1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2022 Felix Fietkau <nbd@nbd.name>
8 #include <sys/socket.h>
11 #include <libubox/avl-cmp.h>
12 #include <libubox/utils.h>
13 #include <libubox/blobmsg_json.h>
20 NETDATA_ATTR_SERVICES
,
24 static const struct blobmsg_policy netdata_policy
[__NETDATA_ATTR_MAX
] = {
25 [NETDATA_ATTR_CONFIG
] = { "config", BLOBMSG_TYPE_TABLE
},
26 [NETDATA_ATTR_HOSTS
] = { "hosts", BLOBMSG_TYPE_TABLE
},
27 [NETDATA_ATTR_SERVICES
] = { "services", BLOBMSG_TYPE_TABLE
},
33 NETCONF_ATTR_PEX_PORT
,
34 NETCONF_ATTR_KEEPALIVE
,
38 static const struct blobmsg_policy netconf_policy
[__NETCONF_ATTR_MAX
] = {
39 [NETCONF_ATTR_ID
] = { "id", BLOBMSG_TYPE_STRING
},
40 [NETCONF_ATTR_PORT
] = { "port", BLOBMSG_TYPE_INT32
},
41 [NETCONF_ATTR_PEX_PORT
] = { "peer-exchange-port", BLOBMSG_TYPE_INT32
},
42 [NETCONF_ATTR_KEEPALIVE
] = { "keepalive", BLOBMSG_TYPE_INT32
},
45 const struct blobmsg_policy network_policy
[__NETWORK_ATTR_MAX
] = {
46 [NETWORK_ATTR_NAME
] = { "name", BLOBMSG_TYPE_STRING
},
47 [NETWORK_ATTR_TYPE
] = { "type", BLOBMSG_TYPE_STRING
},
48 [NETWORK_ATTR_AUTH_KEY
] = { "auth_key", BLOBMSG_TYPE_STRING
},
49 [NETWORK_ATTR_KEY
] = { "key", BLOBMSG_TYPE_STRING
},
50 [NETWORK_ATTR_FILE
] = { "file", BLOBMSG_TYPE_STRING
},
51 [NETWORK_ATTR_DATA
] = { "data", BLOBMSG_TYPE_TABLE
},
52 [NETWORK_ATTR_INTERFACE
] = { "interface", BLOBMSG_TYPE_STRING
},
53 [NETWORK_ATTR_KEEPALIVE
] = { "keepalive", BLOBMSG_TYPE_INT32
},
54 [NETWORK_ATTR_DOMAIN
] = { "domain", BLOBMSG_TYPE_STRING
},
55 [NETWORK_ATTR_UPDATE_CMD
] = { "update-cmd", BLOBMSG_TYPE_STRING
},
56 [NETWORK_ATTR_TUNNELS
] = { "tunnels", BLOBMSG_TYPE_TABLE
},
57 [NETWORK_ATTR_AUTH_CONNECT
] = { "auth_connect", BLOBMSG_TYPE_ARRAY
},
58 [NETWORK_ATTR_PEER_DATA
] = { "peer_data", BLOBMSG_TYPE_ARRAY
},
61 AVL_TREE(networks
, avl_strcmp
, false, NULL
);
62 static struct blob_buf b
;
64 static void network_load_config_data(struct network
*net
, struct blob_attr
*data
)
66 struct blob_attr
*tb
[__NETCONF_ATTR_MAX
];
67 struct blob_attr
*cur
;
68 siphash_key_t key
= {};
70 blobmsg_parse(netconf_policy
, __NETCONF_ATTR_MAX
, tb
,
71 blobmsg_data(data
), blobmsg_len(data
));
73 if ((cur
= tb
[NETCONF_ATTR_PORT
]) != NULL
)
74 net
->net_config
.port
= blobmsg_get_u32(cur
);
76 net
->net_config
.port
= 51820;
78 if ((cur
= tb
[NETCONF_ATTR_PEX_PORT
]) != NULL
)
79 net
->net_config
.pex_port
= blobmsg_get_u32(cur
);
81 if ((cur
= tb
[NETCONF_ATTR_ID
]) != NULL
) {
82 const char *id
= blobmsg_get_string(cur
);
83 siphash_to_le64(&net
->net_config
.addr
.network_id
, id
, strlen(id
), &key
);
85 siphash_to_le64(&net
->net_config
.addr
.network_id
, &net
->net_config
.port
,
86 sizeof(net
->net_config
.port
), &key
);
89 net
->net_config
.addr
.network_id
[0] = 0xfd;
90 network_fill_host_addr(&net
->net_config
.addr
, net
->config
.pubkey
);
92 if (net
->config
.keepalive
>= 0)
93 net
->net_config
.keepalive
= net
->config
.keepalive
;
94 else if ((cur
= tb
[NETCONF_ATTR_KEEPALIVE
]) != NULL
)
95 net
->net_config
.keepalive
= blobmsg_get_u32(cur
);
97 net
->net_config
.keepalive
= 0;
100 static int network_load_data(struct network
*net
, struct blob_attr
*data
)
102 struct blob_attr
*tb
[__NETDATA_ATTR_MAX
];
104 blobmsg_parse(netdata_policy
, __NETDATA_ATTR_MAX
, tb
,
105 blobmsg_data(data
), blobmsg_len(data
));
107 network_load_config_data(net
, tb
[NETDATA_ATTR_CONFIG
]);
108 network_hosts_add(net
, tb
[NETDATA_ATTR_HOSTS
]);
109 network_services_add(net
, tb
[NETDATA_ATTR_SERVICES
]);
114 static int network_load_file(struct network
*net
)
116 blob_buf_init(&b
, 0);
118 if (!blobmsg_add_json_from_file(&b
, net
->config
.file
))
121 return network_load_data(net
, b
.head
);
124 static int network_load_dynamic(struct network
*net
)
126 const char *json
= NULL
;
132 if (asprintf(&fname
, "%s/%s.bin", data_dir
, network_name(net
)) < 0)
135 f
= fopen(fname
, "r");
139 D_NET(net
, "failed to open %s/%s.bin\n", data_dir
, network_name(net
));
143 if (fstat(fileno(f
), &st
) < 0)
146 net
->net_data_len
= st
.st_size
;
147 net
->net_data
= realloc(net
->net_data
, net
->net_data_len
+ 1);
148 memset(net
->net_data
+ net
->net_data_len
, 0, 1);
149 if (fread(net
->net_data
, 1, net
->net_data_len
, f
) != net
->net_data_len
||
150 unet_auth_data_validate(net
->config
.auth_key
, net
->net_data
,
151 net
->net_data_len
, &net
->net_data_version
, &json
)) {
152 net
->net_data_len
= 0;
157 blob_buf_init(&b
, 0);
158 if (!blobmsg_add_json_from_string(&b
, json
)) {
159 net
->net_data_len
= 0;
163 return network_load_data(net
, b
.head
);
170 int network_save_dynamic(struct network
*net
)
172 char *fname
= NULL
, *fname2
;
177 if (net
->config
.type
!= NETWORK_TYPE_DYNAMIC
||
181 if (asprintf(&fname
, "%s/%s.bin.XXXXXXXX", data_dir
, network_name(net
)) < 0)
194 len
= fwrite(net
->net_data
, 1, net
->net_data_len
, f
);
199 if (len
!= net
->net_data_len
)
202 fname2
= strdup(fname
);
203 *strrchr(fname2
, '.') = 0;
204 ret
= rename(fname
, fname2
);
220 network_fill_ip(struct blob_buf
*buf
, int af
, union network_addr
*addr
, int mask
)
225 c
= blobmsg_open_table(buf
, NULL
);
227 blobmsg_printf(buf
, "mask", "%d", mask
);
229 str
= blobmsg_alloc_string_buffer(buf
, "ipaddr", INET6_ADDRSTRLEN
);
230 inet_ntop(af
, addr
, str
, INET6_ADDRSTRLEN
);
231 blobmsg_add_string_buffer(buf
);
233 blobmsg_close_table(buf
, c
);
237 network_fill_ipaddr_list(struct network_host
*host
, struct blob_buf
*b
, bool ipv6
)
239 union network_addr addr
= {};
240 struct blob_attr
*cur
;
245 af
= ipv6
? AF_INET6
: AF_INET
;
246 blobmsg_for_each_attr(cur
, host
->peer
.ipaddr
, rem
) {
247 const char *str
= blobmsg_get_string(cur
);
249 if (!!strchr(str
, ':') != ipv6
)
252 if (inet_pton(af
, str
, &addr
) != 1)
255 c
= blobmsg_open_table(b
, NULL
);
256 blobmsg_add_string(b
, "ipaddr", str
);
257 blobmsg_add_string(b
, "mask", ipv6
? "128" : "32");
258 blobmsg_close_table(b
, c
);
263 network_fill_ip_settings(struct network
*net
, struct blob_buf
*buf
)
265 struct network_host
*host
= net
->net_config
.local_host
;
268 c
= blobmsg_open_array(buf
, "ipaddr");
269 network_fill_ipaddr_list(host
, buf
, false);
270 blobmsg_close_array(buf
, c
);
272 c
= blobmsg_open_array(buf
, "ip6addr");
273 network_fill_ip(buf
, AF_INET6
, &host
->peer
.local_addr
, 64);
274 network_fill_ipaddr_list(host
, buf
, true);
275 blobmsg_close_array(buf
, c
);
279 __network_fill_host_subnets(struct network_host
*host
, struct blob_buf
*b
, bool ipv6
)
281 union network_addr addr
= {};
282 struct blob_attr
*cur
;
288 af
= ipv6
? AF_INET6
: AF_INET
;
289 blobmsg_for_each_attr(cur
, host
->peer
.subnet
, rem
) {
290 const char *str
= blobmsg_get_string(cur
);
293 if (!!strchr(str
, ':') != ipv6
)
296 if (network_get_subnet(af
, &addr
, &mask
, str
))
299 c
= blobmsg_open_table(b
, NULL
);
301 buf
= blobmsg_alloc_string_buffer(b
, "target", INET6_ADDRSTRLEN
);
302 inet_ntop(af
, &addr
, buf
, INET6_ADDRSTRLEN
);
303 blobmsg_add_string_buffer(b
);
305 blobmsg_printf(b
, "netmask", "%d", mask
);
307 blobmsg_close_table(b
, c
);
310 blobmsg_for_each_attr(cur
, host
->peer
.ipaddr
, rem
) {
311 const char *str
= blobmsg_get_string(cur
);
313 if (!!strchr(str
, ':') != ipv6
)
316 if (inet_pton(af
, str
, &addr
) != 1)
319 c
= blobmsg_open_table(b
, NULL
);
320 blobmsg_add_string(b
, "target", str
);
321 blobmsg_add_string(b
, "netmask", ipv6
? "128" : "32");
322 blobmsg_close_table(b
, c
);
327 __network_fill_subnets(struct network
*net
, struct blob_buf
*buf
, bool ipv6
)
329 struct network_host
*host
;
332 c
= blobmsg_open_array(buf
, ipv6
? "routes6": "routes");
333 avl_for_each_element(&net
->hosts
, host
, node
) {
334 if (host
== net
->net_config
.local_host
)
336 __network_fill_host_subnets(host
, buf
, ipv6
);
338 blobmsg_close_array(buf
, c
);
343 network_fill_subnets(struct network
*net
, struct blob_buf
*buf
)
345 __network_fill_subnets(net
, buf
, false);
346 __network_fill_subnets(net
, buf
, true);
350 network_do_update(struct network
*net
, bool up
)
352 if (!net
->net_config
.local_host
)
355 blob_buf_init(&b
, 0);
356 blobmsg_add_u32(&b
, "action", 0);
357 blobmsg_add_string(&b
, "ifname", network_name(net
));
358 blobmsg_add_u8(&b
, "link-up", up
);
361 network_fill_ip_settings(net
, &b
);
362 network_fill_subnets(net
, &b
);
366 char *s
= blobmsg_format_json(b
.head
, true);
367 D_NET(net
, "update: %s", s
);
371 if (net
->config
.update_cmd
) {
372 const char *argv
[] = { net
->config
.update_cmd
, NULL
, NULL
};
377 argv
[1] = blobmsg_format_json(b
.head
, true);
378 execvp(argv
[0], (char **)argv
);
381 waitpid(pid
, &stat
, 0);
384 if (!net
->config
.interface
)
387 blobmsg_add_string(&b
, "interface", net
->config
.interface
);
388 unetd_ubus_netifd_update(b
.head
);
391 static void network_reload(struct uloop_timeout
*t
)
393 struct network
*net
= container_of(t
, struct network
, reload_timer
);
395 net
->prev_local_host
= net
->net_config
.local_host
;
397 memset(&net
->net_config
, 0, sizeof(net
->net_config
));
399 network_pex_close(net
);
400 network_services_free(net
);
401 network_hosts_update_start(net
);
402 network_services_update_start(net
);
404 switch (net
->config
.type
) {
405 case NETWORK_TYPE_FILE
:
406 network_load_file(net
);
408 case NETWORK_TYPE_INLINE
:
409 network_load_data(net
, net
->config
.net_data
);
411 case NETWORK_TYPE_DYNAMIC
:
412 network_load_dynamic(net
);
416 network_services_update_done(net
);
417 network_hosts_update_done(net
);
418 uloop_timeout_set(&net
->connect_timer
, 10);
420 net
->prev_local_host
= NULL
;
423 network_do_update(net
, true);
424 network_pex_open(net
);
427 static int network_setup(struct network
*net
)
429 if (wg_init_network(net
)) {
430 fprintf(stderr
, "Setup failed for network %s\n", network_name(net
));
434 net
->ifindex
= if_nametoindex(network_name(net
));
436 fprintf(stderr
, "Could not get ifindex for network %s\n", network_name(net
));
443 static void network_teardown(struct network
*net
)
445 uloop_timeout_cancel(&net
->connect_timer
);
446 uloop_timeout_cancel(&net
->reload_timer
);
447 network_do_update(net
, false);
448 network_pex_close(net
);
449 network_pex_free(net
);
450 network_hosts_free(net
);
451 network_services_free(net
);
452 wg_cleanup_network(net
);
456 network_destroy(struct network
*net
)
458 network_teardown(net
);
459 avl_delete(&networks
, &net
->node
);
461 free(net
->config
.data
);
466 network_set_config(struct network
*net
, struct blob_attr
*config
)
468 struct blob_attr
*tb
[__NETWORK_ATTR_MAX
];
469 struct blob_attr
*cur
;
471 if (net
->config
.data
&& blob_attr_equal(net
->config
.data
, config
))
474 network_teardown(net
);
476 free(net
->config
.data
);
477 memset(&net
->config
, 0, sizeof(net
->config
));
479 net
->config
.data
= blob_memdup(config
);
480 blobmsg_parse(network_policy
, __NETWORK_ATTR_MAX
, tb
,
481 blobmsg_data(net
->config
.data
),
482 blobmsg_len(net
->config
.data
));
484 if ((cur
= tb
[NETWORK_ATTR_TYPE
]) == NULL
||
485 !strlen(blobmsg_get_string(cur
)) ||
486 !strcmp(blobmsg_get_string(cur
), "dynamic"))
487 net
->config
.type
= NETWORK_TYPE_DYNAMIC
;
488 else if (!strcmp(blobmsg_get_string(cur
), "file"))
489 net
->config
.type
= NETWORK_TYPE_FILE
;
490 else if (!strcmp(blobmsg_get_string(cur
), "inline"))
491 net
->config
.type
= NETWORK_TYPE_INLINE
;
495 if ((cur
= tb
[NETWORK_ATTR_KEEPALIVE
]) != NULL
)
496 net
->config
.keepalive
= blobmsg_get_u32(cur
);
498 net
->config
.keepalive
= -1;
500 switch (net
->config
.type
) {
501 case NETWORK_TYPE_FILE
:
502 if ((cur
= tb
[NETWORK_ATTR_FILE
]) != NULL
)
503 net
->config
.file
= blobmsg_get_string(cur
);
507 case NETWORK_TYPE_INLINE
:
508 net
->config
.net_data
= tb
[NETWORK_ATTR_DATA
];
509 if (!net
->config
.net_data
)
512 case NETWORK_TYPE_DYNAMIC
:
513 if ((cur
= tb
[NETWORK_ATTR_AUTH_KEY
]) == NULL
)
516 if (b64_decode(blobmsg_get_string(cur
), net
->config
.auth_key
,
517 sizeof(net
->config
.auth_key
)) != sizeof(net
->config
.auth_key
))
522 if ((cur
= tb
[NETWORK_ATTR_INTERFACE
]) != NULL
&&
523 strlen(blobmsg_get_string(cur
)) > 0)
524 net
->config
.interface
= blobmsg_get_string(cur
);
526 if ((cur
= tb
[NETWORK_ATTR_UPDATE_CMD
]) != NULL
&&
527 strlen(blobmsg_get_string(cur
)) > 0)
528 net
->config
.update_cmd
= blobmsg_get_string(cur
);
530 if ((cur
= tb
[NETWORK_ATTR_DOMAIN
]) != NULL
&&
531 strlen(blobmsg_get_string(cur
)) > 0)
532 net
->config
.domain
= blobmsg_get_string(cur
);
534 if ((cur
= tb
[NETWORK_ATTR_TUNNELS
]) != NULL
)
535 net
->config
.tunnels
= cur
;
537 if ((cur
= tb
[NETWORK_ATTR_AUTH_CONNECT
]) != NULL
&&
538 blobmsg_check_array(cur
, BLOBMSG_TYPE_STRING
) > 0)
539 net
->config
.auth_connect
= cur
;
541 if ((cur
= tb
[NETWORK_ATTR_PEER_DATA
]) != NULL
&&
542 blobmsg_check_array(cur
, BLOBMSG_TYPE_STRING
) > 0)
543 net
->config
.peer_data
= cur
;
545 if ((cur
= tb
[NETWORK_ATTR_KEY
]) == NULL
)
548 if (b64_decode(blobmsg_get_string(cur
), net
->config
.key
, sizeof(net
->config
.key
)) !=
549 sizeof(net
->config
.key
))
552 curve25519_generate_public(net
->config
.pubkey
, net
->config
.key
);
554 if (network_setup(net
))
558 network_reload(&net
->reload_timer
);
563 network_destroy(net
);
567 static struct network
*
568 network_alloc(const char *name
)
573 net
= calloc_a(sizeof(*net
), &name_buf
, strlen(name
) + 1);
574 net
->node
.key
= strcpy(name_buf
, name
);
575 net
->reload_timer
.cb
= network_reload
;
576 avl_insert(&networks
, &net
->node
);
578 network_pex_init(net
);
579 network_hosts_init(net
);
580 network_services_init(net
);
585 void network_fill_host_addr(union network_addr
*addr
, uint8_t *pubkey
)
587 siphash_key_t key
= {
589 get_unaligned_le64(addr
->network_id
),
590 get_unaligned_le64(addr
->network_id
)
594 siphash_to_le64(&addr
->host_addr
, pubkey
, CURVE25519_KEY_SIZE
, &key
);
597 int unetd_network_add(const char *name
, struct blob_attr
*config
)
601 if (strchr(name
, '/'))
604 net
= avl_find_element(&networks
, name
, net
, node
);
606 net
= network_alloc(name
);
608 return network_set_config(net
, config
);
611 int unetd_network_remove(const char *name
)
615 net
= avl_find_element(&networks
, name
, net
, node
);
619 network_destroy(net
);
624 void network_free_all(void)
626 struct network
*net
, *tmp
;
628 avl_for_each_element_safe(&networks
, net
, node
, tmp
)
629 network_destroy(net
);