[feat] expose set transport

webapi mainly for tests, but it's usable too
author: kali kaneko (leap communications) <kali@leap.se> 2021-05-28 12:26:11 +0200
committer: kali kaneko (leap communications) <kali@leap.se> 2021-06-01 12:31:48 +0200
commit: 1bd2637e3133d895d1e73931f8b3466a5761d9ef (patch)
tree: 1bd75f2a91f30d996030a8531fefbb29f7c41831 /pkg
parent: c6c0209ad45fb7d2e45370ee3a39f2dd437603b0 (diff)
5 files changed, 87 insertions, 31 deletions
diff --git a/pkg/backend/api.go b/pkg/backend/api.go
index 0db26ae..e96c65b 100644
--- a/pkg/backend/api.go
+++ b/pkg/backend/api.go
@@ -83,6 +83,10 @@ func UseTransport(label string) {
 	ctx.bm.UseTransport(label)
 }
 
+func GetTransport() *C.char {
+	return C.CString(ctx.bm.GetTransport())
+}
+
 func Quit() {
 	if ctx.autostart != nil {
 		ctx.autostart.Disable()
diff --git a/pkg/backend/status.go b/pkg/backend/status.go
index bdbdd35..1ec5c4f 100644
--- a/pkg/backend/status.go
+++ b/pkg/backend/status.go
@@ -57,7 +57,8 @@ type connectionCtx struct {
 func (c *connectionCtx) toJson() ([]byte, error) {
 	statusMutex.Lock()
 	if c.bm != nil {
-		c.Locations = c.bm.ListLocationFullness("openvpn")
+		transport := c.bm.GetTransport()
+		c.Locations = c.bm.ListLocationFullness(transport)
 		c.CurrentGateway = c.bm.GetCurrentGateway()
 		c.CurrentLocation = c.bm.GetCurrentLocation()
 		c.CurrentCountry = c.bm.GetCurrentCountry()
diff --git a/pkg/backend/webapi.go b/pkg/backend/webapi.go
index 903112e..a14974e 100644
--- a/pkg/backend/webapi.go
+++ b/pkg/backend/webapi.go
@@ -49,7 +49,7 @@ func webGatewaySet(w http.ResponseWriter, r *http.Request) {
 			fmt.Fprintf(w, "ParseForm() err: %v", err)
 			return
 		}
-		gwLabel := r.FormValue("gw")
+		gwLabel := r.FormValue("transport")
 		fmt.Fprintf(w, "selected gateway: %s\n", gwLabel)
 		ctx.bm.UseGateway(gwLabel)
 		// TODO make sure we don't tear the fw down on reconnect...
@@ -63,23 +63,48 @@ func webGatewaySet(w http.ResponseWriter, r *http.Request) {
 }
 
 func webGatewayList(w http.ResponseWriter, r *http.Request) {
-	locationJson, err := json.Marshal(ctx.bm.ListLocationFullness("openvpn"))
+	transport := ctx.bm.GetTransport()
+	locationJson, err := json.Marshal(ctx.bm.ListLocationFullness(transport))
 	if err != nil {
 		fmt.Fprintf(w, "Error converting json: %v", err)
 	}
 	fmt.Fprintf(w, string(locationJson))
 }
 
-// TODO
 func webTransportGet(w http.ResponseWriter, r *http.Request) {
+	t, err := json.Marshal(ctx.bm.GetTransport())
+	if err != nil {
+		fmt.Fprintf(w, "Error converting json: %v", err)
+	}
+	fmt.Fprintf(w, string(t))
+
 }
 
-// TODO
 func webTransportSet(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case "POST":
+		if err := r.ParseForm(); err != nil {
+			fmt.Fprintf(w, "ParseForm() err: %v", err)
+			return
+		}
+		t := r.FormValue("transport")
+		if isValidTransport(t) {
+			fmt.Fprintf(w, "Selected transport: %s\n", t)
+			go ctx.bm.SetTransport(string(t))
+		} else {
+			fmt.Fprintf(w, "Unknown transport: %s\n", t)
+		}
+	default:
+		fmt.Fprintf(w, "Only POST supported.")
+	}
 }
 
-// TODO
 func webTransportList(w http.ResponseWriter, r *http.Request) {
+	t, err := json.Marshal([]string{"openvpn", "obfs4"})
+	if err != nil {
+		fmt.Fprintf(w, "Error converting json: %v", err)
+	}
+	fmt.Fprintf(w, string(t))
 }
 
 func webQuit(w http.ResponseWriter, r *http.Request) {
@@ -97,10 +122,19 @@ func enableWebAPI(port int) {
 	http.Handle("/vpn/gw/get", CheckAuth(http.HandlerFunc(webGatewayGet), token))
 	http.Handle("/vpn/gw/set", CheckAuth(http.HandlerFunc(webGatewaySet), token))
 	http.Handle("/vpn/gw/list", CheckAuth(http.HandlerFunc(webGatewayList), token))
-	//http.Handle("/vpn/transport/get", CheckAuth(http.HandlerFunc(webTransportGet), token))
-	//http.Handle("/vpn/transport/set", CheckAuth(http.HandlerFunc(webTransportSet), token))
-	//http.Handle("/vpn/transport/list", CheckAuth(http.HandlerFunc(webTransportList), token))
+	http.Handle("/vpn/transport/get", CheckAuth(http.HandlerFunc(webTransportGet), token))
+	http.Handle("/vpn/transport/set", CheckAuth(http.HandlerFunc(webTransportSet), token))
+	http.Handle("/vpn/transport/list", CheckAuth(http.HandlerFunc(webTransportList), token))
 	http.Handle("/vpn/status", CheckAuth(http.HandlerFunc(webStatus), token))
 	http.Handle("/vpn/quit", CheckAuth(http.HandlerFunc(webQuit), token))
 	http.ListenAndServe(":"+strconv.Itoa(port), nil)
 }
+
+func isValidTransport(t string) bool {
+	for _, b := range []string{"openvpn", "obfs4"} {
+		if b == t {
+			return true
+		}
+	}
+	return false
+}
diff --git a/pkg/bitmask/bitmask.go b/pkg/bitmask/bitmask.go
index 3f484e8..b430808 100644
--- a/pkg/bitmask/bitmask.go
+++ b/pkg/bitmask/bitmask.go
@@ -30,6 +30,8 @@ type Bitmask interface {
 	ListLocationFullness(protocol string) map[string]float64
 	UseGateway(name string)
 	UseAutomaticGateway()
+	GetTransport() string
+	SetTransport(string) error
 	GetCurrentGateway() string
 	GetCurrentLocation() string
 	GetCurrentCountry() string
diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go
index 244195b..d69f4e6 100644
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -121,26 +121,8 @@ func (b *Bitmask) listenShapeErr() {
 
 func (b *Bitmask) startOpenVPN() error {
 	arg := []string{}
-	// Empty transport means we get only the openvpn gateways
-	if b.transport == "" {
-		arg = b.openvpnArgs
-		gateways, err := b.bonafide.GetGateways("openvpn")
-		if err != nil {
-			return err
-		}
-		err = b.launch.firewallStart(gateways)
-		if err != nil {
-			return err
-		}
-
-		for _, gw := range gateways {
-			for _, port := range gw.Ports {
-				arg = append(arg, "--remote", gw.IPAddress, port, "tcp4")
-			}
-		}
-	} else {
-		// For now, obf4 is the only supported Pluggable Transport
-		gateways, err := b.bonafide.GetGateways(b.transport)
+	if b.GetTransport() == "obfs4" {
+		gateways, err := b.bonafide.GetGateways("obfs4")
 		if err != nil {
 			return err
 		}
@@ -164,6 +146,22 @@ func (b *Bitmask) startOpenVPN() error {
 		proxyArgs := strings.Split(proxy, ":")
 		arg = append(arg, "--remote", proxyArgs[0], proxyArgs[1], "tcp4")
 		arg = append(arg, "--route", gw.IPAddress, "255.255.255.255", "net_gateway")
+	} else {
+		arg = b.openvpnArgs
+		gateways, err := b.bonafide.GetGateways("openvpn")
+		if err != nil {
+			return err
+		}
+		err = b.launch.firewallStart(gateways)
+		if err != nil {
+			return err
+		}
+
+		for _, gw := range gateways {
+			for _, port := range gw.Ports {
+				arg = append(arg, "--remote", gw.IPAddress, port, "tcp4")
+			}
+		}
 	}
 	arg = append(arg,
 		"--verb", "3",
@@ -171,8 +169,8 @@ func (b *Bitmask) startOpenVPN() error {
 		"--management", openvpnManagementAddr, openvpnManagementPort,
 		"--ca", b.getTempCaCertPath(),
 		"--cert", b.certPemPath,
-		"--key", b.certPemPath,
-		"--persist-tun")
+		"--key", b.certPemPath)
+	//"--persist-tun")
 	return b.launch.openvpnStart(arg...)
 }
 
@@ -330,6 +328,23 @@ func (b *Bitmask) UseTransport(transport string) error {
 	return nil
 }
 
+func (b *Bitmask) GetTransport() string {
+	if b.transport == "obfs4" {
+		return "obfs4"
+	} else {
+		return "openvpn"
+	}
+}
+
+func (b *Bitmask) SetTransport(t string) error {
+	if t != "openvpn" && t != "obfs4" {
+		return errors.New("Transport not supported: " + t)
+	}
+	log.Println("Setting transport to", t)
+	b.transport = t
+	return nil
+}
+
 func (b *Bitmask) getTempCertPemPath() string {
 	return path.Join(b.tempdir, "openvpn.pem")
 }
author	kali kaneko (leap communications) <kali@leap.se>	2021-05-28 12:26:11 +0200
committer	kali kaneko (leap communications) <kali@leap.se>	2021-06-01 12:31:48 +0200
commit	1bd2637e3133d895d1e73931f8b3466a5761d9ef (patch)
tree	1bd75f2a91f30d996030a8531fefbb29f7c41831 /pkg
parent	c6c0209ad45fb7d2e45370ee3a39f2dd437603b0 (diff)