X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_packet.c;h=67407dcf79e4cc5bd241e1f43117958fd6261aa7;hb=092d620dbb3fdc8226ea0a4e1cfd5cd53d608420;hp=012085e22bf8e9beb40185e11febd90701ede2b1;hpb=3d41e7d71247998b7c4a3dd4eacb93bd3529428d;p=tinc diff --git a/src/net_packet.c b/src/net_packet.c index 012085e2..67407dcf 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -54,8 +54,7 @@ static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999 static void send_udppacket(node_t *, vpn_packet_t *); unsigned replaywin = 16; -bool localdiscovery = false; -sockaddr_t localdiscovery_address; +bool localdiscovery = true; #define MAX_SEQNO 1073741824 @@ -144,14 +143,14 @@ static void send_mtu_probe_handler(void *data) { randomize(packet.data + 14, len - 14); packet.len = len; packet.priority = 0; - n->status.broadcast = i >= 4 && n->mtuprobes <= 10 && n->prevedge; + n->status.send_locally = i >= 4 && n->mtuprobes <= 10 && n->prevedge; logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname); send_udppacket(n, &packet); } - n->status.broadcast = false; + n->status.send_locally = false; n->probe_counter = 0; gettimeofday(&n->probe_time, NULL); @@ -183,7 +182,7 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) { /* It's a probe request, send back a reply */ /* Type 2 probe replies were introduced in protocol 17.3 */ - if ((n->options >> 24) == 3) { + if ((n->options >> 24) >= 3) { uint8_t* data = packet->data; *data++ = 2; uint16_t len16 = htons(len); memcpy(data, &len16, 2); data += 2; @@ -361,7 +360,6 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t pkt1, pkt2; vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; int nextpkt = 0; - vpn_packet_t *outpkt = pkt[0]; size_t outlen; if(n->status.sptps) { @@ -378,7 +376,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { return; } - if(!cipher_active(n->incipher)) { + if(!n->status.validkey) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname); return; } @@ -403,7 +401,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { /* Decrypt the packet */ if(cipher_active(n->incipher)) { - outpkt = pkt[nextpkt++]; + vpn_packet_t *outpkt = pkt[nextpkt++]; outlen = MAXSIZE; if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) { @@ -418,37 +416,39 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { /* Check the sequence number */ inpkt->len -= sizeof inpkt->seqno; - inpkt->seqno = ntohl(inpkt->seqno); + uint32_t seqno; + memcpy(&seqno, inpkt->seqno, sizeof seqno); + seqno = ntohl(seqno); if(replaywin) { - if(inpkt->seqno != n->received_seqno + 1) { - if(inpkt->seqno >= n->received_seqno + replaywin * 8) { + if(seqno != n->received_seqno + 1) { + if(seqno >= n->received_seqno + replaywin * 8) { if(n->farfuture++ < replaywin >> 2) { logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)", - n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture); + n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture); return; } logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)", - inpkt->seqno - n->received_seqno - 1, n->name, n->hostname); + seqno - n->received_seqno - 1, n->name, n->hostname); memset(n->late, 0, replaywin); - } else if (inpkt->seqno <= n->received_seqno) { - if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) { + } else if (seqno <= n->received_seqno) { + if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) { logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d", - n->name, n->hostname, inpkt->seqno, n->received_seqno); + n->name, n->hostname, seqno, n->received_seqno); return; } } else { - for(int i = n->received_seqno + 1; i < inpkt->seqno; i++) + for(int i = n->received_seqno + 1; i < seqno; i++) n->late[(i / 8) % replaywin] |= 1 << i % 8; } } n->farfuture = 0; - n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8); + n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8); } - if(inpkt->seqno > n->received_seqno) - n->received_seqno = inpkt->seqno; + if(seqno > n->received_seqno) + n->received_seqno = seqno; n->received++; @@ -460,7 +460,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { length_t origlen = inpkt->len; if(n->incompression) { - outpkt = pkt[nextpkt++]; + vpn_packet_t *outpkt = pkt[nextpkt++]; if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)", @@ -544,6 +544,18 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) { return; } +static void adapt_socket(const sockaddr_t *sa, int *sock) { + /* Make sure we have a suitable socket for the chosen address */ + if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) { + for(int i = 0; i < listen_sockets; i++) { + if(listen_socket[i].sa.sa.sa_family == sa->sa.sa_family) { + *sock = i; + break; + } + } + } +} + static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) { /* Latest guess */ *sa = &n->address; @@ -582,54 +594,30 @@ static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock *sock = rand() % listen_sockets; } - /* Make sure we have a suitable socket for the chosen address */ - if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) { - for(int i = 0; i < listen_sockets; i++) { - if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) { - *sock = i; - break; - } - } - } + adapt_socket(*sa, sock); } -static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) { - static sockaddr_t broadcast_ipv4 = { - .in = { - .sin_family = AF_INET, - .sin_addr.s_addr = -1, - } - }; - - static sockaddr_t broadcast_ipv6 = { - .in6 = { - .sin6_family = AF_INET6, - .sin6_addr.s6_addr[0x0] = 0xff, - .sin6_addr.s6_addr[0x1] = 0x02, - .sin6_addr.s6_addr[0xf] = 0x01, - } - }; +static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) { + *sa = NULL; - *sock = rand() % listen_sockets; + /* Pick one of the edges from this node at random, then use its local address. */ - if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) { - if(localdiscovery_address.sa.sa_family == AF_INET6) { - localdiscovery_address.in6.sin6_port = n->prevedge->address.in.sin_port; - *sa = &localdiscovery_address; - } else { - broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port; - broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id; - *sa = &broadcast_ipv6; - } - } else { - if(localdiscovery_address.sa.sa_family == AF_INET) { - localdiscovery_address.in.sin_port = n->prevedge->address.in.sin_port; - *sa = &localdiscovery_address; - } else { - broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port; - *sa = &broadcast_ipv4; + int i = 0; + int j = rand() % n->edge_tree->count; + edge_t *candidate = NULL; + + for splay_each(edge_t, e, n->edge_tree) { + if(i++ == j) { + candidate = e; + break; } } + + if (candidate && candidate->local_address.sa.sa_family) { + *sa = &candidate->local_address; + *sock = rand() % listen_sockets; + adapt_socket(*sa, sock); + } } static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { @@ -642,8 +630,8 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { size_t outlen; #if defined(SOL_IP) && defined(IP_TOS) static int priority = 0; -#endif int origpriority = origpkt->priority; +#endif if(!n->status.reachable) { logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname); @@ -699,7 +687,8 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Add sequence number */ - inpkt->seqno = htonl(++(n->sent_seqno)); + uint32_t seqno = htonl(++(n->sent_seqno)); + memcpy(inpkt->seqno, &seqno, sizeof inpkt->seqno); inpkt->len += sizeof inpkt->seqno; /* Encrypt the packet */ @@ -708,7 +697,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { outpkt = pkt[nextpkt++]; outlen = MAXSIZE; - if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) { + if(!cipher_encrypt(n->outcipher, inpkt->seqno, inpkt->len, outpkt->seqno, &outlen, true)) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname); goto end; } @@ -720,7 +709,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Add the message authentication code */ if(digest_active(n->outdigest)) { - if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) { + if(!digest_create(n->outdigest, inpkt->seqno, inpkt->len, inpkt->seqno + inpkt->len)) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname); goto end; } @@ -730,12 +719,12 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Send the packet */ - const sockaddr_t *sa; + const sockaddr_t *sa = NULL; int sock; - if(n->status.broadcast) - choose_broadcast_address(n, &sa, &sock); - else + if(n->status.send_locally) + choose_local_address(n, &sa, &sock); + if(!sa) choose_udp_address(n, &sa, &sock); #if defined(SOL_IP) && defined(IP_TOS) @@ -744,11 +733,11 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { priority = origpriority; logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority); if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ - logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno)); } #endif - if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { + if(sendto(listen_socket[sock].udp.fd, inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { if(sockmsgsize(sockerrno)) { if(n->maxmtu >= origlen) n->maxmtu = origlen - 1; @@ -767,7 +756,7 @@ bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) { /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */ - if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) { + if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > to->minmtu)) { char buf[len * 4 / 3 + 5]; b64encode(data, buf, len); /* If no valid key is known yet, send the packets using ANS_KEY requests, @@ -782,16 +771,18 @@ bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) { /* Otherwise, send the packet via UDP */ - const sockaddr_t *sa; + const sockaddr_t *sa = NULL; int sock; - if(to->status.broadcast) - choose_broadcast_address(to, &sa, &sock); - else + if(to->status.send_locally) + choose_local_address(to, &sa, &sock); + if(!sa) choose_udp_address(to, &sa, &sock); if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { if(sockmsgsize(sockerrno)) { + // Compensate for SPTPS overhead + len -= SPTPS_DATAGRAM_OVERHEAD; if(to->maxmtu >= len) to->maxmtu = len - 1; if(to->mtu >= len) @@ -948,7 +939,7 @@ void broadcast_packet(const node_t *from, vpn_packet_t *packet) { // usually distributes the sending of broadcast packets over all nodes. case BMODE_MST: for list_each(connection_t, c, connection_list) - if(c->status.active && c->status.mst && c != from->nexthop->connection) + if(c->edge && c->status.mst && c != from->nexthop->connection) send_packet(c->node, packet); break; @@ -1007,7 +998,7 @@ void handle_incoming_vpn_data(void *data, int flags) { node_t *n; int len; - len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); + len = recvfrom(ls->udp.fd, pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); if(len <= 0 || len > MAXSIZE) { if(!sockwouldblock(sockerrno))