projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Support ToS/DiffServ priority handling for IPv6 meta and UDP connections.
[tinc] / src / net_packet.c
diff --git a/src/net_packet.c b/src/net_packet.c
index 81d0572..dbf6546 100644 (file)
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -1,7 +1,7 @@
 /*
     net_packet.c -- Handles in- and outgoing VPN packets
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
                   2010      Timothy Redaelli <timothy@redaelli.eu>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -269,7 +269,7 @@ static bool try_mac(const node_t *n, const vpn_packet_t *inpkt) {
 
        HMAC(n->indigest, n->inkey, n->inkeylength, (unsigned char *) &inpkt->seqno, inpkt->len - n->inmaclength, (unsigned char *)hmac, NULL);
 
-       return !memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - n->inmaclength, n->inmaclength);
+       return !memcmp_constant_time(hmac, (char *) &inpkt->seqno + inpkt->len - n->inmaclength, n->inmaclength);
 }
 
 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
@@ -302,7 +302,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
                HMAC(n->indigest, n->inkey, n->inkeylength,
                         (unsigned char *) &inpkt->seqno, inpkt->len, (unsigned char *)hmac, NULL);
 
-               if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, n->inmaclength)) {
+               if(memcmp_constant_time(hmac, (char *) &inpkt->seqno + inpkt->len, n->inmaclength)) {
                        ifdebug(TRAFFIC) logger(LOG_DEBUG, "Got unauthenticated packet from %s (%s)",
                                           n->name, n->hostname);
                        return;
@@ -415,7 +415,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
        vpn_packet_t *outpkt;
        int origlen;
        int outlen, outpad;
-#if defined(SOL_IP) && defined(IP_TOS)
+#if (defined(SOL_IP) && defined(IP_TOS)) || (defined(IPPROTO_IPV6) && defined(IPV6_TCLASS))
        static int priority = 0;
 #endif
        int origpriority;
@@ -550,15 +550,23 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
        }
 
 #if defined(SOL_IP) && defined(IP_TOS)
-       if(priorityinheritance && origpriority != priority
-          && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
+       if(priorityinheritance && origpriority != priority && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
                priority = origpriority;
-               ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
+               ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", priority);
                if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
                        logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
        }
 #endif
 
+#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
+       if(priorityinheritance && origpriority != priority && listen_socket[n->sock].sa.sa.sa_family == AF_INET6) {
+               priority = origpriority;
+               ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", priority);
+               if(setsockopt(listen_socket[n->sock].udp, IPPROTO_IPV6, IPV6_TCLASS, &priority, sizeof(priority)))      /* SO_PRIORITY doesn't seem to work */
+                       logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
+       }
+#endif
+
        if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, sa, sl) < 0 && !sockwouldblock(sockerrno)) {
                if(sockmsgsize(sockerrno)) {
                        if(n->maxmtu >= origlen)
@@ -664,7 +672,6 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
        avl_node_t *node;
        edge_t *e;
        node_t *n = NULL;
-       bool hard = false;
        static time_t last_hard_try = 0;
 
        for(node = edge_weight_tree->head; node; node = node->next) {
@@ -673,11 +680,8 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
                if(e->to == myself)
                        continue;
 
-               if(sockaddrcmp_noport(from, &e->address)) {
-                       if(last_hard_try == now)
-                               continue;
-                       hard = true;
-               }
+               if(last_hard_try == now && sockaddrcmp_noport(from, &e->address))
+                       continue;
 
                if(!try_mac(e->to, pkt))
                        continue;
@@ -686,9 +690,6 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
                break;
        }
 
-       if(hard)
-               last_hard_try = now;
-
        last_hard_try = now;
        return n;
 }
tinc, the VPN daemon