From e85b32d9aa9381f87de7d970a547a88f1079fd63 Mon Sep 17 00:00:00 2001 From: Jett Chen Date: Thu, 11 Jan 2024 20:59:18 +0800 Subject: [PATCH 1/3] Wireguard Timer Support Adds Wireguard Timer Support --- Makefile | 10 ++++++++++ burrow/src/apple.rs | 2 +- burrow/src/wireguard/config.rs | 2 +- burrow/src/wireguard/iface.rs | 25 +++++++++++++++++++++++-- burrow/src/wireguard/noise/mod.rs | 4 ++++ burrow/src/wireguard/pcb.rs | 26 +++++++++++++++++++++++++- tun/src/tokio/mod.rs | 1 - 7 files changed, 64 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 2988e5c..e8e5687 100644 --- a/Makefile +++ b/Makefile @@ -16,3 +16,13 @@ test-dns: @sudo route delete 8.8.8.8 @sudo route add 8.8.8.8 -interface utun$(tun_num) @dig @8.8.8.8 hackclub.com + +test-https: + @sudo route delete 193.183.0.162 + @sudo route add 193.183.0.162 -interface utun$(tun_num) + @curl -vv https://search.marginalia.nu + +test-http: + @sudo route delete 146.190.62.39 + @sudo route add 146.190.62.39 -interface utun$(tun_num) + @curl -vv 146.190.62.39:80 diff --git a/burrow/src/apple.rs b/burrow/src/apple.rs index 571b413..9fc0140 100644 --- a/burrow/src/apple.rs +++ b/burrow/src/apple.rs @@ -10,4 +10,4 @@ pub extern "C" fn initialize_oslog() { tracing_subscriber::registry().with(OsLogger::new("com.hackclub.burrow", "backend")); tracing::subscriber::set_global_default(collector).unwrap(); debug!("Initialized oslog tracing in libburrow rust FFI"); -} +} \ No newline at end of file diff --git a/burrow/src/wireguard/config.rs b/burrow/src/wireguard/config.rs index d86486e..afe7499 100644 --- a/burrow/src/wireguard/config.rs +++ b/burrow/src/wireguard/config.rs @@ -101,7 +101,7 @@ impl Default for Config { }, peers: vec![Peer { endpoint: "wg.burrow.rs:51820".into(), - allowed_ips: vec!["8.8.8.8/32".into()], + allowed_ips: vec!["8.8.8.8/32".into(), "0.0.0.0/0".into()], public_key: "uy75leriJay0+oHLhRMpV+A5xAQ0hCJ+q7Ww81AOvT4=".into(), preshared_key: Some("s7lx/mg+reVEMnGnqeyYOQkzD86n2+gYnx1M9ygi08k=".into()), persistent_keepalive: Default::default(), diff --git a/burrow/src/wireguard/iface.rs b/burrow/src/wireguard/iface.rs index 281cc4a..ba175de 100755 --- a/burrow/src/wireguard/iface.rs +++ b/burrow/src/wireguard/iface.rs @@ -135,7 +135,7 @@ impl Interface { debug!("spawning read task for peer {}", i); let pcb = pcbs.pcbs[i].clone(); let tun = tun.clone(); - let tsk = async move { + let main_tsk = async move { if let Err(e) = pcb.open_if_closed().await { log::error!("failed to open pcb: {}", e); return @@ -147,8 +147,29 @@ impl Interface { debug!("pcb ran successfully"); } }; + + let pcb = pcbs.pcbs[i].clone(); + let update_timers_tsk = async move { + let mut buf = [0u8; 65535]; + loop { + tokio::time::sleep(tokio::time::Duration::from_millis(250)).await; + pcb.update_timers(&mut buf).await; + } + }; + + let pcb = pcbs.pcbs[i].clone(); + let reset_rate_limiter_tsk = async move { + loop { + tokio::time::sleep(tokio::time::Duration::from_secs(1)).await; + pcb.reset_rate_limiter().await; + } + }; + tsks.extend(vec![ + tokio::spawn(main_tsk), + tokio::spawn(update_timers_tsk), + tokio::spawn(reset_rate_limiter_tsk) + ]); debug!("task made.."); - tsks.push(tokio::spawn(tsk)); } debug!("spawned read tasks"); } diff --git a/burrow/src/wireguard/noise/mod.rs b/burrow/src/wireguard/noise/mod.rs index 6ece759..24f4fbb 100755 --- a/burrow/src/wireguard/noise/mod.rs +++ b/burrow/src/wireguard/noise/mod.rs @@ -346,6 +346,10 @@ impl Tunnel { self.handle_verified_packet(packet, dst) } + pub fn reset_rate_limiter(&self) { + self.rate_limiter.reset_count(); + } + pub(crate) fn handle_verified_packet<'a>( &mut self, packet: Packet, diff --git a/burrow/src/wireguard/pcb.rs b/burrow/src/wireguard/pcb.rs index a781870..c6ebaa6 100755 --- a/burrow/src/wireguard/pcb.rs +++ b/burrow/src/wireguard/pcb.rs @@ -1,6 +1,6 @@ use std::{net::SocketAddr, sync::Arc}; -use anyhow::Error; +use anyhow::{Error, Result}; use fehler::throws; use ip_network::IpNetwork; use rand::random; @@ -132,4 +132,28 @@ impl PeerPcb { }; Ok(()) } + + pub async fn update_timers(&self, dst: &mut [u8]) -> Result<(), Error> { + match self.tunnel.write().await.update_timers(dst) { + TunnResult::Done => {} + TunnResult::Err(e) => { + tracing::error!(message = "Update timers error", error = ?e) + } + TunnResult::WriteToNetwork(packet) => { + self.open_if_closed().await?; + let handle = self.socket.read().await; + let Some(socket) = handle.as_ref() else { + tracing::error!("No socket for peer"); + return Ok(()) + }; + socket.send(packet).await?; + } + _ => panic!("Unexpected result from update_timers"), + }; + Ok(()) + } + + pub async fn reset_rate_limiter(&self) { + self.tunnel.read().await.reset_rate_limiter(); + } } diff --git a/tun/src/tokio/mod.rs b/tun/src/tokio/mod.rs index 947fb74..bd27109 100644 --- a/tun/src/tokio/mod.rs +++ b/tun/src/tokio/mod.rs @@ -26,7 +26,6 @@ impl TunInterface { } } - #[instrument] pub async fn recv(&self, buf: &mut [u8]) -> io::Result { loop { let mut guard = self.inner.readable().await?; From 5da92148b777e3b26d845f3d88c94c0bbe89d6a7 Mon Sep 17 00:00:00 2001 From: Conrad Kramer Date: Sat, 20 Jan 2024 11:18:29 -0800 Subject: [PATCH 2/3] Update macOS build machine also skip macro validation, needed for SwiftLint's macros. --- .github/actions/build-for-testing/action.yml | 1 + .github/workflows/build-apple.yml | 2 +- .github/workflows/release-apple.yml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-for-testing/action.yml b/.github/actions/build-for-testing/action.yml index fb5dd8d..ce91b43 100644 --- a/.github/actions/build-for-testing/action.yml +++ b/.github/actions/build-for-testing/action.yml @@ -43,6 +43,7 @@ runs: -clonedSourcePackagesDirPath SourcePackages \ -packageCachePath $PWD/PackageCache \ -skipPackagePluginValidation \ + -skipMacroValidation \ -scheme '${{ inputs.scheme }}' \ -destination '${{ inputs.destination }}' \ -resultBundlePath BuildResults.xcresult diff --git a/.github/workflows/build-apple.yml b/.github/workflows/build-apple.yml index 0ed6c83..57a4977 100644 --- a/.github/workflows/build-apple.yml +++ b/.github/workflows/build-apple.yml @@ -9,7 +9,7 @@ on: jobs: build: name: Build App (${{ matrix.platform }}) - runs-on: macos-14 + runs-on: macos-13 strategy: fail-fast: false matrix: diff --git a/.github/workflows/release-apple.yml b/.github/workflows/release-apple.yml index 24fbeb5..3ea185d 100644 --- a/.github/workflows/release-apple.yml +++ b/.github/workflows/release-apple.yml @@ -6,7 +6,7 @@ on: jobs: build: name: Build ${{ matrix.configuration['platform'] }} Release - runs-on: macos-14 + runs-on: macos-13 strategy: fail-fast: false matrix: From 2d74945303f71f35c0b48454c13b5656dd6007d2 Mon Sep 17 00:00:00 2001 From: Conrad Kramer Date: Sat, 20 Jan 2024 11:36:44 -0800 Subject: [PATCH 3/3] Cancel in-progress runs when pushing new code --- .github/workflows/build-apple.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-apple.yml b/.github/workflows/build-apple.yml index 57a4977..da0f56a 100644 --- a/.github/workflows/build-apple.yml +++ b/.github/workflows/build-apple.yml @@ -6,6 +6,9 @@ on: pull_request: branches: - "*" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: build: name: Build App (${{ matrix.platform }})