X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_packet.c;h=00733b6fbd12c22b4dce6523632b01eb9e1ddd6f;hp=db31b770aec2c41b624a2957f83429313fdb328c;hb=f75dcef72a81a337e847adf0bae54198894f65b9;hpb=5fc1ed17f41f0c535cf57a4b7e00cd6d45759503 diff --git a/src/net_packet.c b/src/net_packet.c index db31b770..00733b6f 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.21 2002/09/09 19:39:58 guus Exp $ + $Id: net_packet.c,v 1.1.2.22 2002/09/09 21:24:41 guus Exp $ */ #include "config.h" @@ -27,13 +27,13 @@ #include #include #ifdef HAVE_NETINET_IN_SYSTM_H - #include +#include #endif #ifdef HAVE_NETINET_IP_H - #include +#include #endif #ifdef HAVE_NETINET_TCP_H - #include +#include #endif #include #include @@ -85,349 +85,353 @@ int keyexpires = 0; /* VPN packet I/O */ -void receive_udppacket(node_t *n, vpn_packet_t *inpkt) +void receive_udppacket(node_t * n, vpn_packet_t * inpkt) { - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt = pkt[0]; - int outlen, outpad; - long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; - char hmac[EVP_MAX_MD_SIZE]; - cp(); - /* Check the message authentication code */ - - if(myself->digest && myself->maclength) - { - inpkt->len -= myself->maclength; - HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL); - if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength)) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); - return; - } - } - - /* Decrypt the packet */ - - if(myself->cipher) - { - outpkt = pkt[nextpkt++]; - - EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_DecryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); - - outpkt->len = outlen + outpad; - inpkt = outpkt; - } - - /* Check the sequence number */ - - inpkt->len -= sizeof(inpkt->seqno); - inpkt->seqno = ntohl(inpkt->seqno); - - if(inpkt->seqno <= n->received_seqno) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno); - return; - } - - n->received_seqno = inpkt->seqno; - - if(n->received_seqno > MAX_SEQNO) - keyexpires = 0; - - /* Decompress the packet */ - - if(myself->compression) - { - outpkt = pkt[nextpkt++]; - - if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) - { - syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } - - receive_packet(n, inpkt); - cp(); + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; + int nextpkt = 0; + vpn_packet_t *outpkt = pkt[0]; + int outlen, outpad; + long int complen = MTU + 12; + EVP_CIPHER_CTX ctx; + char hmac[EVP_MAX_MD_SIZE]; + + cp(); + + /* Check the message authentication code */ + + if(myself->digest && myself->maclength) { + inpkt->len -= myself->maclength; + HMAC(myself->digest, myself->key, myself->keylength, + (char *) &inpkt->seqno, inpkt->len, hmac, NULL); + + if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), + n->name, n->hostname); + return; + } + } + + /* Decrypt the packet */ + + if(myself->cipher) { + outpkt = pkt[nextpkt++]; + + EVP_DecryptInit(&ctx, myself->cipher, myself->key, + myself->key + myself->cipher->key_len); + EVP_DecryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len); + EVP_DecryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); + + outpkt->len = outlen + outpad; + inpkt = outpkt; + } + + /* Check the sequence number */ + + inpkt->len -= sizeof(inpkt->seqno); + inpkt->seqno = ntohl(inpkt->seqno); + + if(inpkt->seqno <= n->received_seqno) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, + _("Got late or replayed packet from %s (%s), seqno %d"), + n->name, n->hostname, inpkt->seqno); + return; + } + + n->received_seqno = inpkt->seqno; + + if(n->received_seqno > MAX_SEQNO) + keyexpires = 0; + + /* Decompress the packet */ + + if(myself->compression) { + outpkt = pkt[nextpkt++]; + + if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) { + syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), + n->name, n->hostname); + return; + } + + outpkt->len = complen; + inpkt = outpkt; + } + + receive_packet(n, inpkt); } -void receive_tcppacket(connection_t *c, char *buffer, int len) +void receive_tcppacket(connection_t * c, char *buffer, int len) { - vpn_packet_t outpkt; - cp(); - outpkt.len = len; - memcpy(outpkt.data, buffer, len); + vpn_packet_t outpkt; + + cp(); - receive_packet(c->node, &outpkt); - cp(); + outpkt.len = len; + memcpy(outpkt.data, buffer, len); + + receive_packet(c->node, &outpkt); } -void receive_packet(node_t *n, vpn_packet_t *packet) +void receive_packet(node_t * n, vpn_packet_t * packet) { - cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), + packet->len, n->name, n->hostname); - route_incoming(n, packet); - cp(); + route_incoming(n, packet); } -void send_udppacket(node_t *n, vpn_packet_t *inpkt) +void send_udppacket(node_t * n, vpn_packet_t * inpkt) { - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt; - int origlen; - int outlen, outpad; - long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; - vpn_packet_t *copy; - static int priority = 0; - int origpriority; - int sock; - cp(); - /* Make sure we have a valid key */ + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; + int nextpkt = 0; + vpn_packet_t *outpkt; + int origlen; + int outlen, outpad; + long int complen = MTU + 12; + EVP_CIPHER_CTX ctx; + vpn_packet_t *copy; + static int priority = 0; + int origpriority; + int sock; - if(!n->status.validkey) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), - n->name, n->hostname); + cp(); - /* Since packet is on the stack of handle_tap_input(), - we have to make a copy of it first. */ + /* Make sure we have a valid key */ - copy = xmalloc(sizeof(vpn_packet_t)); - memcpy(copy, inpkt, sizeof(vpn_packet_t)); + if(!n->status.validkey) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, + _("No valid key known yet for %s (%s), queueing packet"), + n->name, n->hostname); - list_insert_tail(n->queue, copy); + /* Since packet is on the stack of handle_tap_input(), we have to make a copy of it first. */ - if(n->queue->count > MAXQUEUELENGTH) - list_delete_head(n->queue); + copy = xmalloc(sizeof(vpn_packet_t)); + memcpy(copy, inpkt, sizeof(vpn_packet_t)); - if(!n->status.waitingforkey) - send_req_key(n->nexthop->connection, myself, n); + list_insert_tail(n->queue, copy); - n->status.waitingforkey = 1; + if(n->queue->count > MAXQUEUELENGTH) + list_delete_head(n->queue); - return; - } + if(!n->status.waitingforkey) + send_req_key(n->nexthop->connection, myself, n); - origlen = inpkt->len; - origpriority = inpkt->priority; + n->status.waitingforkey = 1; - /* Compress the packet */ + return; + } - if(n->compression) - { - outpkt = pkt[nextpkt++]; + origlen = inpkt->len; + origpriority = inpkt->priority; - if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK) - { - syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } + /* Compress the packet */ - /* Add sequence number */ + if(n->compression) { + outpkt = pkt[nextpkt++]; - inpkt->seqno = htonl(++(n->sent_seqno)); - inpkt->len += sizeof(inpkt->seqno); + if(compress2 + (outpkt->data, &complen, inpkt->data, inpkt->len, + n->compression) != Z_OK) { + syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), + n->name, n->hostname); + return; + } - /* Encrypt the packet */ + outpkt->len = complen; + inpkt = outpkt; + } - if(n->cipher) - { - outpkt = pkt[nextpkt++]; + /* Add sequence number */ - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); + inpkt->seqno = htonl(++(n->sent_seqno)); + inpkt->len += sizeof(inpkt->seqno); - outpkt->len = outlen + outpad; - inpkt = outpkt; - } + /* Encrypt the packet */ - /* Add the message authentication code */ + if(n->cipher) { + outpkt = pkt[nextpkt++]; - if(n->digest && n->maclength) - { - HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen); - inpkt->len += n->maclength; - } + EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); + EVP_EncryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len); + EVP_EncryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); - /* Determine which socket we have to use */ + outpkt->len = outlen + outpad; + inpkt = outpkt; + } - for(sock = 0; sock < listen_sockets; sock++) - if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) - break; + /* Add the message authentication code */ - if(sock >= listen_sockets) - sock = 0; /* If none is available, just use the first and hope for the best. */ - - /* Send the packet */ + if(n->digest && n->maclength) { + HMAC(n->digest, n->key, n->keylength, (char *) &inpkt->seqno, + inpkt->len, (char *) &inpkt->seqno + inpkt->len, &outlen); + inpkt->len += n->maclength; + } + + /* Determine which socket we have to use */ + + for(sock = 0; sock < listen_sockets; sock++) + if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) + break; + + if(sock >= listen_sockets) + sock = 0; /* If none is available, just use the first and hope for the best. */ + + /* Send the packet */ #if defined(SOL_IP) && defined(IP_TOS) - if(priorityinheritance && origpriority != priority && listen_socket[sock].sa.sa.sa_family == AF_INET) - { - priority = origpriority; - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); - if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ - syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); - } + if(priorityinheritance && origpriority != priority + && listen_socket[sock].sa.sa.sa_family == AF_INET) { + priority = origpriority; + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), + priority); + if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ + syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", + strerror(errno)); + } #endif - if((sendto(listen_socket[sock].udp, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) - { - syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), - n->name, n->hostname, strerror(errno)); - return; - } - - inpkt->len = origlen; - cp(); + if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { + syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, + n->hostname, strerror(errno)); + return; + } + + inpkt->len = origlen; } /* send a packet to the given vpn ip. */ -void send_packet(node_t *n, vpn_packet_t *packet) +void send_packet(node_t * n, vpn_packet_t * packet) { - node_t *via; - cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - packet->len, n->name, n->hostname); - - if(n == myself) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_NOTICE, _("Packet is looping back to us!")); - } - - return; - } - - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Node %s (%s) is not reachable"), - n->name, n->hostname); - return; - } - - via = (n->via == myself)?n->nexthop:n->via; - - if(via != n && debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), - n->name, via->name, n->via->hostname); - - if((myself->options | via->options) & OPTION_TCPONLY) - { - if(send_tcppacket(via->connection, packet)) - terminate_connection(via->connection, 1); - } - else - send_udppacket(via, packet); + node_t *via; + + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + packet->len, n->name, n->hostname); + + if(n == myself) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_NOTICE, _("Packet is looping back to us!")); + + return; + } + + if(!n->status.reachable) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Node %s (%s) is not reachable"), + n->name, n->hostname); + + return; + } + + via = (n->via == myself) ? n->nexthop : n->via; + + if(via != n && debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), + n->name, via->name, n->via->hostname); + + if((myself->options | via->options) & OPTION_TCPONLY) { + if(send_tcppacket(via->connection, packet)) + terminate_connection(via->connection, 1); + } else + send_udppacket(via, packet); } /* Broadcast a packet using the minimum spanning tree */ -void broadcast_packet(node_t *from, vpn_packet_t *packet) +void broadcast_packet(node_t * from, vpn_packet_t * packet) { - avl_node_t *node; - connection_t *c; - cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), - packet->len, from->name, from->hostname); - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c->status.active && c->status.mst && c != from->nexthop->connection) - send_packet(c->node, packet); - } - cp(); + avl_node_t *node; + connection_t *c; + + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), + packet->len, from->name, from->hostname); + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + + if(c->status.active && c->status.mst && c != from->nexthop->connection) + send_packet(c->node, packet); + } } -void flush_queue(node_t *n) +void flush_queue(node_t * n) { - list_node_t *node, *next; - cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); - - for(node = n->queue->head; node; node = next) - { - next = node->next; - send_udppacket(n, (vpn_packet_t *)node->data); - list_delete_node(n->queue, node); - } - cp(); + list_node_t *node, *next; + + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); + + for(node = n->queue->head; node; node = next) { + next = node->next; + send_udppacket(n, (vpn_packet_t *) node->data); + list_delete_node(n->queue, node); + } } void handle_incoming_vpn_data(int sock) { - vpn_packet_t pkt; - int x, l = sizeof(x); - char *hostname; - sockaddr_t from; - socklen_t fromlen = sizeof(from); - node_t *n; - cp(); - if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) - { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), - __FILE__, __LINE__, sock, strerror(errno)); - cp_trace(); - exit(1); - } - if(x) - { - syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); - return; - } - - pkt.len = recvfrom(sock, (char *)&pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); - - if(pkt.len <= 0) - { - syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); - return; - } - - sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ - - n = lookup_node_udp(&from); - - if(!n) - { - hostname = sockaddr2hostname(&from); - syslog(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname); - free(hostname); - return; - } - - if(n->connection) - n->connection->last_ping_time = now; - - receive_udppacket(n, &pkt); - cp(); + vpn_packet_t pkt; + int x, l = sizeof(x); + char *hostname; + sockaddr_t from; + socklen_t fromlen = sizeof(from); + node_t *n; + + cp(); + + if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), + __FILE__, __LINE__, sock, strerror(errno)); + cp_trace(); + exit(1); + } + + if(x) { + syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); + return; + } + + pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); + + if(pkt.len <= 0) { + syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); + return; + } + + sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ + + n = lookup_node_udp(&from); + + if(!n) { + hostname = sockaddr2hostname(&from); + syslog(LOG_WARNING, _("Received UDP packet from unknown source %s"), + hostname); + free(hostname); + return; + } + + if(n->connection) + n->connection->last_ping_time = now; + + receive_udppacket(n, &pkt); }