ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.73 by pcg, Sun Aug 10 01:34:36 2008 UTC vs.
Revision 1.103 by root, Thu Jul 18 17:35:10 2013 UTC

1/* 1/*
2 connection.C -- manage a single connection 2 connection.C -- manage a single connection
3 Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> 3 Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann <gvpe@schmorp.de>
4 4
5 This file is part of GVPE. 5 This file is part of GVPE.
6 6
7 GVPE is free software; you can redistribute it and/or modify it 7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the 8 under the terms of the GNU General Public License as published by the
43#include "conf.h" 43#include "conf.h"
44#include "slog.h" 44#include "slog.h"
45#include "device.h" 45#include "device.h"
46#include "vpn.h" 46#include "vpn.h"
47#include "connection.h" 47#include "connection.h"
48#include "hkdf.h"
48 49
49#include "netcompat.h" 50#include "netcompat.h"
50 51
51#if !HAVE_RAND_PSEUDO_BYTES
52# define RAND_pseudo_bytes RAND_bytes
53#endif
54
55#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic 52#define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic
53#define MAGIC "HUHN\xbd\xc6\xdb\x82" // 8 bytes of magic//D
56 54
57#define ULTRA_FAST 1 55#define ULTRA_FAST 1
58#define HLOG 15 56#define HLOG 15
59#include "lzf/lzf.h" 57#include "lzf/lzf.h"
60#include "lzf/lzf_c.c" 58#include "lzf/lzf_c.c"
63////////////////////////////////////////////////////////////////////////////// 61//////////////////////////////////////////////////////////////////////////////
64 62
65static std::queue< std::pair<run_script_cb *, const char *> > rs_queue; 63static std::queue< std::pair<run_script_cb *, const char *> > rs_queue;
66static ev::child rs_child_ev; 64static ev::child rs_child_ev;
67 65
66namespace
67{
68void // c++ requires external linkage here, apparently :( 68 void // c++ requires external linkage here, apparently :(
69rs_child_cb (ev::child &w, int revents) 69 rs_child_cb (ev::child &w, int revents)
70{ 70 {
71 w.stop (); 71 w.stop ();
72 72
73 if (rs_queue.empty ()) 73 if (rs_queue.empty ())
74 return; 74 return;
75 75
76 pid_t pid = run_script (*rs_queue.front ().first, false); 76 pid_t pid = run_script (*rs_queue.front ().first, false);
77 if (pid) 77 if (pid)
78 { 78 {
79 w.set (pid); 79 w.set (pid);
80 w.start (); 80 w.start ();
81 } 81 }
82 else 82 else
83 slog (L_WARN, rs_queue.front ().second); 83 slog (L_WARN, rs_queue.front ().second);
84 84
85 delete rs_queue.front ().first; 85 delete rs_queue.front ().first;
86 rs_queue.pop (); 86 rs_queue.pop ();
87} 87 }
88};
88 89
89// despite the fancy name, this is quite a hack 90// despite the fancy name, this is quite a hack
90static void 91static void
91run_script_queued (run_script_cb *cb, const char *warnmsg) 92run_script_queued (run_script_cb *cb, const char *warnmsg)
92{ 93{
104struct crypto_ctx 105struct crypto_ctx
105{ 106{
106 EVP_CIPHER_CTX cctx; 107 EVP_CIPHER_CTX cctx;
107 HMAC_CTX hctx; 108 HMAC_CTX hctx;
108 109
109 crypto_ctx (const rsachallenge &challenge, int enc); 110 crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc);
110 ~crypto_ctx (); 111 ~crypto_ctx ();
111}; 112};
112 113
113crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc) 114crypto_ctx::crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc)
114{ 115{
116 ecdh_key s;
117
118 curve25519_combine (a, b, s);
119
120 {
121 u8 mac_key[MAC_KEYSIZE];
122 static const unsigned char mac_info[] = "gvpe mac key";
123
124 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
125 kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key));
126 kdf.extract (s, sizeof (s));
127 kdf.extract_done (HKDF_PRF_HASH ());
128 kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info));
129
130 HMAC_CTX_init (&hctx);
131 require (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0));
132 }
133
134 {
135 u8 cipher_key[CIPHER_KEYSIZE];
136 static const unsigned char cipher_info[] = "gvpe cipher key";
137
138 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
139 kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key));
140 kdf.extract (s, sizeof (s));
141 kdf.extract_done (HKDF_PRF_HASH ());
142 kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info));
143
115 EVP_CIPHER_CTX_init (&cctx); 144 EVP_CIPHER_CTX_init (&cctx);
116 require (EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc)); 145 require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc));
117 HMAC_CTX_init (&hctx); 146 }
118 HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
119} 147}
120 148
121crypto_ctx::~crypto_ctx () 149crypto_ctx::~crypto_ctx ()
122{ 150{
123 require (EVP_CIPHER_CTX_cleanup (&cctx)); 151 require (EVP_CIPHER_CTX_cleanup (&cctx));
124 HMAC_CTX_cleanup (&hctx); 152 HMAC_CTX_cleanup (&hctx);
125} 153}
126 154
155static inline void
156auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr)
157{
158 if (RSA_public_encrypt (sizeof (auth.rsa),
159 (unsigned char *)&auth.rsa, (unsigned char *)&encr.rsa,
160 key, RSA_PKCS1_OAEP_PADDING) < 0)
161 fatal ("RSA_public_encrypt error");
162
163 memcpy (&encr.ecdh, &auth.ecdh, sizeof (encr.ecdh));
164}
165
166static inline bool
167auth_decrypt (RSA *key, const auth_encr &encr, auth_data &auth)
168{
169 u8 rsa_decrypt[RSA_KEYLEN];
170
171 if (RSA_private_decrypt (sizeof (encr.rsa),
172 (const unsigned char *)&encr.rsa, (unsigned char *)rsa_decrypt,
173 key, RSA_PKCS1_OAEP_PADDING) != sizeof (auth.rsa))
174 return 0;
175
176 memcpy (&auth.rsa, rsa_decrypt, sizeof (auth.rsa));
177 memcpy (&auth.ecdh, &encr.ecdh, sizeof (auth.ecdh));
178
179 return 1;
180}
181
127static void 182static void
128rsa_hash (const rsaid &id, const rsachallenge &chg, rsaresponse &h) 183auth_hash (const auth_data &auth, auth_mac &mac)
129{ 184{
130 EVP_MD_CTX ctx; 185 HMAC_CTX ctx;
131 186
132 EVP_MD_CTX_init (&ctx); 187 HMAC_CTX_init (&ctx);
133 require (EVP_DigestInit (&ctx, RSA_HASH)); 188 require (HMAC_Init_ex (&ctx, auth.rsa.auth_key, sizeof (auth.rsa.auth_key), AUTH_DIGEST (), 0));
134 require (EVP_DigestUpdate(&ctx, &chg, sizeof chg)); 189 require (HMAC_Update (&ctx, (const unsigned char *)&auth, sizeof auth));
135 require (EVP_DigestUpdate(&ctx, &id, sizeof id));
136 require (EVP_DigestFinal (&ctx, (unsigned char *)&h, 0)); 190 require (HMAC_Final (&ctx, (unsigned char *)&mac, 0));
137 EVP_MD_CTX_cleanup (&ctx); 191 HMAC_CTX_cleanup (&ctx);
138} 192}
139 193
140struct rsa_entry 194void
195connection::generate_auth_data ()
141{ 196{
142 tstamp expire; 197 if (auth_expire < ev_now ())
143 rsaid id;
144 rsachallenge chg;
145};
146
147struct rsa_cache : list<rsa_entry>
148{
149 inline void cleaner_cb (ev::timer &w, int revents); ev::timer cleaner;
150
151 bool find (const rsaid &id, rsachallenge &chg)
152 {
153 for (iterator i = begin (); i != end (); ++i)
154 { 198 {
155 if (!memcmp (&id, &i->id, sizeof id) && i->expire > ev_now ()) 199 // request data
156 { 200 rand_fill (snd_auth.rsa);
157 memcpy (&chg, &i->chg, sizeof chg); 201 curve25519_generate (snd_ecdh_a, snd_auth.ecdh);
202 auth_hash (snd_auth, snd_auth_mac);
158 203
159 erase (i); 204 // eventual response data
160 return true; 205 curve25519_generate (rcv_ecdh_a, rcv_ecdh_b);
161 }
162 } 206 }
163 207
164 if (!cleaner.is_active ()) 208 // every use prolongs the expiry
165 cleaner.again ();
166
167 return false;
168 }
169
170 void gen (rsaid &id, rsachallenge &chg)
171 {
172 rsa_entry e;
173
174 RAND_bytes ((unsigned char *)&id, sizeof id);
175 RAND_bytes ((unsigned char *)&chg, sizeof chg);
176
177 e.expire = ev_now () + RSA_TTL; 209 auth_expire = ev_now () + AUTH_TTL;
178 e.id = id;
179 memcpy (&e.chg, &chg, sizeof chg);
180
181 push_back (e);
182
183 if (!cleaner.is_active ())
184 cleaner.again ();
185 }
186
187 rsa_cache ()
188 {
189 cleaner.set<rsa_cache, &rsa_cache::cleaner_cb> (this);
190 cleaner.set (RSA_TTL, RSA_TTL);
191 }
192
193} rsa_cache;
194
195void rsa_cache::cleaner_cb (ev::timer &w, int revents)
196{
197 if (empty ())
198 w.stop ();
199 else
200 {
201 for (iterator i = begin (); i != end (); )
202 if (i->expire <= ev_now ())
203 i = erase (i);
204 else
205 ++i;
206 }
207} 210}
208 211
209////////////////////////////////////////////////////////////////////////////// 212//////////////////////////////////////////////////////////////////////////////
210 213
211pkt_queue::pkt_queue (double max_ttl, int max_queue) 214pkt_queue::pkt_queue (double max_ttl, int max_queue)
225 delete p; 228 delete p;
226 229
227 delete [] queue; 230 delete [] queue;
228} 231}
229 232
233void
230void pkt_queue::expire_cb (ev::timer &w, int revents) 234pkt_queue::expire_cb (ev::timer &w, int revents)
231{ 235{
232 ev_tstamp expire = ev_now () - max_ttl; 236 ev_tstamp expire = ev_now () - max_ttl;
233 237
234 for (;;) 238 for (;;)
235 { 239 {
246 250
247 delete get (); 251 delete get ();
248 } 252 }
249} 253}
250 254
255void
251void pkt_queue::put (net_packet *p) 256pkt_queue::put (net_packet *p)
252{ 257{
253 ev_tstamp now = ev_now (); 258 ev_tstamp now = ev_now ();
254 259
255 // start expiry timer 260 // start expiry timer
256 if (empty ()) 261 if (empty ())
265 queue[i].tstamp = now; 270 queue[i].tstamp = now;
266 271
267 i = ni; 272 i = ni;
268} 273}
269 274
270net_packet *pkt_queue::get () 275net_packet *
276pkt_queue::get ()
271{ 277{
272 if (empty ()) 278 if (empty ())
273 return 0; 279 return 0;
274 280
275 net_packet *p = queue[j].pkt; 281 net_packet *p = queue[j].pkt;
299 305
300 bool can (const sockinfo &si) { return can((u32)si.host); } 306 bool can (const sockinfo &si) { return can((u32)si.host); }
301 bool can (u32 host); 307 bool can (u32 host);
302}; 308};
303 309
304net_rate_limiter auth_rate_limiter, reset_rate_limiter; 310static net_rate_limiter auth_rate_limiter, reset_rate_limiter;
305 311
312bool
306bool net_rate_limiter::can (u32 host) 313net_rate_limiter::can (u32 host)
307{ 314{
308 iterator i; 315 iterator i;
309 316
310 for (i = begin (); i != end (); ) 317 for (i = begin (); i != end (); )
311 if (i->host == host) 318 if (i->host == host)
358 365
359///////////////////////////////////////////////////////////////////////////// 366/////////////////////////////////////////////////////////////////////////////
360 367
361unsigned char hmac_packet::hmac_digest[EVP_MAX_MD_SIZE]; 368unsigned char hmac_packet::hmac_digest[EVP_MAX_MD_SIZE];
362 369
370void
363void hmac_packet::hmac_gen (crypto_ctx *ctx) 371hmac_packet::hmac_gen (crypto_ctx *ctx)
364{ 372{
365 unsigned int xlen; 373 unsigned int xlen;
366 374
367 HMAC_CTX *hctx = &ctx->hctx; 375 HMAC_CTX *hctx = &ctx->hctx;
368 376
369 HMAC_Init_ex (hctx, 0, 0, 0, 0); 377 require (HMAC_Init_ex (hctx, 0, 0, 0, 0));
370 HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), 378 require (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet),
371 len - sizeof (hmac_packet)); 379 len - sizeof (hmac_packet)));
372 HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen); 380 require (HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen));
373} 381}
374 382
375void 383void
376hmac_packet::hmac_set (crypto_ctx *ctx) 384hmac_packet::hmac_set (crypto_ctx *ctx)
377{ 385{
386 hmac_gen (ctx); 394 hmac_gen (ctx);
387 395
388 return !memcmp (hmac, hmac_digest, HMACLENGTH); 396 return !memcmp (hmac, hmac_digest, HMACLENGTH);
389} 397}
390 398
399void
391void vpn_packet::set_hdr (ptype type_, unsigned int dst) 400vpn_packet::set_hdr (ptype type_, unsigned int dst)
392{ 401{
393 type = type_; 402 type = type_;
394 403
395 int src = THISNODE->id; 404 int src = THISNODE->id;
396 405
401 410
402#define MAXVPNDATA (MAX_MTU - 6 - 6) 411#define MAXVPNDATA (MAX_MTU - 6 - 6)
403#define DATAHDR (sizeof (u32) + RAND_SIZE) 412#define DATAHDR (sizeof (u32) + RAND_SIZE)
404 413
405struct vpndata_packet : vpn_packet 414struct vpndata_packet : vpn_packet
415{
416 u8 data[MAXVPNDATA + DATAHDR]; // seqno
417
418 void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
419 tap_packet *unpack (connection *conn, u32 &seqno);
420
421private:
422 const u32 data_hdr_size () const
406 { 423 {
407 u8 data[MAXVPNDATA + DATAHDR]; // seqno
408
409 void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
410 tap_packet *unpack (connection *conn, u32 &seqno);
411private:
412
413 const u32 data_hdr_size () const
414 {
415 return sizeof (vpndata_packet) - sizeof (net_packet) - MAXVPNDATA - DATAHDR; 424 return sizeof (vpndata_packet) - sizeof (net_packet) - MAXVPNDATA - DATAHDR;
416 }
417 }; 425 }
426};
418 427
419void 428void
420vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno) 429vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
421{ 430{
422 EVP_CIPHER_CTX *cctx = &conn->octx->cctx; 431 EVP_CIPHER_CTX *cctx = &conn->octx->cctx;
424 ptype type = PT_DATA_UNCOMPRESSED; 433 ptype type = PT_DATA_UNCOMPRESSED;
425 434
426#if ENABLE_COMPRESSION 435#if ENABLE_COMPRESSION
427 u8 cdata[MAX_MTU]; 436 u8 cdata[MAX_MTU];
428 437
429 if (conn->features & ENABLE_COMPRESSION) 438 if (conn->features & FEATURE_COMPRESSION)
430 { 439 {
431 u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7); 440 u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
432 441
433 if (cl) 442 if (cl)
434 { 443 {
440 d[1] = cl; 449 d[1] = cl;
441 } 450 }
442 } 451 }
443#endif 452#endif
444 453
445 require (EVP_EncryptInit_ex (cctx, 0, 0, 0, 0)); 454 require (EVP_CipherInit_ex (cctx, 0, 0, 0, 0, 1));
446 455
447 struct { 456 struct {
448#if RAND_SIZE 457#if RAND_SIZE
449 u8 rnd[RAND_SIZE]; 458 u8 rnd[RAND_SIZE];
450#endif 459#endif
451 u32 seqno; 460 u32 seqno;
452 } datahdr; 461 } datahdr;
453 462
454 datahdr.seqno = ntohl (seqno); 463 datahdr.seqno = ntohl (seqno);
455#if RAND_SIZE 464#if RAND_SIZE
456 RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); 465 // NB: a constant (per session) random prefix
466 // is likely enough, but we don't take any chances.
467 conn->oiv.get (datahdr.rnd, RAND_SIZE);
457#endif 468#endif
458 469
459 require (EVP_EncryptUpdate (cctx, 470 require (EVP_EncryptUpdate (cctx,
460 (unsigned char *) data + outl, &outl2, 471 (unsigned char *) data + outl, &outl2,
461 (unsigned char *) &datahdr, DATAHDR)); 472 (unsigned char *) &datahdr, DATAHDR));
483 int outl = 0, outl2; 494 int outl = 0, outl2;
484 tap_packet *p = new tap_packet; 495 tap_packet *p = new tap_packet;
485 u8 *d; 496 u8 *d;
486 u32 l = len - data_hdr_size (); 497 u32 l = len - data_hdr_size ();
487 498
488 require (EVP_DecryptInit_ex (cctx, 0, 0, 0, 0)); 499 require (EVP_CipherInit_ex (cctx, 0, 0, 0, 0, 0));
489 500
490#if ENABLE_COMPRESSION 501#if ENABLE_COMPRESSION
491 u8 cdata[MAX_MTU]; 502 u8 cdata[MAX_MTU];
492 503
493 if (type == PT_DATA_COMPRESSED) 504 if (type == PT_DATA_COMPRESSED)
494 d = cdata; 505 d = cdata;
495 else 506 else
496#endif 507#endif
497 d = &(*p)[6 + 6 - DATAHDR]; 508 d = &(*p)[6 + 6] - DATAHDR;
498 509
499 /* this overwrites part of the src mac, but we fix that later */ 510 // we play do evil games with the struct layout atm.
511 // pending better solutions, we at least do some verification.
512 // this is fine, as we left ISO territory long ago.
513 require (DATAHDR <= 16);
514 require ((u8 *)(&p->len + 1) == &(*p)[0]);
515
516 // this can overwrite the len/dst/src fields
500 require (EVP_DecryptUpdate (cctx, 517 require (EVP_DecryptUpdate (cctx,
501 d, &outl2, 518 d, &outl2,
502 (unsigned char *)&data, len - data_hdr_size ())); 519 (unsigned char *)&data, len - data_hdr_size ()));
503 outl += outl2; 520 outl += outl2;
504 521
535 } 552 }
536}; 553};
537 554
538struct config_packet : vpn_packet 555struct config_packet : vpn_packet
539{ 556{
540 // actually, hmaclen cannot be checked because the hmac 557 u8 serial[SERIAL_SIZE];
541 // field comes before this data, so peers with other
542 // hmacs simply will not work.
543 u8 prot_major, prot_minor, randsize, hmaclen; 558 u8 prot_major, prot_minor, randsize;
544 u8 flags, challengelen, features, pad3; 559 u8 flags, features, pad6, pad7, pad8;
545 u32 cipher_nid, digest_nid, hmac_nid; 560 u32 cipher_nid, mac_nid, auth_nid;
546 561
547 void setup (ptype type, int dst); 562 void setup (ptype type, int dst);
548 bool chk_config () const; 563 bool chk_config (const conf_node *conf, const sockinfo &rsi) const;
549 564
550 static u8 get_features () 565 static u8 get_features ()
551 { 566 {
552 u8 f = 0; 567 u8 f = 0;
553#if ENABLE_COMPRESSION 568#if ENABLE_COMPRESSION
561#endif 576#endif
562 return f; 577 return f;
563 } 578 }
564}; 579};
565 580
581void
566void config_packet::setup (ptype type, int dst) 582config_packet::setup (ptype type, int dst)
567{ 583{
568 prot_major = PROTOCOL_MAJOR; 584 prot_major = PROTOCOL_MAJOR;
569 prot_minor = PROTOCOL_MINOR; 585 prot_minor = PROTOCOL_MINOR;
570 randsize = RAND_SIZE; 586 randsize = RAND_SIZE;
571 hmaclen = HMACLENGTH;
572 flags = 0; 587 flags = 0;
573 challengelen = sizeof (rsachallenge);
574 features = get_features (); 588 features = get_features ();
575 589
590 strncpy ((char *)serial, conf.serial, sizeof (serial));
591
576 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER)); 592 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER ()));
577 digest_nid = htonl (EVP_MD_type (RSA_HASH));
578 hmac_nid = htonl (EVP_MD_type (DIGEST)); 593 mac_nid = htonl (EVP_MD_type (MAC_DIGEST ()));
594 auth_nid = htonl (EVP_MD_type (AUTH_DIGEST ()));
579 595
580 len = sizeof (*this) - sizeof (net_packet); 596 len = sizeof (*this) - sizeof (net_packet);
581 set_hdr (type, dst); 597 set_hdr (type, dst);
582} 598}
583 599
584bool config_packet::chk_config () const 600bool
601config_packet::chk_config (const conf_node *conf, const sockinfo &rsi) const
585{ 602{
586 if (prot_major != PROTOCOL_MAJOR) 603 if (prot_major != PROTOCOL_MAJOR)
587 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR); 604 slog (L_WARN, _("%s(%s): major version mismatch (remote %d <=> local %d)"),
605 conf->nodename, (const char *)rsi, prot_major, PROTOCOL_MAJOR);
588 else if (randsize != RAND_SIZE) 606 else if (randsize != RAND_SIZE)
589 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE); 607 slog (L_WARN, _("%s(%s): rand size mismatch (remote %d <=> local %d)"),
590 else if (hmaclen != HMACLENGTH) 608 conf->nodename, (const char *)rsi, randsize, RAND_SIZE);
591 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
592 else if (challengelen != sizeof (rsachallenge))
593 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
594 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER))) 609 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER ())))
595 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER)); 610 slog (L_WARN, _("%s(%s): cipher algo mismatch (remote %x <=> local %x)"),
596 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH))) 611 conf->nodename, (const char *)rsi, ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER ()));
597 slog (L_WARN, _("digest mismatch (remote %x <=> local %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
598 else if (hmac_nid != htonl (EVP_MD_type (DIGEST))) 612 else if (mac_nid != htonl (EVP_MD_type (MAC_DIGEST ())))
599 slog (L_WARN, _("hmac mismatch (remote %x <=> local %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST)); 613 slog (L_WARN, _("%s(%s): mac algo mismatch (remote %x <=> local %x)"),
614 conf->nodename, (const char *)rsi, ntohl (mac_nid), EVP_MD_type (MAC_DIGEST ()));
615 else if (auth_nid != htonl (EVP_MD_type (AUTH_DIGEST ())))
616 slog (L_WARN, _("%s(%s): auth algo mismatch (remote %x <=> local %x)"),
617 conf->nodename, (const char *)rsi, ntohl (auth_nid), EVP_MD_type (AUTH_DIGEST ()));
600 else 618 else
619 {
620 int cmp = memcmp (serial, ::conf.serial, sizeof (serial));
621
622 if (cmp > 0)
623 slog (L_WARN, _("%s(%s): remote serial newer than local serial - outdated config?"),
624 conf->nodename, (const char *)rsi);
625 else if (cmp == 0)
601 return true; 626 return true;
627 }
602 628
603 return false; 629 return false;
604} 630}
605 631
606struct auth_req_packet : config_packet 632struct auth_req_packet : config_packet // UNPROTECTED
607{ 633{
608 char magic[8]; 634 char magic[8];
609 u8 initiate; // false if this is just an automatic reply 635 u8 initiate; // false if this is just an automatic reply
610 u8 protocols; // supported protocols (will be patched on forward) 636 u8 protocols; // supported protocols (will be patched on forward)
611 u8 pad2, pad3; 637 u8 pad2, pad3;
612 rsaid id; 638 auth_encr encr;
613 rsaencrdata encr;
614 639
615 auth_req_packet (int dst, bool initiate_, u8 protocols_) 640 auth_req_packet (int dst, bool initiate_, u8 protocols_)
616 { 641 {
617 config_packet::setup (PT_AUTH_REQ, dst); 642 config_packet::setup (PT_AUTH_REQ, dst);
618 strncpy (magic, MAGIC, 8); 643 memcpy (magic, MAGIC, 8);
619 initiate = !!initiate_; 644 initiate = !!initiate_;
620 protocols = protocols_; 645 protocols = protocols_;
621 646
622 len = sizeof (*this) - sizeof (net_packet); 647 len = sizeof (*this) - sizeof (net_packet);
623 } 648 }
624}; 649};
625 650
626struct auth_res_packet : config_packet 651struct auth_res_packet : vpn_packet // UNPROTECTED
627{ 652{
628 rsaid id;
629 u8 pad1, pad2, pad3;
630 u8 response_len; // encrypted length
631 rsaresponse response; 653 auth_response response;
632 654
633 auth_res_packet (int dst) 655 auth_res_packet (int dst)
634 { 656 {
635 config_packet::setup (PT_AUTH_RES, dst); 657 set_hdr (PT_AUTH_RES, dst);
636 658
637 len = sizeof (*this) - sizeof (net_packet); 659 len = sizeof (*this) - sizeof (net_packet);
638 } 660 }
639}; 661};
640 662
670}; 692};
671 693
672///////////////////////////////////////////////////////////////////////////// 694/////////////////////////////////////////////////////////////////////////////
673 695
674void 696void
675connection::connection_established () 697connection::connection_established (const sockinfo &rsi)
676{ 698{
677 slog (L_TRACE, _("%s: possible connection establish (ictx %d, octx %d)"), conf->nodename, !!ictx, !!octx); 699 if (!have_snd_auth || !have_rcv_auth)
700 return;
678 701
702 si = rsi;
703 protocol = rsi.prot;
704
705 slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."),
706 conf->nodename, (const char *)rsi,
707 is_direct ? "direct" : "forwarded",
708 PROTOCOL_MAJOR, prot_minor);
709
710 if (::conf.script_node_up)
711 {
712 run_script_cb *cb = new run_script_cb;
713 cb->set<connection, &connection::script_node_up> (this);
714 run_script_queued (cb, _("node-up command execution failed, continuing."));
715 }
716
717 delete ictx; ictx = new crypto_ctx (rcv_auth, snd_auth, rcv_ecdh_a, rcv_auth.ecdh, 0);
718 iseqno.reset (ntohl (rcv_auth.rsa.seqno) & 0x7fffffff);
719
720 delete octx; octx = new crypto_ctx (snd_auth, rcv_auth, snd_ecdh_a, snd_ecdh_b , 1);
721 oseqno = ntohl (snd_auth.rsa.seqno) & 0x7fffffff;
722
723 oiv.reset ();
724
725 // make sure rekeying timeouts are slightly asymmetric
726 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0);
727 rekey.start (rekey_interval, rekey_interval);
728
729 keepalive.start (::conf.keepalive);
730
731 // send queued packets
679 if (ictx && octx) 732 if (ictx && octx)
680 { 733 {
681 // make sure rekeying timeouts are slightly asymmetric 734 while (tap_packet *p = (tap_packet *)data_queue.get ())
682 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0);
683 rekey.start (rekey_interval, rekey_interval);
684 keepalive.start (::conf.keepalive);
685
686 // send queued packets
687 if (ictx && octx)
688 { 735 {
689 while (tap_packet *p = (tap_packet *)data_queue.get ())
690 {
691 if (p->len) send_data_packet (p); 736 if (p->len) send_data_packet (p);
692 delete p; 737 delete p;
693 }
694
695 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
696 {
697 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY);
698 delete p;
699 }
700 } 738 }
701 739
740 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
741 {
742 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY);
743 delete p;
744 }
745 }
746
702 vpn->connection_established (this); 747 vpn->connection_established (this);
703 }
704 else
705 {
706 retry_cnt = 0;
707 establish_connection.start (5);
708 keepalive.stop ();
709 rekey.stop ();
710 }
711} 748}
712 749
713void 750void
714connection::reset_si () 751connection::reset_si ()
715{ 752{
760{ 797{
761 ping_packet *pkt = new ping_packet; 798 ping_packet *pkt = new ping_packet;
762 799
763 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); 800 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
764 801
765 slog (L_TRACE, ">>%d %s [%s]", conf->id, pong ? "PT_PONG" : "PT_PING", (const char *)si); 802 slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si);
766
767 send_vpn_packet (pkt, si, IPTOS_LOWDELAY); 803 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
768 804
769 delete pkt; 805 delete pkt;
770} 806}
771 807
786void 822void
787connection::send_auth_request (const sockinfo &si, bool initiate) 823connection::send_auth_request (const sockinfo &si, bool initiate)
788{ 824{
789 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols); 825 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
790 826
791 rsachallenge chg; 827 generate_auth_data ();
792 rsa_cache.gen (pkt->id, chg);
793 rsa_encrypt (conf->rsa_key, chg, pkt->encr); 828 auth_encrypt (conf->rsa_key, snd_auth, pkt->encr);
794 829
795 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); 830 slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si);
796
797 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly 831 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
798 832
799 delete pkt; 833 delete pkt;
800} 834}
801 835
802void 836void
803connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg) 837connection::send_auth_response (const sockinfo &si)
804{ 838{
805 auth_res_packet *pkt = new auth_res_packet (conf->id); 839 auth_res_packet *pkt = new auth_res_packet (conf->id);
806 840
807 pkt->id = id; 841 auth_hash (rcv_auth, pkt->response.mac);
842 memcpy (pkt->response.ecdh, rcv_ecdh_b, sizeof (rcv_ecdh_b));
808 843
809 rsa_hash (id, chg, pkt->response);
810
811 pkt->hmac_set (octx);
812
813 slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si); 844 slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si);
814
815 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly 845 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
816 846
817 delete pkt; 847 delete pkt;
818} 848}
819 849
820void 850void
821connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols) 851connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols)
822{ 852{
823 slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)", 853 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s,p%02x)", conf->nodename,
824 conf->id, rid, (const char *)rsi); 854 vpn->conns[rid - 1]->conf->nodename, (const char *)rsi,
855 conf->protocols);
825 856
826 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols); 857 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
827 858
828 r->hmac_set (octx); 859 r->hmac_set (octx);
829 send_vpn_packet (r, si); 860 send_vpn_packet (r, si);
832} 863}
833 864
834inline void 865inline void
835connection::establish_connection_cb (ev::timer &w, int revents) 866connection::establish_connection_cb (ev::timer &w, int revents)
836{ 867{
837 if (!ictx 868 if (!(ictx && octx)
838 && conf != THISNODE 869 && conf != THISNODE
839 && connectmode != conf_node::C_NEVER 870 && connectmode != conf_node::C_NEVER
840 && connectmode != conf_node::C_DISABLED 871 && connectmode != conf_node::C_DISABLED
841 && !w.is_active ()) 872 && !w.is_active ())
842 { 873 {
860 891
861 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf)) 892 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf))
862 { 893 {
863 /*TODO*/ /* start the timer so we don't recurse endlessly */ 894 /*TODO*/ /* start the timer so we don't recurse endlessly */
864 w.start (1); 895 w.start (1);
865 vpn->send_connect_request (conf->id); 896 vpn->send_connect_request (this);
866 } 897 }
867 else 898 else
868 { 899 {
869 if (si.valid ()) 900 if (si.valid ())
870 slog (L_DEBUG, _("%s: sending direct connection request to %s."), 901 slog (L_DEBUG, _("%s: sending direct connection request to %s."),
910 } 941 }
911 } 942 }
912 943
913 delete ictx; ictx = 0; 944 delete ictx; ictx = 0;
914 delete octx; octx = 0; 945 delete octx; octx = 0;
915#if ENABLE_DNS
916 dnsv4_reset_connection ();
917#endif
918 946
919 si.host = 0; 947 si.host = 0;
948
949 have_snd_auth = false;
950 have_rcv_auth = false;
951 auth_expire = 0.;
920 952
921 last_activity = 0.; 953 last_activity = 0.;
922 //last_si_change = 0.; 954 //last_si_change = 0.;
923 retry_cnt = 0; 955 retry_cnt = 0;
924 956
983 data_queue.put (new tap_packet (*pkt)); 1015 data_queue.put (new tap_packet (*pkt));
984 post_inject_queue (); 1016 post_inject_queue ();
985 } 1017 }
986} 1018}
987 1019
1020void
988void connection::inject_vpn_packet (vpn_packet *pkt, int tos) 1021connection::inject_vpn_packet (vpn_packet *pkt, int tos)
989{ 1022{
990 if (ictx && octx) 1023 if (ictx && octx)
991 send_vpn_packet (pkt, si, tos); 1024 send_vpn_packet (pkt, si, tos);
992 else 1025 else
993 { 1026 {
999void 1032void
1000connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) 1033connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
1001{ 1034{
1002 last_activity = ev_now (); 1035 last_activity = ev_now ();
1003 1036
1004 slog (L_NOISE, "<<%d received packet type %d from %d to %d.", 1037 slog (L_NOISE, "%s >> received packet type %d from %d to %d.",
1005 conf->id, pkt->typ (), pkt->src (), pkt->dst ()); 1038 conf->nodename, pkt->typ (), pkt->src (), pkt->dst ());
1006 1039
1007 if (connectmode == conf_node::C_DISABLED) 1040 if (connectmode == conf_node::C_DISABLED)
1008 return; 1041 return;
1009 1042
1010 switch (pkt->typ ()) 1043 switch (pkt->typ ())
1011 { 1044 {
1012 case vpn_packet::PT_PING: 1045 case vpn_packet::PT_PING:
1046 slog (L_TRACE, "%s >> PT_PING", conf->nodename);
1047
1013 // we send pings instead of auth packets after some retries, 1048 // we send pings instead of auth packets after some retries,
1014 // so reset the retry counter and establish a connection 1049 // so reset the retry counter and establish a connection
1015 // when we receive a ping. 1050 // when we receive a ping.
1016 if (!ictx) 1051 if (!ictx)
1017 { 1052 {
1018 if (auth_rate_limiter.can (rsi)) 1053 if (auth_rate_limiter.can (rsi))
1019 send_auth_request (rsi, true); 1054 send_auth_request (rsi, true);
1020 } 1055 }
1021 else 1056 else
1022 // we would love to change thre socket address here, but ping's aren't 1057 // we would love to change the socket address here, but ping's aren't
1023 // authenticated, so we best ignore it. 1058 // authenticated, so we best ignore it.
1024 send_ping (rsi, 1); // pong 1059 send_ping (rsi, 1); // pong
1025 1060
1026 break; 1061 break;
1027 1062
1028 case vpn_packet::PT_PONG: 1063 case vpn_packet::PT_PONG:
1064 slog (L_TRACE, "%s >> PT_PONG", conf->nodename);
1065
1066 // a PONG might mean that the other side doesn't really know
1067 // about our desire for communication.
1068 establish_connection ();
1029 break; 1069 break;
1030 1070
1031 case vpn_packet::PT_RESET: 1071 case vpn_packet::PT_RESET:
1032 { 1072 {
1033 reset_connection (); 1073 reset_connection ();
1034 1074
1035 config_packet *p = (config_packet *) pkt; 1075 config_packet *p = (config_packet *) pkt;
1036 1076
1037 if (!p->chk_config ()) 1077 if (p->chk_config (conf, rsi) && connectmode == conf_node::C_ALWAYS)
1038 {
1039 slog (L_WARN, _("%s(%s): protocol mismatch, disabling node."),
1040 conf->nodename, (const char *)rsi);
1041 connectmode = conf_node::C_DISABLED;
1042 }
1043 else if (connectmode == conf_node::C_ALWAYS)
1044 establish_connection (); 1078 establish_connection ();
1045 } 1079 }
1046 break; 1080 break;
1047 1081
1048 case vpn_packet::PT_AUTH_REQ: 1082 case vpn_packet::PT_AUTH_REQ:
1049 if (auth_rate_limiter.can (rsi)) 1083 if (auth_rate_limiter.can (rsi))
1050 { 1084 {
1051 auth_req_packet *p = (auth_req_packet *) pkt; 1085 auth_req_packet *p = (auth_req_packet *)pkt;
1052 1086
1053 slog (L_TRACE, "<<%d PT_AUTH_REQ(%d)", conf->id, p->initiate); 1087 slog (L_TRACE, "%s >> PT_AUTH_REQ(%s,p%02x,f%02x)",
1088 conf->nodename, p->initiate ? "initiate" : "reply",
1089 p->protocols, p->features);
1054 1090
1055 if (p->chk_config () && !strncmp (p->magic, MAGIC, 8)) 1091 if (memcmp (p->magic, MAGIC, 8))
1092 {
1093 slog (L_WARN, _("%s(%s): protocol magic mismatch - stray packet?"),
1094 conf->nodename, (const char *)rsi);
1095 }
1096 else if (p->chk_config (conf, rsi))
1056 { 1097 {
1057 if (p->prot_minor != PROTOCOL_MINOR) 1098 if (p->prot_minor != PROTOCOL_MINOR)
1058 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), 1099 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1059 conf->nodename, (const char *)rsi, 1100 conf->nodename, (const char *)rsi,
1060 PROTOCOL_MINOR, conf->nodename, p->prot_minor); 1101 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1061 1102
1062 if (p->initiate) 1103 if (p->initiate)
1063 send_auth_request (rsi, false); 1104 send_auth_request (rsi, false);
1064 1105
1065 rsachallenge k; 1106 auth_data auth;
1066 1107
1067 if (!rsa_decrypt (::conf.rsa_key, p->encr, k)) 1108 if (!auth_decrypt (::conf.rsa_key, p->encr, auth))
1068 { 1109 {
1069 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"), 1110 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
1070 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0)); 1111 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
1071 break;
1072 } 1112 }
1073 else 1113 else
1074 { 1114 {
1075 delete octx; 1115 bool chg = !have_rcv_auth || memcmp (&rcv_auth, &auth, sizeof auth);
1076 1116
1077 octx = new crypto_ctx (k, 1); 1117 rcv_auth = auth;
1078 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; 1118 have_rcv_auth = true;
1079 1119
1120 send_auth_response (rsi);
1121
1122 if (chg)
1123 {
1080 conf->protocols = p->protocols; 1124 conf->protocols = p->protocols;
1081 features = p->features & config_packet::get_features (); 1125 features = p->features & config_packet::get_features ();
1082 1126
1083 send_auth_response (rsi, p->id, k);
1084
1085 connection_established (); 1127 connection_established (rsi);
1086
1087 break; 1128 }
1088 } 1129 }
1130
1131 break;
1089 } 1132 }
1090 else
1091 slog (L_WARN, _("%s(%s): protocol mismatch."),
1092 conf->nodename, (const char *)rsi);
1093 1133
1094 send_reset (rsi); 1134 send_reset (rsi);
1095 } 1135 }
1096 1136
1097 break; 1137 break;
1098 1138
1099 case vpn_packet::PT_AUTH_RES: 1139 case vpn_packet::PT_AUTH_RES:
1100 { 1140 {
1101 auth_res_packet *p = (auth_res_packet *) pkt; 1141 auth_res_packet *p = (auth_res_packet *)pkt;
1102 1142
1103 slog (L_TRACE, "<<%d PT_AUTH_RES", conf->id); 1143 slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename);
1104 1144
1105 if (p->chk_config ()) 1145 if (memcmp (&p->response.mac, snd_auth_mac, sizeof (snd_auth_mac)))
1106 { 1146 {
1107 if (p->prot_minor != PROTOCOL_MINOR)
1108 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1109 conf->nodename, (const char *)rsi,
1110 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1111
1112 rsachallenge chg;
1113
1114 if (!rsa_cache.find (p->id, chg))
1115 {
1116 slog (L_ERR, _("%s(%s): unrequested auth response, ignoring."), 1147 slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."),
1117 conf->nodename, (const char *)rsi); 1148 conf->nodename, (const char *)rsi);
1118 break;
1119 }
1120 else
1121 {
1122 crypto_ctx *cctx = new crypto_ctx (chg, 0);
1123
1124 if (!p->hmac_chk (cctx))
1125 {
1126 slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n"
1127 "could be an attack, or just corruption or a synchronization error."),
1128 conf->nodename, (const char *)rsi);
1129 break;
1130 }
1131 else
1132 {
1133 rsaresponse h;
1134
1135 rsa_hash (p->id, chg, h);
1136
1137 if (!memcmp ((u8 *)&h, (u8 *)p->response, sizeof h))
1138 {
1139 prot_minor = p->prot_minor;
1140
1141 delete ictx; ictx = cctx;
1142
1143 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
1144
1145 si = rsi;
1146 protocol = rsi.prot;
1147
1148 slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d."),
1149 conf->nodename, (const char *)rsi,
1150 p->prot_major, p->prot_minor);
1151
1152 connection_established ();
1153
1154 if (::conf.script_node_up)
1155 {
1156 run_script_cb *cb = new run_script_cb;
1157 cb->set<connection, &connection::script_node_up> (this);
1158 run_script_queued (cb, _("node-up command execution failed, continuing."));
1159 }
1160
1161 break;
1162 }
1163 else
1164 slog (L_ERR, _("%s(%s): sent and received challenge do not match."),
1165 conf->nodename, (const char *)rsi);
1166 }
1167
1168 delete cctx;
1169 }
1170 } 1149 }
1150 else if (!have_snd_auth)
1151 {
1152 memcpy (snd_ecdh_b, p->response.ecdh, sizeof (snd_ecdh_b));
1153
1154 have_snd_auth = true;
1155 connection_established (rsi);
1156 }
1157
1158 break;
1171 } 1159 }
1172 1160
1173 send_reset (rsi); 1161 send_reset (rsi);
1174 break; 1162 break;
1175 1163
1202 if (si != rsi) 1190 if (si != rsi)
1203 { 1191 {
1204 // fast re-sync on source address changes, useful especially for tcp/ip 1192 // fast re-sync on source address changes, useful especially for tcp/ip
1205 //if (last_si_change < ev_now () + 5.) 1193 //if (last_si_change < ev_now () + 5.)
1206 // { 1194 // {
1195 slog (L_INFO, _("%s(%s): changing socket address to %s."),
1196 conf->nodename, (const char *)si, (const char *)rsi);
1197
1207 si = rsi; 1198 si = rsi;
1208 1199
1209 slog (L_INFO, _("%s(%s): socket address changed to %s."), 1200 if (::conf.script_node_change)
1210 conf->nodename, (const char *)si, (const char *)rsi); 1201 {
1202 run_script_cb *cb = new run_script_cb;
1203 cb->set<connection, &connection::script_node_change> (this);
1204 run_script_queued (cb, _("node-change command execution failed, continuing."));
1205 }
1206
1211 // } 1207 // }
1212 //else 1208 //else
1213 // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."), 1209 // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."),
1214 // conf->nodename, (const char *)si, (const char *)rsi); 1210 // conf->nodename, (const char *)si, (const char *)rsi);
1215 } 1211 }
1216 } 1212 }
1217 else if (seqclass == 1) // silently ignore 1213 else if (seqclass == 1) // far history
1214 slog (L_ERR, _("received very old packet (received %08lx, expected %08lx). "
1215 "possible replay attack, or just packet duplication/delay, ignoring."), seqno, iseqno.seq + 1);
1216 else if (seqclass == 2) // in-window duplicate, happens often on wireless
1218 slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n" 1217 slog (L_DEBUG, _("received recent duplicated packet (received %08lx, expected %08lx). "
1219 "possible replay attack, or just packet duplication, ignoring."), seqno, iseqno.seq + 1); 1218 "possible replay attack, or just packet duplication, ignoring."), seqno, iseqno.seq + 1);
1220 else if (seqclass == 2) // reset 1219 else if (seqclass == 3) // reset
1221 { 1220 {
1222 slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n" 1221 slog (L_ERR, _("received out-of-sync (far future) packet (received %08lx, expected %08lx). "
1223 "possible replay attack, or just massive packet loss, resetting connection."), seqno, iseqno.seq + 1); 1222 "probably just massive packet loss, sending reset."), seqno, iseqno.seq + 1);
1224 send_reset (rsi); 1223 send_reset (rsi);
1225 } 1224 }
1226 1225
1227 delete d; 1226 delete d;
1228 break; 1227 break;
1233 break; 1232 break;
1234 1233
1235 case vpn_packet::PT_CONNECT_REQ: 1234 case vpn_packet::PT_CONNECT_REQ:
1236 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) 1235 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1237 { 1236 {
1238 connect_req_packet *p = (connect_req_packet *) pkt; 1237 connect_req_packet *p = (connect_req_packet *)pkt;
1239 1238
1240 if (p->id > 0 && p->id <= vpn->conns.size ()) 1239 if (p->id > 0 && p->id <= vpn->conns.size ())
1241 { 1240 {
1242 connection *c = vpn->conns[p->id - 1]; 1241 connection *c = vpn->conns[p->id - 1];
1243 conf->protocols = p->protocols; 1242 conf->protocols = p->protocols;
1244 1243
1245 slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]", 1244 slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s,p%02x) [%d]",
1245 conf->nodename, vpn->conns[p->id - 1]->conf->nodename,
1246 p->protocols,
1246 conf->id, p->id, c->ictx && c->octx); 1247 c->ictx && c->octx);
1247 1248
1248 if (c->ictx && c->octx) 1249 if (c->ictx && c->octx)
1249 { 1250 {
1250 // send connect_info packets to both sides, in case one is 1251 // send connect_info packets to both sides, in case one is
1251 // behind a nat firewall (or both ;) 1252 // behind a nat firewall (or both ;)
1274 1275
1275 c->conf->protocols = p->protocols; 1276 c->conf->protocols = p->protocols;
1276 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); 1277 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1277 p->si.upgrade_protocol (protocol, c->conf); 1278 p->si.upgrade_protocol (protocol, c->conf);
1278 1279
1279 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", 1280 slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s,protocols=%02x,protocol=%02x,upgradable=%02x) [%d]",
1280 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); 1281 conf->nodename,
1282 vpn->conns[p->id - 1]->conf->nodename,
1283 (const char *)p->si,
1284 p->protocols,
1285 protocol,
1286 p->si.supported_protocols (c->conf),
1287 !c->ictx && !c->octx);
1281 1288
1282 const sockinfo &dsi = forward_si (p->si); 1289 const sockinfo &dsi = forward_si (p->si);
1283 1290
1284 if (dsi.valid ()) 1291 if (dsi.valid ())
1285 c->send_auth_request (dsi, true); 1292 c->send_auth_request (dsi, true);
1293 else
1294 slog (L_INFO, "connect info for %s received (%s), but still unable to contact.",
1295 vpn->conns[p->id - 1]->conf->nodename,
1296 (const char *)p->si);
1286 } 1297 }
1287 else 1298 else
1288 slog (L_WARN, 1299 slog (L_WARN,
1289 _("received authenticated connection request from unknown node #%d, config file mismatch?"), 1300 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1290 p->id); 1301 p->id);
1299} 1310}
1300 1311
1301inline void 1312inline void
1302connection::keepalive_cb (ev::timer &w, int revents) 1313connection::keepalive_cb (ev::timer &w, int revents)
1303{ 1314{
1304 if (ev_now () >= last_activity + ::conf.keepalive + 30) 1315 ev_tstamp when = last_activity + ::conf.keepalive - ev::now ();
1316
1317 if (when >= 0)
1318 w.start (when);
1319 else if (when < -15)
1305 { 1320 {
1306 reset_connection (); 1321 reset_connection ();
1307 establish_connection (); 1322 establish_connection ();
1308 } 1323 }
1309 else if (ev_now () < last_activity + ::conf.keepalive)
1310 w.start (last_activity + ::conf.keepalive - ev::now ());
1311 else if (conf->connectmode != conf_node::C_ONDEMAND 1324 else if (conf->connectmode != conf_node::C_ONDEMAND
1312 || THISNODE->connectmode != conf_node::C_ONDEMAND) 1325 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1313 { 1326 {
1327 w.start (3);
1314 send_ping (si); 1328 send_ping (si);
1315 w.start (5);
1316 } 1329 }
1317 else if (ev_now () < last_activity + ::conf.keepalive + 10) 1330 else if (when >= -10)
1318 // hold ondemand connections implicitly a few seconds longer 1331 // hold ondemand connections implicitly a few seconds longer
1319 // should delete octx, though, or something like that ;) 1332 // should delete octx, though, or something like that ;)
1320 w.start (last_activity + ::conf.keepalive + 10 - ev::now ()); 1333 w.start (when + 10);
1321 else 1334 else
1322 reset_connection (); 1335 reset_connection ();
1323} 1336}
1324 1337
1338void
1325void connection::send_connect_request (int id) 1339connection::send_connect_request (int id)
1326{ 1340{
1327 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); 1341 connect_req_packet *p = new connect_req_packet (conf->id, id, THISNODE->protocols);
1328 1342
1329 slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id); 1343 slog (L_TRACE, "%s << PT_CONNECT_REQ(%s,p%02x)",
1344 conf->nodename, vpn->conns[id - 1]->conf->nodename,
1345 THISNODE->protocols);
1330 p->hmac_set (octx); 1346 p->hmac_set (octx);
1331 send_vpn_packet (p, si); 1347 send_vpn_packet (p, si);
1332 1348
1333 delete p; 1349 delete p;
1334} 1350}
1335 1351
1352void
1336void connection::script_init_env (const char *ext) 1353connection::script_init_env (const char *ext)
1337{ 1354{
1338 char *env; 1355 char *env;
1339 asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env); 1356 asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env);
1340 asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env); 1357 asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env);
1341 asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext, 1358 asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext,
1342 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8, 1359 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8,
1343 conf->id & 0xff); putenv (env); 1360 conf->id & 0xff); putenv (env);
1344} 1361}
1345 1362
1363void
1346void connection::script_init_connect_env () 1364connection::script_init_connect_env ()
1347{ 1365{
1348 vpn->script_init_env (); 1366 vpn->script_init_env ();
1349 1367
1350 char *env; 1368 char *env;
1351 asprintf (&env, "DESTID=%d", conf->id); putenv (env); 1369 asprintf (&env, "DESTID=%d", conf->id); putenv (env);
1370 asprintf (&env, "DESTSI=%s", (const char *)si); putenv (env);
1352 asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env); 1371 asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env);
1353 asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env); 1372 asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env);
1354 asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env); 1373 asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env);
1355} 1374}
1356 1375
1357inline const char * 1376inline const char *
1358connection::script_node_up () 1377connection::script_node_up ()
1359{ 1378{
1364 char *filename; 1383 char *filename;
1365 asprintf (&filename, 1384 asprintf (&filename,
1366 "%s/%s", 1385 "%s/%s",
1367 confbase, 1386 confbase,
1368 ::conf.script_node_up ? ::conf.script_node_up : "node-up"); 1387 ::conf.script_node_up ? ::conf.script_node_up : "node-up");
1388
1389 return filename;
1390}
1391
1392inline const char *
1393connection::script_node_change ()
1394{
1395 script_init_connect_env ();
1396
1397 putenv ((char *)"STATE=change");
1398
1399 char *filename;
1400 asprintf (&filename,
1401 "%s/%s",
1402 confbase,
1403 ::conf.script_node_change ? ::conf.script_node_change : "node-change");
1369 1404
1370 return filename; 1405 return filename;
1371} 1406}
1372 1407
1373inline const char * 1408inline const char *
1399 establish_connection.set<connection, &connection::establish_connection_cb> (this); 1434 establish_connection.set<connection, &connection::establish_connection_cb> (this);
1400 1435
1401 last_establish_attempt = 0.; 1436 last_establish_attempt = 0.;
1402 octx = ictx = 0; 1437 octx = ictx = 0;
1403 1438
1404 if (!conf->protocols) // make sure some protocol is enabled
1405 conf->protocols = PROT_UDPv4;
1406
1407 connectmode = conf->connectmode; 1439 connectmode = conf->connectmode;
1408 1440
1409 // queue a dummy packet to force an initial connection attempt 1441 // queue a dummy packet to force an initial connection attempt
1410 if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED) 1442 if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED)
1411 vpn_queue.put (new net_packet); 1443 vpn_queue.put (new net_packet);
1416connection::~connection () 1448connection::~connection ()
1417{ 1449{
1418 shutdown (); 1450 shutdown ();
1419} 1451}
1420 1452
1453void
1421void connection_init () 1454connection_init ()
1422{ 1455{
1423 auth_rate_limiter.clear (); 1456 auth_rate_limiter.clear ();
1424 reset_rate_limiter.clear (); 1457 reset_rate_limiter.clear ();
1425} 1458}
1426 1459

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines