X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=a42ebce43de590c42c43722c0f15eab3b1b89e7c;hp=d89c7c6f0c51de45cf032611849654129604c1e9;hb=e924096f62655d711cd2d114a8d1ef0fecbb593b;hpb=a0f7af3ed79c55d9680cbb0a569b3c8987581d43 diff --git a/src/net.c b/src/net.c index d89c7c6f..a42ebce4 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.86 2000/11/30 23:18:19 zarq Exp $ + $Id: net.c,v 1.35.4.89 2001/01/05 23:53:49 guus Exp $ */ #include "config.h" @@ -71,6 +71,7 @@ #include #include +#include #include "conf.h" #include "connection.h" @@ -165,7 +166,7 @@ cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"), - outpkt.len, outlen); + outpkt.len); /* Fix mac address */ @@ -320,7 +321,7 @@ int send_packet(ip_t to, vpn_packet_t *packet) connection_t *cl; subnet_t *subnet; cp - if((subnet = lookup_subnet_ipv4(to)) == NULL) + if((subnet = lookup_subnet_ipv4(&to)) == NULL) { if(debug_lvl >= DEBUG_TRAFFIC) { @@ -386,9 +387,9 @@ int setup_tap_fd(void) const char *tapfname; config_t const *cfg; #ifdef HAVE_LINUX - #ifdef HAVE_TUNTAP +# ifdef HAVE_TUNTAP struct ifreq ifr; - #endif +# endif #endif cp @@ -397,11 +398,11 @@ cp else { #ifdef HAVE_LINUX - #ifdef HAVE_TUNTAP +# ifdef HAVE_TUNTAP tapfname = "/dev/misc/net/tun"; - #else +# else tapfname = "/dev/tap0"; - #endif +# endif #endif #ifdef HAVE_FREEBSD tapfname = "/dev/tap0"; @@ -607,6 +608,19 @@ cp return -1; } + /* Bind first to get a fix on our source port */ + + a.sin_family = AF_INET; + a.sin_port = htons(0); + a.sin_addr.s_addr = htonl(INADDR_ANY); + + if(bind(cl->meta_socket, (struct sockaddr *)&a, sizeof(struct sockaddr))) + { + close(cl->meta_socket); + syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind"); + return -1; + } + a.sin_family = AF_INET; a.sin_port = htons(cl->port); a.sin_addr.s_addr = htonl(cl->address); @@ -656,14 +670,14 @@ cp if(read_host_config(ncn)) { - syslog(LOG_ERR, _("Error reading host configuration file for %s")); + syslog(LOG_ERR, _("Error reading host configuration file for %s"), ncn->name); free_connection(ncn); return -1; } if(!(cfg = get_config_val(ncn->config, config_address))) { - syslog(LOG_ERR, _("No address specified for %s")); + syslog(LOG_ERR, _("No address specified for %s"), ncn->name); free_connection(ncn); return -1; } @@ -698,59 +712,89 @@ cp return 0; } -int read_rsa_public_key(RSA **key, const char *file) +int read_rsa_public_key(connection_t *cl) { + config_t const *cfg; FILE *fp; + void *result; +cp + if(!cl->rsa_key) + cl->rsa_key = RSA_new(); - if((fp = fopen(file, "r")) == NULL) + if((cfg = get_config_val(cl->config, config_publickey))) { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), - file); - return -1; + BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); + BN_hex2bn(&cl->rsa_key->e, "FFFF"); } - if(PEM_read_RSAPublicKey(fp, key, NULL, NULL) == NULL) + else if((cfg = get_config_val(cl->config, config_publickeyfile))) + { + if(is_safe_path(cfg->data.ptr)) + { + if((fp = fopen(cfg->data.ptr, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), + cfg->data.ptr); + return -1; + } + result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL); + fclose(fp); + if(!result) + { + syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"), + cfg->data.ptr); + return -1; + } + } + else + return -1; + } + else { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), - file); + syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); return -1; } - +cp return 0; } -int read_rsa_private_key(RSA **key, const char *file) +int read_rsa_private_key(void) { + config_t const *cfg; FILE *fp; + void *result; +cp + if(!myself->rsa_key) + myself->rsa_key = RSA_new(); - if((fp = fopen(file, "r")) == NULL) + if((cfg = get_config_val(config, config_privatekey))) { - syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), - file); - return -1; + BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr); + BN_hex2bn(&myself->rsa_key->e, "FFFF"); } - if(PEM_read_RSAPrivateKey(fp, key, NULL, NULL) == NULL) + else if((cfg = get_config_val(config, config_privatekeyfile))) { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), - file); - return -1; - } - - return 0; -} - -int read_rsa_keys(void) -{ - config_t const *cfg; - - if(!(cfg = get_config_val(config, config_privatekey))) + if((fp = fopen(cfg->data.ptr, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), + cfg->data.ptr); + return -1; + } + result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL); + fclose(fp); + if(!result) + { + syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), + cfg->data.ptr); + return -1; + } + } + else { - syslog(LOG_ERR, _("Private key for tinc daemon required!")); + syslog(LOG_ERR, _("No private key for tinc daemon specified!")); return -1; } - - myself->rsa_key = RSA_new(); - - return read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr); +cp + return 0; } /* @@ -782,7 +826,7 @@ cp return -1; } cp - if(read_rsa_keys()) + if(read_rsa_private_key()) return -1; if(read_host_config(myself)) @@ -790,6 +834,9 @@ cp syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); return -1; } + + if(read_rsa_public_key(myself)) + return -1; cp /* @@ -843,7 +890,7 @@ cp syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); return -1; } - +cp /* Generate packet encryption key */ myself->cipher_pkttype = EVP_bf_cfb(); @@ -859,9 +906,9 @@ cp keylifetime = cfg->data.val; keyexpires = time(NULL) + keylifetime; - +cp /* Activate ourselves */ - + myself->status.active = 1; syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); @@ -958,12 +1005,12 @@ cp */ void close_network_connections(void) { - rbl_t *rbl; + avl_node_t *node; connection_t *p; cp - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; p->status.active = 0; terminate_connection(p); } @@ -1084,6 +1131,7 @@ cp p->name = unknown; p->address = ntohl(ci.sin_addr.s_addr); p->hostname = hostlookup(ci.sin_addr.s_addr); + p->port = htons(ci.sin_port); /* This one will be overwritten later */ p->meta_socket = sfd; p->status.meta = 1; p->buffer = xmalloc(MAXBUFSIZE); @@ -1104,16 +1152,16 @@ cp */ void build_fdset(fd_set *fs) { - rbl_t *rbl; + avl_node_t *node; connection_t *p; cp FD_ZERO(fs); FD_SET(myself->socket, fs); - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta) FD_SET(p->meta_socket, fs); } @@ -1159,7 +1207,7 @@ cp if(!cl) { - syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + syslog(LOG_WARNING, _("Received UDP packets on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); return 0; } @@ -1181,7 +1229,7 @@ void terminate_connection(connection_t *cl) { connection_t *p; subnet_t *subnet; - rbl_t *rbl; + avl_node_t *node, *next; cp if(cl->status.remove) return; @@ -1201,9 +1249,9 @@ cp (the connection that was dropped). */ if(cl->status.meta) - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->nexthop == cl && p != cl) terminate_connection(p); } @@ -1211,18 +1259,19 @@ cp /* Inform others of termination if it was still active */ if(cl->status.active) - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!=cl) send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ } /* Remove the associated subnets */ - RBL_FOREACH(cl->subnet_tree, rbl) + for(node = cl->subnet_tree->head; node; node = next) { - subnet = (subnet_t *)rbl->data; + next = node->next; + subnet = (subnet_t *)node->data; subnet_del(subnet); } @@ -1253,14 +1302,14 @@ cp void check_dead_connections(void) { time_t now; - rbl_t *rbl; + avl_node_t *node; connection_t *cl; cp now = time(NULL); - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - cl = (connection_t *)rbl->data; + cl = (connection_t *)node->data; if(cl->status.active && cl->status.meta) { if(cl->last_ping_time + timeout < now) @@ -1319,14 +1368,14 @@ cp void check_network_activity(fd_set *f) { connection_t *p; - rbl_t *rbl; + avl_node_t *node; cp if(FD_ISSET(myself->socket, f)) handle_incoming_vpn_data(); - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.remove) return;