ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
Revision: 1.116
Committed: Mon Apr 1 03:10:26 2019 UTC (5 years, 1 month ago) by root
Content type: text/plain
Branch: MAIN
CVS Tags: HEAD
Changes since 1.115: +4 -2 lines
Log Message: 
*** empty log message ***

File Contents

# Content
1 /*
2 connection.C -- manage a single connection
3 Copyright (C) 2003-2008,2010,2011,2013,2016 Marc Lehmann <gvpe@schmorp.de>
4
5 This file is part of GVPE.
6
7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the
9 Free Software Foundation; either version 3 of the License, or (at your
10 option) any later version.
11
12 This program is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15 Public License for more details.
16
17 You should have received a copy of the GNU General Public License along
18 with this program; if not, see <http://www.gnu.org/licenses/>.
19
20 Additional permission under GNU GPL version 3 section 7
21
22 If you modify this Program, or any covered work, by linking or
23 combining it with the OpenSSL project's OpenSSL library (or a modified
24 version of that library), containing parts covered by the terms of the
25 OpenSSL or SSLeay licenses, the licensors of this Program grant you
26 additional permission to convey the resulting work. Corresponding
27 Source for a non-source form of such a combination shall include the
28 source code for the parts of OpenSSL used as well as that of the
29 covered work.
30 */
31
32 #include "config.h"
33
34 #include <list>
35 #include <queue>
36 #include <utility>
37
38 #include <openssl/opensslv.h>
39 #include <openssl/rand.h>
40 #include <openssl/evp.h>
41 #include <openssl/rsa.h>
42 #include <openssl/err.h>
43
44 #include "conf.h"
45 #include "slog.h"
46 #include "crypto.h"
47 #include "device.h"
48 #include "vpn.h"
49 #include "connection.h"
50 #include "hkdf.h"
51
52 #include "netcompat.h"
53
54 #define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic
55
56 #define LZF_STATE_ARG 1
57 #define ULTRA_FAST 1
58 #define HLOG 15
59 #define INIT_HTAB 0
60 #include "lzf/lzf_c.c"
61 #include "lzf/lzf_d.c"
62
63 //////////////////////////////////////////////////////////////////////////////
64
65 static std::queue< std::pair<run_script_cb *, const char *> > rs_queue;
66 static ev::child rs_child_ev;
67
68 namespace
69 {
70 void // c++ requires external linkage here, apparently :(
71 rs_child_cb (ev::child &w, int revents)
72 {
73 w.stop ();
74
75 if (rs_queue.empty ())
76 return;
77
78 pid_t pid = run_script (*rs_queue.front ().first, false);
79 if (pid)
80 {
81 w.set (pid);
82 w.start ();
83 }
84 else
85 slog (L_WARN, rs_queue.front ().second);
86
87 delete rs_queue.front ().first;
88 rs_queue.pop ();
89 }
90 };
91
92 // despite the fancy name, this is quite a hack
93 static void
94 run_script_queued (run_script_cb *cb, const char *warnmsg)
95 {
96 rs_queue.push (std::make_pair (cb, warnmsg));
97
98 if (!rs_child_ev.is_active ())
99 {
100 rs_child_ev.set<rs_child_cb> ();
101 rs_child_ev ();
102 }
103 }
104
105 //////////////////////////////////////////////////////////////////////////////
106
107 struct crypto_ctx
108 {
109 cipher cctx;
110 hmac hctx;
111
112 crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc);
113 ~crypto_ctx ();
114 };
115
116 crypto_ctx::crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc)
117 {
118 ecdh_key s;
119
120 curve25519_combine (a, b, s);
121
122 {
123 u8 mac_key[MAC_KEYSIZE];
124 static const unsigned char mac_info[] = "gvpe mac key";
125
126 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
127 kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key));
128 kdf.extract (s, sizeof (s));
129 kdf.extract_done (HKDF_PRF_HASH ());
130 kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info));
131
132 hctx.init (mac_key, MAC_KEYSIZE, MAC_DIGEST ());
133 }
134
135 {
136 u8 cipher_key[CIPHER_KEYSIZE];
137 static const unsigned char cipher_info[] = "gvpe cipher key";
138
139 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
140 kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key));
141 kdf.extract (s, sizeof (s));
142 kdf.extract_done (HKDF_PRF_HASH ());
143 kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info));
144
145 EVP_CIPHER_CTX_init (cctx);
146 require (EVP_CipherInit_ex (cctx, CIPHER (), 0, cipher_key, 0, enc));
147 }
148 }
149
150 crypto_ctx::~crypto_ctx ()
151 {
152 require (EVP_CIPHER_CTX_cleanup (cctx));
153 }
154
155 static inline void
156 auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr)
157 {
158 if (RSA_public_encrypt (sizeof (auth.rsa),
159 (unsigned char *)&auth.rsa, (unsigned char *)&encr.rsa,
160 key, RSA_PKCS1_OAEP_PADDING) < 0)
161 fatal ("RSA_public_encrypt error");
162
163 memcpy (&encr.ecdh, &auth.ecdh, sizeof (encr.ecdh));
164 }
165
166 static inline bool
167 auth_decrypt (RSA *key, const auth_encr &encr, auth_data &auth)
168 {
169 u8 rsa_decrypt[RSA_KEYLEN];
170
171 if (RSA_private_decrypt (sizeof (encr.rsa),
172 (const unsigned char *)&encr.rsa, (unsigned char *)rsa_decrypt,
173 key, RSA_PKCS1_OAEP_PADDING) != sizeof (auth.rsa))
174 return 0;
175
176 memcpy (&auth.rsa, rsa_decrypt, sizeof (auth.rsa));
177 memcpy (&auth.ecdh, &encr.ecdh, sizeof (auth.ecdh));
178
179 return 1;
180 }
181
182 static void
183 auth_hash (const auth_data &auth, const ecdh_key &b, auth_mac &mac)
184 {
185 hkdf kdf (b, sizeof b, AUTH_DIGEST ()); // use response ecdh b as salt
186 kdf.extract (&auth.rsa, sizeof (auth.rsa));
187 kdf.extract_done ();
188 kdf.expand (mac, sizeof mac, auth.ecdh, sizeof (auth.ecdh)); // use challenge ecdh b as info
189 }
190
191 void
192 connection::generate_auth_data ()
193 {
194 if (auth_expire < ev_now ())
195 {
196 // request data
197 rand_fill (snd_auth.rsa);
198 curve25519_generate (snd_ecdh_a, snd_auth.ecdh);
199
200 // eventual response data
201 curve25519_generate (rcv_ecdh_a, rcv_ecdh_b);
202 }
203
204 // every use prolongs the expiry
205 auth_expire = ev_now () + AUTH_TTL;
206 }
207
208 //////////////////////////////////////////////////////////////////////////////
209
210 pkt_queue::pkt_queue (double max_ttl, int max_queue)
211 : max_ttl (max_ttl), max_queue (max_queue)
212 {
213 queue = new pkt [max_queue];
214
215 i = 0;
216 j = 0;
217
218 expire.set<pkt_queue, &pkt_queue::expire_cb> (this);
219 }
220
221 pkt_queue::~pkt_queue ()
222 {
223 while (net_packet *p = get ())
224 delete p;
225
226 delete [] queue;
227 }
228
229 void
230 pkt_queue::expire_cb (ev::timer &w, int revents)
231 {
232 ev_tstamp expire = ev_now () - max_ttl;
233
234 for (;;)
235 {
236 if (empty ())
237 break;
238
239 double diff = queue[j].tstamp - expire;
240
241 if (diff >= 0.)
242 {
243 w.start (diff > 0.5 ? diff : 0.5);
244 break;
245 }
246
247 delete get ();
248 }
249 }
250
251 void
252 pkt_queue::put (net_packet *p)
253 {
254 ev_tstamp now = ev_now ();
255
256 // start expiry timer
257 if (empty ())
258 expire.start (max_ttl);
259
260 int ni = i + 1 == max_queue ? 0 : i + 1;
261
262 if (ni == j)
263 delete get ();
264
265 queue[i].pkt = p;
266 queue[i].tstamp = now;
267
268 i = ni;
269 }
270
271 net_packet *
272 pkt_queue::get ()
273 {
274 if (empty ())
275 return 0;
276
277 net_packet *p = queue[j].pkt;
278 queue[j].pkt = 0;
279
280 j = j + 1 == max_queue ? 0 : j + 1;
281
282 return p;
283 }
284
285 struct net_rateinfo
286 {
287 u32 host;
288 double pcnt, diff;
289 tstamp last;
290 };
291
292 // only do action once every x seconds per host whole allowing bursts.
293 // this implementation ("splay list" ;) is inefficient,
294 // but low on resources.
295 struct net_rate_limiter : list<net_rateinfo>
296 {
297 # define NRL_ALPHA (1. - 1. / 600.) // allow bursts
298 # define NRL_CUTOFF 10. // one event every CUTOFF seconds
299 # define NRL_EXPIRE (NRL_CUTOFF * 30.) // expire entries after this time
300 # define NRL_MAXDIF (NRL_CUTOFF * (1. / (1. - NRL_ALPHA))) // maximum diff /count value
301
302 bool can (const sockinfo &si) { return can((u32)si.host); }
303 bool can (u32 host);
304 };
305
306 static net_rate_limiter auth_rate_limiter, reset_rate_limiter;
307
308 bool
309 net_rate_limiter::can (u32 host)
310 {
311 iterator i;
312
313 for (i = begin (); i != end (); )
314 if (i->host == host)
315 break;
316 else if (i->last < ev_now () - NRL_EXPIRE)
317 i = erase (i);
318 else
319 i++;
320
321 if (i == end ())
322 {
323 net_rateinfo ri;
324
325 ri.host = host;
326 ri.pcnt = 1.;
327 ri.diff = NRL_MAXDIF;
328 ri.last = ev_now ();
329
330 push_front (ri);
331
332 return true;
333 }
334 else
335 {
336 net_rateinfo ri (*i);
337 erase (i);
338
339 ri.pcnt = ri.pcnt * NRL_ALPHA;
340 ri.diff = ri.diff * NRL_ALPHA + (ev_now () - ri.last);
341
342 ri.last = ev_now ();
343
344 double dif = ri.diff / ri.pcnt;
345
346 bool send = dif > NRL_CUTOFF;
347
348 if (dif > NRL_MAXDIF)
349 {
350 ri.pcnt = 1.;
351 ri.diff = NRL_MAXDIF;
352 }
353 else if (send)
354 ri.pcnt++;
355
356 push_front (ri);
357
358 return send;
359 }
360 }
361
362 /////////////////////////////////////////////////////////////////////////////
363
364 void
365 hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest)
366 {
367 ctx->hctx.init ();
368 ctx->hctx.add (((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet));
369 ctx->hctx.digest (hmac_digest);
370 }
371
372 void
373 hmac_packet::hmac_set (crypto_ctx *ctx)
374 {
375 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
376 hmac_gen (ctx, hmac_digest);
377 memcpy (hmac, hmac_digest, HMACLENGTH);
378 }
379
380 bool
381 hmac_packet::hmac_chk (crypto_ctx *ctx)
382 {
383 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
384 hmac_gen (ctx, hmac_digest);
385 return slow_memeq (hmac, hmac_digest, HMACLENGTH);
386 }
387
388 void
389 vpn_packet::set_hdr (ptype type_, unsigned int dst)
390 {
391 type = type_;
392
393 int src = THISNODE->id;
394
395 src1 = src;
396 srcdst = ((src >> 8) << 4) | (dst >> 8);
397 dst1 = dst;
398 }
399
400 #define MAXVPNDATA (MAX_MTU - 6 - 6)
401
402 struct vpndata_packet : vpn_packet
403 {
404 u32 ctr; // seqno
405 u8 data[MAXVPNDATA];
406
407 void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
408 tap_packet *unpack (connection *conn, u32 &seqno);
409
410 private:
411 const u32 data_hdr_size () const
412 {
413 // the distance from beginning of packet to data member
414 return data - at (0);
415 }
416 };
417
418 // expands packet counter (unlike seqno, in network byte order) to counter mode IV
419 static unsigned char *
420 expand_iv (u32 ctr)
421 {
422 static u32 iv[IV_SIZE (CIPHER) / 4];
423
424 require (sizeof (iv) == 4 * 4);
425 require (IV_SIZE (CIPHER) % 4 == 0);
426
427 iv[0] =
428 iv[1] =
429 iv[2] = ctr;
430
431 // I would reuse ctr here to to avoid potential endianness issues,
432 // but it seems openssl wraps around. While this would be still ok,
433 // and I don't even know if its true, let's play safe and initialise
434 // to 0.
435 iv[3] = 0;
436
437 return (unsigned char *)iv;
438 }
439
440 void
441 vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
442 {
443 EVP_CIPHER_CTX *cctx = conn->octx->cctx;
444 int outl = 0, outl2;
445 ptype type = PT_DATA_UNCOMPRESSED;
446
447 #if ENABLE_COMPRESSION
448 u8 cdata[MAX_MTU];
449
450 if (conn->features & FEATURE_COMPRESSION)
451 {
452 static LZF_STATE lzf_state;
453 u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7, lzf_state);
454
455 if (cl)
456 {
457 type = PT_DATA_COMPRESSED;
458 d = cdata;
459 l = cl + 2;
460
461 d[0] = cl >> 8;
462 d[1] = cl;
463 }
464 }
465 #endif
466
467 ctr = htonl (seqno);
468
469 require (EVP_EncryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
470
471 require (EVP_EncryptUpdate (cctx,
472 (unsigned char *)data + outl, &outl2,
473 (unsigned char *)d, l));
474 outl += outl2;
475
476 // it seems this is a nop for us, but we do it anyways
477 require (EVP_EncryptFinal_ex (cctx, (unsigned char *)data + outl, &outl2));
478 outl += outl2;
479
480 len = data_hdr_size () + outl;
481
482 set_hdr (type, dst);
483
484 hmac_set (conn->octx);
485 }
486
487 tap_packet *
488 vpndata_packet::unpack (connection *conn, u32 &seqno)
489 {
490 EVP_CIPHER_CTX *cctx = conn->ictx->cctx;
491 int outl = 0, outl2;
492 tap_packet *p = new tap_packet;
493 u8 *d;
494
495 seqno = ntohl (ctr);
496
497 require (EVP_DecryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
498
499 #if ENABLE_COMPRESSION
500 u8 cdata[MAX_MTU];
501
502 if (type == PT_DATA_COMPRESSED)
503 d = cdata;
504 else
505 #endif
506 d = &(*p)[6 + 6];
507
508 // this can overwrite the len/dst/src fields
509 require (EVP_DecryptUpdate (cctx,
510 d, &outl2,
511 (unsigned char *)&data, len - data_hdr_size ()));
512 outl += outl2;
513
514 // it seems this is a nop for us, but we do it anyways
515 require (EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2));
516 outl += outl2;
517
518 id2mac (dst () ? dst() : THISNODE->id, p->dst);
519 id2mac (src (), p->src);
520
521 #if ENABLE_COMPRESSION
522 if (type == PT_DATA_COMPRESSED)
523 {
524 u32 cl = (d[0] << 8) | d[1];
525
526 p->len = lzf_decompress (d + 2, cl < MAX_MTU - 2 ? cl : 0,
527 &(*p)[6 + 6], MAX_MTU)
528 + 6 + 6;
529 }
530 else
531 p->len = outl + (6 + 6);
532 #endif
533
534 return p;
535 }
536
537 struct ping_packet : vpn_packet
538 {
539 void setup (int dst, ptype type)
540 {
541 set_hdr (type, dst);
542 len = sizeof (*this) - sizeof (net_packet);
543 }
544 };
545
546 struct config_packet : vpn_packet
547 {
548 u8 serial[SERIAL_SIZE];
549 u8 prot_major, prot_minor, randsize;
550 u8 flags, features, pad6, pad7, pad8;
551 u32 cipher_nid, mac_nid, auth_nid;
552
553 void setup (ptype type, int dst);
554 bool chk_config (const conf_node *conf, const sockinfo &rsi) const;
555
556 static u8 get_features ()
557 {
558 u8 f = 0;
559 #if ENABLE_COMPRESSION
560 f |= FEATURE_COMPRESSION;
561 #endif
562 #if ENABLE_ROHC
563 f |= FEATURE_ROHC;
564 #endif
565 #if ENABLE_BRIDGING
566 f |= FEATURE_BRIDGING;
567 #endif
568 return f;
569 }
570 };
571
572 void
573 config_packet::setup (ptype type, int dst)
574 {
575 prot_major = PROTOCOL_MAJOR;
576 prot_minor = PROTOCOL_MINOR;
577 flags = 0;
578 features = get_features ();
579
580 strncpy ((char *)serial, conf.serial, sizeof (serial));
581
582 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER ()));
583 mac_nid = htonl (EVP_MD_type (MAC_DIGEST ()));
584 auth_nid = htonl (EVP_MD_type (AUTH_DIGEST ()));
585
586 len = sizeof (*this) - sizeof (net_packet);
587 set_hdr (type, dst);
588 }
589
590 bool
591 config_packet::chk_config (const conf_node *conf, const sockinfo &rsi) const
592 {
593 if (prot_major != PROTOCOL_MAJOR)
594 slog (L_WARN, _("%s(%s): major version mismatch (remote %d <=> local %d)"),
595 conf->nodename, (const char *)rsi, prot_major, PROTOCOL_MAJOR);
596 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER ())))
597 slog (L_WARN, _("%s(%s): cipher algo mismatch (remote %x <=> local %x)"),
598 conf->nodename, (const char *)rsi, ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER ()));
599 else if (mac_nid != htonl (EVP_MD_type (MAC_DIGEST ())))
600 slog (L_WARN, _("%s(%s): mac algo mismatch (remote %x <=> local %x)"),
601 conf->nodename, (const char *)rsi, ntohl (mac_nid), EVP_MD_type (MAC_DIGEST ()));
602 else if (auth_nid != htonl (EVP_MD_type (AUTH_DIGEST ())))
603 slog (L_WARN, _("%s(%s): auth algo mismatch (remote %x <=> local %x)"),
604 conf->nodename, (const char *)rsi, ntohl (auth_nid), EVP_MD_type (AUTH_DIGEST ()));
605 else
606 {
607 int cmp = memcmp (serial, ::conf.serial, sizeof (serial));
608
609 if (cmp > 0)
610 slog (L_WARN, _("%s(%s): remote serial newer than local serial - outdated config?"),
611 conf->nodename, (const char *)rsi);
612 else if (cmp == 0)
613 return true;
614 }
615
616 return false;
617 }
618
619 struct auth_req_packet : config_packet // UNPROTECTED
620 {
621 char magic[8];
622 u8 initiate; // false if this is just an automatic reply
623 u8 protocols; // supported protocols (will be patched on forward)
624 u8 pad2, pad3;
625 auth_encr encr;
626
627 auth_req_packet (int dst, bool initiate_, u8 protocols_)
628 {
629 config_packet::setup (PT_AUTH_REQ, dst);
630 memcpy (magic, MAGIC, 8);
631 initiate = !!initiate_;
632 protocols = protocols_;
633
634 len = sizeof (*this) - sizeof (net_packet);
635 }
636 };
637
638 struct auth_res_packet : vpn_packet // UNPROTECTED
639 {
640 auth_response response;
641
642 auth_res_packet (int dst)
643 {
644 set_hdr (PT_AUTH_RES, dst);
645
646 len = sizeof (*this) - sizeof (net_packet);
647 }
648 };
649
650 struct connect_req_packet : vpn_packet
651 {
652 u8 id, protocols;
653 u8 pad1, pad2;
654
655 connect_req_packet (int dst, int id_, u8 protocols_)
656 : id(id_)
657 , protocols(protocols_)
658 {
659 set_hdr (PT_CONNECT_REQ, dst);
660 len = sizeof (*this) - sizeof (net_packet);
661 }
662 };
663
664 struct connect_info_packet : vpn_packet
665 {
666 u8 id, protocols;
667 u8 pad1, pad2;
668 sockinfo si;
669
670 connect_info_packet (int dst, int id_, const sockinfo &si_, u8 protocols_)
671 : id(id_)
672 , protocols(protocols_)
673 , si(si_)
674 {
675 set_hdr (PT_CONNECT_INFO, dst);
676
677 len = sizeof (*this) - sizeof (net_packet);
678 }
679 };
680
681 /////////////////////////////////////////////////////////////////////////////
682
683 void
684 connection::connection_established (const sockinfo &rsi)
685 {
686 if (!have_snd_auth || !have_rcv_auth)
687 return;
688
689 si = rsi;
690 protocol = rsi.prot;
691
692 slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."),
693 conf->nodename, (const char *)rsi,
694 vpn->can_direct (THISNODE, conf) ? "direct" : "forwarded",
695 PROTOCOL_MAJOR, prot_minor);
696
697 if (::conf.script_node_up)
698 {
699 run_script_cb *cb = new run_script_cb;
700 cb->set<connection, &connection::script_node_up> (this);
701 run_script_queued (cb, _("node-up command execution failed, continuing."));
702 }
703
704 delete ictx; ictx = new crypto_ctx (rcv_auth, snd_auth, rcv_ecdh_a, rcv_auth.ecdh, 0);
705 iseqno.reset (ntohl (rcv_auth.rsa.seqno) & 0x7fffffff);
706
707 delete octx; octx = new crypto_ctx (snd_auth, rcv_auth, snd_ecdh_a, snd_ecdh_b , 1);
708 oseqno = ntohl (snd_auth.rsa.seqno) & 0x7fffffff;
709
710 // make sure rekeying timeouts are slightly asymmetric
711 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0);
712 rekey.start (rekey_interval, rekey_interval);
713
714 hmac_error = 0.;
715
716 keepalive.start (::conf.keepalive);
717
718 // send queued packets
719 while (tap_packet *p = (tap_packet *)data_queue.get ())
720 {
721 if (p->len) send_data_packet (p);
722 delete p;
723 }
724
725 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
726 {
727 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY);
728 delete p;
729 }
730
731 vpn->connection_established (this);
732 }
733
734 void
735 connection::reset_si ()
736 {
737 if (vpn->can_direct (THISNODE, conf))
738 protocol = best_protocol (THISNODE->protocols & conf->connectable_protocols ());
739 else
740 {
741 slog (L_TRACE, _("%s: direct connection denied by config."), conf->nodename);
742 protocol = 0;
743 }
744
745 si.set (conf, protocol);
746 }
747
748 // ensure sockinfo is valid, forward if necessary
749 const sockinfo &
750 connection::forward_si (const sockinfo &si) const
751 {
752 if (!si.valid ())
753 {
754 connection *r = vpn->find_router_for (this);
755
756 if (r)
757 {
758 slog (L_DEBUG, _("%s: no common protocol, trying to route through %s."),
759 conf->nodename, r->conf->nodename);
760 return r->si;
761 }
762 else
763 slog (L_DEBUG, _("%s: node unreachable, no common protocol or no router available."),
764 conf->nodename);
765 }
766
767 return si;
768 }
769
770 void
771 connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
772 {
773 if (!vpn->send_vpn_packet (pkt, si, tos))
774 reset_connection ("packet send error");
775 }
776
777 void
778 connection::send_ping (const sockinfo &si, u8 pong)
779 {
780 ping_packet *pkt = new ping_packet;
781
782 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
783
784 slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si);
785 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
786
787 delete pkt;
788 }
789
790 void
791 connection::send_reset (const sockinfo &si)
792 {
793 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
794 {
795 config_packet *pkt = new config_packet;
796
797 pkt->setup (vpn_packet::PT_RESET, conf->id);
798 send_vpn_packet (pkt, si, IPTOS_MINCOST);
799
800 delete pkt;
801 }
802 }
803
804 void
805 connection::send_auth_request (const sockinfo &si, bool initiate)
806 {
807 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
808
809 generate_auth_data ();
810 auth_encrypt (conf->rsa_key, snd_auth, pkt->encr);
811
812 slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si);
813 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
814
815 delete pkt;
816 }
817
818 void
819 connection::send_auth_response (const sockinfo &si)
820 {
821 auth_res_packet *pkt = new auth_res_packet (conf->id);
822
823 memcpy (pkt->response.ecdh, rcv_ecdh_b, sizeof rcv_ecdh_b);
824 auth_hash (rcv_auth, rcv_ecdh_b, pkt->response.mac);
825
826 slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si);
827 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
828
829 delete pkt;
830 }
831
832 void
833 connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols)
834 {
835 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s,p%02x)", conf->nodename,
836 vpn->conns[rid - 1]->conf->nodename, (const char *)rsi,
837 conf->protocols);
838
839 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
840
841 r->hmac_set (octx);
842 send_vpn_packet (r, si);
843
844 delete r;
845 }
846
847 inline void
848 connection::establish_connection_cb (ev::timer &w, int revents)
849 {
850 if (!(ictx && octx)
851 && conf != THISNODE
852 && connectmode != conf_node::C_NEVER
853 && connectmode != conf_node::C_DISABLED
854 && !w.is_active ())
855 {
856 // a bit hacky, if ondemand, and packets are no longer queued, then reset the connection
857 // and stop trying. should probably be handled by a per-connection expire handler.
858 if (connectmode == conf_node::C_ONDEMAND && vpn_queue.empty () && data_queue.empty ())
859 {
860 reset_connection ("no demand");
861 return;
862 }
863
864 last_establish_attempt = ev_now ();
865
866 ev::tstamp retry_int = ev::tstamp (retry_cnt & 3
867 ? (retry_cnt & 3) + 1
868 : 1 << (retry_cnt >> 2));
869
870 reset_si ();
871
872 bool slow = (si.prot & PROT_SLOW) || (conf->low_power || THISNODE->low_power);
873
874 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf))
875 {
876 /*TODO*/ /* start the timer so we don't recurse endlessly */
877 w.start (1);
878 vpn->send_connect_request (this);
879 }
880 else
881 {
882 if (si.valid ())
883 slog (L_DEBUG, _("%s: sending direct connection request to %s."),
884 conf->nodename, (const char *)si);
885
886 const sockinfo &dsi = forward_si (si);
887
888 slow = slow || (dsi.prot & PROT_SLOW);
889
890 if (dsi.valid () && auth_rate_limiter.can (dsi))
891 {
892 // use ping after the first few retries
893 // TODO: on rekeys, the other node might not interpret ping correctly,
894 // TODO: as it will still have a valid connection
895 if (retry_cnt < 4 && (!conf->low_power || THISNODE->low_power))
896 send_auth_request (dsi, true);
897 else
898 send_ping (dsi, 0);
899 }
900 }
901
902 retry_int *= slow ? 4. : 0.9;
903
904 if (retry_int < conf->max_retry)
905 retry_cnt++;
906 else
907 retry_int = conf->max_retry;
908
909 w.start (retry_int);
910 }
911 }
912
913 void
914 connection::reset_connection (const char *reason)
915 {
916 if (ictx && octx)
917 {
918 slog (L_INFO, _("%s(%s): connection lost (%s)"),
919 conf->nodename, (const char *)si, reason);
920
921 if (::conf.script_node_down)
922 {
923 run_script_cb *cb = new run_script_cb;
924 cb->set<connection, &connection::script_node_down> (this);
925 run_script_queued (cb, _("node-down command execution failed, continuing."));
926 }
927 }
928
929 delete ictx; ictx = 0;
930 delete octx; octx = 0;
931
932 si.host = 0;
933
934 have_snd_auth = false;
935 have_rcv_auth = false;
936 auth_expire = 0.;
937
938 last_activity = 0.;
939 //last_si_change = 0.;
940 retry_cnt = 0;
941
942 rekey.stop ();
943 keepalive.stop ();
944 establish_connection.stop ();
945 }
946
947 void
948 connection::shutdown ()
949 {
950 if (ictx && octx)
951 send_reset (si);
952
953 reset_connection ("shutdown");
954 }
955
956 // poor-man's rekeying
957 inline void
958 connection::rekey_cb (ev::timer &w, int revents)
959 {
960 reset_connection ("rekeying");
961 establish_connection ();
962 }
963
964 void
965 connection::send_data_packet (tap_packet *pkt)
966 {
967 vpndata_packet *p = new vpndata_packet;
968 int tos = 0;
969
970 // I am not hilarious about peeking into packets, but so be it.
971 if (conf->inherit_tos && pkt->is_ipv4 ())
972 tos = (*pkt)[15] & IPTOS_TOS_MASK;
973
974 p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
975 send_vpn_packet (p, si, tos);
976
977 delete p;
978
979 if (oseqno > MAX_SEQNO)
980 rekey ();
981 }
982
983 void
984 connection::post_inject_queue ()
985 {
986 // force a connection every now and when when packets are sent (max 1/s)
987 if (ev_now () - last_establish_attempt >= (conf->low_power || THISNODE->low_power ? 2.95 : 0.95)) // arbitrary
988 establish_connection.stop ();
989
990 establish_connection ();
991 }
992
993 void
994 connection::inject_data_packet (tap_packet *pkt)
995 {
996 if (ictx && octx)
997 send_data_packet (pkt);
998 else
999 {
1000 data_queue.put (new tap_packet (*pkt));
1001 post_inject_queue ();
1002 }
1003 }
1004
1005 void
1006 connection::inject_vpn_packet (vpn_packet *pkt, int tos)
1007 {
1008 if (ictx && octx)
1009 send_vpn_packet (pkt, si, tos);
1010 else
1011 {
1012 vpn_queue.put ((vpn_packet *)new data_packet (*(data_packet *)pkt));
1013 post_inject_queue ();
1014 }
1015 }
1016
1017 void
1018 connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
1019 {
1020 last_activity = ev_now ();
1021
1022 slog (L_NOISE, "%s >> received packet type %d from %d to %d.",
1023 conf->nodename, pkt->typ (), pkt->src (), pkt->dst ());
1024
1025 if (connectmode == conf_node::C_DISABLED)
1026 return;
1027
1028 switch (pkt->typ ())
1029 {
1030 case vpn_packet::PT_PING:
1031 slog (L_TRACE, "%s >> PT_PING", conf->nodename);
1032
1033 // we send pings instead of auth packets after some retries,
1034 // so reset the retry counter and establish a connection
1035 // when we receive a ping.
1036 if (!ictx)
1037 {
1038 if (auth_rate_limiter.can (rsi))
1039 send_auth_request (rsi, true);
1040 }
1041 else
1042 // we would love to change the socket address here, but ping's aren't
1043 // authenticated, so we best ignore it.
1044 send_ping (rsi, 1); // pong
1045
1046 break;
1047
1048 case vpn_packet::PT_PONG:
1049 slog (L_TRACE, "%s >> PT_PONG", conf->nodename);
1050
1051 // a PONG might mean that the other side doesn't really know
1052 // about our desire for communication.
1053 establish_connection ();
1054 break;
1055
1056 case vpn_packet::PT_RESET:
1057 slog (L_TRACE, "%s >> PT_RESET", conf->nodename);
1058
1059 if (ictx && octx)
1060 {
1061 reset_connection ("remote reset");
1062
1063 config_packet *p = (config_packet *) pkt;
1064
1065 if (p->chk_config (conf, rsi) && connectmode == conf_node::C_ALWAYS)
1066 establish_connection ();
1067 }
1068
1069 break;
1070
1071 case vpn_packet::PT_AUTH_REQ:
1072 if (auth_rate_limiter.can (rsi))
1073 {
1074 auth_req_packet *p = (auth_req_packet *)pkt;
1075
1076 slog (L_TRACE, "%s >> PT_AUTH_REQ(%s,p%02x,f%02x)",
1077 conf->nodename, p->initiate ? "initiate" : "reply",
1078 p->protocols, p->features);
1079
1080 if (memcmp (p->magic, MAGIC, 8))
1081 {
1082 slog (L_WARN, _("%s(%s): protocol magic mismatch - stray packet?"),
1083 conf->nodename, (const char *)rsi);
1084 }
1085 else if (p->chk_config (conf, rsi))
1086 {
1087 if (p->prot_minor != PROTOCOL_MINOR)
1088 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1089 conf->nodename, (const char *)rsi,
1090 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1091
1092 if (p->initiate)
1093 {
1094 send_auth_request (rsi, false);
1095
1096 if (ictx && octx)
1097 reset_connection ("reconnect");
1098 }
1099
1100 auth_data auth;
1101
1102 if (!auth_decrypt (::conf.rsa_key, p->encr, auth))
1103 {
1104 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
1105 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
1106 }
1107 else
1108 {
1109 bool chg = !have_rcv_auth || !slow_memeq (&rcv_auth, &auth, sizeof auth);
1110
1111 rcv_auth = auth;
1112 have_rcv_auth = true;
1113
1114 send_auth_response (rsi);
1115
1116 if (chg)
1117 {
1118 conf->protocols = p->protocols;
1119 features = p->features & config_packet::get_features ();
1120
1121 connection_established (rsi);
1122 }
1123 }
1124
1125 break;
1126 }
1127
1128 send_reset (rsi);
1129 }
1130
1131 break;
1132
1133 case vpn_packet::PT_AUTH_RES:
1134 {
1135 auth_res_packet *p = (auth_res_packet *)pkt;
1136
1137 slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename);
1138
1139 auth_mac local_mac;
1140 auth_hash (snd_auth, p->response.ecdh, local_mac);
1141
1142 if (!slow_memeq (&p->response.mac, local_mac, sizeof local_mac))
1143 {
1144 slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."),
1145 conf->nodename, (const char *)rsi);
1146 }
1147 else if (!have_snd_auth)
1148 {
1149 memcpy (snd_ecdh_b, p->response.ecdh, sizeof snd_ecdh_b);
1150
1151 have_snd_auth = true;
1152 connection_established (rsi);
1153 }
1154 }
1155 break;
1156
1157 case vpn_packet::PT_DATA_COMPRESSED:
1158 #if !ENABLE_COMPRESSION
1159 send_reset (rsi);
1160 break;
1161 #endif
1162
1163 case vpn_packet::PT_DATA_UNCOMPRESSED:
1164
1165 if (ictx && octx)
1166 {
1167 vpndata_packet *p = (vpndata_packet *)pkt;
1168
1169 if (!p->hmac_chk (ictx))
1170 {
1171 // rekeying often creates temporary hmac auth floods
1172 // we assume they don't take longer than a few seconds normally,
1173 // and suppress messages and resets during that time.
1174 //TODO: should be done per source address
1175 if (!hmac_error)
1176 {
1177 hmac_error = ev_now () + 3;
1178 break;
1179 }
1180 else if (hmac_error >= ev_now ())
1181 break; // silently suppress
1182 else
1183 {
1184 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
1185 "could be an attack, or just corruption or a synchronization error."),
1186 conf->nodename, (const char *)rsi);
1187 // reset
1188 }
1189 }
1190 else
1191 {
1192 u32 seqno;
1193 tap_packet *d = p->unpack (this, seqno);
1194 int seqclass = iseqno.seqno_classify (seqno);
1195
1196 hmac_error = 0;
1197
1198 if (seqclass == 0) // ok
1199 {
1200 vpn->tap->send (d);
1201
1202 if (si != rsi)
1203 {
1204 // fast re-sync on source address changes, useful especially for tcp/ip
1205 //if (last_si_change < ev_now () + 5.)
1206 // {
1207 slog (L_INFO, _("%s(%s): changing socket address to %s."),
1208 conf->nodename, (const char *)si, (const char *)rsi);
1209
1210 si = rsi;
1211
1212 if (::conf.script_node_change)
1213 {
1214 run_script_cb *cb = new run_script_cb;
1215 cb->set<connection, &connection::script_node_change> (this);
1216 run_script_queued (cb, _("node-change command execution failed, continuing."));
1217 }
1218
1219 // }
1220 //else
1221 // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."),
1222 // conf->nodename, (const char *)si, (const char *)rsi);
1223 }
1224 }
1225 else if (seqclass == 1) // far history
1226 slog (L_ERR, _("received very old packet (received %08lx, expected %08lx). "
1227 "possible replay attack, or just packet duplication/delay, ignoring."), seqno, iseqno.seq + 1);
1228 else if (seqclass == 2) // in-window duplicate, happens often on wireless
1229 slog (L_DEBUG, _("received recent duplicated packet (received %08lx, expected %08lx). "
1230 "possible replay attack, or just packet duplication, ignoring."), seqno, iseqno.seq + 1);
1231 else if (seqclass == 3) // reset
1232 {
1233 slog (L_ERR, _("received out-of-sync (far future) packet (received %08lx, expected %08lx). "
1234 "probably just massive packet loss, sending reset."), seqno, iseqno.seq + 1);
1235 send_reset (rsi);
1236 }
1237
1238 delete d;
1239 break;
1240 }
1241 }
1242
1243 send_reset (rsi);
1244 break;
1245
1246 case vpn_packet::PT_CONNECT_REQ:
1247 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1248 {
1249 connect_req_packet *p = (connect_req_packet *)pkt;
1250
1251 if (p->id > 0 && p->id <= vpn->conns.size ())
1252 {
1253 connection *c = vpn->conns[p->id - 1];
1254 conf->protocols = p->protocols;
1255
1256 slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s,p%02x) [%d]",
1257 conf->nodename, vpn->conns[p->id - 1]->conf->nodename,
1258 p->protocols,
1259 c->ictx && c->octx);
1260
1261 if (c->ictx && c->octx)
1262 {
1263 // send connect_info packets to both sides, in case one is
1264 // behind a nat firewall (or both ;)
1265 c->send_connect_info (conf->id, si, conf->protocols);
1266 send_connect_info (c->conf->id, c->si, c->conf->protocols);
1267 }
1268 else
1269 c->establish_connection ();
1270 }
1271 else
1272 slog (L_WARN,
1273 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1274 p->id);
1275 }
1276
1277 break;
1278
1279 case vpn_packet::PT_CONNECT_INFO:
1280 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1281 {
1282 connect_info_packet *p = (connect_info_packet *)pkt;
1283
1284 if (p->id > 0 && p->id <= vpn->conns.size ())
1285 {
1286 connection *c = vpn->conns[p->id - 1];
1287
1288 c->conf->protocols = p->protocols;
1289 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1290 p->si.upgrade_protocol (protocol, c->conf);
1291
1292 slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s,protocols=%02x,protocol=%02x,upgradable=%02x) [%d]",
1293 conf->nodename,
1294 vpn->conns[p->id - 1]->conf->nodename,
1295 (const char *)p->si,
1296 p->protocols,
1297 protocol,
1298 p->si.supported_protocols (c->conf),
1299 !c->ictx && !c->octx);
1300
1301 const sockinfo &dsi = forward_si (p->si);
1302
1303 if (dsi.valid ())
1304 c->send_auth_request (dsi, true);
1305 else
1306 slog (L_INFO, "connect info for %s received (%s), but still unable to contact.",
1307 vpn->conns[p->id - 1]->conf->nodename,
1308 (const char *)p->si);
1309 }
1310 else
1311 slog (L_WARN,
1312 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1313 p->id);
1314 }
1315
1316 break;
1317
1318 default:
1319 send_reset (rsi);
1320 break;
1321 }
1322 }
1323
1324 inline void
1325 connection::keepalive_cb (ev::timer &w, int revents)
1326 {
1327 ev_tstamp when = last_activity + ::conf.keepalive - ev::now ();
1328
1329 if (when >= 0)
1330 w.start (when);
1331 else if (when < -15)
1332 {
1333 reset_connection ("keepalive overdue");
1334 establish_connection ();
1335 }
1336 else if (conf->connectmode != conf_node::C_ONDEMAND
1337 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1338 {
1339 w.start (3);
1340 send_ping (si);
1341 }
1342 else if (when >= -10)
1343 // hold ondemand connections implicitly a few seconds longer
1344 // should delete octx, though, or something like that ;)
1345 w.start (when + 10);
1346 else
1347 reset_connection ("keepalive timeout");
1348 }
1349
1350 void
1351 connection::send_connect_request (int id)
1352 {
1353 connect_req_packet *p = new connect_req_packet (conf->id, id, THISNODE->protocols);
1354
1355 slog (L_TRACE, "%s << PT_CONNECT_REQ(%s,p%02x)",
1356 conf->nodename, vpn->conns[id - 1]->conf->nodename,
1357 THISNODE->protocols);
1358 p->hmac_set (octx);
1359 send_vpn_packet (p, si);
1360
1361 delete p;
1362 }
1363
1364 void
1365 connection::script_init_env (const char *ext)
1366 {
1367 char *env;
1368 asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env);
1369 asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env);
1370 asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext,
1371 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8,
1372 conf->id & 0xff); putenv (env);
1373 }
1374
1375 void
1376 connection::script_init_connect_env ()
1377 {
1378 vpn->script_init_env ();
1379
1380 char *env;
1381 asprintf (&env, "DESTID=%d", conf->id); putenv (env);
1382 asprintf (&env, "DESTSI=%s", (const char *)si); putenv (env);
1383 asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env);
1384 asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env);
1385 asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env);
1386 }
1387
1388 inline const char *
1389 connection::script_node_up ()
1390 {
1391 script_init_connect_env ();
1392
1393 putenv ((char *)"STATE=up");
1394
1395 char *filename;
1396 asprintf (&filename,
1397 "%s/%s",
1398 confbase,
1399 ::conf.script_node_up ? ::conf.script_node_up : "node-up");
1400
1401 return filename;
1402 }
1403
1404 inline const char *
1405 connection::script_node_change ()
1406 {
1407 script_init_connect_env ();
1408
1409 putenv ((char *)"STATE=change");
1410
1411 char *filename;
1412 asprintf (&filename,
1413 "%s/%s",
1414 confbase,
1415 ::conf.script_node_change ? ::conf.script_node_change : "node-change");
1416
1417 return filename;
1418 }
1419
1420 inline const char *
1421 connection::script_node_down ()
1422 {
1423 script_init_connect_env ();
1424
1425 putenv ((char *)"STATE=down");
1426
1427 char *filename;
1428 asprintf (&filename,
1429 "%s/%s",
1430 confbase,
1431 ::conf.script_node_down ? ::conf.script_node_down : "node-down");
1432
1433 return filename;
1434 }
1435
1436 connection::connection (struct vpn *vpn, conf_node *conf)
1437 : vpn(vpn), conf(conf),
1438 #if ENABLE_DNS
1439 dns (0),
1440 #endif
1441 data_queue(conf->max_ttl, conf->max_queue + 1),
1442 vpn_queue(conf->max_ttl, conf->max_queue + 1)
1443 {
1444 rekey .set<connection, &connection::rekey_cb > (this);
1445 keepalive .set<connection, &connection::keepalive_cb > (this);
1446 establish_connection.set<connection, &connection::establish_connection_cb> (this);
1447
1448 last_establish_attempt = 0.;
1449 octx = ictx = 0;
1450
1451 connectmode = conf->connectmode;
1452
1453 // queue a dummy packet to force an initial connection attempt
1454 if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED)
1455 vpn_queue.put (new net_packet);
1456
1457 reset_connection ("startup");
1458 }
1459
1460 connection::~connection ()
1461 {
1462 shutdown ();
1463 }
1464
1465 void
1466 connection_init ()
1467 {
1468 auth_rate_limiter.clear ();
1469 reset_rate_limiter.clear ();
1470 }
1471