}
end:
- event_add(&n->mtuevent, &(struct timeval){timeout, 0});
+ event_add(&n->mtuevent, &(struct timeval){timeout, rand() % 100000});
}
void send_mtu_probe(node_t *n) {
logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
if(!packet->data[0]) {
+ /* It's a probe request, send back a reply */
+
packet->data[0] = 1;
+
+ /* Temporarily set udp_confirmed, so that the reply is sent
+ back exactly the way it came in. */
+
+ bool udp_confirmed = n->status.udp_confirmed;
+ n->status.udp_confirmed = true;
send_udppacket(n, packet);
+ n->status.udp_confirmed = udp_confirmed;
} else {
+ /* It's a valid reply: now we know bidirectional communication
+ is possible using the address and socket that the reply
+ packet used. */
+
n->status.udp_confirmed = true;
+ /* If we haven't established the PMTU yet, restart the discovery process. */
+
if(n->mtuprobes > 30) {
if(n->minmtu)
n->mtuprobes = 30;
n->mtuprobes = 1;
}
+ /* If applicable, raise the minimum supported MTU */
+
if(len > n->maxmtu)
len = n->maxmtu;
if(n->minmtu < len)
if(!n->status.waitingforkey)
send_req_key(n);
else if(n->last_req_key + 10 < time(NULL)) {
+ logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
sptps_stop(&n->sptps);
n->status.waitingforkey = false;
send_req_key(n);
return;
}
+static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
+ /* Latest guess */
+ *sa = &n->address;
+ *sock = n->sock;
+
+ /* If the UDP address is confirmed, use it. */
+ if(n->status.udp_confirmed)
+ return;
+
+ /* Send every third packet to n->address; that could be set
+ to the node's reflexive UDP address discovered during key
+ exchange. */
+
+ static int x = 0;
+ if(++x >= 3) {
+ x = 0;
+ return;
+ }
+
+ /* Otherwise, address are found in edges to this node.
+ So we pick a random edge and a random socket. */
+
+ int i = 0;
+ int j = rand() % n->edge_tree->count;
+ edge_t *candidate = NULL;
+
+ for splay_each(edge_t, e, n->edge_tree) {
+ if(i++ == j) {
+ candidate = e->reverse;
+ break;
+ }
+ }
+
+ if(candidate) {
+ *sa = &candidate->address;
+ *sock = rand() % listen_sockets;
+ }
+
+ /* Make sure we have a suitable socket for the chosen address */
+ if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
+ for(int i = 0; i < listen_sockets; i++) {
+ if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
+ *sock = i;
+ break;
+ }
+ }
+ }
+}
+
+static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
+ static sockaddr_t broadcast_ipv4 = {
+ .in = {
+ .sin_family = AF_INET,
+ .sin_addr.s_addr = -1,
+ }
+ };
+
+ static sockaddr_t broadcast_ipv6 = {
+ .in6 = {
+ .sin6_family = AF_INET6,
+ .sin6_addr.s6_addr[0x0] = 0xff,
+ .sin6_addr.s6_addr[0x1] = 0x02,
+ .sin6_addr.s6_addr[0xf] = 0x01,
+ }
+ };
+
+ *sock = rand() % listen_sockets;
+
+ if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
+ broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
+ broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
+ *sa = &broadcast_ipv6;
+ } else {
+ broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
+ *sa = &broadcast_ipv4;
+ }
+}
+
static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
vpn_packet_t pkt1, pkt2;
vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
/* Send the packet */
- sockaddr_t *sa;
+ const sockaddr_t *sa;
int sock;
/* Overloaded use of priority field: -1 means local broadcast */
- if(origpriority == -1 && n->prevedge) {
- sockaddr_t broadcast;
- broadcast.in.sin_family = AF_INET;
- broadcast.in.sin_addr.s_addr = -1;
- broadcast.in.sin_port = n->prevedge->address.in.sin_port;
- sa = &broadcast;
- sock = 0;
- } else {
- if(origpriority == -1)
- origpriority = 0;
-
- if(n->status.udp_confirmed) {
- /* Address of this node is confirmed, so use it. */
- sa = &n->address;
- sock = n->sock;
- } else {
- /* Otherwise, go through the list of known addresses of
- this node. The first address we try is always the
- one in n->address; that could be set to the node's
- reflexive UDP address discovered during key
- exchange. The other known addresses are those found
- in edges to this node. */
-
- static unsigned int i;
- int j = 0;
- edge_t *candidate = NULL;
-
- if(i) {
- for splay_each(edge_t, e, edge_weight_tree) {
- if(e->to != n)
- continue;
- j++;
- if(!candidate || j == i)
- candidate = e;
- }
- }
-
- if(!candidate) {
- sa = &n->address;
- sock = n->sock;
- } else {
- sa = &candidate->address;
- sock = rand() % listen_sockets;
- }
-
- if(i++)
- if(i > j)
- i = 0;
- }
- }
-
- /* Determine which socket we have to use */
-
- if(sa->sa.sa_family != listen_socket[sock].sa.sa.sa_family)
- for(sock = 0; sock < listen_sockets; sock++)
- if(sa->sa.sa_family == listen_socket[sock].sa.sa.sa_family)
- break;
-
- if(sock >= listen_sockets)
- sock = 0;
-
- if(!n->status.udp_confirmed)
- n->sock = sock;
+ if(origpriority == -1 && n->prevedge)
+ choose_broadcast_address(n, &sa, &sock);
+ else
+ choose_udp_address(n, &sa, &sock);
#if defined(SOL_IP) && defined(IP_TOS)
if(priorityinheritance && origpriority != priority
}
#endif
- socklen_t sl = SALEN(n->address.sa);
-
- if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, sl) < 0 && !sockwouldblock(sockerrno)) {
+ if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
if(sockmsgsize(sockerrno)) {
if(n->maxmtu >= origlen)
n->maxmtu = origlen - 1;
bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
node_t *to = handle;
- if(type >= SPTPS_HANDSHAKE
- || ((myself->options | to->options) & OPTION_TCPONLY)
- || (type != PKT_PROBE && len > to->minmtu)) {
+ /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
+
+ if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
char buf[len * 4 / 3 + 5];
b64encode(data, buf, len);
+ /* If no valid key is known yet, send the packets using ANS_KEY requests,
+ to ensure we get to learn the reflexive UDP address. */
if(!to->status.validkey)
return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
else
- return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, type >= SPTPS_HANDSHAKE ? REQ_SPTPS : REQ_PACKET, buf);
+ return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
}
- /* Send the packet */
+ /* Otherwise, send the packet via UDP */
- struct sockaddr *sa;
- socklen_t sl;
+ const sockaddr_t *sa;
int sock;
- sa = &(to->address.sa);
- sl = SALEN(to->address.sa);
- sock = to->sock;
+ choose_udp_address(to, &sa, &sock);
- if(sendto(listen_socket[sock].udp, data, len, 0, sa, sl) < 0 && !sockwouldblock(sockerrno)) {
+ if(sendto(listen_socket[sock].udp, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
if(sockmsgsize(sockerrno)) {
if(to->maxmtu >= len)
to->maxmtu = len - 1;
node_t *from = handle;
if(type == SPTPS_HANDSHAKE) {
- from->status.validkey = true;
- from->status.waitingforkey = false;
- logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
+ if(!from->status.validkey) {
+ from->status.validkey = true;
+ from->status.waitingforkey = false;
+ logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
+ }
return true;
}