X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fmeta.c;h=daa55e4077f6ee798395304778e5d9f5f810570e;hp=5048e63bb1d19236ae212867c4d8a954d345a4b1;hb=776dbf88df1911ec379c2fece0089fd2f5c71021;hpb=b0dd705a264f0f72a7afba6de85200598cbe083b diff --git a/src/meta.c b/src/meta.c index 5048e63b..daa55e40 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,7 +1,8 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2003 Guus Sliepen , - 2000-2003 Ivo Timmermans + Copyright (C) 2000-2014 Guus Sliepen , + 2000-2005 Ivo Timmermans + 2006 Scott Lamb This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -13,15 +14,14 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: meta.c,v 1.1.2.45 2003/10/10 16:24:24 guus Exp $ + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "system.h" +#include #include #include "avl_tree.h" @@ -30,59 +30,95 @@ #include "meta.h" #include "net.h" #include "protocol.h" -#include "system.h" +#include "proxy.h" #include "utils.h" +#include "xalloc.h" -bool send_meta(connection_t *c, const char *buffer, int length) -{ - const char *bufp; +bool send_meta(connection_t *c, const char *buffer, int length) { int outlen; - char outbuf[MAXBUFSIZE]; int result; - cp(); + if(!c) { + logger(LOG_ERR, "send_meta() called with NULL pointer!"); + abort(); + } - ifdebug(META) logger(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, + ifdebug(META) logger(LOG_DEBUG, "Sending %d bytes of metadata to %s (%s)", length, c->name, c->hostname); + if(!c->outbuflen) + c->last_flushed_time = now; + + /* Find room in connection's buffer */ + if(length + c->outbuflen > c->outbufsize) { + c->outbufsize = length + c->outbuflen; + c->outbuf = xrealloc(c->outbuf, c->outbufsize); + } + + if(length + c->outbuflen + c->outbufstart > c->outbufsize) { + memmove(c->outbuf, c->outbuf + c->outbufstart, c->outbuflen); + c->outbufstart = 0; + } + + /* Add our data to buffer */ if(c->status.encryptout) { - result = EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); - if(!result || outlen != length) { - logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL)); + result = EVP_EncryptUpdate(c->outctx, (unsigned char *)c->outbuf + c->outbufstart + c->outbuflen, + &outlen, (unsigned char *)buffer, length); + if(!result || outlen < length) { + logger(LOG_ERR, "Error while encrypting metadata to %s (%s): %s", + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; + } else if(outlen > length) { + logger(LOG_EMERG, "Encrypted data too long! Heap corrupted!"); + abort(); } - bufp = outbuf; - length = outlen; - } else - bufp = buffer; + c->outbuflen += outlen; + } else { + memcpy(c->outbuf + c->outbufstart + c->outbuflen, buffer, length); + c->outbuflen += length; + } + + return true; +} + +bool flush_meta(connection_t *c) { + int result; + + ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s)", + c->outbuflen, c->name, c->hostname); - while(length) { - result = send(c->socket, bufp, length, 0); + while(c->outbuflen) { + result = send(c->socket, c->outbuf + c->outbufstart, c->outbuflen, 0); if(result <= 0) { if(!errno || errno == EPIPE) { - ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), + ifdebug(CONNECTIONS) logger(LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname); - } else if(errno == EINTR) + } else if(errno == EINTR) { continue; - else - logger(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, - c->hostname, strerror(errno)); + } else if(sockwouldblock(sockerrno)) { + ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block", + c->outbuflen, c->name, c->hostname); + return true; + } else { + logger(LOG_ERR, "Flushing meta data to %s (%s) failed: %s", c->name, + c->hostname, sockstrerror(sockerrno)); + } + return false; } - bufp += result; - length -= result; + + c->outbufstart += result; + c->outbuflen -= result; } - + + c->outbufstart = 0; /* avoid unnecessary memmoves */ return true; } -void broadcast_meta(connection_t *from, const char *buffer, int length) -{ +void broadcast_meta(connection_t *from, const char *buffer, int length) { avl_node_t *node; connection_t *c; - cp(); - for(node = connection_tree->head; node; node = node->next) { c = node->data; @@ -91,15 +127,12 @@ void broadcast_meta(connection_t *from, const char *buffer, int length) } } -bool receive_meta(connection_t *c) -{ +bool receive_meta(connection_t *c) { int oldlen, i, result; int lenin, lenout, reqlen; bool decrypted = false; char inbuf[MAXBUFSIZE]; - cp(); - /* Strategy: - Read as much as possible from the TCP socket in one go. - Decrypt it. @@ -113,13 +146,13 @@ bool receive_meta(connection_t *c) if(lenin <= 0) { if(!lenin || !errno) { - ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), + ifdebug(CONNECTIONS) logger(LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname); - } else if(errno == EINTR) + } else if(sockwouldblock(sockerrno)) return true; else - logger(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), - c->name, c->hostname, strerror(errno)); + logger(LOG_ERR, "Metadata socket read error for %s (%s): %s", + c->name, c->hostname, sockstrerror(sockerrno)); return false; } @@ -128,12 +161,24 @@ bool receive_meta(connection_t *c) c->buflen += lenin; while(lenin > 0) { + reqlen = 0; + + /* Is it proxy metadata? */ + + if(c->allow_request == PROXY) { + reqlen = receive_proxy_meta(c, oldlen, lenin); + if(reqlen < 0) + return false; + goto consume; + } + /* Decrypt */ if(c->status.decryptin && !decrypted) { - result = EVP_DecryptUpdate(c->inctx, inbuf, &lenout, c->buffer + oldlen, lenin); + result = EVP_DecryptUpdate(c->inctx, (unsigned char *)inbuf, &lenout, (unsigned char *)c->buffer + oldlen, lenin); if(!result || lenout != lenin) { - logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL)); + logger(LOG_ERR, "Error while decrypting metadata from %s (%s): %s", + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; } memcpy(c->buffer + oldlen, inbuf, lenin); @@ -144,38 +189,34 @@ bool receive_meta(connection_t *c) if(c->tcplen) { if(c->tcplen <= c->buflen) { - receive_tcppacket(c, c->buffer, c->tcplen); + if(c->allow_request != ALL) { + logger(LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname); + return false; + } - c->buflen -= c->tcplen; - lenin -= c->tcplen; - memmove(c->buffer, c->buffer + c->tcplen, c->buflen); - oldlen = 0; + receive_tcppacket(c, c->buffer, c->tcplen); + reqlen = c->tcplen; c->tcplen = 0; - continue; - } else { - break; } - } - - /* Otherwise we are waiting for a request */ - - reqlen = 0; - - for(i = oldlen; i < c->buflen; i++) { - if(c->buffer[i] == '\n') { - c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ - reqlen = i + 1; - break; + } else { + /* Otherwise we are waiting for a request */ + + for(i = oldlen; i < c->buflen; i++) { + if(c->buffer[i] == '\n') { + c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ + c->reqlen = reqlen = i + 1; + break; + } } - } - if(reqlen) { - c->reqlen = reqlen; - if(!receive_request(c)) + if(reqlen && !receive_request(c)) return false; + } +consume: + if(reqlen) { c->buflen -= reqlen; - lenin -= reqlen; + lenin -= reqlen - oldlen; memmove(c->buffer, c->buffer + reqlen, c->buflen); oldlen = 0; continue; @@ -185,12 +226,10 @@ bool receive_meta(connection_t *c) } if(c->buflen >= MAXBUFSIZE) { - logger(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), + logger(LOG_ERR, "Metadata read buffer overflow for %s (%s)", c->name, c->hostname); return false; } - c->last_ping_time = now; - return true; }