X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=7ebe37bf78792b6751727df4c70094553a36edff;hp=54e91391bbdcd64b026c5925b3649eac9be19c8f;hb=54881faf6fdbf04fb5ee56b7809439fbc50c65cb;hpb=d3f889c8076dff9c00ebfe1459cb36425f8da41d diff --git a/src/net.c b/src/net.c index 54e91391..7ebe37bf 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.91 2001/01/07 17:08:58 guus Exp $ + $Id: net.c,v 1.35.4.96 2001/02/25 16:34:17 guus Exp $ */ #include "config.h" @@ -112,7 +112,7 @@ int xsend(connection_t *cl, vpn_packet_t *inpkt) cp outpkt.len = inpkt->len; - /* Encrypt the packet */ + /* Encrypt the packet. */ EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); @@ -163,28 +163,33 @@ cp outlen = outpkt.len+2; memcpy(&outpkt, inpkt, outlen); */ - +cp + return receive_packet(cl, &outpkt); +} + +int receive_packet(connection_t *cl, vpn_packet_t *packet) +{ if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"), - outpkt.len); + packet->len); /* Fix mac address */ - memcpy(outpkt.data, mymac.net.mac.address.x, 6); + memcpy(packet->data, mymac.net.mac.address.x, 6); if(taptype == TAP_TYPE_TUNTAP) { - if(write(tap_fd, outpkt.data, outpkt.len) < 0) + if(write(tap_fd, packet->data, packet->len) < 0) syslog(LOG_ERR, _("Can't write to tun/tap device: %m")); else - total_tap_out += outpkt.len; + total_tap_out += packet->len; } else /* ethertap */ { - if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0) + if(write(tap_fd, packet->data - 2, packet->len + 2) < 0) syslog(LOG_ERR, _("Can't write to ethertap device: %m")); else - total_tap_out += outpkt.len + 2; + total_tap_out += packet->len + 2; } cp return 0; @@ -197,6 +202,7 @@ int send_packet(ip_t to, vpn_packet_t *packet) { connection_t *cl; subnet_t *subnet; + vpn_packet_t *copy; cp if((subnet = lookup_subnet_ipv4(&to)) == NULL) { @@ -231,32 +237,37 @@ cp return 0; } - /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ - - /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ - if(!cl->status.validkey) { if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), cl->name, cl->hostname); - list_insert_tail(cl->queue, packet); + /* Since packet is on the stack of handle_tap_input(), + we have to make a copy of it first. */ + + copy = xmalloc(sizeof(vpn_packet_t)); + memcpy(copy, packet, sizeof(vpn_packet_t)); + + list_insert_tail(cl->queue, copy); if(!cl->status.waitingforkey) send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */ return 0; } - /* can we send it? can we? can we? huh? */ + /* Check if it has to go via UDP or TCP... */ cp - return xsend(cl, packet); + if(cl->options & OPTION_TCPONLY) + return send_tcppacket(cl, packet); + else + return xsend(cl, packet); } void flush_queue(connection_t *cl) { list_node_t *node, *next; - +cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname); @@ -266,6 +277,7 @@ void flush_queue(connection_t *cl) xsend(cl, (vpn_packet_t *)node->data); list_delete_node(cl->queue, node); } +cp } /* @@ -606,17 +618,24 @@ int read_rsa_public_key(connection_t *cl) { config_t const *cfg; FILE *fp; + char *fname; void *result; cp if(!cl->rsa_key) cl->rsa_key = RSA_new(); + /* First, check for simple PublicKey statement */ + if((cfg = get_config_val(cl->config, config_publickey))) { BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); BN_hex2bn(&cl->rsa_key->e, "FFFF"); + return 0; } - else if((cfg = get_config_val(cl->config, config_publickeyfile))) + + /* Else, check for PublicKeyFile statement and read it */ + + if((cfg = get_config_val(cl->config, config_publickeyfile))) { if(is_safe_path(cfg->data.ptr)) { @@ -634,17 +653,31 @@ cp cfg->data.ptr); return -1; } + return 0; } else return -1; } - else + + /* Else, check if a harnessed public key is in the config file */ + + asprintf(&fname, "%s/hosts/%s", confbase, cl->name); + if((fp = fopen(fname, "r"))) { - syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); - return -1; + result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL); + fclose(fp); + free(fname); + if(result) + return 0; } + + free(fname); + + /* Nothing worked. */ + + syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); cp - return 0; + return -1; } int read_rsa_private_key(void) @@ -698,7 +731,7 @@ int setup_myself(void) cp myself = new_connection(); - asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */ + asprintf(&myself->hostname, "MYSELF"); myself->flags = 0; myself->protocol_version = PROT_CURRENT; @@ -783,7 +816,7 @@ cp cp /* Generate packet encryption key */ - myself->cipher_pkttype = EVP_bf_cfb(); + myself->cipher_pkttype = EVP_bf_cbc(); myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; @@ -797,6 +830,19 @@ cp keyexpires = time(NULL) + keylifetime; cp + /* Check some options */ + + if((cfg = get_config_val(config, config_indirectdata))) + { + if(cfg->data.val == stupid_true) + myself->options |= OPTION_INDIRECT; + } + + if((cfg = get_config_val(config, config_tcponly))) + { + if(cfg->data.val == stupid_true) + myself->options |= OPTION_TCPONLY; + } /* Activate ourselves */ myself->status.active = 1; @@ -1015,6 +1061,7 @@ cp { syslog(LOG_ERR, _("System call `%s' failed: %m"), "getpeername"); + close(sfd); return NULL; } @@ -1124,37 +1171,40 @@ cp if(cl->status.remove) return; - cl->status.remove = 1; - if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->name, cl->hostname); + cl->status.remove = 1; + if(cl->socket) close(cl->socket); if(cl->status.meta) close(cl->meta_socket); - /* Find all connections that were lost because they were behind cl - (the connection that was dropped). */ - if(cl->status.meta) - for(node = connection_tree->head; node; node = node->next) - { - p = (connection_t *)node->data; - if(p->nexthop == cl && p != cl) - terminate_connection(p); - } - - /* Inform others of termination if it was still active */ - - if(cl->status.active) - for(node = connection_tree->head; node; node = node->next) - { - p = (connection_t *)node->data; - if(p->status.meta && p->status.active && p!=cl) - send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ - } + { + + /* Find all connections that were lost because they were behind cl + (the connection that was dropped). */ + + for(node = connection_tree->head; node; node = node->next) + { + p = (connection_t *)node->data; + if(p->nexthop == cl && p != cl) + terminate_connection(p); + } + + /* Inform others of termination if it was still active */ + + if(cl->status.active) + for(node = connection_tree->head; node; node = node->next) + { + p = (connection_t *)node->data; + if(p->status.meta && p->status.active && p != cl) + send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ + } + } /* Remove the associated subnets */