ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.11 by pcg, Sun Apr 13 00:35:46 2003 UTC vs.
Revision 1.15 by pcg, Fri Aug 8 10:58:28 2003 UTC

147 } 147 }
148} 148}
149 149
150////////////////////////////////////////////////////////////////////////////// 150//////////////////////////////////////////////////////////////////////////////
151 151
152void pkt_queue::put (tap_packet *p) 152void pkt_queue::put (net_packet *p)
153{ 153{
154 if (queue[i]) 154 if (queue[i])
155 { 155 {
156 delete queue[i]; 156 delete queue[i];
157 j = (j + 1) % QUEUEDEPTH; 157 j = (j + 1) % QUEUEDEPTH;
160 queue[i] = p; 160 queue[i] = p;
161 161
162 i = (i + 1) % QUEUEDEPTH; 162 i = (i + 1) % QUEUEDEPTH;
163} 163}
164 164
165tap_packet *pkt_queue::get () 165net_packet *pkt_queue::get ()
166{ 166{
167 tap_packet *p = queue[j]; 167 net_packet *p = queue[j];
168 168
169 if (p) 169 if (p)
170 { 170 {
171 queue[j] = 0; 171 queue[j] = 0;
172 j = (j + 1) % QUEUEDEPTH; 172 j = (j + 1) % QUEUEDEPTH;
475 set_hdr (type, dst); 475 set_hdr (type, dst);
476} 476}
477 477
478bool config_packet::chk_config () const 478bool config_packet::chk_config () const
479{ 479{
480 return prot_major == PROTOCOL_MAJOR 480 if (prot_major != PROTOCOL_MAJOR)
481 && randsize == RAND_SIZE 481 slog (L_WARN, _("major version mismatch (%d <=> %d)"), prot_major, PROTOCOL_MAJOR);
482 && hmaclen == HMACLENGTH 482 else if (randsize != RAND_SIZE)
483 && flags == curflags () 483 slog (L_WARN, _("rand size mismatch (%d <=> %d)"), randsize, RAND_SIZE);
484 else if (hmaclen != HMACLENGTH)
485 slog (L_WARN, _("hmac length mismatch (%d <=> %d)"), hmaclen, HMACLENGTH);
486 else if (flags != curflags ())
487 slog (L_WARN, _("flag mismatch (%x <=> %x)"), flags, curflags ());
484 && challengelen == sizeof (rsachallenge) 488 else if (challengelen != sizeof (rsachallenge))
489 slog (L_WARN, _("challenge length mismatch (%d <=> %d)"), challengelen, sizeof (rsachallenge));
485 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER)) 490 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
491 slog (L_WARN, _("cipher mismatch (%x <=> %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
486 && digest_nid == htonl (EVP_MD_type (RSA_HASH)) 492 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
493 slog (L_WARN, _("digest mismatch (%x <=> %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
487 && hmac_nid == htonl (EVP_MD_type (DIGEST)); 494 else if (hmac_nid != htonl (EVP_MD_type (DIGEST)))
495 slog (L_WARN, _("hmac mismatch (%x <=> %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
496 else
497 return true;
498
499 return false;
488} 500}
489 501
490struct auth_req_packet : config_packet 502struct auth_req_packet : config_packet
491{ 503{
492 char magic[8]; 504 char magic[8];
565 rekey.start (NOW + ::conf.rekey); 577 rekey.start (NOW + ::conf.rekey);
566 keepalive.start (NOW + ::conf.keepalive); 578 keepalive.start (NOW + ::conf.keepalive);
567 579
568 // send queued packets 580 // send queued packets
569 if (ictx && octx) 581 if (ictx && octx)
582 {
570 while (tap_packet *p = queue.get ()) 583 while (tap_packet *p = (tap_packet *)data_queue.get ())
571 { 584 {
572 send_data_packet (p); 585 send_data_packet (p);
573 delete p; 586 delete p;
574 } 587 }
588
589 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
590 {
591 send_vpn_packet (p, si, IPTOS_RELIABILITY);
592 delete p;
593 }
594 }
575 } 595 }
576 else 596 else
577 { 597 {
578 retry_cnt = 0; 598 retry_cnt = 0;
579 establish_connection.start (NOW + 5); 599 establish_connection.start (NOW + 5);
783connection::send_data_packet (tap_packet *pkt, bool broadcast) 803connection::send_data_packet (tap_packet *pkt, bool broadcast)
784{ 804{
785 vpndata_packet *p = new vpndata_packet; 805 vpndata_packet *p = new vpndata_packet;
786 int tos = 0; 806 int tos = 0;
787 807
808 // I am not hilarious about peeking into packets, but so be it.
788 if (conf->inherit_tos 809 if (conf->inherit_tos
789 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP 810 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
790 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4 811 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
791 tos = (*pkt)[15] & IPTOS_TOS_MASK; 812 tos = (*pkt)[15] & IPTOS_TOS_MASK;
792 813
805 if (ictx && octx) 826 if (ictx && octx)
806 send_data_packet (pkt, broadcast); 827 send_data_packet (pkt, broadcast);
807 else 828 else
808 { 829 {
809 if (!broadcast)//DDDD 830 if (!broadcast)//DDDD
810 queue.put (new tap_packet (*pkt)); 831 data_queue.put (new tap_packet (*pkt));
811 832
812 establish_connection (); 833 establish_connection ();
813 } 834 }
814} 835}
815 836
816void connection::inject_vpn_packet (vpn_packet *pkt, int tos) 837void connection::inject_vpn_packet (vpn_packet *pkt, int tos)
817{ 838{
818 if (ictx && octx) 839 if (ictx && octx)
819 send_vpn_packet (pkt, si, tos); 840 send_vpn_packet (pkt, si, tos);
820 else 841 else
842 {
843 vpn_queue.put (new vpn_packet (*pkt));
844
821 establish_connection (); 845 establish_connection ();
846 }
822} 847}
823 848
824void 849void
825connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) 850connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
826{ 851{
903 connection_established (); 928 connection_established ();
904 929
905 break; 930 break;
906 } 931 }
907 } 932 }
933 else
934 slog (L_WARN, _("%s(%s): protocol mismatch"),
935 conf->nodename, (const char *)rsi);
908 936
909 send_reset (rsi); 937 send_reset (rsi);
910 } 938 }
911 939
912 break; 940 break;
925 PROTOCOL_MINOR, conf->nodename, p->prot_minor); 953 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
926 954
927 rsachallenge chg; 955 rsachallenge chg;
928 956
929 if (!rsa_cache.find (p->id, chg)) 957 if (!rsa_cache.find (p->id, chg))
958 {
930 slog (L_ERR, _("%s(%s): unrequested auth response"), 959 slog (L_ERR, _("%s(%s): unrequested auth response"),
931 conf->nodename, (const char *)rsi); 960 conf->nodename, (const char *)rsi);
961 break;
962 }
932 else 963 else
933 { 964 {
934 crypto_ctx *cctx = new crypto_ctx (chg, 0); 965 crypto_ctx *cctx = new crypto_ctx (chg, 0);
935 966
936 if (!p->hmac_chk (cctx)) 967 if (!p->hmac_chk (cctx))
1012 c->inject_data_packet (d); 1043 c->inject_data_packet (d);
1013 } 1044 }
1014 1045
1015 if (si != rsi) 1046 if (si != rsi)
1016 { 1047 {
1017 // fast re-sync on conneciton changes, useful especially for tcp/ip 1048 // fast re-sync on connection changes, useful especially for tcp/ip
1018 si = rsi; 1049 si = rsi;
1019 1050
1020 slog (L_INFO, _("%s(%s): socket address changed to %s"), 1051 slog (L_INFO, _("%s(%s): socket address changed to %s"),
1021 conf->nodename, (const char *)si, (const char *)rsi); 1052 conf->nodename, (const char *)si, (const char *)rsi);
1022 } 1053 }
1099 || THISNODE->connectmode != conf_node::C_ONDEMAND) 1130 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1100 { 1131 {
1101 send_ping (si); 1132 send_ping (si);
1102 w.at = NOW + 5; 1133 w.at = NOW + 5;
1103 } 1134 }
1135 else if (NOW < last_activity + ::conf.keepalive + 10)
1136 // hold ondemand connections implicitly a few seconds longer
1137 // should delete octx, though, or something like that ;)
1138 w.at = last_activity + ::conf.keepalive + 10;
1104 else 1139 else
1105 reset_connection (); 1140 reset_connection ();
1106} 1141}
1107 1142
1108void connection::send_connect_request (int id) 1143void connection::send_connect_request (int id)

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines