Daemonization

Cargo.lock

@@ -89,6 +89,11 @@ dependencies = [
  "opaque-debug 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "boxfnonce"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "bumpalo"
 version = "2.6.0"
@@ -198,6 +203,15 @@ dependencies = [
  "subtle 2.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "daemonize"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "boxfnonce 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "digest"
 version = "0.8.1"
@@ -305,7 +319,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
 name = "hjul"
-version = "0.2.0"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
  "mio 0.6.19 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1196,12 +1210,13 @@ dependencies = [
  "chacha20poly1305 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "clear_on_drop 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "crossbeam-channel 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "daemonize 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "digest 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "env_logger 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "futures 0.1.28 (registry+https://github.com/rust-lang/crates.io-index)",
  "generic-array 0.12.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
- "hjul 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "hjul 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "hmac 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1275,6 +1290,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum bitflags 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "4f67931368edf3a9a51d29886d245f1c3db2f1ef0dcc9e35ff70341b78c10d23"
 "checksum bitflags 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3d155346769a6855b86399e9bc3814ab343cd3d62c7e985113d46a0ec3c281fd"
 "checksum blake2 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "94cb07b0da6a73955f8fb85d24c466778e70cda767a568229b104f0264089330"
+"checksum boxfnonce 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "5988cb1d626264ac94100be357308f29ff7cbdd3b36bda27f450a4ee3f713426"
 "checksum bumpalo 2.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ad807f2fc2bf185eeb98ff3a901bd46dc5ad58163d0fa4577ba0d25674d71708"
 "checksum byte-tools 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7"
 "checksum byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a7c3dd8985a7111efc5c80b44e23ecdd8c007de8ade3b96595387e812b957cf5"
@@ -1289,6 +1305,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum crossbeam-utils 0.6.6 (registry+https://github.com/rust-lang/crates.io-index)" = "04973fa96e96579258a5091af6003abde64af786b860f18622b82e026cca60e6"
 "checksum crypto-mac 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5"
 "checksum curve25519-dalek 1.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "8b7dcd30ba50cdf88b55b033456138b7c0ac4afdc436d82e1b79f370f24cc66d"
+"checksum daemonize 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "70c24513e34f53b640819f0ac9f705b673fcf4006d7aab8778bee72ebfc89815"
 "checksum digest 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5"
 "checksum env_logger 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "aafcde04e90a5226a6443b7aabdb016ba2f8307c847d524724bd9b346dd1a2d3"
 "checksum failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "795bd83d3abeb9220f257e597aa0080a508b27533824adf336529648f6abf7e2"
@@ -1303,7 +1320,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum glob 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb"
 "checksum heck 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "20564e78d53d2bb135c343b3f47714a56af2061f1c928fdb541dc7b9fdd94205"
 "checksum hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
-"checksum hjul 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "151568250ae270811638e74dab09f4dfcb72d6c125f55cd0fa9b8feb0ef8c5fc"
+"checksum hjul 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "f3306d10e330382e89dcd079f124c77273ab88920b1f83c237a99a76cc31e179"
 "checksum hmac 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "5dcb5e64cda4c23119ab41ba960d1e170a774c8e4b9d9e6a9bc18aabf5e59695"
 "checksum humantime 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3ca7e5f2e110db35f93b837c81797f3714500b81d517bf20c431b16d3ca4f114"
 "checksum iovec 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "dbe6e417e7d0975db6512b90796e8ce223145ac4e33c377e4a42882a0e88bb08"

Cargo.toml

@@ -20,13 +20,14 @@ futures = "0.1.28"
 arraydeque = "0.4.5"
 treebitmap = "^0.4"
 crossbeam-channel = "0.3.9"
-hjul = "^0.2"
+hjul = "0.2.1"
 ring = "0.16.7"
 chacha20poly1305 = "^0.1"
 aead = "^0.1.1"
 clear_on_drop = "0.2.3"
 env_logger = "0.6"
 num_cpus = "^1.10"
+daemonize = "0.4.1"
 
 [target.'cfg(unix)'.dependencies]
 libc = "0.2"

src/configuration/config.rs

@@ -18,8 +18,7 @@ use bind::Owner;
 pub struct PeerState {
     pub rx_bytes: u64,
     pub tx_bytes: u64,
-    pub last_handshake_time_sec: u64,
+    pub last_handshake_time: Option<(u64, u64)>,
-    pub last_handshake_time_nsec: u64,
     pub public_key: PublicKey,
     pub allowed_ips: Vec<(IpAddr, u32)>,
     pub endpoint: Option<SocketAddr>,
@@ -289,9 +288,12 @@ impl<T: tun::Tun, B: bind::PlatformBind> Configuration for WireguardConfig<T, B>
 
         for p in peers {
             // convert the system time to (secs, nano) since epoch
-            let last_handshake = (*p.walltime_last_handshake.lock())
+            let last_handshake_time = (*p.walltime_last_handshake.lock()).and_then(|t| {
-                .duration_since(SystemTime::UNIX_EPOCH)
+                let duration = t
-                .unwrap_or(Duration::from_secs(0)); // any time before epoch is mapped to epoch
+                    .duration_since(SystemTime::UNIX_EPOCH)
+                    .unwrap_or(Duration::from_secs(0));
+                Some((duration.as_secs(), duration.subsec_nanos() as u64))
+            });
 
             if let Some(psk) = self.wireguard.get_psk(&p.pk) {
                 // extract state into PeerState
@@ -302,8 +304,7 @@ impl<T: tun::Tun, B: bind::PlatformBind> Configuration for WireguardConfig<T, B>
                     tx_bytes: p.tx_bytes.load(Ordering::Relaxed),
                     persistent_keepalive_interval: p.get_keepalive_interval(),
                     allowed_ips: p.router.list_allowed_ips(),
-                    last_handshake_time_nsec: last_handshake.subsec_nanos() as u64,
+                    last_handshake_time,
-                    last_handshake_time_sec: last_handshake.as_secs(),
                     public_key: p.pk,
                 })
             }

src/configuration/uapi/get.rs

@@ -32,24 +32,23 @@ pub fn serialize<C: Configuration, W: io::Write>(writer: &mut W, config: &C) ->
     let mut peers = config.get_peers();
     while let Some(p) = peers.pop() {
         write("public_key", hex::encode(p.public_key.as_bytes()))?;
+        write("preshared_key", hex::encode(p.preshared_key))?;
         write("rx_bytes", p.rx_bytes.to_string())?;
         write("tx_bytes", p.tx_bytes.to_string())?;
-        write(
-            "last_handshake_time_sec",
-            p.last_handshake_time_nsec.to_string(),
-        )?;
-        write(
-            "last_handshake_time_nsec",
-            p.last_handshake_time_nsec.to_string(),
-        )?;
         write(
             "persistent_keepalive_interval",
             p.persistent_keepalive_interval.to_string(),
         )?;
+
+        if let Some((secs, nsecs)) = p.last_handshake_time {
+            write("last_handshake_time_sec", secs.to_string())?;
+            write("last_handshake_time_nsec", nsecs.to_string())?;
+        }
+
         if let Some(endpoint) = p.endpoint {
             write("endpoint", endpoint.into_address().to_string())?;
         }
-        write("preshared_key", hex::encode(p.preshared_key))?;
+
         for (ip, cidr) in p.allowed_ips {
             write("allowed_ip", ip.to_string() + "/" + &cidr.to_string())?;
         }

src/main.rs

@@ -3,7 +3,9 @@
 
 use log;
 
+use daemonize::Daemonize;
 use std::env;
+use std::process::exit;
 
 mod configuration;
 mod platform;
@@ -14,19 +16,57 @@ use platform::uapi::{BindUAPI, PlatformUAPI};
 use platform::*;
 
 fn main() {
-    let mut name = String::new();
+    // parse commandline arguments
+    let mut name = None;
+    let mut drop_privileges = true;
     let mut foreground = false;
+    let mut args = env::args();
 
-    for arg in env::args() {
+    args.next(); // skip path
-        if arg == "--foreground" || arg == "-f" {
+
-            foreground = true;
+    for arg in args {
-        } else {
+        match arg.as_str() {
-            name = arg;
+            "--foreground" | "-f" => {
+                foreground = true;
+            }
+            "--root" => {
+                drop_privileges = false;
+            }
+            dev => name = Some(dev.to_owned()),
         }
     }
 
-    if name == "" {
+    // unwrap device name
-        return;
+    let name = match name {
+        None => {
+            eprintln!("No device name supplied");
+            exit(-1);
+        }
+        Some(name) => name,
+    };
+
+    // create UAPI socket
+    let uapi = plt::UAPI::bind(name.as_str()).unwrap_or_else(|e| {
+        eprintln!("Failed to create UAPI listener: {}", e);
+        exit(-2);
+    });
+
+    // create TUN device
+    let (readers, writer, mtu) = plt::Tun::create(name.as_str()).unwrap_or_else(|e| {
+        eprintln!("Failed to create TUN device: {}", e);
+        exit(-3);
+    });
+
+    // daemonize
+    if !foreground {
+        let daemonize = Daemonize::new()
+            .pid_file(format!("/tmp/wgrs-{}.pid", name))
+            .chown_pid_file(true)
+            .working_directory("/tmp")
+            .user("nobody")
+            .group("daemon")
+            .umask(0o777);
+        daemonize.start().expect("Failed to daemonize");
     }
 
     // start logging
@@ -34,16 +74,15 @@ fn main() {
         .try_init()
         .expect("Failed to initialize event logger");
 
-    // create UAPI socket
+    // drop privileges
-    let uapi = plt::UAPI::bind(name.as_str()).unwrap();
+    if drop_privileges {}
-
-    // create TUN device
-    let (readers, writer, mtu) = plt::Tun::create(name.as_str()).unwrap();
 
     // create WireGuard device
     let wg: wireguard::Wireguard<plt::Tun, plt::Bind> =
         wireguard::Wireguard::new(readers, writer, mtu);
 
+    // handle TUN updates up/down
+
     // wrap in configuration interface and start UAPI server
     let cfg = configuration::WireguardConfig::new(wg);
     loop {

src/wireguard/peer.rs

@@ -30,7 +30,7 @@ pub struct PeerInner<T: Tun, B: Bind> {
     pub wg: Arc<WireguardInner<T, B>>,
 
     // handshake state
-    pub walltime_last_handshake: Mutex<SystemTime>,
+    pub walltime_last_handshake: Mutex<Option<SystemTime>>,
     pub last_handshake_sent: Mutex<Instant>, // instant for last handshake
     pub handshake_queued: AtomicBool,        // is a handshake job currently queued for the peer?
     pub queue: Mutex<Sender<HandshakeJob<B::Endpoint>>>, // handshake queue

src/wireguard/timers.rs

@@ -139,7 +139,7 @@ impl<T: tun::Tun, B: bind::Bind> PeerInner<T, B> {
         if timers.enabled {
             timers.handshake_attempts.store(0, Ordering::SeqCst);
             timers.sent_lastminute_handshake.store(false, Ordering::SeqCst);
-            *self.walltime_last_handshake.lock() = SystemTime::now();
+            *self.walltime_last_handshake.lock() = Some(SystemTime::now());
         }
     }
 

src/wireguard/wireguard.rs

@@ -16,7 +16,7 @@ use std::ops::Deref;
 use std::sync::atomic::{AtomicBool, AtomicU64, AtomicUsize, Ordering};
 use std::sync::Arc;
 use std::thread;
-use std::time::{Duration, Instant, SystemTime};
+use std::time::{Duration, Instant};
 
 use std::collections::hash_map::Entry;
 use std::collections::HashMap;
@@ -219,7 +219,7 @@ impl<T: Tun, B: Bind> Wireguard<T, B> {
             id: rng.gen(),
             pk,
             wg: self.state.clone(),
-            walltime_last_handshake: Mutex::new(SystemTime::UNIX_EPOCH),
+            walltime_last_handshake: Mutex::new(None),
             last_handshake_sent: Mutex::new(self.state.start - TIME_HORIZON),
             handshake_queued: AtomicBool::new(false),
             queue: Mutex::new(self.state.queue.lock().clone()),