[ViewVC] Diff of: cvs/gvpe/src/connection.C

Comparing gvpe/src/connection.C (file contents):
Revision 1.5 by pcg, Wed Apr 2 21:43:44 2003 UTC vs.
Revision 1.8 by pcg, Sun Apr 6 04:17:36 2003 UTC

…		…
285	hmac_gen (ctx);	285	hmac_gen (ctx);
286		286
287	return !memcmp (hmac, hmac_digest, HMACLENGTH);	287	return !memcmp (hmac, hmac_digest, HMACLENGTH);
288	}	288	}
289		289
290	void vpn_packet::set_hdr (ptype type, unsigned int dst)	290	void vpn_packet::set_hdr (ptype type_, unsigned int dst)
291	{	291	{
292	this->type = type;	292	type = type_;
293		293
294	int src = THISNODE->id;	294	int src = THISNODE->id;
295		295
296	src1 = src;	296	src1 = src;
297	srcdst = ((src >> 8) << 4) \| (dst >> 8);	297	srcdst = ((src >> 8) << 4) \| (dst >> 8);
…		…
546	};	546	};
547		547
548	/////////////////////////////////////////////////////////////////////////////	548	/////////////////////////////////////////////////////////////////////////////
549		549
550	void	550	void
551	connection::reset_dstaddr ()	551	connection::reset_si ()
552	{	552	{
553	si.set (conf);
554	}
555
556	void
557	connection::send_ping (const sockinfo &si, u8 pong)
558	{
559	ping_packet *pkt = new ping_packet;
560
561	pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
562	send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
563
564	delete pkt;
565	}
566
567	void
568	connection::send_reset (const sockinfo &si)
569	{
570	if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
571	{
572	config_packet *pkt = new config_packet;
573
574	pkt->setup (vpn_packet::PT_RESET, conf->id);
575	send_vpn_packet (pkt, si, IPTOS_MINCOST);
576
577	delete pkt;
578	}
579	}
580
581	void
582	connection::send_auth_request (const sockinfo &si, bool initiate)
583	{
584	auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
585
586	protocol = best_protocol (THISNODE->protocols & conf->protocols);	553	protocol = best_protocol (THISNODE->protocols & conf->protocols);
587		554
588	// mask out protocols we cannot establish	555	// mask out protocols we cannot establish
589	if (!conf->udp_port) protocol &= ~PROT_UDPv4;	556	if (!conf->udp_port) protocol &= ~PROT_UDPv4;
590	if (!conf->tcp_port) protocol &= ~PROT_TCPv4;	557	if (!conf->tcp_port) protocol &= ~PROT_TCPv4;
591		558
592	if (protocol)	559	si.set (conf, protocol);
		560	}
		561
		562	// ensure sockinfo is valid, forward if necessary
		563	const sockinfo &
		564	connection::forward_si (const sockinfo &si) const
		565	{
		566	if (!si.valid ())
		567	{
		568	connection *r = vpn->find_router ();
		569
		570	if (r)
		571	{
		572	slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s"),
		573	conf->nodename, r->conf->nodename);
		574	return r->si;
		575	}
		576	else
		577	slog (L_DEBUG, _("%s: node unreachable, no common protocol"),
		578	conf->nodename);
593	{	579	}
594	rsachallenge chg;
595		580
596	rsa_cache.gen (pkt->id, chg);	581	return si;
		582	}
597		583
598	if (0 > RSA_public_encrypt (sizeof chg,	584	void
599	(unsigned char )&chg, (unsigned char )&pkt->encr,	585	connection::send_ping (const sockinfo &si, u8 pong)
600	conf->rsa_key, RSA_PKCS1_OAEP_PADDING))	586	{
601	fatal ("RSA_public_encrypt error");	587	ping_packet *pkt = new ping_packet;
602		588
603	slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);	589	pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
		590	vpn->send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
604		591
605	send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly	592	delete pkt;
		593	}
		594
		595	void
		596	connection::send_reset (const sockinfo &si)
		597	{
		598	if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
		599	{
		600	config_packet *pkt = new config_packet;
		601
		602	pkt->setup (vpn_packet::PT_RESET, conf->id);
		603	vpn->send_vpn_packet (pkt, si, IPTOS_MINCOST);
606		604
607	delete pkt;	605	delete pkt;
608	}	606	}
609	else	607	}
610	; // silently fail	608
		609	void
		610	connection::send_auth_request (const sockinfo &si, bool initiate)
		611	{
		612	auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
		613
		614	rsachallenge chg;
		615
		616	rsa_cache.gen (pkt->id, chg);
		617
		618	if (0 > RSA_public_encrypt (sizeof chg,
		619	(unsigned char )&chg, (unsigned char )&pkt->encr,
		620	conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
		621	fatal ("RSA_public_encrypt error");
		622
		623	slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
		624
		625	vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY \| IPTOS_LOWDELAY); // rsa is very very costly
		626
		627
		628	delete pkt;
611	}	629	}
612		630
613	void	631	void
614	connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg)	632	connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg)
615	{	633	{
…		…
621		639
622	pkt->hmac_set (octx);	640	pkt->hmac_set (octx);
623		641
624	slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si);	642	slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si);
625		643
626	send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly	644	vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
627		645
628	delete pkt;	646	delete pkt;
629	}	647	}
630		648
631	void	649	void
…		…
635	conf->id, rid, (const char *)rsi);	653	conf->id, rid, (const char *)rsi);
636		654
637	connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);	655	connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
638		656
639	r->hmac_set (octx);	657	r->hmac_set (octx);
640	send_vpn_packet (r, si);	658	vpn->send_vpn_packet (r, si);
641		659
642	delete r;	660	delete r;
643	}	661	}
644		662
645	void	663	void
…		…
656	if (retry_int < 3600 * 8)	674	if (retry_int < 3600 * 8)
657	retry_cnt++;	675	retry_cnt++;
658		676
659	w.at = NOW + retry_int;	677	w.at = NOW + retry_int;
660		678
661	if (conf->hostname)	679	reset_si ();
		680
		681	if (si.prot && !si.host)
		682	vpn->connect_request (conf->id);
		683	else
662	{	684	{
663	reset_dstaddr ();	685	const sockinfo &dsi = forward_si (si);
		686
664	if (si.host && auth_rate_limiter.can (si))	687	if (dsi.valid () && auth_rate_limiter.can (dsi))
665	{	688	{
666	if (retry_cnt < 4)	689	if (retry_cnt < 4)
667	send_auth_request (si, true);	690	send_auth_request (dsi, true);
668	else	691	else
669	send_ping (si, 0);	692	send_ping (dsi, 0);
670	}	693	}
671	}	694	}
672	else
673	vpn->connect_request (conf->id);
674	}	695	}
675	}	696	}
676		697
677	void	698	void
678	connection::reset_connection ()	699	connection::reset_connection ()
…		…
727	&& (pkt)[12] == 0x08 && (pkt)[13] == 0x00 // IP	748	&& (pkt)[12] == 0x08 && (pkt)[13] == 0x00 // IP
728	&& ((*pkt)[14] & 0xf0) == 0x40) // IPv4	749	&& ((*pkt)[14] & 0xf0) == 0x40) // IPv4
729	tos = (*pkt)[15] & IPTOS_TOS_MASK;	750	tos = (*pkt)[15] & IPTOS_TOS_MASK;
730		751
731	p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs	752	p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
732	send_vpn_packet (p, si, tos);	753	vpn->send_vpn_packet (p, si, tos);
733		754
734	delete p;	755	delete p;
735		756
736	if (oseqno > MAX_SEQNO)	757	if (oseqno > MAX_SEQNO)
737	rekey ();	758	rekey ();
…		…
747	if (!broadcast)//DDDD	768	if (!broadcast)//DDDD
748	queue.put (new tap_packet (*pkt));	769	queue.put (new tap_packet (*pkt));
749		770
750	establish_connection ();	771	establish_connection ();
751	}	772	}
		773	}
		774
		775	void connection::inject_vpn_packet (vpn_packet *pkt, int tos)
		776	{
		777	if (ictx && octx)
		778	vpn->send_vpn_packet (pkt, si, tos);
		779	else
		780	establish_connection ();
752	}	781	}
753		782
754	void	783	void
755	connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)	784	connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
756	{	785	{
…		…
820	slog (L_ERR, _("%s(%s): challenge illegal or corrupted"),	849	slog (L_ERR, _("%s(%s): challenge illegal or corrupted"),
821	conf->nodename, (const char *)rsi);	850	conf->nodename, (const char *)rsi);
822	else	851	else
823	{	852	{
824	retry_cnt = 0;	853	retry_cnt = 0;
825	establish_connection.set (NOW + 8); //? ;)	854	establish_connection.start (NOW + 8); //? ;)
826	keepalive.reset ();	855	keepalive.reset ();
827	rekey.reset ();	856	rekey.reset ();
828		857
829	delete ictx;	858	delete ictx;
830	ictx = 0;	859	ictx = 0;
…		…
885	delete ictx; ictx = cctx;	914	delete ictx; ictx = cctx;
886		915
887	iseqno.reset (ntohl ((u32 )&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid	916	iseqno.reset (ntohl ((u32 )&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
888		917
889	si = rsi;	918	si = rsi;
		919	protocol = rsi.prot;
890		920
891	rekey.set (NOW + ::conf.rekey);	921	rekey.start (NOW + ::conf.rekey);
892	keepalive.set (NOW + ::conf.keepalive);	922	keepalive.start (NOW + ::conf.keepalive);
893		923
894	// send queued packets	924	// send queued packets
895	while (tap_packet *p = queue.get ())	925	while (tap_packet *p = queue.get ())
896	{	926	{
897	send_data_packet (p);	927	send_data_packet (p);
898	delete p;	928	delete p;
899	}	929	}
900		930
901	connectmode = conf->connectmode;	931	connectmode = conf->connectmode;
902		932
903	slog (L_INFO, _("%s(%s): %s connection established, protocol version %d.%d"),	933	slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"),
904	conf->nodename, (const char *)rsi,	934	conf->nodename, (const char *)rsi,
905	strprotocol (protocol),
906	p->prot_major, p->prot_minor);	935	p->prot_major, p->prot_minor);
907		936
908	if (::conf.script_node_up)	937	if (::conf.script_node_up)
909	run_script (run_script_cb (this, &connection::script_node_up), false);	938	run_script (run_script_cb (this, &connection::script_node_up), false);
910		939
…		…
976	if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))	1005	if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
977	{	1006	{
978	connect_req_packet p = (connect_req_packet ) pkt;	1007	connect_req_packet p = (connect_req_packet ) pkt;
979		1008
980	assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything	1009	assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
		1010	connection *c = vpn->conns[p->id - 1];
981	conf->protocols = p->protocols;	1011	conf->protocols = p->protocols;
982	connection *c = vpn->conns[p->id - 1];
983		1012
984	slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n",	1013	slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n",
985	conf->id, p->id, c->ictx && c->octx);	1014	conf->id, p->id, c->ictx && c->octx);
986		1015
987	if (c->ictx && c->octx)	1016	if (c->ictx && c->octx)
…		…
999	if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))	1028	if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1000	{	1029	{
1001	connect_info_packet p = (connect_info_packet ) pkt;	1030	connect_info_packet p = (connect_info_packet ) pkt;
1002		1031
1003	assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything	1032	assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
1004	conf->protocols = p->protocols;	1033
1005	connection *c = vpn->conns[p->id - 1];	1034	connection *c = vpn->conns[p->id - 1];
		1035
		1036	c->conf->protocols = p->protocols;
		1037	protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
		1038	p->si.upgrade_protocol (protocol, c->conf);
1006		1039
1007	slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",	1040	slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
1008	conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);	1041	conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
1009		1042
		1043	const sockinfo &dsi = forward_si (p->si);
		1044
		1045	if (dsi.valid ())
1010	c->send_auth_request (p->si, true);	1046	c->send_auth_request (dsi, true);
1011	}	1047	}
1012		1048
1013	break;	1049	break;
1014		1050
1015	default:	1051	default:
…		…
1041	{	1077	{
1042	connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);	1078	connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);
1043		1079
1044	slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);	1080	slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);
1045	p->hmac_set (octx);	1081	p->hmac_set (octx);
1046	send_vpn_packet (p, si);	1082	vpn->send_vpn_packet (p, si);
1047		1083
1048	delete p;	1084	delete p;
1049	}	1085	}
1050		1086
1051	void connection::script_node ()	1087	void connection::script_node ()
…		…
1075	putenv ("STATE=down");	1111	putenv ("STATE=down");
1076		1112
1077	return ::conf.script_node_up ? ::conf.script_node_down : "node-down";	1113	return ::conf.script_node_up ? ::conf.script_node_down : "node-down";
1078	}	1114	}
1079		1115
1080	// send a vpn packet out to other hosts
1081	void
1082	connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
1083	{
1084	switch (protocol)
1085	{
1086	case PROT_IPv4:
1087	vpn->send_ipv4_packet (pkt, si, tos);
1088	break;
1089
1090	case PROT_UDPv4:
1091	vpn->send_udpv4_packet (pkt, si, tos);
1092	break;
1093
1094	#if ENABLE_TCP
1095	case PROT_TCPv4:
1096	vpn->send_tcpv4_packet (pkt, si, tos);
1097	break;
1098	#endif
1099	}
1100	}
1101
1102	connection::connection(struct vpn *vpn_)	1116	connection::connection(struct vpn *vpn_)
1103	: vpn(vpn_)	1117	: vpn(vpn_)
1104	, rekey (this, &connection::rekey_cb)	1118	, rekey (this, &connection::rekey_cb)
1105	, keepalive (this, &connection::keepalive_cb)	1119	, keepalive (this, &connection::keepalive_cb)
1106	, establish_connection (this, &connection::establish_connection_cb)	1120	, establish_connection (this, &connection::establish_connection_cb)

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/connection.C (file contents): Revision 1.5 by pcg, Wed Apr 2 21:43:44 2003 UTC vs. Revision 1.8 by pcg, Sun Apr 6 04:17:36 2003 UTC

Diff Legend

Comparing gvpe/src/connection.C (file contents):
Revision 1.5 by pcg, Wed Apr 2 21:43:44 2003 UTC vs.
Revision 1.8 by pcg, Sun Apr 6 04:17:36 2003 UTC