ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
Revision: 1.113
Committed: Thu Jan 29 00:21:39 2015 UTC (9 years, 3 months ago) by root
Content type: text/plain
Branch: MAIN
Changes since 1.112: +41 -46 lines
Log Message: 
*** empty log message ***

File Contents

# User Rev Content
1 pcg 1.1 /*
2     connection.C -- manage a single connection
3 root 1.98 Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann <gvpe@schmorp.de>
4 pcg 1.1
5 pcg 1.42 This file is part of GVPE.
6    
7 pcg 1.69 GVPE is free software; you can redistribute it and/or modify it
8     under the terms of the GNU General Public License as published by the
9     Free Software Foundation; either version 3 of the License, or (at your
10     option) any later version.
11    
12     This program is distributed in the hope that it will be useful, but
13     WITHOUT ANY WARRANTY; without even the implied warranty of
14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15     Public License for more details.
16    
17     You should have received a copy of the GNU General Public License along
18     with this program; if not, see <http://www.gnu.org/licenses/>.
19    
20     Additional permission under GNU GPL version 3 section 7
21    
22     If you modify this Program, or any covered work, by linking or
23     combining it with the OpenSSL project's OpenSSL library (or a modified
24     version of that library), containing parts covered by the terms of the
25     OpenSSL or SSLeay licenses, the licensors of this Program grant you
26     additional permission to convey the resulting work. Corresponding
27     Source for a non-source form of such a combination shall include the
28     source code for the parts of OpenSSL used as well as that of the
29     covered work.
30 pcg 1.1 */
31    
32     #include "config.h"
33    
34     #include <list>
35 pcg 1.70 #include <queue>
36     #include <utility>
37 pcg 1.1
38 root 1.107 #include <openssl/opensslv.h>
39 pcg 1.2 #include <openssl/rand.h>
40     #include <openssl/evp.h>
41     #include <openssl/rsa.h>
42     #include <openssl/err.h>
43    
44 root 1.107 // openssl 0.9.8 compatibility
45     #if OPENSSL_VERSION_NUMBER < 0x10100000
46     #define require101(exp) exp
47     #else
48 root 1.112 #define require101(exp) require (exp)
49 root 1.107 #endif
50    
51 pcg 1.1 #include "conf.h"
52     #include "slog.h"
53     #include "device.h"
54 pcg 1.2 #include "vpn.h"
55 pcg 1.1 #include "connection.h"
56 root 1.98 #include "hkdf.h"
57 pcg 1.1
58 pcg 1.20 #include "netcompat.h"
59 pcg 1.19
60 root 1.98 #define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic
61 pcg 1.30
62     #define ULTRA_FAST 1
63     #define HLOG 15
64     #include "lzf/lzf.h"
65     #include "lzf/lzf_c.c"
66     #include "lzf/lzf_d.c"
67 pcg 1.1
68 pcg 1.70 //////////////////////////////////////////////////////////////////////////////
69    
70     static std::queue< std::pair<run_script_cb *, const char *> > rs_queue;
71     static ev::child rs_child_ev;
72    
73 root 1.90 namespace
74 pcg 1.70 {
75 root 1.90 void // c++ requires external linkage here, apparently :(
76     rs_child_cb (ev::child &w, int revents)
77     {
78     w.stop ();
79 pcg 1.70
80 root 1.90 if (rs_queue.empty ())
81     return;
82 pcg 1.70
83 root 1.90 pid_t pid = run_script (*rs_queue.front ().first, false);
84     if (pid)
85     {
86     w.set (pid);
87     w.start ();
88     }
89     else
90     slog (L_WARN, rs_queue.front ().second);
91 pcg 1.70
92 root 1.90 delete rs_queue.front ().first;
93     rs_queue.pop ();
94     }
95     };
96 pcg 1.70
97     // despite the fancy name, this is quite a hack
98     static void
99     run_script_queued (run_script_cb *cb, const char *warnmsg)
100     {
101     rs_queue.push (std::make_pair (cb, warnmsg));
102    
103     if (!rs_child_ev.is_active ())
104     {
105     rs_child_ev.set<rs_child_cb> ();
106     rs_child_ev ();
107     }
108     }
109    
110     //////////////////////////////////////////////////////////////////////////////
111    
112 pcg 1.1 struct crypto_ctx
113     {
114     EVP_CIPHER_CTX cctx;
115     HMAC_CTX hctx;
116    
117 root 1.98 crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc);
118 pcg 1.1 ~crypto_ctx ();
119     };
120    
121 root 1.98 crypto_ctx::crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc)
122 pcg 1.1 {
123 root 1.98 ecdh_key s;
124    
125     curve25519_combine (a, b, s);
126    
127     {
128     u8 mac_key[MAC_KEYSIZE];
129     static const unsigned char mac_info[] = "gvpe mac key";
130    
131 root 1.99 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
132 root 1.98 kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key));
133     kdf.extract (s, sizeof (s));
134 root 1.99 kdf.extract_done (HKDF_PRF_HASH ());
135 root 1.98 kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info));
136    
137     HMAC_CTX_init (&hctx);
138 root 1.107 require101 (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0));
139 root 1.98 }
140    
141     {
142     u8 cipher_key[CIPHER_KEYSIZE];
143     static const unsigned char cipher_info[] = "gvpe cipher key";
144    
145 root 1.99 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
146 root 1.98 kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key));
147     kdf.extract (s, sizeof (s));
148 root 1.99 kdf.extract_done (HKDF_PRF_HASH ());
149 root 1.98 kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info));
150    
151     EVP_CIPHER_CTX_init (&cctx);
152     require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc));
153     }
154 pcg 1.1 }
155    
156     crypto_ctx::~crypto_ctx ()
157     {
158 pcg 1.29 require (EVP_CIPHER_CTX_cleanup (&cctx));
159 pcg 1.1 HMAC_CTX_cleanup (&hctx);
160     }
161    
162 root 1.98 static inline void
163     auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr)
164 pcg 1.1 {
165 root 1.98 if (RSA_public_encrypt (sizeof (auth.rsa),
166     (unsigned char *)&auth.rsa, (unsigned char *)&encr.rsa,
167     key, RSA_PKCS1_OAEP_PADDING) < 0)
168     fatal ("RSA_public_encrypt error");
169 root 1.100
170     memcpy (&encr.ecdh, &auth.ecdh, sizeof (encr.ecdh));
171 pcg 1.1 }
172    
173 root 1.98 static inline bool
174     auth_decrypt (RSA *key, const auth_encr &encr, auth_data &auth)
175 pcg 1.63 {
176 root 1.98 u8 rsa_decrypt[RSA_KEYLEN];
177 pcg 1.1
178 root 1.98 if (RSA_private_decrypt (sizeof (encr.rsa),
179     (const unsigned char *)&encr.rsa, (unsigned char *)rsa_decrypt,
180     key, RSA_PKCS1_OAEP_PADDING) != sizeof (auth.rsa))
181     return 0;
182 pcg 1.1
183 root 1.98 memcpy (&auth.rsa, rsa_decrypt, sizeof (auth.rsa));
184 root 1.100 memcpy (&auth.ecdh, &encr.ecdh, sizeof (auth.ecdh));
185 pcg 1.1
186 root 1.98 return 1;
187     }
188 pcg 1.1
189 root 1.98 static void
190 root 1.104 auth_hash (const auth_data &auth, const ecdh_key &b, auth_mac &mac)
191 root 1.98 {
192 root 1.106 hkdf kdf (b, sizeof b, AUTH_DIGEST ()); // use response ecdh b as salt
193 root 1.104 kdf.extract (&auth.rsa, sizeof (auth.rsa));
194     kdf.extract_done ();
195 root 1.106 kdf.expand (mac, sizeof mac, auth.ecdh, sizeof (auth.ecdh)); // use challenge ecdh b as info
196 root 1.98 }
197 pcg 1.1
198 root 1.90 void
199 root 1.98 connection::generate_auth_data ()
200 pcg 1.1 {
201 root 1.98 if (auth_expire < ev_now ())
202 pcg 1.1 {
203 root 1.98 // request data
204 root 1.101 rand_fill (snd_auth.rsa);
205 root 1.98 curve25519_generate (snd_ecdh_a, snd_auth.ecdh);
206    
207     // eventual response data
208     curve25519_generate (rcv_ecdh_a, rcv_ecdh_b);
209 pcg 1.1 }
210 root 1.98
211     // every use prolongs the expiry
212     auth_expire = ev_now () + AUTH_TTL;
213 pcg 1.1 }
214    
215     //////////////////////////////////////////////////////////////////////////////
216    
217 pcg 1.67 pkt_queue::pkt_queue (double max_ttl, int max_queue)
218     : max_ttl (max_ttl), max_queue (max_queue)
219 pcg 1.1 {
220 pcg 1.67 queue = new pkt [max_queue];
221    
222     i = 0;
223     j = 0;
224    
225     expire.set<pkt_queue, &pkt_queue::expire_cb> (this);
226     }
227 pcg 1.1
228 pcg 1.67 pkt_queue::~pkt_queue ()
229     {
230     while (net_packet *p = get ())
231     delete p;
232 pcg 1.1
233 pcg 1.67 delete [] queue;
234 pcg 1.1 }
235    
236 root 1.90 void
237     pkt_queue::expire_cb (ev::timer &w, int revents)
238 pcg 1.1 {
239 pcg 1.67 ev_tstamp expire = ev_now () - max_ttl;
240 pcg 1.1
241 pcg 1.67 for (;;)
242 pcg 1.1 {
243 pcg 1.67 if (empty ())
244     break;
245    
246     double diff = queue[j].tstamp - expire;
247    
248     if (diff >= 0.)
249     {
250     w.start (diff > 0.5 ? diff : 0.5);
251     break;
252     }
253    
254     delete get ();
255 pcg 1.1 }
256     }
257    
258 root 1.90 void
259     pkt_queue::put (net_packet *p)
260 pcg 1.1 {
261 pcg 1.67 ev_tstamp now = ev_now ();
262    
263     // start expiry timer
264     if (empty ())
265     expire.start (max_ttl);
266    
267     int ni = i + 1 == max_queue ? 0 : i + 1;
268    
269     if (ni == j)
270     delete get ();
271    
272     queue[i].pkt = p;
273     queue[i].tstamp = now;
274    
275     i = ni;
276 pcg 1.1 }
277    
278 root 1.90 net_packet *
279     pkt_queue::get ()
280 pcg 1.1 {
281 pcg 1.67 if (empty ())
282     return 0;
283    
284     net_packet *p = queue[j].pkt;
285     queue[j].pkt = 0;
286    
287     j = j + 1 == max_queue ? 0 : j + 1;
288    
289     return p;
290 pcg 1.1 }
291    
292 pcg 1.63 struct net_rateinfo
293     {
294 pcg 1.1 u32 host;
295     double pcnt, diff;
296     tstamp last;
297     };
298    
299     // only do action once every x seconds per host whole allowing bursts.
300     // this implementation ("splay list" ;) is inefficient,
301     // but low on resources.
302     struct net_rate_limiter : list<net_rateinfo>
303     {
304 pcg 1.35 # define NRL_ALPHA (1. - 1. / 600.) // allow bursts
305     # define NRL_CUTOFF 10. // one event every CUTOFF seconds
306     # define NRL_EXPIRE (NRL_CUTOFF * 30.) // expire entries after this time
307     # define NRL_MAXDIF (NRL_CUTOFF * (1. / (1. - NRL_ALPHA))) // maximum diff /count value
308 pcg 1.1
309 pcg 1.16 bool can (const sockinfo &si) { return can((u32)si.host); }
310 pcg 1.1 bool can (u32 host);
311     };
312    
313 root 1.90 static net_rate_limiter auth_rate_limiter, reset_rate_limiter;
314 pcg 1.1
315 root 1.90 bool
316     net_rate_limiter::can (u32 host)
317 pcg 1.1 {
318     iterator i;
319    
320     for (i = begin (); i != end (); )
321     if (i->host == host)
322     break;
323 pcg 1.62 else if (i->last < ev_now () - NRL_EXPIRE)
324 pcg 1.1 i = erase (i);
325     else
326     i++;
327    
328     if (i == end ())
329     {
330     net_rateinfo ri;
331    
332     ri.host = host;
333     ri.pcnt = 1.;
334 pcg 1.34 ri.diff = NRL_MAXDIF;
335 pcg 1.62 ri.last = ev_now ();
336 pcg 1.1
337     push_front (ri);
338    
339     return true;
340     }
341     else
342     {
343     net_rateinfo ri (*i);
344     erase (i);
345    
346 pcg 1.34 ri.pcnt = ri.pcnt * NRL_ALPHA;
347 pcg 1.62 ri.diff = ri.diff * NRL_ALPHA + (ev_now () - ri.last);
348 pcg 1.1
349 pcg 1.62 ri.last = ev_now ();
350 pcg 1.1
351 pcg 1.10 double dif = ri.diff / ri.pcnt;
352 pcg 1.1
353 pcg 1.34 bool send = dif > NRL_CUTOFF;
354 pcg 1.10
355 pcg 1.34 if (dif > NRL_MAXDIF)
356 pcg 1.10 {
357     ri.pcnt = 1.;
358 pcg 1.34 ri.diff = NRL_MAXDIF;
359 pcg 1.10 }
360     else if (send)
361 pcg 1.1 ri.pcnt++;
362    
363     push_front (ri);
364    
365     return send;
366     }
367     }
368    
369     /////////////////////////////////////////////////////////////////////////////
370    
371 root 1.90 void
372 root 1.104 hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest)
373 pcg 1.1 {
374     HMAC_CTX *hctx = &ctx->hctx;
375    
376 root 1.107 require101 (HMAC_Init_ex (hctx, 0, 0, 0, 0));
377     require101 (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet)));
378     require101 (HMAC_Final (hctx, hmac_digest, 0));
379 pcg 1.1 }
380    
381     void
382     hmac_packet::hmac_set (crypto_ctx *ctx)
383     {
384 root 1.104 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
385     hmac_gen (ctx, hmac_digest);
386 pcg 1.1 memcpy (hmac, hmac_digest, HMACLENGTH);
387     }
388    
389     bool
390     hmac_packet::hmac_chk (crypto_ctx *ctx)
391     {
392 root 1.104 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
393     hmac_gen (ctx, hmac_digest);
394 root 1.110 return slow_memeq (hmac, hmac_digest, HMACLENGTH);
395 pcg 1.1 }
396    
397 root 1.90 void
398     vpn_packet::set_hdr (ptype type_, unsigned int dst)
399 pcg 1.1 {
400 pcg 1.6 type = type_;
401 pcg 1.1
402     int src = THISNODE->id;
403    
404     src1 = src;
405     srcdst = ((src >> 8) << 4) | (dst >> 8);
406     dst1 = dst;
407     }
408    
409     #define MAXVPNDATA (MAX_MTU - 6 - 6)
410    
411 pcg 1.28 struct vpndata_packet : vpn_packet
412 root 1.90 {
413 root 1.113 u32 ctr; // seqno
414     u8 data[MAXVPNDATA];
415 root 1.90
416     void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
417     tap_packet *unpack (connection *conn, u32 &seqno);
418 pcg 1.1
419     private:
420 root 1.90 const u32 data_hdr_size () const
421     {
422 root 1.113 // the distance from beginning of packet to data member
423     return data - at (0);
424 root 1.90 }
425     };
426 pcg 1.1
427 root 1.113 // expands packet counter (unlike seqno, in network byte order) to counter mode IV
428     static unsigned char *
429     expand_iv (u32 ctr)
430     {
431     static u32 iv[IV_SIZE (CIPHER) / 4];
432    
433     require (sizeof (iv) == 4 * 4);
434     require (IV_SIZE (CIPHER) % 4 == 0);
435    
436     iv[0] =
437     iv[1] =
438     iv[2] = ctr;
439    
440     // I would reuse ctr here to to avoid potential endianness issues,
441     // but it seems openssl wraps around. While this would be still ok,
442     // and I don't even know if its true, let's play safe and initialise
443     // to 0.
444     iv[3] = 0;
445    
446     return (unsigned char *)iv;
447     }
448    
449 pcg 1.1 void
450     vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
451     {
452     EVP_CIPHER_CTX *cctx = &conn->octx->cctx;
453     int outl = 0, outl2;
454     ptype type = PT_DATA_UNCOMPRESSED;
455    
456     #if ENABLE_COMPRESSION
457     u8 cdata[MAX_MTU];
458    
459 pcg 1.86 if (conn->features & FEATURE_COMPRESSION)
460 pcg 1.1 {
461 pcg 1.31 u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
462 pcg 1.1
463 pcg 1.31 if (cl)
464     {
465     type = PT_DATA_COMPRESSED;
466     d = cdata;
467     l = cl + 2;
468    
469     d[0] = cl >> 8;
470     d[1] = cl;
471     }
472 pcg 1.1 }
473     #endif
474    
475 root 1.113 ctr = htonl (seqno);
476 pcg 1.1
477 root 1.113 require (EVP_EncryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
478 pcg 1.1
479 pcg 1.29 require (EVP_EncryptUpdate (cctx,
480 root 1.113 (unsigned char *)data + outl, &outl2,
481     (unsigned char *)d, l));
482 pcg 1.1 outl += outl2;
483    
484 root 1.113 // it seems this is a nop for us, but we do it anyways
485     require (EVP_EncryptFinal_ex (cctx, (unsigned char *)data + outl, &outl2));
486 pcg 1.1 outl += outl2;
487    
488 root 1.113 len = data_hdr_size () + outl;
489 pcg 1.1
490     set_hdr (type, dst);
491    
492     hmac_set (conn->octx);
493     }
494    
495     tap_packet *
496     vpndata_packet::unpack (connection *conn, u32 &seqno)
497     {
498     EVP_CIPHER_CTX *cctx = &conn->ictx->cctx;
499     int outl = 0, outl2;
500     tap_packet *p = new tap_packet;
501     u8 *d;
502    
503 root 1.113 seqno = ntohl (ctr);
504    
505     require (EVP_DecryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
506 pcg 1.1
507     #if ENABLE_COMPRESSION
508     u8 cdata[MAX_MTU];
509    
510     if (type == PT_DATA_COMPRESSED)
511     d = cdata;
512     else
513     #endif
514 root 1.113 d = &(*p)[6 + 6];
515 root 1.101
516     // this can overwrite the len/dst/src fields
517 pcg 1.29 require (EVP_DecryptUpdate (cctx,
518 pcg 1.1 d, &outl2,
519 pcg 1.29 (unsigned char *)&data, len - data_hdr_size ()));
520 pcg 1.1 outl += outl2;
521    
522 root 1.113 // it seems this is a nop for us, but we do it anyways
523 pcg 1.29 require (EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2));
524 pcg 1.1 outl += outl2;
525    
526     id2mac (dst () ? dst() : THISNODE->id, p->dst);
527     id2mac (src (), p->src);
528    
529     #if ENABLE_COMPRESSION
530     if (type == PT_DATA_COMPRESSED)
531     {
532 root 1.113 u32 cl = (d[0] << 8) | d[1];
533 pcg 1.1
534 root 1.113 p->len = lzf_decompress (d + 2, cl < MAX_MTU - 2 ? cl : 0,
535 pcg 1.1 &(*p)[6 + 6], MAX_MTU)
536     + 6 + 6;
537     }
538     else
539 root 1.113 p->len = outl + (6 + 6);
540 pcg 1.1 #endif
541    
542     return p;
543     }
544    
545     struct ping_packet : vpn_packet
546     {
547     void setup (int dst, ptype type)
548     {
549     set_hdr (type, dst);
550     len = sizeof (*this) - sizeof (net_packet);
551     }
552     };
553    
554     struct config_packet : vpn_packet
555     {
556 root 1.103 u8 serial[SERIAL_SIZE];
557 root 1.98 u8 prot_major, prot_minor, randsize;
558     u8 flags, features, pad6, pad7, pad8;
559     u32 cipher_nid, mac_nid, auth_nid;
560 pcg 1.1
561     void setup (ptype type, int dst);
562 root 1.103 bool chk_config (const conf_node *conf, const sockinfo &rsi) const;
563 pcg 1.32
564     static u8 get_features ()
565     {
566     u8 f = 0;
567     #if ENABLE_COMPRESSION
568     f |= FEATURE_COMPRESSION;
569     #endif
570     #if ENABLE_ROHC
571     f |= FEATURE_ROHC;
572     #endif
573 pcg 1.59 #if ENABLE_BRIDGING
574     f |= FEATURE_BRIDGING;
575     #endif
576 pcg 1.32 return f;
577     }
578 pcg 1.1 };
579    
580 root 1.90 void
581     config_packet::setup (ptype type, int dst)
582 pcg 1.1 {
583     prot_major = PROTOCOL_MAJOR;
584     prot_minor = PROTOCOL_MINOR;
585 pcg 1.48 flags = 0;
586 pcg 1.32 features = get_features ();
587 pcg 1.1
588 root 1.103 strncpy ((char *)serial, conf.serial, sizeof (serial));
589    
590 root 1.98 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER ()));
591     mac_nid = htonl (EVP_MD_type (MAC_DIGEST ()));
592     auth_nid = htonl (EVP_MD_type (AUTH_DIGEST ()));
593 pcg 1.1
594     len = sizeof (*this) - sizeof (net_packet);
595     set_hdr (type, dst);
596     }
597    
598 root 1.90 bool
599 root 1.103 config_packet::chk_config (const conf_node *conf, const sockinfo &rsi) const
600 pcg 1.1 {
601 pcg 1.15 if (prot_major != PROTOCOL_MAJOR)
602 root 1.103 slog (L_WARN, _("%s(%s): major version mismatch (remote %d <=> local %d)"),
603     conf->nodename, (const char *)rsi, prot_major, PROTOCOL_MAJOR);
604 root 1.98 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER ())))
605 root 1.103 slog (L_WARN, _("%s(%s): cipher algo mismatch (remote %x <=> local %x)"),
606     conf->nodename, (const char *)rsi, ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER ()));
607 root 1.98 else if (mac_nid != htonl (EVP_MD_type (MAC_DIGEST ())))
608 root 1.103 slog (L_WARN, _("%s(%s): mac algo mismatch (remote %x <=> local %x)"),
609     conf->nodename, (const char *)rsi, ntohl (mac_nid), EVP_MD_type (MAC_DIGEST ()));
610 root 1.98 else if (auth_nid != htonl (EVP_MD_type (AUTH_DIGEST ())))
611 root 1.103 slog (L_WARN, _("%s(%s): auth algo mismatch (remote %x <=> local %x)"),
612     conf->nodename, (const char *)rsi, ntohl (auth_nid), EVP_MD_type (AUTH_DIGEST ()));
613 pcg 1.15 else
614 root 1.103 {
615     int cmp = memcmp (serial, ::conf.serial, sizeof (serial));
616    
617     if (cmp > 0)
618     slog (L_WARN, _("%s(%s): remote serial newer than local serial - outdated config?"),
619     conf->nodename, (const char *)rsi);
620     else if (cmp == 0)
621     return true;
622     }
623 pcg 1.15
624     return false;
625 pcg 1.1 }
626    
627 root 1.98 struct auth_req_packet : config_packet // UNPROTECTED
628 pcg 1.1 {
629     char magic[8];
630     u8 initiate; // false if this is just an automatic reply
631 pcg 1.28 u8 protocols; // supported protocols (will be patched on forward)
632 pcg 1.1 u8 pad2, pad3;
633 root 1.98 auth_encr encr;
634 pcg 1.1
635     auth_req_packet (int dst, bool initiate_, u8 protocols_)
636     {
637     config_packet::setup (PT_AUTH_REQ, dst);
638 root 1.98 memcpy (magic, MAGIC, 8);
639 pcg 1.1 initiate = !!initiate_;
640     protocols = protocols_;
641    
642     len = sizeof (*this) - sizeof (net_packet);
643     }
644     };
645    
646 root 1.103 struct auth_res_packet : vpn_packet // UNPROTECTED
647 pcg 1.1 {
648 root 1.98 auth_response response;
649 pcg 1.1
650     auth_res_packet (int dst)
651     {
652 root 1.103 set_hdr (PT_AUTH_RES, dst);
653 pcg 1.1
654     len = sizeof (*this) - sizeof (net_packet);
655     }
656     };
657    
658     struct connect_req_packet : vpn_packet
659     {
660     u8 id, protocols;
661     u8 pad1, pad2;
662    
663     connect_req_packet (int dst, int id_, u8 protocols_)
664     : id(id_)
665     , protocols(protocols_)
666     {
667     set_hdr (PT_CONNECT_REQ, dst);
668     len = sizeof (*this) - sizeof (net_packet);
669     }
670     };
671    
672     struct connect_info_packet : vpn_packet
673     {
674     u8 id, protocols;
675     u8 pad1, pad2;
676     sockinfo si;
677    
678     connect_info_packet (int dst, int id_, const sockinfo &si_, u8 protocols_)
679     : id(id_)
680     , protocols(protocols_)
681     , si(si_)
682     {
683     set_hdr (PT_CONNECT_INFO, dst);
684    
685     len = sizeof (*this) - sizeof (net_packet);
686     }
687     };
688    
689     /////////////////////////////////////////////////////////////////////////////
690    
691     void
692 root 1.98 connection::connection_established (const sockinfo &rsi)
693 pcg 1.10 {
694 root 1.98 if (!have_snd_auth || !have_rcv_auth)
695     return;
696    
697     si = rsi;
698     protocol = rsi.prot;
699    
700     slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."),
701     conf->nodename, (const char *)rsi,
702 root 1.108 vpn->can_direct (THISNODE, conf) ? "direct" : "forwarded",
703 root 1.98 PROTOCOL_MAJOR, prot_minor);
704    
705     if (::conf.script_node_up)
706     {
707     run_script_cb *cb = new run_script_cb;
708     cb->set<connection, &connection::script_node_up> (this);
709     run_script_queued (cb, _("node-up command execution failed, continuing."));
710     }
711    
712     delete ictx; ictx = new crypto_ctx (rcv_auth, snd_auth, rcv_ecdh_a, rcv_auth.ecdh, 0);
713     iseqno.reset (ntohl (rcv_auth.rsa.seqno) & 0x7fffffff);
714    
715     delete octx; octx = new crypto_ctx (snd_auth, rcv_auth, snd_ecdh_a, snd_ecdh_b , 1);
716     oseqno = ntohl (snd_auth.rsa.seqno) & 0x7fffffff;
717 pcg 1.61
718 root 1.102 // make sure rekeying timeouts are slightly asymmetric
719     ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0);
720     rekey.start (rekey_interval, rekey_interval);
721    
722 root 1.108 hmac_error = 0.;
723    
724 root 1.102 keepalive.start (::conf.keepalive);
725    
726     // send queued packets
727 root 1.108 while (tap_packet *p = (tap_packet *)data_queue.get ())
728 pcg 1.10 {
729 root 1.108 if (p->len) send_data_packet (p);
730     delete p;
731     }
732 root 1.97
733 root 1.108 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
734     {
735     if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY);
736     delete p;
737 root 1.102 }
738 pcg 1.73
739 root 1.102 vpn->connection_established (this);
740 pcg 1.10 }
741    
742     void
743 pcg 1.8 connection::reset_si ()
744 pcg 1.1 {
745 pcg 1.73 if (vpn->can_direct (THISNODE, conf))
746     protocol = best_protocol (THISNODE->protocols & conf->connectable_protocols ());
747     else
748 pcg 1.59 {
749 pcg 1.73 slog (L_TRACE, _("%s: direct connection denied by config."), conf->nodename);
750 pcg 1.59 protocol = 0;
751     }
752 pcg 1.6
753     si.set (conf, protocol);
754 pcg 1.1 }
755    
756 pcg 1.8 // ensure sockinfo is valid, forward if necessary
757     const sockinfo &
758     connection::forward_si (const sockinfo &si) const
759     {
760     if (!si.valid ())
761     {
762 pcg 1.73 connection *r = vpn->find_router_for (this);
763 pcg 1.8
764     if (r)
765     {
766 pcg 1.73 slog (L_DEBUG, _("%s: no common protocol, trying to route through %s."),
767     conf->nodename, r->conf->nodename);
768 pcg 1.8 return r->si;
769     }
770     else
771 pcg 1.73 slog (L_DEBUG, _("%s: node unreachable, no common protocol or no router available."),
772 pcg 1.8 conf->nodename);
773     }
774    
775     return si;
776     }
777    
778 pcg 1.1 void
779 pcg 1.10 connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
780     {
781 pcg 1.46 if (!vpn->send_vpn_packet (pkt, si, tos))
782 root 1.108 reset_connection ("packet send error");
783 pcg 1.10 }
784    
785     void
786 pcg 1.1 connection::send_ping (const sockinfo &si, u8 pong)
787     {
788     ping_packet *pkt = new ping_packet;
789    
790     pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
791 pcg 1.73
792 pcg 1.79 slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si);
793 pcg 1.10 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
794 pcg 1.1
795     delete pkt;
796     }
797    
798     void
799     connection::send_reset (const sockinfo &si)
800     {
801     if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
802     {
803     config_packet *pkt = new config_packet;
804    
805     pkt->setup (vpn_packet::PT_RESET, conf->id);
806 pcg 1.10 send_vpn_packet (pkt, si, IPTOS_MINCOST);
807 pcg 1.1
808     delete pkt;
809     }
810     }
811    
812     void
813     connection::send_auth_request (const sockinfo &si, bool initiate)
814     {
815     auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
816    
817 root 1.98 generate_auth_data ();
818     auth_encrypt (conf->rsa_key, snd_auth, pkt->encr);
819 pcg 1.1
820 pcg 1.81 slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si);
821 pcg 1.10 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
822 pcg 1.1
823 pcg 1.6 delete pkt;
824 pcg 1.1 }
825    
826     void
827 root 1.98 connection::send_auth_response (const sockinfo &si)
828 pcg 1.1 {
829     auth_res_packet *pkt = new auth_res_packet (conf->id);
830    
831 root 1.104 memcpy (pkt->response.ecdh, rcv_ecdh_b, sizeof rcv_ecdh_b);
832     auth_hash (rcv_auth, rcv_ecdh_b, pkt->response.mac);
833 pcg 1.1
834 pcg 1.80 slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si);
835 pcg 1.10 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
836 pcg 1.1
837     delete pkt;
838     }
839    
840     void
841     connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols)
842     {
843 root 1.93 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s,p%02x)", conf->nodename,
844     vpn->conns[rid - 1]->conf->nodename, (const char *)rsi,
845     conf->protocols);
846 pcg 1.1
847     connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
848    
849     r->hmac_set (octx);
850 pcg 1.10 send_vpn_packet (r, si);
851 pcg 1.1
852     delete r;
853     }
854    
855 pcg 1.66 inline void
856 pcg 1.60 connection::establish_connection_cb (ev::timer &w, int revents)
857 pcg 1.1 {
858 root 1.92 if (!(ictx && octx)
859 pcg 1.25 && conf != THISNODE
860     && connectmode != conf_node::C_NEVER
861     && connectmode != conf_node::C_DISABLED
862 pcg 1.60 && !w.is_active ())
863 pcg 1.1 {
864 pcg 1.67 // a bit hacky, if ondemand, and packets are no longer queued, then reset the connection
865     // and stop trying. should probably be handled by a per-connection expire handler.
866     if (connectmode == conf_node::C_ONDEMAND && vpn_queue.empty () && data_queue.empty ())
867     {
868 root 1.108 reset_connection ("no demand");
869 pcg 1.67 return;
870     }
871    
872 pcg 1.68 last_establish_attempt = ev_now ();
873    
874 pcg 1.60 ev::tstamp retry_int = ev::tstamp (retry_cnt & 3
875     ? (retry_cnt & 3) + 1
876     : 1 << (retry_cnt >> 2));
877 pcg 1.1
878 pcg 1.47 reset_si ();
879 pcg 1.1
880 root 1.109 bool slow = (si.prot & PROT_SLOW) || (conf->low_power || THISNODE->low_power);
881 pcg 1.8
882 pcg 1.73 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf))
883 pcg 1.60 {
884     /*TODO*/ /* start the timer so we don't recurse endlessly */
885     w.start (1);
886 pcg 1.74 vpn->send_connect_request (this);
887 pcg 1.60 }
888 pcg 1.8 else
889 pcg 1.1 {
890 pcg 1.73 if (si.valid ())
891     slog (L_DEBUG, _("%s: sending direct connection request to %s."),
892     conf->nodename, (const char *)si);
893 pcg 1.61
894 pcg 1.8 const sockinfo &dsi = forward_si (si);
895 pcg 1.6
896 pcg 1.47 slow = slow || (dsi.prot & PROT_SLOW);
897    
898 pcg 1.8 if (dsi.valid () && auth_rate_limiter.can (dsi))
899     {
900 root 1.109 // use ping after the first few retries
901     // TODO: on rekeys, the other node might not interpret ping correctly,
902     // TODO: as it will still have a valid connection
903     if (retry_cnt < 4 && (!conf->low_power || THISNODE->low_power))
904 pcg 1.8 send_auth_request (dsi, true);
905     else
906     send_ping (dsi, 0);
907     }
908 pcg 1.1 }
909 pcg 1.47
910 root 1.109 retry_int *= slow ? 4. : 0.9;
911 pcg 1.47
912     if (retry_int < conf->max_retry)
913     retry_cnt++;
914     else
915     retry_int = conf->max_retry;
916    
917 pcg 1.60 w.start (retry_int);
918 pcg 1.1 }
919     }
920    
921     void
922 root 1.108 connection::reset_connection (const char *reason)
923 pcg 1.1 {
924     if (ictx && octx)
925     {
926 root 1.108 slog (L_INFO, _("%s(%s): connection lost (%s)"),
927     conf->nodename, (const char *)si, reason);
928 pcg 1.1
929     if (::conf.script_node_down)
930 pcg 1.64 {
931 pcg 1.70 run_script_cb *cb = new run_script_cb;
932     cb->set<connection, &connection::script_node_down> (this);
933     run_script_queued (cb, _("node-down command execution failed, continuing."));
934 pcg 1.64 }
935 pcg 1.1 }
936    
937     delete ictx; ictx = 0;
938     delete octx; octx = 0;
939    
940 pcg 1.38 si.host = 0;
941 pcg 1.1
942 root 1.98 have_snd_auth = false;
943     have_rcv_auth = false;
944     auth_expire = 0.;
945    
946 pcg 1.73 last_activity = 0.;
947     //last_si_change = 0.;
948 pcg 1.1 retry_cnt = 0;
949    
950 pcg 1.25 rekey.stop ();
951     keepalive.stop ();
952     establish_connection.stop ();
953 pcg 1.1 }
954    
955     void
956     connection::shutdown ()
957     {
958     if (ictx && octx)
959     send_reset (si);
960    
961 root 1.108 reset_connection ("shutdown");
962 pcg 1.1 }
963    
964 pcg 1.73 // poor-man's rekeying
965 pcg 1.66 inline void
966 pcg 1.60 connection::rekey_cb (ev::timer &w, int revents)
967 pcg 1.1 {
968 root 1.108 reset_connection ("rekeying");
969 pcg 1.1 establish_connection ();
970     }
971    
972     void
973 pcg 1.21 connection::send_data_packet (tap_packet *pkt)
974 pcg 1.1 {
975     vpndata_packet *p = new vpndata_packet;
976     int tos = 0;
977    
978 pcg 1.12 // I am not hilarious about peeking into packets, but so be it.
979 pcg 1.21 if (conf->inherit_tos && pkt->is_ipv4 ())
980 pcg 1.1 tos = (*pkt)[15] & IPTOS_TOS_MASK;
981    
982 pcg 1.21 p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
983 pcg 1.10 send_vpn_packet (p, si, tos);
984 pcg 1.1
985     delete p;
986    
987     if (oseqno > MAX_SEQNO)
988     rekey ();
989     }
990    
991     void
992 pcg 1.68 connection::post_inject_queue ()
993     {
994     // force a connection every now and when when packets are sent (max 1/s)
995 root 1.109 if (ev_now () - last_establish_attempt >= (conf->low_power || THISNODE->low_power ? 2.95 : 0.95)) // arbitrary
996 pcg 1.68 establish_connection.stop ();
997    
998     establish_connection ();
999     }
1000    
1001     void
1002     connection::inject_data_packet (tap_packet *pkt)
1003 pcg 1.1 {
1004     if (ictx && octx)
1005 pcg 1.21 send_data_packet (pkt);
1006 pcg 1.1 else
1007     {
1008 pcg 1.68 data_queue.put (new tap_packet (*pkt));
1009     post_inject_queue ();
1010 pcg 1.1 }
1011     }
1012    
1013 root 1.90 void
1014     connection::inject_vpn_packet (vpn_packet *pkt, int tos)
1015 pcg 1.8 {
1016     if (ictx && octx)
1017 pcg 1.10 send_vpn_packet (pkt, si, tos);
1018 pcg 1.8 else
1019 pcg 1.12 {
1020 pcg 1.28 vpn_queue.put ((vpn_packet *)new data_packet (*(data_packet *)pkt));
1021 pcg 1.68 post_inject_queue ();
1022 pcg 1.12 }
1023 pcg 1.8 }
1024    
1025 pcg 1.1 void
1026     connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
1027     {
1028 pcg 1.62 last_activity = ev_now ();
1029 pcg 1.1
1030 root 1.91 slog (L_NOISE, "%s >> received packet type %d from %d to %d.",
1031 pcg 1.79 conf->nodename, pkt->typ (), pkt->src (), pkt->dst ());
1032 pcg 1.1
1033 pcg 1.61 if (connectmode == conf_node::C_DISABLED)
1034     return;
1035    
1036 pcg 1.1 switch (pkt->typ ())
1037     {
1038 pcg 1.3 case vpn_packet::PT_PING:
1039 pcg 1.79 slog (L_TRACE, "%s >> PT_PING", conf->nodename);
1040    
1041 pcg 1.3 // we send pings instead of auth packets after some retries,
1042     // so reset the retry counter and establish a connection
1043     // when we receive a ping.
1044 root 1.89 if (!ictx)
1045 pcg 1.3 {
1046     if (auth_rate_limiter.can (rsi))
1047     send_auth_request (rsi, true);
1048     }
1049     else
1050 root 1.89 // we would love to change the socket address here, but ping's aren't
1051 pcg 1.73 // authenticated, so we best ignore it.
1052 pcg 1.3 send_ping (rsi, 1); // pong
1053    
1054     break;
1055    
1056     case vpn_packet::PT_PONG:
1057 pcg 1.79 slog (L_TRACE, "%s >> PT_PONG", conf->nodename);
1058 root 1.89
1059     // a PONG might mean that the other side doesn't really know
1060     // about our desire for communication.
1061     establish_connection ();
1062 pcg 1.3 break;
1063    
1064     case vpn_packet::PT_RESET:
1065 root 1.108 slog (L_TRACE, "%s >> PT_RESET", conf->nodename);
1066    
1067     if (ictx && octx)
1068     {
1069     reset_connection ("remote reset");
1070    
1071     config_packet *p = (config_packet *) pkt;
1072 pcg 1.3
1073 root 1.108 if (p->chk_config (conf, rsi) && connectmode == conf_node::C_ALWAYS)
1074     establish_connection ();
1075     }
1076 pcg 1.3
1077     break;
1078    
1079     case vpn_packet::PT_AUTH_REQ:
1080     if (auth_rate_limiter.can (rsi))
1081     {
1082 root 1.93 auth_req_packet *p = (auth_req_packet *)pkt;
1083 pcg 1.3
1084 root 1.93 slog (L_TRACE, "%s >> PT_AUTH_REQ(%s,p%02x,f%02x)",
1085     conf->nodename, p->initiate ? "initiate" : "reply",
1086     p->protocols, p->features);
1087 pcg 1.1
1088 root 1.103 if (memcmp (p->magic, MAGIC, 8))
1089     {
1090     slog (L_WARN, _("%s(%s): protocol magic mismatch - stray packet?"),
1091     conf->nodename, (const char *)rsi);
1092     }
1093     else if (p->chk_config (conf, rsi))
1094 pcg 1.3 {
1095     if (p->prot_minor != PROTOCOL_MINOR)
1096     slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1097     conf->nodename, (const char *)rsi,
1098     PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1099    
1100     if (p->initiate)
1101 root 1.108 {
1102     send_auth_request (rsi, false);
1103    
1104     if (ictx && octx)
1105     reset_connection ("reconnect");
1106     }
1107 pcg 1.3
1108 root 1.98 auth_data auth;
1109 pcg 1.3
1110 root 1.98 if (!auth_decrypt (::conf.rsa_key, p->encr, auth))
1111 pcg 1.23 {
1112     slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
1113     conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
1114     }
1115 pcg 1.3 else
1116     {
1117 root 1.110 bool chg = !have_rcv_auth || !slow_memeq (&rcv_auth, &auth, sizeof auth);
1118 pcg 1.1
1119 root 1.98 rcv_auth = auth;
1120     have_rcv_auth = true;
1121 pcg 1.1
1122 root 1.98 send_auth_response (rsi);
1123 pcg 1.10
1124 root 1.98 if (chg)
1125     {
1126     conf->protocols = p->protocols;
1127     features = p->features & config_packet::get_features ();
1128 pcg 1.3
1129 root 1.98 connection_established (rsi);
1130     }
1131     }
1132 pcg 1.10
1133 root 1.98 break;
1134 pcg 1.3 }
1135    
1136     send_reset (rsi);
1137 pcg 1.1 }
1138    
1139 pcg 1.3 break;
1140    
1141     case vpn_packet::PT_AUTH_RES:
1142 pcg 1.1 {
1143 pcg 1.79 auth_res_packet *p = (auth_res_packet *)pkt;
1144 pcg 1.1
1145 pcg 1.81 slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename);
1146 pcg 1.1
1147 root 1.104 auth_mac local_mac;
1148     auth_hash (snd_auth, p->response.ecdh, local_mac);
1149    
1150 root 1.110 if (!slow_memeq (&p->response.mac, local_mac, sizeof local_mac))
1151 pcg 1.1 {
1152 root 1.103 slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."),
1153     conf->nodename, (const char *)rsi);
1154     }
1155     else if (!have_snd_auth)
1156     {
1157 root 1.104 memcpy (snd_ecdh_b, p->response.ecdh, sizeof snd_ecdh_b);
1158 root 1.98
1159 root 1.103 have_snd_auth = true;
1160     connection_established (rsi);
1161 pcg 1.1 }
1162     }
1163 pcg 1.3 break;
1164 pcg 1.1
1165 pcg 1.3 case vpn_packet::PT_DATA_COMPRESSED:
1166     #if !ENABLE_COMPRESSION
1167     send_reset (rsi);
1168     break;
1169     #endif
1170 pcg 1.1
1171 pcg 1.3 case vpn_packet::PT_DATA_UNCOMPRESSED:
1172 pcg 1.1
1173 pcg 1.3 if (ictx && octx)
1174 pcg 1.1 {
1175 pcg 1.3 vpndata_packet *p = (vpndata_packet *)pkt;
1176 pcg 1.1
1177 pcg 1.10 if (!p->hmac_chk (ictx))
1178 root 1.108 {
1179     // rekeying often creates temporary hmac auth floods
1180     // we assume they don't take longer than a few seconds normally,
1181     // and suppress messages and resets during that time.
1182     //TODO: should be done per source address
1183     if (!hmac_error)
1184     {
1185     hmac_error = ev_now () + 3;
1186     break;
1187     }
1188     else if (hmac_error >= ev_now ())
1189     break; // silently suppress
1190     else
1191     {
1192     slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
1193     "could be an attack, or just corruption or a synchronization error."),
1194     conf->nodename, (const char *)rsi);
1195     // reset
1196     }
1197     }
1198 pcg 1.10 else
1199 pcg 1.1 {
1200 pcg 1.10 u32 seqno;
1201     tap_packet *d = p->unpack (this, seqno);
1202 pcg 1.73 int seqclass = iseqno.seqno_classify (seqno);
1203 pcg 1.10
1204 root 1.108 hmac_error = 0;
1205    
1206 pcg 1.73 if (seqclass == 0) // ok
1207 pcg 1.1 {
1208 pcg 1.10 vpn->tap->send (d);
1209 pcg 1.1
1210 pcg 1.10 if (si != rsi)
1211 pcg 1.1 {
1212 pcg 1.56 // fast re-sync on source address changes, useful especially for tcp/ip
1213 pcg 1.73 //if (last_si_change < ev_now () + 5.)
1214     // {
1215 pcg 1.78 slog (L_INFO, _("%s(%s): changing socket address to %s."),
1216     conf->nodename, (const char *)si, (const char *)rsi);
1217    
1218 pcg 1.73 si = rsi;
1219 pcg 1.84
1220     if (::conf.script_node_change)
1221     {
1222     run_script_cb *cb = new run_script_cb;
1223     cb->set<connection, &connection::script_node_change> (this);
1224     run_script_queued (cb, _("node-change command execution failed, continuing."));
1225     }
1226    
1227 pcg 1.73 // }
1228     //else
1229     // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."),
1230     // conf->nodename, (const char *)si, (const char *)rsi);
1231 pcg 1.10 }
1232 pcg 1.32 }
1233 pcg 1.75 else if (seqclass == 1) // far history
1234     slog (L_ERR, _("received very old packet (received %08lx, expected %08lx). "
1235     "possible replay attack, or just packet duplication/delay, ignoring."), seqno, iseqno.seq + 1);
1236     else if (seqclass == 2) // in-window duplicate, happens often on wireless
1237     slog (L_DEBUG, _("received recent duplicated packet (received %08lx, expected %08lx). "
1238     "possible replay attack, or just packet duplication, ignoring."), seqno, iseqno.seq + 1);
1239     else if (seqclass == 3) // reset
1240 pcg 1.73 {
1241 pcg 1.75 slog (L_ERR, _("received out-of-sync (far future) packet (received %08lx, expected %08lx). "
1242     "probably just massive packet loss, sending reset."), seqno, iseqno.seq + 1);
1243 pcg 1.73 send_reset (rsi);
1244     }
1245 pcg 1.3
1246 pcg 1.32 delete d;
1247     break;
1248 pcg 1.1 }
1249     }
1250    
1251 pcg 1.3 send_reset (rsi);
1252     break;
1253 pcg 1.1
1254 pcg 1.3 case vpn_packet::PT_CONNECT_REQ:
1255     if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1256     {
1257 pcg 1.84 connect_req_packet *p = (connect_req_packet *)pkt;
1258 pcg 1.1
1259 pcg 1.57 if (p->id > 0 && p->id <= vpn->conns.size ())
1260     {
1261     connection *c = vpn->conns[p->id - 1];
1262     conf->protocols = p->protocols;
1263 pcg 1.1
1264 root 1.93 slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s,p%02x) [%d]",
1265     conf->nodename, vpn->conns[p->id - 1]->conf->nodename,
1266     p->protocols,
1267     c->ictx && c->octx);
1268 pcg 1.1
1269 pcg 1.57 if (c->ictx && c->octx)
1270     {
1271     // send connect_info packets to both sides, in case one is
1272     // behind a nat firewall (or both ;)
1273     c->send_connect_info (conf->id, si, conf->protocols);
1274     send_connect_info (c->conf->id, c->si, c->conf->protocols);
1275     }
1276     else
1277     c->establish_connection ();
1278 pcg 1.3 }
1279 pcg 1.11 else
1280 pcg 1.57 slog (L_WARN,
1281     _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1282     p->id);
1283 pcg 1.3 }
1284 pcg 1.1
1285 pcg 1.3 break;
1286 pcg 1.1
1287 pcg 1.3 case vpn_packet::PT_CONNECT_INFO:
1288     if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1289     {
1290 pcg 1.39 connect_info_packet *p = (connect_info_packet *)pkt;
1291 pcg 1.1
1292 pcg 1.57 if (p->id > 0 && p->id <= vpn->conns.size ())
1293 pcg 1.39 {
1294     connection *c = vpn->conns[p->id - 1];
1295 pcg 1.7
1296 pcg 1.39 c->conf->protocols = p->protocols;
1297     protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1298     p->si.upgrade_protocol (protocol, c->conf);
1299 pcg 1.1
1300 root 1.96 slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s,protocols=%02x,protocol=%02x,upgradable=%02x) [%d]",
1301 root 1.93 conf->nodename,
1302     vpn->conns[p->id - 1]->conf->nodename,
1303     (const char *)p->si,
1304     p->protocols,
1305 root 1.96 protocol,
1306     p->si.supported_protocols (c->conf),
1307 root 1.93 !c->ictx && !c->octx);
1308 pcg 1.7
1309 pcg 1.39 const sockinfo &dsi = forward_si (p->si);
1310 pcg 1.1
1311 pcg 1.39 if (dsi.valid ())
1312     c->send_auth_request (dsi, true);
1313 root 1.96 else
1314     slog (L_INFO, "connect info for %s received (%s), but still unable to contact.",
1315     vpn->conns[p->id - 1]->conf->nodename,
1316     (const char *)p->si);
1317 pcg 1.39 }
1318 pcg 1.57 else
1319     slog (L_WARN,
1320     _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1321     p->id);
1322 pcg 1.3 }
1323 pcg 1.1
1324 pcg 1.3 break;
1325 pcg 1.1
1326 pcg 1.3 default:
1327     send_reset (rsi);
1328     break;
1329 pcg 1.1 }
1330     }
1331    
1332 pcg 1.66 inline void
1333     connection::keepalive_cb (ev::timer &w, int revents)
1334 pcg 1.1 {
1335 root 1.97 ev_tstamp when = last_activity + ::conf.keepalive - ev::now ();
1336    
1337     if (when >= 0)
1338     w.start (when);
1339     else if (when < -15)
1340 pcg 1.1 {
1341 root 1.108 reset_connection ("keepalive overdue");
1342 pcg 1.1 establish_connection ();
1343     }
1344     else if (conf->connectmode != conf_node::C_ONDEMAND
1345     || THISNODE->connectmode != conf_node::C_ONDEMAND)
1346     {
1347 root 1.97 w.start (3);
1348 pcg 1.1 send_ping (si);
1349     }
1350 root 1.97 else if (when >= -10)
1351 pcg 1.12 // hold ondemand connections implicitly a few seconds longer
1352     // should delete octx, though, or something like that ;)
1353 root 1.97 w.start (when + 10);
1354 pcg 1.1 else
1355 root 1.108 reset_connection ("keepalive timeout");
1356 pcg 1.1 }
1357    
1358 root 1.90 void
1359     connection::send_connect_request (int id)
1360 pcg 1.1 {
1361 root 1.93 connect_req_packet *p = new connect_req_packet (conf->id, id, THISNODE->protocols);
1362 pcg 1.1
1363 root 1.93 slog (L_TRACE, "%s << PT_CONNECT_REQ(%s,p%02x)",
1364     conf->nodename, vpn->conns[id - 1]->conf->nodename,
1365     THISNODE->protocols);
1366 pcg 1.1 p->hmac_set (octx);
1367 pcg 1.10 send_vpn_packet (p, si);
1368 pcg 1.1
1369     delete p;
1370     }
1371    
1372 root 1.90 void
1373     connection::script_init_env (const char *ext)
1374 pcg 1.53 {
1375     char *env;
1376     asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env);
1377 pcg 1.84 asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env);
1378 pcg 1.53 asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext,
1379     0xfe, 0xfd, 0x80, 0x00, conf->id >> 8,
1380 pcg 1.84 conf->id & 0xff); putenv (env);
1381 pcg 1.53 }
1382    
1383 root 1.90 void
1384     connection::script_init_connect_env ()
1385 pcg 1.1 {
1386 pcg 1.52 vpn->script_init_env ();
1387 pcg 1.1
1388     char *env;
1389 pcg 1.84 asprintf (&env, "DESTID=%d", conf->id); putenv (env);
1390     asprintf (&env, "DESTSI=%s", (const char *)si); putenv (env);
1391     asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env);
1392     asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env);
1393     asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env);
1394 pcg 1.1 }
1395    
1396 pcg 1.66 inline const char *
1397     connection::script_node_up ()
1398 pcg 1.1 {
1399 pcg 1.53 script_init_connect_env ();
1400 pcg 1.1
1401 pcg 1.60 putenv ((char *)"STATE=up");
1402 pcg 1.1
1403 pcg 1.52 char *filename;
1404     asprintf (&filename,
1405     "%s/%s",
1406     confbase,
1407     ::conf.script_node_up ? ::conf.script_node_up : "node-up");
1408 pcg 1.54
1409     return filename;
1410 pcg 1.1 }
1411    
1412 pcg 1.66 inline const char *
1413 pcg 1.84 connection::script_node_change ()
1414     {
1415     script_init_connect_env ();
1416    
1417     putenv ((char *)"STATE=change");
1418    
1419     char *filename;
1420     asprintf (&filename,
1421     "%s/%s",
1422     confbase,
1423     ::conf.script_node_change ? ::conf.script_node_change : "node-change");
1424    
1425     return filename;
1426     }
1427    
1428     inline const char *
1429 pcg 1.66 connection::script_node_down ()
1430 pcg 1.1 {
1431 pcg 1.53 script_init_connect_env ();
1432 pcg 1.1
1433 pcg 1.60 putenv ((char *)"STATE=down");
1434 pcg 1.1
1435 pcg 1.52 char *filename;
1436     asprintf (&filename,
1437     "%s/%s",
1438     confbase,
1439     ::conf.script_node_down ? ::conf.script_node_down : "node-down");
1440 pcg 1.54
1441     return filename;
1442 pcg 1.1 }
1443    
1444 pcg 1.40 connection::connection (struct vpn *vpn, conf_node *conf)
1445 pcg 1.67 : vpn(vpn), conf(conf),
1446 pcg 1.40 #if ENABLE_DNS
1447 pcg 1.67 dns (0),
1448 pcg 1.40 #endif
1449 pcg 1.72 data_queue(conf->max_ttl, conf->max_queue + 1),
1450     vpn_queue(conf->max_ttl, conf->max_queue + 1)
1451 pcg 1.1 {
1452 pcg 1.65 rekey .set<connection, &connection::rekey_cb > (this);
1453     keepalive .set<connection, &connection::keepalive_cb > (this);
1454     establish_connection.set<connection, &connection::establish_connection_cb> (this);
1455    
1456 pcg 1.68 last_establish_attempt = 0.;
1457 pcg 1.1 octx = ictx = 0;
1458    
1459 pcg 1.67 connectmode = conf->connectmode;
1460    
1461     // queue a dummy packet to force an initial connection attempt
1462     if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED)
1463 pcg 1.68 vpn_queue.put (new net_packet);
1464 pcg 1.67
1465 root 1.108 reset_connection ("startup");
1466 pcg 1.1 }
1467    
1468     connection::~connection ()
1469     {
1470     shutdown ();
1471     }
1472    
1473 root 1.90 void
1474     connection_init ()
1475 pcg 1.1 {
1476     auth_rate_limiter.clear ();
1477     reset_rate_limiter.clear ();
1478     }
1479