X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_packet.c;h=a24a7add6080d1d20dd6b0267fb464fe2ecc5be7;hb=558b19c2432d938afc4a659668bd461ace6ed744;hp=6b7c3b94558455a89cca189ced9ef36467908bd4;hpb=8dd1c8a020e3babf5054179b0d30e2aa850d2e2b;p=tinc

diff --git a/src/net_packet.c b/src/net_packet.c
index 6b7c3b94..a24a7add 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -348,12 +348,12 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) {
 
 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
 	if(n->status.sptps)
-		return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
+		return sptps_verify_datagram(&n->sptps, ((sptps_packet_t *)inpkt)->data, inpkt->len);
 
 	if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest))
 		return false;
 
-	return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
+	return digest_verify(n->indigest, (const char *)&inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
 }
 
 static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
@@ -372,7 +372,11 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
 			}
 			return false;
 		}
-		return sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
+		if(!sptps_receive_data(&n->sptps, ((sptps_packet_t *)&inpkt)->data, inpkt->len)) {
+			logger(DEBUG_TRAFFIC, LOG_ERR, "Got bad packet from %s (%s)", n->name, n->hostname);
+			return false;
+		}
+		return true;
 	}
 
 	if(!n->status.validkey) {
@@ -415,9 +419,7 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
 	/* Check the sequence number */
 
 	inpkt->len -= sizeof inpkt->seqno;
-	uint32_t seqno;
-	memcpy(&seqno, inpkt->seqno, sizeof seqno);
-	seqno = ntohl(seqno);
+	uint32_t seqno = ntohl(inpkt->seqno);
 
 	if(replaywin) {
 		if(seqno != n->received_seqno + 1) {
@@ -497,19 +499,27 @@ void receive_tcppacket(connection_t *c, const char *buffer, int len) {
 	receive_packet(c->node, &outpkt);
 }
 
+static bool try_sptps(node_t *n) {
+	if(n->status.validkey)
+		return true;
+
+	logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
+
+	if(!n->status.waitingforkey)
+		send_req_key(n);
+	else if(n->last_req_key + 10 < now.tv_sec) {
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
+		sptps_stop(&n->sptps);
+		n->status.waitingforkey = false;
+		send_req_key(n);
+	}
+
+	return false;
+}
+
 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
-	if(!n->status.validkey) {
-		logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
-		if(!n->status.waitingforkey)
-			send_req_key(n);
-		else if(n->last_req_key + 10 < now.tv_sec) {
-			logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
-			sptps_stop(&n->sptps);
-			n->status.waitingforkey = false;
-			send_req_key(n);
-		}
+	if (!try_sptps(n))
 		return;
-	}
 
 	uint8_t type = 0;
 	int offset = 0;
@@ -687,8 +697,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
 
 	/* Add sequence number */
 
-	uint32_t seqno = htonl(++(n->sent_seqno));
-	memcpy(inpkt->seqno, &seqno, sizeof inpkt->seqno);
+	inpkt->seqno = htonl(++(n->sent_seqno));
 	inpkt->len += sizeof inpkt->seqno;
 
 	/* Encrypt the packet */
@@ -697,7 +706,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
 		outpkt = pkt[nextpkt++];
 		outlen = MAXSIZE;
 
-		if(!cipher_encrypt(n->outcipher, inpkt->seqno, inpkt->len, outpkt->seqno, &outlen, true)) {
+		if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
 			logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
 			goto end;
 		}
@@ -709,7 +718,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
 	/* Add the message authentication code */
 
 	if(digest_active(n->outdigest)) {
-		if(!digest_create(n->outdigest, inpkt->seqno, inpkt->len, inpkt->seqno + inpkt->len)) {
+		if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, &inpkt->seqno + inpkt->len)) {
 			logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
 			goto end;
 		}
@@ -737,7 +746,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
 	}
 #endif
 
-	if(sendto(listen_socket[sock].udp.fd, inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
+	if(sendto(listen_socket[sock].udp.fd, &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
 		if(sockmsgsize(sockerrno)) {
 			if(n->maxmtu >= origlen)
 				n->maxmtu = origlen - 1;
@@ -751,54 +760,67 @@ end:
 	origpkt->len = origlen;
 }
 
-bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
-	node_t *to = handle;
+static bool send_sptps_data_priv(node_t *to, node_t *from, int type, const void *data, size_t len) {
+	node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop;
+	bool direct = from == myself && to == relay;
+	bool relay_supported = (relay->options >> 24) >= 4;
+	bool tcponly = (myself->options | relay->options) & OPTION_TCPONLY;
 
-	/* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
+	/* We don't really need the relay's key, but we need to establish a UDP tunnel with it and discover its MTU. */
+	if (!direct && relay_supported && !tcponly)
+		try_sptps(relay);
 
-	if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > to->minmtu)) {
+	/* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU.
+	   TODO: When relaying, the original sender does not know the end-to-end PMTU (it only knows the PMTU of the first hop).
+	         This can lead to scenarios where large packets are sent over UDP to relay, but then relay has no choice but fall back to TCP. */
+
+	if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
 		char buf[len * 4 / 3 + 5];
 		b64encode(data, buf, len);
 		/* If no valid key is known yet, send the packets using ANS_KEY requests,
 		   to ensure we get to learn the reflexive UDP address. */
-		if(!to->status.validkey) {
+		if(from == myself && !to->status.validkey) {
 			to->incompression = myself->incompression;
-			return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, to->incompression);
+			return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
 		} else {
-			return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
+			return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, REQ_SPTPS, buf);
 		}
 	}
 
-	/* Otherwise, send the packet via UDP */
-
-	const sockaddr_t *sa = NULL;
-	int sock;
-
-	if(to->status.send_locally)
-		choose_local_address(to, &sa, &sock);
-	if(!sa)
-		choose_udp_address(to, &sa, &sock);
-
-	bool add_srcid = (to->options >> 24) >= 4;
 	size_t overhead = 0;
-	if (add_srcid) overhead += sizeof myself->id;
+	if(relay_supported) overhead += sizeof to->id + sizeof from->id;
 	char buf[len + overhead]; char* buf_ptr = buf;
-	if(add_srcid) {
-		memcpy(buf_ptr, &myself->id, sizeof myself->id); buf_ptr += sizeof myself->id;
+	if(relay_supported) {
+		if(direct) {
+			/* Inform the recipient that this packet was sent directly. */
+			node_id_t nullid = {};
+			memcpy(buf_ptr, &nullid, sizeof nullid); buf_ptr += sizeof nullid;
+		} else {
+			memcpy(buf_ptr, &to->id, sizeof to->id); buf_ptr += sizeof to->id;
+		}
+		memcpy(buf_ptr, &from->id, sizeof from->id); buf_ptr += sizeof from->id;
+
 	}
 	/* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */
 	memcpy(buf_ptr, data, len); buf_ptr += len;
 
+	const sockaddr_t *sa = NULL;
+	int sock;
+	if(relay->status.send_locally)
+		choose_local_address(relay, &sa, &sock);
+	if(!sa)
+		choose_udp_address(relay, &sa, &sock);
+	logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname);
 	if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
 		if(sockmsgsize(sockerrno)) {
 			// Compensate for SPTPS overhead
 			len -= SPTPS_DATAGRAM_OVERHEAD;
-			if(to->maxmtu >= len)
-				to->maxmtu = len - 1;
-			if(to->mtu >= len)
-				to->mtu = len - 1;
+			if(relay->maxmtu >= len)
+				relay->maxmtu = len - 1;
+			if(relay->mtu >= len)
+				relay->mtu = len - 1;
 		} else {
-			logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
+			logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno));
 			return false;
 		}
 	}
@@ -806,6 +828,10 @@ bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
 	return true;
 }
 
+bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
+	return send_sptps_data_priv(handle, myself, type, data, len);
+}
+
 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
 	node_t *from = handle;
 
@@ -1002,13 +1028,15 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
 void handle_incoming_vpn_data(void *data, int flags) {
 	listen_socket_t *ls = data;
 	vpn_packet_t pkt;
+	sptps_packet_t *spkt = (sptps_packet_t *)&pkt;
 	char *hostname;
-	sockaddr_t from = {{0}};
-	socklen_t fromlen = sizeof from;
-	node_t *n = NULL;
-	int len;
+	node_id_t nullid = {};
+	sockaddr_t addr = {};
+	socklen_t addrlen = sizeof addr;
+	node_t *from, *to;
+	bool direct = false;
 
-	len = recvfrom(ls->udp.fd, &pkt.srcid, MAXSIZE, 0, &from.sa, &fromlen);
+	int len = recvfrom(ls->udp.fd, &pkt.seqno, MAXSIZE, 0, &addr.sa, &addrlen);
 
 	if(len <= 0 || len > MAXSIZE) {
 		if(!sockwouldblock(sockerrno))
@@ -1018,36 +1046,66 @@ void handle_incoming_vpn_data(void *data, int flags) {
 
 	pkt.len = len;
 
-	sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
+	sockaddrunmap(&addr); /* Some braindead IPv6 implementations do stupid things. */
 
-	if(len >= sizeof pkt.srcid)
-		n = lookup_node_id(&pkt.srcid);
-	if(n)
-		pkt.len -= sizeof pkt.srcid;
-	else {
-		/* Most likely an old-style packet without a source ID. */
-		memmove(pkt.seqno, &pkt.srcid, sizeof pkt - offsetof(vpn_packet_t, seqno));
-		n = lookup_node_udp(&from);
+	// Try to figure out who sent this packet.
+
+	node_t *n = lookup_node_udp(&addr);
+
+	if(!n) {
+		// It might be from a 1.1 node, which might have a source ID in the packet.
+		from = lookup_node_id(&spkt->srcid);
+		if(from && !memcmp(&spkt->dstid, &nullid, sizeof nullid) && from->status.sptps) {
+			if(sptps_verify_datagram(&from->sptps, spkt->data, spkt->len - sizeof(spkt->srcid) - sizeof(spkt->dstid)))
+				n = from;
+			else
+				goto skip_harder;
+		}
 	}
 
 	if(!n)
-		n = try_harder(&from, &pkt);
+		n = try_harder(&addr, &pkt);
 
+skip_harder:
 	if(!n) {
 		if(debug_level >= DEBUG_PROTOCOL) {
-			hostname = sockaddr2hostname(&from);
+			hostname = sockaddr2hostname(&addr);
 			logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
 			free(hostname);
 		}
 		return;
 	}
 
-	if(!receive_udppacket(n, &pkt))
+	if(n->status.sptps) {
+		if(memcmp(&spkt->dstid, &nullid, sizeof nullid)) {
+			direct = true;
+			from = n;
+			to = myself;
+		} else {
+			from = lookup_node_id(&spkt->srcid);
+			to = lookup_node_id(&spkt->dstid);
+		}
+		if(!from || !to) {
+			logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from %s (%s) with unknown source and/or destination ID", n->name, n->hostname);
+			return;
+		}
+
+		spkt->len -= sizeof spkt->dstid + sizeof spkt->srcid;
+		if(to != myself) {
+			send_sptps_data_priv(to, n, 0, spkt->data, spkt->len);
+			return;
+		}
+	} else {
+		direct = true;
+		from = n;
+	}
+
+	if(!receive_udppacket(from, &pkt))
 		return;
 
 	n->sock = ls - listen_socket;
-	if(sockaddrcmp(&from, &n->address))
-		update_node_udp(n, &from);
+	if(direct && sockaddrcmp(&addr, &n->address))
+		update_node_udp(n, &addr);
 }
 
 void handle_device_data(void *data, int flags) {