Daemonization

2019-11-21 17:12:00 +01:00
parent 92dbb4c46a
commit dee23969f5
8 changed files with 94 additions and 37 deletions
--- a/src/configuration/config.rs
+++ b/src/configuration/config.rs
@@ -18,8 +18,7 @@ use bind::Owner;
 pub struct PeerState {
    pub rx_bytes: u64,
    pub tx_bytes: u64,
-    pub last_handshake_time_sec: u64,
-    pub last_handshake_time_nsec: u64,
+    pub last_handshake_time: Option<(u64, u64)>,
    pub public_key: PublicKey,
    pub allowed_ips: Vec<(IpAddr, u32)>,
    pub endpoint: Option<SocketAddr>,
@@ -289,9 +288,12 @@ impl<T: tun::Tun, B: bind::PlatformBind> Configuration for WireguardConfig<T, B>

        for p in peers {
            // convert the system time to (secs, nano) since epoch
-            let last_handshake = (*p.walltime_last_handshake.lock())
-                .duration_since(SystemTime::UNIX_EPOCH)
-                .unwrap_or(Duration::from_secs(0)); // any time before epoch is mapped to epoch
+            let last_handshake_time = (*p.walltime_last_handshake.lock()).and_then(|t| {
+                let duration = t
+                    .duration_since(SystemTime::UNIX_EPOCH)
+                    .unwrap_or(Duration::from_secs(0));
+                Some((duration.as_secs(), duration.subsec_nanos() as u64))
+            });

            if let Some(psk) = self.wireguard.get_psk(&p.pk) {
                // extract state into PeerState
@@ -302,8 +304,7 @@ impl<T: tun::Tun, B: bind::PlatformBind> Configuration for WireguardConfig<T, B>
                    tx_bytes: p.tx_bytes.load(Ordering::Relaxed),
                    persistent_keepalive_interval: p.get_keepalive_interval(),
                    allowed_ips: p.router.list_allowed_ips(),
-                    last_handshake_time_nsec: last_handshake.subsec_nanos() as u64,
-                    last_handshake_time_sec: last_handshake.as_secs(),
+                    last_handshake_time,
                    public_key: p.pk,
                })
            }
--- a/src/configuration/uapi/get.rs
+++ b/src/configuration/uapi/get.rs
@@ -32,24 +32,23 @@ pub fn serialize<C: Configuration, W: io::Write>(writer: &mut W, config: &C) ->
    let mut peers = config.get_peers();
    while let Some(p) = peers.pop() {
        write("public_key", hex::encode(p.public_key.as_bytes()))?;
+        write("preshared_key", hex::encode(p.preshared_key))?;
        write("rx_bytes", p.rx_bytes.to_string())?;
        write("tx_bytes", p.tx_bytes.to_string())?;
-        write(
-            "last_handshake_time_sec",
-            p.last_handshake_time_nsec.to_string(),
-        )?;
-        write(
-            "last_handshake_time_nsec",
-            p.last_handshake_time_nsec.to_string(),
-        )?;
        write(
            "persistent_keepalive_interval",
            p.persistent_keepalive_interval.to_string(),
        )?;
+
+        if let Some((secs, nsecs)) = p.last_handshake_time {
+            write("last_handshake_time_sec", secs.to_string())?;
+            write("last_handshake_time_nsec", nsecs.to_string())?;
+        }
+
        if let Some(endpoint) = p.endpoint {
            write("endpoint", endpoint.into_address().to_string())?;
        }
-        write("preshared_key", hex::encode(p.preshared_key))?;
+
        for (ip, cidr) in p.allowed_ips {
            write("allowed_ip", ip.to_string() + "/" + &cidr.to_string())?;
        }
--- a/src/main.rs
+++ b/src/main.rs
@@ -3,7 +3,9 @@

 use log;

+use daemonize::Daemonize;
 use std::env;
+use std::process::exit;

 mod configuration;
 mod platform;
@@ -14,19 +16,57 @@ use platform::uapi::{BindUAPI, PlatformUAPI};
 use platform::*;

 fn main() {
-    let mut name = String::new();
+    // parse commandline arguments
+    let mut name = None;
+    let mut drop_privileges = true;
    let mut foreground = false;
+    let mut args = env::args();

-    for arg in env::args() {
-        if arg == "--foreground" || arg == "-f" {
-            foreground = true;
-        } else {
-            name = arg;
+    args.next(); // skip path
+
+    for arg in args {
+        match arg.as_str() {
+            "--foreground" | "-f" => {
+                foreground = true;
+            }
+            "--root" => {
+                drop_privileges = false;
+            }
+            dev => name = Some(dev.to_owned()),
        }
    }

-    if name == "" {
-        return;
+    // unwrap device name
+    let name = match name {
+        None => {
+            eprintln!("No device name supplied");
+            exit(-1);
+        }
+        Some(name) => name,
+    };
+
+    // create UAPI socket
+    let uapi = plt::UAPI::bind(name.as_str()).unwrap_or_else(|e| {
+        eprintln!("Failed to create UAPI listener: {}", e);
+        exit(-2);
+    });
+
+    // create TUN device
+    let (readers, writer, mtu) = plt::Tun::create(name.as_str()).unwrap_or_else(|e| {
+        eprintln!("Failed to create TUN device: {}", e);
+        exit(-3);
+    });
+
+    // daemonize
+    if !foreground {
+        let daemonize = Daemonize::new()
+            .pid_file(format!("/tmp/wgrs-{}.pid", name))
+            .chown_pid_file(true)
+            .working_directory("/tmp")
+            .user("nobody")
+            .group("daemon")
+            .umask(0o777);
+        daemonize.start().expect("Failed to daemonize");
    }

    // start logging
@@ -34,16 +74,15 @@ fn main() {
        .try_init()
        .expect("Failed to initialize event logger");

-    // create UAPI socket
-    let uapi = plt::UAPI::bind(name.as_str()).unwrap();
-
-    // create TUN device
-    let (readers, writer, mtu) = plt::Tun::create(name.as_str()).unwrap();
+    // drop privileges
+    if drop_privileges {}

    // create WireGuard device
    let wg: wireguard::Wireguard<plt::Tun, plt::Bind> =
        wireguard::Wireguard::new(readers, writer, mtu);

+    // handle TUN updates up/down
+
    // wrap in configuration interface and start UAPI server
    let cfg = configuration::WireguardConfig::new(wg);
    loop {
--- a/src/wireguard/peer.rs
+++ b/src/wireguard/peer.rs
@@ -30,7 +30,7 @@ pub struct PeerInner<T: Tun, B: Bind> {
    pub wg: Arc<WireguardInner<T, B>>,

    // handshake state
-    pub walltime_last_handshake: Mutex<SystemTime>,
+    pub walltime_last_handshake: Mutex<Option<SystemTime>>,
    pub last_handshake_sent: Mutex<Instant>, // instant for last handshake
    pub handshake_queued: AtomicBool,        // is a handshake job currently queued for the peer?
    pub queue: Mutex<Sender<HandshakeJob<B::Endpoint>>>, // handshake queue
--- a/src/wireguard/timers.rs
+++ b/src/wireguard/timers.rs
@@ -139,7 +139,7 @@ impl<T: tun::Tun, B: bind::Bind> PeerInner<T, B> {
        if timers.enabled {
            timers.handshake_attempts.store(0, Ordering::SeqCst);
            timers.sent_lastminute_handshake.store(false, Ordering::SeqCst);
-            *self.walltime_last_handshake.lock() = SystemTime::now();
+            *self.walltime_last_handshake.lock() = Some(SystemTime::now());
        }
    }

--- a/src/wireguard/wireguard.rs
+++ b/src/wireguard/wireguard.rs
@@ -16,7 +16,7 @@ use std::ops::Deref;
 use std::sync::atomic::{AtomicBool, AtomicU64, AtomicUsize, Ordering};
 use std::sync::Arc;
 use std::thread;
-use std::time::{Duration, Instant, SystemTime};
+use std::time::{Duration, Instant};

 use std::collections::hash_map::Entry;
 use std::collections::HashMap;
@@ -219,7 +219,7 @@ impl<T: Tun, B: Bind> Wireguard<T, B> {
            id: rng.gen(),
            pk,
            wg: self.state.clone(),
-            walltime_last_handshake: Mutex::new(SystemTime::UNIX_EPOCH),
+            walltime_last_handshake: Mutex::new(None),
            last_handshake_sent: Mutex::new(self.state.start - TIME_HORIZON),
            handshake_queued: AtomicBool::new(false),
            queue: Mutex::new(self.state.queue.lock().clone()),