X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_packet.c;h=a24a7add6080d1d20dd6b0267fb464fe2ecc5be7;hb=558b19c2432d938afc4a659668bd461ace6ed744;hp=c3e8c6246206ed5226eef5dd0de2d8ba3e68944d;hpb=b90c42a33b78f22b7046da5a5445c712020f30eb;p=tinc diff --git a/src/net_packet.c b/src/net_packet.c index c3e8c624..a24a7add 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -348,12 +348,12 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) { static bool try_mac(node_t *n, const vpn_packet_t *inpkt) { if(n->status.sptps) - return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len); + return sptps_verify_datagram(&n->sptps, ((sptps_packet_t *)inpkt)->data, inpkt->len); if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) return false; - return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest)); + return digest_verify(n->indigest, (const char *)&inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest)); } static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) { @@ -372,7 +372,7 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) { } return false; } - if(!sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len)) { + if(!sptps_receive_data(&n->sptps, ((sptps_packet_t *)&inpkt)->data, inpkt->len)) { logger(DEBUG_TRAFFIC, LOG_ERR, "Got bad packet from %s (%s)", n->name, n->hostname); return false; } @@ -419,9 +419,7 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) { /* Check the sequence number */ inpkt->len -= sizeof inpkt->seqno; - uint32_t seqno; - memcpy(&seqno, inpkt->seqno, sizeof seqno); - seqno = ntohl(seqno); + uint32_t seqno = ntohl(inpkt->seqno); if(replaywin) { if(seqno != n->received_seqno + 1) { @@ -699,8 +697,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Add sequence number */ - uint32_t seqno = htonl(++(n->sent_seqno)); - memcpy(inpkt->seqno, &seqno, sizeof inpkt->seqno); + inpkt->seqno = htonl(++(n->sent_seqno)); inpkt->len += sizeof inpkt->seqno; /* Encrypt the packet */ @@ -709,7 +706,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { outpkt = pkt[nextpkt++]; outlen = MAXSIZE; - if(!cipher_encrypt(n->outcipher, inpkt->seqno, inpkt->len, outpkt->seqno, &outlen, true)) { + if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname); goto end; } @@ -721,7 +718,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Add the message authentication code */ if(digest_active(n->outdigest)) { - if(!digest_create(n->outdigest, inpkt->seqno, inpkt->len, inpkt->seqno + inpkt->len)) { + if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, &inpkt->seqno + inpkt->len)) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname); goto end; } @@ -749,7 +746,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { } #endif - if(sendto(listen_socket[sock].udp.fd, inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { + if(sendto(listen_socket[sock].udp.fd, &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { if(sockmsgsize(sockerrno)) { if(n->maxmtu >= origlen) n->maxmtu = origlen - 1; @@ -1031,14 +1028,15 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) { void handle_incoming_vpn_data(void *data, int flags) { listen_socket_t *ls = data; vpn_packet_t pkt; + sptps_packet_t *spkt = (sptps_packet_t *)&pkt; char *hostname; - sockaddr_t from = {{0}}; - socklen_t fromlen = sizeof from; - node_t *n = NULL; - node_t *to = myself; - int len; + node_id_t nullid = {}; + sockaddr_t addr = {}; + socklen_t addrlen = sizeof addr; + node_t *from, *to; + bool direct = false; - len = recvfrom(ls->udp.fd, &pkt.dstid, MAXSIZE, 0, &from.sa, &fromlen); + int len = recvfrom(ls->udp.fd, &pkt.seqno, MAXSIZE, 0, &addr.sa, &addrlen); if(len <= 0 || len > MAXSIZE) { if(!sockwouldblock(sockerrno)) @@ -1048,65 +1046,66 @@ void handle_incoming_vpn_data(void *data, int flags) { pkt.len = len; - sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ + sockaddrunmap(&addr); /* Some braindead IPv6 implementations do stupid things. */ - bool direct = false; - if(len >= sizeof pkt.dstid + sizeof pkt.srcid) { - n = lookup_node_id(&pkt.srcid); - if(n) { - node_id_t nullid = {}; - if(memcmp(&pkt.dstid, &nullid, sizeof nullid) == 0) { - /* A zero dstid is used to indicate a direct, non-relayed packet. */ - direct = true; - } else { - to = lookup_node_id(&pkt.dstid); - if(!to) { - logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet presumably sent by %s (%s) but with unknown destination ID", n->name, n->hostname); - return; - } - } - pkt.len -= sizeof pkt.dstid + sizeof pkt.srcid; - } - } - - if(to != myself) { - /* We are being asked to relay this packet. */ + // Try to figure out who sent this packet. - /* Don't allow random strangers to relay through us. Note that we check for *any* known address since we are not necessarily the first relay. */ - if (!lookup_node_udp(&from)) { - logger(DEBUG_PROTOCOL, LOG_WARNING, "Refusing to relay packet from (presumably) %s (%s) to (presumably) %s (%s) because the packet comes from an unknown address", n->name, n->hostname, to->name, to->hostname); - return; - } - - send_sptps_data_priv(to, n, 0, pkt.seqno, pkt.len); - return; - } + node_t *n = lookup_node_udp(&addr); if(!n) { - /* Most likely an old-style packet without node IDs. */ - direct = true; - memmove(pkt.seqno, &pkt.dstid, sizeof pkt - offsetof(vpn_packet_t, seqno)); - n = lookup_node_udp(&from); + // It might be from a 1.1 node, which might have a source ID in the packet. + from = lookup_node_id(&spkt->srcid); + if(from && !memcmp(&spkt->dstid, &nullid, sizeof nullid) && from->status.sptps) { + if(sptps_verify_datagram(&from->sptps, spkt->data, spkt->len - sizeof(spkt->srcid) - sizeof(spkt->dstid))) + n = from; + else + goto skip_harder; + } } if(!n) - n = try_harder(&from, &pkt); + n = try_harder(&addr, &pkt); +skip_harder: if(!n) { if(debug_level >= DEBUG_PROTOCOL) { - hostname = sockaddr2hostname(&from); + hostname = sockaddr2hostname(&addr); logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname); free(hostname); } return; } - if(!receive_udppacket(n, &pkt)) + if(n->status.sptps) { + if(memcmp(&spkt->dstid, &nullid, sizeof nullid)) { + direct = true; + from = n; + to = myself; + } else { + from = lookup_node_id(&spkt->srcid); + to = lookup_node_id(&spkt->dstid); + } + if(!from || !to) { + logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from %s (%s) with unknown source and/or destination ID", n->name, n->hostname); + return; + } + + spkt->len -= sizeof spkt->dstid + sizeof spkt->srcid; + if(to != myself) { + send_sptps_data_priv(to, n, 0, spkt->data, spkt->len); + return; + } + } else { + direct = true; + from = n; + } + + if(!receive_udppacket(from, &pkt)) return; n->sock = ls - listen_socket; - if(direct && sockaddrcmp(&from, &n->address)) - update_node_udp(n, &from); + if(direct && sockaddrcmp(&addr, &n->address)) + update_node_udp(n, &addr); } void handle_device_data(void *data, int flags) {