From: Etienne Dechamps Date: Sat, 3 Jan 2015 17:46:33 +0000 (+0000) Subject: Add UDP_INFO protocol message. X-Git-Tag: release-1.1pre12~193 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=9bb230f30f665779eb89dcce077a15360ec50be1;p=tinc Add UDP_INFO protocol message. In this commit, nodes use UDP_INFO messages to provide UDP address information. The basic principle is that the node that receives packets sends UDP_INFO messages to the node that's sending the packets. The message originally contains no address information, and is (hopefully) updated with relevant address information as it gets relayed through the metagraph - specifically, each intermediate node will update the message with its best guess as to what the address is while forwarding it. When a node receives an UDP_INFO message, and it doesn't have a confirmed UDP tunnel with the originator node, it will update its records with the new address for that node, so that it always has the best possible guess as to how to reach that node. This applies to the destination node of course, but also to any intermediate nodes, because there's no reason they should pass on the free intel, and because it results in nice behavior in the presence of relay chains (multiple nodes in a path all trying to reach the same destination). If, on the other hand, the node does have a confirmed UDP tunnel, it will ignore the address information contained in the message. In all cases, if the node that receives the message is not the destination node specified in the message, it will forward the message but not before overriding the address information with the one from its own records. If the node has a confirmed UDP tunnel, that means the message is updated with the address of the confirmed tunnel; if not, the message simply reflects the records of the intermediate node, which just happen to be the contents of the UDP_INFO message it just got, so it's simply forwarded with no modification. This is similar to the way ANS_KEY messages are currently overloaded to provide UDP address information, with two differences: - UDP_INFO messages are sent way more often than ANS_KEY messages, thereby keeping the address information fresh. Previously, if the UDP situation were to change after the ANS_KEY message was sent, the sender would virtually never get the updated information. - Once a node puts address information in an ANS_KEY message, it is never changed again as the message travels through the metagraph; in contrast, UDP_INFO messages behave the opposite way, as they get rewritten every time they travel through a node with a confirmed UDP tunnel. The latter behavior seems more appropriate because UDP tunnel information becomes more relevant as it moves closer to the destination node. The ANS_KEY behavior is not satisfactory in some cases such as multi-layered graphs where the first hop is located before a NAT. Ultimately, the rationale behind this whole process is to improve UDP hole punching capabilities when port translation is in effect, and more generally, to make tinc more reliable in (very) hostile network conditions (such as multi-layered NAT). --- diff --git a/src/net_packet.c b/src/net_packet.c index 8dba3258..40cb2bac 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1394,6 +1394,17 @@ skip_harder: return; } + /* The packet is supposed to come from the originator or its static relay + (i.e. with no dynamic relays in between). + If it did not, "help" the static relay by sending it UDP info. + Note that we only do this if we're the destination or the static relay; + otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */ + + if(n != from->via && to->via == myself) + send_udp_info(myself, from); + + /* If we're not the final recipient, relay the packet. */ + if(to != myself) { send_sptps_data_priv(to, n, 0, DATA(&pkt), pkt.len - 2 * sizeof(node_id_t)); try_tx_sptps(n, true); diff --git a/src/protocol.c b/src/protocol.c index 1ec169a0..0ba5c0a4 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -41,6 +41,8 @@ static bool (*request_handlers[])(connection_t *, const char *) = { add_subnet_h, del_subnet_h, add_edge_h, del_edge_h, key_changed_h, req_key_h, ans_key_h, tcppacket_h, control_h, + NULL, NULL, NULL, /* Not "real" requests (yet) */ + udp_info_h, }; /* Request names */ @@ -51,6 +53,7 @@ static char (*request_name[]) = { "PING", "PONG", "ADD_SUBNET", "DEL_SUBNET", "ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", "CONTROL", + "REQ_PUBKEY", "ANS_PUBKEY", "REQ_SPTPS", "UDP_INFO", }; static splay_tree_t *past_request_tree; diff --git a/src/protocol.h b/src/protocol.h index 080d50c1..e4978f4e 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -26,7 +26,7 @@ /* Protocol version. Different major versions are incompatible. */ #define PROT_MAJOR 17 -#define PROT_MINOR 4 /* Should not exceed 255! */ +#define PROT_MINOR 5 /* Should not exceed 255! */ /* Silly Windows */ @@ -49,6 +49,7 @@ typedef enum request_t { CONTROL, REQ_PUBKEY, ANS_PUBKEY, REQ_SPTPS, + UDP_INFO, LAST /* Guardian for the highest request number */ } request_t; @@ -107,6 +108,7 @@ extern void send_key_changed(void); extern bool send_req_key(struct node_t *); extern bool send_ans_key(struct node_t *); extern bool send_tcppacket(struct connection_t *, const struct vpn_packet_t *); +extern bool send_udp_info(struct node_t *, struct node_t *); /* Request handlers */ @@ -129,5 +131,6 @@ extern bool req_key_h(struct connection_t *, const char *); extern bool ans_key_h(struct connection_t *, const char *); extern bool tcppacket_h(struct connection_t *, const char *); extern bool control_h(struct connection_t *, const char *); +extern bool udp_info_h(struct connection_t *, const char *); #endif /* __TINC_PROTOCOL_H__ */ diff --git a/src/protocol_key.c b/src/protocol_key.c index 8cbec1be..c46c14cf 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -236,6 +236,13 @@ bool req_key_h(connection_t *c, const char *request) { return true; } + /* If this is a SPTPS packet, see if sending UDP info helps. + Note that we only do this if we're the destination or the static relay; + otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */ + + if(experimental && (reqno == REQ_KEY || reqno == REQ_SPTPS) && to->via == myself) + send_udp_info(myself, from); + /* Check if this key request is for us */ if(to == myself) { /* Yes */ diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 713dacf1..b2bc40ee 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -28,6 +28,7 @@ #include "netutl.h" #include "protocol.h" #include "utils.h" +#include "xalloc.h" int maxoutbufsize = 0; @@ -149,3 +150,90 @@ bool tcppacket_h(connection_t *c, const char *request) { return true; } + +/* Transmitting UDP information */ + +bool send_udp_info(node_t *from, node_t *to) { + /* If there's a static relay in the path, there's no point in sending the message + farther than the static relay. */ + to = (to->via == myself) ? to->nexthop : to->via; + + /* Skip cases where sending UDP info messages doesn't make sense. + This is done here in order to avoid repeating the same logic in multiple callsites. */ + + if(to == myself) + return true; + + if(!to->status.reachable) + return true; + + if(from == myself && to->connection) + return true; + + if((myself->options | from->options | to->options) & OPTION_TCPONLY) + return true; + + if((to->nexthop->options >> 24) < 5) + return true; + + char *from_address, *from_port; + /* If we're the originator, the address we use is irrelevant + because the first intermediate node will ignore it. + We use our local address as it somewhat makes sense + and it's simpler than introducing an encoding for "null" addresses anyway. */ + sockaddr2str((from != myself) ? &from->address : &to->nexthop->connection->edge->local_address, &from_address, &from_port); + + bool x = send_request(to->nexthop->connection, "%d %s %s %s %s", UDP_INFO, from->name, to->name, from_address, from_port); + + free(from_address); + free(from_port); + + return x; +} + +bool udp_info_h(connection_t *c, const char* request) { + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + char from_address[MAX_STRING_SIZE]; + char from_port[MAX_STRING_SIZE]; + + if(sscanf(request, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING, from_name, to_name, from_address, from_port) != 4) { + logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "UDP_INFO", c->name, c->hostname); + return false; + } + + if(!check_id(from_name) || !check_id(to_name)) { + logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "UDP_INFO", c->name, c->hostname, "invalid name"); + return false; + } + + node_t *from = lookup_node(from_name); + if(!from) { + logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list", "UDP_INFO", c->name, c->hostname, from_name); + return true; + } + + if(from != from->via) { + /* Not supposed to happen, as it means the message wandered past a static relay */ + logger(DEBUG_PROTOCOL, LOG_WARNING, "Got UDP info message from %s (%s) which we can't reach directly", from->name, from->hostname); + return true; + } + + /* If we have a direct edge to "from", we are in a better position + to guess its address than it is itself. */ + if(!from->connection && !from->status.udp_confirmed) { + sockaddr_t from_addr = str2sockaddr(from_address, from_port); + if(sockaddrcmp(&from_addr, &from->address)) + update_node_udp(from, &from_addr); + } + + node_t *to = lookup_node(to_name); + if(!to) { + logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list", "UDP_INFO", c->name, c->hostname, to_name); + return true; + } + + /* Send our own data (which could be what we just received) up the chain. */ + + return send_udp_info(from, to); +}