syncthing/cmd/relaysrv/main.go

104 lines
3.1 KiB
Go
Raw Normal View History

2015-06-24 11:39:46 +00:00
// Copyright (C) 2015 Audrius Butkevicius and Contributors (see the CONTRIBUTORS file).
package main
import (
"crypto/tls"
"flag"
"log"
2015-06-28 00:52:01 +00:00
"net"
2015-06-24 11:39:46 +00:00
"path/filepath"
"time"
"github.com/juju/ratelimit"
2015-06-24 11:39:46 +00:00
"github.com/syncthing/relaysrv/protocol"
2015-06-28 00:52:01 +00:00
syncthingprotocol "github.com/syncthing/protocol"
2015-06-24 11:39:46 +00:00
)
var (
listenProtocol string
listenSession string
debug bool
sessionAddress []byte
sessionPort uint16
networkTimeout time.Duration
pingInterval time.Duration
messageTimeout time.Duration
sessionLimitBps int
globalLimitBps int
sessionLimiter *ratelimit.Bucket
globalLimiter *ratelimit.Bucket
2015-06-24 11:39:46 +00:00
)
func main() {
var dir, extAddress string
flag.StringVar(&listenProtocol, "protocol-listen", ":22067", "Protocol listen address")
flag.StringVar(&listenSession, "session-listen", ":22068", "Session listen address")
flag.StringVar(&extAddress, "external-address", "", "External address to advertise, defaults no IP and session-listen port, causing clients to use the remote IP from the protocol connection")
flag.StringVar(&dir, "keys", ".", "Directory where cert.pem and key.pem is stored")
flag.DurationVar(&networkTimeout, "network-timeout", 2*time.Minute, "Timeout for network operations")
flag.DurationVar(&pingInterval, "ping-interval", time.Minute, "How often pings are sent")
flag.DurationVar(&messageTimeout, "message-timeout", time.Minute, "Maximum amount of time we wait for relevant messages to arrive")
flag.IntVar(&sessionLimitBps, "per-session-rate", sessionLimitBps, "Per session rate limit, in bytes/s")
flag.IntVar(&globalLimitBps, "global-rate", globalLimitBps, "Global rate limit, in bytes/s")
flag.BoolVar(&debug, "debug", false, "Enable debug output")
flag.Parse()
2015-06-24 11:39:46 +00:00
2015-06-28 00:52:01 +00:00
if extAddress == "" {
extAddress = listenSession
}
addr, err := net.ResolveTCPAddr("tcp", extAddress)
if err != nil {
log.Fatal(err)
}
sessionAddress = addr.IP[:]
sessionPort = uint16(addr.Port)
2015-06-24 11:39:46 +00:00
certFile, keyFile := filepath.Join(dir, "cert.pem"), filepath.Join(dir, "key.pem")
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
log.Fatalln("Failed to load X509 key pair:", err)
}
tlsCfg := &tls.Config{
Certificates: []tls.Certificate{cert},
NextProtos: []string{protocol.ProtocolName},
ClientAuth: tls.RequestClientCert,
SessionTicketsDisabled: true,
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
},
}
2015-06-28 00:52:01 +00:00
id := syncthingprotocol.NewDeviceID(cert.Certificate[0])
if debug {
log.Println("ID:", id)
}
2015-06-24 11:39:46 +00:00
if sessionLimitBps > 0 {
sessionLimiter = ratelimit.NewBucketWithRate(float64(sessionLimitBps), int64(2*sessionLimitBps))
}
if globalLimitBps > 0 {
globalLimiter = ratelimit.NewBucketWithRate(float64(globalLimitBps), int64(2*globalLimitBps))
}
2015-06-24 11:39:46 +00:00
go sessionListener(listenSession)
protocolListener(listenProtocol, tlsCfg)
}