New connection protocol version with encrypted features map

prog/weaver/main.go

@@ -32,28 +32,30 @@ func main() {
 	runtime.GOMAXPROCS(procs)
 
 	var (
-		config       weave.Config
-		justVersion  bool
-		ifaceName    string
-		routerName   string
-		nickName     string
-		password     string
-		wait         int
-		pktdebug     bool
-		logLevel     string
-		prof         string
-		bufSzMB      int
-		noDiscovery  bool
-		httpAddr     string
-		iprangeCIDR  string
-		ipsubnetCIDR string
-		peerCount    int
-		apiPath      string
-		peers        []string
+		config             weave.Config
+		justVersion        bool
+		protocolMinVersion int
+		ifaceName          string
+		routerName         string
+		nickName           string
+		password           string
+		wait               int
+		pktdebug           bool
+		logLevel           string
+		prof               string
+		bufSzMB            int
+		noDiscovery        bool
+		httpAddr           string
+		iprangeCIDR        string
+		ipsubnetCIDR       string
+		peerCount          int
+		apiPath            string
+		peers              []string
 	)
 
 	mflag.BoolVar(&justVersion, []string{"#version", "-version"}, false, "print version and exit")
 	mflag.IntVar(&config.Port, []string{"#port", "-port"}, weave.Port, "router port")
+	mflag.IntVar(&protocolMinVersion, []string{"-min-protocol-version"}, weave.ProtocolMinVersion, "minimum weave protocol version")
 	mflag.StringVar(&ifaceName, []string{"#iface", "-iface"}, "", "name of interface to capture/inject from (disabled if blank)")
 	mflag.StringVar(&routerName, []string{"#name", "-name"}, "", "name of router (defaults to MAC of interface)")
 	mflag.StringVar(&nickName, []string{"#nickname", "-nickname"}, "", "nickname of peer (defaults to hostname)")
@@ -82,6 +84,11 @@ func main() {
 	Log.Println("Command line options:", options())
 	Log.Println("Command line peers:", peers)
 
+	if protocolMinVersion < weave.ProtocolMinVersion || protocolMinVersion > weave.ProtocolMaxVersion {
+		Log.Fatalf("--min-protocol-version must be in range [%d,%d]", weave.ProtocolMinVersion, weave.ProtocolMaxVersion)
+	}
+	config.ProtocolMinVersion = byte(protocolMinVersion)
+
 	var err error
 
 	if ifaceName != "" {

router/connection.go

@@ -4,6 +4,7 @@ import (
 	"encoding/binary"
 	"fmt"
 	"net"
+	"strconv"
 	"sync"
 	"time"
 
@@ -117,6 +118,7 @@ func StartLocalConnection(connRemote *RemoteConnection, tcpConn *net.TCPConn, ud
 		TCPConn:          tcpConn,
 		remoteUDPAddr:    udpAddr,
 		effectivePMTU:    DefaultPMTU,
+		uid:              randUint64(),
 		actionChan:       actionChan,
 		finished:         finished}
 	go conn.run(actionChan, finished, acceptNewPeer)
@@ -282,8 +284,23 @@ func (conn *LocalConnection) run(actionChan <-chan ConnectionAction, finished ch
 	defer close(finished)
 
 	conn.TCPConn.SetLinger(0)
+	intro, err := ProtocolIntroParams{
+		MinVersion: conn.Router.ProtocolMinVersion,
+		MaxVersion: ProtocolMaxVersion,
+		Features:   conn.makeFeatures(),
+		Conn:       conn.TCPConn,
+		Password:   conn.Router.Password,
+		Outbound:   conn.outbound,
+	}.DoIntro()
+	if err != nil {
+		return
+	}
 
-	tcpReceiver, remote, err := conn.handshake()
+	conn.SessionKey = intro.SessionKey
+	conn.tcpSender = intro.Sender
+	conn.version = intro.Version
+
+	remote, err := conn.parseFeatures(intro.Features)
 	if err != nil {
 		return
 	}
@@ -292,7 +309,13 @@ func (conn *LocalConnection) run(actionChan <-chan ConnectionAction, finished ch
 		return
 	}
 
-	conn.Log("completed handshake; using protocol version", conn.version)
+	if conn.SessionKey == nil {
+		conn.Decryptor = NewNonDecryptor()
+	} else {
+		conn.Decryptor = NewNaClDecryptor(conn.SessionKey, conn.outbound)
+	}
+
+	conn.Log("connection ready; using protocol version", conn.version)
 
 	// The ordering of the following is very important. [1]
 
@@ -307,7 +330,8 @@ func (conn *LocalConnection) run(actionChan <-chan ConnectionAction, finished ch
 	if err = conn.initHeartbeats(); err != nil {
 		return
 	}
-	go conn.receiveTCP(tcpReceiver)
+
+	go conn.receiveTCP(intro.Receiver)
 	err = conn.actorLoop(actionChan)
 }
 
@@ -356,6 +380,62 @@ func (conn *LocalConnection) run(actionChan <-chan ConnectionAction, finished ch
 // prevent that completely, since, for example, forwarder can only be
 // created when we know the remote UDP address, but it helps to try.
 
+func (conn *LocalConnection) makeFeatures() map[string]string {
+	return map[string]string{
+		"PeerNameFlavour": PeerNameFlavour,
+		"Name":            conn.local.Name.String(),
+		"NickName":        conn.local.NickName,
+		"UID":             fmt.Sprint(conn.local.UID),
+		"ConnID":          fmt.Sprint(conn.uid),
+	}
+}
+
+type features map[string]string
+
+func (features features) MustHave(keys []string) error {
+	for _, key := range keys {
+		if _, ok := features[key]; !ok {
+			return fmt.Errorf("Field %s is missing", key)
+		}
+	}
+	return nil
+}
+
+func (features features) Get(key string) string {
+	return features[key]
+}
+
+func (conn *LocalConnection) parseFeatures(features features) (*Peer, error) {
+	if err := features.MustHave([]string{"PeerNameFlavour", "Name", "NickName", "UID", "ConnID"}); err != nil {
+		return nil, err
+	}
+
+	remotePeerNameFlavour := features.Get("PeerNameFlavour")
+	if remotePeerNameFlavour != PeerNameFlavour {
+		return nil, fmt.Errorf("Peer name flavour mismatch (ours: '%s', theirs: '%s')", PeerNameFlavour, remotePeerNameFlavour)
+	}
+
+	name, err := PeerNameFromString(features.Get("Name"))
+	if err != nil {
+		return nil, err
+	}
+
+	nickName := features.Get("NickName")
+
+	uid, err := ParsePeerUID(features.Get("UID"))
+	if err != nil {
+		return nil, err
+	}
+
+	remoteConnID, err := strconv.ParseUint(features.Get("ConnID"), 10, 64)
+	if err != nil {
+		return nil, err
+	}
+
+	conn.uid ^= remoteConnID
+	return NewPeer(name, nickName, uid, 0), nil
+}
+
 func (conn *LocalConnection) registerRemote(remote *Peer, acceptNewPeer bool) error {
 	if acceptNewPeer {
 		conn.remote = conn.Router.Peers.FetchWithDefault(remote)

router/consts.go

@@ -24,7 +24,6 @@ const (
 	PMTUVerifyTimeout   = 10 * time.Millisecond // gets doubled with every attempt
 	MaxDuration         = time.Duration(math.MaxInt64)
 	MaxMissedHeartbeats = 6
-	HeaderTimeout       = 10 * time.Second
 	HeartbeatTimeout    = MaxMissedHeartbeats * SlowHeartbeat
 )