ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/protocol.C
(Generate patch)

Comparing gvpe/src/protocol.C (file contents):
Revision 1.5 by pcg, Sat Mar 8 10:48:41 2003 UTC vs.
Revision 1.8 by pcg, Mon Mar 17 15:20:18 2003 UTC

481connection::send_ping (SOCKADDR *dsa, u8 pong) 481connection::send_ping (SOCKADDR *dsa, u8 pong)
482{ 482{
483 ping_packet *pkt = new ping_packet; 483 ping_packet *pkt = new ping_packet;
484 484
485 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); 485 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
486 vpn->send_vpn_packet (pkt, dsa); 486 vpn->send_vpn_packet (pkt, dsa, IPTOS_LOWDELAY);
487 487
488 delete pkt; 488 delete pkt;
489} 489}
490 490
491void 491void
496 if (limiter.can (dsa)) 496 if (limiter.can (dsa))
497 { 497 {
498 config_packet *pkt = new config_packet; 498 config_packet *pkt = new config_packet;
499 499
500 pkt->setup (vpn_packet::PT_RESET, conf->id); 500 pkt->setup (vpn_packet::PT_RESET, conf->id);
501 vpn->send_vpn_packet (pkt, dsa); 501 vpn->send_vpn_packet (pkt, dsa, IPTOS_MINCOST);
502 502
503 delete pkt; 503 delete pkt;
504 } 504 }
505} 505}
506 506
550 fatal ("RSA_public_encrypt error"); 550 fatal ("RSA_public_encrypt error");
551#endif 551#endif
552 552
553 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa)); 553 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa));
554 554
555 vpn->send_vpn_packet (pkt, sa); 555 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY);
556 556
557 delete pkt; 557 delete pkt;
558 } 558 }
559} 559}
560 560
635 635
636void 636void
637connection::send_data_packet (tap_packet * pkt, bool broadcast) 637connection::send_data_packet (tap_packet * pkt, bool broadcast)
638{ 638{
639 vpndata_packet *p = new vpndata_packet; 639 vpndata_packet *p = new vpndata_packet;
640 int tos = 0;
641
642 if (conf->inherit_tos
643 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
644 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
645 tos = (*pkt)[15] & IPTOS_TOS_MASK;
640 646
641 p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs 647 p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
642 vpn->send_vpn_packet (p, &sa); 648 vpn->send_vpn_packet (p, &sa, tos);
643 649
644 delete p; 650 delete p;
645 651
646 if (oseqno > MAX_SEQNO) 652 if (oseqno > MAX_SEQNO)
647 rekey (); 653 rekey ();
766 if (!memcmp ((u8 *)gen_challenge (ssa) + sizeof (u32), (u8 *)&k + sizeof (u32), 772 if (!memcmp ((u8 *)gen_challenge (ssa) + sizeof (u32), (u8 *)&k + sizeof (u32),
767 sizeof (rsachallenge) - sizeof (u32))) 773 sizeof (rsachallenge) - sizeof (u32)))
768 { 774 {
769 delete ictx; 775 delete ictx;
770 776
771 ictx = new crypto_ctx (k, 0); 777 ictx = new crypto_ctx (k, 0);
772 iseqno = *(u32 *)&k[CHG_SEQNO] & 0x7fffffff; // at least 2**31 sequence numbers are valid 778 iseqno.reset (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); // at least 2**31 sequence numbers are valid
773 ismask = 0xffffffff; // initially, all lower sequence numbers are invalid
774 779
775 sa = *ssa; 780 sa = *ssa;
776 781
777 next_rekey = now + ::conf.rekey; 782 next_rekey = now + ::conf.rekey;
778 next_wakeup (next_rekey); 783 next_wakeup (next_rekey);
828 else 833 else
829 { 834 {
830 u32 seqno; 835 u32 seqno;
831 tap_packet *d = p->unpack (this, seqno); 836 tap_packet *d = p->unpack (this, seqno);
832 837
833 if (seqno <= iseqno - 32) 838 if (iseqno.recv_ok (seqno))
834 slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n"
835 "possible replay attack, or just massive packet reordering"), seqno, iseqno + 1);//D
836 else if (seqno > iseqno + 32)
837 slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n"
838 "possible replay attack, or just massive packet loss"), seqno, iseqno + 1);//D
839 else
840 { 839 {
841 if (seqno > iseqno)
842 {
843 ismask <<= seqno - iseqno;
844 iseqno = seqno;
845 }
846
847 u32 mask = 1 << (iseqno - seqno);
848
849 //printf ("received seqno %08lx, iseqno %08lx, mask %08lx is %08lx\n", seqno, iseqno, mask, ismask);
850 if (ismask & mask)
851 slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n"
852 "possible replay attack, or just packet duplication"), seqno, iseqno + 1);//D
853 else
854 {
855 ismask |= mask;
856
857 vpn->tap->send (d); 840 vpn->tap->send (d);
858 841
859 if (p->dst () == 0) // re-broadcast 842 if (p->dst () == 0) // re-broadcast
860 for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i) 843 for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
861 { 844 {
862 connection *c = *i; 845 connection *c = *i;
863 846
864 if (c->conf != THISNODE && c->conf != conf) 847 if (c->conf != THISNODE && c->conf != conf)
865 c->inject_data_packet (d); 848 c->inject_data_packet (d);
866 }
867
868 delete d;
869
870 break;
871 } 849 }
850
851 delete d;
852
853 break;
872 } 854 }
873 } 855 }
874 } 856 }
875 else 857 else
876 slog (L_ERR, _("received data packet from unknown source %s"), (const char *)sockinfo (ssa));//D 858 slog (L_ERR, _("received data packet from unknown source %s"), (const char *)sockinfo (ssa));//D
1095 1077
1096 return 0; 1078 return 0;
1097} 1079}
1098 1080
1099void 1081void
1100vpn::send_vpn_packet (vpn_packet *pkt, SOCKADDR *sa) 1082vpn::send_vpn_packet (vpn_packet *pkt, SOCKADDR *sa, int tos)
1101{ 1083{
1084 setsockopt (socket_fd, SOL_IP, IP_TOS, &tos, sizeof tos);
1102 sendto (socket_fd, &((*pkt)[0]), pkt->len, 0, (sockaddr *)sa, sizeof (*sa)); 1085 sendto (socket_fd, &((*pkt)[0]), pkt->len, 0, (sockaddr *)sa, sizeof (*sa));
1103} 1086}
1104 1087
1105void 1088void
1106vpn::shutdown_all () 1089vpn::shutdown_all ()

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines