From: Guus Sliepen Date: Sun, 14 Oct 2012 12:33:54 +0000 (+0200) Subject: Fix handling of initial datagram SPTPS packet. X-Git-Tag: release-1.1pre3~8 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=44a24f63acc70d19904e5540986b8301b3c9b882;p=tinc Fix handling of initial datagram SPTPS packet. Only the very first packet of an SPTPS session should be send with REQ_KEY, this signals the peer to abort any previous session and start a new one as well. --- diff --git a/src/net_packet.c b/src/net_packet.c index f301aa22..c61bc60a 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -397,6 +397,7 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) { if(!n->status.waitingforkey) send_req_key(n); else if(n->last_req_key + 10 < time(NULL)) { + logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name); sptps_stop(&n->sptps); n->status.waitingforkey = false; send_req_key(n); @@ -631,18 +632,20 @@ end: bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) { node_t *to = handle; - if(type >= SPTPS_HANDSHAKE - || ((myself->options | to->options) & OPTION_TCPONLY) - || (type != PKT_PROBE && len > to->minmtu)) { + /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */ + + if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) { char buf[len * 4 / 3 + 5]; b64encode(data, buf, len); + /* If no valid key is known yet, send the packets using ANS_KEY requests, + to ensure we get to learn the reflexive UDP address. */ if(!to->status.validkey) return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression); else - return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, type >= SPTPS_HANDSHAKE ? REQ_SPTPS : REQ_PACKET, buf); + return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf); } - /* Send the packet */ + /* Otherwise, send the packet via UDP */ struct sockaddr *sa; socklen_t sl; diff --git a/src/protocol.h b/src/protocol.h index 1211f9fe..9030ce5a 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -47,7 +47,6 @@ typedef enum request_t { CONTROL, REQ_PUBKEY, ANS_PUBKEY, REQ_SPTPS, - REQ_PACKET, LAST /* Guardian for the highest request number */ } request_t; diff --git a/src/protocol_key.c b/src/protocol_key.c index 082707d1..b54df3c8 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -102,6 +102,10 @@ bool send_req_key(node_t *to) { send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY); return true; } + + if(to->sptps.label) + logger(DEBUG_ALWAYS, LOG_DEBUG, "send_req_key(%s) called while sptps->label != NULL!", to->name); + char label[25 + strlen(myself->name) + strlen(to->name)]; snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name); sptps_stop(&to->sptps); @@ -149,17 +153,17 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY); return true; } - } - case REQ_SPTPS: { + if(from->sptps.label) + logger(DEBUG_ALWAYS, LOG_DEBUG, "Got REQ_KEY from %s while we already started a SPTPS session!", from->name); + char buf[MAX_STRING_SIZE]; if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) { - logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", from->name, from->hostname, "invalid SPTPS data"); + logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS_START", from->name, from->hostname, "invalid SPTPS data"); return true; } int len = b64decode(buf, buf, strlen(buf)); - char label[25 + strlen(from->name) + strlen(myself->name)]; snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name); sptps_stop(&from->sptps); @@ -171,15 +175,15 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in return true; } - case REQ_PACKET: { + case REQ_SPTPS: { if(!from->status.validkey) { - logger(DEBUG_PROTOCOL, LOG_ERR, "Got REQ_PACKET from %s (%s) but we don't have a valid key yet", from->name, from->hostname); + logger(DEBUG_PROTOCOL, LOG_ERR, "Got REQ_SPTPS from %s (%s) but we don't have a valid key yet", from->name, from->hostname); return true; } char buf[MAX_STRING_SIZE]; if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) { - logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", from->name, from->hostname, "invalid SPTPS data"); + logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS", from->name, from->hostname, "invalid SPTPS data"); return true; } int len = b64decode(buf, buf, strlen(buf));