ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
Revision: 1.113
Committed: Thu Jan 29 00:21:39 2015 UTC (9 years, 3 months ago) by root
Content type: text/plain
Branch: MAIN
Changes since 1.112: +41 -46 lines
Log Message: 
*** empty log message ***

File Contents

# Content
1 /*
2 connection.C -- manage a single connection
3 Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann <gvpe@schmorp.de>
4
5 This file is part of GVPE.
6
7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the
9 Free Software Foundation; either version 3 of the License, or (at your
10 option) any later version.
11
12 This program is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15 Public License for more details.
16
17 You should have received a copy of the GNU General Public License along
18 with this program; if not, see <http://www.gnu.org/licenses/>.
19
20 Additional permission under GNU GPL version 3 section 7
21
22 If you modify this Program, or any covered work, by linking or
23 combining it with the OpenSSL project's OpenSSL library (or a modified
24 version of that library), containing parts covered by the terms of the
25 OpenSSL or SSLeay licenses, the licensors of this Program grant you
26 additional permission to convey the resulting work. Corresponding
27 Source for a non-source form of such a combination shall include the
28 source code for the parts of OpenSSL used as well as that of the
29 covered work.
30 */
31
32 #include "config.h"
33
34 #include <list>
35 #include <queue>
36 #include <utility>
37
38 #include <openssl/opensslv.h>
39 #include <openssl/rand.h>
40 #include <openssl/evp.h>
41 #include <openssl/rsa.h>
42 #include <openssl/err.h>
43
44 // openssl 0.9.8 compatibility
45 #if OPENSSL_VERSION_NUMBER < 0x10100000
46 #define require101(exp) exp
47 #else
48 #define require101(exp) require (exp)
49 #endif
50
51 #include "conf.h"
52 #include "slog.h"
53 #include "device.h"
54 #include "vpn.h"
55 #include "connection.h"
56 #include "hkdf.h"
57
58 #include "netcompat.h"
59
60 #define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic
61
62 #define ULTRA_FAST 1
63 #define HLOG 15
64 #include "lzf/lzf.h"
65 #include "lzf/lzf_c.c"
66 #include "lzf/lzf_d.c"
67
68 //////////////////////////////////////////////////////////////////////////////
69
70 static std::queue< std::pair<run_script_cb *, const char *> > rs_queue;
71 static ev::child rs_child_ev;
72
73 namespace
74 {
75 void // c++ requires external linkage here, apparently :(
76 rs_child_cb (ev::child &w, int revents)
77 {
78 w.stop ();
79
80 if (rs_queue.empty ())
81 return;
82
83 pid_t pid = run_script (*rs_queue.front ().first, false);
84 if (pid)
85 {
86 w.set (pid);
87 w.start ();
88 }
89 else
90 slog (L_WARN, rs_queue.front ().second);
91
92 delete rs_queue.front ().first;
93 rs_queue.pop ();
94 }
95 };
96
97 // despite the fancy name, this is quite a hack
98 static void
99 run_script_queued (run_script_cb *cb, const char *warnmsg)
100 {
101 rs_queue.push (std::make_pair (cb, warnmsg));
102
103 if (!rs_child_ev.is_active ())
104 {
105 rs_child_ev.set<rs_child_cb> ();
106 rs_child_ev ();
107 }
108 }
109
110 //////////////////////////////////////////////////////////////////////////////
111
112 struct crypto_ctx
113 {
114 EVP_CIPHER_CTX cctx;
115 HMAC_CTX hctx;
116
117 crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc);
118 ~crypto_ctx ();
119 };
120
121 crypto_ctx::crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc)
122 {
123 ecdh_key s;
124
125 curve25519_combine (a, b, s);
126
127 {
128 u8 mac_key[MAC_KEYSIZE];
129 static const unsigned char mac_info[] = "gvpe mac key";
130
131 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
132 kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key));
133 kdf.extract (s, sizeof (s));
134 kdf.extract_done (HKDF_PRF_HASH ());
135 kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info));
136
137 HMAC_CTX_init (&hctx);
138 require101 (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0));
139 }
140
141 {
142 u8 cipher_key[CIPHER_KEYSIZE];
143 static const unsigned char cipher_info[] = "gvpe cipher key";
144
145 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
146 kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key));
147 kdf.extract (s, sizeof (s));
148 kdf.extract_done (HKDF_PRF_HASH ());
149 kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info));
150
151 EVP_CIPHER_CTX_init (&cctx);
152 require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc));
153 }
154 }
155
156 crypto_ctx::~crypto_ctx ()
157 {
158 require (EVP_CIPHER_CTX_cleanup (&cctx));
159 HMAC_CTX_cleanup (&hctx);
160 }
161
162 static inline void
163 auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr)
164 {
165 if (RSA_public_encrypt (sizeof (auth.rsa),
166 (unsigned char *)&auth.rsa, (unsigned char *)&encr.rsa,
167 key, RSA_PKCS1_OAEP_PADDING) < 0)
168 fatal ("RSA_public_encrypt error");
169
170 memcpy (&encr.ecdh, &auth.ecdh, sizeof (encr.ecdh));
171 }
172
173 static inline bool
174 auth_decrypt (RSA *key, const auth_encr &encr, auth_data &auth)
175 {
176 u8 rsa_decrypt[RSA_KEYLEN];
177
178 if (RSA_private_decrypt (sizeof (encr.rsa),
179 (const unsigned char *)&encr.rsa, (unsigned char *)rsa_decrypt,
180 key, RSA_PKCS1_OAEP_PADDING) != sizeof (auth.rsa))
181 return 0;
182
183 memcpy (&auth.rsa, rsa_decrypt, sizeof (auth.rsa));
184 memcpy (&auth.ecdh, &encr.ecdh, sizeof (auth.ecdh));
185
186 return 1;
187 }
188
189 static void
190 auth_hash (const auth_data &auth, const ecdh_key &b, auth_mac &mac)
191 {
192 hkdf kdf (b, sizeof b, AUTH_DIGEST ()); // use response ecdh b as salt
193 kdf.extract (&auth.rsa, sizeof (auth.rsa));
194 kdf.extract_done ();
195 kdf.expand (mac, sizeof mac, auth.ecdh, sizeof (auth.ecdh)); // use challenge ecdh b as info
196 }
197
198 void
199 connection::generate_auth_data ()
200 {
201 if (auth_expire < ev_now ())
202 {
203 // request data
204 rand_fill (snd_auth.rsa);
205 curve25519_generate (snd_ecdh_a, snd_auth.ecdh);
206
207 // eventual response data
208 curve25519_generate (rcv_ecdh_a, rcv_ecdh_b);
209 }
210
211 // every use prolongs the expiry
212 auth_expire = ev_now () + AUTH_TTL;
213 }
214
215 //////////////////////////////////////////////////////////////////////////////
216
217 pkt_queue::pkt_queue (double max_ttl, int max_queue)
218 : max_ttl (max_ttl), max_queue (max_queue)
219 {
220 queue = new pkt [max_queue];
221
222 i = 0;
223 j = 0;
224
225 expire.set<pkt_queue, &pkt_queue::expire_cb> (this);
226 }
227
228 pkt_queue::~pkt_queue ()
229 {
230 while (net_packet *p = get ())
231 delete p;
232
233 delete [] queue;
234 }
235
236 void
237 pkt_queue::expire_cb (ev::timer &w, int revents)
238 {
239 ev_tstamp expire = ev_now () - max_ttl;
240
241 for (;;)
242 {
243 if (empty ())
244 break;
245
246 double diff = queue[j].tstamp - expire;
247
248 if (diff >= 0.)
249 {
250 w.start (diff > 0.5 ? diff : 0.5);
251 break;
252 }
253
254 delete get ();
255 }
256 }
257
258 void
259 pkt_queue::put (net_packet *p)
260 {
261 ev_tstamp now = ev_now ();
262
263 // start expiry timer
264 if (empty ())
265 expire.start (max_ttl);
266
267 int ni = i + 1 == max_queue ? 0 : i + 1;
268
269 if (ni == j)
270 delete get ();
271
272 queue[i].pkt = p;
273 queue[i].tstamp = now;
274
275 i = ni;
276 }
277
278 net_packet *
279 pkt_queue::get ()
280 {
281 if (empty ())
282 return 0;
283
284 net_packet *p = queue[j].pkt;
285 queue[j].pkt = 0;
286
287 j = j + 1 == max_queue ? 0 : j + 1;
288
289 return p;
290 }
291
292 struct net_rateinfo
293 {
294 u32 host;
295 double pcnt, diff;
296 tstamp last;
297 };
298
299 // only do action once every x seconds per host whole allowing bursts.
300 // this implementation ("splay list" ;) is inefficient,
301 // but low on resources.
302 struct net_rate_limiter : list<net_rateinfo>
303 {
304 # define NRL_ALPHA (1. - 1. / 600.) // allow bursts
305 # define NRL_CUTOFF 10. // one event every CUTOFF seconds
306 # define NRL_EXPIRE (NRL_CUTOFF * 30.) // expire entries after this time
307 # define NRL_MAXDIF (NRL_CUTOFF * (1. / (1. - NRL_ALPHA))) // maximum diff /count value
308
309 bool can (const sockinfo &si) { return can((u32)si.host); }
310 bool can (u32 host);
311 };
312
313 static net_rate_limiter auth_rate_limiter, reset_rate_limiter;
314
315 bool
316 net_rate_limiter::can (u32 host)
317 {
318 iterator i;
319
320 for (i = begin (); i != end (); )
321 if (i->host == host)
322 break;
323 else if (i->last < ev_now () - NRL_EXPIRE)
324 i = erase (i);
325 else
326 i++;
327
328 if (i == end ())
329 {
330 net_rateinfo ri;
331
332 ri.host = host;
333 ri.pcnt = 1.;
334 ri.diff = NRL_MAXDIF;
335 ri.last = ev_now ();
336
337 push_front (ri);
338
339 return true;
340 }
341 else
342 {
343 net_rateinfo ri (*i);
344 erase (i);
345
346 ri.pcnt = ri.pcnt * NRL_ALPHA;
347 ri.diff = ri.diff * NRL_ALPHA + (ev_now () - ri.last);
348
349 ri.last = ev_now ();
350
351 double dif = ri.diff / ri.pcnt;
352
353 bool send = dif > NRL_CUTOFF;
354
355 if (dif > NRL_MAXDIF)
356 {
357 ri.pcnt = 1.;
358 ri.diff = NRL_MAXDIF;
359 }
360 else if (send)
361 ri.pcnt++;
362
363 push_front (ri);
364
365 return send;
366 }
367 }
368
369 /////////////////////////////////////////////////////////////////////////////
370
371 void
372 hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest)
373 {
374 HMAC_CTX *hctx = &ctx->hctx;
375
376 require101 (HMAC_Init_ex (hctx, 0, 0, 0, 0));
377 require101 (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet)));
378 require101 (HMAC_Final (hctx, hmac_digest, 0));
379 }
380
381 void
382 hmac_packet::hmac_set (crypto_ctx *ctx)
383 {
384 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
385 hmac_gen (ctx, hmac_digest);
386 memcpy (hmac, hmac_digest, HMACLENGTH);
387 }
388
389 bool
390 hmac_packet::hmac_chk (crypto_ctx *ctx)
391 {
392 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
393 hmac_gen (ctx, hmac_digest);
394 return slow_memeq (hmac, hmac_digest, HMACLENGTH);
395 }
396
397 void
398 vpn_packet::set_hdr (ptype type_, unsigned int dst)
399 {
400 type = type_;
401
402 int src = THISNODE->id;
403
404 src1 = src;
405 srcdst = ((src >> 8) << 4) | (dst >> 8);
406 dst1 = dst;
407 }
408
409 #define MAXVPNDATA (MAX_MTU - 6 - 6)
410
411 struct vpndata_packet : vpn_packet
412 {
413 u32 ctr; // seqno
414 u8 data[MAXVPNDATA];
415
416 void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
417 tap_packet *unpack (connection *conn, u32 &seqno);
418
419 private:
420 const u32 data_hdr_size () const
421 {
422 // the distance from beginning of packet to data member
423 return data - at (0);
424 }
425 };
426
427 // expands packet counter (unlike seqno, in network byte order) to counter mode IV
428 static unsigned char *
429 expand_iv (u32 ctr)
430 {
431 static u32 iv[IV_SIZE (CIPHER) / 4];
432
433 require (sizeof (iv) == 4 * 4);
434 require (IV_SIZE (CIPHER) % 4 == 0);
435
436 iv[0] =
437 iv[1] =
438 iv[2] = ctr;
439
440 // I would reuse ctr here to to avoid potential endianness issues,
441 // but it seems openssl wraps around. While this would be still ok,
442 // and I don't even know if its true, let's play safe and initialise
443 // to 0.
444 iv[3] = 0;
445
446 return (unsigned char *)iv;
447 }
448
449 void
450 vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
451 {
452 EVP_CIPHER_CTX *cctx = &conn->octx->cctx;
453 int outl = 0, outl2;
454 ptype type = PT_DATA_UNCOMPRESSED;
455
456 #if ENABLE_COMPRESSION
457 u8 cdata[MAX_MTU];
458
459 if (conn->features & FEATURE_COMPRESSION)
460 {
461 u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
462
463 if (cl)
464 {
465 type = PT_DATA_COMPRESSED;
466 d = cdata;
467 l = cl + 2;
468
469 d[0] = cl >> 8;
470 d[1] = cl;
471 }
472 }
473 #endif
474
475 ctr = htonl (seqno);
476
477 require (EVP_EncryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
478
479 require (EVP_EncryptUpdate (cctx,
480 (unsigned char *)data + outl, &outl2,
481 (unsigned char *)d, l));
482 outl += outl2;
483
484 // it seems this is a nop for us, but we do it anyways
485 require (EVP_EncryptFinal_ex (cctx, (unsigned char *)data + outl, &outl2));
486 outl += outl2;
487
488 len = data_hdr_size () + outl;
489
490 set_hdr (type, dst);
491
492 hmac_set (conn->octx);
493 }
494
495 tap_packet *
496 vpndata_packet::unpack (connection *conn, u32 &seqno)
497 {
498 EVP_CIPHER_CTX *cctx = &conn->ictx->cctx;
499 int outl = 0, outl2;
500 tap_packet *p = new tap_packet;
501 u8 *d;
502
503 seqno = ntohl (ctr);
504
505 require (EVP_DecryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
506
507 #if ENABLE_COMPRESSION
508 u8 cdata[MAX_MTU];
509
510 if (type == PT_DATA_COMPRESSED)
511 d = cdata;
512 else
513 #endif
514 d = &(*p)[6 + 6];
515
516 // this can overwrite the len/dst/src fields
517 require (EVP_DecryptUpdate (cctx,
518 d, &outl2,
519 (unsigned char *)&data, len - data_hdr_size ()));
520 outl += outl2;
521
522 // it seems this is a nop for us, but we do it anyways
523 require (EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2));
524 outl += outl2;
525
526 id2mac (dst () ? dst() : THISNODE->id, p->dst);
527 id2mac (src (), p->src);
528
529 #if ENABLE_COMPRESSION
530 if (type == PT_DATA_COMPRESSED)
531 {
532 u32 cl = (d[0] << 8) | d[1];
533
534 p->len = lzf_decompress (d + 2, cl < MAX_MTU - 2 ? cl : 0,
535 &(*p)[6 + 6], MAX_MTU)
536 + 6 + 6;
537 }
538 else
539 p->len = outl + (6 + 6);
540 #endif
541
542 return p;
543 }
544
545 struct ping_packet : vpn_packet
546 {
547 void setup (int dst, ptype type)
548 {
549 set_hdr (type, dst);
550 len = sizeof (*this) - sizeof (net_packet);
551 }
552 };
553
554 struct config_packet : vpn_packet
555 {
556 u8 serial[SERIAL_SIZE];
557 u8 prot_major, prot_minor, randsize;
558 u8 flags, features, pad6, pad7, pad8;
559 u32 cipher_nid, mac_nid, auth_nid;
560
561 void setup (ptype type, int dst);
562 bool chk_config (const conf_node *conf, const sockinfo &rsi) const;
563
564 static u8 get_features ()
565 {
566 u8 f = 0;
567 #if ENABLE_COMPRESSION
568 f |= FEATURE_COMPRESSION;
569 #endif
570 #if ENABLE_ROHC
571 f |= FEATURE_ROHC;
572 #endif
573 #if ENABLE_BRIDGING
574 f |= FEATURE_BRIDGING;
575 #endif
576 return f;
577 }
578 };
579
580 void
581 config_packet::setup (ptype type, int dst)
582 {
583 prot_major = PROTOCOL_MAJOR;
584 prot_minor = PROTOCOL_MINOR;
585 flags = 0;
586 features = get_features ();
587
588 strncpy ((char *)serial, conf.serial, sizeof (serial));
589
590 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER ()));
591 mac_nid = htonl (EVP_MD_type (MAC_DIGEST ()));
592 auth_nid = htonl (EVP_MD_type (AUTH_DIGEST ()));
593
594 len = sizeof (*this) - sizeof (net_packet);
595 set_hdr (type, dst);
596 }
597
598 bool
599 config_packet::chk_config (const conf_node *conf, const sockinfo &rsi) const
600 {
601 if (prot_major != PROTOCOL_MAJOR)
602 slog (L_WARN, _("%s(%s): major version mismatch (remote %d <=> local %d)"),
603 conf->nodename, (const char *)rsi, prot_major, PROTOCOL_MAJOR);
604 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER ())))
605 slog (L_WARN, _("%s(%s): cipher algo mismatch (remote %x <=> local %x)"),
606 conf->nodename, (const char *)rsi, ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER ()));
607 else if (mac_nid != htonl (EVP_MD_type (MAC_DIGEST ())))
608 slog (L_WARN, _("%s(%s): mac algo mismatch (remote %x <=> local %x)"),
609 conf->nodename, (const char *)rsi, ntohl (mac_nid), EVP_MD_type (MAC_DIGEST ()));
610 else if (auth_nid != htonl (EVP_MD_type (AUTH_DIGEST ())))
611 slog (L_WARN, _("%s(%s): auth algo mismatch (remote %x <=> local %x)"),
612 conf->nodename, (const char *)rsi, ntohl (auth_nid), EVP_MD_type (AUTH_DIGEST ()));
613 else
614 {
615 int cmp = memcmp (serial, ::conf.serial, sizeof (serial));
616
617 if (cmp > 0)
618 slog (L_WARN, _("%s(%s): remote serial newer than local serial - outdated config?"),
619 conf->nodename, (const char *)rsi);
620 else if (cmp == 0)
621 return true;
622 }
623
624 return false;
625 }
626
627 struct auth_req_packet : config_packet // UNPROTECTED
628 {
629 char magic[8];
630 u8 initiate; // false if this is just an automatic reply
631 u8 protocols; // supported protocols (will be patched on forward)
632 u8 pad2, pad3;
633 auth_encr encr;
634
635 auth_req_packet (int dst, bool initiate_, u8 protocols_)
636 {
637 config_packet::setup (PT_AUTH_REQ, dst);
638 memcpy (magic, MAGIC, 8);
639 initiate = !!initiate_;
640 protocols = protocols_;
641
642 len = sizeof (*this) - sizeof (net_packet);
643 }
644 };
645
646 struct auth_res_packet : vpn_packet // UNPROTECTED
647 {
648 auth_response response;
649
650 auth_res_packet (int dst)
651 {
652 set_hdr (PT_AUTH_RES, dst);
653
654 len = sizeof (*this) - sizeof (net_packet);
655 }
656 };
657
658 struct connect_req_packet : vpn_packet
659 {
660 u8 id, protocols;
661 u8 pad1, pad2;
662
663 connect_req_packet (int dst, int id_, u8 protocols_)
664 : id(id_)
665 , protocols(protocols_)
666 {
667 set_hdr (PT_CONNECT_REQ, dst);
668 len = sizeof (*this) - sizeof (net_packet);
669 }
670 };
671
672 struct connect_info_packet : vpn_packet
673 {
674 u8 id, protocols;
675 u8 pad1, pad2;
676 sockinfo si;
677
678 connect_info_packet (int dst, int id_, const sockinfo &si_, u8 protocols_)
679 : id(id_)
680 , protocols(protocols_)
681 , si(si_)
682 {
683 set_hdr (PT_CONNECT_INFO, dst);
684
685 len = sizeof (*this) - sizeof (net_packet);
686 }
687 };
688
689 /////////////////////////////////////////////////////////////////////////////
690
691 void
692 connection::connection_established (const sockinfo &rsi)
693 {
694 if (!have_snd_auth || !have_rcv_auth)
695 return;
696
697 si = rsi;
698 protocol = rsi.prot;
699
700 slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."),
701 conf->nodename, (const char *)rsi,
702 vpn->can_direct (THISNODE, conf) ? "direct" : "forwarded",
703 PROTOCOL_MAJOR, prot_minor);
704
705 if (::conf.script_node_up)
706 {
707 run_script_cb *cb = new run_script_cb;
708 cb->set<connection, &connection::script_node_up> (this);
709 run_script_queued (cb, _("node-up command execution failed, continuing."));
710 }
711
712 delete ictx; ictx = new crypto_ctx (rcv_auth, snd_auth, rcv_ecdh_a, rcv_auth.ecdh, 0);
713 iseqno.reset (ntohl (rcv_auth.rsa.seqno) & 0x7fffffff);
714
715 delete octx; octx = new crypto_ctx (snd_auth, rcv_auth, snd_ecdh_a, snd_ecdh_b , 1);
716 oseqno = ntohl (snd_auth.rsa.seqno) & 0x7fffffff;
717
718 // make sure rekeying timeouts are slightly asymmetric
719 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0);
720 rekey.start (rekey_interval, rekey_interval);
721
722 hmac_error = 0.;
723
724 keepalive.start (::conf.keepalive);
725
726 // send queued packets
727 while (tap_packet *p = (tap_packet *)data_queue.get ())
728 {
729 if (p->len) send_data_packet (p);
730 delete p;
731 }
732
733 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
734 {
735 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY);
736 delete p;
737 }
738
739 vpn->connection_established (this);
740 }
741
742 void
743 connection::reset_si ()
744 {
745 if (vpn->can_direct (THISNODE, conf))
746 protocol = best_protocol (THISNODE->protocols & conf->connectable_protocols ());
747 else
748 {
749 slog (L_TRACE, _("%s: direct connection denied by config."), conf->nodename);
750 protocol = 0;
751 }
752
753 si.set (conf, protocol);
754 }
755
756 // ensure sockinfo is valid, forward if necessary
757 const sockinfo &
758 connection::forward_si (const sockinfo &si) const
759 {
760 if (!si.valid ())
761 {
762 connection *r = vpn->find_router_for (this);
763
764 if (r)
765 {
766 slog (L_DEBUG, _("%s: no common protocol, trying to route through %s."),
767 conf->nodename, r->conf->nodename);
768 return r->si;
769 }
770 else
771 slog (L_DEBUG, _("%s: node unreachable, no common protocol or no router available."),
772 conf->nodename);
773 }
774
775 return si;
776 }
777
778 void
779 connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
780 {
781 if (!vpn->send_vpn_packet (pkt, si, tos))
782 reset_connection ("packet send error");
783 }
784
785 void
786 connection::send_ping (const sockinfo &si, u8 pong)
787 {
788 ping_packet *pkt = new ping_packet;
789
790 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
791
792 slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si);
793 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
794
795 delete pkt;
796 }
797
798 void
799 connection::send_reset (const sockinfo &si)
800 {
801 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
802 {
803 config_packet *pkt = new config_packet;
804
805 pkt->setup (vpn_packet::PT_RESET, conf->id);
806 send_vpn_packet (pkt, si, IPTOS_MINCOST);
807
808 delete pkt;
809 }
810 }
811
812 void
813 connection::send_auth_request (const sockinfo &si, bool initiate)
814 {
815 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
816
817 generate_auth_data ();
818 auth_encrypt (conf->rsa_key, snd_auth, pkt->encr);
819
820 slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si);
821 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
822
823 delete pkt;
824 }
825
826 void
827 connection::send_auth_response (const sockinfo &si)
828 {
829 auth_res_packet *pkt = new auth_res_packet (conf->id);
830
831 memcpy (pkt->response.ecdh, rcv_ecdh_b, sizeof rcv_ecdh_b);
832 auth_hash (rcv_auth, rcv_ecdh_b, pkt->response.mac);
833
834 slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si);
835 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
836
837 delete pkt;
838 }
839
840 void
841 connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols)
842 {
843 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s,p%02x)", conf->nodename,
844 vpn->conns[rid - 1]->conf->nodename, (const char *)rsi,
845 conf->protocols);
846
847 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
848
849 r->hmac_set (octx);
850 send_vpn_packet (r, si);
851
852 delete r;
853 }
854
855 inline void
856 connection::establish_connection_cb (ev::timer &w, int revents)
857 {
858 if (!(ictx && octx)
859 && conf != THISNODE
860 && connectmode != conf_node::C_NEVER
861 && connectmode != conf_node::C_DISABLED
862 && !w.is_active ())
863 {
864 // a bit hacky, if ondemand, and packets are no longer queued, then reset the connection
865 // and stop trying. should probably be handled by a per-connection expire handler.
866 if (connectmode == conf_node::C_ONDEMAND && vpn_queue.empty () && data_queue.empty ())
867 {
868 reset_connection ("no demand");
869 return;
870 }
871
872 last_establish_attempt = ev_now ();
873
874 ev::tstamp retry_int = ev::tstamp (retry_cnt & 3
875 ? (retry_cnt & 3) + 1
876 : 1 << (retry_cnt >> 2));
877
878 reset_si ();
879
880 bool slow = (si.prot & PROT_SLOW) || (conf->low_power || THISNODE->low_power);
881
882 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf))
883 {
884 /*TODO*/ /* start the timer so we don't recurse endlessly */
885 w.start (1);
886 vpn->send_connect_request (this);
887 }
888 else
889 {
890 if (si.valid ())
891 slog (L_DEBUG, _("%s: sending direct connection request to %s."),
892 conf->nodename, (const char *)si);
893
894 const sockinfo &dsi = forward_si (si);
895
896 slow = slow || (dsi.prot & PROT_SLOW);
897
898 if (dsi.valid () && auth_rate_limiter.can (dsi))
899 {
900 // use ping after the first few retries
901 // TODO: on rekeys, the other node might not interpret ping correctly,
902 // TODO: as it will still have a valid connection
903 if (retry_cnt < 4 && (!conf->low_power || THISNODE->low_power))
904 send_auth_request (dsi, true);
905 else
906 send_ping (dsi, 0);
907 }
908 }
909
910 retry_int *= slow ? 4. : 0.9;
911
912 if (retry_int < conf->max_retry)
913 retry_cnt++;
914 else
915 retry_int = conf->max_retry;
916
917 w.start (retry_int);
918 }
919 }
920
921 void
922 connection::reset_connection (const char *reason)
923 {
924 if (ictx && octx)
925 {
926 slog (L_INFO, _("%s(%s): connection lost (%s)"),
927 conf->nodename, (const char *)si, reason);
928
929 if (::conf.script_node_down)
930 {
931 run_script_cb *cb = new run_script_cb;
932 cb->set<connection, &connection::script_node_down> (this);
933 run_script_queued (cb, _("node-down command execution failed, continuing."));
934 }
935 }
936
937 delete ictx; ictx = 0;
938 delete octx; octx = 0;
939
940 si.host = 0;
941
942 have_snd_auth = false;
943 have_rcv_auth = false;
944 auth_expire = 0.;
945
946 last_activity = 0.;
947 //last_si_change = 0.;
948 retry_cnt = 0;
949
950 rekey.stop ();
951 keepalive.stop ();
952 establish_connection.stop ();
953 }
954
955 void
956 connection::shutdown ()
957 {
958 if (ictx && octx)
959 send_reset (si);
960
961 reset_connection ("shutdown");
962 }
963
964 // poor-man's rekeying
965 inline void
966 connection::rekey_cb (ev::timer &w, int revents)
967 {
968 reset_connection ("rekeying");
969 establish_connection ();
970 }
971
972 void
973 connection::send_data_packet (tap_packet *pkt)
974 {
975 vpndata_packet *p = new vpndata_packet;
976 int tos = 0;
977
978 // I am not hilarious about peeking into packets, but so be it.
979 if (conf->inherit_tos && pkt->is_ipv4 ())
980 tos = (*pkt)[15] & IPTOS_TOS_MASK;
981
982 p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
983 send_vpn_packet (p, si, tos);
984
985 delete p;
986
987 if (oseqno > MAX_SEQNO)
988 rekey ();
989 }
990
991 void
992 connection::post_inject_queue ()
993 {
994 // force a connection every now and when when packets are sent (max 1/s)
995 if (ev_now () - last_establish_attempt >= (conf->low_power || THISNODE->low_power ? 2.95 : 0.95)) // arbitrary
996 establish_connection.stop ();
997
998 establish_connection ();
999 }
1000
1001 void
1002 connection::inject_data_packet (tap_packet *pkt)
1003 {
1004 if (ictx && octx)
1005 send_data_packet (pkt);
1006 else
1007 {
1008 data_queue.put (new tap_packet (*pkt));
1009 post_inject_queue ();
1010 }
1011 }
1012
1013 void
1014 connection::inject_vpn_packet (vpn_packet *pkt, int tos)
1015 {
1016 if (ictx && octx)
1017 send_vpn_packet (pkt, si, tos);
1018 else
1019 {
1020 vpn_queue.put ((vpn_packet *)new data_packet (*(data_packet *)pkt));
1021 post_inject_queue ();
1022 }
1023 }
1024
1025 void
1026 connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
1027 {
1028 last_activity = ev_now ();
1029
1030 slog (L_NOISE, "%s >> received packet type %d from %d to %d.",
1031 conf->nodename, pkt->typ (), pkt->src (), pkt->dst ());
1032
1033 if (connectmode == conf_node::C_DISABLED)
1034 return;
1035
1036 switch (pkt->typ ())
1037 {
1038 case vpn_packet::PT_PING:
1039 slog (L_TRACE, "%s >> PT_PING", conf->nodename);
1040
1041 // we send pings instead of auth packets after some retries,
1042 // so reset the retry counter and establish a connection
1043 // when we receive a ping.
1044 if (!ictx)
1045 {
1046 if (auth_rate_limiter.can (rsi))
1047 send_auth_request (rsi, true);
1048 }
1049 else
1050 // we would love to change the socket address here, but ping's aren't
1051 // authenticated, so we best ignore it.
1052 send_ping (rsi, 1); // pong
1053
1054 break;
1055
1056 case vpn_packet::PT_PONG:
1057 slog (L_TRACE, "%s >> PT_PONG", conf->nodename);
1058
1059 // a PONG might mean that the other side doesn't really know
1060 // about our desire for communication.
1061 establish_connection ();
1062 break;
1063
1064 case vpn_packet::PT_RESET:
1065 slog (L_TRACE, "%s >> PT_RESET", conf->nodename);
1066
1067 if (ictx && octx)
1068 {
1069 reset_connection ("remote reset");
1070
1071 config_packet *p = (config_packet *) pkt;
1072
1073 if (p->chk_config (conf, rsi) && connectmode == conf_node::C_ALWAYS)
1074 establish_connection ();
1075 }
1076
1077 break;
1078
1079 case vpn_packet::PT_AUTH_REQ:
1080 if (auth_rate_limiter.can (rsi))
1081 {
1082 auth_req_packet *p = (auth_req_packet *)pkt;
1083
1084 slog (L_TRACE, "%s >> PT_AUTH_REQ(%s,p%02x,f%02x)",
1085 conf->nodename, p->initiate ? "initiate" : "reply",
1086 p->protocols, p->features);
1087
1088 if (memcmp (p->magic, MAGIC, 8))
1089 {
1090 slog (L_WARN, _("%s(%s): protocol magic mismatch - stray packet?"),
1091 conf->nodename, (const char *)rsi);
1092 }
1093 else if (p->chk_config (conf, rsi))
1094 {
1095 if (p->prot_minor != PROTOCOL_MINOR)
1096 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1097 conf->nodename, (const char *)rsi,
1098 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1099
1100 if (p->initiate)
1101 {
1102 send_auth_request (rsi, false);
1103
1104 if (ictx && octx)
1105 reset_connection ("reconnect");
1106 }
1107
1108 auth_data auth;
1109
1110 if (!auth_decrypt (::conf.rsa_key, p->encr, auth))
1111 {
1112 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
1113 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
1114 }
1115 else
1116 {
1117 bool chg = !have_rcv_auth || !slow_memeq (&rcv_auth, &auth, sizeof auth);
1118
1119 rcv_auth = auth;
1120 have_rcv_auth = true;
1121
1122 send_auth_response (rsi);
1123
1124 if (chg)
1125 {
1126 conf->protocols = p->protocols;
1127 features = p->features & config_packet::get_features ();
1128
1129 connection_established (rsi);
1130 }
1131 }
1132
1133 break;
1134 }
1135
1136 send_reset (rsi);
1137 }
1138
1139 break;
1140
1141 case vpn_packet::PT_AUTH_RES:
1142 {
1143 auth_res_packet *p = (auth_res_packet *)pkt;
1144
1145 slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename);
1146
1147 auth_mac local_mac;
1148 auth_hash (snd_auth, p->response.ecdh, local_mac);
1149
1150 if (!slow_memeq (&p->response.mac, local_mac, sizeof local_mac))
1151 {
1152 slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."),
1153 conf->nodename, (const char *)rsi);
1154 }
1155 else if (!have_snd_auth)
1156 {
1157 memcpy (snd_ecdh_b, p->response.ecdh, sizeof snd_ecdh_b);
1158
1159 have_snd_auth = true;
1160 connection_established (rsi);
1161 }
1162 }
1163 break;
1164
1165 case vpn_packet::PT_DATA_COMPRESSED:
1166 #if !ENABLE_COMPRESSION
1167 send_reset (rsi);
1168 break;
1169 #endif
1170
1171 case vpn_packet::PT_DATA_UNCOMPRESSED:
1172
1173 if (ictx && octx)
1174 {
1175 vpndata_packet *p = (vpndata_packet *)pkt;
1176
1177 if (!p->hmac_chk (ictx))
1178 {
1179 // rekeying often creates temporary hmac auth floods
1180 // we assume they don't take longer than a few seconds normally,
1181 // and suppress messages and resets during that time.
1182 //TODO: should be done per source address
1183 if (!hmac_error)
1184 {
1185 hmac_error = ev_now () + 3;
1186 break;
1187 }
1188 else if (hmac_error >= ev_now ())
1189 break; // silently suppress
1190 else
1191 {
1192 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
1193 "could be an attack, or just corruption or a synchronization error."),
1194 conf->nodename, (const char *)rsi);
1195 // reset
1196 }
1197 }
1198 else
1199 {
1200 u32 seqno;
1201 tap_packet *d = p->unpack (this, seqno);
1202 int seqclass = iseqno.seqno_classify (seqno);
1203
1204 hmac_error = 0;
1205
1206 if (seqclass == 0) // ok
1207 {
1208 vpn->tap->send (d);
1209
1210 if (si != rsi)
1211 {
1212 // fast re-sync on source address changes, useful especially for tcp/ip
1213 //if (last_si_change < ev_now () + 5.)
1214 // {
1215 slog (L_INFO, _("%s(%s): changing socket address to %s."),
1216 conf->nodename, (const char *)si, (const char *)rsi);
1217
1218 si = rsi;
1219
1220 if (::conf.script_node_change)
1221 {
1222 run_script_cb *cb = new run_script_cb;
1223 cb->set<connection, &connection::script_node_change> (this);
1224 run_script_queued (cb, _("node-change command execution failed, continuing."));
1225 }
1226
1227 // }
1228 //else
1229 // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."),
1230 // conf->nodename, (const char *)si, (const char *)rsi);
1231 }
1232 }
1233 else if (seqclass == 1) // far history
1234 slog (L_ERR, _("received very old packet (received %08lx, expected %08lx). "
1235 "possible replay attack, or just packet duplication/delay, ignoring."), seqno, iseqno.seq + 1);
1236 else if (seqclass == 2) // in-window duplicate, happens often on wireless
1237 slog (L_DEBUG, _("received recent duplicated packet (received %08lx, expected %08lx). "
1238 "possible replay attack, or just packet duplication, ignoring."), seqno, iseqno.seq + 1);
1239 else if (seqclass == 3) // reset
1240 {
1241 slog (L_ERR, _("received out-of-sync (far future) packet (received %08lx, expected %08lx). "
1242 "probably just massive packet loss, sending reset."), seqno, iseqno.seq + 1);
1243 send_reset (rsi);
1244 }
1245
1246 delete d;
1247 break;
1248 }
1249 }
1250
1251 send_reset (rsi);
1252 break;
1253
1254 case vpn_packet::PT_CONNECT_REQ:
1255 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1256 {
1257 connect_req_packet *p = (connect_req_packet *)pkt;
1258
1259 if (p->id > 0 && p->id <= vpn->conns.size ())
1260 {
1261 connection *c = vpn->conns[p->id - 1];
1262 conf->protocols = p->protocols;
1263
1264 slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s,p%02x) [%d]",
1265 conf->nodename, vpn->conns[p->id - 1]->conf->nodename,
1266 p->protocols,
1267 c->ictx && c->octx);
1268
1269 if (c->ictx && c->octx)
1270 {
1271 // send connect_info packets to both sides, in case one is
1272 // behind a nat firewall (or both ;)
1273 c->send_connect_info (conf->id, si, conf->protocols);
1274 send_connect_info (c->conf->id, c->si, c->conf->protocols);
1275 }
1276 else
1277 c->establish_connection ();
1278 }
1279 else
1280 slog (L_WARN,
1281 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1282 p->id);
1283 }
1284
1285 break;
1286
1287 case vpn_packet::PT_CONNECT_INFO:
1288 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1289 {
1290 connect_info_packet *p = (connect_info_packet *)pkt;
1291
1292 if (p->id > 0 && p->id <= vpn->conns.size ())
1293 {
1294 connection *c = vpn->conns[p->id - 1];
1295
1296 c->conf->protocols = p->protocols;
1297 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1298 p->si.upgrade_protocol (protocol, c->conf);
1299
1300 slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s,protocols=%02x,protocol=%02x,upgradable=%02x) [%d]",
1301 conf->nodename,
1302 vpn->conns[p->id - 1]->conf->nodename,
1303 (const char *)p->si,
1304 p->protocols,
1305 protocol,
1306 p->si.supported_protocols (c->conf),
1307 !c->ictx && !c->octx);
1308
1309 const sockinfo &dsi = forward_si (p->si);
1310
1311 if (dsi.valid ())
1312 c->send_auth_request (dsi, true);
1313 else
1314 slog (L_INFO, "connect info for %s received (%s), but still unable to contact.",
1315 vpn->conns[p->id - 1]->conf->nodename,
1316 (const char *)p->si);
1317 }
1318 else
1319 slog (L_WARN,
1320 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1321 p->id);
1322 }
1323
1324 break;
1325
1326 default:
1327 send_reset (rsi);
1328 break;
1329 }
1330 }
1331
1332 inline void
1333 connection::keepalive_cb (ev::timer &w, int revents)
1334 {
1335 ev_tstamp when = last_activity + ::conf.keepalive - ev::now ();
1336
1337 if (when >= 0)
1338 w.start (when);
1339 else if (when < -15)
1340 {
1341 reset_connection ("keepalive overdue");
1342 establish_connection ();
1343 }
1344 else if (conf->connectmode != conf_node::C_ONDEMAND
1345 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1346 {
1347 w.start (3);
1348 send_ping (si);
1349 }
1350 else if (when >= -10)
1351 // hold ondemand connections implicitly a few seconds longer
1352 // should delete octx, though, or something like that ;)
1353 w.start (when + 10);
1354 else
1355 reset_connection ("keepalive timeout");
1356 }
1357
1358 void
1359 connection::send_connect_request (int id)
1360 {
1361 connect_req_packet *p = new connect_req_packet (conf->id, id, THISNODE->protocols);
1362
1363 slog (L_TRACE, "%s << PT_CONNECT_REQ(%s,p%02x)",
1364 conf->nodename, vpn->conns[id - 1]->conf->nodename,
1365 THISNODE->protocols);
1366 p->hmac_set (octx);
1367 send_vpn_packet (p, si);
1368
1369 delete p;
1370 }
1371
1372 void
1373 connection::script_init_env (const char *ext)
1374 {
1375 char *env;
1376 asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env);
1377 asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env);
1378 asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext,
1379 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8,
1380 conf->id & 0xff); putenv (env);
1381 }
1382
1383 void
1384 connection::script_init_connect_env ()
1385 {
1386 vpn->script_init_env ();
1387
1388 char *env;
1389 asprintf (&env, "DESTID=%d", conf->id); putenv (env);
1390 asprintf (&env, "DESTSI=%s", (const char *)si); putenv (env);
1391 asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env);
1392 asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env);
1393 asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env);
1394 }
1395
1396 inline const char *
1397 connection::script_node_up ()
1398 {
1399 script_init_connect_env ();
1400
1401 putenv ((char *)"STATE=up");
1402
1403 char *filename;
1404 asprintf (&filename,
1405 "%s/%s",
1406 confbase,
1407 ::conf.script_node_up ? ::conf.script_node_up : "node-up");
1408
1409 return filename;
1410 }
1411
1412 inline const char *
1413 connection::script_node_change ()
1414 {
1415 script_init_connect_env ();
1416
1417 putenv ((char *)"STATE=change");
1418
1419 char *filename;
1420 asprintf (&filename,
1421 "%s/%s",
1422 confbase,
1423 ::conf.script_node_change ? ::conf.script_node_change : "node-change");
1424
1425 return filename;
1426 }
1427
1428 inline const char *
1429 connection::script_node_down ()
1430 {
1431 script_init_connect_env ();
1432
1433 putenv ((char *)"STATE=down");
1434
1435 char *filename;
1436 asprintf (&filename,
1437 "%s/%s",
1438 confbase,
1439 ::conf.script_node_down ? ::conf.script_node_down : "node-down");
1440
1441 return filename;
1442 }
1443
1444 connection::connection (struct vpn *vpn, conf_node *conf)
1445 : vpn(vpn), conf(conf),
1446 #if ENABLE_DNS
1447 dns (0),
1448 #endif
1449 data_queue(conf->max_ttl, conf->max_queue + 1),
1450 vpn_queue(conf->max_ttl, conf->max_queue + 1)
1451 {
1452 rekey .set<connection, &connection::rekey_cb > (this);
1453 keepalive .set<connection, &connection::keepalive_cb > (this);
1454 establish_connection.set<connection, &connection::establish_connection_cb> (this);
1455
1456 last_establish_attempt = 0.;
1457 octx = ictx = 0;
1458
1459 connectmode = conf->connectmode;
1460
1461 // queue a dummy packet to force an initial connection attempt
1462 if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED)
1463 vpn_queue.put (new net_packet);
1464
1465 reset_connection ("startup");
1466 }
1467
1468 connection::~connection ()
1469 {
1470 shutdown ();
1471 }
1472
1473 void
1474 connection_init ()
1475 {
1476 auth_rate_limiter.clear ();
1477 reset_rate_limiter.clear ();
1478 }
1479