev.downcast() { if let Ok(prev) = prev.downcast() {
VHostTarget::handle_stream(self, stream, *prev); VHostTarget::handle_stream(self, stream, *prev, rc);
} }
} }
fn eq(&self, other: &dyn DynVHostTargetT<A>) -> bool { fn eq(&self, other: &dyn DynVHostTargetT<A>) -> bool {
@@ -251,21 +252,27 @@ impl<A: Accept + 'static> PartialEq for DynVHostTarget<A> {
} }
} }
impl<A: Accept + 'static> Eq for DynVHostTarget<A> {} impl<A: Accept + 'static> Eq for DynVHostTarget<A> {}
struct Preprocessed<A: Accept>(DynVHostTarget<A>, Box<dyn Any + Send>); struct Preprocessed<A: Accept>(DynVHostTarget<A>, Weak<()>, Box<dyn Any + Send>);
impl<A: Accept> fmt::Debug for Preprocessed<A> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
(self.0).0.fmt(f)
}
}
impl<A: Accept + 'static> DynVHostTarget<A> { impl<A: Accept + 'static> DynVHostTarget<A> {
async fn into_preprocessed( async fn into_preprocessed(
self, self,
rc: Weak<()>,
prev: ServerConfig, prev: ServerConfig,
hello: &ClientHello<'_>, hello: &ClientHello<'_>,
metadata: &<A as Accept>::Metadata, metadata: &<A as Accept>::Metadata,
) -> Option<(ServerConfig, Preprocessed<A>)> { ) -> Option<(ServerConfig, Preprocessed<A>)> {
let (cfg, res) = self.0.preprocess(prev, hello, metadata).await?; let (cfg, res) = self.0.preprocess(prev, hello, metadata).await?;
Some((cfg, Preprocessed(self, res))) Some((cfg, Preprocessed(self, rc, res)))
} }
} }
impl<A: Accept + 'static> Preprocessed<A> { impl<A: Accept + 'static> Preprocessed<A> {
fn finish(self, stream: AcceptStream) { fn finish(self, stream: AcceptStream) {
(self.0).0.handle_stream(stream, self.1); (self.0).0.handle_stream(stream, self.2, self.1);
} }
} }
@@ -279,6 +286,7 @@ pub struct ProxyTarget {
impl PartialEq for ProxyTarget { impl PartialEq for ProxyTarget {
fn eq(&self, other: &Self) -> bool { fn eq(&self, other: &Self) -> bool {
self.filter == other.filter self.filter == other.filter
&& self.acme == other.acme
&& self.addr == other.addr && self.addr == other.addr
&& self.connect_ssl.as_ref().map(Arc::as_ptr) && self.connect_ssl.as_ref().map(Arc::as_ptr)
== other.connect_ssl.as_ref().map(Arc::as_ptr) == other.connect_ssl.as_ref().map(Arc::as_ptr)
@@ -294,6 +302,9 @@ where
type PreprocessRes = AcceptStream; type PreprocessRes = AcceptStream;
fn filter(&self, metadata: &<A as Accept>::Metadata) -> bool { fn filter(&self, metadata: &<A as Accept>::Metadata) -> bool {
let info = extract::<GatewayInfo, _>(metadata); let info = extract::<GatewayInfo, _>(metadata);
if info.is_none() {
tracing::warn!("No GatewayInfo on metadata");
}
info.as_ref() info.as_ref()
.map_or(true, |i| self.filter.filter(&i.id, &i.info)) .map_or(true, |i| self.filter.filter(&i.id, &i.info))
} }
@@ -304,7 +315,7 @@ where
&'a self, &'a self,
mut prev: ServerConfig, mut prev: ServerConfig,
hello: &'a ClientHello<'a>, hello: &'a ClientHello<'a>,
metadata: &'a <A as Accept>::Metadata, _: &'a <A as Accept>::Metadata,
) -> Option<(ServerConfig, Self::PreprocessRes)> { ) -> Option<(ServerConfig, Self::PreprocessRes)> {
let tcp_stream = TcpStream::connect(self.addr) let tcp_stream = TcpStream::connect(self.addr)
.await .await
@@ -345,8 +356,10 @@ where
} }
Some((prev, Box::pin(tcp_stream))) Some((prev, Box::pin(tcp_stream)))
} }
fn handle_stream(&self, mut stream: AcceptStream, mut prev: Self::PreprocessRes) { fn handle_stream(&self, mut stream: AcceptStream, mut prev: Self::PreprocessRes, rc: Weak<()>) {
tokio::spawn(async move { tokio::io::copy_bidirectional(&mut stream, &mut prev).await }); tokio::spawn(async move {
WeakFuture::new(rc, tokio::io::copy_bidirectional(&mut stream, &mut prev)).await
});
} }
} }
@@ -436,16 +449,16 @@ where
return Some(prev); return Some(prev);
} }
let target = self.0.peek(|m| { let (target, rc) = self.0.peek(|m| {
m.get(&hello.server_name().map(InternedString::from)) m.get(&hello.server_name().map(InternedString::from))
.into_iter() .into_iter()
.flatten() .flatten()
.filter(|(_, rc)| rc.strong_count() > 0) .filter(|(_, rc)| rc.strong_count() > 0)
.find(|(t, _)| t.0.filter(metadata)) .find(|(t, _)| t.0.filter(metadata))
.map(|(e, _)| e.clone()) .map(|(t, rc)| (t.clone(), rc.clone()))
})?; })?;
let (prev, store) = target.into_preprocessed(prev, hello, metadata).await?; let (prev, store) = target.into_preprocessed(rc, prev, hello, metadata).await?;
self.1 = Some(store); self.1 = Some(store);
@@ -480,6 +493,14 @@ struct VHostListenerMetadata<A: Accept> {
inner: TlsMetadata<A::Metadata>, inner: TlsMetadata<A::Metadata>,
preprocessed: Preprocessed<A>, preprocessed: Preprocessed<A>,
} }
impl<A: Accept> fmt::Debug for VHostListenerMetadata<A> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("VHostListenerMetadata")
.field("inner", &self.inner)
.field("preprocessed", &self.preprocessed)
.finish()
}
}
impl<M, A> Accept for VHostListener<M, A> impl<M, A> Accept for VHostListener<M, A>
where where
for<'a> M: HasModel<Model = Model<M>> for<'a> M: HasModel<Model = Model<M>>
@@ -637,6 +658,7 @@ impl<A: Accept> VHostServer<A> {
changed = true; changed = true;
Arc::new(()) Arc::new(())
}; };
targets.retain(|_, rc| rc.strong_count() > 0);
targets.insert(target, Arc::downgrade(&rc)); targets.insert(target, Arc::downgrade(&rc));
writable.insert(hostname, targets); writable.insert(hostname, targets);
res = Ok(rc); res = Ok(rc);

53
core/startos/src/net/web_server.rs
View File

@@ -1,3 +1,4 @@
use core::fmt;
use std::any::Any; use std::any::Any;
use std::collections::BTreeMap; use std::collections::BTreeMap;
use std::future::Future; use std::future::Future;
@@ -68,7 +69,7 @@ pub fn extract<
metadata: &M, metadata: &M,
) -> Option<T> { ) -> Option<T> {
let mut visitor = ExtractVisitor(None); let mut visitor = ExtractVisitor(None);
visitor.visit(metadata); metadata.visit(&mut visitor);
visitor.0 visitor.0
} }
@@ -84,7 +85,7 @@ impl<V: MetadataVisitor> Visit<V> for TcpMetadata {
} }
pub trait Accept { pub trait Accept {
type Metadata; type Metadata: fmt::Debug;
fn poll_accept( fn poll_accept(
&mut self, &mut self,
cx: &mut std::task::Context<'_>, cx: &mut std::task::Context<'_>,
@@ -144,7 +145,7 @@ where
} }
} }
#[derive(Clone, VisitFields)] #[derive(Debug, Clone, VisitFields)]
pub struct MapListenerMetadata<K, M> { pub struct MapListenerMetadata<K, M> {
pub inner: M, pub inner: M,
pub key: K, pub key: K,
@@ -162,7 +163,7 @@ where
impl<K, A> Accept for BTreeMap<K, A> impl<K, A> Accept for BTreeMap<K, A>
where where
K: Clone, K: Clone + fmt::Debug,
A: Accept, A: Accept,
{ {
type Metadata = MapListenerMetadata<K, A::Metadata>; type Metadata = MapListenerMetadata<K, A::Metadata>;
@@ -218,40 +219,38 @@ trait DynAcceptT: Send + Sync {
fn poll_accept( fn poll_accept(
&mut self, &mut self,
cx: &mut std::task::Context<'_>, cx: &mut std::task::Context<'_>,
) -> Poll< ) -> Poll<Result<(DynMetadata, AcceptStream), Error>>;
Result<
(
Box<dyn for<'a> Visit<ExtensionVisitor<'a>> + Send + Sync>,
AcceptStream,
),
Error,
>,
>;
} }
impl<A> DynAcceptT for A impl<A> DynAcceptT for A
where where
A: Accept + Send + Sync, A: Accept + Send + Sync,
for<'a> <A as Accept>::Metadata: Visit<ExtensionVisitor<'a>> + Send + Sync + 'static, <A as Accept>::Metadata: DynMetadataT + 'static,
{ {
fn poll_accept( fn poll_accept(
&mut self, &mut self,
cx: &mut std::task::Context<'_>, cx: &mut std::task::Context<'_>,
) -> Poll< ) -> Poll<Result<(DynMetadata, AcceptStream), Error>> {
Result<
(
Box<dyn for<'a> Visit<ExtensionVisitor<'a>> + Send + Sync>,
AcceptStream,
),
Error,
>,
> {
let (metadata, stream) = ready!(Accept::poll_accept(self, cx)?); let (metadata, stream) = ready!(Accept::poll_accept(self, cx)?);
Poll::Ready(Ok((Box::new(metadata), stream))) Poll::Ready(Ok((DynMetadata(Box::new(metadata)), stream)))
} }
} }
pub struct DynAccept(Box<dyn DynAcceptT>); pub struct DynAccept(Box<dyn DynAcceptT>);
trait DynMetadataT: for<'a> Visit<ExtensionVisitor<'a>> + fmt::Debug + Send + Sync {}
impl<T> DynMetadataT for T where for<'a> T: Visit<ExtensionVisitor<'a>> + fmt::Debug + Send + Sync {}
#[derive(Debug)]
pub struct DynMetadata(Box<dyn DynMetadataT>);
impl<'a> Visit<ExtensionVisitor<'a>> for DynMetadata {
fn visit(
&self,
visitor: &mut ExtensionVisitor<'a>,
) -> <ExtensionVisitor<'a> as Visitor>::Result {
self.0.visit(visitor)
}
}
impl Accept for DynAccept { impl Accept for DynAccept {
type Metadata = Box<dyn for<'a> Visit<ExtensionVisitor<'a>> + Send + Sync>; type Metadata = DynMetadata;
fn poll_accept( fn poll_accept(
&mut self, &mut self,
cx: &mut std::task::Context<'_>, cx: &mut std::task::Context<'_>,
@@ -325,7 +324,7 @@ impl Acceptor<Vec<DynAccept>> {
} }
impl<K> Acceptor<BTreeMap<K, TcpListener>> impl<K> Acceptor<BTreeMap<K, TcpListener>>
where where
K: Ord + Clone + Send + Sync + 'static, K: Ord + Clone + fmt::Debug + Send + Sync + 'static,
{ {
pub async fn bind_map( pub async fn bind_map(
listen: impl IntoIterator<Item = (K, SocketAddr)>, listen: impl IntoIterator<Item = (K, SocketAddr)>,
@@ -347,7 +346,7 @@ where
} }
impl<K> Acceptor<BTreeMap<K, DynAccept>> impl<K> Acceptor<BTreeMap<K, DynAccept>>
where where
K: Ord + Clone + Send + Sync + 'static, K: Ord + Clone + fmt::Debug + Send + Sync + 'static,
{ {
pub async fn bind_map_dyn( pub async fn bind_map_dyn(
listen: impl IntoIterator<Item = (K, SocketAddr)>, listen: impl IntoIterator<Item = (K, SocketAddr)>,

1
core/startos/src/tunnel/api.rs
View File

@@ -353,6 +353,7 @@ pub async fn show_config(
Ok(client Ok(client
.client_config( .client_config(
ip, ip,
subnet,
wg.as_key().de()?.verifying_key(), wg.as_key().de()?.verifying_key(),
(wan_addr, wg.as_port().de()?).into(), (wan_addr, wg.as_port().de()?).into(),
) )

2
core/startos/src/tunnel/client.conf.template
View File

@@ -7,6 +7,6 @@ PrivateKey = {privkey}
[Peer] [Peer]
PublicKey = {server_pubkey} PublicKey = {server_pubkey}
PresharedKey = {psk} PresharedKey = {psk}
AllowedIPs = 0.0.0.0/0,::/0 AllowedIPs = {subnet}
Endpoint = {server_addr} Endpoint = {server_addr}
PersistentKeepalive = 25 PersistentKeepalive = 25

4
core/startos/src/tunnel/wg.rs
View File

@@ -170,12 +170,14 @@ impl WgConfig {
pub fn client_config( pub fn client_config(
self, self,
addr: Ipv4Addr, addr: Ipv4Addr,
subnet: Ipv4Net,
server_pubkey: Base64<PublicKey>, server_pubkey: Base64<PublicKey>,
server_addr: SocketAddr, server_addr: SocketAddr,
) -> ClientConfig { ) -> ClientConfig {
ClientConfig { ClientConfig {
client_config: self, client_config: self,
client_addr: addr, client_addr: addr,
subnet,
server_pubkey, server_pubkey,
server_addr, server_addr,
} }
@@ -213,6 +215,7 @@ where
pub struct ClientConfig { pub struct ClientConfig {
client_config: WgConfig, client_config: WgConfig,
client_addr: Ipv4Addr, client_addr: Ipv4Addr,
subnet: Ipv4Net,
#[serde(deserialize_with = "deserialize_verifying_key")] #[serde(deserialize_with = "deserialize_verifying_key")]
server_pubkey: Base64<PublicKey>, server_pubkey: Base64<PublicKey>,
server_addr: SocketAddr, server_addr: SocketAddr,
@@ -226,6 +229,7 @@ impl std::fmt::Display for ClientConfig {
privkey = self.client_config.key.to_padded_string(), privkey = self.client_config.key.to_padded_string(),
psk = self.client_config.psk.to_padded_string(), psk = self.client_config.psk.to_padded_string(),
addr = self.client_addr, addr = self.client_addr,
subnet = self.subnet,
server_pubkey = self.server_pubkey.to_padded_string(), server_pubkey = self.server_pubkey.to_padded_string(),
server_addr = self.server_addr, server_addr = self.server_addr,
) )

26
core/startos/src/util/future.rs
View File

@@ -1,11 +1,10 @@
use std::pin::Pin; use std::pin::Pin;
use std::sync::Weak;
use std::task::{Context, Poll}; use std::task::{Context, Poll};
use axum::middleware::FromFn;
use futures::future::{BoxFuture, FusedFuture, abortable, pending}; use futures::future::{BoxFuture, FusedFuture, abortable, pending};
use futures::stream::{AbortHandle, Abortable, BoxStream}; use futures::stream::{AbortHandle, Abortable, BoxStream};
use futures::{Future, FutureExt, Stream, StreamExt}; use futures::{Future, FutureExt, Stream, StreamExt};
use rpc_toolkit::from_fn_blocking;
use tokio::sync::watch; use tokio::sync::watch;
use tokio::task::LocalSet; use tokio::task::LocalSet;
@@ -201,3 +200,26 @@ async fn test_cancellable() {
handle.cancel_and_wait().await; handle.cancel_and_wait().await;
assert!(weak.strong_count() == 0); assert!(weak.strong_count() == 0);
} }
#[pin_project::pin_project]
pub struct WeakFuture<Fut> {
rc: Weak<()>,
#[pin]
fut: Fut,
}
impl<Fut> WeakFuture<Fut> {
pub fn new(rc: Weak<()>, fut: Fut) -> Self {
Self { rc, fut }
}
}
impl<Fut: Future> Future for WeakFuture<Fut> {
type Output = Option<Fut::Output>;
fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
let this = self.project();
if this.rc.strong_count() > 0 {
this.fut.poll(cx).map(Some)
} else {
Poll::Ready(None)
}
}
}