1 | /* |
1 | /* |
2 | connection.C -- manage a single connection |
2 | connection.C -- manage a single connection |
3 | Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
4 | |
4 | |
5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
6 | |
6 | |
7 | GVPE is free software; you can redistribute it and/or modify |
7 | GVPE is free software; you can redistribute it and/or modify it |
8 | it under the terms of the GNU General Public License as published by |
8 | under the terms of the GNU General Public License as published by the |
9 | the Free Software Foundation; either version 2 of the License, or |
9 | Free Software Foundation; either version 3 of the License, or (at your |
10 | (at your option) any later version. |
10 | option) any later version. |
11 | |
11 | |
12 | This program is distributed in the hope that it will be useful, |
12 | This program is distributed in the hope that it will be useful, but |
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General |
15 | GNU General Public License for more details. |
15 | Public License for more details. |
16 | |
16 | |
17 | You should have received a copy of the GNU General Public License |
17 | You should have received a copy of the GNU General Public License along |
18 | along with gvpe; if not, write to the Free Software |
18 | with this program; if not, see <http://www.gnu.org/licenses/>. |
19 | Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
19 | |
|
|
20 | Additional permission under GNU GPL version 3 section 7 |
|
|
21 | |
|
|
22 | If you modify this Program, or any covered work, by linking or |
|
|
23 | combining it with the OpenSSL project's OpenSSL library (or a modified |
|
|
24 | version of that library), containing parts covered by the terms of the |
|
|
25 | OpenSSL or SSLeay licenses, the licensors of this Program grant you |
|
|
26 | additional permission to convey the resulting work. Corresponding |
|
|
27 | Source for a non-source form of such a combination shall include the |
|
|
28 | source code for the parts of OpenSSL used as well as that of the |
|
|
29 | covered work. |
20 | */ |
30 | */ |
21 | |
31 | |
22 | #include "config.h" |
32 | #include "config.h" |
23 | |
33 | |
24 | #include <list> |
34 | #include <list> |
|
|
35 | #include <queue> |
|
|
36 | #include <utility> |
25 | |
37 | |
26 | #include <openssl/rand.h> |
38 | #include <openssl/rand.h> |
27 | #include <openssl/evp.h> |
39 | #include <openssl/evp.h> |
28 | #include <openssl/rsa.h> |
40 | #include <openssl/rsa.h> |
29 | #include <openssl/err.h> |
41 | #include <openssl/err.h> |
… | |
… | |
45 | #define ULTRA_FAST 1 |
57 | #define ULTRA_FAST 1 |
46 | #define HLOG 15 |
58 | #define HLOG 15 |
47 | #include "lzf/lzf.h" |
59 | #include "lzf/lzf.h" |
48 | #include "lzf/lzf_c.c" |
60 | #include "lzf/lzf_c.c" |
49 | #include "lzf/lzf_d.c" |
61 | #include "lzf/lzf_d.c" |
|
|
62 | |
|
|
63 | ////////////////////////////////////////////////////////////////////////////// |
|
|
64 | |
|
|
65 | static std::queue< std::pair<run_script_cb *, const char *> > rs_queue; |
|
|
66 | static ev::child rs_child_ev; |
|
|
67 | |
|
|
68 | void // c++ requires external linkage here, apparently :( |
|
|
69 | rs_child_cb (ev::child &w, int revents) |
|
|
70 | { |
|
|
71 | w.stop (); |
|
|
72 | |
|
|
73 | if (rs_queue.empty ()) |
|
|
74 | return; |
|
|
75 | |
|
|
76 | pid_t pid = run_script (*rs_queue.front ().first, false); |
|
|
77 | if (pid) |
|
|
78 | { |
|
|
79 | w.set (pid); |
|
|
80 | w.start (); |
|
|
81 | } |
|
|
82 | else |
|
|
83 | slog (L_WARN, rs_queue.front ().second); |
|
|
84 | |
|
|
85 | delete rs_queue.front ().first; |
|
|
86 | rs_queue.pop (); |
|
|
87 | } |
|
|
88 | |
|
|
89 | // despite the fancy name, this is quite a hack |
|
|
90 | static void |
|
|
91 | run_script_queued (run_script_cb *cb, const char *warnmsg) |
|
|
92 | { |
|
|
93 | rs_queue.push (std::make_pair (cb, warnmsg)); |
|
|
94 | |
|
|
95 | if (!rs_child_ev.is_active ()) |
|
|
96 | { |
|
|
97 | rs_child_ev.set<rs_child_cb> (); |
|
|
98 | rs_child_ev (); |
|
|
99 | } |
|
|
100 | } |
|
|
101 | |
|
|
102 | ////////////////////////////////////////////////////////////////////////////// |
50 | |
103 | |
51 | struct crypto_ctx |
104 | struct crypto_ctx |
52 | { |
105 | { |
53 | EVP_CIPHER_CTX cctx; |
106 | EVP_CIPHER_CTX cctx; |
54 | HMAC_CTX hctx; |
107 | HMAC_CTX hctx; |
… | |
… | |
658 | void |
711 | void |
659 | connection::reset_si () |
712 | connection::reset_si () |
660 | { |
713 | { |
661 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
714 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
662 | |
715 | |
663 | // mask out protocols we cannot establish |
716 | // mask out endpoints we can't connect to |
664 | if (!conf->udp_port) protocol &= ~PROT_UDPv4; |
717 | if (!conf->udp_port) protocol &= ~PROT_UDPv4; |
665 | if (!conf->tcp_port) protocol &= ~PROT_TCPv4; |
718 | if (!conf->tcp_port) protocol &= ~PROT_TCPv4; |
666 | if (!conf->dns_port) protocol &= ~PROT_DNSv4; |
719 | if (!conf->dns_port) protocol &= ~PROT_DNSv4; |
667 | |
720 | |
668 | if (protocol |
721 | if (protocol |
… | |
… | |
689 | slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s (%s)"), |
742 | slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s (%s)"), |
690 | conf->nodename, r->conf->nodename, (const char *)r->si); |
743 | conf->nodename, r->conf->nodename, (const char *)r->si); |
691 | return r->si; |
744 | return r->si; |
692 | } |
745 | } |
693 | else |
746 | else |
694 | slog (L_DEBUG, _("%s: node unreachable, no common protocol"), |
747 | slog (L_DEBUG, _("%s: node unreachable, no common protocol, no router"), |
695 | conf->nodename); |
748 | conf->nodename); |
696 | } |
749 | } |
697 | |
750 | |
698 | return si; |
751 | return si; |
699 | } |
752 | } |
… | |
… | |
848 | slog (L_INFO, _("%s(%s): connection lost"), |
901 | slog (L_INFO, _("%s(%s): connection lost"), |
849 | conf->nodename, (const char *)si); |
902 | conf->nodename, (const char *)si); |
850 | |
903 | |
851 | if (::conf.script_node_down) |
904 | if (::conf.script_node_down) |
852 | { |
905 | { |
853 | run_script_cb cb; |
906 | run_script_cb *cb = new run_script_cb; |
854 | cb.set<connection, &connection::script_node_down> (this); |
907 | cb->set<connection, &connection::script_node_down> (this); |
855 | if (!run_script (cb, false)) |
|
|
856 | slog (L_WARN, _("node-down command execution failed, continuing.")); |
908 | run_script_queued (cb, _("node-down command execution failed, continuing.")); |
857 | } |
909 | } |
858 | } |
910 | } |
859 | |
911 | |
860 | delete ictx; ictx = 0; |
912 | delete ictx; ictx = 0; |
861 | delete octx; octx = 0; |
913 | delete octx; octx = 0; |
… | |
… | |
1094 | conf->nodename, (const char *)rsi, |
1146 | conf->nodename, (const char *)rsi, |
1095 | p->prot_major, p->prot_minor); |
1147 | p->prot_major, p->prot_minor); |
1096 | |
1148 | |
1097 | if (::conf.script_node_up) |
1149 | if (::conf.script_node_up) |
1098 | { |
1150 | { |
1099 | run_script_cb cb; |
1151 | run_script_cb *cb = new run_script_cb; |
1100 | cb.set<connection, &connection::script_node_up> (this); |
1152 | cb->set<connection, &connection::script_node_up> (this); |
1101 | if (!run_script (cb, false)) |
|
|
1102 | slog (L_WARN, _("node-up command execution failed, continuing.")); |
1153 | run_script_queued (cb, _("node-up command execution failed, continuing.")); |
1103 | } |
1154 | } |
1104 | |
1155 | |
1105 | break; |
1156 | break; |
1106 | } |
1157 | } |
1107 | else |
1158 | else |
… | |
… | |
1317 | connection::connection (struct vpn *vpn, conf_node *conf) |
1368 | connection::connection (struct vpn *vpn, conf_node *conf) |
1318 | : vpn(vpn), conf(conf), |
1369 | : vpn(vpn), conf(conf), |
1319 | #if ENABLE_DNS |
1370 | #if ENABLE_DNS |
1320 | dns (0), |
1371 | dns (0), |
1321 | #endif |
1372 | #endif |
1322 | data_queue(conf->max_ttl, conf->max_queue), |
1373 | data_queue(conf->max_ttl, conf->max_queue + 1), |
1323 | vpn_queue(conf->max_ttl, conf->max_queue) |
1374 | vpn_queue(conf->max_ttl, conf->max_queue + 1) |
1324 | { |
1375 | { |
1325 | rekey .set<connection, &connection::rekey_cb > (this); |
1376 | rekey .set<connection, &connection::rekey_cb > (this); |
1326 | keepalive .set<connection, &connection::keepalive_cb > (this); |
1377 | keepalive .set<connection, &connection::keepalive_cb > (this); |
1327 | establish_connection.set<connection, &connection::establish_connection_cb> (this); |
1378 | establish_connection.set<connection, &connection::establish_connection_cb> (this); |
1328 | |
1379 | |