merge changes from master

Author: jmwample

.github/workflows/golang.yml

@@ -63,4 +63,4 @@ jobs:
         uses: golangci/golangci-lint-action@v3
         with:
           version: latest
-          args: -v --disable structcheck,govet
+          args: -v --disable structcheck,govet --timeout 5m

.gitignore

@@ -1,9 +1,11 @@
 
 backup/
-conjure
-application/application
+cmd/application/application
 libtapdance/genkey
+libtapdance/*.o
+libtapdance/*.a
 cmd/registration-server/registration-server
+cmd/registration-server/regserver
 target
 bin/
 Cargo.lock

Makefile

@@ -85,7 +85,8 @@ endif
 
 clean:
 	cargo clean
-	rm -f ${TARGETS} *.o *~ ${EXE_DIR}
+	$(RM) -rf *.o *~ ${EXE_DIR}
+	cd ./libtapdance/ && make clean
 
 ${PROTO_RS_PATH}:
 	cd ./proto/ && make

cmd/application/connectingStats.go

@@ -0,0 +1,158 @@
+package main
+
+import (
+	"fmt"
+	"sync/atomic"
+
+	cj "github.com/refraction-networking/conjure/pkg/station/lib"
+)
+
+var _ cj.ConnectingTpStats = &connStats{}
+
+type connectingCounts struct {
+	numCreatedConnecting          int64
+	numDialSuccessfulConnecting   int64
+	numListenSuccessfulConnecting int64
+	numSuccessfulConnecting       int64
+	numTimeoutConnecting          int64
+	numAuthFailConnecting         int64
+	numOtherFailConnecting        int64
+}
+
+func (c *connStats) AddCreatedConnecting(asn uint, cc string, tp string) {
+	atomic.AddInt64(&c.numCreatedConnecting, 1)
+
+	if isValidCC(cc) {
+		c.m.Lock()
+		defer c.m.Unlock()
+		if _, ok := c.v4geoIPMap[asn]; !ok {
+			// We haven't seen asn before, so add it to the map
+			c.v4geoIPMap[asn] = &asnCounts{}
+			c.v4geoIPMap[asn].cc = cc
+		}
+		atomic.AddInt64(&c.v4geoIPMap[asn].numCreatedConnecting, 1)
+	}
+}
+
+func (c *connStats) AddCreatedToListenSuccessfulConnecting(asn uint, cc string, tp string) {
+	atomic.AddInt64(&c.numCreatedConnecting, -1)
+	atomic.AddInt64(&c.numListenSuccessfulConnecting, 1)
+
+	if isValidCC(cc) {
+		c.m.Lock()
+		defer c.m.Unlock()
+		if _, ok := c.v4geoIPMap[asn]; !ok {
+			// We haven't seen asn before, so add it to the map
+			c.v4geoIPMap[asn] = &asnCounts{}
+			c.v4geoIPMap[asn].cc = cc
+		}
+		atomic.AddInt64(&c.v4geoIPMap[asn].numCreatedConnecting, -1)
+		atomic.AddInt64(&c.v4geoIPMap[asn].numListenSuccessfulConnecting, 1)
+	}
+}
+
+func (c *connStats) AddCreatedToDialSuccessfulConnecting(asn uint, cc string, tp string) {
+	atomic.AddInt64(&c.numCreatedConnecting, -1)
+	atomic.AddInt64(&c.numDialSuccessfulConnecting, 1)
+
+	if isValidCC(cc) {
+		c.m.Lock()
+		defer c.m.Unlock()
+		if _, ok := c.v4geoIPMap[asn]; !ok {
+			// We haven't seen asn before, so add it to the map
+			c.v4geoIPMap[asn] = &asnCounts{}
+			c.v4geoIPMap[asn].cc = cc
+		}
+		atomic.AddInt64(&c.v4geoIPMap[asn].numCreatedConnecting, -1)
+		atomic.AddInt64(&c.v4geoIPMap[asn].numDialSuccessfulConnecting, 1)
+	}
+}
+
+func (c *connStats) AddCreatedToSuccessfulConnecting(asn uint, cc string, tp string) {
+	atomic.AddInt64(&c.numCreatedConnecting, -1)
+	atomic.AddInt64(&c.numSuccessfulConnecting, 1)
+
+	if isValidCC(cc) {
+		c.m.Lock()
+		defer c.m.Unlock()
+		if _, ok := c.v4geoIPMap[asn]; !ok {
+			// We haven't seen asn before, so add it to the map
+			c.v4geoIPMap[asn] = &asnCounts{}
+			c.v4geoIPMap[asn].cc = cc
+		}
+		atomic.AddInt64(&c.v4geoIPMap[asn].numCreatedConnecting, -1)
+		atomic.AddInt64(&c.v4geoIPMap[asn].numSuccessfulConnecting, 1)
+	}
+}
+
+func (c *connStats) AddCreatedToTimeoutConnecting(asn uint, cc string, tp string) {
+	atomic.AddInt64(&c.numCreatedConnecting, -1)
+	atomic.AddInt64(&c.numTimeoutConnecting, 1)
+
+	if isValidCC(cc) {
+		c.m.Lock()
+		defer c.m.Unlock()
+		if _, ok := c.v4geoIPMap[asn]; !ok {
+			// We haven't seen asn before, so add it to the map
+			c.v4geoIPMap[asn] = &asnCounts{}
+			c.v4geoIPMap[asn].cc = cc
+		}
+		atomic.AddInt64(&c.v4geoIPMap[asn].numCreatedConnecting, -1)
+		atomic.AddInt64(&c.v4geoIPMap[asn].numTimeoutConnecting, 1)
+	}
+}
+
+func (c *connStats) AddSuccessfulToDiscardedConnecting(asn uint, cc string, tp string) {
+}
+
+func (c *connStats) AddAuthFailConnecting(asn uint, cc string, tp string) {
+	atomic.AddInt64(&c.numAuthFailConnecting, 1)
+
+	if isValidCC(cc) {
+		c.m.Lock()
+		defer c.m.Unlock()
+		if _, ok := c.v4geoIPMap[asn]; !ok {
+			// We haven't seen asn before, so add it to the map
+			c.v4geoIPMap[asn] = &asnCounts{}
+			c.v4geoIPMap[asn].cc = cc
+		}
+		atomic.AddInt64(&c.v4geoIPMap[asn].numAuthFailConnecting, 1)
+	}
+
+}
+
+func (c *connStats) AddOtherFailConnecting(asn uint, cc string, tp string) {
+	atomic.AddInt64(&c.numOtherFailConnecting, 1)
+
+	if isValidCC(cc) {
+		c.m.Lock()
+		defer c.m.Unlock()
+		if _, ok := c.v4geoIPMap[asn]; !ok {
+			// We haven't seen asn before, so add it to the map
+			c.v4geoIPMap[asn] = &asnCounts{}
+			c.v4geoIPMap[asn].cc = cc
+		}
+		atomic.AddInt64(&c.v4geoIPMap[asn].numOtherFailConnecting, 1)
+	}
+
+}
+
+func (c *connStats) resetConnecting() {
+	c.connectingCounts = connectingCounts{}
+}
+
+func (c *connectingCounts) string() string {
+	totalEndStates := atomic.LoadInt64(&c.numDialSuccessfulConnecting) + atomic.LoadInt64(&c.numListenSuccessfulConnecting) + atomic.LoadInt64(&c.numTimeoutConnecting) + atomic.LoadInt64(&c.numAuthFailConnecting) + atomic.LoadInt64(&c.numOtherFailConnecting)
+	if totalEndStates < 1 {
+		totalEndStates = 0
+	}
+	return fmt.Sprintf("%d %d %d %d %d %d %d",
+		atomic.LoadInt64(&c.numCreatedConnecting),
+		atomic.LoadInt64(&c.numDialSuccessfulConnecting),
+		atomic.LoadInt64(&c.numListenSuccessfulConnecting),
+		atomic.LoadInt64(&c.numTimeoutConnecting),
+		atomic.LoadInt64(&c.numAuthFailConnecting),
+		atomic.LoadInt64(&c.numOtherFailConnecting),
+		totalEndStates,
+	)
+}

cmd/application/conns.go

@@ -315,7 +315,8 @@ readLoop:
 
 	transports:
 		for i, t := range possibleTransports {
-			reg, wrapped, err = t.WrapConnection(&received, clientConn, originalDstIP, regManager)
+			wrappedReg, wrappedConn, err := t.WrapConnection(&received, clientConn, originalDstIP, regManager)
+
 			err = generalizeErr(err)
 			if errors.Is(err, transports.ErrTryAgain) {
 				continue transports
@@ -335,6 +336,16 @@ readLoop:
 				return
 			}
 
+			ok := false
+			reg, ok = wrappedReg.(*cj.DecoyRegistration)
+			if !ok {
+				logger.Errorf("unexpected returned reg type from transport: %T, expected: %T", wrapped, reg)
+				delete(possibleTransports, i)
+				continue transports
+			}
+			// set outer wrapped var
+			wrapped = wrappedConn
+
 			// We found our transport! First order of business: disable deadline
 			err = wrapped.SetDeadline(time.Time{})
 			if err != nil {
@@ -404,6 +415,8 @@ type statCounts struct {
 	totalTransitions int64 // Number of all transitions tracked
 	numNewConns      int64 // Number new connections potentially handshaking
 	numResolved      int64 // Number connections that have reached a terminal state.
+
+	connectingCounts
 }
 
 type asnCounts struct {
@@ -418,6 +431,8 @@ type connStats struct {
 	ipv6       statCounts
 	v4geoIPMap map[uint]*asnCounts
 	v6geoIPMap map[uint]*asnCounts
+
+	connectingCounts
 }
 
 func (c *connStats) PrintAndReset(logger *log.Logger) {
@@ -433,7 +448,7 @@ func (c *connStats) PrintAndReset(logger *log.Logger) {
 	}
 
 	if numASNs > 0 {
-		logger.Infof("conn-stats (IPv4): %d %d %d %d %d %.3f %d %.3f %d %.3f %d %.3f %d %.3f %d",
+		logger.Infof("conn-stats (IPv4): %d %d %d %d %d %.3f %d %.3f %d %.3f %d %.3f %d %.3f %d %s",
 			atomic.LoadInt64(&c.ipv4.numCreated),
 			atomic.LoadInt64(&c.ipv4.numReading),
 			atomic.LoadInt64(&c.ipv4.numChecking),
@@ -449,6 +464,7 @@ func (c *connStats) PrintAndReset(logger *log.Logger) {
 			atomic.LoadInt64(&c.ipv4.numClosed),
 			1000*float64(atomic.LoadInt64(&c.ipv4.numClosed))/epochDur,
 			numASNs,
+			c.connectingCounts.string(),
 		)
 	}
 
@@ -484,7 +500,7 @@ func (c *connStats) PrintAndReset(logger *log.Logger) {
 		}
 		for asn, counts := range val {
 			var tt = math.Max(1, float64(atomic.LoadInt64(&counts.totalTransitions)))
-			logger.Infof("conn-stats-verbose (IPv%d): %d %s %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %d %d %d %d",
+			logger.Infof("conn-stats-verbose (IPv%d): %d %s %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %.3f %d %d %d %d %s",
 				ip_ver,
 				asn,
 				counts.cc,
@@ -530,6 +546,7 @@ func (c *connStats) PrintAndReset(logger *log.Logger) {
 				atomic.LoadInt64(&counts.numNewConns),
 				atomic.LoadInt64(&c.ipv6.numResolved),
 				atomic.LoadInt64(&counts.numResolved),
+				counts.connectingCounts.string(),
 			)
 		}
 	}
@@ -602,6 +619,8 @@ func (c *connStats) reset() {
 	c.v6geoIPMap = make(map[uint]*asnCounts)
 
 	c.epochStart = time.Now()
+
+	c.resetConnecting()
 }
 
 func (c *connStats) addCreated(asn uint, cc string, isIPv4 bool) {

cmd/application/go.mod

@@ -0,0 +1,3 @@
+module github.com/refraction-networking/conjure/cmd/application
+
+go 1.20

cmd/application/go.sum

@@ -0,0 +1,4 @@
+github.com/refraction-networking/conjure v0.6.0-dtlsbeta h1:4k0Y93MR6sgLQUs2nFyUZO0pdSx5JWDPjFq/EpuVsnQ=
+github.com/refraction-networking/conjure v0.6.0-dtlsbeta/go.mod h1:/Ah4d0Pa8tIjKHaZhA/50l0E+IehYmzewSg46SfG7hw=
+github.com/refraction-networking/conjure v0.6.0 h1:kDOWPE9WY+zquJsXDifxjUh98LlqJB+fhlEyoqQdlug=
+github.com/refraction-networking/conjure v0.6.0/go.mod h1:iRRZEI3nZsBLn1Er6xPwGwi68XNCKlno4kkWlMvMSk8=

cmd/application/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"flag"
+	"net"
 	"os"
 	"os/signal"
 	"strconv"
@@ -12,6 +13,7 @@ import (
 
 	cj "github.com/refraction-networking/conjure/pkg/station/lib"
 	"github.com/refraction-networking/conjure/pkg/station/log"
+	"github.com/refraction-networking/conjure/pkg/transports/connecting/dtls"
 	"github.com/refraction-networking/conjure/pkg/transports/wrapping/min"
 	"github.com/refraction-networking/conjure/pkg/transports/wrapping/obfs4"
 	"github.com/refraction-networking/conjure/pkg/transports/wrapping/prefix"
@@ -53,7 +55,38 @@ func main() {
 	}
 	log.SetLevel(logLevel)
 
+	connManager := newConnManager(nil)
+
+	conf.RegConfig.ConnectingStats = connManager
+
 	regManager := cj.NewRegistrationManager(conf.RegConfig)
+
+	logIPDTLS := func(logger func(asn uint, cc, tp string)) func(*net.IP) {
+		return func(ip *net.IP) {
+			cc, err := regManager.GeoIP.CC(*ip)
+			if err != nil {
+				return
+			}
+
+			var asn uint = 0
+			if cc != "unk" {
+				asn, err = regManager.GeoIP.ASN(*ip)
+				if err != nil {
+					return
+				}
+			}
+
+			logger(asn, cc, "dtls")
+		}
+	}
+
+	dtlsTransport, err := dtls.NewTransport(logIPDTLS(connManager.AddAuthFailConnecting), logIPDTLS(connManager.AddOtherFailConnecting), logIPDTLS(connManager.AddCreatedToDialSuccessfulConnecting), logIPDTLS(connManager.AddCreatedToListenSuccessfulConnecting))
+
+	if err != nil {
+		log.Fatalf("failed to setup dtls: %v", err)
+	}
+	enabledTransports[pb.TransportType_DTLS] = dtlsTransport
+
 	sharedLogger = regManager.Logger
 	logger := sharedLogger
 	defer regManager.Cleanup()
@@ -98,8 +131,6 @@ func main() {
 		logger.Fatal("error creating ZMQ Ingest: %w", err)
 	}
 
-	connManager := newConnManager(nil)
-
 	cj.Stat().AddStatsModule(zmqIngester, false)
 	cj.Stat().AddStatsModule(regManager.LivenessTester, false)
 	cj.Stat().AddStatsModule(cj.GetProxyStats(), false)

cmd/application/registration_with_transport_test.go

@@ -64,8 +64,10 @@ func TestManagerFunctionality(t *testing.T) {
 	storedReg := potentialRegistrations[string(core.ConjureHMAC(newReg.Keys.SharedSecret, "MinTrasportHMACString"))]
 	require.NotNil(t, storedReg)
 
-	if storedReg.PhantomIp.String() != "192.122.190.148" || storedReg.Covert != "52.44.73.6:443" {
-		t.Fatalf("Improper registration returned: %v\n", storedReg.String())
+	reg := storedReg.(*cj.DecoyRegistration)
+
+	if reg.PhantomIp.String() != "192.122.190.148" || reg.Covert != "52.44.73.6:443" {
+		t.Fatalf("Improper registration returned: %v\n", reg.String())
 	}
 }