ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.19 by pcg, Tue Oct 14 03:22:09 2003 UTC vs.
Revision 1.23 by pcg, Wed Oct 22 00:42:53 2003 UTC

1/* 1/*
2 connection.C -- manage a single connection 2 connection.C -- manage a single connection
3 Copyright (C) 2003 Marc Lehmann <pcg@goof.com>
3 4
4 This program is free software; you can redistribute it and/or modify 5 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by 6 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or 7 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version. 8 (at your option) any later version.
35#include "slog.h" 36#include "slog.h"
36#include "device.h" 37#include "device.h"
37#include "vpn.h" 38#include "vpn.h"
38#include "connection.h" 39#include "connection.h"
39 40
40#include <sys/socket.h> 41#include "netcompat.h"
41#ifdef HAVE_NETINET_IN_H
42# include <netinet/in.h>
43#endif
44#include <arpa/inet.h>
45#include <net/if.h>
46#ifdef HAVE_NETINET_IN_SYSTM_H
47# include <netinet/in_systm.h>
48#endif
49#ifdef HAVE_NETINET_IP_H
50# include <netinet/ip.h>
51#endif
52
53#ifndef IPTOS_TOS_MASK
54# define IPTOS_TOS_MASK (IPTOS_LOWDELAY | IPTOS_THROUGHPUT | IPTOS_RELIABILITY | IPTOS_MINCOST)
55#endif
56 42
57#if !HAVE_RAND_PSEUDO_BYTES 43#if !HAVE_RAND_PSEUDO_BYTES
58# define RAND_pseudo_bytes RAND_bytes 44# define RAND_pseudo_bytes RAND_bytes
59#endif 45#endif
60 46
493} 479}
494 480
495bool config_packet::chk_config () const 481bool config_packet::chk_config () const
496{ 482{
497 if (prot_major != PROTOCOL_MAJOR) 483 if (prot_major != PROTOCOL_MAJOR)
498 slog (L_WARN, _("major version mismatch (%d <=> %d)"), prot_major, PROTOCOL_MAJOR); 484 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
499 else if (randsize != RAND_SIZE) 485 else if (randsize != RAND_SIZE)
500 slog (L_WARN, _("rand size mismatch (%d <=> %d)"), randsize, RAND_SIZE); 486 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
501 else if (hmaclen != HMACLENGTH) 487 else if (hmaclen != HMACLENGTH)
502 slog (L_WARN, _("hmac length mismatch (%d <=> %d)"), hmaclen, HMACLENGTH); 488 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
503 else if (flags != curflags ()) 489 else if (flags != curflags ())
504 slog (L_WARN, _("flag mismatch (%x <=> %x)"), flags, curflags ()); 490 slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
505 else if (challengelen != sizeof (rsachallenge)) 491 else if (challengelen != sizeof (rsachallenge))
506 slog (L_WARN, _("challenge length mismatch (%d <=> %d)"), challengelen, sizeof (rsachallenge)); 492 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
507 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER))) 493 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
508 slog (L_WARN, _("cipher mismatch (%x <=> %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER)); 494 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
509 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH))) 495 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
510 slog (L_WARN, _("digest mismatch (%x <=> %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH)); 496 slog (L_WARN, _("digest mismatch (remote %x <=> local %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
511 else if (hmac_nid != htonl (EVP_MD_type (DIGEST))) 497 else if (hmac_nid != htonl (EVP_MD_type (DIGEST)))
512 slog (L_WARN, _("hmac mismatch (%x <=> %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST)); 498 slog (L_WARN, _("hmac mismatch (remote %x <=> local %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
513 else 499 else
514 return true; 500 return true;
515 501
516 return false; 502 return false;
517} 503}
815 reset_connection (); 801 reset_connection ();
816 establish_connection (); 802 establish_connection ();
817} 803}
818 804
819void 805void
820connection::send_data_packet (tap_packet *pkt, bool broadcast) 806connection::send_data_packet (tap_packet *pkt)
821{ 807{
822 vpndata_packet *p = new vpndata_packet; 808 vpndata_packet *p = new vpndata_packet;
823 int tos = 0; 809 int tos = 0;
824 810
825 // I am not hilarious about peeking into packets, but so be it. 811 // I am not hilarious about peeking into packets, but so be it.
826 if (conf->inherit_tos 812 if (conf->inherit_tos && pkt->is_ipv4 ())
827 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
828 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
829 tos = (*pkt)[15] & IPTOS_TOS_MASK; 813 tos = (*pkt)[15] & IPTOS_TOS_MASK;
830 814
831 p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs 815 p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
832 send_vpn_packet (p, si, tos); 816 send_vpn_packet (p, si, tos);
833 817
834 delete p; 818 delete p;
835 819
836 if (oseqno > MAX_SEQNO) 820 if (oseqno > MAX_SEQNO)
837 rekey (); 821 rekey ();
838} 822}
839 823
840void 824void
841connection::inject_data_packet (tap_packet *pkt, bool broadcast) 825connection::inject_data_packet (tap_packet *pkt, bool broadcast/*TODO DDD*/)
842{ 826{
843 if (ictx && octx) 827 if (ictx && octx)
844 send_data_packet (pkt, broadcast); 828 send_data_packet (pkt);
845 else 829 else
846 { 830 {
847 if (!broadcast)//DDDD 831 if (!broadcast)//DDDD
848 data_queue.put (new tap_packet (*pkt)); 832 data_queue.put (new tap_packet (*pkt));
849 833
927 rsachallenge k; 911 rsachallenge k;
928 912
929 if (0 > RSA_private_decrypt (sizeof (p->encr), 913 if (0 > RSA_private_decrypt (sizeof (p->encr),
930 (unsigned char *)&p->encr, (unsigned char *)&k, 914 (unsigned char *)&p->encr, (unsigned char *)&k,
931 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING)) 915 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
916 {
932 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"), 917 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
933 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0)); 918 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
919 break;
920 }
934 else 921 else
935 { 922 {
936 delete octx; 923 delete octx;
937 924
938 octx = new crypto_ctx (k, 1); 925 octx = new crypto_ctx (k, 1);
1052 1039
1053 if (iseqno.recv_ok (seqno)) 1040 if (iseqno.recv_ok (seqno))
1054 { 1041 {
1055 vpn->tap->send (d); 1042 vpn->tap->send (d);
1056 1043
1057 if (p->dst () == 0) // re-broadcast
1058 for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
1059 {
1060 connection *c = *i;
1061
1062 if (c->conf != THISNODE && c->conf != conf)
1063 c->inject_data_packet (d);
1064 }
1065
1066 if (si != rsi) 1044 if (si != rsi)
1067 { 1045 {
1068 // fast re-sync on connection changes, useful especially for tcp/ip 1046 // fast re-sync on connection changes, useful especially for tcp/ip
1069 si = rsi; 1047 si = rsi;
1070 1048

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines