… | |
… | |
790 | |
790 | |
791 | rsachallenge chg; |
791 | rsachallenge chg; |
792 | rsa_cache.gen (pkt->id, chg); |
792 | rsa_cache.gen (pkt->id, chg); |
793 | rsa_encrypt (conf->rsa_key, chg, pkt->encr); |
793 | rsa_encrypt (conf->rsa_key, chg, pkt->encr); |
794 | |
794 | |
795 | slog (L_TRACE, "%s >> PT_AUTH_REQ [%s]", conf->nodename, (const char *)si); |
795 | slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si); |
796 | |
796 | |
797 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly |
797 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly |
798 | |
798 | |
799 | delete pkt; |
799 | delete pkt; |
800 | } |
800 | } |
… | |
… | |
1051 | case vpn_packet::PT_AUTH_REQ: |
1051 | case vpn_packet::PT_AUTH_REQ: |
1052 | if (auth_rate_limiter.can (rsi)) |
1052 | if (auth_rate_limiter.can (rsi)) |
1053 | { |
1053 | { |
1054 | auth_req_packet *p = (auth_req_packet *) pkt; |
1054 | auth_req_packet *p = (auth_req_packet *) pkt; |
1055 | |
1055 | |
1056 | slog (L_TRACE, "%s << PT_AUTH_REQ(%s)", conf->nodename, p->initiate ? "initiate" : "reply"); |
1056 | slog (L_TRACE, "%s >> PT_AUTH_REQ(%s)", conf->nodename, p->initiate ? "initiate" : "reply"); |
1057 | |
1057 | |
1058 | if (p->chk_config () && !strncmp (p->magic, MAGIC, 8)) |
1058 | if (p->chk_config () && !strncmp (p->magic, MAGIC, 8)) |
1059 | { |
1059 | { |
1060 | if (p->prot_minor != PROTOCOL_MINOR) |
1060 | if (p->prot_minor != PROTOCOL_MINOR) |
1061 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
1061 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
… | |
… | |
1101 | |
1101 | |
1102 | case vpn_packet::PT_AUTH_RES: |
1102 | case vpn_packet::PT_AUTH_RES: |
1103 | { |
1103 | { |
1104 | auth_res_packet *p = (auth_res_packet *)pkt; |
1104 | auth_res_packet *p = (auth_res_packet *)pkt; |
1105 | |
1105 | |
1106 | slog (L_TRACE, "%s << PT_AUTH_RES", conf->nodename); |
1106 | slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename); |
1107 | |
1107 | |
1108 | if (p->chk_config ()) |
1108 | if (p->chk_config ()) |
1109 | { |
1109 | { |
1110 | if (p->prot_minor != PROTOCOL_MINOR) |
1110 | if (p->prot_minor != PROTOCOL_MINOR) |
1111 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
1111 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
… | |
… | |
1148 | si = rsi; |
1148 | si = rsi; |
1149 | protocol = rsi.prot; |
1149 | protocol = rsi.prot; |
1150 | |
1150 | |
1151 | slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."), |
1151 | slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."), |
1152 | conf->nodename, (const char *)rsi, |
1152 | conf->nodename, (const char *)rsi, |
1153 | is_direct ? "direct" : "routed", |
1153 | is_direct ? "direct" : "forwarded", |
1154 | p->prot_major, p->prot_minor); |
1154 | p->prot_major, p->prot_minor); |
1155 | |
1155 | |
1156 | connection_established (); |
1156 | connection_established (); |
1157 | |
1157 | |
1158 | if (::conf.script_node_up) |
1158 | if (::conf.script_node_up) |
… | |
… | |
1210 | // { |
1210 | // { |
1211 | slog (L_INFO, _("%s(%s): changing socket address to %s."), |
1211 | slog (L_INFO, _("%s(%s): changing socket address to %s."), |
1212 | conf->nodename, (const char *)si, (const char *)rsi); |
1212 | conf->nodename, (const char *)si, (const char *)rsi); |
1213 | |
1213 | |
1214 | si = rsi; |
1214 | si = rsi; |
|
|
1215 | |
|
|
1216 | if (::conf.script_node_change) |
|
|
1217 | { |
|
|
1218 | run_script_cb *cb = new run_script_cb; |
|
|
1219 | cb->set<connection, &connection::script_node_change> (this); |
|
|
1220 | run_script_queued (cb, _("node-change command execution failed, continuing.")); |
|
|
1221 | } |
|
|
1222 | |
1215 | // } |
1223 | // } |
1216 | //else |
1224 | //else |
1217 | // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."), |
1225 | // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."), |
1218 | // conf->nodename, (const char *)si, (const char *)rsi); |
1226 | // conf->nodename, (const char *)si, (const char *)rsi); |
1219 | } |
1227 | } |
… | |
… | |
1240 | break; |
1248 | break; |
1241 | |
1249 | |
1242 | case vpn_packet::PT_CONNECT_REQ: |
1250 | case vpn_packet::PT_CONNECT_REQ: |
1243 | if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) |
1251 | if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) |
1244 | { |
1252 | { |
1245 | connect_req_packet *p = (connect_req_packet *) pkt; |
1253 | connect_req_packet *p = (connect_req_packet *)pkt; |
1246 | |
1254 | |
1247 | if (p->id > 0 && p->id <= vpn->conns.size ()) |
1255 | if (p->id > 0 && p->id <= vpn->conns.size ()) |
1248 | { |
1256 | { |
1249 | connection *c = vpn->conns[p->id - 1]; |
1257 | connection *c = vpn->conns[p->id - 1]; |
1250 | conf->protocols = p->protocols; |
1258 | conf->protocols = p->protocols; |
1251 | |
1259 | |
1252 | slog (L_TRACE, "%s << PT_CONNECT_REQ(%s) [%d]", |
1260 | slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s) [%d]", |
1253 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, c->ictx && c->octx); |
1261 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, c->ictx && c->octx); |
1254 | |
1262 | |
1255 | if (c->ictx && c->octx) |
1263 | if (c->ictx && c->octx) |
1256 | { |
1264 | { |
1257 | // send connect_info packets to both sides, in case one is |
1265 | // send connect_info packets to both sides, in case one is |
… | |
… | |
1281 | |
1289 | |
1282 | c->conf->protocols = p->protocols; |
1290 | c->conf->protocols = p->protocols; |
1283 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1291 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1284 | p->si.upgrade_protocol (protocol, c->conf); |
1292 | p->si.upgrade_protocol (protocol, c->conf); |
1285 | |
1293 | |
1286 | slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s) [%d]", |
1294 | slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s) [%d]", |
1287 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, |
1295 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, |
1288 | (const char *)p->si, !c->ictx && !c->octx); |
1296 | (const char *)p->si, !c->ictx && !c->octx); |
1289 | |
1297 | |
1290 | const sockinfo &dsi = forward_si (p->si); |
1298 | const sockinfo &dsi = forward_si (p->si); |
1291 | |
1299 | |
… | |
… | |
1307 | } |
1315 | } |
1308 | |
1316 | |
1309 | inline void |
1317 | inline void |
1310 | connection::keepalive_cb (ev::timer &w, int revents) |
1318 | connection::keepalive_cb (ev::timer &w, int revents) |
1311 | { |
1319 | { |
1312 | if (ev_now () >= last_activity + ::conf.keepalive + 30) |
1320 | if (ev_now () >= last_activity + ::conf.keepalive + 15) |
1313 | { |
1321 | { |
1314 | reset_connection (); |
1322 | reset_connection (); |
1315 | establish_connection (); |
1323 | establish_connection (); |
1316 | } |
1324 | } |
1317 | else if (ev_now () < last_activity + ::conf.keepalive) |
1325 | else if (ev_now () < last_activity + ::conf.keepalive) |
1318 | w.start (last_activity + ::conf.keepalive - ev::now ()); |
1326 | w.start (last_activity + ::conf.keepalive - ev::now ()); |
1319 | else if (conf->connectmode != conf_node::C_ONDEMAND |
1327 | else if (conf->connectmode != conf_node::C_ONDEMAND |
1320 | || THISNODE->connectmode != conf_node::C_ONDEMAND) |
1328 | || THISNODE->connectmode != conf_node::C_ONDEMAND) |
1321 | { |
1329 | { |
1322 | send_ping (si); |
1330 | send_ping (si); |
1323 | w.start (5); |
1331 | w.start (3); |
1324 | } |
1332 | } |
1325 | else if (ev_now () < last_activity + ::conf.keepalive + 10) |
1333 | else if (ev_now () < last_activity + ::conf.keepalive + 10) |
1326 | // hold ondemand connections implicitly a few seconds longer |
1334 | // hold ondemand connections implicitly a few seconds longer |
1327 | // should delete octx, though, or something like that ;) |
1335 | // should delete octx, though, or something like that ;) |
1328 | w.start (last_activity + ::conf.keepalive + 10 - ev::now ()); |
1336 | w.start (last_activity + ::conf.keepalive + 10 - ev::now ()); |
… | |
… | |
1332 | |
1340 | |
1333 | void connection::send_connect_request (int id) |
1341 | void connection::send_connect_request (int id) |
1334 | { |
1342 | { |
1335 | connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); |
1343 | connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); |
1336 | |
1344 | |
1337 | slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s)", |
1345 | slog (L_TRACE, "%s << PT_CONNECT_REQ(%s)", |
1338 | conf->nodename, vpn->conns[id - 1]->conf->nodename); |
1346 | conf->nodename, vpn->conns[id - 1]->conf->nodename); |
1339 | p->hmac_set (octx); |
1347 | p->hmac_set (octx); |
1340 | send_vpn_packet (p, si); |
1348 | send_vpn_packet (p, si); |
1341 | |
1349 | |
1342 | delete p; |
1350 | delete p; |
… | |
… | |
1344 | |
1352 | |
1345 | void connection::script_init_env (const char *ext) |
1353 | void connection::script_init_env (const char *ext) |
1346 | { |
1354 | { |
1347 | char *env; |
1355 | char *env; |
1348 | asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env); |
1356 | asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env); |
1349 | asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env); |
1357 | asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env); |
1350 | asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext, |
1358 | asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext, |
1351 | 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8, |
1359 | 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8, |
1352 | conf->id & 0xff); putenv (env); |
1360 | conf->id & 0xff); putenv (env); |
1353 | } |
1361 | } |
1354 | |
1362 | |
1355 | void connection::script_init_connect_env () |
1363 | void connection::script_init_connect_env () |
1356 | { |
1364 | { |
1357 | vpn->script_init_env (); |
1365 | vpn->script_init_env (); |
1358 | |
1366 | |
1359 | char *env; |
1367 | char *env; |
1360 | asprintf (&env, "DESTID=%d", conf->id); putenv (env); |
1368 | asprintf (&env, "DESTID=%d", conf->id); putenv (env); |
|
|
1369 | asprintf (&env, "DESTSI=%s", (const char *)si); putenv (env); |
1361 | asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env); |
1370 | asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env); |
1362 | asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env); |
1371 | asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env); |
1363 | asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env); |
1372 | asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env); |
1364 | } |
1373 | } |
1365 | |
1374 | |
1366 | inline const char * |
1375 | inline const char * |
1367 | connection::script_node_up () |
1376 | connection::script_node_up () |
1368 | { |
1377 | { |
… | |
… | |
1373 | char *filename; |
1382 | char *filename; |
1374 | asprintf (&filename, |
1383 | asprintf (&filename, |
1375 | "%s/%s", |
1384 | "%s/%s", |
1376 | confbase, |
1385 | confbase, |
1377 | ::conf.script_node_up ? ::conf.script_node_up : "node-up"); |
1386 | ::conf.script_node_up ? ::conf.script_node_up : "node-up"); |
|
|
1387 | |
|
|
1388 | return filename; |
|
|
1389 | } |
|
|
1390 | |
|
|
1391 | inline const char * |
|
|
1392 | connection::script_node_change () |
|
|
1393 | { |
|
|
1394 | script_init_connect_env (); |
|
|
1395 | |
|
|
1396 | putenv ((char *)"STATE=change"); |
|
|
1397 | |
|
|
1398 | char *filename; |
|
|
1399 | asprintf (&filename, |
|
|
1400 | "%s/%s", |
|
|
1401 | confbase, |
|
|
1402 | ::conf.script_node_change ? ::conf.script_node_change : "node-change"); |
1378 | |
1403 | |
1379 | return filename; |
1404 | return filename; |
1380 | } |
1405 | } |
1381 | |
1406 | |
1382 | inline const char * |
1407 | inline const char * |