… | |
… | |
197 | // only do action once every x seconds per host whole allowing bursts. |
197 | // only do action once every x seconds per host whole allowing bursts. |
198 | // this implementation ("splay list" ;) is inefficient, |
198 | // this implementation ("splay list" ;) is inefficient, |
199 | // but low on resources. |
199 | // but low on resources. |
200 | struct net_rate_limiter : list<net_rateinfo> |
200 | struct net_rate_limiter : list<net_rateinfo> |
201 | { |
201 | { |
202 | static const double ALPHA = 1. - 1. / 90.; // allow bursts |
202 | static const double ALPHA = 1. - 1. / 180.; // allow bursts |
203 | static const double CUTOFF = 20.; // one event every CUTOFF seconds |
203 | static const double CUTOFF = 10.; // one event every CUTOFF seconds |
204 | static const double EXPIRE = CUTOFF * 30.; // expire entries after this time |
204 | static const double EXPIRE = CUTOFF * 30.; // expire entries after this time |
205 | |
205 | |
206 | bool can (const sockinfo &si) { return can((u32)si.host); } |
206 | bool can (const sockinfo &si) { return can((u32)si.host); } |
207 | bool can (u32 host); |
207 | bool can (u32 host); |
208 | }; |
208 | }; |
209 | |
209 | |
… | |
… | |
546 | }; |
546 | }; |
547 | |
547 | |
548 | ///////////////////////////////////////////////////////////////////////////// |
548 | ///////////////////////////////////////////////////////////////////////////// |
549 | |
549 | |
550 | void |
550 | void |
551 | connection::reset_dstaddr () |
551 | connection::reset_si () |
552 | { |
552 | { |
553 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
553 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
554 | |
554 | |
555 | // mask out protocols we cannot establish |
555 | // mask out protocols we cannot establish |
556 | if (!conf->udp_port) protocol &= ~PROT_UDPv4; |
556 | if (!conf->udp_port) protocol &= ~PROT_UDPv4; |
557 | if (!conf->tcp_port) protocol &= ~PROT_TCPv4; |
557 | if (!conf->tcp_port) protocol &= ~PROT_TCPv4; |
558 | |
558 | |
559 | si.set (conf, protocol); |
559 | si.set (conf, protocol); |
|
|
560 | } |
|
|
561 | |
|
|
562 | // ensure sockinfo is valid, forward if necessary |
|
|
563 | const sockinfo & |
|
|
564 | connection::forward_si (const sockinfo &si) const |
|
|
565 | { |
|
|
566 | if (!si.valid ()) |
|
|
567 | { |
|
|
568 | connection *r = vpn->find_router (); |
|
|
569 | |
|
|
570 | if (r) |
|
|
571 | { |
|
|
572 | slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s"), |
|
|
573 | conf->nodename, r->conf->nodename); |
|
|
574 | return r->si; |
|
|
575 | } |
|
|
576 | else |
|
|
577 | slog (L_DEBUG, _("%s: node unreachable, no common protocol"), |
|
|
578 | conf->nodename); |
|
|
579 | } |
|
|
580 | |
|
|
581 | return si; |
560 | } |
582 | } |
561 | |
583 | |
562 | void |
584 | void |
563 | connection::send_ping (const sockinfo &si, u8 pong) |
585 | connection::send_ping (const sockinfo &si, u8 pong) |
564 | { |
586 | { |
… | |
… | |
598 | conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) |
620 | conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) |
599 | fatal ("RSA_public_encrypt error"); |
621 | fatal ("RSA_public_encrypt error"); |
600 | |
622 | |
601 | slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); |
623 | slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); |
602 | |
624 | |
603 | vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly |
625 | vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly |
604 | |
626 | |
605 | delete pkt; |
627 | delete pkt; |
606 | } |
628 | } |
607 | |
629 | |
608 | void |
630 | void |
… | |
… | |
651 | if (retry_int < 3600 * 8) |
673 | if (retry_int < 3600 * 8) |
652 | retry_cnt++; |
674 | retry_cnt++; |
653 | |
675 | |
654 | w.at = NOW + retry_int; |
676 | w.at = NOW + retry_int; |
655 | |
677 | |
656 | if (conf->hostname) |
678 | reset_si (); |
|
|
679 | |
|
|
680 | if (si.prot && !si.host) |
|
|
681 | vpn->connect_request (conf->id); |
|
|
682 | else |
657 | { |
683 | { |
658 | reset_dstaddr (); |
684 | const sockinfo &dsi = forward_si (si); |
659 | |
685 | |
660 | if (si.valid () && auth_rate_limiter.can (si)) |
686 | if (dsi.valid () && auth_rate_limiter.can (dsi)) |
661 | { |
687 | { |
662 | if (retry_cnt < 4) |
688 | if (retry_cnt < 4) |
663 | send_auth_request (si, true); |
689 | send_auth_request (dsi, true); |
664 | else |
690 | else |
665 | send_ping (si, 0); |
691 | send_ping (dsi, 0); |
666 | } |
692 | } |
667 | } |
693 | } |
668 | else |
|
|
669 | vpn->connect_request (conf->id); |
|
|
670 | } |
694 | } |
671 | } |
695 | } |
672 | |
696 | |
673 | void |
697 | void |
674 | connection::reset_connection () |
698 | connection::reset_connection () |
… | |
… | |
743 | if (!broadcast)//DDDD |
767 | if (!broadcast)//DDDD |
744 | queue.put (new tap_packet (*pkt)); |
768 | queue.put (new tap_packet (*pkt)); |
745 | |
769 | |
746 | establish_connection (); |
770 | establish_connection (); |
747 | } |
771 | } |
|
|
772 | } |
|
|
773 | |
|
|
774 | void connection::inject_vpn_packet (vpn_packet *pkt, int tos) |
|
|
775 | { |
|
|
776 | if (ictx && octx) |
|
|
777 | vpn->send_vpn_packet (pkt, si, tos); |
|
|
778 | else |
|
|
779 | establish_connection (); |
748 | } |
780 | } |
749 | |
781 | |
750 | void |
782 | void |
751 | connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
783 | connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
752 | { |
784 | { |
… | |
… | |
1004 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1036 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1005 | p->si.upgrade_protocol (protocol, c->conf); |
1037 | p->si.upgrade_protocol (protocol, c->conf); |
1006 | |
1038 | |
1007 | slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", |
1039 | slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", |
1008 | conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); |
1040 | conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); |
1009 | //slog (L_ERR, "%d PROTOCL(C%x,T%x,0S%x,S%x,P%x,SP%x)", |
|
|
1010 | // p->id, c->conf->protocols, THISNODE->protocols, p->si.supported_protocols(0), p->si.supported_protocols (c->conf), |
|
|
1011 | // protocol, p->si.prot); |
|
|
1012 | |
1041 | |
|
|
1042 | const sockinfo &dsi = forward_si (p->si); |
|
|
1043 | |
|
|
1044 | if (dsi.valid ()) |
1013 | c->send_auth_request (p->si, true); |
1045 | c->send_auth_request (dsi, true); |
1014 | } |
1046 | } |
1015 | |
1047 | |
1016 | break; |
1048 | break; |
1017 | |
1049 | |
1018 | default: |
1050 | default: |