ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
Revision: 1.115
Committed: Thu Jun 30 16:31:00 2016 UTC (7 years, 10 months ago) by root
Content type: text/plain
Branch: MAIN
CVS Tags: rel-3_0
Changes since 1.114: +6 -6 lines
Log Message: 
work around https://github.com/openssl/openssl/commit/4b464e7b46682f568a5df550426b0cf4b22e2485

File Contents

# Content
1 /*
2 connection.C -- manage a single connection
3 Copyright (C) 2003-2008,2010,2011,2013,2016 Marc Lehmann <gvpe@schmorp.de>
4
5 This file is part of GVPE.
6
7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the
9 Free Software Foundation; either version 3 of the License, or (at your
10 option) any later version.
11
12 This program is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15 Public License for more details.
16
17 You should have received a copy of the GNU General Public License along
18 with this program; if not, see <http://www.gnu.org/licenses/>.
19
20 Additional permission under GNU GPL version 3 section 7
21
22 If you modify this Program, or any covered work, by linking or
23 combining it with the OpenSSL project's OpenSSL library (or a modified
24 version of that library), containing parts covered by the terms of the
25 OpenSSL or SSLeay licenses, the licensors of this Program grant you
26 additional permission to convey the resulting work. Corresponding
27 Source for a non-source form of such a combination shall include the
28 source code for the parts of OpenSSL used as well as that of the
29 covered work.
30 */
31
32 #include "config.h"
33
34 #include <list>
35 #include <queue>
36 #include <utility>
37
38 #include <openssl/opensslv.h>
39 #include <openssl/rand.h>
40 #include <openssl/evp.h>
41 #include <openssl/rsa.h>
42 #include <openssl/err.h>
43
44 #include "conf.h"
45 #include "slog.h"
46 #include "crypto.h"
47 #include "device.h"
48 #include "vpn.h"
49 #include "connection.h"
50 #include "hkdf.h"
51
52 #include "netcompat.h"
53
54 #define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic
55
56 #define ULTRA_FAST 1
57 #define HLOG 15
58 #include "lzf/lzf.h"
59 #include "lzf/lzf_c.c"
60 #include "lzf/lzf_d.c"
61
62 //////////////////////////////////////////////////////////////////////////////
63
64 static std::queue< std::pair<run_script_cb *, const char *> > rs_queue;
65 static ev::child rs_child_ev;
66
67 namespace
68 {
69 void // c++ requires external linkage here, apparently :(
70 rs_child_cb (ev::child &w, int revents)
71 {
72 w.stop ();
73
74 if (rs_queue.empty ())
75 return;
76
77 pid_t pid = run_script (*rs_queue.front ().first, false);
78 if (pid)
79 {
80 w.set (pid);
81 w.start ();
82 }
83 else
84 slog (L_WARN, rs_queue.front ().second);
85
86 delete rs_queue.front ().first;
87 rs_queue.pop ();
88 }
89 };
90
91 // despite the fancy name, this is quite a hack
92 static void
93 run_script_queued (run_script_cb *cb, const char *warnmsg)
94 {
95 rs_queue.push (std::make_pair (cb, warnmsg));
96
97 if (!rs_child_ev.is_active ())
98 {
99 rs_child_ev.set<rs_child_cb> ();
100 rs_child_ev ();
101 }
102 }
103
104 //////////////////////////////////////////////////////////////////////////////
105
106 struct crypto_ctx
107 {
108 cipher cctx;
109 hmac hctx;
110
111 crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc);
112 ~crypto_ctx ();
113 };
114
115 crypto_ctx::crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc)
116 {
117 ecdh_key s;
118
119 curve25519_combine (a, b, s);
120
121 {
122 u8 mac_key[MAC_KEYSIZE];
123 static const unsigned char mac_info[] = "gvpe mac key";
124
125 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
126 kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key));
127 kdf.extract (s, sizeof (s));
128 kdf.extract_done (HKDF_PRF_HASH ());
129 kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info));
130
131 hctx.init (mac_key, MAC_KEYSIZE, MAC_DIGEST ());
132 }
133
134 {
135 u8 cipher_key[CIPHER_KEYSIZE];
136 static const unsigned char cipher_info[] = "gvpe cipher key";
137
138 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
139 kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key));
140 kdf.extract (s, sizeof (s));
141 kdf.extract_done (HKDF_PRF_HASH ());
142 kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info));
143
144 EVP_CIPHER_CTX_init (cctx);
145 require (EVP_CipherInit_ex (cctx, CIPHER (), 0, cipher_key, 0, enc));
146 }
147 }
148
149 crypto_ctx::~crypto_ctx ()
150 {
151 require (EVP_CIPHER_CTX_cleanup (cctx));
152 }
153
154 static inline void
155 auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr)
156 {
157 if (RSA_public_encrypt (sizeof (auth.rsa),
158 (unsigned char *)&auth.rsa, (unsigned char *)&encr.rsa,
159 key, RSA_PKCS1_OAEP_PADDING) < 0)
160 fatal ("RSA_public_encrypt error");
161
162 memcpy (&encr.ecdh, &auth.ecdh, sizeof (encr.ecdh));
163 }
164
165 static inline bool
166 auth_decrypt (RSA *key, const auth_encr &encr, auth_data &auth)
167 {
168 u8 rsa_decrypt[RSA_KEYLEN];
169
170 if (RSA_private_decrypt (sizeof (encr.rsa),
171 (const unsigned char *)&encr.rsa, (unsigned char *)rsa_decrypt,
172 key, RSA_PKCS1_OAEP_PADDING) != sizeof (auth.rsa))
173 return 0;
174
175 memcpy (&auth.rsa, rsa_decrypt, sizeof (auth.rsa));
176 memcpy (&auth.ecdh, &encr.ecdh, sizeof (auth.ecdh));
177
178 return 1;
179 }
180
181 static void
182 auth_hash (const auth_data &auth, const ecdh_key &b, auth_mac &mac)
183 {
184 hkdf kdf (b, sizeof b, AUTH_DIGEST ()); // use response ecdh b as salt
185 kdf.extract (&auth.rsa, sizeof (auth.rsa));
186 kdf.extract_done ();
187 kdf.expand (mac, sizeof mac, auth.ecdh, sizeof (auth.ecdh)); // use challenge ecdh b as info
188 }
189
190 void
191 connection::generate_auth_data ()
192 {
193 if (auth_expire < ev_now ())
194 {
195 // request data
196 rand_fill (snd_auth.rsa);
197 curve25519_generate (snd_ecdh_a, snd_auth.ecdh);
198
199 // eventual response data
200 curve25519_generate (rcv_ecdh_a, rcv_ecdh_b);
201 }
202
203 // every use prolongs the expiry
204 auth_expire = ev_now () + AUTH_TTL;
205 }
206
207 //////////////////////////////////////////////////////////////////////////////
208
209 pkt_queue::pkt_queue (double max_ttl, int max_queue)
210 : max_ttl (max_ttl), max_queue (max_queue)
211 {
212 queue = new pkt [max_queue];
213
214 i = 0;
215 j = 0;
216
217 expire.set<pkt_queue, &pkt_queue::expire_cb> (this);
218 }
219
220 pkt_queue::~pkt_queue ()
221 {
222 while (net_packet *p = get ())
223 delete p;
224
225 delete [] queue;
226 }
227
228 void
229 pkt_queue::expire_cb (ev::timer &w, int revents)
230 {
231 ev_tstamp expire = ev_now () - max_ttl;
232
233 for (;;)
234 {
235 if (empty ())
236 break;
237
238 double diff = queue[j].tstamp - expire;
239
240 if (diff >= 0.)
241 {
242 w.start (diff > 0.5 ? diff : 0.5);
243 break;
244 }
245
246 delete get ();
247 }
248 }
249
250 void
251 pkt_queue::put (net_packet *p)
252 {
253 ev_tstamp now = ev_now ();
254
255 // start expiry timer
256 if (empty ())
257 expire.start (max_ttl);
258
259 int ni = i + 1 == max_queue ? 0 : i + 1;
260
261 if (ni == j)
262 delete get ();
263
264 queue[i].pkt = p;
265 queue[i].tstamp = now;
266
267 i = ni;
268 }
269
270 net_packet *
271 pkt_queue::get ()
272 {
273 if (empty ())
274 return 0;
275
276 net_packet *p = queue[j].pkt;
277 queue[j].pkt = 0;
278
279 j = j + 1 == max_queue ? 0 : j + 1;
280
281 return p;
282 }
283
284 struct net_rateinfo
285 {
286 u32 host;
287 double pcnt, diff;
288 tstamp last;
289 };
290
291 // only do action once every x seconds per host whole allowing bursts.
292 // this implementation ("splay list" ;) is inefficient,
293 // but low on resources.
294 struct net_rate_limiter : list<net_rateinfo>
295 {
296 # define NRL_ALPHA (1. - 1. / 600.) // allow bursts
297 # define NRL_CUTOFF 10. // one event every CUTOFF seconds
298 # define NRL_EXPIRE (NRL_CUTOFF * 30.) // expire entries after this time
299 # define NRL_MAXDIF (NRL_CUTOFF * (1. / (1. - NRL_ALPHA))) // maximum diff /count value
300
301 bool can (const sockinfo &si) { return can((u32)si.host); }
302 bool can (u32 host);
303 };
304
305 static net_rate_limiter auth_rate_limiter, reset_rate_limiter;
306
307 bool
308 net_rate_limiter::can (u32 host)
309 {
310 iterator i;
311
312 for (i = begin (); i != end (); )
313 if (i->host == host)
314 break;
315 else if (i->last < ev_now () - NRL_EXPIRE)
316 i = erase (i);
317 else
318 i++;
319
320 if (i == end ())
321 {
322 net_rateinfo ri;
323
324 ri.host = host;
325 ri.pcnt = 1.;
326 ri.diff = NRL_MAXDIF;
327 ri.last = ev_now ();
328
329 push_front (ri);
330
331 return true;
332 }
333 else
334 {
335 net_rateinfo ri (*i);
336 erase (i);
337
338 ri.pcnt = ri.pcnt * NRL_ALPHA;
339 ri.diff = ri.diff * NRL_ALPHA + (ev_now () - ri.last);
340
341 ri.last = ev_now ();
342
343 double dif = ri.diff / ri.pcnt;
344
345 bool send = dif > NRL_CUTOFF;
346
347 if (dif > NRL_MAXDIF)
348 {
349 ri.pcnt = 1.;
350 ri.diff = NRL_MAXDIF;
351 }
352 else if (send)
353 ri.pcnt++;
354
355 push_front (ri);
356
357 return send;
358 }
359 }
360
361 /////////////////////////////////////////////////////////////////////////////
362
363 void
364 hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest)
365 {
366 ctx->hctx.init ();
367 ctx->hctx.add (((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet));
368 ctx->hctx.digest (hmac_digest);
369 }
370
371 void
372 hmac_packet::hmac_set (crypto_ctx *ctx)
373 {
374 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
375 hmac_gen (ctx, hmac_digest);
376 memcpy (hmac, hmac_digest, HMACLENGTH);
377 }
378
379 bool
380 hmac_packet::hmac_chk (crypto_ctx *ctx)
381 {
382 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
383 hmac_gen (ctx, hmac_digest);
384 return slow_memeq (hmac, hmac_digest, HMACLENGTH);
385 }
386
387 void
388 vpn_packet::set_hdr (ptype type_, unsigned int dst)
389 {
390 type = type_;
391
392 int src = THISNODE->id;
393
394 src1 = src;
395 srcdst = ((src >> 8) << 4) | (dst >> 8);
396 dst1 = dst;
397 }
398
399 #define MAXVPNDATA (MAX_MTU - 6 - 6)
400
401 struct vpndata_packet : vpn_packet
402 {
403 u32 ctr; // seqno
404 u8 data[MAXVPNDATA];
405
406 void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
407 tap_packet *unpack (connection *conn, u32 &seqno);
408
409 private:
410 const u32 data_hdr_size () const
411 {
412 // the distance from beginning of packet to data member
413 return data - at (0);
414 }
415 };
416
417 // expands packet counter (unlike seqno, in network byte order) to counter mode IV
418 static unsigned char *
419 expand_iv (u32 ctr)
420 {
421 static u32 iv[IV_SIZE (CIPHER) / 4];
422
423 require (sizeof (iv) == 4 * 4);
424 require (IV_SIZE (CIPHER) % 4 == 0);
425
426 iv[0] =
427 iv[1] =
428 iv[2] = ctr;
429
430 // I would reuse ctr here to to avoid potential endianness issues,
431 // but it seems openssl wraps around. While this would be still ok,
432 // and I don't even know if its true, let's play safe and initialise
433 // to 0.
434 iv[3] = 0;
435
436 return (unsigned char *)iv;
437 }
438
439 void
440 vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
441 {
442 EVP_CIPHER_CTX *cctx = conn->octx->cctx;
443 int outl = 0, outl2;
444 ptype type = PT_DATA_UNCOMPRESSED;
445
446 #if ENABLE_COMPRESSION
447 u8 cdata[MAX_MTU];
448
449 if (conn->features & FEATURE_COMPRESSION)
450 {
451 u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
452
453 if (cl)
454 {
455 type = PT_DATA_COMPRESSED;
456 d = cdata;
457 l = cl + 2;
458
459 d[0] = cl >> 8;
460 d[1] = cl;
461 }
462 }
463 #endif
464
465 ctr = htonl (seqno);
466
467 require (EVP_EncryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
468
469 require (EVP_EncryptUpdate (cctx,
470 (unsigned char *)data + outl, &outl2,
471 (unsigned char *)d, l));
472 outl += outl2;
473
474 // it seems this is a nop for us, but we do it anyways
475 require (EVP_EncryptFinal_ex (cctx, (unsigned char *)data + outl, &outl2));
476 outl += outl2;
477
478 len = data_hdr_size () + outl;
479
480 set_hdr (type, dst);
481
482 hmac_set (conn->octx);
483 }
484
485 tap_packet *
486 vpndata_packet::unpack (connection *conn, u32 &seqno)
487 {
488 EVP_CIPHER_CTX *cctx = conn->ictx->cctx;
489 int outl = 0, outl2;
490 tap_packet *p = new tap_packet;
491 u8 *d;
492
493 seqno = ntohl (ctr);
494
495 require (EVP_DecryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
496
497 #if ENABLE_COMPRESSION
498 u8 cdata[MAX_MTU];
499
500 if (type == PT_DATA_COMPRESSED)
501 d = cdata;
502 else
503 #endif
504 d = &(*p)[6 + 6];
505
506 // this can overwrite the len/dst/src fields
507 require (EVP_DecryptUpdate (cctx,
508 d, &outl2,
509 (unsigned char *)&data, len - data_hdr_size ()));
510 outl += outl2;
511
512 // it seems this is a nop for us, but we do it anyways
513 require (EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2));
514 outl += outl2;
515
516 id2mac (dst () ? dst() : THISNODE->id, p->dst);
517 id2mac (src (), p->src);
518
519 #if ENABLE_COMPRESSION
520 if (type == PT_DATA_COMPRESSED)
521 {
522 u32 cl = (d[0] << 8) | d[1];
523
524 p->len = lzf_decompress (d + 2, cl < MAX_MTU - 2 ? cl : 0,
525 &(*p)[6 + 6], MAX_MTU)
526 + 6 + 6;
527 }
528 else
529 p->len = outl + (6 + 6);
530 #endif
531
532 return p;
533 }
534
535 struct ping_packet : vpn_packet
536 {
537 void setup (int dst, ptype type)
538 {
539 set_hdr (type, dst);
540 len = sizeof (*this) - sizeof (net_packet);
541 }
542 };
543
544 struct config_packet : vpn_packet
545 {
546 u8 serial[SERIAL_SIZE];
547 u8 prot_major, prot_minor, randsize;
548 u8 flags, features, pad6, pad7, pad8;
549 u32 cipher_nid, mac_nid, auth_nid;
550
551 void setup (ptype type, int dst);
552 bool chk_config (const conf_node *conf, const sockinfo &rsi) const;
553
554 static u8 get_features ()
555 {
556 u8 f = 0;
557 #if ENABLE_COMPRESSION
558 f |= FEATURE_COMPRESSION;
559 #endif
560 #if ENABLE_ROHC
561 f |= FEATURE_ROHC;
562 #endif
563 #if ENABLE_BRIDGING
564 f |= FEATURE_BRIDGING;
565 #endif
566 return f;
567 }
568 };
569
570 void
571 config_packet::setup (ptype type, int dst)
572 {
573 prot_major = PROTOCOL_MAJOR;
574 prot_minor = PROTOCOL_MINOR;
575 flags = 0;
576 features = get_features ();
577
578 strncpy ((char *)serial, conf.serial, sizeof (serial));
579
580 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER ()));
581 mac_nid = htonl (EVP_MD_type (MAC_DIGEST ()));
582 auth_nid = htonl (EVP_MD_type (AUTH_DIGEST ()));
583
584 len = sizeof (*this) - sizeof (net_packet);
585 set_hdr (type, dst);
586 }
587
588 bool
589 config_packet::chk_config (const conf_node *conf, const sockinfo &rsi) const
590 {
591 if (prot_major != PROTOCOL_MAJOR)
592 slog (L_WARN, _("%s(%s): major version mismatch (remote %d <=> local %d)"),
593 conf->nodename, (const char *)rsi, prot_major, PROTOCOL_MAJOR);
594 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER ())))
595 slog (L_WARN, _("%s(%s): cipher algo mismatch (remote %x <=> local %x)"),
596 conf->nodename, (const char *)rsi, ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER ()));
597 else if (mac_nid != htonl (EVP_MD_type (MAC_DIGEST ())))
598 slog (L_WARN, _("%s(%s): mac algo mismatch (remote %x <=> local %x)"),
599 conf->nodename, (const char *)rsi, ntohl (mac_nid), EVP_MD_type (MAC_DIGEST ()));
600 else if (auth_nid != htonl (EVP_MD_type (AUTH_DIGEST ())))
601 slog (L_WARN, _("%s(%s): auth algo mismatch (remote %x <=> local %x)"),
602 conf->nodename, (const char *)rsi, ntohl (auth_nid), EVP_MD_type (AUTH_DIGEST ()));
603 else
604 {
605 int cmp = memcmp (serial, ::conf.serial, sizeof (serial));
606
607 if (cmp > 0)
608 slog (L_WARN, _("%s(%s): remote serial newer than local serial - outdated config?"),
609 conf->nodename, (const char *)rsi);
610 else if (cmp == 0)
611 return true;
612 }
613
614 return false;
615 }
616
617 struct auth_req_packet : config_packet // UNPROTECTED
618 {
619 char magic[8];
620 u8 initiate; // false if this is just an automatic reply
621 u8 protocols; // supported protocols (will be patched on forward)
622 u8 pad2, pad3;
623 auth_encr encr;
624
625 auth_req_packet (int dst, bool initiate_, u8 protocols_)
626 {
627 config_packet::setup (PT_AUTH_REQ, dst);
628 memcpy (magic, MAGIC, 8);
629 initiate = !!initiate_;
630 protocols = protocols_;
631
632 len = sizeof (*this) - sizeof (net_packet);
633 }
634 };
635
636 struct auth_res_packet : vpn_packet // UNPROTECTED
637 {
638 auth_response response;
639
640 auth_res_packet (int dst)
641 {
642 set_hdr (PT_AUTH_RES, dst);
643
644 len = sizeof (*this) - sizeof (net_packet);
645 }
646 };
647
648 struct connect_req_packet : vpn_packet
649 {
650 u8 id, protocols;
651 u8 pad1, pad2;
652
653 connect_req_packet (int dst, int id_, u8 protocols_)
654 : id(id_)
655 , protocols(protocols_)
656 {
657 set_hdr (PT_CONNECT_REQ, dst);
658 len = sizeof (*this) - sizeof (net_packet);
659 }
660 };
661
662 struct connect_info_packet : vpn_packet
663 {
664 u8 id, protocols;
665 u8 pad1, pad2;
666 sockinfo si;
667
668 connect_info_packet (int dst, int id_, const sockinfo &si_, u8 protocols_)
669 : id(id_)
670 , protocols(protocols_)
671 , si(si_)
672 {
673 set_hdr (PT_CONNECT_INFO, dst);
674
675 len = sizeof (*this) - sizeof (net_packet);
676 }
677 };
678
679 /////////////////////////////////////////////////////////////////////////////
680
681 void
682 connection::connection_established (const sockinfo &rsi)
683 {
684 if (!have_snd_auth || !have_rcv_auth)
685 return;
686
687 si = rsi;
688 protocol = rsi.prot;
689
690 slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."),
691 conf->nodename, (const char *)rsi,
692 vpn->can_direct (THISNODE, conf) ? "direct" : "forwarded",
693 PROTOCOL_MAJOR, prot_minor);
694
695 if (::conf.script_node_up)
696 {
697 run_script_cb *cb = new run_script_cb;
698 cb->set<connection, &connection::script_node_up> (this);
699 run_script_queued (cb, _("node-up command execution failed, continuing."));
700 }
701
702 delete ictx; ictx = new crypto_ctx (rcv_auth, snd_auth, rcv_ecdh_a, rcv_auth.ecdh, 0);
703 iseqno.reset (ntohl (rcv_auth.rsa.seqno) & 0x7fffffff);
704
705 delete octx; octx = new crypto_ctx (snd_auth, rcv_auth, snd_ecdh_a, snd_ecdh_b , 1);
706 oseqno = ntohl (snd_auth.rsa.seqno) & 0x7fffffff;
707
708 // make sure rekeying timeouts are slightly asymmetric
709 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0);
710 rekey.start (rekey_interval, rekey_interval);
711
712 hmac_error = 0.;
713
714 keepalive.start (::conf.keepalive);
715
716 // send queued packets
717 while (tap_packet *p = (tap_packet *)data_queue.get ())
718 {
719 if (p->len) send_data_packet (p);
720 delete p;
721 }
722
723 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
724 {
725 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY);
726 delete p;
727 }
728
729 vpn->connection_established (this);
730 }
731
732 void
733 connection::reset_si ()
734 {
735 if (vpn->can_direct (THISNODE, conf))
736 protocol = best_protocol (THISNODE->protocols & conf->connectable_protocols ());
737 else
738 {
739 slog (L_TRACE, _("%s: direct connection denied by config."), conf->nodename);
740 protocol = 0;
741 }
742
743 si.set (conf, protocol);
744 }
745
746 // ensure sockinfo is valid, forward if necessary
747 const sockinfo &
748 connection::forward_si (const sockinfo &si) const
749 {
750 if (!si.valid ())
751 {
752 connection *r = vpn->find_router_for (this);
753
754 if (r)
755 {
756 slog (L_DEBUG, _("%s: no common protocol, trying to route through %s."),
757 conf->nodename, r->conf->nodename);
758 return r->si;
759 }
760 else
761 slog (L_DEBUG, _("%s: node unreachable, no common protocol or no router available."),
762 conf->nodename);
763 }
764
765 return si;
766 }
767
768 void
769 connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
770 {
771 if (!vpn->send_vpn_packet (pkt, si, tos))
772 reset_connection ("packet send error");
773 }
774
775 void
776 connection::send_ping (const sockinfo &si, u8 pong)
777 {
778 ping_packet *pkt = new ping_packet;
779
780 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
781
782 slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si);
783 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
784
785 delete pkt;
786 }
787
788 void
789 connection::send_reset (const sockinfo &si)
790 {
791 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
792 {
793 config_packet *pkt = new config_packet;
794
795 pkt->setup (vpn_packet::PT_RESET, conf->id);
796 send_vpn_packet (pkt, si, IPTOS_MINCOST);
797
798 delete pkt;
799 }
800 }
801
802 void
803 connection::send_auth_request (const sockinfo &si, bool initiate)
804 {
805 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
806
807 generate_auth_data ();
808 auth_encrypt (conf->rsa_key, snd_auth, pkt->encr);
809
810 slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si);
811 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
812
813 delete pkt;
814 }
815
816 void
817 connection::send_auth_response (const sockinfo &si)
818 {
819 auth_res_packet *pkt = new auth_res_packet (conf->id);
820
821 memcpy (pkt->response.ecdh, rcv_ecdh_b, sizeof rcv_ecdh_b);
822 auth_hash (rcv_auth, rcv_ecdh_b, pkt->response.mac);
823
824 slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si);
825 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
826
827 delete pkt;
828 }
829
830 void
831 connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols)
832 {
833 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s,p%02x)", conf->nodename,
834 vpn->conns[rid - 1]->conf->nodename, (const char *)rsi,
835 conf->protocols);
836
837 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
838
839 r->hmac_set (octx);
840 send_vpn_packet (r, si);
841
842 delete r;
843 }
844
845 inline void
846 connection::establish_connection_cb (ev::timer &w, int revents)
847 {
848 if (!(ictx && octx)
849 && conf != THISNODE
850 && connectmode != conf_node::C_NEVER
851 && connectmode != conf_node::C_DISABLED
852 && !w.is_active ())
853 {
854 // a bit hacky, if ondemand, and packets are no longer queued, then reset the connection
855 // and stop trying. should probably be handled by a per-connection expire handler.
856 if (connectmode == conf_node::C_ONDEMAND && vpn_queue.empty () && data_queue.empty ())
857 {
858 reset_connection ("no demand");
859 return;
860 }
861
862 last_establish_attempt = ev_now ();
863
864 ev::tstamp retry_int = ev::tstamp (retry_cnt & 3
865 ? (retry_cnt & 3) + 1
866 : 1 << (retry_cnt >> 2));
867
868 reset_si ();
869
870 bool slow = (si.prot & PROT_SLOW) || (conf->low_power || THISNODE->low_power);
871
872 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf))
873 {
874 /*TODO*/ /* start the timer so we don't recurse endlessly */
875 w.start (1);
876 vpn->send_connect_request (this);
877 }
878 else
879 {
880 if (si.valid ())
881 slog (L_DEBUG, _("%s: sending direct connection request to %s."),
882 conf->nodename, (const char *)si);
883
884 const sockinfo &dsi = forward_si (si);
885
886 slow = slow || (dsi.prot & PROT_SLOW);
887
888 if (dsi.valid () && auth_rate_limiter.can (dsi))
889 {
890 // use ping after the first few retries
891 // TODO: on rekeys, the other node might not interpret ping correctly,
892 // TODO: as it will still have a valid connection
893 if (retry_cnt < 4 && (!conf->low_power || THISNODE->low_power))
894 send_auth_request (dsi, true);
895 else
896 send_ping (dsi, 0);
897 }
898 }
899
900 retry_int *= slow ? 4. : 0.9;
901
902 if (retry_int < conf->max_retry)
903 retry_cnt++;
904 else
905 retry_int = conf->max_retry;
906
907 w.start (retry_int);
908 }
909 }
910
911 void
912 connection::reset_connection (const char *reason)
913 {
914 if (ictx && octx)
915 {
916 slog (L_INFO, _("%s(%s): connection lost (%s)"),
917 conf->nodename, (const char *)si, reason);
918
919 if (::conf.script_node_down)
920 {
921 run_script_cb *cb = new run_script_cb;
922 cb->set<connection, &connection::script_node_down> (this);
923 run_script_queued (cb, _("node-down command execution failed, continuing."));
924 }
925 }
926
927 delete ictx; ictx = 0;
928 delete octx; octx = 0;
929
930 si.host = 0;
931
932 have_snd_auth = false;
933 have_rcv_auth = false;
934 auth_expire = 0.;
935
936 last_activity = 0.;
937 //last_si_change = 0.;
938 retry_cnt = 0;
939
940 rekey.stop ();
941 keepalive.stop ();
942 establish_connection.stop ();
943 }
944
945 void
946 connection::shutdown ()
947 {
948 if (ictx && octx)
949 send_reset (si);
950
951 reset_connection ("shutdown");
952 }
953
954 // poor-man's rekeying
955 inline void
956 connection::rekey_cb (ev::timer &w, int revents)
957 {
958 reset_connection ("rekeying");
959 establish_connection ();
960 }
961
962 void
963 connection::send_data_packet (tap_packet *pkt)
964 {
965 vpndata_packet *p = new vpndata_packet;
966 int tos = 0;
967
968 // I am not hilarious about peeking into packets, but so be it.
969 if (conf->inherit_tos && pkt->is_ipv4 ())
970 tos = (*pkt)[15] & IPTOS_TOS_MASK;
971
972 p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
973 send_vpn_packet (p, si, tos);
974
975 delete p;
976
977 if (oseqno > MAX_SEQNO)
978 rekey ();
979 }
980
981 void
982 connection::post_inject_queue ()
983 {
984 // force a connection every now and when when packets are sent (max 1/s)
985 if (ev_now () - last_establish_attempt >= (conf->low_power || THISNODE->low_power ? 2.95 : 0.95)) // arbitrary
986 establish_connection.stop ();
987
988 establish_connection ();
989 }
990
991 void
992 connection::inject_data_packet (tap_packet *pkt)
993 {
994 if (ictx && octx)
995 send_data_packet (pkt);
996 else
997 {
998 data_queue.put (new tap_packet (*pkt));
999 post_inject_queue ();
1000 }
1001 }
1002
1003 void
1004 connection::inject_vpn_packet (vpn_packet *pkt, int tos)
1005 {
1006 if (ictx && octx)
1007 send_vpn_packet (pkt, si, tos);
1008 else
1009 {
1010 vpn_queue.put ((vpn_packet *)new data_packet (*(data_packet *)pkt));
1011 post_inject_queue ();
1012 }
1013 }
1014
1015 void
1016 connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
1017 {
1018 last_activity = ev_now ();
1019
1020 slog (L_NOISE, "%s >> received packet type %d from %d to %d.",
1021 conf->nodename, pkt->typ (), pkt->src (), pkt->dst ());
1022
1023 if (connectmode == conf_node::C_DISABLED)
1024 return;
1025
1026 switch (pkt->typ ())
1027 {
1028 case vpn_packet::PT_PING:
1029 slog (L_TRACE, "%s >> PT_PING", conf->nodename);
1030
1031 // we send pings instead of auth packets after some retries,
1032 // so reset the retry counter and establish a connection
1033 // when we receive a ping.
1034 if (!ictx)
1035 {
1036 if (auth_rate_limiter.can (rsi))
1037 send_auth_request (rsi, true);
1038 }
1039 else
1040 // we would love to change the socket address here, but ping's aren't
1041 // authenticated, so we best ignore it.
1042 send_ping (rsi, 1); // pong
1043
1044 break;
1045
1046 case vpn_packet::PT_PONG:
1047 slog (L_TRACE, "%s >> PT_PONG", conf->nodename);
1048
1049 // a PONG might mean that the other side doesn't really know
1050 // about our desire for communication.
1051 establish_connection ();
1052 break;
1053
1054 case vpn_packet::PT_RESET:
1055 slog (L_TRACE, "%s >> PT_RESET", conf->nodename);
1056
1057 if (ictx && octx)
1058 {
1059 reset_connection ("remote reset");
1060
1061 config_packet *p = (config_packet *) pkt;
1062
1063 if (p->chk_config (conf, rsi) && connectmode == conf_node::C_ALWAYS)
1064 establish_connection ();
1065 }
1066
1067 break;
1068
1069 case vpn_packet::PT_AUTH_REQ:
1070 if (auth_rate_limiter.can (rsi))
1071 {
1072 auth_req_packet *p = (auth_req_packet *)pkt;
1073
1074 slog (L_TRACE, "%s >> PT_AUTH_REQ(%s,p%02x,f%02x)",
1075 conf->nodename, p->initiate ? "initiate" : "reply",
1076 p->protocols, p->features);
1077
1078 if (memcmp (p->magic, MAGIC, 8))
1079 {
1080 slog (L_WARN, _("%s(%s): protocol magic mismatch - stray packet?"),
1081 conf->nodename, (const char *)rsi);
1082 }
1083 else if (p->chk_config (conf, rsi))
1084 {
1085 if (p->prot_minor != PROTOCOL_MINOR)
1086 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1087 conf->nodename, (const char *)rsi,
1088 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1089
1090 if (p->initiate)
1091 {
1092 send_auth_request (rsi, false);
1093
1094 if (ictx && octx)
1095 reset_connection ("reconnect");
1096 }
1097
1098 auth_data auth;
1099
1100 if (!auth_decrypt (::conf.rsa_key, p->encr, auth))
1101 {
1102 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
1103 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
1104 }
1105 else
1106 {
1107 bool chg = !have_rcv_auth || !slow_memeq (&rcv_auth, &auth, sizeof auth);
1108
1109 rcv_auth = auth;
1110 have_rcv_auth = true;
1111
1112 send_auth_response (rsi);
1113
1114 if (chg)
1115 {
1116 conf->protocols = p->protocols;
1117 features = p->features & config_packet::get_features ();
1118
1119 connection_established (rsi);
1120 }
1121 }
1122
1123 break;
1124 }
1125
1126 send_reset (rsi);
1127 }
1128
1129 break;
1130
1131 case vpn_packet::PT_AUTH_RES:
1132 {
1133 auth_res_packet *p = (auth_res_packet *)pkt;
1134
1135 slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename);
1136
1137 auth_mac local_mac;
1138 auth_hash (snd_auth, p->response.ecdh, local_mac);
1139
1140 if (!slow_memeq (&p->response.mac, local_mac, sizeof local_mac))
1141 {
1142 slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."),
1143 conf->nodename, (const char *)rsi);
1144 }
1145 else if (!have_snd_auth)
1146 {
1147 memcpy (snd_ecdh_b, p->response.ecdh, sizeof snd_ecdh_b);
1148
1149 have_snd_auth = true;
1150 connection_established (rsi);
1151 }
1152 }
1153 break;
1154
1155 case vpn_packet::PT_DATA_COMPRESSED:
1156 #if !ENABLE_COMPRESSION
1157 send_reset (rsi);
1158 break;
1159 #endif
1160
1161 case vpn_packet::PT_DATA_UNCOMPRESSED:
1162
1163 if (ictx && octx)
1164 {
1165 vpndata_packet *p = (vpndata_packet *)pkt;
1166
1167 if (!p->hmac_chk (ictx))
1168 {
1169 // rekeying often creates temporary hmac auth floods
1170 // we assume they don't take longer than a few seconds normally,
1171 // and suppress messages and resets during that time.
1172 //TODO: should be done per source address
1173 if (!hmac_error)
1174 {
1175 hmac_error = ev_now () + 3;
1176 break;
1177 }
1178 else if (hmac_error >= ev_now ())
1179 break; // silently suppress
1180 else
1181 {
1182 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
1183 "could be an attack, or just corruption or a synchronization error."),
1184 conf->nodename, (const char *)rsi);
1185 // reset
1186 }
1187 }
1188 else
1189 {
1190 u32 seqno;
1191 tap_packet *d = p->unpack (this, seqno);
1192 int seqclass = iseqno.seqno_classify (seqno);
1193
1194 hmac_error = 0;
1195
1196 if (seqclass == 0) // ok
1197 {
1198 vpn->tap->send (d);
1199
1200 if (si != rsi)
1201 {
1202 // fast re-sync on source address changes, useful especially for tcp/ip
1203 //if (last_si_change < ev_now () + 5.)
1204 // {
1205 slog (L_INFO, _("%s(%s): changing socket address to %s."),
1206 conf->nodename, (const char *)si, (const char *)rsi);
1207
1208 si = rsi;
1209
1210 if (::conf.script_node_change)
1211 {
1212 run_script_cb *cb = new run_script_cb;
1213 cb->set<connection, &connection::script_node_change> (this);
1214 run_script_queued (cb, _("node-change command execution failed, continuing."));
1215 }
1216
1217 // }
1218 //else
1219 // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."),
1220 // conf->nodename, (const char *)si, (const char *)rsi);
1221 }
1222 }
1223 else if (seqclass == 1) // far history
1224 slog (L_ERR, _("received very old packet (received %08lx, expected %08lx). "
1225 "possible replay attack, or just packet duplication/delay, ignoring."), seqno, iseqno.seq + 1);
1226 else if (seqclass == 2) // in-window duplicate, happens often on wireless
1227 slog (L_DEBUG, _("received recent duplicated packet (received %08lx, expected %08lx). "
1228 "possible replay attack, or just packet duplication, ignoring."), seqno, iseqno.seq + 1);
1229 else if (seqclass == 3) // reset
1230 {
1231 slog (L_ERR, _("received out-of-sync (far future) packet (received %08lx, expected %08lx). "
1232 "probably just massive packet loss, sending reset."), seqno, iseqno.seq + 1);
1233 send_reset (rsi);
1234 }
1235
1236 delete d;
1237 break;
1238 }
1239 }
1240
1241 send_reset (rsi);
1242 break;
1243
1244 case vpn_packet::PT_CONNECT_REQ:
1245 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1246 {
1247 connect_req_packet *p = (connect_req_packet *)pkt;
1248
1249 if (p->id > 0 && p->id <= vpn->conns.size ())
1250 {
1251 connection *c = vpn->conns[p->id - 1];
1252 conf->protocols = p->protocols;
1253
1254 slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s,p%02x) [%d]",
1255 conf->nodename, vpn->conns[p->id - 1]->conf->nodename,
1256 p->protocols,
1257 c->ictx && c->octx);
1258
1259 if (c->ictx && c->octx)
1260 {
1261 // send connect_info packets to both sides, in case one is
1262 // behind a nat firewall (or both ;)
1263 c->send_connect_info (conf->id, si, conf->protocols);
1264 send_connect_info (c->conf->id, c->si, c->conf->protocols);
1265 }
1266 else
1267 c->establish_connection ();
1268 }
1269 else
1270 slog (L_WARN,
1271 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1272 p->id);
1273 }
1274
1275 break;
1276
1277 case vpn_packet::PT_CONNECT_INFO:
1278 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1279 {
1280 connect_info_packet *p = (connect_info_packet *)pkt;
1281
1282 if (p->id > 0 && p->id <= vpn->conns.size ())
1283 {
1284 connection *c = vpn->conns[p->id - 1];
1285
1286 c->conf->protocols = p->protocols;
1287 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1288 p->si.upgrade_protocol (protocol, c->conf);
1289
1290 slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s,protocols=%02x,protocol=%02x,upgradable=%02x) [%d]",
1291 conf->nodename,
1292 vpn->conns[p->id - 1]->conf->nodename,
1293 (const char *)p->si,
1294 p->protocols,
1295 protocol,
1296 p->si.supported_protocols (c->conf),
1297 !c->ictx && !c->octx);
1298
1299 const sockinfo &dsi = forward_si (p->si);
1300
1301 if (dsi.valid ())
1302 c->send_auth_request (dsi, true);
1303 else
1304 slog (L_INFO, "connect info for %s received (%s), but still unable to contact.",
1305 vpn->conns[p->id - 1]->conf->nodename,
1306 (const char *)p->si);
1307 }
1308 else
1309 slog (L_WARN,
1310 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1311 p->id);
1312 }
1313
1314 break;
1315
1316 default:
1317 send_reset (rsi);
1318 break;
1319 }
1320 }
1321
1322 inline void
1323 connection::keepalive_cb (ev::timer &w, int revents)
1324 {
1325 ev_tstamp when = last_activity + ::conf.keepalive - ev::now ();
1326
1327 if (when >= 0)
1328 w.start (when);
1329 else if (when < -15)
1330 {
1331 reset_connection ("keepalive overdue");
1332 establish_connection ();
1333 }
1334 else if (conf->connectmode != conf_node::C_ONDEMAND
1335 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1336 {
1337 w.start (3);
1338 send_ping (si);
1339 }
1340 else if (when >= -10)
1341 // hold ondemand connections implicitly a few seconds longer
1342 // should delete octx, though, or something like that ;)
1343 w.start (when + 10);
1344 else
1345 reset_connection ("keepalive timeout");
1346 }
1347
1348 void
1349 connection::send_connect_request (int id)
1350 {
1351 connect_req_packet *p = new connect_req_packet (conf->id, id, THISNODE->protocols);
1352
1353 slog (L_TRACE, "%s << PT_CONNECT_REQ(%s,p%02x)",
1354 conf->nodename, vpn->conns[id - 1]->conf->nodename,
1355 THISNODE->protocols);
1356 p->hmac_set (octx);
1357 send_vpn_packet (p, si);
1358
1359 delete p;
1360 }
1361
1362 void
1363 connection::script_init_env (const char *ext)
1364 {
1365 char *env;
1366 asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env);
1367 asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env);
1368 asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext,
1369 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8,
1370 conf->id & 0xff); putenv (env);
1371 }
1372
1373 void
1374 connection::script_init_connect_env ()
1375 {
1376 vpn->script_init_env ();
1377
1378 char *env;
1379 asprintf (&env, "DESTID=%d", conf->id); putenv (env);
1380 asprintf (&env, "DESTSI=%s", (const char *)si); putenv (env);
1381 asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env);
1382 asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env);
1383 asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env);
1384 }
1385
1386 inline const char *
1387 connection::script_node_up ()
1388 {
1389 script_init_connect_env ();
1390
1391 putenv ((char *)"STATE=up");
1392
1393 char *filename;
1394 asprintf (&filename,
1395 "%s/%s",
1396 confbase,
1397 ::conf.script_node_up ? ::conf.script_node_up : "node-up");
1398
1399 return filename;
1400 }
1401
1402 inline const char *
1403 connection::script_node_change ()
1404 {
1405 script_init_connect_env ();
1406
1407 putenv ((char *)"STATE=change");
1408
1409 char *filename;
1410 asprintf (&filename,
1411 "%s/%s",
1412 confbase,
1413 ::conf.script_node_change ? ::conf.script_node_change : "node-change");
1414
1415 return filename;
1416 }
1417
1418 inline const char *
1419 connection::script_node_down ()
1420 {
1421 script_init_connect_env ();
1422
1423 putenv ((char *)"STATE=down");
1424
1425 char *filename;
1426 asprintf (&filename,
1427 "%s/%s",
1428 confbase,
1429 ::conf.script_node_down ? ::conf.script_node_down : "node-down");
1430
1431 return filename;
1432 }
1433
1434 connection::connection (struct vpn *vpn, conf_node *conf)
1435 : vpn(vpn), conf(conf),
1436 #if ENABLE_DNS
1437 dns (0),
1438 #endif
1439 data_queue(conf->max_ttl, conf->max_queue + 1),
1440 vpn_queue(conf->max_ttl, conf->max_queue + 1)
1441 {
1442 rekey .set<connection, &connection::rekey_cb > (this);
1443 keepalive .set<connection, &connection::keepalive_cb > (this);
1444 establish_connection.set<connection, &connection::establish_connection_cb> (this);
1445
1446 last_establish_attempt = 0.;
1447 octx = ictx = 0;
1448
1449 connectmode = conf->connectmode;
1450
1451 // queue a dummy packet to force an initial connection attempt
1452 if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED)
1453 vpn_queue.put (new net_packet);
1454
1455 reset_connection ("startup");
1456 }
1457
1458 connection::~connection ()
1459 {
1460 shutdown ();
1461 }
1462
1463 void
1464 connection_init ()
1465 {
1466 auth_rate_limiter.clear ();
1467 reset_rate_limiter.clear ();
1468 }
1469