Compare commits

..

No commits in common. "0d4aae1d6374fc8e9558c39dd3663f29a728f045" and "10cdd957ffaf6a8e1d1aa2cd918c3d2613f50f6b" have entirely different histories.

7 changed files with 1512 additions and 400 deletions

1696
Cargo.lock generated

File diff suppressed because it is too large Load diff

View file

@ -7,21 +7,22 @@ license = "MIT OR Apache-2.0"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
anyhow = { version = "1.0.71", features = ["backtrace"] }
async-trait = "0.1.68"
axum = "0.6.18"
env_logger = "0.10.0"
idna = "0.4.0"
log = "0.4.19"
parking_lot = "0.12.1"
quinn = "0.10.1"
axum = "0.7.5"
eyre = "0.6.12"
idna = "1.0.0"
parking_lot = "0.12.3"
quinn = "0.11.2"
rand = "0.8.5"
rustls = "0.21.9"
rustls-pemfile = "1.0.2"
rustls = "0.23.10"
rustls-pemfile = "2.1.2"
sentry = { version = "0.34.0", default-features = false, features = ["backtrace", "contexts", "panic", "debug-images", "reqwest", "rustls"] }
sentry-tracing = "0.34.0"
serde = { version = "1.0.164", features = ["derive"] }
serde_json = "1.0.97"
thiserror = "1.0.40"
tokio = { version = "1.28.2", features = ["rt-multi-thread", "fs", "macros", "io-util", "net"] }
tracing = "0.1.40"
tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
[profile.release]
lto = "fat"

View file

@ -3,8 +3,8 @@
"nixpkgs": {
"locked": {
"lastModified": 0,
"narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
"path": "/nix/store/asymc3nsl739p1wwr0w6xbjnqs3qb94p-source",
"narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=",
"path": "/nix/store/x887lkxvgnrrcfgrzz351qhfvvrkm80x-source",
"type": "path"
},
"original": {

View file

@ -115,6 +115,12 @@
example = "/path/to/key.pem";
description = lib.mdDoc "Path to TLS key to use for quiclime connections.";
};
sentryDsn = mkOption {
type = types.str;
example = "https://key@sentry.io/42";
description = lib.mdDoc "Sentry DSN to use for error reports.";
};
};
};
@ -141,6 +147,7 @@
QUICLIME_BIND_ADDR_WEB = cfg.controlAddr;
QUICLIME_CERT_PATH = cfg.cert;
QUICLIME_KEY_PATH = cfg.key;
SENTRY_DSN = cfg.sentryDsn;
};
};

View file

@ -2,22 +2,30 @@
#![allow(clippy::cast_possible_truncation)]
#![allow(clippy::cast_possible_wrap)]
use std::{convert::Infallible, net::SocketAddr, sync::Arc, time::Duration};
use std::{
convert::Infallible,
net::SocketAddr,
sync::{atomic::AtomicUsize, Arc},
time::Duration,
};
use anyhow::{anyhow, Context};
use axum::{
http::StatusCode,
routing::{get, post},
};
use log::{error, info};
use eyre::{eyre, OptionExt, WrapErr};
use netty::{Handshake, ReadError};
use quinn::{Connecting, ConnectionError, Endpoint, ServerConfig, TransportConfig};
use quinn::{
crypto::rustls::QuicServerConfig, ConnectionError, Endpoint, Incoming, ServerConfig,
TransportConfig,
};
use routing::RoutingTable;
use rustls::{Certificate, PrivateKey};
use tokio::{
io::{AsyncReadExt, AsyncWriteExt},
net::TcpStream,
net::{TcpListener, TcpStream},
};
use tracing::{error, info};
use tracing_subscriber::{prelude::*, EnvFilter};
use crate::{
netty::{ReadExt, WriteExt},
@ -30,50 +38,24 @@ mod routing;
mod unicode_madness;
mod wordlist;
fn any_private_keys(rd: &mut dyn std::io::BufRead) -> Result<Vec<Vec<u8>>, std::io::Error> {
let mut keys = Vec::<Vec<u8>>::new();
loop {
match rustls_pemfile::read_one(rd)? {
None => return Ok(keys),
Some(
rustls_pemfile::Item::RSAKey(key)
| rustls_pemfile::Item::PKCS8Key(key)
| rustls_pemfile::Item::ECKey(key),
) => keys.push(key),
_ => {}
};
}
}
fn get_certs() -> anyhow::Result<(Vec<Certificate>, PrivateKey)> {
let mut cert_file = std::io::BufReader::new(std::fs::File::open(
std::env::var("QUICLIME_CERT_PATH").context("Reading QUICLIME_CERT_PATH")?,
)?);
let certs = rustls_pemfile::certs(&mut cert_file)?
.into_iter()
.map(Certificate)
async fn create_server_config() -> eyre::Result<ServerConfig> {
let cert_file =
tokio::fs::read(std::env::var("QUICLIME_CERT_PATH").context("Reading QUICLIME_CERT_PATH")?)
.await?;
let cert_chain = rustls_pemfile::certs(&mut cert_file.as_slice())
.filter_map(Result::ok)
.collect();
let mut key_file = std::io::BufReader::new(std::fs::File::open(
std::env::var("QUICLIME_KEY_PATH").context("Reading QUICLIME_KEY_PATH")?,
)?);
let key = PrivateKey(
any_private_keys(&mut key_file)?
.into_iter()
.next()
.ok_or(anyhow::anyhow!("No private key?"))?,
);
Ok((certs, key))
}
async fn create_server_config() -> anyhow::Result<ServerConfig> {
let (cert_chain, key_der) = tokio::task::spawn_blocking(get_certs).await??;
let key_file =
tokio::fs::read(std::env::var("QUICLIME_KEY_PATH").context("Reading QUICLIME_KEY_PATH")?)
.await?;
let key_der = rustls_pemfile::private_key(&mut key_file.as_slice())?
.ok_or_eyre("No private key in QUICLIME_KEY_PATH!")?;
let mut rustls_config = rustls::ServerConfig::builder()
.with_safe_defaults()
.with_no_client_auth()
.with_single_cert(cert_chain, key_der)?;
rustls_config.alpn_protocols = vec![b"quiclime".to_vec()];
let mut config = ServerConfig::with_crypto(Arc::new(rustls_config));
let config: QuicServerConfig = rustls_config.try_into()?;
let mut config = ServerConfig::with_crypto(Arc::new(config));
let mut transport = TransportConfig::default();
transport
.max_concurrent_bidi_streams(1u32.into())
@ -83,9 +65,32 @@ async fn create_server_config() -> anyhow::Result<ServerConfig> {
Ok(config)
}
static CLIENT_COUNT: AtomicUsize = AtomicUsize::new(0);
struct ClientCounterGuard;
impl ClientCounterGuard {
fn new() -> Self {
CLIENT_COUNT.fetch_add(1, std::sync::atomic::Ordering::Relaxed);
Self
}
}
impl Drop for ClientCounterGuard {
fn drop(&mut self) {
CLIENT_COUNT.fetch_sub(1, std::sync::atomic::Ordering::Relaxed);
}
}
#[tokio::main]
async fn main() -> anyhow::Result<()> {
env_logger::init();
async fn main() -> eyre::Result<()> {
let _guard = sentry::init(std::env::var("SENTRY_DSN").ok());
tracing_subscriber::registry()
.with(EnvFilter::from_default_env())
.with(tracing_subscriber::fmt::layer())
.with(sentry_tracing::layer())
.init();
rustls::crypto::aws_lc_rs::default_provider().install_default().unwrap();
// JUSTIFICATION: this lives until the end of the entire program
let endpoint = Box::leak(Box::new(Endpoint::server(
create_server_config().await?,
@ -106,10 +111,7 @@ async fn main() -> anyhow::Result<()> {
Ok(())
}
async fn try_handle_quic(
connection: Connecting,
routing_table: &RoutingTable,
) -> anyhow::Result<()> {
async fn try_handle_quic(connection: Incoming, routing_table: &RoutingTable) -> eyre::Result<()> {
let connection = connection.await?;
info!(
"QUIClime connection established to: {}",
@ -163,7 +165,7 @@ async fn try_handle_quic(
} else if let Err(ConnectionError::ConnectionClosed(_)) = pair {
break;
}
remote.send(pair?).map_err(|e| anyhow::anyhow!("{:?}", e))?;
remote.send(pair?).map_err(|e| eyre!("{:?}", e))?;
}
routing::RouterRequest::BroadcastRequest(message) => {
let response =
@ -180,8 +182,10 @@ async fn try_handle_quic(
}
}
async fn handle_quic(connection: Connecting, routing_table: &RoutingTable) {
#[tracing::instrument(skip(routing_table))]
async fn handle_quic(connection: Incoming, routing_table: &RoutingTable) {
if let Err(e) = try_handle_quic(connection, routing_table).await {
sentry::capture_error::<dyn std::error::Error>(e.as_ref());
error!("Error handling QUIClime connection: {}", e);
};
info!("Finished handling QUIClime connection");
@ -190,21 +194,27 @@ async fn handle_quic(connection: Connecting, routing_table: &RoutingTable) {
async fn listen_quic(
endpoint: &'static Endpoint,
routing_table: &'static RoutingTable,
) -> anyhow::Result<Infallible> {
) -> eyre::Result<Infallible> {
while let Some(connection) = endpoint.accept().await {
tokio::spawn(handle_quic(connection, routing_table));
}
Err(anyhow!("quiclime endpoint closed"))
Err(eyre!("quiclime endpoint closed"))
}
async fn listen_control(
endpoint: &'static Endpoint,
routing_table: &'static RoutingTable,
) -> anyhow::Result<Infallible> {
) -> eyre::Result<Infallible> {
let app = axum::Router::new()
.route(
"/metrics",
get(|| async { format!("host_count {}", routing_table.size()) }),
get(|| async {
format!(
"host_count {}\nguest_count {}\n",
routing_table.size(),
CLIENT_COUNT.load(std::sync::atomic::Ordering::Relaxed)
)
}),
)
.route(
"/reload-certs",
@ -225,23 +235,24 @@ async fn listen_control(
.route(
"/stop",
post(|| async {
routing_table.broadcast("e4mc relay server stopping!");
tokio::time::sleep(Duration::from_secs(1)).await;
endpoint.close(0u32.into(), b"e4mc closing");
}),
);
axum::Server::bind(
&std::env::var("QUICLIME_BIND_ADDR_WEB")
.context("Reading QUICLIME_BIND_ADDR_WEB")?
.parse()?,
let listener = TcpListener::bind(
std::env::var("QUICLIME_BIND_ADDR_WEB").context("Reading QUICLIME_BIND_ADDR_WEB")?,
)
.serve(app.into_make_service())
.await?;
Err(anyhow!("control endpoint closed"))
axum::serve(listener, app).await?;
Err(eyre!("control endpoint closed"))
}
async fn try_handle_minecraft(
mut connection: TcpStream,
routing_table: &'static RoutingTable,
) -> anyhow::Result<()> {
) -> eyre::Result<()> {
let guard = ClientCounterGuard::new();
let peer = connection.peer_addr()?;
info!("Minecraft client connected from: {}", peer);
let handshake = netty::read_packet(&mut connection).await;
@ -259,29 +270,24 @@ async fn try_handle_minecraft(
return politely_disconnect(connection, handshake).await;
};
handshake.send(&mut send_host).await?;
let (mut recv_client, mut send_client) = connection.split();
tokio::select! {
_ = tokio::io::copy(&mut recv_client, &mut send_host) => (),
_ = tokio::io::copy(&mut recv_host, &mut send_client) => ()
}
let mut conn_host = tokio::io::join(&mut recv_host, &mut send_host);
_ = tokio::io::copy_bidirectional(&mut connection, &mut conn_host);
_ = connection.shutdown().await;
_ = send_host.finish().await;
_ = send_host.finish();
_ = recv_host.stop(0u32.into());
info!("Minecraft client disconnected from: {}", peer);
drop(guard);
Ok(())
}
async fn politely_disconnect(
mut connection: TcpStream,
handshake: Handshake,
) -> anyhow::Result<()> {
async fn politely_disconnect(mut connection: TcpStream, handshake: Handshake) -> eyre::Result<()> {
match handshake.next_state {
netty::HandshakeType::Status => {
let packet = netty::read_packet(&mut connection).await?;
let mut packet = packet.as_slice();
let id = packet.read_varint()?;
if id != 0 {
return Err(anyhow!(
return Err(eyre!(
"Packet isn't a Status Request(0x00), but {:#04x}",
id
));
@ -296,10 +302,7 @@ async fn politely_disconnect(
let mut packet = packet.as_slice();
let id = packet.read_varint()?;
if id != 1 {
return Err(anyhow!(
"Packet isn't a Ping Request(0x01), but {:#04x}",
id
));
return Err(eyre!("Packet isn't a Ping Request(0x01), but {:#04x}", id));
}
let payload = packet.read_long()?;
let mut buf = Vec::with_capacity(1 + 8);
@ -321,13 +324,15 @@ async fn politely_disconnect(
Ok(())
}
#[tracing::instrument(skip(routing_table))]
async fn handle_minecraft(connection: TcpStream, routing_table: &'static RoutingTable) {
if let Err(e) = try_handle_minecraft(connection, routing_table).await {
error!("Error handling Minecraft connection: {}", e.backtrace());
sentry::capture_error::<dyn std::error::Error>(e.as_ref());
error!("Error handling Minecraft connection: {:#}", e);
};
}
async fn listen_minecraft(routing_table: &'static RoutingTable) -> anyhow::Result<Infallible> {
async fn listen_minecraft(routing_table: &'static RoutingTable) -> eyre::Result<Infallible> {
let server = tokio::net::TcpListener::bind(
std::env::var("QUICLIME_BIND_ADDR_MC")
.context("Reading QUICLIME_BIND_ADDR_MC")?
@ -340,6 +345,7 @@ async fn listen_minecraft(routing_table: &'static RoutingTable) -> anyhow::Resul
tokio::spawn(handle_minecraft(connection, routing_table));
}
Err(e) => {
sentry::capture_error(&e);
error!("Error accepting minecraft connection: {}", e);
}
}

View file

@ -4,9 +4,8 @@ use std::io::Read;
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use async_trait::async_trait;
use log::error;
use thiserror::Error;
use tracing::error;
#[derive(Error, Debug)]
pub enum ReadError {
@ -119,7 +118,6 @@ async fn read_varint(mut reader: impl AsyncReadExt + Unpin) -> Result<i32, ReadE
impl<T: Read> ReadExt for T {}
#[async_trait]
pub trait WriteExt: AsyncWriteExt + Unpin {
async fn write_varint(&mut self, mut val: i32) -> std::io::Result<()> {
for _ in 0..5 {
@ -156,10 +154,10 @@ pub enum HandshakeType {
}
impl Handshake {
pub fn new(mut packet: &[u8]) -> anyhow::Result<Self> {
pub fn new(mut packet: &[u8]) -> eyre::Result<Self> {
let packet_type = packet.read_varint()?;
if packet_type != 0 {
Err(anyhow::anyhow!("Not a Handshake packet"))
Err(eyre::eyre!("Not a Handshake packet"))
} else {
let protocol_version = packet.read_varint()?;
let server_address = packet.read_string()?;
@ -167,7 +165,7 @@ impl Handshake {
let next_state = match packet.read_varint()? {
1 => HandshakeType::Status,
2 => HandshakeType::Login,
_ => return Err(anyhow::anyhow!("Invalid next state")),
_ => return Err(eyre::eyre!("Invalid next state")),
};
Ok(Self {
protocol_version,

View file

@ -1,5 +1,3 @@
use log::info;
use log::warn;
use parking_lot::RwLock;
use quinn::RecvStream;
use quinn::SendStream;
@ -7,6 +5,8 @@ use rand::prelude::*;
use std::collections::HashMap;
use tokio::sync::mpsc;
use tokio::sync::oneshot;
use tracing::info;
use tracing::warn;
#[derive(Debug)]
pub enum RouterRequest {