ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.5 by pcg, Wed Apr 2 21:43:44 2003 UTC vs.
Revision 1.6 by pcg, Sat Apr 5 02:32:40 2003 UTC

285 hmac_gen (ctx); 285 hmac_gen (ctx);
286 286
287 return !memcmp (hmac, hmac_digest, HMACLENGTH); 287 return !memcmp (hmac, hmac_digest, HMACLENGTH);
288} 288}
289 289
290void vpn_packet::set_hdr (ptype type, unsigned int dst) 290void vpn_packet::set_hdr (ptype type_, unsigned int dst)
291{ 291{
292 this->type = type; 292 type = type_;
293 293
294 int src = THISNODE->id; 294 int src = THISNODE->id;
295 295
296 src1 = src; 296 src1 = src;
297 srcdst = ((src >> 8) << 4) | (dst >> 8); 297 srcdst = ((src >> 8) << 4) | (dst >> 8);
548///////////////////////////////////////////////////////////////////////////// 548/////////////////////////////////////////////////////////////////////////////
549 549
550void 550void
551connection::reset_dstaddr () 551connection::reset_dstaddr ()
552{ 552{
553 si.set (conf);
554}
555
556void
557connection::send_ping (const sockinfo &si, u8 pong)
558{
559 ping_packet *pkt = new ping_packet;
560
561 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
562 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
563
564 delete pkt;
565}
566
567void
568connection::send_reset (const sockinfo &si)
569{
570 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
571 {
572 config_packet *pkt = new config_packet;
573
574 pkt->setup (vpn_packet::PT_RESET, conf->id);
575 send_vpn_packet (pkt, si, IPTOS_MINCOST);
576
577 delete pkt;
578 }
579}
580
581void
582connection::send_auth_request (const sockinfo &si, bool initiate)
583{
584 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
585
586 protocol = best_protocol (THISNODE->protocols & conf->protocols); 553 protocol = best_protocol (THISNODE->protocols & conf->protocols);
587 554
588 // mask out protocols we cannot establish 555 // mask out protocols we cannot establish
589 if (!conf->udp_port) protocol &= ~PROT_UDPv4; 556 if (!conf->udp_port) protocol &= ~PROT_UDPv4;
590 if (!conf->tcp_port) protocol &= ~PROT_TCPv4; 557 if (!conf->tcp_port) protocol &= ~PROT_TCPv4;
591 558
592 if (protocol) 559 si.set (conf, protocol);
593 { 560}
594 rsachallenge chg;
595 561
596 rsa_cache.gen (pkt->id, chg); 562void
563connection::send_ping (const sockinfo &si, u8 pong)
564{
565 ping_packet *pkt = new ping_packet;
597 566
598 if (0 > RSA_public_encrypt (sizeof chg, 567 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
599 (unsigned char *)&chg, (unsigned char *)&pkt->encr, 568 vpn->send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
600 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
601 fatal ("RSA_public_encrypt error");
602 569
603 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); 570 delete pkt;
571}
604 572
605 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly 573void
574connection::send_reset (const sockinfo &si)
575{
576 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
577 {
578 config_packet *pkt = new config_packet;
579
580 pkt->setup (vpn_packet::PT_RESET, conf->id);
581 vpn->send_vpn_packet (pkt, si, IPTOS_MINCOST);
606 582
607 delete pkt; 583 delete pkt;
608 } 584 }
609 else 585}
610 ; // silently fail 586
587void
588connection::send_auth_request (const sockinfo &si, bool initiate)
589{
590 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
591
592 rsachallenge chg;
593
594 rsa_cache.gen (pkt->id, chg);
595
596 if (0 > RSA_public_encrypt (sizeof chg,
597 (unsigned char *)&chg, (unsigned char *)&pkt->encr,
598 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
599 fatal ("RSA_public_encrypt error");
600
601 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
602
603 vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
604
605 delete pkt;
611} 606}
612 607
613void 608void
614connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg) 609connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg)
615{ 610{
621 616
622 pkt->hmac_set (octx); 617 pkt->hmac_set (octx);
623 618
624 slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si); 619 slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si);
625 620
626 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly 621 vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
627 622
628 delete pkt; 623 delete pkt;
629} 624}
630 625
631void 626void
635 conf->id, rid, (const char *)rsi); 630 conf->id, rid, (const char *)rsi);
636 631
637 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols); 632 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
638 633
639 r->hmac_set (octx); 634 r->hmac_set (octx);
640 send_vpn_packet (r, si); 635 vpn->send_vpn_packet (r, si);
641 636
642 delete r; 637 delete r;
643} 638}
644 639
645void 640void
659 w.at = NOW + retry_int; 654 w.at = NOW + retry_int;
660 655
661 if (conf->hostname) 656 if (conf->hostname)
662 { 657 {
663 reset_dstaddr (); 658 reset_dstaddr ();
659
664 if (si.host && auth_rate_limiter.can (si)) 660 if (si.valid () && auth_rate_limiter.can (si))
665 { 661 {
666 if (retry_cnt < 4) 662 if (retry_cnt < 4)
667 send_auth_request (si, true); 663 send_auth_request (si, true);
668 else 664 else
669 send_ping (si, 0); 665 send_ping (si, 0);
727 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP 723 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
728 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4 724 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
729 tos = (*pkt)[15] & IPTOS_TOS_MASK; 725 tos = (*pkt)[15] & IPTOS_TOS_MASK;
730 726
731 p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs 727 p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
732 send_vpn_packet (p, si, tos); 728 vpn->send_vpn_packet (p, si, tos);
733 729
734 delete p; 730 delete p;
735 731
736 if (oseqno > MAX_SEQNO) 732 if (oseqno > MAX_SEQNO)
737 rekey (); 733 rekey ();
820 slog (L_ERR, _("%s(%s): challenge illegal or corrupted"), 816 slog (L_ERR, _("%s(%s): challenge illegal or corrupted"),
821 conf->nodename, (const char *)rsi); 817 conf->nodename, (const char *)rsi);
822 else 818 else
823 { 819 {
824 retry_cnt = 0; 820 retry_cnt = 0;
825 establish_connection.set (NOW + 8); //? ;) 821 establish_connection.start (NOW + 8); //? ;)
826 keepalive.reset (); 822 keepalive.reset ();
827 rekey.reset (); 823 rekey.reset ();
828 824
829 delete ictx; 825 delete ictx;
830 ictx = 0; 826 ictx = 0;
886 882
887 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid 883 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
888 884
889 si = rsi; 885 si = rsi;
890 886
891 rekey.set (NOW + ::conf.rekey); 887 rekey.start (NOW + ::conf.rekey);
892 keepalive.set (NOW + ::conf.keepalive); 888 keepalive.start (NOW + ::conf.keepalive);
893 889
894 // send queued packets 890 // send queued packets
895 while (tap_packet *p = queue.get ()) 891 while (tap_packet *p = queue.get ())
896 { 892 {
897 send_data_packet (p); 893 send_data_packet (p);
1041{ 1037{
1042 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); 1038 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);
1043 1039
1044 slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id); 1040 slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);
1045 p->hmac_set (octx); 1041 p->hmac_set (octx);
1046 send_vpn_packet (p, si); 1042 vpn->send_vpn_packet (p, si);
1047 1043
1048 delete p; 1044 delete p;
1049} 1045}
1050 1046
1051void connection::script_node () 1047void connection::script_node ()
1075 putenv ("STATE=down"); 1071 putenv ("STATE=down");
1076 1072
1077 return ::conf.script_node_up ? ::conf.script_node_down : "node-down"; 1073 return ::conf.script_node_up ? ::conf.script_node_down : "node-down";
1078} 1074}
1079 1075
1080// send a vpn packet out to other hosts
1081void
1082connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
1083{
1084 switch (protocol)
1085 {
1086 case PROT_IPv4:
1087 vpn->send_ipv4_packet (pkt, si, tos);
1088 break;
1089
1090 case PROT_UDPv4:
1091 vpn->send_udpv4_packet (pkt, si, tos);
1092 break;
1093
1094#if ENABLE_TCP
1095 case PROT_TCPv4:
1096 vpn->send_tcpv4_packet (pkt, si, tos);
1097 break;
1098#endif
1099 }
1100}
1101
1102connection::connection(struct vpn *vpn_) 1076connection::connection(struct vpn *vpn_)
1103: vpn(vpn_) 1077: vpn(vpn_)
1104, rekey (this, &connection::rekey_cb) 1078, rekey (this, &connection::rekey_cb)
1105, keepalive (this, &connection::keepalive_cb) 1079, keepalive (this, &connection::keepalive_cb)
1106, establish_connection (this, &connection::establish_connection_cb) 1080, establish_connection (this, &connection::establish_connection_cb)

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines