From 8d38d27e7c9d85e0cd246118a56233e4769db780 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 12 Feb 2019 16:35:23 +0100 Subject: [PATCH] Remove tunnel integration for now --- firewall/tunnel.go | 230 +++++++++++++++++++++------------------------ 1 file changed, 109 insertions(+), 121 deletions(-) diff --git a/firewall/tunnel.go b/firewall/tunnel.go index badbb98b..22f880f2 100644 --- a/firewall/tunnel.go +++ b/firewall/tunnel.go @@ -1,123 +1,111 @@ package firewall -import ( - "errors" - "log" - "net" - "sync" - "time" - - "github.com/Safing/portbase/crypto/random" - "github.com/Safing/portmaster/intel" - "github.com/miekg/dns" -) - -var ( - TunnelNet4 *net.IPNet - TunnelNet6 *net.IPNet - TunnelEntry4 = net.IPv4(127, 0, 0, 17) - TunnelEntry6 = net.ParseIP("fd17::17") - - ipToDomainMap = make(map[string]*TunnelInfo) - ipToDomainMapLock sync.RWMutex -) - -func init() { - var err error - _, TunnelNet4, err = net.ParseCIDR("127.17.0.0/16") - if err != nil { - log.Fatalf("portmaster: could not parse 127.17.0.0/16: %s", err) - } - _, TunnelNet6, err = net.ParseCIDR("fd17::/64") - if err != nil { - log.Fatalf("portmaster: could not parse fd17::/64: %s", err) - } - - go tunnelInfoCleaner() -} - -type TunnelInfo struct { - IP net.IP - Domain string - RRCache *intel.RRCache - Expires int64 -} - -func (ti *TunnelInfo) ExportTunnelIP() *intel.RRCache { - return &intel.RRCache{ - Answer: []dns.RR{ - &dns.A{ - Hdr: dns.RR_Header{ - Name: ti.Domain, - Rrtype: 1, - Class: 1, - Ttl: 17, - Rdlength: 8, - }, - A: ti.IP, - }, - }, - } -} - -func AssignTunnelIP(domain string) (*TunnelInfo, error) { - ipToDomainMapLock.Lock() - defer ipToDomainMapLock.Unlock() - - for i := 0; i < 100; i++ { - // get random IP - r, err := random.Bytes(2) - if err != nil { - return nil, err - } - randomIP := net.IPv4(127, 17, r[0], r[1]) - - // clean after every 20 tries - if i > 0 && i%20 == 0 { - cleanExpiredTunnelInfos() - } - - // if it does not exist yet, set and return - _, ok := ipToDomainMap[randomIP.String()] - if !ok { - tunnelInfo := &TunnelInfo{ - IP: randomIP, - Domain: domain, - Expires: time.Now().Add(5 * time.Minute).Unix(), - } - ipToDomainMap[randomIP.String()] = tunnelInfo - return tunnelInfo, nil - } - } - - return nil, errors.New("could not find available tunnel IP, please retry later") -} - -func GetTunnelInfo(tunnelIP net.IP) (tunnelInfo *TunnelInfo) { - ipToDomainMapLock.RLock() - defer ipToDomainMapLock.RUnlock() - var ok bool - tunnelInfo, ok = ipToDomainMap[tunnelIP.String()] - if ok && tunnelInfo.Expires >= time.Now().Unix() { - return tunnelInfo - } - return nil -} - -func tunnelInfoCleaner() { - for { - time.Sleep(5 * time.Minute) - ipToDomainMapLock.Lock() - cleanExpiredTunnelInfos() - ipToDomainMapLock.Unlock() - } -} - -func cleanExpiredTunnelInfos() { - now := time.Now().Unix() - for domain, tunnelInfo := range ipToDomainMap { - if tunnelInfo.Expires < now { - delete(ipToDomainMap, domain) - } - } -} +// var ( +// TunnelNet4 *net.IPNet +// TunnelNet6 *net.IPNet +// TunnelEntry4 = net.IPv4(127, 0, 0, 17) +// TunnelEntry6 = net.ParseIP("fd17::17") +// +// ipToDomainMap = make(map[string]*TunnelInfo) +// ipToDomainMapLock sync.RWMutex +// ) +// +// func init() { +// var err error +// _, TunnelNet4, err = net.ParseCIDR("127.17.0.0/16") +// if err != nil { +// log.Fatalf("portmaster: could not parse 127.17.0.0/16: %s", err) +// } +// _, TunnelNet6, err = net.ParseCIDR("fd17::/64") +// if err != nil { +// log.Fatalf("portmaster: could not parse fd17::/64: %s", err) +// } +// +// go tunnelInfoCleaner() +// } +// +// type TunnelInfo struct { +// IP net.IP +// Domain string +// RRCache *intel.RRCache +// Expires int64 +// } +// +// func (ti *TunnelInfo) ExportTunnelIP() *intel.RRCache { +// return &intel.RRCache{ +// Answer: []dns.RR{ +// &dns.A{ +// Hdr: dns.RR_Header{ +// Name: ti.Domain, +// Rrtype: 1, +// Class: 1, +// Ttl: 17, +// Rdlength: 8, +// }, +// A: ti.IP, +// }, +// }, +// } +// } +// +// func AssignTunnelIP(domain string) (*TunnelInfo, error) { +// ipToDomainMapLock.Lock() +// defer ipToDomainMapLock.Unlock() +// +// for i := 0; i < 100; i++ { +// // get random IP +// r, err := random.Bytes(2) +// if err != nil { +// return nil, err +// } +// randomIP := net.IPv4(127, 17, r[0], r[1]) +// +// // clean after every 20 tries +// if i > 0 && i%20 == 0 { +// cleanExpiredTunnelInfos() +// } +// +// // if it does not exist yet, set and return +// _, ok := ipToDomainMap[randomIP.String()] +// if !ok { +// tunnelInfo := &TunnelInfo{ +// IP: randomIP, +// Domain: domain, +// Expires: time.Now().Add(5 * time.Minute).Unix(), +// } +// ipToDomainMap[randomIP.String()] = tunnelInfo +// return tunnelInfo, nil +// } +// } +// +// return nil, errors.New("could not find available tunnel IP, please retry later") +// } +// +// func GetTunnelInfo(tunnelIP net.IP) (tunnelInfo *TunnelInfo) { +// ipToDomainMapLock.RLock() +// defer ipToDomainMapLock.RUnlock() +// var ok bool +// tunnelInfo, ok = ipToDomainMap[tunnelIP.String()] +// if ok && tunnelInfo.Expires >= time.Now().Unix() { +// return tunnelInfo +// } +// return nil +// } +// +// func tunnelInfoCleaner() { +// for { +// time.Sleep(5 * time.Minute) +// ipToDomainMapLock.Lock() +// cleanExpiredTunnelInfos() +// ipToDomainMapLock.Unlock() +// } +// } +// +// func cleanExpiredTunnelInfos() { +// now := time.Now().Unix() +// for domain, tunnelInfo := range ipToDomainMap { +// if tunnelInfo.Expires < now { +// delete(ipToDomainMap, domain) +// } +// } +// }