ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.46 by pcg, Sat Mar 5 19:13:15 2005 UTC vs.
Revision 1.51 by pcg, Wed Mar 23 20:07:56 2005 UTC

28#include <openssl/rand.h> 28#include <openssl/rand.h>
29#include <openssl/evp.h> 29#include <openssl/evp.h>
30#include <openssl/rsa.h> 30#include <openssl/rsa.h>
31#include <openssl/err.h> 31#include <openssl/err.h>
32 32
33#include "gettext.h"
34
35#include "conf.h" 33#include "conf.h"
36#include "slog.h" 34#include "slog.h"
37#include "device.h" 35#include "device.h"
38#include "vpn.h" 36#include "vpn.h"
39#include "connection.h" 37#include "connection.h"
97struct rsa_cache : list<rsa_entry> 95struct rsa_cache : list<rsa_entry>
98{ 96{
99 void cleaner_cb (time_watcher &w); time_watcher cleaner; 97 void cleaner_cb (time_watcher &w); time_watcher cleaner;
100 98
101 bool find (const rsaid &id, rsachallenge &chg) 99 bool find (const rsaid &id, rsachallenge &chg)
102 { 100 {
103 for (iterator i = begin (); i != end (); ++i) 101 for (iterator i = begin (); i != end (); ++i)
104 { 102 {
105 if (!memcmp (&id, &i->id, sizeof id) && i->expire > NOW) 103 if (!memcmp (&id, &i->id, sizeof id) && i->expire > NOW)
106 { 104 {
107 memcpy (&chg, &i->chg, sizeof chg); 105 memcpy (&chg, &i->chg, sizeof chg);
108 106
109 erase (i); 107 erase (i);
110 return true; 108 return true;
111 } 109 }
112 } 110 }
113 111
114 if (cleaner.at < NOW) 112 if (cleaner.at < NOW)
115 cleaner.start (NOW + RSA_TTL); 113 cleaner.start (NOW + RSA_TTL);
116 114
117 return false; 115 return false;
118 } 116 }
119 117
120 void gen (rsaid &id, rsachallenge &chg) 118 void gen (rsaid &id, rsachallenge &chg)
121 { 119 {
122 rsa_entry e; 120 rsa_entry e;
123 121
124 RAND_bytes ((unsigned char *)&id, sizeof id); 122 RAND_bytes ((unsigned char *)&id, sizeof id);
125 RAND_bytes ((unsigned char *)&chg, sizeof chg); 123 RAND_bytes ((unsigned char *)&chg, sizeof chg);
126 124
127 e.expire = NOW + RSA_TTL; 125 e.expire = NOW + RSA_TTL;
128 e.id = id; 126 e.id = id;
129 memcpy (&e.chg, &chg, sizeof chg); 127 memcpy (&e.chg, &chg, sizeof chg);
130 128
131 push_back (e); 129 push_back (e);
132 130
133 if (cleaner.at < NOW) 131 if (cleaner.at < NOW)
134 cleaner.start (NOW + RSA_TTL); 132 cleaner.start (NOW + RSA_TTL);
135 } 133 }
136 134
137 rsa_cache () 135 rsa_cache ()
138 : cleaner (this, &rsa_cache::cleaner_cb) 136 : cleaner (this, &rsa_cache::cleaner_cb)
139 { } 137 { }
140 138
141} rsa_cache; 139} rsa_cache;
142 140
143void rsa_cache::cleaner_cb (time_watcher &w) 141void rsa_cache::cleaner_cb (time_watcher &w)
144{ 142{
478{ 476{
479 prot_major = PROTOCOL_MAJOR; 477 prot_major = PROTOCOL_MAJOR;
480 prot_minor = PROTOCOL_MINOR; 478 prot_minor = PROTOCOL_MINOR;
481 randsize = RAND_SIZE; 479 randsize = RAND_SIZE;
482 hmaclen = HMACLENGTH; 480 hmaclen = HMACLENGTH;
483 flags = ENABLE_COMPRESSION ? 0x81 : 0x80; 481 flags = 0;
484 challengelen = sizeof (rsachallenge); 482 challengelen = sizeof (rsachallenge);
485 features = get_features (); 483 features = get_features ();
486 484
487 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER)); 485 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
488 digest_nid = htonl (EVP_MD_type (RSA_HASH)); 486 digest_nid = htonl (EVP_MD_type (RSA_HASH));
498 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR); 496 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
499 else if (randsize != RAND_SIZE) 497 else if (randsize != RAND_SIZE)
500 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE); 498 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
501 else if (hmaclen != HMACLENGTH) 499 else if (hmaclen != HMACLENGTH)
502 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH); 500 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
503#if 0 // this implementation should handle all flag settings
504 else if (flags != curflags ())
505 slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
506#endif
507 else if (challengelen != sizeof (rsachallenge)) 501 else if (challengelen != sizeof (rsachallenge))
508 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge)); 502 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
509 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER))) 503 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
510 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER)); 504 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
511 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH))) 505 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
745 && conf != THISNODE 739 && conf != THISNODE
746 && connectmode != conf_node::C_NEVER 740 && connectmode != conf_node::C_NEVER
747 && connectmode != conf_node::C_DISABLED 741 && connectmode != conf_node::C_DISABLED
748 && NOW > w.at) 742 && NOW > w.at)
749 { 743 {
750 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6; 744 w.at = TSTAMP_MAX; // first disable this watcher in case of recursion
751 745
752 if (retry_int < conf->max_retry) 746 double retry_int = double (retry_cnt & 3
753 retry_cnt++; 747 ? (retry_cnt & 3) + 1
754 else 748 : 1 << (retry_cnt >> 2));
755 retry_int = conf->max_retry;
756
757 w.start (NOW + retry_int);
758 749
759 reset_si (); 750 reset_si ();
751
752 bool slow = si.prot & PROT_SLOW;
760 753
761 if (si.prot && !si.host) 754 if (si.prot && !si.host)
762 vpn->send_connect_request (conf->id); 755 vpn->send_connect_request (conf->id);
763 else 756 else
764 { 757 {
765 const sockinfo &dsi = forward_si (si); 758 const sockinfo &dsi = forward_si (si);
759
760 slow = slow || (dsi.prot & PROT_SLOW);
766 761
767 if (dsi.valid () && auth_rate_limiter.can (dsi)) 762 if (dsi.valid () && auth_rate_limiter.can (dsi))
768 { 763 {
769 if (retry_cnt < 4) 764 if (retry_cnt < 4)
770 send_auth_request (dsi, true); 765 send_auth_request (dsi, true);
771 else 766 else
772 send_ping (dsi, 0); 767 send_ping (dsi, 0);
773 } 768 }
774 } 769 }
770
771 retry_int *= slow ? 8. : 0.7;
772
773 if (retry_int < conf->max_retry)
774 retry_cnt++;
775 else
776 retry_int = conf->max_retry;
777
778 w.start (NOW + retry_int);
775 } 779 }
776} 780}
777 781
778void 782void
779connection::reset_connection () 783connection::reset_connection ()
938 delete octx; 942 delete octx;
939 943
940 octx = new crypto_ctx (k, 1); 944 octx = new crypto_ctx (k, 1);
941 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; 945 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
942 946
943 // compatibility code, remove when no longer required
944 if (p->flags & 1) p->features |= FEATURE_COMPRESSION;
945
946 conf->protocols = p->protocols; 947 conf->protocols = p->protocols;
947 features = p->features & config_packet::get_features (); 948 features = p->features & config_packet::get_features ();
948 949
949 send_auth_response (rsi, p->id, k); 950 send_auth_response (rsi, p->id, k);
950 951

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines