Compare commits
No commits in common. "0d4aae1d6374fc8e9558c39dd3663f29a728f045" and "10cdd957ffaf6a8e1d1aa2cd918c3d2613f50f6b" have entirely different histories.
0d4aae1d63
...
10cdd957ff
7 changed files with 1512 additions and 400 deletions
1696
Cargo.lock
generated
1696
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
21
Cargo.toml
21
Cargo.toml
|
@ -7,21 +7,22 @@ license = "MIT OR Apache-2.0"
|
|||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
||||
[dependencies]
|
||||
anyhow = { version = "1.0.71", features = ["backtrace"] }
|
||||
async-trait = "0.1.68"
|
||||
axum = "0.6.18"
|
||||
env_logger = "0.10.0"
|
||||
idna = "0.4.0"
|
||||
log = "0.4.19"
|
||||
parking_lot = "0.12.1"
|
||||
quinn = "0.10.1"
|
||||
axum = "0.7.5"
|
||||
eyre = "0.6.12"
|
||||
idna = "1.0.0"
|
||||
parking_lot = "0.12.3"
|
||||
quinn = "0.11.2"
|
||||
rand = "0.8.5"
|
||||
rustls = "0.21.9"
|
||||
rustls-pemfile = "1.0.2"
|
||||
rustls = "0.23.10"
|
||||
rustls-pemfile = "2.1.2"
|
||||
sentry = { version = "0.34.0", default-features = false, features = ["backtrace", "contexts", "panic", "debug-images", "reqwest", "rustls"] }
|
||||
sentry-tracing = "0.34.0"
|
||||
serde = { version = "1.0.164", features = ["derive"] }
|
||||
serde_json = "1.0.97"
|
||||
thiserror = "1.0.40"
|
||||
tokio = { version = "1.28.2", features = ["rt-multi-thread", "fs", "macros", "io-util", "net"] }
|
||||
tracing = "0.1.40"
|
||||
tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
|
||||
|
||||
[profile.release]
|
||||
lto = "fat"
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 0,
|
||||
"narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
|
||||
"path": "/nix/store/asymc3nsl739p1wwr0w6xbjnqs3qb94p-source",
|
||||
"narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=",
|
||||
"path": "/nix/store/x887lkxvgnrrcfgrzz351qhfvvrkm80x-source",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -115,6 +115,12 @@
|
|||
example = "/path/to/key.pem";
|
||||
description = lib.mdDoc "Path to TLS key to use for quiclime connections.";
|
||||
};
|
||||
|
||||
sentryDsn = mkOption {
|
||||
type = types.str;
|
||||
example = "https://key@sentry.io/42";
|
||||
description = lib.mdDoc "Sentry DSN to use for error reports.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -141,6 +147,7 @@
|
|||
QUICLIME_BIND_ADDR_WEB = cfg.controlAddr;
|
||||
QUICLIME_CERT_PATH = cfg.cert;
|
||||
QUICLIME_KEY_PATH = cfg.key;
|
||||
SENTRY_DSN = cfg.sentryDsn;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
168
src/main.rs
168
src/main.rs
|
@ -2,22 +2,30 @@
|
|||
#![allow(clippy::cast_possible_truncation)]
|
||||
#![allow(clippy::cast_possible_wrap)]
|
||||
|
||||
use std::{convert::Infallible, net::SocketAddr, sync::Arc, time::Duration};
|
||||
use std::{
|
||||
convert::Infallible,
|
||||
net::SocketAddr,
|
||||
sync::{atomic::AtomicUsize, Arc},
|
||||
time::Duration,
|
||||
};
|
||||
|
||||
use anyhow::{anyhow, Context};
|
||||
use axum::{
|
||||
http::StatusCode,
|
||||
routing::{get, post},
|
||||
};
|
||||
use log::{error, info};
|
||||
use eyre::{eyre, OptionExt, WrapErr};
|
||||
use netty::{Handshake, ReadError};
|
||||
use quinn::{Connecting, ConnectionError, Endpoint, ServerConfig, TransportConfig};
|
||||
use quinn::{
|
||||
crypto::rustls::QuicServerConfig, ConnectionError, Endpoint, Incoming, ServerConfig,
|
||||
TransportConfig,
|
||||
};
|
||||
use routing::RoutingTable;
|
||||
use rustls::{Certificate, PrivateKey};
|
||||
use tokio::{
|
||||
io::{AsyncReadExt, AsyncWriteExt},
|
||||
net::TcpStream,
|
||||
net::{TcpListener, TcpStream},
|
||||
};
|
||||
use tracing::{error, info};
|
||||
use tracing_subscriber::{prelude::*, EnvFilter};
|
||||
|
||||
use crate::{
|
||||
netty::{ReadExt, WriteExt},
|
||||
|
@ -30,50 +38,24 @@ mod routing;
|
|||
mod unicode_madness;
|
||||
mod wordlist;
|
||||
|
||||
fn any_private_keys(rd: &mut dyn std::io::BufRead) -> Result<Vec<Vec<u8>>, std::io::Error> {
|
||||
let mut keys = Vec::<Vec<u8>>::new();
|
||||
|
||||
loop {
|
||||
match rustls_pemfile::read_one(rd)? {
|
||||
None => return Ok(keys),
|
||||
Some(
|
||||
rustls_pemfile::Item::RSAKey(key)
|
||||
| rustls_pemfile::Item::PKCS8Key(key)
|
||||
| rustls_pemfile::Item::ECKey(key),
|
||||
) => keys.push(key),
|
||||
_ => {}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
fn get_certs() -> anyhow::Result<(Vec<Certificate>, PrivateKey)> {
|
||||
let mut cert_file = std::io::BufReader::new(std::fs::File::open(
|
||||
std::env::var("QUICLIME_CERT_PATH").context("Reading QUICLIME_CERT_PATH")?,
|
||||
)?);
|
||||
let certs = rustls_pemfile::certs(&mut cert_file)?
|
||||
.into_iter()
|
||||
.map(Certificate)
|
||||
async fn create_server_config() -> eyre::Result<ServerConfig> {
|
||||
let cert_file =
|
||||
tokio::fs::read(std::env::var("QUICLIME_CERT_PATH").context("Reading QUICLIME_CERT_PATH")?)
|
||||
.await?;
|
||||
let cert_chain = rustls_pemfile::certs(&mut cert_file.as_slice())
|
||||
.filter_map(Result::ok)
|
||||
.collect();
|
||||
let mut key_file = std::io::BufReader::new(std::fs::File::open(
|
||||
std::env::var("QUICLIME_KEY_PATH").context("Reading QUICLIME_KEY_PATH")?,
|
||||
)?);
|
||||
let key = PrivateKey(
|
||||
any_private_keys(&mut key_file)?
|
||||
.into_iter()
|
||||
.next()
|
||||
.ok_or(anyhow::anyhow!("No private key?"))?,
|
||||
);
|
||||
Ok((certs, key))
|
||||
}
|
||||
|
||||
async fn create_server_config() -> anyhow::Result<ServerConfig> {
|
||||
let (cert_chain, key_der) = tokio::task::spawn_blocking(get_certs).await??;
|
||||
let key_file =
|
||||
tokio::fs::read(std::env::var("QUICLIME_KEY_PATH").context("Reading QUICLIME_KEY_PATH")?)
|
||||
.await?;
|
||||
let key_der = rustls_pemfile::private_key(&mut key_file.as_slice())?
|
||||
.ok_or_eyre("No private key in QUICLIME_KEY_PATH!")?;
|
||||
let mut rustls_config = rustls::ServerConfig::builder()
|
||||
.with_safe_defaults()
|
||||
.with_no_client_auth()
|
||||
.with_single_cert(cert_chain, key_der)?;
|
||||
rustls_config.alpn_protocols = vec![b"quiclime".to_vec()];
|
||||
let mut config = ServerConfig::with_crypto(Arc::new(rustls_config));
|
||||
let config: QuicServerConfig = rustls_config.try_into()?;
|
||||
let mut config = ServerConfig::with_crypto(Arc::new(config));
|
||||
let mut transport = TransportConfig::default();
|
||||
transport
|
||||
.max_concurrent_bidi_streams(1u32.into())
|
||||
|
@ -83,9 +65,32 @@ async fn create_server_config() -> anyhow::Result<ServerConfig> {
|
|||
Ok(config)
|
||||
}
|
||||
|
||||
static CLIENT_COUNT: AtomicUsize = AtomicUsize::new(0);
|
||||
|
||||
struct ClientCounterGuard;
|
||||
|
||||
impl ClientCounterGuard {
|
||||
fn new() -> Self {
|
||||
CLIENT_COUNT.fetch_add(1, std::sync::atomic::Ordering::Relaxed);
|
||||
Self
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for ClientCounterGuard {
|
||||
fn drop(&mut self) {
|
||||
CLIENT_COUNT.fetch_sub(1, std::sync::atomic::Ordering::Relaxed);
|
||||
}
|
||||
}
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() -> anyhow::Result<()> {
|
||||
env_logger::init();
|
||||
async fn main() -> eyre::Result<()> {
|
||||
let _guard = sentry::init(std::env::var("SENTRY_DSN").ok());
|
||||
tracing_subscriber::registry()
|
||||
.with(EnvFilter::from_default_env())
|
||||
.with(tracing_subscriber::fmt::layer())
|
||||
.with(sentry_tracing::layer())
|
||||
.init();
|
||||
rustls::crypto::aws_lc_rs::default_provider().install_default().unwrap();
|
||||
// JUSTIFICATION: this lives until the end of the entire program
|
||||
let endpoint = Box::leak(Box::new(Endpoint::server(
|
||||
create_server_config().await?,
|
||||
|
@ -106,10 +111,7 @@ async fn main() -> anyhow::Result<()> {
|
|||
Ok(())
|
||||
}
|
||||
|
||||
async fn try_handle_quic(
|
||||
connection: Connecting,
|
||||
routing_table: &RoutingTable,
|
||||
) -> anyhow::Result<()> {
|
||||
async fn try_handle_quic(connection: Incoming, routing_table: &RoutingTable) -> eyre::Result<()> {
|
||||
let connection = connection.await?;
|
||||
info!(
|
||||
"QUIClime connection established to: {}",
|
||||
|
@ -163,7 +165,7 @@ async fn try_handle_quic(
|
|||
} else if let Err(ConnectionError::ConnectionClosed(_)) = pair {
|
||||
break;
|
||||
}
|
||||
remote.send(pair?).map_err(|e| anyhow::anyhow!("{:?}", e))?;
|
||||
remote.send(pair?).map_err(|e| eyre!("{:?}", e))?;
|
||||
}
|
||||
routing::RouterRequest::BroadcastRequest(message) => {
|
||||
let response =
|
||||
|
@ -180,8 +182,10 @@ async fn try_handle_quic(
|
|||
}
|
||||
}
|
||||
|
||||
async fn handle_quic(connection: Connecting, routing_table: &RoutingTable) {
|
||||
#[tracing::instrument(skip(routing_table))]
|
||||
async fn handle_quic(connection: Incoming, routing_table: &RoutingTable) {
|
||||
if let Err(e) = try_handle_quic(connection, routing_table).await {
|
||||
sentry::capture_error::<dyn std::error::Error>(e.as_ref());
|
||||
error!("Error handling QUIClime connection: {}", e);
|
||||
};
|
||||
info!("Finished handling QUIClime connection");
|
||||
|
@ -190,21 +194,27 @@ async fn handle_quic(connection: Connecting, routing_table: &RoutingTable) {
|
|||
async fn listen_quic(
|
||||
endpoint: &'static Endpoint,
|
||||
routing_table: &'static RoutingTable,
|
||||
) -> anyhow::Result<Infallible> {
|
||||
) -> eyre::Result<Infallible> {
|
||||
while let Some(connection) = endpoint.accept().await {
|
||||
tokio::spawn(handle_quic(connection, routing_table));
|
||||
}
|
||||
Err(anyhow!("quiclime endpoint closed"))
|
||||
Err(eyre!("quiclime endpoint closed"))
|
||||
}
|
||||
|
||||
async fn listen_control(
|
||||
endpoint: &'static Endpoint,
|
||||
routing_table: &'static RoutingTable,
|
||||
) -> anyhow::Result<Infallible> {
|
||||
) -> eyre::Result<Infallible> {
|
||||
let app = axum::Router::new()
|
||||
.route(
|
||||
"/metrics",
|
||||
get(|| async { format!("host_count {}", routing_table.size()) }),
|
||||
get(|| async {
|
||||
format!(
|
||||
"host_count {}\nguest_count {}\n",
|
||||
routing_table.size(),
|
||||
CLIENT_COUNT.load(std::sync::atomic::Ordering::Relaxed)
|
||||
)
|
||||
}),
|
||||
)
|
||||
.route(
|
||||
"/reload-certs",
|
||||
|
@ -225,23 +235,24 @@ async fn listen_control(
|
|||
.route(
|
||||
"/stop",
|
||||
post(|| async {
|
||||
routing_table.broadcast("e4mc relay server stopping!");
|
||||
tokio::time::sleep(Duration::from_secs(1)).await;
|
||||
endpoint.close(0u32.into(), b"e4mc closing");
|
||||
}),
|
||||
);
|
||||
axum::Server::bind(
|
||||
&std::env::var("QUICLIME_BIND_ADDR_WEB")
|
||||
.context("Reading QUICLIME_BIND_ADDR_WEB")?
|
||||
.parse()?,
|
||||
let listener = TcpListener::bind(
|
||||
std::env::var("QUICLIME_BIND_ADDR_WEB").context("Reading QUICLIME_BIND_ADDR_WEB")?,
|
||||
)
|
||||
.serve(app.into_make_service())
|
||||
.await?;
|
||||
Err(anyhow!("control endpoint closed"))
|
||||
axum::serve(listener, app).await?;
|
||||
Err(eyre!("control endpoint closed"))
|
||||
}
|
||||
|
||||
async fn try_handle_minecraft(
|
||||
mut connection: TcpStream,
|
||||
routing_table: &'static RoutingTable,
|
||||
) -> anyhow::Result<()> {
|
||||
) -> eyre::Result<()> {
|
||||
let guard = ClientCounterGuard::new();
|
||||
let peer = connection.peer_addr()?;
|
||||
info!("Minecraft client connected from: {}", peer);
|
||||
let handshake = netty::read_packet(&mut connection).await;
|
||||
|
@ -259,29 +270,24 @@ async fn try_handle_minecraft(
|
|||
return politely_disconnect(connection, handshake).await;
|
||||
};
|
||||
handshake.send(&mut send_host).await?;
|
||||
let (mut recv_client, mut send_client) = connection.split();
|
||||
tokio::select! {
|
||||
_ = tokio::io::copy(&mut recv_client, &mut send_host) => (),
|
||||
_ = tokio::io::copy(&mut recv_host, &mut send_client) => ()
|
||||
}
|
||||
let mut conn_host = tokio::io::join(&mut recv_host, &mut send_host);
|
||||
_ = tokio::io::copy_bidirectional(&mut connection, &mut conn_host);
|
||||
_ = connection.shutdown().await;
|
||||
_ = send_host.finish().await;
|
||||
_ = send_host.finish();
|
||||
_ = recv_host.stop(0u32.into());
|
||||
info!("Minecraft client disconnected from: {}", peer);
|
||||
drop(guard);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn politely_disconnect(
|
||||
mut connection: TcpStream,
|
||||
handshake: Handshake,
|
||||
) -> anyhow::Result<()> {
|
||||
async fn politely_disconnect(mut connection: TcpStream, handshake: Handshake) -> eyre::Result<()> {
|
||||
match handshake.next_state {
|
||||
netty::HandshakeType::Status => {
|
||||
let packet = netty::read_packet(&mut connection).await?;
|
||||
let mut packet = packet.as_slice();
|
||||
let id = packet.read_varint()?;
|
||||
if id != 0 {
|
||||
return Err(anyhow!(
|
||||
return Err(eyre!(
|
||||
"Packet isn't a Status Request(0x00), but {:#04x}",
|
||||
id
|
||||
));
|
||||
|
@ -296,10 +302,7 @@ async fn politely_disconnect(
|
|||
let mut packet = packet.as_slice();
|
||||
let id = packet.read_varint()?;
|
||||
if id != 1 {
|
||||
return Err(anyhow!(
|
||||
"Packet isn't a Ping Request(0x01), but {:#04x}",
|
||||
id
|
||||
));
|
||||
return Err(eyre!("Packet isn't a Ping Request(0x01), but {:#04x}", id));
|
||||
}
|
||||
let payload = packet.read_long()?;
|
||||
let mut buf = Vec::with_capacity(1 + 8);
|
||||
|
@ -321,13 +324,15 @@ async fn politely_disconnect(
|
|||
Ok(())
|
||||
}
|
||||
|
||||
#[tracing::instrument(skip(routing_table))]
|
||||
async fn handle_minecraft(connection: TcpStream, routing_table: &'static RoutingTable) {
|
||||
if let Err(e) = try_handle_minecraft(connection, routing_table).await {
|
||||
error!("Error handling Minecraft connection: {}", e.backtrace());
|
||||
sentry::capture_error::<dyn std::error::Error>(e.as_ref());
|
||||
error!("Error handling Minecraft connection: {:#}", e);
|
||||
};
|
||||
}
|
||||
|
||||
async fn listen_minecraft(routing_table: &'static RoutingTable) -> anyhow::Result<Infallible> {
|
||||
async fn listen_minecraft(routing_table: &'static RoutingTable) -> eyre::Result<Infallible> {
|
||||
let server = tokio::net::TcpListener::bind(
|
||||
std::env::var("QUICLIME_BIND_ADDR_MC")
|
||||
.context("Reading QUICLIME_BIND_ADDR_MC")?
|
||||
|
@ -340,6 +345,7 @@ async fn listen_minecraft(routing_table: &'static RoutingTable) -> anyhow::Resul
|
|||
tokio::spawn(handle_minecraft(connection, routing_table));
|
||||
}
|
||||
Err(e) => {
|
||||
sentry::capture_error(&e);
|
||||
error!("Error accepting minecraft connection: {}", e);
|
||||
}
|
||||
}
|
||||
|
|
10
src/netty.rs
10
src/netty.rs
|
@ -4,9 +4,8 @@ use std::io::Read;
|
|||
|
||||
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
||||
|
||||
use async_trait::async_trait;
|
||||
use log::error;
|
||||
use thiserror::Error;
|
||||
use tracing::error;
|
||||
|
||||
#[derive(Error, Debug)]
|
||||
pub enum ReadError {
|
||||
|
@ -119,7 +118,6 @@ async fn read_varint(mut reader: impl AsyncReadExt + Unpin) -> Result<i32, ReadE
|
|||
|
||||
impl<T: Read> ReadExt for T {}
|
||||
|
||||
#[async_trait]
|
||||
pub trait WriteExt: AsyncWriteExt + Unpin {
|
||||
async fn write_varint(&mut self, mut val: i32) -> std::io::Result<()> {
|
||||
for _ in 0..5 {
|
||||
|
@ -156,10 +154,10 @@ pub enum HandshakeType {
|
|||
}
|
||||
|
||||
impl Handshake {
|
||||
pub fn new(mut packet: &[u8]) -> anyhow::Result<Self> {
|
||||
pub fn new(mut packet: &[u8]) -> eyre::Result<Self> {
|
||||
let packet_type = packet.read_varint()?;
|
||||
if packet_type != 0 {
|
||||
Err(anyhow::anyhow!("Not a Handshake packet"))
|
||||
Err(eyre::eyre!("Not a Handshake packet"))
|
||||
} else {
|
||||
let protocol_version = packet.read_varint()?;
|
||||
let server_address = packet.read_string()?;
|
||||
|
@ -167,7 +165,7 @@ impl Handshake {
|
|||
let next_state = match packet.read_varint()? {
|
||||
1 => HandshakeType::Status,
|
||||
2 => HandshakeType::Login,
|
||||
_ => return Err(anyhow::anyhow!("Invalid next state")),
|
||||
_ => return Err(eyre::eyre!("Invalid next state")),
|
||||
};
|
||||
Ok(Self {
|
||||
protocol_version,
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
use log::info;
|
||||
use log::warn;
|
||||
use parking_lot::RwLock;
|
||||
use quinn::RecvStream;
|
||||
use quinn::SendStream;
|
||||
|
@ -7,6 +5,8 @@ use rand::prelude::*;
|
|||
use std::collections::HashMap;
|
||||
use tokio::sync::mpsc;
|
||||
use tokio::sync::oneshot;
|
||||
use tracing::info;
|
||||
use tracing::warn;
|
||||
|
||||
#[derive(Debug)]
|
||||
pub enum RouterRequest {
|
||||
|
|
Loading…
Reference in a new issue