diff --git a/src/bin/punchnet/main.rs b/src/bin/punchnet/main.rs index 7c04330..85274d2 100755 --- a/src/bin/punchnet/main.rs +++ b/src/bin/punchnet/main.rs @@ -18,11 +18,11 @@ use libc::{SIGTERM, kill}; use punchnet::CachedLoginInfo; use punchnet::CommandLineInput2; use punchnet::Commands; -use punchnet::create_or_load_mac; use punchnet::get_access_token; use punchnet::get_base_dir; use punchnet::get_edge; use punchnet::ip_string_to_u32; +use punchnet::load_configuration; use punchnet::restore_dns; use punchnet::run_sdlan; use punchnet::set_access_token; @@ -291,7 +291,11 @@ fn main() { let client_id = create_or_load_uuid(&format!("{}/.id", get_base_dir()), None).unwrap(); - let mac = create_or_load_mac(); + let local_config = load_configuration(); + + let mac = local_config.mac.unwrap(); + let allow_routing = local_config.allow_routing.unwrap_or(false); + let system = SYSTEM; let version = env!("CARGO_PKG_VERSION"); @@ -386,22 +390,22 @@ fn main() { match daemonize.start() { Ok(_) => { - run_it(cmd, client_id, mac, system, version); + run_it(cmd, client_id, allow_routing, mac, system, version); } Err(e) => { eprintln!("failed to daemonize"); } } } else { - run_it(cmd, client_id, mac, system, version); + run_it(cmd, client_id, allow_routing, mac, system, version); } #[cfg(target_os = "windows")] - run_it(cmd, client_id, mac, system, version); + run_it(cmd, client_id, allow_routing, mac, system, version); } -fn run_it(cmd: CommandLineInput2, client_id: String, mac: Mac, system: &str, version: &str) { +fn run_it(cmd: CommandLineInput2, client_id: String, allow_routing: bool, mac: Mac, system: &str, version: &str) { let rt = Runtime::new().unwrap(); match &cmd.cmd { Commands::Start(rtinfo) => { @@ -417,7 +421,7 @@ fn run_it(cmd: CommandLineInput2, client_id: String, mac: Mac, system: &str, ver let connect_info = parse_connect_result( connect(TEST_PREFIX, &client_id, &remembered.access_token).await ); - daemonize_me(rtinfo.allow_routing, connect_info, remembered, client_id, rtinfo.route_file.clone(), rtinfo.route.clone(), mac).await; + daemonize_me(rtinfo.allow_routing || allow_routing, connect_info, remembered, client_id, rtinfo.route_file.clone(), rtinfo.route.clone(), mac).await; }) } Commands::AutoRun(tk) => { @@ -442,7 +446,7 @@ fn run_it(cmd: CommandLineInput2, client_id: String, mac: Mac, system: &str, ver let connect_info = parse_connect_result( connect(TEST_PREFIX, &client_id, &remembered.access_token).await ); - daemonize_me(tk.allow_routing, connect_info, remembered, client_id, tk.route_file.clone(), tk.route.clone(), mac).await; + daemonize_me(tk.allow_routing || allow_routing, connect_info, remembered, client_id, tk.route_file.clone(), tk.route.clone(), mac).await; }) } diff --git a/src/network/packet.rs b/src/network/packet.rs index d308cf6..7331dfa 100755 --- a/src/network/packet.rs +++ b/src/network/packet.rs @@ -896,7 +896,7 @@ async fn handle_tun_packet( dst_port: tcp_header.source_port, proto:IpNumber::TCP.0, }; - let (valid, need_refresh) = eee.rule_cache.is_identity_ok(pkt.identity_id, five_tuple); + let (valid, need_refresh) = eee.rule_cache.is_identity_ok(eee.config.allow_routing.load(Ordering::Relaxed), pkt.identity_id, five_tuple); if need_refresh { renew_identity_request(eee, pkt.identity_id).await; } @@ -913,7 +913,7 @@ async fn handle_tun_packet( dst_port: udp_header.source_port, proto:IpNumber::UDP.0, }; - let (valid, need_refresh) = eee.rule_cache.is_identity_ok(pkt.identity_id, five_tuple); + let (valid, need_refresh) = eee.rule_cache.is_identity_ok(eee.config.allow_routing.load(Ordering::Relaxed), pkt.identity_id, five_tuple); if need_refresh { renew_identity_request(eee, pkt.identity_id).await; } diff --git a/src/tcp/quic.rs b/src/tcp/quic.rs index 35e77a9..794d250 100644 --- a/src/tcp/quic.rs +++ b/src/tcp/quic.rs @@ -11,7 +11,7 @@ use tracing::{debug, error, warn}; #[cfg(target_os = "linux")] use crate::network::{set_allow_routing, set_disallow_routing}; -use crate::{AesEncryptor, Chacha20Encryptor, ConnectionInfo, ConnectionState, MyEncryptor, RuleFromServer, config::{NULL_MAC, TCP_PING_TIME}, get_edge, network::{ARP_REPLY, ArpHdr, EthHdr, Node, RegisterSuperFeedback, StartStopInfo, arp_reply_arrived, check_peer_registration_needed, handle_packet_peer_info}, pb::{SdlArpResponse, SdlCommand, SdlCommandAck, SdlEvent, SdlPolicyResponse, SdlRegisterSuper, SdlRegisterSuperAck, SdlRegisterSuperNak, encode_to_tcp_message, sdl_command, sdl_event::{self, Event, SendRegister}}, tcp::{EventType, NakMsgCode, NatType, PacketType, SdlanTcp, read_a_packet, send_stun_request}}; +use crate::{AesEncryptor, Chacha20Encryptor, ConnectionInfo, ConnectionState, MyEncryptor, RuleFromServer, config::{NULL_MAC, TCP_PING_TIME}, get_edge, load_configuration, network::{ARP_REPLY, ArpHdr, EthHdr, Node, RegisterSuperFeedback, StartStopInfo, arp_reply_arrived, check_peer_registration_needed, handle_packet_peer_info}, pb::{SdlArpResponse, SdlCommand, SdlCommandAck, SdlEvent, SdlPolicyResponse, SdlRegisterSuper, SdlRegisterSuperAck, SdlRegisterSuperNak, encode_to_tcp_message, sdl_command, sdl_event::{self, Event, SendRegister}}, store_configuration, tcp::{EventType, NakMsgCode, NatType, PacketType, SdlanTcp, read_a_packet, send_stun_request}}; static GLOBAL_QUIC_HANDLE: OnceLock = OnceLock::new(); @@ -362,6 +362,9 @@ async fn handle_tcp_command(edge: &Node, cmdprotobuf: &[u8]) { if node.action == 0 { // stop let origin = edge.config.allow_routing.fetch_and(false, Ordering::Relaxed); + let mut config = load_configuration(); + config.allow_routing = Some(false); + let _ = store_configuration(&config); if origin { #[cfg(target_os = "linux")] set_disallow_routing(); @@ -369,6 +372,9 @@ async fn handle_tcp_command(edge: &Node, cmdprotobuf: &[u8]) { } else { // start let origin = edge.config.allow_routing.fetch_or(true, Ordering::Relaxed); + let mut config = load_configuration(); + config.allow_routing = Some(true); + let _ = store_configuration(&config); if !origin { #[cfg(target_os = "linux")] set_allow_routing(); diff --git a/src/utils/acl_session.rs b/src/utils/acl_session.rs index 5c16269..1d37082 100644 --- a/src/utils/acl_session.rs +++ b/src/utils/acl_session.rs @@ -138,8 +138,12 @@ impl RuleCache { self.session_table.add_session_info(info); } - pub fn is_identity_ok(&self, identity: IdentityID, info: FiveTuple) -> (bool, ShouldRenew) { - return (true, false); + pub fn is_identity_ok(&self, allow_routing: bool, identity: IdentityID, info: FiveTuple) -> (bool, ShouldRenew) { + // return (true, false); + if allow_routing { + return (true, false); + } + error!("is identity ok? {:?}", info); if self.session_table.process_packet(&info) { error!("identity is ok"); diff --git a/src/utils/file_configuration.rs b/src/utils/file_configuration.rs new file mode 100644 index 0000000..ede0b8e --- /dev/null +++ b/src/utils/file_configuration.rs @@ -0,0 +1,58 @@ +use std::path::Path; + +use sdlan_sn_rs::utils::{Mac, Result}; +use serde::{Deserialize, Serialize}; + +use crate::{generate_mac_address, get_base_dir}; + + +#[derive(Serialize, Deserialize, Debug)] +pub struct LocalConfigInfo { + pub allow_routing: Option, + pub mac: Option<[u8; 6]> +} + +pub fn store_configuration(config: &LocalConfigInfo) -> Result<()> { + let path = format!("{}/.config", get_base_dir()); + let data = serde_json::to_string(config)?; + std::fs::write(&path, data)?; + Ok(()) +} + +fn load_or_create_new_mac() -> Mac { + let path = format!("{}/.mac", get_base_dir()); + let mut mac = None; + if let Ok(content) = std::fs::read(&path) { + if content.len() == 6 { + let mut mac_slice = [0; 6]; + mac_slice.copy_from_slice(&content); + mac = Some(mac_slice); + } + } + let _ = std::fs::remove_file(&path); + if let None = mac { + mac = Some(generate_mac_address()); + } + mac.unwrap() +} + +pub fn load_configuration() -> LocalConfigInfo { + let path = format!("{}/.config", get_base_dir()); + if let Ok(content) = std::fs::read(&path) { + if let Ok(mut config) = serde_json::from_slice::(&content) { + if config.mac.is_none() { + config.mac = Some(load_or_create_new_mac()); + let _ = store_configuration(&config); + } + return config; + } + } + + let mac = Some(load_or_create_new_mac()); + let config = LocalConfigInfo { + allow_routing: Some(false), + mac, + }; + let _ = store_configuration(&config); + config +} diff --git a/src/utils/mod.rs b/src/utils/mod.rs index 4acc172..aae3e29 100755 --- a/src/utils/mod.rs +++ b/src/utils/mod.rs @@ -2,6 +2,7 @@ mod command; mod acl_session; mod encrypter; mod system_action; +mod file_configuration; use std::{fs::OpenOptions, io::Write, net::Ipv4Addr, path::Path}; @@ -15,6 +16,7 @@ use rand::Rng; use sdlan_sn_rs::utils::{Mac, Result, SDLanError}; use serde::{Deserialize, Serialize}; pub use socks::*; +pub use file_configuration::*; use crate::get_base_dir; @@ -59,6 +61,7 @@ pub fn set_access_token(cache_info: &CachedLoginInfo) -> Result<()> { Ok(()) } +/* pub fn create_or_load_mac() -> Mac { let path = format!("{}/.mac", get_base_dir()); if let Ok(content) = std::fs::read(&path) { @@ -72,6 +75,7 @@ pub fn create_or_load_mac() -> Mac { let _ = save_to_file_binary(&path, &mac); mac } +*/ pub fn save_to_file_binary(idfile: &str, content: &[u8]) -> Result<()> {