ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.41 by pcg, Wed Mar 2 05:49:31 2005 UTC vs.
Revision 1.48 by pcg, Tue Mar 8 00:32:54 2005 UTC

1/* 1/*
2 connection.C -- manage a single connection 2 connection.C -- manage a single connection
3 Copyright (C) 2003-2004 Marc Lehmann <pcg@goof.com> 3 Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de>
4 4
5 This file is part of GVPE.
6
5 This program is free software; you can redistribute it and/or modify 7 GVPE is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by 8 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or 9 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version. 10 (at your option) any later version.
9 11
10 This program is distributed in the hope that it will be useful, 12 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details. 15 GNU General Public License for more details.
14 16
15 You should have received a copy of the GNU General Public License 17 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software 18 along with gvpe; if not, write to the Free Software
17 Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18*/ 20*/
19 21
20#include "config.h" 22#include "config.h"
21 23
476{ 478{
477 prot_major = PROTOCOL_MAJOR; 479 prot_major = PROTOCOL_MAJOR;
478 prot_minor = PROTOCOL_MINOR; 480 prot_minor = PROTOCOL_MINOR;
479 randsize = RAND_SIZE; 481 randsize = RAND_SIZE;
480 hmaclen = HMACLENGTH; 482 hmaclen = HMACLENGTH;
481 flags = ENABLE_COMPRESSION ? 0x81 : 0x80; 483 flags = 0;
482 challengelen = sizeof (rsachallenge); 484 challengelen = sizeof (rsachallenge);
483 features = get_features (); 485 features = get_features ();
484 486
485 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER)); 487 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
486 digest_nid = htonl (EVP_MD_type (RSA_HASH)); 488 digest_nid = htonl (EVP_MD_type (RSA_HASH));
496 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR); 498 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
497 else if (randsize != RAND_SIZE) 499 else if (randsize != RAND_SIZE)
498 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE); 500 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
499 else if (hmaclen != HMACLENGTH) 501 else if (hmaclen != HMACLENGTH)
500 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH); 502 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
501#if 0 // this implementation should handle all flag settings
502 else if (flags != curflags ())
503 slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
504#endif
505 else if (challengelen != sizeof (rsachallenge)) 503 else if (challengelen != sizeof (rsachallenge))
506 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge)); 504 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
507 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER))) 505 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
508 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER)); 506 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
509 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH))) 507 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
642 { 640 {
643 connection *r = vpn->find_router (); 641 connection *r = vpn->find_router ();
644 642
645 if (r) 643 if (r)
646 { 644 {
647 slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s"), 645 slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s (%s)"),
648 conf->nodename, r->conf->nodename); 646 conf->nodename, r->conf->nodename, (const char *)r->si);
649 return r->si; 647 return r->si;
650 } 648 }
651 else 649 else
652 slog (L_DEBUG, _("%s: node unreachable, no common protocol"), 650 slog (L_DEBUG, _("%s: node unreachable, no common protocol"),
653 conf->nodename); 651 conf->nodename);
657} 655}
658 656
659void 657void
660connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos) 658connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
661{ 659{
662 bool ok; 660 if (!vpn->send_vpn_packet (pkt, si, tos))
663
664 switch (si.prot)
665 {
666 case PROT_IPv4:
667 ok = vpn->send_ipv4_packet (pkt, si, tos); break;
668 case PROT_UDPv4:
669 ok = vpn->send_udpv4_packet (pkt, si, tos); break;
670#if ENABLE_TCP
671 case PROT_TCPv4:
672 ok = vpn->send_tcpv4_packet (pkt, si, tos); break;
673#endif
674#if ENABLE_ICMP
675 case PROT_ICMPv4:
676 ok = vpn->send_icmpv4_packet (pkt, si, tos); break;
677#endif
678#if ENABLE_DNS
679 case PROT_DNSv4:
680 ok = send_dnsv4_packet (pkt, si, tos); break;
681#endif
682
683 default:
684 slog (L_CRIT, _("%s: FATAL: trying to send packet with unsupported protocol"), (const char *)si);
685 ok = false;
686 }
687
688 if (!ok)
689 reset_connection (); 661 reset_connection ();
690} 662}
691 663
692void 664void
693connection::send_ping (const sockinfo &si, u8 pong) 665connection::send_ping (const sockinfo &si, u8 pong)
769 && conf != THISNODE 741 && conf != THISNODE
770 && connectmode != conf_node::C_NEVER 742 && connectmode != conf_node::C_NEVER
771 && connectmode != conf_node::C_DISABLED 743 && connectmode != conf_node::C_DISABLED
772 && NOW > w.at) 744 && NOW > w.at)
773 { 745 {
774 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6; 746 w.at = TSTAMP_MAX; // first disable this watcher in case of recursion
775 747
776 if (retry_int < conf->max_retry) 748 double retry_int = double (retry_cnt & 3
777 retry_cnt++; 749 ? (retry_cnt & 3) + 1
778 else 750 : 1 << (retry_cnt >> 2));
779 retry_int = conf->max_retry;
780
781 w.start (NOW + retry_int);
782 751
783 reset_si (); 752 reset_si ();
753
754 bool slow = si.prot & PROT_SLOW;
784 755
785 if (si.prot && !si.host) 756 if (si.prot && !si.host)
786 vpn->send_connect_request (conf->id); 757 vpn->send_connect_request (conf->id);
787 else 758 else
788 { 759 {
789 const sockinfo &dsi = forward_si (si); 760 const sockinfo &dsi = forward_si (si);
761
762 slow = slow || (dsi.prot & PROT_SLOW);
790 763
791 if (dsi.valid () && auth_rate_limiter.can (dsi)) 764 if (dsi.valid () && auth_rate_limiter.can (dsi))
792 { 765 {
793 if (retry_cnt < 4) 766 if (retry_cnt < 4)
794 send_auth_request (dsi, true); 767 send_auth_request (dsi, true);
795 else 768 else
796 send_ping (dsi, 0); 769 send_ping (dsi, 0);
797 } 770 }
798 } 771 }
772
773 retry_int *= slow ? 3. : 0.7;
774
775 if (retry_int < conf->max_retry)
776 retry_cnt++;
777 else
778 retry_int = conf->max_retry;
779
780 w.start (NOW + retry_int);
799 } 781 }
800} 782}
801 783
802void 784void
803connection::reset_connection () 785connection::reset_connection ()
811 run_script (run_script_cb (this, &connection::script_node_down), false); 793 run_script (run_script_cb (this, &connection::script_node_down), false);
812 } 794 }
813 795
814 delete ictx; ictx = 0; 796 delete ictx; ictx = 0;
815 delete octx; octx = 0; 797 delete octx; octx = 0;
798#if ENABLE_DNS
799 dnsv4_reset_connection ();
800#endif
816 801
817 si.host = 0; 802 si.host = 0;
818 803
819 last_activity = 0; 804 last_activity = 0;
820 retry_cnt = 0; 805 retry_cnt = 0;
959 delete octx; 944 delete octx;
960 945
961 octx = new crypto_ctx (k, 1); 946 octx = new crypto_ctx (k, 1);
962 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; 947 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
963 948
964 // compatibility code, remove when no longer required
965 if (p->flags & 1) p->features |= FEATURE_COMPRESSION;
966
967 conf->protocols = p->protocols; 949 conf->protocols = p->protocols;
968 features = p->features & config_packet::get_features (); 950 features = p->features & config_packet::get_features ();
969 951
970 send_auth_response (rsi, p->id, k); 952 send_auth_response (rsi, p->id, k);
971 953
1222: vpn(vpn), conf(conf) 1204: vpn(vpn), conf(conf)
1223, rekey (this, &connection::rekey_cb) 1205, rekey (this, &connection::rekey_cb)
1224, keepalive (this, &connection::keepalive_cb) 1206, keepalive (this, &connection::keepalive_cb)
1225, establish_connection (this, &connection::establish_connection_cb) 1207, establish_connection (this, &connection::establish_connection_cb)
1226#if ENABLE_DNS 1208#if ENABLE_DNS
1227, dnsv4_tw (this, &connection::dnsv4_cb) 1209, dns (0)
1228, dns_rcvdq (0), dns_snddq (0)
1229, dns_rcvseq (0), dns_sndseq (0)
1230#endif 1210#endif
1231{ 1211{
1232 octx = ictx = 0; 1212 octx = ictx = 0;
1233 retry_cnt = 0; 1213 retry_cnt = 0;
1234 1214

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines