ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
Revision: 1.1
Committed: Wed Apr 2 03:06:22 2003 UTC (21 years, 1 month ago) by pcg
Content type: text/plain
Branch: MAIN
Log Message: 
*** empty log message ***

File Contents

# User Rev Content
1 pcg 1.1 /*
2     connection.C -- manage a single connection
3    
4     This program is free software; you can redistribute it and/or modify
5     it under the terms of the GNU General Public License as published by
6     the Free Software Foundation; either version 2 of the License, or
7     (at your option) any later version.
8    
9     This program is distributed in the hope that it will be useful,
10     but WITHOUT ANY WARRANTY; without even the implied warranty of
11     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12     GNU General Public License for more details.
13    
14     You should have received a copy of the GNU General Public License
15     along with this program; if not, write to the Free Software
16     Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17     */
18    
19     #include "config.h"
20    
21     extern "C" {
22     # include "lzf/lzf.h"
23     }
24    
25     #include <list>
26    
27     #include "gettext.h"
28    
29     #include "conf.h"
30     #include "slog.h"
31     #include "device.h"
32     #include "protocol.h"
33     #include "connection.h"
34    
35     #if !HAVE_RAND_PSEUDO_BYTES
36     # define RAND_pseudo_bytes RAND_bytes
37     #endif
38    
39     #define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic
40    
41     struct crypto_ctx
42     {
43     EVP_CIPHER_CTX cctx;
44     HMAC_CTX hctx;
45    
46     crypto_ctx (const rsachallenge &challenge, int enc);
47     ~crypto_ctx ();
48     };
49    
50     crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc)
51     {
52     EVP_CIPHER_CTX_init (&cctx);
53     EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
54     HMAC_CTX_init (&hctx);
55     HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
56     }
57    
58     crypto_ctx::~crypto_ctx ()
59     {
60     EVP_CIPHER_CTX_cleanup (&cctx);
61     HMAC_CTX_cleanup (&hctx);
62     }
63    
64     static void
65     rsa_hash (const rsaid &id, const rsachallenge &chg, rsaresponse &h)
66     {
67     EVP_MD_CTX ctx;
68    
69     EVP_MD_CTX_init (&ctx);
70     EVP_DigestInit (&ctx, RSA_HASH);
71     EVP_DigestUpdate(&ctx, &chg, sizeof chg);
72     EVP_DigestUpdate(&ctx, &id, sizeof id);
73     EVP_DigestFinal (&ctx, (unsigned char *)&h, 0);
74     EVP_MD_CTX_cleanup (&ctx);
75     }
76    
77     struct rsa_entry {
78     tstamp expire;
79     rsaid id;
80     rsachallenge chg;
81     };
82    
83     struct rsa_cache : list<rsa_entry>
84     {
85     void cleaner_cb (tstamp &ts); time_watcher cleaner;
86    
87     bool find (const rsaid &id, rsachallenge &chg)
88     {
89     for (iterator i = begin (); i != end (); ++i)
90     {
91     if (!memcmp (&id, &i->id, sizeof id) && i->expire > NOW)
92     {
93     memcpy (&chg, &i->chg, sizeof chg);
94    
95     erase (i);
96     return true;
97     }
98     }
99    
100     if (cleaner.at < NOW)
101     cleaner.start (NOW + RSA_TTL);
102    
103     return false;
104     }
105    
106     void gen (rsaid &id, rsachallenge &chg)
107     {
108     rsa_entry e;
109    
110     RAND_bytes ((unsigned char *)&id, sizeof id);
111     RAND_bytes ((unsigned char *)&chg, sizeof chg);
112    
113     e.expire = NOW + RSA_TTL;
114     e.id = id;
115     memcpy (&e.chg, &chg, sizeof chg);
116    
117     push_back (e);
118    
119     if (cleaner.at < NOW)
120     cleaner.start (NOW + RSA_TTL);
121     }
122    
123     rsa_cache ()
124     : cleaner (this, &rsa_cache::cleaner_cb)
125     { }
126    
127     } rsa_cache;
128    
129     void rsa_cache::cleaner_cb (tstamp &ts)
130     {
131     if (empty ())
132     ts = TSTAMP_CANCEL;
133     else
134     {
135     ts = NOW + RSA_TTL;
136    
137     for (iterator i = begin (); i != end (); )
138     if (i->expire <= NOW)
139     i = erase (i);
140     else
141     ++i;
142     }
143     }
144    
145     //////////////////////////////////////////////////////////////////////////////
146    
147     void pkt_queue::put (tap_packet *p)
148     {
149     if (queue[i])
150     {
151     delete queue[i];
152     j = (j + 1) % QUEUEDEPTH;
153     }
154    
155     queue[i] = p;
156    
157     i = (i + 1) % QUEUEDEPTH;
158     }
159    
160     tap_packet *pkt_queue::get ()
161     {
162     tap_packet *p = queue[j];
163    
164     if (p)
165     {
166     queue[j] = 0;
167     j = (j + 1) % QUEUEDEPTH;
168     }
169    
170     return p;
171     }
172    
173     pkt_queue::pkt_queue ()
174     {
175     memset (queue, 0, sizeof (queue));
176     i = 0;
177     j = 0;
178     }
179    
180     pkt_queue::~pkt_queue ()
181     {
182     for (i = QUEUEDEPTH; --i > 0; )
183     delete queue[i];
184     }
185    
186     struct net_rateinfo {
187     u32 host;
188     double pcnt, diff;
189     tstamp last;
190     };
191    
192     // only do action once every x seconds per host whole allowing bursts.
193     // this implementation ("splay list" ;) is inefficient,
194     // but low on resources.
195     struct net_rate_limiter : list<net_rateinfo>
196     {
197     static const double ALPHA = 1. - 1. / 90.; // allow bursts
198     static const double CUTOFF = 20.; // one event every CUTOFF seconds
199     static const double EXPIRE = CUTOFF * 30.; // expire entries after this time
200    
201     bool can (const sockinfo &si) { return can((u32)si.host); }
202     bool can (u32 host);
203     };
204    
205     net_rate_limiter auth_rate_limiter, reset_rate_limiter;
206    
207     bool net_rate_limiter::can (u32 host)
208     {
209     iterator i;
210    
211     for (i = begin (); i != end (); )
212     if (i->host == host)
213     break;
214     else if (i->last < NOW - EXPIRE)
215     i = erase (i);
216     else
217     i++;
218    
219     if (i == end ())
220     {
221     net_rateinfo ri;
222    
223     ri.host = host;
224     ri.pcnt = 1.;
225     ri.diff = CUTOFF * (1. / (1. - ALPHA));
226     ri.last = NOW;
227    
228     push_front (ri);
229    
230     return true;
231     }
232     else
233     {
234     net_rateinfo ri (*i);
235     erase (i);
236    
237     ri.pcnt = ri.pcnt * ALPHA;
238     ri.diff = ri.diff * ALPHA + (NOW - ri.last);
239    
240     ri.last = NOW;
241    
242     bool send = ri.diff / ri.pcnt > CUTOFF;
243    
244     if (send)
245     ri.pcnt++;
246    
247     push_front (ri);
248    
249     return send;
250     }
251     }
252    
253     /////////////////////////////////////////////////////////////////////////////
254    
255     unsigned char hmac_packet::hmac_digest[EVP_MAX_MD_SIZE];
256    
257     void hmac_packet::hmac_gen (crypto_ctx *ctx)
258     {
259     unsigned int xlen;
260    
261     HMAC_CTX *hctx = &ctx->hctx;
262    
263     HMAC_Init_ex (hctx, 0, 0, 0, 0);
264     HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet),
265     len - sizeof (hmac_packet));
266     HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen);
267     }
268    
269     void
270     hmac_packet::hmac_set (crypto_ctx *ctx)
271     {
272     hmac_gen (ctx);
273    
274     memcpy (hmac, hmac_digest, HMACLENGTH);
275     }
276    
277     bool
278     hmac_packet::hmac_chk (crypto_ctx *ctx)
279     {
280     hmac_gen (ctx);
281    
282     return !memcmp (hmac, hmac_digest, HMACLENGTH);
283     }
284    
285     void vpn_packet::set_hdr (ptype type, unsigned int dst)
286     {
287     this->type = type;
288    
289     int src = THISNODE->id;
290    
291     src1 = src;
292     srcdst = ((src >> 8) << 4) | (dst >> 8);
293     dst1 = dst;
294     }
295    
296     #define MAXVPNDATA (MAX_MTU - 6 - 6)
297     #define DATAHDR (sizeof (u32) + RAND_SIZE)
298    
299     struct vpndata_packet:vpn_packet
300     {
301     u8 data[MAXVPNDATA + DATAHDR]; // seqno
302    
303     void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
304     tap_packet *unpack (connection *conn, u32 &seqno);
305     private:
306    
307     const u32 data_hdr_size () const
308     {
309     return sizeof (vpndata_packet) - sizeof (net_packet) - MAXVPNDATA - DATAHDR;
310     }
311     };
312    
313     void
314     vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
315     {
316     EVP_CIPHER_CTX *cctx = &conn->octx->cctx;
317     int outl = 0, outl2;
318     ptype type = PT_DATA_UNCOMPRESSED;
319    
320     #if ENABLE_COMPRESSION
321     u8 cdata[MAX_MTU];
322     u32 cl;
323    
324     cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
325     if (cl)
326     {
327     type = PT_DATA_COMPRESSED;
328     d = cdata;
329     l = cl + 2;
330    
331     d[0] = cl >> 8;
332     d[1] = cl;
333     }
334     #endif
335    
336     EVP_EncryptInit_ex (cctx, 0, 0, 0, 0);
337    
338     struct {
339     #if RAND_SIZE
340     u8 rnd[RAND_SIZE];
341     #endif
342     u32 seqno;
343     } datahdr;
344    
345     datahdr.seqno = ntohl (seqno);
346     #if RAND_SIZE
347     RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);
348     #endif
349    
350     EVP_EncryptUpdate (cctx,
351     (unsigned char *) data + outl, &outl2,
352     (unsigned char *) &datahdr, DATAHDR);
353     outl += outl2;
354    
355     EVP_EncryptUpdate (cctx,
356     (unsigned char *) data + outl, &outl2,
357     (unsigned char *) d, l);
358     outl += outl2;
359    
360     EVP_EncryptFinal_ex (cctx, (unsigned char *) data + outl, &outl2);
361     outl += outl2;
362    
363     len = outl + data_hdr_size ();
364    
365     set_hdr (type, dst);
366    
367     hmac_set (conn->octx);
368     }
369    
370     tap_packet *
371     vpndata_packet::unpack (connection *conn, u32 &seqno)
372     {
373     EVP_CIPHER_CTX *cctx = &conn->ictx->cctx;
374     int outl = 0, outl2;
375     tap_packet *p = new tap_packet;
376     u8 *d;
377     u32 l = len - data_hdr_size ();
378    
379     EVP_DecryptInit_ex (cctx, 0, 0, 0, 0);
380    
381     #if ENABLE_COMPRESSION
382     u8 cdata[MAX_MTU];
383    
384     if (type == PT_DATA_COMPRESSED)
385     d = cdata;
386     else
387     #endif
388     d = &(*p)[6 + 6 - DATAHDR];
389    
390     /* this overwrites part of the src mac, but we fix that later */
391     EVP_DecryptUpdate (cctx,
392     d, &outl2,
393     (unsigned char *)&data, len - data_hdr_size ());
394     outl += outl2;
395    
396     EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2);
397     outl += outl2;
398    
399     seqno = ntohl (*(u32 *)(d + RAND_SIZE));
400    
401     id2mac (dst () ? dst() : THISNODE->id, p->dst);
402     id2mac (src (), p->src);
403    
404     #if ENABLE_COMPRESSION
405     if (type == PT_DATA_COMPRESSED)
406     {
407     u32 cl = (d[DATAHDR] << 8) | d[DATAHDR + 1];
408    
409     p->len = lzf_decompress (d + DATAHDR + 2, cl < MAX_MTU ? cl : 0,
410     &(*p)[6 + 6], MAX_MTU)
411     + 6 + 6;
412     }
413     else
414     p->len = outl + (6 + 6 - DATAHDR);
415     #endif
416    
417     return p;
418     }
419    
420     struct ping_packet : vpn_packet
421     {
422     void setup (int dst, ptype type)
423     {
424     set_hdr (type, dst);
425     len = sizeof (*this) - sizeof (net_packet);
426     }
427     };
428    
429     struct config_packet : vpn_packet
430     {
431     // actually, hmaclen cannot be checked because the hmac
432     // field comes before this data, so peers with other
433     // hmacs simply will not work.
434     u8 prot_major, prot_minor, randsize, hmaclen;
435     u8 flags, challengelen, pad2, pad3;
436     u32 cipher_nid, digest_nid, hmac_nid;
437    
438     const u8 curflags () const
439     {
440     return 0x80
441     | (ENABLE_COMPRESSION ? 0x01 : 0x00);
442     }
443    
444     void setup (ptype type, int dst);
445     bool chk_config () const;
446     };
447    
448     void config_packet::setup (ptype type, int dst)
449     {
450     prot_major = PROTOCOL_MAJOR;
451     prot_minor = PROTOCOL_MINOR;
452     randsize = RAND_SIZE;
453     hmaclen = HMACLENGTH;
454     flags = curflags ();
455     challengelen = sizeof (rsachallenge);
456    
457     cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
458     digest_nid = htonl (EVP_MD_type (RSA_HASH));
459     hmac_nid = htonl (EVP_MD_type (DIGEST));
460    
461     len = sizeof (*this) - sizeof (net_packet);
462     set_hdr (type, dst);
463     }
464    
465     bool config_packet::chk_config () const
466     {
467     return prot_major == PROTOCOL_MAJOR
468     && randsize == RAND_SIZE
469     && hmaclen == HMACLENGTH
470     && flags == curflags ()
471     && challengelen == sizeof (rsachallenge)
472     && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))
473     && digest_nid == htonl (EVP_MD_type (RSA_HASH))
474     && hmac_nid == htonl (EVP_MD_type (DIGEST));
475     }
476    
477     struct auth_req_packet : config_packet
478     {
479     char magic[8];
480     u8 initiate; // false if this is just an automatic reply
481     u8 protocols; // supported protocols (will get patches on forward)
482     u8 pad2, pad3;
483     rsaid id;
484     rsaencrdata encr;
485    
486     auth_req_packet (int dst, bool initiate_, u8 protocols_)
487     {
488     config_packet::setup (PT_AUTH_REQ, dst);
489     strncpy (magic, MAGIC, 8);
490     initiate = !!initiate_;
491     protocols = protocols_;
492    
493     len = sizeof (*this) - sizeof (net_packet);
494     }
495     };
496    
497     struct auth_res_packet : config_packet
498     {
499     rsaid id;
500     u8 pad1, pad2, pad3;
501     u8 response_len; // encrypted length
502     rsaresponse response;
503    
504     auth_res_packet (int dst)
505     {
506     config_packet::setup (PT_AUTH_RES, dst);
507    
508     len = sizeof (*this) - sizeof (net_packet);
509     }
510     };
511    
512     struct connect_req_packet : vpn_packet
513     {
514     u8 id, protocols;
515     u8 pad1, pad2;
516    
517     connect_req_packet (int dst, int id_, u8 protocols_)
518     : id(id_)
519     , protocols(protocols_)
520     {
521     set_hdr (PT_CONNECT_REQ, dst);
522     len = sizeof (*this) - sizeof (net_packet);
523     }
524     };
525    
526     struct connect_info_packet : vpn_packet
527     {
528     u8 id, protocols;
529     u8 pad1, pad2;
530     sockinfo si;
531    
532     connect_info_packet (int dst, int id_, const sockinfo &si_, u8 protocols_)
533     : id(id_)
534     , protocols(protocols_)
535     , si(si_)
536     {
537     set_hdr (PT_CONNECT_INFO, dst);
538    
539     len = sizeof (*this) - sizeof (net_packet);
540     }
541     };
542    
543     /////////////////////////////////////////////////////////////////////////////
544    
545     void
546     connection::reset_dstaddr ()
547     {
548     si.set (conf);
549     }
550    
551     void
552     connection::send_ping (const sockinfo &si, u8 pong)
553     {
554     ping_packet *pkt = new ping_packet;
555    
556     pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
557     send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
558    
559     delete pkt;
560     }
561    
562     void
563     connection::send_reset (const sockinfo &si)
564     {
565     if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
566     {
567     config_packet *pkt = new config_packet;
568    
569     pkt->setup (vpn_packet::PT_RESET, conf->id);
570     send_vpn_packet (pkt, si, IPTOS_MINCOST);
571    
572     delete pkt;
573     }
574     }
575    
576     void
577     connection::send_auth_request (const sockinfo &si, bool initiate)
578     {
579     auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
580    
581     protocol = best_protocol (THISNODE->protocols & conf->protocols);
582    
583     rsachallenge chg;
584    
585     rsa_cache.gen (pkt->id, chg);
586    
587     if (0 > RSA_public_encrypt (sizeof chg,
588     (unsigned char *)&chg, (unsigned char *)&pkt->encr,
589     conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
590     fatal ("RSA_public_encrypt error");
591    
592     slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
593    
594     send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
595    
596     delete pkt;
597     }
598    
599     void
600     connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg)
601     {
602     auth_res_packet *pkt = new auth_res_packet (conf->id);
603    
604     pkt->id = id;
605    
606     rsa_hash (id, chg, pkt->response);
607    
608     pkt->hmac_set (octx);
609    
610     slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si);
611    
612     send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
613    
614     delete pkt;
615     }
616    
617     void
618     connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols)
619     {
620     slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n",
621     conf->id, rid, (const char *)rsi);
622    
623     connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
624    
625     r->hmac_set (octx);
626     send_vpn_packet (r, si);
627    
628     delete r;
629     }
630    
631     void
632     connection::establish_connection_cb (tstamp &ts)
633     {
634     if (ictx || conf == THISNODE
635     || connectmode == conf_node::C_NEVER
636     || connectmode == conf_node::C_DISABLED)
637     ts = TSTAMP_CANCEL;
638     else if (ts <= NOW)
639     {
640     double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6;
641    
642     if (retry_int < 3600 * 8)
643     retry_cnt++;
644    
645     ts = NOW + retry_int;
646    
647     if (conf->hostname)
648     {
649     reset_dstaddr ();
650     if (si.host && auth_rate_limiter.can (si))
651     {
652     if (retry_cnt < 4)
653     send_auth_request (si, true);
654     else
655     send_ping (si, 0);
656     }
657     }
658     else
659     vpn->connect_request (conf->id);
660     }
661     }
662    
663     void
664     connection::reset_connection ()
665     {
666     if (ictx && octx)
667     {
668     slog (L_INFO, _("%s(%s): connection lost"),
669     conf->nodename, (const char *)si);
670    
671     if (::conf.script_node_down)
672     run_script (run_script_cb (this, &connection::script_node_down), false);
673     }
674    
675     delete ictx; ictx = 0;
676     delete octx; octx = 0;
677    
678     si.host= 0;
679    
680     last_activity = 0;
681     retry_cnt = 0;
682    
683     rekey.reset ();
684     keepalive.reset ();
685     establish_connection.reset ();
686     }
687    
688     void
689     connection::shutdown ()
690     {
691     if (ictx && octx)
692     send_reset (si);
693    
694     reset_connection ();
695     }
696    
697     void
698     connection::rekey_cb (tstamp &ts)
699     {
700     ts = TSTAMP_CANCEL;
701    
702     reset_connection ();
703     establish_connection ();
704     }
705    
706     void
707     connection::send_data_packet (tap_packet *pkt, bool broadcast)
708     {
709     vpndata_packet *p = new vpndata_packet;
710     int tos = 0;
711    
712     if (conf->inherit_tos
713     && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
714     && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
715     tos = (*pkt)[15] & IPTOS_TOS_MASK;
716    
717     p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
718     send_vpn_packet (p, si, tos);
719    
720     delete p;
721    
722     if (oseqno > MAX_SEQNO)
723     rekey ();
724     }
725    
726     void
727     connection::inject_data_packet (tap_packet *pkt, bool broadcast)
728     {
729     if (ictx && octx)
730     send_data_packet (pkt, broadcast);
731     else
732     {
733     if (!broadcast)//DDDD
734     queue.put (new tap_packet (*pkt));
735    
736     establish_connection ();
737     }
738     }
739    
740     void
741     connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
742     {
743     last_activity = NOW;
744    
745     slog (L_NOISE, "<<%d received packet type %d from %d to %d",
746     conf->id, pkt->typ (), pkt->src (), pkt->dst ());
747    
748     switch (pkt->typ ())
749     {
750     case vpn_packet::PT_PING:
751     // we send pings instead of auth packets after some retries,
752     // so reset the retry counter and establish a connection
753     // when we receive a ping.
754     if (!ictx)
755     {
756     if (auth_rate_limiter.can (rsi))
757     send_auth_request (rsi, true);
758     }
759     else
760     send_ping (rsi, 1); // pong
761    
762     break;
763    
764     case vpn_packet::PT_PONG:
765     break;
766    
767     case vpn_packet::PT_RESET:
768     {
769     reset_connection ();
770    
771     config_packet *p = (config_packet *) pkt;
772    
773     if (!p->chk_config ())
774     {
775     slog (L_WARN, _("%s(%s): protocol mismatch, disabling node"),
776     conf->nodename, (const char *)rsi);
777     connectmode = conf_node::C_DISABLED;
778     }
779     else if (connectmode == conf_node::C_ALWAYS)
780     establish_connection ();
781     }
782     break;
783    
784     case vpn_packet::PT_AUTH_REQ:
785     if (auth_rate_limiter.can (rsi))
786     {
787     auth_req_packet *p = (auth_req_packet *) pkt;
788    
789     slog (L_TRACE, "<<%d PT_AUTH_REQ(%d)", conf->id, p->initiate);
790    
791     if (p->chk_config () && !strncmp (p->magic, MAGIC, 8))
792     {
793     if (p->prot_minor != PROTOCOL_MINOR)
794     slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
795     conf->nodename, (const char *)rsi,
796     PROTOCOL_MINOR, conf->nodename, p->prot_minor);
797    
798     if (p->initiate)
799     send_auth_request (rsi, false);
800    
801     rsachallenge k;
802    
803     if (0 > RSA_private_decrypt (sizeof (p->encr),
804     (unsigned char *)&p->encr, (unsigned char *)&k,
805     ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
806     slog (L_ERR, _("%s(%s): challenge illegal or corrupted"),
807     conf->nodename, (const char *)rsi);
808     else
809     {
810     retry_cnt = 0;
811     establish_connection.set (NOW + 8); //? ;)
812     keepalive.reset ();
813     rekey.reset ();
814    
815     delete ictx;
816     ictx = 0;
817    
818     delete octx;
819    
820     octx = new crypto_ctx (k, 1);
821     oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
822    
823     conf->protocols = p->protocols;
824     send_auth_response (rsi, p->id, k);
825    
826     break;
827     }
828     }
829    
830     send_reset (rsi);
831     }
832    
833     break;
834    
835     case vpn_packet::PT_AUTH_RES:
836     {
837     auth_res_packet *p = (auth_res_packet *) pkt;
838    
839     slog (L_TRACE, "<<%d PT_AUTH_RES", conf->id);
840    
841     if (p->chk_config ())
842     {
843     if (p->prot_minor != PROTOCOL_MINOR)
844     slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
845     conf->nodename, (const char *)rsi,
846     PROTOCOL_MINOR, conf->nodename, p->prot_minor);
847    
848     rsachallenge chg;
849    
850     if (!rsa_cache.find (p->id, chg))
851     slog (L_ERR, _("%s(%s): unrequested auth response"),
852     conf->nodename, (const char *)rsi);
853     else
854     {
855     crypto_ctx *cctx = new crypto_ctx (chg, 0);
856    
857     if (!p->hmac_chk (cctx))
858     slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n"
859     "could be an attack, or just corruption or an synchronization error"),
860     conf->nodename, (const char *)rsi);
861     else
862     {
863     rsaresponse h;
864    
865     rsa_hash (p->id, chg, h);
866    
867     if (!memcmp ((u8 *)&h, (u8 *)p->response, sizeof h))
868     {
869     prot_minor = p->prot_minor;
870    
871     delete ictx; ictx = cctx;
872    
873     iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
874    
875     si = rsi;
876    
877     rekey.set (NOW + ::conf.rekey);
878     keepalive.set (NOW + ::conf.keepalive);
879    
880     // send queued packets
881     while (tap_packet *p = queue.get ())
882     {
883     send_data_packet (p);
884     delete p;
885     }
886    
887     connectmode = conf->connectmode;
888    
889     slog (L_INFO, _("%s(%s): %s connection established, protocol version %d.%d"),
890     conf->nodename, (const char *)rsi,
891     strprotocol (protocol),
892     p->prot_major, p->prot_minor);
893    
894     if (::conf.script_node_up)
895     run_script (run_script_cb (this, &connection::script_node_up), false);
896    
897     break;
898     }
899     else
900     slog (L_ERR, _("%s(%s): sent and received challenge do not match"),
901     conf->nodename, (const char *)rsi);
902     }
903    
904     delete cctx;
905     }
906     }
907     }
908    
909     send_reset (rsi);
910     break;
911    
912     case vpn_packet::PT_DATA_COMPRESSED:
913     #if !ENABLE_COMPRESSION
914     send_reset (rsi);
915     break;
916     #endif
917    
918     case vpn_packet::PT_DATA_UNCOMPRESSED:
919    
920     if (ictx && octx)
921     {
922     vpndata_packet *p = (vpndata_packet *)pkt;
923    
924     if (rsi == si)
925     {
926     if (!p->hmac_chk (ictx))
927     slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
928     "could be an attack, or just corruption or an synchronization error"),
929     conf->nodename, (const char *)rsi);
930     else
931     {
932     u32 seqno;
933     tap_packet *d = p->unpack (this, seqno);
934    
935     if (iseqno.recv_ok (seqno))
936     {
937     vpn->tap->send (d);
938    
939     if (p->dst () == 0) // re-broadcast
940     for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
941     {
942     connection *c = *i;
943    
944     if (c->conf != THISNODE && c->conf != conf)
945     c->inject_data_packet (d);
946     }
947    
948     delete d;
949    
950     break;
951     }
952     }
953     }
954     else
955     slog (L_ERR, _("received data packet from unknown source %s"), (const char *)rsi);
956     }
957    
958     send_reset (rsi);
959     break;
960    
961     case vpn_packet::PT_CONNECT_REQ:
962     if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
963     {
964     connect_req_packet *p = (connect_req_packet *) pkt;
965    
966     assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
967     conf->protocols = p->protocols;
968     connection *c = vpn->conns[p->id - 1];
969    
970     slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n",
971     conf->id, p->id, c->ictx && c->octx);
972    
973     if (c->ictx && c->octx)
974     {
975     // send connect_info packets to both sides, in case one is
976     // behind a nat firewall (or both ;)
977     c->send_connect_info (conf->id, si, conf->protocols);
978     send_connect_info (c->conf->id, c->si, c->conf->protocols);
979     }
980     }
981    
982     break;
983    
984     case vpn_packet::PT_CONNECT_INFO:
985     if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
986     {
987     connect_info_packet *p = (connect_info_packet *) pkt;
988    
989     assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
990     conf->protocols = p->protocols;
991     connection *c = vpn->conns[p->id - 1];
992    
993     slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
994     conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
995    
996     c->send_auth_request (p->si, true);
997     }
998    
999     break;
1000    
1001     default:
1002     send_reset (rsi);
1003     break;
1004    
1005     }
1006     }
1007    
1008     void connection::keepalive_cb (tstamp &ts)
1009     {
1010     if (NOW >= last_activity + ::conf.keepalive + 30)
1011     {
1012     reset_connection ();
1013     establish_connection ();
1014     }
1015     else if (NOW < last_activity + ::conf.keepalive)
1016     ts = last_activity + ::conf.keepalive;
1017     else if (conf->connectmode != conf_node::C_ONDEMAND
1018     || THISNODE->connectmode != conf_node::C_ONDEMAND)
1019     {
1020     send_ping (si);
1021     ts = NOW + 5;
1022     }
1023     else
1024     reset_connection ();
1025     }
1026    
1027     void connection::connect_request (int id)
1028     {
1029     connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);
1030    
1031     slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);
1032     p->hmac_set (octx);
1033     send_vpn_packet (p, si);
1034    
1035     delete p;
1036     }
1037    
1038     void connection::script_node ()
1039     {
1040     vpn->script_if_up (0);
1041    
1042     char *env;
1043     asprintf (&env, "DESTID=%d", conf->id); putenv (env);
1044     asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env);
1045     asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env);
1046     asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env);
1047     }
1048    
1049     const char *connection::script_node_up (int)
1050     {
1051     script_node ();
1052    
1053     putenv ("STATE=up");
1054    
1055     return ::conf.script_node_up ? ::conf.script_node_up : "node-up";
1056     }
1057    
1058     const char *connection::script_node_down (int)
1059     {
1060     script_node ();
1061    
1062     putenv ("STATE=down");
1063    
1064     return ::conf.script_node_up ? ::conf.script_node_down : "node-down";
1065     }
1066    
1067     // send a vpn packet out to other hosts
1068     void
1069     connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
1070     {
1071     if (protocol & PROT_IPv4)
1072     vpn->send_ipv4_packet (pkt, si, tos);
1073     else
1074     vpn->send_udpv4_packet (pkt, si, tos);
1075     }
1076    
1077     connection::connection(struct vpn *vpn_)
1078     : vpn(vpn_)
1079     , rekey (this, &connection::rekey_cb)
1080     , keepalive (this, &connection::keepalive_cb)
1081     , establish_connection (this, &connection::establish_connection_cb)
1082     {
1083     octx = ictx = 0;
1084     retry_cnt = 0;
1085    
1086     connectmode = conf_node::C_ALWAYS; // initial setting
1087     reset_connection ();
1088     }
1089    
1090     connection::~connection ()
1091     {
1092     shutdown ();
1093     }
1094    
1095     void connection_init ()
1096     {
1097     auth_rate_limiter.clear ();
1098     reset_rate_limiter.clear ();
1099     }
1100