From 5bb64b49b6af764267085964210ba3e3778e1c10 Mon Sep 17 00:00:00 2001 From: Luca Cominardi Date: Mon, 13 Jan 2025 14:30:44 +0100 Subject: [PATCH 1/3] Fix TLS endpoint port propagation in gossip --- io/zenoh-links/zenoh-link-tls/src/unicast.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/io/zenoh-links/zenoh-link-tls/src/unicast.rs b/io/zenoh-links/zenoh-link-tls/src/unicast.rs index 62250d354a..673c15e288 100644 --- a/io/zenoh-links/zenoh-link-tls/src/unicast.rs +++ b/io/zenoh-links/zenoh-link-tls/src/unicast.rs @@ -426,7 +426,12 @@ impl LinkManagerUnicastTrait for LinkManagerUnicastTls { format!("{host}:{local_port}"), endpoint.metadata(), )?; - + let endpoint = EndPoint::new( + locator.protocol(), + locator.address(), + locator.metadata(), + endpoint.config(), + )?; self.listeners .add_listener(endpoint, local_addr, task, token) .await?; From 53d78c7f6698379872fd4e28ab45a5ca3f5bae32 Mon Sep 17 00:00:00 2001 From: Luca Cominardi Date: Mon, 13 Jan 2025 15:44:52 +0100 Subject: [PATCH 2/3] Support QUIC port propagation --- io/zenoh-links/zenoh-link-quic/src/unicast.rs | 21 ++++++++++--------- io/zenoh-links/zenoh-link-quic/src/utils.rs | 8 +++++++ io/zenoh-links/zenoh-link-tls/src/unicast.rs | 3 ++- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/io/zenoh-links/zenoh-link-quic/src/unicast.rs b/io/zenoh-links/zenoh-link-quic/src/unicast.rs index 4f69a3ae1e..7c1d417da2 100644 --- a/io/zenoh-links/zenoh-link-quic/src/unicast.rs +++ b/io/zenoh-links/zenoh-link-quic/src/unicast.rs @@ -42,7 +42,7 @@ use zenoh_protocol::{ use zenoh_result::{bail, zerror, ZResult}; use crate::{ - utils::{get_quic_addr, TlsClientConfig, TlsServerConfig}, + utils::{get_quic_addr, get_quic_host, TlsClientConfig, TlsServerConfig}, ALPN_QUIC_HTTP, QUIC_ACCEPT_THROTTLE_TIME, QUIC_DEFAULT_MTU, QUIC_LOCATOR_PREFIX, }; @@ -251,11 +251,7 @@ impl LinkManagerUnicastQuic { impl LinkManagerUnicastTrait for LinkManagerUnicastQuic { async fn new_link(&self, endpoint: EndPoint) -> ZResult { let epaddr = endpoint.address(); - let host = epaddr - .as_str() - .split(':') - .next() - .ok_or("Endpoints must be of the form quic/
:")?; + let host = get_quic_host(&epaddr)?; let epconf = endpoint.config(); let dst_addr = get_quic_addr(&epaddr).await?; @@ -358,6 +354,7 @@ impl LinkManagerUnicastTrait for LinkManagerUnicastQuic { }; let addr = get_quic_addr(&epaddr).await?; + let host = get_quic_host(&epaddr)?; // Server config let mut server_crypto = TlsServerConfig::new(&epconf) @@ -418,12 +415,18 @@ impl LinkManagerUnicastTrait for LinkManagerUnicastQuic { let local_addr = quic_endpoint .local_addr() .map_err(|e| zerror!("Can not create a new QUIC listener on {}: {}", addr, e))?; + let local_port = local_addr.port(); // Update the endpoint locator address - let endpoint = EndPoint::new( + let locator = Locator::new( endpoint.protocol(), - local_addr.to_string(), + format!("{host}:{local_port}"), endpoint.metadata(), + )?; + let endpoint = EndPoint::new( + locator.protocol(), + locator.address(), + locator.metadata(), endpoint.config(), )?; @@ -446,8 +449,6 @@ impl LinkManagerUnicastTrait for LinkManagerUnicastQuic { }; // Initialize the QuicAcceptor - let locator = endpoint.to_locator(); - self.listeners .add_listener(endpoint, local_addr, task, token) .await?; diff --git a/io/zenoh-links/zenoh-link-quic/src/utils.rs b/io/zenoh-links/zenoh-link-quic/src/utils.rs index e979f2a9cf..415c926cb3 100644 --- a/io/zenoh-links/zenoh-link-quic/src/utils.rs +++ b/io/zenoh-links/zenoh-link-quic/src/utils.rs @@ -506,6 +506,14 @@ pub async fn get_quic_addr(address: &Address<'_>) -> ZResult { } } +pub fn get_quic_host<'a>(address: &'a Address<'a>) -> ZResult<&'a str> { + address + .as_str() + .split(':') + .next() + .ok_or_else(|| zerror!("Invalid QUIC address").into()) +} + pub fn base64_decode(data: &str) -> ZResult> { use base64::{engine::general_purpose, Engine}; Ok(general_purpose::STANDARD diff --git a/io/zenoh-links/zenoh-link-tls/src/unicast.rs b/io/zenoh-links/zenoh-link-tls/src/unicast.rs index 673c15e288..f9a809e0c2 100644 --- a/io/zenoh-links/zenoh-link-tls/src/unicast.rs +++ b/io/zenoh-links/zenoh-link-tls/src/unicast.rs @@ -496,7 +496,7 @@ async fn accept_task( match get_cert_chain_expiration(&tls_conn.peer_certificates())? { exp @ Some(_) => maybe_expiration_time = exp, None => tracing::warn!( - "Cannot monitor expiration for TLS link {:?} => {:?} : client does not have certificates", + "Cannot monitor expiration for TLS link {:?} => {:?}: client does not have certificates", src_addr, dst_addr, ), @@ -607,6 +607,7 @@ fn get_cert_chain_expiration( Ok(link_expiration) } +#[derive(Debug)] struct TlsAuthId { auth_value: Option, } From f9ab0b4a013564ac1fa02d0eb43cbe65583e8ed9 Mon Sep 17 00:00:00 2001 From: Luca Cominardi Date: Mon, 13 Jan 2025 15:55:45 +0100 Subject: [PATCH 3/3] Log common name upon TLS/QUIC connection --- io/zenoh-links/zenoh-link-quic/src/unicast.rs | 16 +++++++++++--- io/zenoh-links/zenoh-link-tls/src/unicast.rs | 22 ++++++++++++++++--- 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/io/zenoh-links/zenoh-link-quic/src/unicast.rs b/io/zenoh-links/zenoh-link-quic/src/unicast.rs index 7c1d417da2..50b38d946d 100644 --- a/io/zenoh-links/zenoh-link-quic/src/unicast.rs +++ b/io/zenoh-links/zenoh-link-quic/src/unicast.rs @@ -13,7 +13,7 @@ // use std::{ - fmt, + fmt::{self, Debug}, net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr}, sync::Arc, time::Duration, @@ -540,7 +540,7 @@ async fn accept_task( } } - tracing::debug!("Accepted QUIC connection on {:?}: {:?}", src_addr, dst_addr); + tracing::debug!("Accepted QUIC connection on {:?}: {:?}. {:?}.", src_addr, dst_addr, auth_id); // Create the new link object let link = Arc::::new_cyclic(|weak_link| { let mut expiration_manager = None; @@ -628,11 +628,21 @@ fn get_cert_chain_expiration(conn: &quinn::Connection) -> ZResult, } +impl Debug for QuicAuthId { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!( + f, + "Common Name: {}", + self.auth_value.as_deref().unwrap_or("None") + ) + } +} + impl From for LinkAuthId { fn from(value: QuicAuthId) -> Self { LinkAuthId::builder() diff --git a/io/zenoh-links/zenoh-link-tls/src/unicast.rs b/io/zenoh-links/zenoh-link-tls/src/unicast.rs index f9a809e0c2..dd03f7a738 100644 --- a/io/zenoh-links/zenoh-link-tls/src/unicast.rs +++ b/io/zenoh-links/zenoh-link-tls/src/unicast.rs @@ -11,7 +11,14 @@ // Contributors: // ZettaScale Zenoh Team, // -use std::{cell::UnsafeCell, convert::TryInto, fmt, net::SocketAddr, sync::Arc, time::Duration}; +use std::{ + cell::UnsafeCell, + convert::TryInto, + fmt::{self, Debug}, + net::SocketAddr, + sync::Arc, + time::Duration, +}; use async_trait::async_trait; use time::OffsetDateTime; @@ -503,7 +510,7 @@ async fn accept_task( } } - tracing::debug!("Accepted TLS connection on {:?}: {:?}", src_addr, dst_addr); + tracing::debug!("Accepted TLS connection on {:?}: {:?}. {:?}.", src_addr, dst_addr, auth_identifier); // Create the new link object let link = Arc::::new_cyclic(|weak_link| { let mut expiration_manager = None; @@ -607,11 +614,20 @@ fn get_cert_chain_expiration( Ok(link_expiration) } -#[derive(Debug)] struct TlsAuthId { auth_value: Option, } +impl Debug for TlsAuthId { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!( + f, + "Common Name: {}", + self.auth_value.as_deref().unwrap_or("None") + ) + } +} + impl From for LinkAuthId { fn from(value: TlsAuthId) -> Self { LinkAuthId::builder()