along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net_packet.c,v 1.1.2.45 2003/12/20 19:47:52 guus Exp $
+ $Id: net_packet.c,v 1.1.2.49 2003/12/27 16:32:52 guus Exp $
*/
#include "system.h"
#include "conf.h"
#include "connection.h"
#include "device.h"
+#include "ethernet.h"
#include "event.h"
#include "graph.h"
#include "list.h"
#include "utils.h"
#include "xalloc.h"
+#ifdef WSAEMSGSIZE
+#define EMSGSIZE WSAEMSGSIZE
+#endif
+
int keylifetime = 0;
int keyexpires = 0;
+bool strictsource = true;
EVP_CIPHER_CTX packet_ctx;
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
cp();
n->mtuprobes++;
+ n->mtuevent = NULL;
+
+ if(n->mtuprobes >= 10 && !n->minmtu) {
+ ifdebug(TRAFFIC) logger(LOG_INFO, _("No response to MTU probes from %s (%s)"), n->name, n->hostname);
+ return;
+ }
for(i = 0; i < 3; i++) {
- if(n->mtuprobes >= 100 || n->probedmtu >= n->mtu) {
- n->mtu = n->probedmtu;
+ if(n->mtuprobes >= 30 || n->minmtu >= n->maxmtu) {
+ n->mtu = n->minmtu;
ifdebug(TRAFFIC) logger(LOG_INFO, _("Fixing MTU of %s (%s) to %d after %d probes"), n->name, n->hostname, n->mtu, n->mtuprobes);
return;
}
- len = n->probedmtu + 1 + random() % (n->mtu - n->probedmtu);
+ len = n->minmtu + 1 + random() % (n->maxmtu - n->minmtu);
if(len < 64)
len = 64;
packet->data[0] = 1;
send_packet(n, packet);
} else {
- if(n->probedmtu < packet->len)
- n->probedmtu = packet->len;
+ if(n->minmtu < packet->len)
+ n->minmtu = packet->len;
}
}
route(n, packet);
}
+static bool authenticate_udppacket(node_t *n, vpn_packet_t *inpkt) {
+ char hmac[EVP_MAX_MD_SIZE];
+
+ if(inpkt->len < sizeof(inpkt->seqno) + (myself->digest ? myself->maclength : 0))
+ return false;
+
+ /* Check the message authentication code */
+
+ if(myself->digest && myself->maclength) {
+ HMAC(myself->digest, myself->key, myself->keylength,
+ (char *) &inpkt->seqno, inpkt->len - myself->maclength, hmac, NULL);
+
+ if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - myself->maclength, myself->maclength))
+ return false;
+ }
+
+ return true;
+}
+
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
{
vpn_packet_t pkt1, pkt2;
int nextpkt = 0;
vpn_packet_t *outpkt = pkt[0];
int outlen, outpad;
- char hmac[EVP_MAX_MD_SIZE];
int i;
cp();
- /* Check packet length */
-
- if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) {
- ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"),
- n->name, n->hostname);
+ if(!authenticate_udppacket(n, inpkt)) {
+ ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
+ n->name, n->hostname);
return;
}
- /* Check the message authentication code */
-
- if(myself->digest && myself->maclength) {
- inpkt->len -= myself->maclength;
- HMAC(myself->digest, myself->key, myself->keylength,
- (char *) &inpkt->seqno, inpkt->len, hmac, NULL);
-
- if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) {
- ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
- n->name, n->hostname);
- return;
- }
- }
+ inpkt->len -= myself->digest ? myself->maclength : 0;
/* Decrypt the packet */
|| !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
- return;
+ goto end;
}
outpkt->len = outlen + outpad;
#endif
if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) {
- logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno));
if(errno == EMSGSIZE) {
+ if(n->maxmtu >= origlen)
+ n->maxmtu = origlen - 1;
if(n->mtu >= origlen)
n->mtu = origlen - 1;
- }
- return;
+ } else
+ logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno));
}
+end:
inpkt->len = origlen;
}
cp();
if(n == myself) {
+ if(overwrite_mac)
+ memcpy(packet->data, mymac.x, ETH_ALEN);
write_packet(packet);
return;
}
sockaddr_t from;
socklen_t fromlen = sizeof(from);
node_t *n;
+ static time_t lasttime = 0;
cp();
n = lookup_node_udp(&from);
+ if(!n && !strictsource && myself->digest && myself->maclength && lasttime != now) {
+ avl_node_t *node;
+
+ lasttime = now;
+
+ for(node = node_tree->head; node; node = node->next) {
+ n = node->data;
+
+ if(authenticate_udppacket(n, &pkt)) {
+ update_node_address(n, &from);
+ logger(LOG_DEBUG, _("Updated address of node %s to %s"), n->name, n->hostname);
+ break;
+ }
+ }
+ }
+
if(!n) {
hostname = sockaddr2hostname(&from);
- logger(LOG_WARNING, _("Received UDP packet from unknown source %s"),
- hostname);
+ logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname);
free(hostname);
return;
}