| … | |
… | |
| 790 | |
790 | |
| 791 | rsachallenge chg; |
791 | rsachallenge chg; |
| 792 | rsa_cache.gen (pkt->id, chg); |
792 | rsa_cache.gen (pkt->id, chg); |
| 793 | rsa_encrypt (conf->rsa_key, chg, pkt->encr); |
793 | rsa_encrypt (conf->rsa_key, chg, pkt->encr); |
| 794 | |
794 | |
| 795 | slog (L_TRACE, "%s >> PT_AUTH_REQ [%s]", conf->nodename, (const char *)si); |
795 | slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si); |
| 796 | |
796 | |
| 797 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly |
797 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly |
| 798 | |
798 | |
| 799 | delete pkt; |
799 | delete pkt; |
| 800 | } |
800 | } |
| … | |
… | |
| 1051 | case vpn_packet::PT_AUTH_REQ: |
1051 | case vpn_packet::PT_AUTH_REQ: |
| 1052 | if (auth_rate_limiter.can (rsi)) |
1052 | if (auth_rate_limiter.can (rsi)) |
| 1053 | { |
1053 | { |
| 1054 | auth_req_packet *p = (auth_req_packet *) pkt; |
1054 | auth_req_packet *p = (auth_req_packet *) pkt; |
| 1055 | |
1055 | |
| 1056 | slog (L_TRACE, "%s << PT_AUTH_REQ(%s)", conf->nodename, p->initiate ? "initiate" : "reply"); |
1056 | slog (L_TRACE, "%s >> PT_AUTH_REQ(%s)", conf->nodename, p->initiate ? "initiate" : "reply"); |
| 1057 | |
1057 | |
| 1058 | if (p->chk_config () && !strncmp (p->magic, MAGIC, 8)) |
1058 | if (p->chk_config () && !strncmp (p->magic, MAGIC, 8)) |
| 1059 | { |
1059 | { |
| 1060 | if (p->prot_minor != PROTOCOL_MINOR) |
1060 | if (p->prot_minor != PROTOCOL_MINOR) |
| 1061 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
1061 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
| … | |
… | |
| 1101 | |
1101 | |
| 1102 | case vpn_packet::PT_AUTH_RES: |
1102 | case vpn_packet::PT_AUTH_RES: |
| 1103 | { |
1103 | { |
| 1104 | auth_res_packet *p = (auth_res_packet *)pkt; |
1104 | auth_res_packet *p = (auth_res_packet *)pkt; |
| 1105 | |
1105 | |
| 1106 | slog (L_TRACE, "%s << PT_AUTH_RES", conf->nodename); |
1106 | slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename); |
| 1107 | |
1107 | |
| 1108 | if (p->chk_config ()) |
1108 | if (p->chk_config ()) |
| 1109 | { |
1109 | { |
| 1110 | if (p->prot_minor != PROTOCOL_MINOR) |
1110 | if (p->prot_minor != PROTOCOL_MINOR) |
| 1111 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
1111 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
| … | |
… | |
| 1148 | si = rsi; |
1148 | si = rsi; |
| 1149 | protocol = rsi.prot; |
1149 | protocol = rsi.prot; |
| 1150 | |
1150 | |
| 1151 | slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."), |
1151 | slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."), |
| 1152 | conf->nodename, (const char *)rsi, |
1152 | conf->nodename, (const char *)rsi, |
| 1153 | is_direct ? "direct" : "routed", |
1153 | is_direct ? "direct" : "forwarded", |
| 1154 | p->prot_major, p->prot_minor); |
1154 | p->prot_major, p->prot_minor); |
| 1155 | |
1155 | |
| 1156 | connection_established (); |
1156 | connection_established (); |
| 1157 | |
1157 | |
| 1158 | if (::conf.script_node_up) |
1158 | if (::conf.script_node_up) |
| … | |
… | |
| 1210 | // { |
1210 | // { |
| 1211 | slog (L_INFO, _("%s(%s): changing socket address to %s."), |
1211 | slog (L_INFO, _("%s(%s): changing socket address to %s."), |
| 1212 | conf->nodename, (const char *)si, (const char *)rsi); |
1212 | conf->nodename, (const char *)si, (const char *)rsi); |
| 1213 | |
1213 | |
| 1214 | si = rsi; |
1214 | si = rsi; |
|
|
1215 | |
|
|
1216 | if (::conf.script_node_change) |
|
|
1217 | { |
|
|
1218 | run_script_cb *cb = new run_script_cb; |
|
|
1219 | cb->set<connection, &connection::script_node_change> (this); |
|
|
1220 | run_script_queued (cb, _("node-change command execution failed, continuing.")); |
|
|
1221 | } |
|
|
1222 | |
| 1215 | // } |
1223 | // } |
| 1216 | //else |
1224 | //else |
| 1217 | // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."), |
1225 | // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."), |
| 1218 | // conf->nodename, (const char *)si, (const char *)rsi); |
1226 | // conf->nodename, (const char *)si, (const char *)rsi); |
| 1219 | } |
1227 | } |
| … | |
… | |
| 1240 | break; |
1248 | break; |
| 1241 | |
1249 | |
| 1242 | case vpn_packet::PT_CONNECT_REQ: |
1250 | case vpn_packet::PT_CONNECT_REQ: |
| 1243 | if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) |
1251 | if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) |
| 1244 | { |
1252 | { |
| 1245 | connect_req_packet *p = (connect_req_packet *) pkt; |
1253 | connect_req_packet *p = (connect_req_packet *)pkt; |
| 1246 | |
1254 | |
| 1247 | if (p->id > 0 && p->id <= vpn->conns.size ()) |
1255 | if (p->id > 0 && p->id <= vpn->conns.size ()) |
| 1248 | { |
1256 | { |
| 1249 | connection *c = vpn->conns[p->id - 1]; |
1257 | connection *c = vpn->conns[p->id - 1]; |
| 1250 | conf->protocols = p->protocols; |
1258 | conf->protocols = p->protocols; |
| 1251 | |
1259 | |
| 1252 | slog (L_TRACE, "%s << PT_CONNECT_REQ(%s) [%d]", |
1260 | slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s) [%d]", |
| 1253 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, c->ictx && c->octx); |
1261 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, c->ictx && c->octx); |
| 1254 | |
1262 | |
| 1255 | if (c->ictx && c->octx) |
1263 | if (c->ictx && c->octx) |
| 1256 | { |
1264 | { |
| 1257 | // send connect_info packets to both sides, in case one is |
1265 | // send connect_info packets to both sides, in case one is |
| … | |
… | |
| 1281 | |
1289 | |
| 1282 | c->conf->protocols = p->protocols; |
1290 | c->conf->protocols = p->protocols; |
| 1283 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1291 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
| 1284 | p->si.upgrade_protocol (protocol, c->conf); |
1292 | p->si.upgrade_protocol (protocol, c->conf); |
| 1285 | |
1293 | |
| 1286 | slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s) [%d]", |
1294 | slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s) [%d]", |
| 1287 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, |
1295 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, |
| 1288 | (const char *)p->si, !c->ictx && !c->octx); |
1296 | (const char *)p->si, !c->ictx && !c->octx); |
| 1289 | |
1297 | |
| 1290 | const sockinfo &dsi = forward_si (p->si); |
1298 | const sockinfo &dsi = forward_si (p->si); |
| 1291 | |
1299 | |
| … | |
… | |
| 1307 | } |
1315 | } |
| 1308 | |
1316 | |
| 1309 | inline void |
1317 | inline void |
| 1310 | connection::keepalive_cb (ev::timer &w, int revents) |
1318 | connection::keepalive_cb (ev::timer &w, int revents) |
| 1311 | { |
1319 | { |
| 1312 | if (ev_now () >= last_activity + ::conf.keepalive + 30) |
1320 | if (ev_now () >= last_activity + ::conf.keepalive + 15) |
| 1313 | { |
1321 | { |
| 1314 | reset_connection (); |
1322 | reset_connection (); |
| 1315 | establish_connection (); |
1323 | establish_connection (); |
| 1316 | } |
1324 | } |
| 1317 | else if (ev_now () < last_activity + ::conf.keepalive) |
1325 | else if (ev_now () < last_activity + ::conf.keepalive) |
| 1318 | w.start (last_activity + ::conf.keepalive - ev::now ()); |
1326 | w.start (last_activity + ::conf.keepalive - ev::now ()); |
| 1319 | else if (conf->connectmode != conf_node::C_ONDEMAND |
1327 | else if (conf->connectmode != conf_node::C_ONDEMAND |
| 1320 | || THISNODE->connectmode != conf_node::C_ONDEMAND) |
1328 | || THISNODE->connectmode != conf_node::C_ONDEMAND) |
| 1321 | { |
1329 | { |
| 1322 | send_ping (si); |
1330 | send_ping (si); |
| 1323 | w.start (5); |
1331 | w.start (3); |
| 1324 | } |
1332 | } |
| 1325 | else if (ev_now () < last_activity + ::conf.keepalive + 10) |
1333 | else if (ev_now () < last_activity + ::conf.keepalive + 10) |
| 1326 | // hold ondemand connections implicitly a few seconds longer |
1334 | // hold ondemand connections implicitly a few seconds longer |
| 1327 | // should delete octx, though, or something like that ;) |
1335 | // should delete octx, though, or something like that ;) |
| 1328 | w.start (last_activity + ::conf.keepalive + 10 - ev::now ()); |
1336 | w.start (last_activity + ::conf.keepalive + 10 - ev::now ()); |
| … | |
… | |
| 1332 | |
1340 | |
| 1333 | void connection::send_connect_request (int id) |
1341 | void connection::send_connect_request (int id) |
| 1334 | { |
1342 | { |
| 1335 | connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); |
1343 | connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); |
| 1336 | |
1344 | |
| 1337 | slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s)", |
1345 | slog (L_TRACE, "%s << PT_CONNECT_REQ(%s)", |
| 1338 | conf->nodename, vpn->conns[id - 1]->conf->nodename); |
1346 | conf->nodename, vpn->conns[id - 1]->conf->nodename); |
| 1339 | p->hmac_set (octx); |
1347 | p->hmac_set (octx); |
| 1340 | send_vpn_packet (p, si); |
1348 | send_vpn_packet (p, si); |
| 1341 | |
1349 | |
| 1342 | delete p; |
1350 | delete p; |
| … | |
… | |
| 1344 | |
1352 | |
| 1345 | void connection::script_init_env (const char *ext) |
1353 | void connection::script_init_env (const char *ext) |
| 1346 | { |
1354 | { |
| 1347 | char *env; |
1355 | char *env; |
| 1348 | asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env); |
1356 | asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env); |
| 1349 | asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env); |
1357 | asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env); |
| 1350 | asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext, |
1358 | asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext, |
| 1351 | 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8, |
1359 | 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8, |
| 1352 | conf->id & 0xff); putenv (env); |
1360 | conf->id & 0xff); putenv (env); |
| 1353 | } |
1361 | } |
| 1354 | |
1362 | |
| 1355 | void connection::script_init_connect_env () |
1363 | void connection::script_init_connect_env () |
| 1356 | { |
1364 | { |
| 1357 | vpn->script_init_env (); |
1365 | vpn->script_init_env (); |
| 1358 | |
1366 | |
| 1359 | char *env; |
1367 | char *env; |
| 1360 | asprintf (&env, "DESTID=%d", conf->id); putenv (env); |
1368 | asprintf (&env, "DESTID=%d", conf->id); putenv (env); |
|
|
1369 | asprintf (&env, "DESTSI=%s", (const char *)si); putenv (env); |
| 1361 | asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env); |
1370 | asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env); |
| 1362 | asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env); |
1371 | asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env); |
| 1363 | asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env); |
1372 | asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env); |
| 1364 | } |
1373 | } |
| 1365 | |
1374 | |
| 1366 | inline const char * |
1375 | inline const char * |
| 1367 | connection::script_node_up () |
1376 | connection::script_node_up () |
| 1368 | { |
1377 | { |
| … | |
… | |
| 1373 | char *filename; |
1382 | char *filename; |
| 1374 | asprintf (&filename, |
1383 | asprintf (&filename, |
| 1375 | "%s/%s", |
1384 | "%s/%s", |
| 1376 | confbase, |
1385 | confbase, |
| 1377 | ::conf.script_node_up ? ::conf.script_node_up : "node-up"); |
1386 | ::conf.script_node_up ? ::conf.script_node_up : "node-up"); |
|
|
1387 | |
|
|
1388 | return filename; |
|
|
1389 | } |
|
|
1390 | |
|
|
1391 | inline const char * |
|
|
1392 | connection::script_node_change () |
|
|
1393 | { |
|
|
1394 | script_init_connect_env (); |
|
|
1395 | |
|
|
1396 | putenv ((char *)"STATE=change"); |
|
|
1397 | |
|
|
1398 | char *filename; |
|
|
1399 | asprintf (&filename, |
|
|
1400 | "%s/%s", |
|
|
1401 | confbase, |
|
|
1402 | ::conf.script_node_change ? ::conf.script_node_change : "node-change"); |
| 1378 | |
1403 | |
| 1379 | return filename; |
1404 | return filename; |
| 1380 | } |
1405 | } |
| 1381 | |
1406 | |
| 1382 | inline const char * |
1407 | inline const char * |
