NAT traversal: ICE-esque candidate selection (#134)

This change adds the ability for peers to report additional candidate endpoints for other peers to attempt connections with outside of the endpoint reported by the coordinating server. While not a complete solution to the full spectrum of NAT traversal issues (TURN-esque proxying is still notably missing), it allows peers within the same NAT to connect to each other via their LAN addresses, which is a win nonetheless. In the future, more advanced candidate discovery could be used to punch through additional types of NAT cone types as well. Co-authored-by: Matěj Laitl <matej@laitl.cz>
2021-09-01 18:58:46 +09:00 · 2021-09-01 18:58:46 +09:00 · 8903604caa
parent fd06b8054d
commit 8903604caa
16 changed files with 623 additions and 150 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -525,9 +525,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 [[package]]
 name = "libc"
-version = "0.2.98"
+version = "0.2.101"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "320cfe77175da3a483efed4bc0adc1968ca050b098ce4f2f1c13a56626128790"
+checksum = "3cb00336871be5ed2c8ed44b60ae9959dc5b9f08539422ed43f09e34ecaeba21"
 [[package]]
 name = "libsqlite3-sys"
@ -569,6 +569,15 @@ version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b16bd47d9e329435e309c58469fe0791c2d0d1ba96ec0954152a5ae2b04387dc"
 [[package]]
 name = "memoffset"
 version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "59accc507f1338036a0477ef61afdae33cde60840f4dfe481319ce3ad116ddf9"
 dependencies = [
 "autocfg",
 ]
 [[package]]
 name = "mio"
 version = "0.7.13"
@ -639,6 +648,19 @@ dependencies = [
 "log",
 ]
 [[package]]
 name = "nix"
 version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e7555d6c7164cc913be1ce7f95cbecdabda61eb2ccd89008524af306fb7f5031"
 dependencies = [
 "bitflags",
 "cc",
 "cfg-if",
 "libc",
 "memoffset",
 ]
 [[package]]
 name = "nom"
 version = "6.1.2"
@ -999,6 +1021,7 @@ dependencies = [
 "netlink-packet-core",
 "netlink-packet-route",
 "netlink-sys",
 "nix",
 "publicip",
 "regex",
 "serde",
--- a/client/src/data_store.rs
+++ b/client/src/data_store.rs
@ -80,7 +80,7 @@ impl DataStore {
    ///
    /// Note, however, that this does not prevent a compromised server from adding a new
    /// peer under its control, of course.
-    pub fn update_peers(&mut self, current_peers: Vec<Peer>) -> Result<(), Error> {
+    pub fn update_peers(&mut self, current_peers: &[Peer]) -> Result<(), Error> {
        let peers = match &mut self.contents {
            Contents::V1 { ref mut peers, .. } => peers,
        };
@ -149,6 +149,7 @@ mod tests {
                is_redeemed: true,
                persistent_keepalive_interval: None,
                invite_expires: None,
                candidates: vec![],
            }
        }];
        static ref BASE_CIDRS: Vec<Cidr> = vec![Cidr {
@ -167,7 +168,7 @@ mod tests {
        assert_eq!(0, store.peers().len());
        assert_eq!(0, store.cidrs().len());
-        store.update_peers(BASE_PEERS.to_owned()).unwrap();
+        store.update_peers(&BASE_PEERS).unwrap();
        store.set_cidrs(BASE_CIDRS.to_owned());
        store.write().unwrap();
    }
@ -189,13 +190,13 @@ mod tests {
            DataStore::open_with_path(&dir.path().join("peer_store.json"), false).unwrap();
        // Should work, since peer is unmodified.
-        store.update_peers(BASE_PEERS.clone()).unwrap();
+        store.update_peers(&BASE_PEERS).unwrap();
        let mut modified = BASE_PEERS.clone();
        modified[0].contents.public_key = "foo".to_string();
        // Should NOT work, since peer is unmodified.
-        assert!(store.update_peers(modified).is_err());
+        assert!(store.update_peers(&modified).is_err());
    }
    #[test]
@ -206,7 +207,7 @@ mod tests {
            DataStore::open_with_path(&dir.path().join("peer_store.json"), false).unwrap();
        // Should work, since peer is unmodified.
-        store.update_peers(vec![]).unwrap();
+        store.update_peers(&[]).unwrap();
        let new_peers = BASE_PEERS
            .iter()
            .cloned()
--- a/client/src/main.rs
+++ b/client/src/main.rs
@ -4,13 +4,17 @@ use dialoguer::{Confirm, Input};
 use hostsfile::HostsBuilder;
 use indoc::eprintdoc;
 use shared::{
-    interface_config::InterfaceConfig, prompts, AddAssociationOpts, AddCidrOpts, AddPeerOpts,
+    interface_config::InterfaceConfig,
-    Association, AssociationContents, Cidr, CidrTree, DeleteCidrOpts, EndpointContents,
+    prompts,
-    InstallOpts, Interface, IoErrorContext, NetworkOpt, Peer, PeerDiff, RedeemContents,
+    wg::{DeviceExt, PeerInfoExt},
-    RenamePeerOpts, State, WrappedIoError, CLIENT_CONFIG_DIR, REDEEM_TRANSITION_WAIT,
+    AddAssociationOpts, AddCidrOpts, AddPeerOpts, Association, AssociationContents, Cidr, CidrTree,
    DeleteCidrOpts, Endpoint, EndpointContents, InstallOpts, Interface, IoErrorContext, NetworkOpt,
    Peer, RedeemContents, RenamePeerOpts, State, WrappedIoError, CLIENT_CONFIG_DIR,
    REDEEM_TRANSITION_WAIT,
 };
 use std::{
    fmt, io,
    net::SocketAddr,
    path::{Path, PathBuf},
    thread,
    time::Duration,
@ -19,9 +23,11 @@ use structopt::{clap::AppSettings, StructOpt};
 use wgctrl::{Device, DeviceUpdate, InterfaceName, PeerConfigBuilder, PeerInfo};
 mod data_store;
 mod nat;
 mod util;
 use data_store::DataStore;
 use nat::NatTraverse;
 use shared::{wg, Error};
 use util::{human_duration, human_size, Api};
@ -484,70 +490,13 @@ fn fetch(
    let mut store = DataStore::open_or_create(interface)?;
    let State { peers, cidrs } = Api::new(&config.server).http("GET", "/user/state")?;
-    let device_info = Device::get(interface, network.backend).with_str(interface.as_str_lossy())?;
+    let device = Device::get(interface, network.backend)?;
-    let interface_public_key = device_info
+    let modifications = device.diff(&peers);
        .public_key
        .as_ref()
        .map(|k| k.to_base64())
        .unwrap_or_default();
    let existing_peers = &device_info.peers;
    // Match existing peers (by pubkey) to new peer information from the server.
    let modifications = peers.iter().filter_map(|peer| {
        if peer.is_disabled || peer.public_key == interface_public_key {
            None
        } else {
            let existing_peer = existing_peers
                .iter()
                .find(|p| p.config.public_key.to_base64() == peer.public_key);
            PeerDiff::new(existing_peer, Some(peer)).unwrap()
        }
    });
    // Remove any peers on the interface that aren't in the server's peer list any more.
    let removals = existing_peers.iter().filter_map(|existing| {
        let public_key = existing.config.public_key.to_base64();
        if peers.iter().any(|p| p.public_key == public_key) {
            None
        } else {
            PeerDiff::new(Some(existing), None).unwrap()
        }
    });
    let updates = modifications
        .chain(removals)
        .inspect(|diff| {
            let public_key = diff.public_key().to_base64();
            let text = match (diff.old, diff.new) {
                (None, Some(_)) => "added".green(),
                (Some(_), Some(_)) => "modified".yellow(),
                (Some(_), None) => "removed".red(),
                _ => unreachable!("PeerDiff can't be None -> None"),
            };
            // Grab the peer name from either the new data, or the historical data (if the peer is removed).
            let peer_hostname = match diff.new {
                Some(peer) => Some(peer.name.clone()),
                _ => store
                    .peers()
        .iter()
-                    .find(|p| p.public_key == public_key)
+        .inspect(|diff| util::print_peer_diff(&store, diff))
-                    .map(|p| p.name.clone()),
+        .cloned()
            };
            let peer_name = peer_hostname.as_deref().unwrap_or("[unknown]");
            log::info!(
                "  peer {} ({}...) was {}.",
                peer_name.yellow(),
                &public_key[..10].dimmed(),
                text
            );
            for change in diff.changes() {
                log::debug!("    {}", change);
            }
        })
        .map(PeerConfigBuilder::from)
        .collect::<Vec<_>>();
@ -566,10 +515,44 @@ fn fetch(
    } else {
        log::info!("{}", "peers are already up to date.".green());
    }
    store.set_cidrs(cidrs);
-    store.update_peers(peers)?;
+    store.update_peers(&peers)?;
    store.write().with_str(interface.to_string())?;
    let candidates = wg::get_local_addrs()?
        .into_iter()
        .map(|addr| SocketAddr::from((addr, device.listen_port.unwrap_or(51820))).into())
        .take(10)
        .collect::<Vec<Endpoint>>();
    log::info!(
        "reporting {} interface address{} as NAT traversal candidates...",
        candidates.len(),
        if candidates.len() == 1 { "" } else { "es" }
    );
    log::debug!("candidates: {:?}", candidates);
    match Api::new(&config.server).http_form::<_, ()>("PUT", "/user/candidates", &candidates) {
        Err(ureq::Error::Status(404, _)) => {
            log::warn!("your network is using an old version of innernet-server that doesn't support NAT traversal candidate reporting.")
        },
        Err(e) => return Err(e.into()),
        _ => {},
    }
    log::debug!("viable ICE candidates: {:?}", candidates);
    let mut nat_traverse = NatTraverse::new(interface, network.backend, &modifications)?;
    loop {
        if nat_traverse.is_finished() {
            break;
        }
        log::info!(
            "Attempting to establish connection with {} remaining unconnected peers...",
            nat_traverse.remaining()
        );
        nat_traverse.step()?;
    }
    Ok(())
 }
@ -992,7 +975,9 @@ fn print_peer(peer: &PeerState, short: bool, level: usize) {
    let pad = level * 2;
    let PeerState { peer, info } = peer;
    if short {
-        let connected = PeerDiff::peer_recently_connected(info);
+        let connected = info
            .map(|info| !info.is_recently_connected())
            .unwrap_or_default();
        println_pad!(
            pad,
--- a/client/src/nat.rs
+++ b/client/src/nat.rs
@ -0,0 +1,125 @@
 //! ICE-like NAT traversal logic.
 //!
 //! Doesn't follow the specific ICE protocol, but takes great inspiration from RFC 8445
 //! and applies it to a protocol more specific to innernet.
 use std::time::{Duration, Instant};
 use anyhow::Error;
 use shared::{
    wg::{DeviceExt, PeerInfoExt},
    Endpoint, Peer, PeerDiff,
 };
 use wgctrl::{Backend, Device, DeviceUpdate, InterfaceName, Key, PeerConfigBuilder};
 const STEP_INTERVAL: Duration = Duration::from_secs(5);
 pub struct NatTraverse<'a> {
    interface: &'a InterfaceName,
    backend: Backend,
    remaining: Vec<Peer>,
 }
 impl<'a> NatTraverse<'a> {
    pub fn new(interface: &'a InterfaceName, backend: Backend, diffs: &[PeerDiff]) -> Result<Self, Error> {
        let mut remaining: Vec<_> = diffs.iter().filter_map(|diff| diff.new).cloned().collect();
        for peer in &mut remaining {
            // Limit reported alternative candidates to 10.
            peer.candidates.truncate(10);
            // remove server-reported endpoint from elsewhere in the list if it existed.
            let endpoint = peer.endpoint.clone();
            peer.candidates
                .retain(|addr| Some(addr) != endpoint.as_ref());
        }
        let mut nat_traverse = Self {
            interface,
            backend,
            remaining,
        };
        nat_traverse.refresh_remaining()?;
        Ok(nat_traverse)
    }
    pub fn is_finished(&self) -> bool {
        self.remaining.is_empty()
    }
    pub fn remaining(&self) -> usize {
        self.remaining.len()
    }
    /// Refreshes the current state of candidate traversal attempts, returning
    /// the peers that have been exhausted of all options (not included are
    /// peers that have successfully connected, or peers removed from the interface).
    fn refresh_remaining(&mut self) -> Result<Vec<Peer>, Error> {
        let device = Device::get(self.interface, self.backend)?;
        // Remove connected and missing peers
        self.remaining.retain(|peer| {
            if let Some(peer_info) = device.get_peer(&peer.public_key) {
                let recently_connected = peer_info.is_recently_connected();
                if recently_connected {
                    log::debug!(
                        "peer {} removed from NAT traverser (connected!).",
                        peer.name
                    );
                }
                !recently_connected
            } else {
                log::debug!(
                    "peer {} removed from NAT traverser (no longer on interface).",
                    peer.name
                );
                false
            }
        });
        let (exhausted, remaining): (Vec<_>, Vec<_>) = self
            .remaining
            .drain(..)
            .partition(|peer| peer.candidates.is_empty());
        self.remaining = remaining;
        Ok(exhausted)
    }
    pub fn step(&mut self) -> Result<(), Error> {
        let exhuasted = self.refresh_remaining()?;
        // Reset peer endpoints that had no viable candidates back to the server-reported one, if it exists.
        let reset_updates = exhuasted
            .into_iter()
            .filter_map(|peer| set_endpoint(&peer.public_key, peer.endpoint.as_ref()));
        // Set all peers' endpoints to their next available candidate.
        let candidate_updates = self.remaining.iter_mut().filter_map(|peer| {
            let endpoint = peer.candidates.pop();
            set_endpoint(&peer.public_key, endpoint.as_ref())
        });
        let updates: Vec<_> = reset_updates.chain(candidate_updates).collect();
        DeviceUpdate::new()
            .add_peers(&updates)
            .apply(self.interface, self.backend)?;
        let start = Instant::now();
        while start.elapsed() < STEP_INTERVAL {
            self.refresh_remaining()?;
            if self.is_finished() {
                log::debug!("NAT traverser is finished!");
                break;
            }
            std::thread::sleep(Duration::from_millis(100));
        }
        Ok(())
    }
 }
 /// Return a PeerConfigBuilder if an endpoint exists and resolves successfully.
 fn set_endpoint(public_key: &str, endpoint: Option<&Endpoint>) -> Option<PeerConfigBuilder> {
    endpoint
        .and_then(|endpoint| endpoint.resolve().ok())
        .map(|addr| {
            PeerConfigBuilder::new(&Key::from_base64(public_key).unwrap()).set_endpoint(addr)
        })
 }
--- a/client/src/util.rs
+++ b/client/src/util.rs
@ -1,9 +1,9 @@
-use crate::{ClientError, Error};
+use crate::data_store::DataStore;
 use colored::*;
 use indoc::eprintdoc;
 use log::{Level, LevelFilter};
 use serde::{de::DeserializeOwned, Serialize};
-use shared::{interface_config::ServerInfo, INNERNET_PUBKEY_HEADER};
+use shared::{interface_config::ServerInfo, PeerDiff, INNERNET_PUBKEY_HEADER};
 use std::{io, time::Duration};
 use ureq::{Agent, AgentBuilder};
@ -137,6 +137,39 @@ pub fn permissions_helptext(e: &io::Error) {
    }
 }
 pub fn print_peer_diff(store: &DataStore, diff: &PeerDiff) {
    let public_key = diff.public_key().to_base64();
    let text = match (diff.old, diff.new) {
        (None, Some(_)) => "added".green(),
        (Some(_), Some(_)) => "modified".yellow(),
        (Some(_), None) => "removed".red(),
        _ => unreachable!("PeerDiff can't be None -> None"),
    };
    // Grab the peer name from either the new data, or the historical data (if the peer is removed).
    let peer_hostname = match diff.new {
        Some(peer) => Some(peer.name.clone()),
        None => store
            .peers()
            .iter()
            .find(|p| p.public_key == public_key)
            .map(|p| p.name.clone()),
    };
    let peer_name = peer_hostname.as_deref().unwrap_or("[unknown]");
    log::info!(
        "  peer {} ({}...) was {}.",
        peer_name.yellow(),
        &public_key[..10].dimmed(),
        text
    );
    for change in diff.changes() {
        log::debug!("    {}", change);
    }
 }
 pub struct Api<'a> {
    agent: Agent,
    server: &'a ServerInfo,
@ -151,7 +184,7 @@ impl<'a> Api<'a> {
        Self { agent, server }
    }
-    pub fn http<T: DeserializeOwned>(&self, verb: &str, endpoint: &str) -> Result<T, Error> {
+    pub fn http<T: DeserializeOwned>(&self, verb: &str, endpoint: &str) -> Result<T, ureq::Error> {
        self.request::<(), _>(verb, endpoint, None)
    }
@ -160,7 +193,7 @@ impl<'a> Api<'a> {
        verb: &str,
        endpoint: &str,
        form: S,
-    ) -> Result<T, Error> {
+    ) -> Result<T, ureq::Error> {
        self.request(verb, endpoint, Some(form))
    }
@ -169,7 +202,7 @@ impl<'a> Api<'a> {
        verb: &str,
        endpoint: &str,
        form: Option<S>,
-    ) -> Result<T, Error> {
+    ) -> Result<T, ureq::Error> {
        let request = self
            .agent
            .request(
@ -179,7 +212,12 @@ impl<'a> Api<'a> {
            .set(INNERNET_PUBKEY_HEADER, &self.server.public_key);
        let response = if let Some(form) = form {
-            request.send_json(serde_json::to_value(form)?)?
+            request.send_json(serde_json::to_value(form).map_err(|e| {
                io::Error::new(
                    io::ErrorKind::InvalidData,
                    format!("failed to serialize JSON request: {}", e),
                )
            })?)?
        } else {
            request.call()?
        };
@ -190,10 +228,13 @@ impl<'a> Api<'a> {
            response = "null".into();
        }
        Ok(serde_json::from_str(&response).map_err(|e| {
-            ClientError(format!(
+            io::Error::new(
                io::ErrorKind::InvalidData,
                format!(
                    "failed to deserialize JSON response from the server: {}, response={}",
                    e, &response
-            ))
+                ),
            )
        })?)
    }
 }
--- a/server/src/api/user.rs
+++ b/server/src/api/user.rs
@ -36,11 +36,20 @@ pub async fn routes(
            let form = form_body(req).await?;
            handlers::endpoint(form, session).await
        },
        (&Method::PUT, Some("candidates")) => {
            if !session.user_capable() {
                return Err(ServerError::Unauthorized);
            }
            let form = form_body(req).await?;
            handlers::candidates(form, session).await
        },
        _ => Err(ServerError::NotFound),
    }
 }
 mod handlers {
    use shared::Endpoint;
    use super::*;
    /// Get the current state of the network, in the eyes of the current peer.
@ -115,14 +124,29 @@ mod handlers {
        status_response(StatusCode::NO_CONTENT)
    }
-    /// Redeems an invitation. An invitation includes a WireGuard keypair generated by either the server
+    /// Report any other endpoint candidates that can be tried by peers to connect.
-    /// or a peer with admin rights.
+    /// Currently limited to 10 candidates max.
-    ///
+    pub async fn candidates(
-    /// Redemption is the process of an invitee generating their own keypair and exchanging their temporary
+        contents: Vec<Endpoint>,
-    /// key with their permanent one.
+        session: Session,
-    ///
+    ) -> Result<Response<Body>, ServerError> {
-    /// Until this API endpoint is called, the invited peer will not show up to other peers, and once
+        if contents.len() > 10 {
-    /// it is called and succeeds, it cannot be called again.
+            return status_response(StatusCode::PAYLOAD_TOO_LARGE);
        }
        let conn = session.context.db.lock();
        let mut selected_peer = DatabasePeer::get(&conn, session.peer.id)?;
        selected_peer.update(
            &conn,
            PeerContents {
                candidates: contents,
                ..selected_peer.contents.clone()
            },
        )?;
        status_response(StatusCode::NO_CONTENT)
    }
    /// Force a specific endpoint to be reported by the server.
    pub async fn endpoint(
        contents: EndpointContents,
        session: Session,
@ -148,7 +172,7 @@ mod tests {
    use super::*;
    use crate::{db::DatabaseAssociation, test};
    use bytes::Buf;
-    use shared::{AssociationContents, CidrContents, EndpointContents, Error};
+    use shared::{AssociationContents, CidrContents, Endpoint, EndpointContents, Error};
    #[tokio::test]
    async fn test_get_state_from_developer1() -> Result<(), Error> {
@ -406,4 +430,36 @@ mod tests {
        assert_eq!(res.status(), StatusCode::UNAUTHORIZED);
        Ok(())
    }
    #[tokio::test]
    async fn test_candidates() -> Result<(), Error> {
        let server = test::Server::new()?;
        let peer = DatabasePeer::get(&server.db().lock(), test::DEVELOPER1_PEER_ID)?;
        assert_eq!(peer.candidates, vec![]);
        let candidates = vec!["1.1.1.1:51820".parse::<Endpoint>().unwrap()];
        assert_eq!(
            server
                .form_request(
                    test::DEVELOPER1_PEER_IP,
                    "PUT",
                    "/v1/user/candidates",
                    &candidates
                )
                .await
                .status(),
            StatusCode::NO_CONTENT
        );
        let res = server
            .request(test::DEVELOPER1_PEER_IP, "GET", "/v1/user/state")
            .await;
        assert_eq!(res.status(), StatusCode::OK);
        let peer = DatabasePeer::get(&server.db().lock(), test::DEVELOPER1_PEER_ID)?;
        assert_eq!(peer.candidates, candidates);
        Ok(())
    }
 }
--- a/server/src/db/mod.rs
+++ b/server/src/db/mod.rs
@ -8,11 +8,13 @@ pub use peer::DatabasePeer;
 use rusqlite::params;
 const INVITE_EXPIRATION_VERSION: usize = 1;
 const ENDPOINT_CANDIDATES_VERSION: usize = 2;
-pub const CURRENT_VERSION: usize = INVITE_EXPIRATION_VERSION;
+pub const CURRENT_VERSION: usize = ENDPOINT_CANDIDATES_VERSION;
 pub fn auto_migrate(conn: &rusqlite::Connection) -> Result<(), rusqlite::Error> {
    let old_version: usize = conn.pragma_query_value(None, "user_version", |r| r.get(0))?;
    log::debug!("user_version: {}", old_version);
    if old_version < INVITE_EXPIRATION_VERSION {
        conn.execute(
@ -21,8 +23,12 @@ pub fn auto_migrate(conn: &rusqlite::Connection) -> Result<(), rusqlite::Error>
        )?;
    }
-    conn.pragma_update(None, "user_version", &CURRENT_VERSION)?;
+    if old_version < ENDPOINT_CANDIDATES_VERSION {
        conn.execute("ALTER TABLE peers ADD COLUMN candidates TEXT", params![])?;
    }
    if old_version != CURRENT_VERSION {
        conn.pragma_update(None, "user_version", &CURRENT_VERSION)?;
        log::info!(
            "migrated db version from {} to {}",
            old_version,
--- a/server/src/db/peer.rs
+++ b/server/src/db/peer.rs
@ -2,8 +2,8 @@ use super::DatabaseCidr;
 use crate::ServerError;
 use lazy_static::lazy_static;
 use regex::Regex;
-use rusqlite::{params, Connection};
+use rusqlite::{params, types::Type, Connection};
-use shared::{Peer, PeerContents, PERSISTENT_KEEPALIVE_INTERVAL_SECS};
+use shared::{Endpoint, Peer, PeerContents, PERSISTENT_KEEPALIVE_INTERVAL_SECS};
 use std::{
    net::IpAddr,
    ops::{Deref, DerefMut},
@ -22,12 +22,27 @@ pub static CREATE_TABLE_SQL: &str = "CREATE TABLE peers (
      is_disabled     INTEGER DEFAULT 0 NOT NULL,   /* Is the peer disabled? (peers cannot be deleted)                  */
      is_redeemed     INTEGER DEFAULT 0 NOT NULL,   /* Has the peer redeemed their invite yet?                          */
      invite_expires  INTEGER,                      /* The UNIX time that an invited peer can no longer redeem.         */
      candidates      TEXT,                         /* A list of additional endpoints that peers can use to connect.    */
      FOREIGN KEY (cidr_id)
         REFERENCES cidrs (id)
            ON UPDATE RESTRICT
            ON DELETE RESTRICT
    )";
 pub static COLUMNS: &[&str] = &[
    "id",
    "name",
    "ip",
    "cidr_id",
    "public_key",
    "endpoint",
    "is_admin",
    "is_disabled",
    "is_redeemed",
    "invite_expires",
    "candidates",
 ];
 lazy_static! {
    /// Regex to match the requirements of hostname(7), needed to have peers also be reachable hostnames.
    /// Note that the full length also must be maximum 63 characters, which this regex does not check.
@ -71,6 +86,7 @@ impl DatabasePeer {
            is_disabled,
            is_redeemed,
            invite_expires,
            candidates,
            ..
        } = &contents;
        log::info!("creating peer {:?}", contents);
@ -96,8 +112,13 @@ impl DatabasePeer {
            .flatten()
            .map(|t| t.as_secs());
        let candidates = serde_json::to_string(candidates)?;
        conn.execute(
-            "INSERT INTO peers (name, ip, cidr_id, public_key, endpoint, is_admin, is_disabled, is_redeemed, invite_expires) VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9)",
+            &format!(
                "INSERT INTO peers ({}) VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10)",
                COLUMNS[1..].join(", ")
            ),
            params![
                &**name,
                ip.to_string(),
@ -108,6 +129,7 @@ impl DatabasePeer {
                is_disabled,
                is_redeemed,
                invite_expires,
                candidates,
            ],
        )?;
        let id = conn.last_insert_rowid();
@ -135,17 +157,21 @@ impl DatabasePeer {
            endpoint: contents.endpoint,
            is_admin: contents.is_admin,
            is_disabled: contents.is_disabled,
            candidates: contents.candidates,
            ..self.contents.clone()
        };
        let new_candidates = serde_json::to_string(&new_contents.candidates)?;
        conn.execute(
            "UPDATE peers SET
-                name = ?1,
+                name = ?2,
-                endpoint = ?2,
+                endpoint = ?3,
-                is_admin = ?3,
+                is_admin = ?4,
-                is_disabled = ?4
+                is_disabled = ?5,
-            WHERE id = ?5",
+                candidates = ?6
            WHERE id = ?1",
            params![
                self.id,
                &*new_contents.name,
                new_contents
                    .endpoint
@ -153,7 +179,7 @@ impl DatabasePeer {
                    .map(|endpoint| endpoint.to_string()),
                new_contents.is_admin,
                new_contents.is_disabled,
-                self.id,
+                new_candidates,
            ],
        )?;
@ -198,11 +224,11 @@ impl DatabasePeer {
        let name = row
            .get::<_, String>(1)?
            .parse()
-            .map_err(|_| rusqlite::Error::ExecuteReturnedResults)?;
+            .map_err(|_| rusqlite::Error::InvalidColumnType(1, "hostname".into(), Type::Text))?;
        let ip: IpAddr = row
            .get::<_, String>(2)?
            .parse()
-            .map_err(|_| rusqlite::Error::ExecuteReturnedResults)?;
+            .map_err(|_| rusqlite::Error::InvalidColumnType(2, "ip".into(), Type::Text))?;
        let cidr_id = row.get(3)?;
        let public_key = row.get(4)?;
        let endpoint = row
@ -214,6 +240,10 @@ impl DatabasePeer {
        let invite_expires = row
            .get::<_, Option<u64>>(9)?
            .map(|unixtime| SystemTime::UNIX_EPOCH + Duration::from_secs(unixtime));
        let candidates_str: String = row.get(10)?;
        let candidates: Vec<Endpoint> = serde_json::from_str(&candidates_str).map_err(|_| {
            rusqlite::Error::InvalidColumnType(10, "candidates (json)".into(), Type::Text)
        })?;
        let persistent_keepalive_interval = Some(PERSISTENT_KEEPALIVE_INTERVAL_SECS);
@ -230,6 +260,7 @@ impl DatabasePeer {
                is_disabled,
                is_redeemed,
                invite_expires,
                candidates,
            },
        }
        .into())
@ -237,10 +268,7 @@ impl DatabasePeer {
    pub fn get(conn: &Connection, id: i64) -> Result<Self, ServerError> {
        let result = conn.query_row(
-            "SELECT
+            &format!("SELECT {} FROM peers WHERE id = ?1", COLUMNS.join(", ")),
            id, name, ip, cidr_id, public_key, endpoint, is_admin, is_disabled, is_redeemed, invite_expires
            FROM peers
            WHERE id = ?1",
            params![id],
            Self::from_row,
        )?;
@ -250,10 +278,7 @@ impl DatabasePeer {
    pub fn get_from_ip(conn: &Connection, ip: IpAddr) -> Result<Self, rusqlite::Error> {
        let result = conn.query_row(
-            "SELECT
+            &format!("SELECT {} FROM peers WHERE ip = ?1", COLUMNS.join(", ")),
            id, name, ip, cidr_id, public_key, endpoint, is_admin, is_disabled, is_redeemed, invite_expires
            FROM peers
            WHERE ip = ?1",
            params![ip.to_string()],
            Self::from_row,
        )?;
@ -271,7 +296,7 @@ impl DatabasePeer {
        //
        // NOTE that a forced association is created with the special "infra" CIDR with id 2 (1 being the root).
        let mut stmt = conn.prepare_cached(
-            "WITH
+            &format!("WITH
                parent_of(id, parent) AS (
                    SELECT id, parent FROM cidrs WHERE id = ?1
                    UNION ALL
@ -289,10 +314,12 @@ impl DatabasePeer {
                    UNION
                    SELECT id FROM cidrs, associated_subcidrs WHERE cidrs.parent=associated_subcidrs.cidr_id
                )
-                SELECT DISTINCT peers.id, peers.name, peers.ip, peers.cidr_id, peers.public_key, peers.endpoint, peers.is_admin, peers.is_disabled, peers.is_redeemed, peers.invite_expires
+                SELECT DISTINCT {}
                FROM peers
                JOIN associated_subcidrs ON peers.cidr_id=associated_subcidrs.cidr_id
                WHERE peers.is_disabled = 0 AND peers.is_redeemed = 1;",
                COLUMNS.iter().map(|col| format!("peers.{}", col)).collect::<Vec<_>>().join(", ")
            ),
        )?;
        let peers = stmt
            .query_map(params![self.cidr_id], Self::from_row)?
@ -301,9 +328,7 @@ impl DatabasePeer {
    }
    pub fn list(conn: &Connection) -> Result<Vec<Self>, ServerError> {
-        let mut stmt = conn.prepare_cached(
+        let mut stmt = conn.prepare_cached(&format!("SELECT {} FROM peers", COLUMNS.join(", ")))?;
            "SELECT id, name, ip, cidr_id, public_key, endpoint, is_admin, is_disabled, is_redeemed, invite_expires FROM peers",
        )?;
        let peer_iter = stmt.query_map(params![], Self::from_row)?;
        Ok(peer_iter.collect::<Result<_, _>>()?)
--- a/server/src/initialize.rs
+++ b/server/src/initialize.rs
@ -17,6 +17,7 @@ fn create_database<P: AsRef<Path>>(
    conn.execute(db::association::CREATE_TABLE_SQL, params![])?;
    conn.execute(db::cidr::CREATE_TABLE_SQL, params![])?;
    conn.pragma_update(None, "user_version", &db::CURRENT_VERSION)?;
    log::debug!("set database version to db::CURRENT_VERSION");
    Ok(conn)
 }
@ -89,6 +90,7 @@ fn populate_database(conn: &Connection, db_init_data: DbInitData) -> Result<(),
            is_redeemed: true,
            persistent_keepalive_interval: Some(PERSISTENT_KEEPALIVE_INTERVAL_SECS),
            invite_expires: None,
            candidates: vec![],
        },
    )
    .map_err(|_| anyhow!("failed to create innernet peer."))?;
--- a/server/src/main.rs
+++ b/server/src/main.rs
@ -476,9 +476,11 @@ async fn serve(
    network: NetworkOpt,
 ) -> Result<(), Error> {
    let config = ConfigFile::from_file(conf.config_path(&interface))?;
    log::debug!("opening database connection...");
    let conn = open_database_connection(&interface, conf)?;
    let peers = DatabasePeer::list(&conn)?;
    log::debug!("peers listed...");
    let peer_configs = peers
        .iter()
        .map(|peer| peer.deref().into())
--- a/server/src/test.rs
+++ b/server/src/test.rs
@ -231,6 +231,7 @@ pub fn peer_contents(
        is_disabled: false,
        is_redeemed: true,
        invite_expires: None,
        candidates: vec![],
    })
 }
--- a/shared/Cargo.toml
+++ b/shared/Cargo.toml
@ -29,3 +29,6 @@ netlink-sys = "0.7"
 netlink-packet-core = "0.2"
 netlink-packet-route = "0.7"
 wgctrl-sys = { path = "../wgctrl-sys" }
 [target.'cfg(target_os = "macos")'.dependencies]
 nix = "0.22"
--- a/shared/src/netlink.rs
+++ b/shared/src/netlink.rs
@ -3,11 +3,14 @@ use netlink_packet_core::{
    NetlinkMessage, NetlinkPayload, NLM_F_ACK, NLM_F_CREATE, NLM_F_EXCL, NLM_F_REQUEST,
 };
 use netlink_packet_route::{
-    address, constants::*, link, route, AddressHeader, AddressMessage, LinkHeader, LinkMessage,
+    address,
-    RouteHeader, RouteMessage, RtnlMessage, RTN_UNICAST, RT_SCOPE_LINK, RT_TABLE_MAIN,
+    constants::*,
    link::{self, nlas::State},
    route, AddressHeader, AddressMessage, LinkHeader, LinkMessage, RouteHeader, RouteMessage,
    RtnlMessage, RTN_UNICAST, RT_SCOPE_LINK, RT_TABLE_MAIN,
 };
 use netlink_sys::{protocols::NETLINK_ROUTE, Socket, SocketAddr};
-use std::io;
+use std::{io, net::IpAddr};
 use wgctrl::InterfaceName;
 fn if_nametoindex(interface: &InterfaceName) -> Result<u32, io::Error> {
@ -23,7 +26,7 @@ fn if_nametoindex(interface: &InterfaceName) -> Result<u32, io::Error> {
 fn netlink_call(
    message: RtnlMessage,
    flags: Option<u16>,
-) -> Result<NetlinkMessage<RtnlMessage>, io::Error> {
+) -> Result<Vec<NetlinkMessage<RtnlMessage>>, io::Error> {
    let mut req = NetlinkMessage::from(message);
    req.header.flags = flags.unwrap_or(NLM_F_REQUEST | NLM_F_ACK | NLM_F_EXCL | NLM_F_CREATE);
    req.finalize();
@ -32,10 +35,10 @@ fn netlink_call(
    let len = req.buffer_len();
    log::debug!("netlink request: {:?}", req);
-    let socket = Socket::new(NETLINK_ROUTE).unwrap();
+    let socket = Socket::new(NETLINK_ROUTE)?;
    let kernel_addr = SocketAddr::new(0, 0);
    socket.connect(&kernel_addr)?;
-    let n_sent = socket.send(&buf[..len], 0).unwrap();
+    let n_sent = socket.send(&buf[..len], 0)?;
    if n_sent != len {
        return Err(io::Error::new(
            io::ErrorKind::UnexpectedEof,
@ -43,14 +46,31 @@ fn netlink_call(
        ));
    }
-    let n_received = socket.recv(&mut buf[..], 0).unwrap();
+    let mut responses = vec![];
-    let response = NetlinkMessage::<RtnlMessage>::deserialize(&buf[..n_received])
+    loop {
        let n_received = socket.recv(&mut buf[..], 0)?;
        let mut offset = 0;
        loop {
            let bytes = &buf[offset..];
            let response = NetlinkMessage::<RtnlMessage>::deserialize(bytes)
                .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?;
            responses.push(response.clone());
            log::trace!("netlink response: {:?}", response);
-    if let NetlinkPayload::Error(e) = response.payload {
+            match response.payload {
-        return Err(e.to_io());
+                // We've parsed all parts of the response and can leave the loop.
                NetlinkPayload::Ack(_) | NetlinkPayload::Done => return Ok(responses),
                NetlinkPayload::Error(e) => return Err(e.into()),
                _ => {},
            }
            offset += response.header.length as usize;
            if offset == n_received || response.header.length == 0 {
                // We've fully parsed the datagram, but there may be further datagrams
                // with additional netlink response parts.
                log::debug!("breaking inner loop");
                break;
            }
        }
    }
    Ok(response)
 }
 pub fn set_up(interface: &InterfaceName, mtu: u32) -> Result<(), io::Error> {
@ -127,3 +147,87 @@ pub fn add_route(interface: &InterfaceName, cidr: IpNetwork) -> Result<bool, io:
        Err(e) => Err(e),
    }
 }
 fn get_links() -> Result<Vec<String>, io::Error> {
    let link_responses = netlink_call(
        RtnlMessage::GetLink(LinkMessage::default()),
        Some(NLM_F_DUMP | NLM_F_REQUEST),
    )?;
    let links = link_responses
        .into_iter()
        // Filter out non-link messages
        .filter_map(|response| match response {
            NetlinkMessage {
                payload: NetlinkPayload::InnerMessage(RtnlMessage::NewLink(link)),
                ..
            } => Some(link),
            _ => None,
        })
        // Filter out loopback links
        .filter_map(|link| if link.header.flags & IFF_LOOPBACK == 0 {
                Some(link.nlas)
            } else {
                None
            })
        // Find and filter out addresses for interfaces
        .filter(|nlas| nlas.iter().any(|nla| nla == &link::nlas::Nla::OperState(State::Up)))
        .filter_map(|nlas| nlas.iter().find_map(|nla| match nla {
            link::nlas::Nla::IfName(name) => Some(name.clone()),
            _ => None,
        }))
        .collect::<Vec<_>>();
    Ok(links)
 }
 pub fn get_local_addrs() -> Result<Vec<IpAddr>, io::Error> {
    let links = get_links()?;
    let addr_responses = netlink_call(
        RtnlMessage::GetAddress(AddressMessage::default()),
        Some(NLM_F_DUMP | NLM_F_REQUEST),
    )?;
    let addrs = addr_responses
        .into_iter()
        // Filter out non-link messages
        .filter_map(|response| match response {
            NetlinkMessage {
                payload: NetlinkPayload::InnerMessage(RtnlMessage::NewAddress(addr)),
                ..
            } => Some(addr),
            _ => None,
        })
        // Filter out non-global-scoped addresses
        .filter_map(|link| if link.header.scope == RT_SCOPE_UNIVERSE {
                Some(link.nlas)
            } else {
                None
            })
        // Only select addresses for helpful links
        .filter(|nlas| nlas.iter().any(|nla| matches!(nla, address::nlas::Nla::Label(label) if links.contains(label))))
        .filter_map(|nlas| nlas.iter().find_map(|nla| match nla {
            address::nlas::Nla::Address(name) if name.len() == 4 => {
                let mut addr = [0u8; 4];
                addr.copy_from_slice(name);
                Some(IpAddr::V4(addr.into()))
            },
            address::nlas::Nla::Address(name) if name.len() == 16 => {
                let mut addr = [0u8; 16];
                addr.copy_from_slice(name);
                Some(IpAddr::V6(addr.into()))
            },
            _ => None,
        }))
        .collect::<Vec<_>>();
    Ok(addrs)
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_local_addrs() {
        let addrs = get_local_addrs().unwrap();
        println!("{:?}", addrs);
    }
 }
--- a/shared/src/prompts.rs
+++ b/shared/src/prompts.rs
@ -285,6 +285,7 @@ pub fn add_peer(
        is_redeemed: false,
        persistent_keepalive_interval: Some(PERSISTENT_KEEPALIVE_INTERVAL_SECS),
        invite_expires: Some(SystemTime::now() + invite_expires.into()),
        candidates: vec![],
    };
    Ok(
--- a/shared/src/types.rs
+++ b/shared/src/types.rs
@ -7,7 +7,7 @@ use std::{
    fmt::{self, Display, Formatter},
    io,
    net::{IpAddr, SocketAddr, ToSocketAddrs},
-    ops::Deref,
+    ops::{Deref, DerefMut},
    path::Path,
    str::FromStr,
    time::{Duration, SystemTime},
@ -20,6 +20,8 @@ use wgctrl::{
    PeerInfo,
 };
 use crate::wg::PeerInfoExt;
 #[derive(Debug, Clone)]
 pub struct Interface {
    name: InterfaceName,
@ -408,6 +410,8 @@ pub struct PeerContents {
    pub is_disabled: bool,
    pub is_redeemed: bool,
    pub invite_expires: Option<SystemTime>,
    #[serde(default)]
    pub candidates: Vec<Endpoint>,
 }
 #[derive(Debug, Clone, Deserialize, Serialize, PartialEq)]
@ -426,6 +430,12 @@ impl Deref for Peer {
    }
 }
 impl DerefMut for Peer {
    fn deref_mut(&mut self) -> &mut Self::Target {
        &mut self.contents
    }
 }
 impl Display for Peer {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "{} ({})", &self.name, &self.public_key)
@ -497,19 +507,6 @@ impl<'a> PeerDiff<'a> {
        }
    }
    /// WireGuard rejects any communication after REJECT_AFTER_TIME, so we can use this
    /// as a heuristic for "currentness" without relying on heavier things like ICMP.
    pub fn peer_recently_connected(peer: &Option<&PeerInfo>) -> bool {
        const REJECT_AFTER_TIME: Duration = Duration::from_secs(180);
        let last_handshake = peer
            .and_then(|p| p.stats.last_handshake_time)
            .and_then(|t| t.elapsed().ok())
            .unwrap_or_else(|| SystemTime::UNIX_EPOCH.elapsed().unwrap());
        last_handshake <= REJECT_AFTER_TIME
    }
    pub fn public_key(&self) -> &Key {
        self.builder.public_key()
    }
@ -570,7 +567,10 @@ impl<'a> PeerDiff<'a> {
        }
        // We won't update the endpoint if there's already a stable connection.
-        if !Self::peer_recently_connected(&old_info) {
+        if !old_info
            .map(|info| info.is_recently_connected())
            .unwrap_or_default()
        {
            let resolved = new.endpoint.as_ref().and_then(|e| e.resolve().ok());
            if let Some(addr) = resolved {
                if old.is_none() || matches!(old, Some(old) if old.endpoint != resolved) {
@ -772,6 +772,7 @@ mod tests {
                is_disabled: false,
                is_redeemed: true,
                invite_expires: None,
                candidates: vec![],
            },
        };
        let builder =
@ -806,6 +807,7 @@ mod tests {
                is_disabled: false,
                is_redeemed: true,
                invite_expires: None,
                candidates: vec![],
            },
        };
        let builder =
@ -840,6 +842,7 @@ mod tests {
                is_disabled: false,
                is_redeemed: true,
                invite_expires: None,
                candidates: vec![],
            },
        };
        let builder =
--- a/shared/src/wg.rs
+++ b/shared/src/wg.rs
@ -1,10 +1,11 @@
-use crate::{Error, IoErrorContext, NetworkOpt};
+use crate::{Error, IoErrorContext, NetworkOpt, Peer, PeerDiff};
 use ipnetwork::IpNetwork;
 use std::{
    io,
    net::{IpAddr, SocketAddr},
    time::Duration,
 };
-use wgctrl::{Backend, Device, DeviceUpdate, InterfaceName, PeerConfigBuilder};
+use wgctrl::{Backend, Device, DeviceUpdate, InterfaceName, Key, PeerConfigBuilder, PeerInfo};
 #[cfg(target_os = "macos")]
 fn cmd(bin: &str, args: &[&str]) -> Result<std::process::Output, io::Error> {
@ -164,3 +165,97 @@ pub fn add_route(interface: &InterfaceName, cidr: IpNetwork) -> Result<bool, io:
 #[cfg(target_os = "linux")]
 pub use super::netlink::add_route;
 #[cfg(target_os = "macos")]
 pub fn get_local_addrs() -> Result<Vec<IpAddr>, io::Error> {
    use nix::{net::if_::InterfaceFlags, sys::socket::SockAddr};
    let addrs = nix::ifaddrs::getifaddrs()?
        .inspect(|addr| println!("{:?}", addr))
        .filter(|addr| {
            addr.flags.contains(InterfaceFlags::IFF_UP)
                && !addr.flags.intersects(
                    InterfaceFlags::IFF_LOOPBACK
                        | InterfaceFlags::IFF_POINTOPOINT
                        | InterfaceFlags::IFF_PROMISC,
                )
        })
        .filter_map(|addr| match addr.address {
            Some(SockAddr::Inet(addr)) if addr.to_std().is_ipv4() => Some(addr.to_std().ip()),
            _ => None,
        })
        .collect::<Vec<_>>();
    Ok(addrs)
 }
 #[cfg(target_os = "linux")]
 pub use super::netlink::get_local_addrs;
 pub trait DeviceExt {
    /// Diff the output of a wgctrl device with a list of server-reported peers.
    fn diff<'a>(&'a self, peers: &'a [Peer]) -> Vec<PeerDiff<'a>>;
    // /// Get a peer by their public key, a helper function.
    fn get_peer(&self, public_key: &str) -> Option<&PeerInfo>;
 }
 impl DeviceExt for Device {
    fn diff<'a>(&'a self, peers: &'a [Peer]) -> Vec<PeerDiff<'a>> {
        let interface_public_key = self
            .public_key
            .as_ref()
            .map(|k| k.to_base64())
            .unwrap_or_default();
        let existing_peers = &self.peers;
        // Match existing peers (by pubkey) to new peer information from the server.
        let modifications = peers.iter().filter_map(|peer| {
            if peer.is_disabled || peer.public_key == interface_public_key {
                None
            } else {
                let existing_peer = existing_peers
                    .iter()
                    .find(|p| p.config.public_key.to_base64() == peer.public_key);
                PeerDiff::new(existing_peer, Some(peer)).unwrap()
            }
        });
        // Remove any peers on the interface that aren't in the server's peer list any more.
        let removals = existing_peers.iter().filter_map(|existing| {
            let public_key = existing.config.public_key.to_base64();
            if peers.iter().any(|p| p.public_key == public_key) {
                None
            } else {
                PeerDiff::new(Some(existing), None).unwrap()
            }
        });
        modifications.chain(removals).collect::<Vec<_>>()
    }
    fn get_peer(&self, public_key: &str) -> Option<&PeerInfo> {
        Key::from_base64(public_key)
            .ok()
            .and_then(|key| self.peers.iter().find(|peer| peer.config.public_key == key))
    }
 }
 pub trait PeerInfoExt {
    /// WireGuard rejects any communication after REJECT_AFTER_TIME, so we can use this
    /// as a heuristic for "currentness" without relying on heavier things like ICMP.
    fn is_recently_connected(&self) -> bool;
 }
 impl PeerInfoExt for PeerInfo {
    fn is_recently_connected(&self) -> bool {
        const REJECT_AFTER_TIME: Duration = Duration::from_secs(180);
        let last_handshake = self
            .stats
            .last_handshake_time
            .and_then(|t| t.elapsed().ok())
            .unwrap_or(Duration::MAX);
        last_handshake <= REJECT_AFTER_TIME
    }
 }