1 | /* |
1 | /* |
2 | connection.C -- manage a single connection |
2 | connection.C -- manage a single connection |
3 | Copyright (C) 2003-2008,2010 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008,2010,2011 Marc Lehmann <gvpe@schmorp.de> |
4 | |
4 | |
5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
6 | |
6 | |
7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
… | |
… | |
132 | rsa_hash (const rsaid &id, const rsachallenge &chg, rsaresponse &h) |
132 | rsa_hash (const rsaid &id, const rsachallenge &chg, rsaresponse &h) |
133 | { |
133 | { |
134 | EVP_MD_CTX ctx; |
134 | EVP_MD_CTX ctx; |
135 | |
135 | |
136 | EVP_MD_CTX_init (&ctx); |
136 | EVP_MD_CTX_init (&ctx); |
137 | require (EVP_DigestInit (&ctx, RSA_HASH)); |
137 | require (EVP_DigestInit (&ctx, RSA_HASH)); |
138 | require (EVP_DigestUpdate(&ctx, &chg, sizeof chg)); |
138 | require (EVP_DigestUpdate (&ctx, &chg, sizeof chg)); |
139 | require (EVP_DigestUpdate(&ctx, &id, sizeof id)); |
139 | require (EVP_DigestUpdate (&ctx, &id, sizeof id)); |
140 | require (EVP_DigestFinal (&ctx, (unsigned char *)&h, 0)); |
140 | require (EVP_DigestFinal (&ctx, (unsigned char *)&h, 0)); |
141 | EVP_MD_CTX_cleanup (&ctx); |
141 | EVP_MD_CTX_cleanup (&ctx); |
142 | } |
142 | } |
143 | |
143 | |
144 | struct rsa_entry |
144 | struct rsa_entry |
145 | { |
145 | { |
… | |
… | |
831 | } |
831 | } |
832 | |
832 | |
833 | void |
833 | void |
834 | connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols) |
834 | connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols) |
835 | { |
835 | { |
836 | slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s)", conf->nodename, |
836 | slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s,p%02x)", conf->nodename, |
837 | vpn->conns[rid - 1]->conf->nodename, (const char *)rsi); |
837 | vpn->conns[rid - 1]->conf->nodename, (const char *)rsi, |
|
|
838 | conf->protocols); |
838 | |
839 | |
839 | connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols); |
840 | connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols); |
840 | |
841 | |
841 | r->hmac_set (octx); |
842 | r->hmac_set (octx); |
842 | send_vpn_packet (r, si); |
843 | send_vpn_packet (r, si); |
… | |
… | |
845 | } |
846 | } |
846 | |
847 | |
847 | inline void |
848 | inline void |
848 | connection::establish_connection_cb (ev::timer &w, int revents) |
849 | connection::establish_connection_cb (ev::timer &w, int revents) |
849 | { |
850 | { |
850 | if (!ictx |
851 | if (!(ictx && octx) |
851 | && conf != THISNODE |
852 | && conf != THISNODE |
852 | && connectmode != conf_node::C_NEVER |
853 | && connectmode != conf_node::C_NEVER |
853 | && connectmode != conf_node::C_DISABLED |
854 | && connectmode != conf_node::C_DISABLED |
854 | && !w.is_active ()) |
855 | && !w.is_active ()) |
855 | { |
856 | { |
… | |
… | |
923 | } |
924 | } |
924 | } |
925 | } |
925 | |
926 | |
926 | delete ictx; ictx = 0; |
927 | delete ictx; ictx = 0; |
927 | delete octx; octx = 0; |
928 | delete octx; octx = 0; |
928 | #if ENABLE_DNS |
|
|
929 | dnsv4_reset_connection (); |
|
|
930 | #endif |
|
|
931 | |
929 | |
932 | si.host = 0; |
930 | si.host = 0; |
933 | |
931 | |
934 | last_activity = 0.; |
932 | last_activity = 0.; |
935 | //last_si_change = 0.; |
933 | //last_si_change = 0.; |
… | |
… | |
1013 | void |
1011 | void |
1014 | connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
1012 | connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
1015 | { |
1013 | { |
1016 | last_activity = ev_now (); |
1014 | last_activity = ev_now (); |
1017 | |
1015 | |
1018 | slog (L_NOISE, "%s >> received packet type %d from %d to %d.", |
1016 | slog (L_NOISE, "%s >> received packet type %d from %d to %d.", |
1019 | conf->nodename, pkt->typ (), pkt->src (), pkt->dst ()); |
1017 | conf->nodename, pkt->typ (), pkt->src (), pkt->dst ()); |
1020 | |
1018 | |
1021 | if (connectmode == conf_node::C_DISABLED) |
1019 | if (connectmode == conf_node::C_DISABLED) |
1022 | return; |
1020 | return; |
1023 | |
1021 | |
… | |
… | |
1067 | break; |
1065 | break; |
1068 | |
1066 | |
1069 | case vpn_packet::PT_AUTH_REQ: |
1067 | case vpn_packet::PT_AUTH_REQ: |
1070 | if (auth_rate_limiter.can (rsi)) |
1068 | if (auth_rate_limiter.can (rsi)) |
1071 | { |
1069 | { |
1072 | auth_req_packet *p = (auth_req_packet *) pkt; |
1070 | auth_req_packet *p = (auth_req_packet *)pkt; |
1073 | |
1071 | |
1074 | slog (L_TRACE, "%s >> PT_AUTH_REQ(%s)", conf->nodename, p->initiate ? "initiate" : "reply"); |
1072 | slog (L_TRACE, "%s >> PT_AUTH_REQ(%s,p%02x,f%02x)", |
|
|
1073 | conf->nodename, p->initiate ? "initiate" : "reply", |
|
|
1074 | p->protocols, p->features); |
1075 | |
1075 | |
1076 | if (p->chk_config () |
1076 | if (p->chk_config () |
1077 | && (!strncmp (p->magic, MAGIC_OLD, 8) || !strncmp (p->magic, MAGIC, 8))) |
1077 | && (!memcmp (p->magic, MAGIC_OLD, 8) || !memcmp (p->magic, MAGIC, 8))) |
1078 | { |
1078 | { |
1079 | if (p->prot_minor != PROTOCOL_MINOR) |
1079 | if (p->prot_minor != PROTOCOL_MINOR) |
1080 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
1080 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
1081 | conf->nodename, (const char *)rsi, |
1081 | conf->nodename, (const char *)rsi, |
1082 | PROTOCOL_MINOR, conf->nodename, p->prot_minor); |
1082 | PROTOCOL_MINOR, conf->nodename, p->prot_minor); |
… | |
… | |
1274 | if (p->id > 0 && p->id <= vpn->conns.size ()) |
1274 | if (p->id > 0 && p->id <= vpn->conns.size ()) |
1275 | { |
1275 | { |
1276 | connection *c = vpn->conns[p->id - 1]; |
1276 | connection *c = vpn->conns[p->id - 1]; |
1277 | conf->protocols = p->protocols; |
1277 | conf->protocols = p->protocols; |
1278 | |
1278 | |
1279 | slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s) [%d]", |
1279 | slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s,p%02x) [%d]", |
1280 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, c->ictx && c->octx); |
1280 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, |
|
|
1281 | p->protocols, |
|
|
1282 | c->ictx && c->octx); |
1281 | |
1283 | |
1282 | if (c->ictx && c->octx) |
1284 | if (c->ictx && c->octx) |
1283 | { |
1285 | { |
1284 | // send connect_info packets to both sides, in case one is |
1286 | // send connect_info packets to both sides, in case one is |
1285 | // behind a nat firewall (or both ;) |
1287 | // behind a nat firewall (or both ;) |
… | |
… | |
1308 | |
1310 | |
1309 | c->conf->protocols = p->protocols; |
1311 | c->conf->protocols = p->protocols; |
1310 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1312 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1311 | p->si.upgrade_protocol (protocol, c->conf); |
1313 | p->si.upgrade_protocol (protocol, c->conf); |
1312 | |
1314 | |
1313 | slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s) [%d]", |
1315 | slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s,p%02x) [%d]", |
|
|
1316 | conf->nodename, |
1314 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, |
1317 | vpn->conns[p->id - 1]->conf->nodename, |
|
|
1318 | (const char *)p->si, |
|
|
1319 | p->protocols, |
1315 | (const char *)p->si, !c->ictx && !c->octx); |
1320 | !c->ictx && !c->octx); |
1316 | |
1321 | |
1317 | const sockinfo &dsi = forward_si (p->si); |
1322 | const sockinfo &dsi = forward_si (p->si); |
1318 | |
1323 | |
1319 | if (dsi.valid ()) |
1324 | if (dsi.valid ()) |
1320 | c->send_auth_request (dsi, true); |
1325 | c->send_auth_request (dsi, true); |
… | |
… | |
1358 | } |
1363 | } |
1359 | |
1364 | |
1360 | void |
1365 | void |
1361 | connection::send_connect_request (int id) |
1366 | connection::send_connect_request (int id) |
1362 | { |
1367 | { |
1363 | connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); |
1368 | connect_req_packet *p = new connect_req_packet (conf->id, id, THISNODE->protocols); |
1364 | |
1369 | |
1365 | slog (L_TRACE, "%s << PT_CONNECT_REQ(%s)", |
1370 | slog (L_TRACE, "%s << PT_CONNECT_REQ(%s,p%02x)", |
1366 | conf->nodename, vpn->conns[id - 1]->conf->nodename); |
1371 | conf->nodename, vpn->conns[id - 1]->conf->nodename, |
|
|
1372 | THISNODE->protocols); |
1367 | p->hmac_set (octx); |
1373 | p->hmac_set (octx); |
1368 | send_vpn_packet (p, si); |
1374 | send_vpn_packet (p, si); |
1369 | |
1375 | |
1370 | delete p; |
1376 | delete p; |
1371 | } |
1377 | } |
… | |
… | |
1455 | establish_connection.set<connection, &connection::establish_connection_cb> (this); |
1461 | establish_connection.set<connection, &connection::establish_connection_cb> (this); |
1456 | |
1462 | |
1457 | last_establish_attempt = 0.; |
1463 | last_establish_attempt = 0.; |
1458 | octx = ictx = 0; |
1464 | octx = ictx = 0; |
1459 | |
1465 | |
1460 | if (!conf->protocols) // make sure some protocol is enabled |
|
|
1461 | conf->protocols = PROT_UDPv4; |
|
|
1462 | |
|
|
1463 | connectmode = conf->connectmode; |
1466 | connectmode = conf->connectmode; |
1464 | |
1467 | |
1465 | // queue a dummy packet to force an initial connection attempt |
1468 | // queue a dummy packet to force an initial connection attempt |
1466 | if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED) |
1469 | if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED) |
1467 | vpn_queue.put (new net_packet); |
1470 | vpn_queue.put (new net_packet); |