| … | |
… | |
| 90 | rsachallenge chg; |
90 | rsachallenge chg; |
| 91 | }; |
91 | }; |
| 92 | |
92 | |
| 93 | struct rsa_cache : list<rsa_entry> |
93 | struct rsa_cache : list<rsa_entry> |
| 94 | { |
94 | { |
| 95 | void cleaner_cb (time_watcher &w); time_watcher cleaner; |
95 | void cleaner_cb (ev::timer &w, int revents); ev::timer cleaner; |
| 96 | |
96 | |
| 97 | bool find (const rsaid &id, rsachallenge &chg) |
97 | bool find (const rsaid &id, rsachallenge &chg) |
| 98 | { |
98 | { |
| 99 | for (iterator i = begin (); i != end (); ++i) |
99 | for (iterator i = begin (); i != end (); ++i) |
| 100 | { |
100 | { |
| 101 | if (!memcmp (&id, &i->id, sizeof id) && i->expire > NOW) |
101 | if (!memcmp (&id, &i->id, sizeof id) && i->expire > ev::ev_now ()) |
| 102 | { |
102 | { |
| 103 | memcpy (&chg, &i->chg, sizeof chg); |
103 | memcpy (&chg, &i->chg, sizeof chg); |
| 104 | |
104 | |
| 105 | erase (i); |
105 | erase (i); |
| 106 | return true; |
106 | return true; |
| 107 | } |
107 | } |
| 108 | } |
108 | } |
| 109 | |
109 | |
| 110 | if (cleaner.at < NOW) |
110 | if (!cleaner.is_active ()) |
| 111 | cleaner.start (NOW + RSA_TTL); |
111 | cleaner.again (); |
| 112 | |
112 | |
| 113 | return false; |
113 | return false; |
| 114 | } |
114 | } |
| 115 | |
115 | |
| 116 | void gen (rsaid &id, rsachallenge &chg) |
116 | void gen (rsaid &id, rsachallenge &chg) |
| … | |
… | |
| 118 | rsa_entry e; |
118 | rsa_entry e; |
| 119 | |
119 | |
| 120 | RAND_bytes ((unsigned char *)&id, sizeof id); |
120 | RAND_bytes ((unsigned char *)&id, sizeof id); |
| 121 | RAND_bytes ((unsigned char *)&chg, sizeof chg); |
121 | RAND_bytes ((unsigned char *)&chg, sizeof chg); |
| 122 | |
122 | |
| 123 | e.expire = NOW + RSA_TTL; |
123 | e.expire = ev::ev_now () + RSA_TTL; |
| 124 | e.id = id; |
124 | e.id = id; |
| 125 | memcpy (&e.chg, &chg, sizeof chg); |
125 | memcpy (&e.chg, &chg, sizeof chg); |
| 126 | |
126 | |
| 127 | push_back (e); |
127 | push_back (e); |
| 128 | |
128 | |
| 129 | if (cleaner.at < NOW) |
129 | if (!cleaner.is_active ()) |
| 130 | cleaner.start (NOW + RSA_TTL); |
130 | cleaner.again (); |
| 131 | } |
131 | } |
| 132 | |
132 | |
| 133 | rsa_cache () |
133 | rsa_cache () |
| 134 | : cleaner (this, &rsa_cache::cleaner_cb) |
134 | : cleaner (this, &rsa_cache::cleaner_cb) |
| 135 | { } |
135 | { |
|
|
136 | cleaner.set (RSA_TTL, RSA_TTL); |
|
|
137 | } |
| 136 | |
138 | |
| 137 | } rsa_cache; |
139 | } rsa_cache; |
| 138 | |
140 | |
| 139 | void rsa_cache::cleaner_cb (time_watcher &w) |
141 | void rsa_cache::cleaner_cb (ev::timer &w, int revents) |
| 140 | { |
142 | { |
| 141 | if (!empty ()) |
143 | if (empty ()) |
|
|
144 | w.stop (); |
|
|
145 | else |
| 142 | { |
146 | { |
| 143 | w.start (NOW + RSA_TTL); |
|
|
| 144 | |
|
|
| 145 | for (iterator i = begin (); i != end (); ) |
147 | for (iterator i = begin (); i != end (); ) |
| 146 | if (i->expire <= NOW) |
148 | if (i->expire <= ev::ev_now ()) |
| 147 | i = erase (i); |
149 | i = erase (i); |
| 148 | else |
150 | else |
| 149 | ++i; |
151 | ++i; |
| 150 | } |
152 | } |
| 151 | } |
153 | } |
| … | |
… | |
| 218 | iterator i; |
220 | iterator i; |
| 219 | |
221 | |
| 220 | for (i = begin (); i != end (); ) |
222 | for (i = begin (); i != end (); ) |
| 221 | if (i->host == host) |
223 | if (i->host == host) |
| 222 | break; |
224 | break; |
| 223 | else if (i->last < NOW - NRL_EXPIRE) |
225 | else if (i->last < ev::ev_now () - NRL_EXPIRE) |
| 224 | i = erase (i); |
226 | i = erase (i); |
| 225 | else |
227 | else |
| 226 | i++; |
228 | i++; |
| 227 | |
229 | |
| 228 | if (i == end ()) |
230 | if (i == end ()) |
| … | |
… | |
| 230 | net_rateinfo ri; |
232 | net_rateinfo ri; |
| 231 | |
233 | |
| 232 | ri.host = host; |
234 | ri.host = host; |
| 233 | ri.pcnt = 1.; |
235 | ri.pcnt = 1.; |
| 234 | ri.diff = NRL_MAXDIF; |
236 | ri.diff = NRL_MAXDIF; |
| 235 | ri.last = NOW; |
237 | ri.last = ev::ev_now (); |
| 236 | |
238 | |
| 237 | push_front (ri); |
239 | push_front (ri); |
| 238 | |
240 | |
| 239 | return true; |
241 | return true; |
| 240 | } |
242 | } |
| … | |
… | |
| 242 | { |
244 | { |
| 243 | net_rateinfo ri (*i); |
245 | net_rateinfo ri (*i); |
| 244 | erase (i); |
246 | erase (i); |
| 245 | |
247 | |
| 246 | ri.pcnt = ri.pcnt * NRL_ALPHA; |
248 | ri.pcnt = ri.pcnt * NRL_ALPHA; |
| 247 | ri.diff = ri.diff * NRL_ALPHA + (NOW - ri.last); |
249 | ri.diff = ri.diff * NRL_ALPHA + (ev::ev_now () - ri.last); |
| 248 | |
250 | |
| 249 | ri.last = NOW; |
251 | ri.last = ev::ev_now (); |
| 250 | |
252 | |
| 251 | double dif = ri.diff / ri.pcnt; |
253 | double dif = ri.diff / ri.pcnt; |
| 252 | |
254 | |
| 253 | bool send = dif > NRL_CUTOFF; |
255 | bool send = dif > NRL_CUTOFF; |
| 254 | |
256 | |
| … | |
… | |
| 587 | if (ictx && octx) |
589 | if (ictx && octx) |
| 588 | { |
590 | { |
| 589 | connectmode = conf->connectmode; |
591 | connectmode = conf->connectmode; |
| 590 | |
592 | |
| 591 | // make sure rekeying timeouts are slightly asymmetric |
593 | // make sure rekeying timeouts are slightly asymmetric |
| 592 | rekey.start (NOW + ::conf.rekey |
594 | ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0); |
| 593 | + (conf->id > THISNODE->id ? 10 : 0)); |
595 | rekey.start (rekey_interval, rekey_interval); |
| 594 | keepalive.start (NOW + ::conf.keepalive); |
596 | keepalive.start (::conf.keepalive); |
| 595 | |
597 | |
| 596 | // send queued packets |
598 | // send queued packets |
| 597 | if (ictx && octx) |
599 | if (ictx && octx) |
| 598 | { |
600 | { |
| 599 | while (tap_packet *p = (tap_packet *)data_queue.get ()) |
601 | while (tap_packet *p = (tap_packet *)data_queue.get ()) |
| … | |
… | |
| 610 | } |
612 | } |
| 611 | } |
613 | } |
| 612 | else |
614 | else |
| 613 | { |
615 | { |
| 614 | retry_cnt = 0; |
616 | retry_cnt = 0; |
| 615 | establish_connection.start (NOW + 5); |
617 | establish_connection.start (5); |
| 616 | keepalive.stop (); |
618 | keepalive.stop (); |
| 617 | rekey.stop (); |
619 | rekey.stop (); |
| 618 | } |
620 | } |
| 619 | } |
621 | } |
| 620 | |
622 | |
| … | |
… | |
| 740 | |
742 | |
| 741 | delete r; |
743 | delete r; |
| 742 | } |
744 | } |
| 743 | |
745 | |
| 744 | void |
746 | void |
| 745 | connection::establish_connection_cb (time_watcher &w) |
747 | connection::establish_connection_cb (ev::timer &w, int revents) |
| 746 | { |
748 | { |
| 747 | if (!ictx |
749 | if (!ictx |
| 748 | && conf != THISNODE |
750 | && conf != THISNODE |
| 749 | && connectmode != conf_node::C_NEVER |
751 | && connectmode != conf_node::C_NEVER |
| 750 | && connectmode != conf_node::C_DISABLED |
752 | && connectmode != conf_node::C_DISABLED |
| 751 | && NOW > w.at) |
753 | && !w.is_active ()) |
| 752 | { |
754 | { |
| 753 | w.at = TSTAMP_MAX; // first disable this watcher in case of recursion |
755 | ev::tstamp retry_int = ev::tstamp (retry_cnt & 3 |
| 754 | |
|
|
| 755 | double retry_int = double (retry_cnt & 3 |
|
|
| 756 | ? (retry_cnt & 3) + 1 |
756 | ? (retry_cnt & 3) + 1 |
| 757 | : 1 << (retry_cnt >> 2)); |
757 | : 1 << (retry_cnt >> 2)); |
| 758 | |
758 | |
| 759 | reset_si (); |
759 | reset_si (); |
| 760 | |
760 | |
| 761 | bool slow = si.prot & PROT_SLOW; |
761 | bool slow = si.prot & PROT_SLOW; |
| 762 | |
762 | |
| 763 | if (si.prot && !si.host) |
763 | if (si.prot && !si.host) |
|
|
764 | { |
|
|
765 | /*TODO*/ /* start the timer so we don't recurse endlessly */ |
|
|
766 | w.start (1); |
| 764 | vpn->send_connect_request (conf->id); |
767 | vpn->send_connect_request (conf->id); |
|
|
768 | } |
| 765 | else |
769 | else |
| 766 | { |
770 | { |
| 767 | const sockinfo &dsi = forward_si (si); |
771 | const sockinfo &dsi = forward_si (si); |
| 768 | |
772 | |
| 769 | slow = slow || (dsi.prot & PROT_SLOW); |
773 | slow = slow || (dsi.prot & PROT_SLOW); |
| … | |
… | |
| 782 | if (retry_int < conf->max_retry) |
786 | if (retry_int < conf->max_retry) |
| 783 | retry_cnt++; |
787 | retry_cnt++; |
| 784 | else |
788 | else |
| 785 | retry_int = conf->max_retry; |
789 | retry_int = conf->max_retry; |
| 786 | |
790 | |
| 787 | w.start (NOW + retry_int); |
791 | w.start (retry_int); |
| 788 | } |
792 | } |
| 789 | } |
793 | } |
| 790 | |
794 | |
| 791 | void |
795 | void |
| 792 | connection::reset_connection () |
796 | connection::reset_connection () |
| … | |
… | |
| 825 | |
829 | |
| 826 | reset_connection (); |
830 | reset_connection (); |
| 827 | } |
831 | } |
| 828 | |
832 | |
| 829 | void |
833 | void |
| 830 | connection::rekey_cb (time_watcher &w) |
834 | connection::rekey_cb (ev::timer &w, int revents) |
| 831 | { |
835 | { |
| 832 | reset_connection (); |
836 | reset_connection (); |
| 833 | establish_connection (); |
837 | establish_connection (); |
| 834 | } |
838 | } |
| 835 | |
839 | |
| … | |
… | |
| 879 | } |
883 | } |
| 880 | |
884 | |
| 881 | void |
885 | void |
| 882 | connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
886 | connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
| 883 | { |
887 | { |
| 884 | last_activity = NOW; |
888 | last_activity = ev::ev_now (); |
| 885 | |
889 | |
| 886 | slog (L_NOISE, "<<%d received packet type %d from %d to %d", |
890 | slog (L_NOISE, "<<%d received packet type %d from %d to %d", |
| 887 | conf->id, pkt->typ (), pkt->src (), pkt->dst ()); |
891 | conf->id, pkt->typ (), pkt->src (), pkt->dst ()); |
| 888 | |
892 | |
| 889 | switch (pkt->typ ()) |
893 | switch (pkt->typ ()) |
| … | |
… | |
| 1154 | send_reset (rsi); |
1158 | send_reset (rsi); |
| 1155 | break; |
1159 | break; |
| 1156 | } |
1160 | } |
| 1157 | } |
1161 | } |
| 1158 | |
1162 | |
| 1159 | void connection::keepalive_cb (time_watcher &w) |
1163 | void connection::keepalive_cb (ev::timer &w, int revents) |
| 1160 | { |
1164 | { |
| 1161 | if (NOW >= last_activity + ::conf.keepalive + 30) |
1165 | if (ev::ev_now () >= last_activity + ::conf.keepalive + 30) |
| 1162 | { |
1166 | { |
| 1163 | reset_connection (); |
1167 | reset_connection (); |
| 1164 | establish_connection (); |
1168 | establish_connection (); |
| 1165 | } |
1169 | } |
| 1166 | else if (NOW < last_activity + ::conf.keepalive) |
1170 | else if (ev::ev_now () < last_activity + ::conf.keepalive) |
| 1167 | w.start (last_activity + ::conf.keepalive); |
1171 | w.start (last_activity + ::conf.keepalive - ev::now ()); |
| 1168 | else if (conf->connectmode != conf_node::C_ONDEMAND |
1172 | else if (conf->connectmode != conf_node::C_ONDEMAND |
| 1169 | || THISNODE->connectmode != conf_node::C_ONDEMAND) |
1173 | || THISNODE->connectmode != conf_node::C_ONDEMAND) |
| 1170 | { |
1174 | { |
| 1171 | send_ping (si); |
1175 | send_ping (si); |
| 1172 | w.start (NOW + 5); |
1176 | w.start (5); |
| 1173 | } |
1177 | } |
| 1174 | else if (NOW < last_activity + ::conf.keepalive + 10) |
1178 | else if (ev::ev_now () < last_activity + ::conf.keepalive + 10) |
| 1175 | // hold ondemand connections implicitly a few seconds longer |
1179 | // hold ondemand connections implicitly a few seconds longer |
| 1176 | // should delete octx, though, or something like that ;) |
1180 | // should delete octx, though, or something like that ;) |
| 1177 | w.start (last_activity + ::conf.keepalive + 10); |
1181 | w.start (last_activity + ::conf.keepalive + 10 - ev::now ()); |
| 1178 | else |
1182 | else |
| 1179 | reset_connection (); |
1183 | reset_connection (); |
| 1180 | } |
1184 | } |
| 1181 | |
1185 | |
| 1182 | void connection::send_connect_request (int id) |
1186 | void connection::send_connect_request (int id) |
| … | |
… | |
| 1213 | |
1217 | |
| 1214 | const char *connection::script_node_up () |
1218 | const char *connection::script_node_up () |
| 1215 | { |
1219 | { |
| 1216 | script_init_connect_env (); |
1220 | script_init_connect_env (); |
| 1217 | |
1221 | |
| 1218 | putenv ("STATE=up"); |
1222 | putenv ((char *)"STATE=up"); |
| 1219 | |
1223 | |
| 1220 | char *filename; |
1224 | char *filename; |
| 1221 | asprintf (&filename, |
1225 | asprintf (&filename, |
| 1222 | "%s/%s", |
1226 | "%s/%s", |
| 1223 | confbase, |
1227 | confbase, |
| … | |
… | |
| 1228 | |
1232 | |
| 1229 | const char *connection::script_node_down () |
1233 | const char *connection::script_node_down () |
| 1230 | { |
1234 | { |
| 1231 | script_init_connect_env (); |
1235 | script_init_connect_env (); |
| 1232 | |
1236 | |
| 1233 | putenv ("STATE=down"); |
1237 | putenv ((char *)"STATE=down"); |
| 1234 | |
1238 | |
| 1235 | char *filename; |
1239 | char *filename; |
| 1236 | asprintf (&filename, |
1240 | asprintf (&filename, |
| 1237 | "%s/%s", |
1241 | "%s/%s", |
| 1238 | confbase, |
1242 | confbase, |
