// Accepts an incoming tunneling request from a remote, initializes and stores
// the new tunnel into the connection state.
func (c *Connection) buildTunnel(remote uint64, id uint64, key []byte, addrs []string, timeout time.Duration) (*Tunnel, error) {
deadline := time.Now().Add(timeout)
// Create the local tunnel endpoint
c.tunLock.Lock()
tunId := c.tunIdx
tun := &Tunnel{
id: tunId,
owner: c,
term: make(chan struct{}),
}
c.tunIdx++
c.tunLive[tunId] = tun
c.tunLock.Unlock()
// Dial the remote tunnel listener
var err error
var strm *stream.Stream
for _, addr := range addrs {
strm, err = stream.Dial(addr, timeout)
if err == nil {
break
}
}
// If no error occurred, initialize the client endpoint
if err == nil {
var conn *link.Link
conn, err = c.initClientTunnel(strm, remote, id, key, deadline)
if err != nil {
if err := strm.Close(); err != nil {
log.Printf("iris: failed to close uninitialized client tunnel stream: %v.", err)
}
} else {
// Make sure the tunnel wasn't terminated since (init/close race)
tun.lock.Lock()
select {
case <-tun.term:
conn.Close()
err = ErrTerminating
default:
tun.conn = conn
}
tun.lock.Unlock()
}
}
// Tunneling failed, clean up and report error
if err != nil {
c.tunLock.Lock()
delete(c.tunLive, tunId)
c.tunLock.Unlock()
return nil, err
}
return tun, nil
}
// Server side of the STS session negotiation.
func (l *Listener) serverHandle(strm *stream.Stream, timeout time.Duration) {
// Make sure the authentication is synced with the sink
defer l.pendWait.Done()
// Set an overall time limit for the handshake to complete
strm.Sock().SetDeadline(time.Now().Add(config.SessionShakeTimeout))
defer strm.Sock().SetDeadline(time.Time{})
// Fetch the session request and multiplex on the contents
req := new(initRequest)
if err := strm.Recv(req); err != nil {
log.Printf("session: failed to retrieve initiation request: %v", err)
if err = strm.Close(); err != nil {
log.Printf("session: failed to close uninitialized stream: %v.", err)
}
return
}
switch {
case req.Auth != nil:
// Authenticate and clean up if unsuccessful
secret, err := l.serverAuth(strm, req.Auth)
if err != nil {
log.Printf("session: failed to authenticate remote stream: %v.", err)
if err = strm.Close(); err != nil {
log.Printf("session: failed to close unauthenticated stream: %v.", err)
}
return
}
// Create the session and link a data channel to it
sess := newSession(strm, secret, true)
if err = l.serverLink(sess); err != nil {
log.Printf("session: failed to retrieve data link: %v.", err)
if err = strm.Close(); err != nil {
log.Printf("session: failed to close unlinked stream: %v.", err)
}
return
}
// Session setup complete, send upstream
select {
case l.Sink <- sess:
// Ok
case <-time.After(timeout):
log.Printf("session: established session not handled in %v, dropping.", timeout)
if err = sess.Close(); err != nil {
log.Printf("session: failed to close established session: %v.", err)
}
}
case req.Link != nil:
// Extract the temporary session id and link this stream to it
l.pendLock.Lock()
res, ok := l.pends[req.Link.Id]
l.pendLock.Unlock()
if ok {
select {
case res <- strm:
// Ok, link succeeded
default:
log.Printf("session: established data stream not handled.")
if err := strm.Close(); err != nil {
log.Printf("session: failed to close established data stream: %v.", err)
}
}
}
}
}