ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/protocol.C
(Generate patch)

Comparing gvpe/src/protocol.C (file contents):
Revision 1.8 by pcg, Mon Mar 17 15:20:18 2003 UTC vs.
Revision 1.9 by pcg, Fri Mar 21 23:17:01 2003 UTC

60 60
61static const rsachallenge & 61static const rsachallenge &
62challenge_bytes () 62challenge_bytes ()
63{ 63{
64 static rsachallenge challenge; 64 static rsachallenge challenge;
65 static time_t challenge_ttl; // time this challenge needs to be recreated 65 static double challenge_ttl; // time this challenge needs to be recreated
66 66
67 if (now > challenge_ttl) 67 if (NOW > challenge_ttl)
68 { 68 {
69 RAND_bytes ((unsigned char *)&challenge, sizeof (challenge)); 69 RAND_bytes ((unsigned char *)&challenge, sizeof (challenge));
70 challenge_ttl = now + CHALLENGE_TTL; 70 challenge_ttl = NOW + CHALLENGE_TTL;
71 } 71 }
72 72
73 return challenge; 73 return challenge;
74} 74}
75 75
128 128
129crypto_ctx::~crypto_ctx () 129crypto_ctx::~crypto_ctx ()
130{ 130{
131 EVP_CIPHER_CTX_cleanup (&cctx); 131 EVP_CIPHER_CTX_cleanup (&cctx);
132 HMAC_CTX_cleanup (&hctx); 132 HMAC_CTX_cleanup (&hctx);
133}
134
135//////////////////////////////////////////////////////////////////////////////
136
137void pkt_queue::put (tap_packet *p)
138{
139 if (queue[i])
140 {
141 delete queue[i];
142 j = (j + 1) % QUEUEDEPTH;
143 }
144
145 queue[i] = p;
146
147 i = (i + 1) % QUEUEDEPTH;
148}
149
150tap_packet *pkt_queue::get ()
151{
152 tap_packet *p = queue[j];
153
154 if (p)
155 {
156 queue[j] = 0;
157 j = (j + 1) % QUEUEDEPTH;
158 }
159
160 return p;
161}
162
163pkt_queue::pkt_queue ()
164{
165 memset (queue, 0, sizeof (queue));
166 i = 0;
167 j = 0;
168}
169
170pkt_queue::~pkt_queue ()
171{
172 for (i = QUEUEDEPTH; --i > 0; )
173 delete queue[i];
174}
175
176// only do action once every x seconds per host.
177// currently this is quite a slow implementation,
178// but suffices for normal operation.
179struct u32_rate_limiter : private map<u32, tstamp>
180 {
181 tstamp every;
182
183 bool can (u32 host);
184
185 u32_rate_limiter (tstamp every = 1)
186 {
187 this->every = every;
188 }
189 };
190
191struct net_rate_limiter : u32_rate_limiter
192 {
193 bool can (SOCKADDR *sa) { return u32_rate_limiter::can((u32)sa->sin_addr.s_addr); }
194 bool can (sockinfo &si) { return u32_rate_limiter::can((u32)si.host); }
195
196 net_rate_limiter (tstamp every) : u32_rate_limiter (every) {}
197 };
198
199bool u32_rate_limiter::can (u32 host)
200{
201 iterator i;
202
203 for (i = begin (); i != end (); )
204 if (i->second <= NOW)
205 {
206 erase (i);
207 i = begin ();
208 }
209 else
210 ++i;
211
212 i = find (host);
213
214 if (i != end ())
215 return false;
216
217 insert (value_type (host, NOW + every));
218
219 return true;
133} 220}
134 221
135///////////////////////////////////////////////////////////////////////////// 222/////////////////////////////////////////////////////////////////////////////
136 223
137static void next_wakeup (time_t next) 224static void next_wakeup (time_t next)
200 287
201 unsigned int src () 288 unsigned int src ()
202 { 289 {
203 return src1 | ((srcdst >> 4) << 8); 290 return src1 | ((srcdst >> 4) << 8);
204 } 291 }
292
205 unsigned int dst () 293 unsigned int dst ()
206 { 294 {
207 return dst1 | ((srcdst & 0xf) << 8); 295 return dst1 | ((srcdst & 0xf) << 8);
208 } 296 }
297
209 ptype typ () 298 ptype typ ()
210 { 299 {
211 return (ptype) type; 300 return (ptype) type;
212 } 301 }
213 }; 302 };
252 u32 cl; 341 u32 cl;
253 342
254 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7); 343 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
255 if (cl) 344 if (cl)
256 { 345 {
257 //printf ("compressed packet, %d => %d\n", l, cl);//D
258 type = PT_DATA_COMPRESSED; 346 type = PT_DATA_COMPRESSED;
259 d = cdata; 347 d = cdata;
260 l = cl + 2; 348 l = cl + 2;
261 349
262 d[0] = cl >> 8; 350 d[0] = cl >> 8;
338#if ENABLE_COMPRESSION 426#if ENABLE_COMPRESSION
339 if (type == PT_DATA_COMPRESSED) 427 if (type == PT_DATA_COMPRESSED)
340 { 428 {
341 u32 cl = (d[DATAHDR] << 8) | d[DATAHDR + 1]; 429 u32 cl = (d[DATAHDR] << 8) | d[DATAHDR + 1];
342 p->len = lzf_decompress (d + DATAHDR + 2, cl, &(*p)[6 + 6], MAX_MTU) + 6 + 6; 430 p->len = lzf_decompress (d + DATAHDR + 2, cl, &(*p)[6 + 6], MAX_MTU) + 6 + 6;
343 //printf ("decompressxed %d(%d) => %d\n", cl, len - data_hdr_size (), p->len);//D
344 } 431 }
345 else 432 else
346 p->len = outl + (6 + 6 - DATAHDR); 433 p->len = outl + (6 + 6 - DATAHDR);
347#endif 434#endif
348 435
369 u32 digest_nid; 456 u32 digest_nid;
370 457
371 const u8 curflags () const 458 const u8 curflags () const
372 { 459 {
373 return 0x80 460 return 0x80
461 | 0x02
462#if PROTOCOL_MAJOR != 2
463#error hi
464#endif
374 | (ENABLE_COMPRESSION ? 0x01 : 0x00) 465 | (ENABLE_COMPRESSION ? 0x01 : 0x00);
375 | (ENABLE_TRUST ? 0x02 : 0x00);
376 } 466 }
377 467
378 void setup (ptype type, int dst) 468 void setup (ptype type, int dst)
379 { 469 {
380 prot_major = PROTOCOL_MAJOR; 470 prot_major = PROTOCOL_MAJOR;
523 613
524 if (subtype != AUTH_INIT || limiter.can (sa)) 614 if (subtype != AUTH_INIT || limiter.can (sa))
525 { 615 {
526 auth_packet *pkt = new auth_packet (conf->id, subtype); 616 auth_packet *pkt = new auth_packet (conf->id, subtype);
527 617
528 //printf ("send auth_packet subtype %d\n", subtype);//D
529
530 if (!k) 618 if (!k)
531 k = gen_challenge (sa); 619 k = gen_challenge (sa);
532 620
533#if ENABLE_TRUST
534 if (0 > RSA_public_encrypt (sizeof (*k), 621 if (0 > RSA_public_encrypt (sizeof (*k),
535 (unsigned char *)k, (unsigned char *)&pkt->challenge, 622 (unsigned char *)k, (unsigned char *)&pkt->challenge,
536 conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) 623 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
537 fatal ("RSA_public_encrypt error"); 624 fatal ("RSA_public_encrypt error");
538#else
539# error untrusted mode not yet implemented: programemr does not know how to
540 rsaencrdata enc;
541
542 if (0 > RSA_private_encrypt (sizeof (*k),
543 (unsigned char *)k, (unsigned char *)&enc,
544 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
545 fatal ("RSA_private_encrypt error");
546
547 if (0 > RSA_public_encrypt (sizeof (enc),
548 (unsigned char *)enc, (unsigned char *)&pkt->challenge,
549 conf->rsa_key, RSA_NO_PADDING))
550 fatal ("RSA_public_encrypt error");
551#endif
552 625
553 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa)); 626 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa));
554 627
555 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); 628 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY);
556 629
557 delete pkt; 630 delete pkt;
558 } 631 }
559} 632}
560 633
561void 634void
562connection::establish_connection () 635connection::establish_connection_cb (tstamp &ts)
563{ 636{
564 if (!ictx && conf != THISNODE && connectmode != conf_node::C_NEVER) 637 if (ictx || conf == THISNODE || connectmode == conf_node::C_NEVER)
638 ts = TSTAMP_CANCEL;
639 else if (ts <= NOW)
565 { 640 {
566 if (now >= next_retry) 641 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.25;
642
643 if (retry_int < 3600 * 8)
644 retry_cnt++;
645
646 if (connectmode == conf_node::C_ONDEMAND
647 && retry_int > ::conf.keepalive)
648 retry_int = ::conf.keepalive;
649
650 ts = NOW + retry_int;
651
652 if (conf->hostname)
567 { 653 {
568 int retry_int = retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2);
569
570 if (retry_cnt < (17 << 2) | 3)
571 retry_cnt++;
572
573 if (connectmode == conf_node::C_ONDEMAND
574 && retry_int > ::conf.keepalive)
575 retry_int = ::conf.keepalive;
576
577 next_retry = now + retry_int;
578 next_wakeup (next_retry);
579
580 if (conf->hostname)
581 {
582 reset_dstaddr (); 654 reset_dstaddr ();
583 if (sa.sin_addr.s_addr) 655 if (sa.sin_addr.s_addr)
584 if (retry_cnt < 4) 656 if (retry_cnt < 4)
585 send_auth (AUTH_INIT, &sa); 657 send_auth (AUTH_INIT, &sa);
586 else 658 else
587 send_ping (&sa, 0); 659 send_ping (&sa, 0);
588 }
589 else
590 vpn->connect_request (conf->id);
591 } 660 }
661 else
662 vpn->connect_request (conf->id);
592 } 663 }
593} 664}
594 665
595void 666void
596connection::reset_connection () 667connection::reset_connection ()
610 octx = 0; 681 octx = 0;
611 682
612 sa.sin_port = 0; 683 sa.sin_port = 0;
613 sa.sin_addr.s_addr = 0; 684 sa.sin_addr.s_addr = 0;
614 685
615 next_retry = 0;
616 next_rekey = 0;
617 last_activity = 0; 686 last_activity = 0;
687
688 rekey.reset ();
689 keepalive.reset ();
690 establish_connection.reset ();
618} 691}
619 692
620void 693void
621connection::shutdown () 694connection::shutdown ()
622{ 695{
625 698
626 reset_connection (); 699 reset_connection ();
627} 700}
628 701
629void 702void
630connection::rekey () 703connection::rekey_cb (tstamp &ts)
631{ 704{
705 ts = TSTAMP_CANCEL;
706
632 reset_connection (); 707 reset_connection ();
633 establish_connection (); 708 establish_connection ();
634} 709}
635 710
636void 711void
668} 743}
669 744
670void 745void
671connection::recv_vpn_packet (vpn_packet *pkt, SOCKADDR *ssa) 746connection::recv_vpn_packet (vpn_packet *pkt, SOCKADDR *ssa)
672{ 747{
673 last_activity = now; 748 last_activity = NOW;
674 749
675 slog (L_NOISE, "<<%d received packet type %d from %d to %d", 750 slog (L_NOISE, "<<%d received packet type %d from %d to %d",
676 conf->id, pkt->typ (), pkt->src (), pkt->dst ()); 751 conf->id, pkt->typ (), pkt->src (), pkt->dst ());
677 752
678 switch (pkt->typ ()) 753 switch (pkt->typ ())
686 // so reset the retry counter and establish a conenction 761 // so reset the retry counter and establish a conenction
687 // when we receive a pong. 762 // when we receive a pong.
688 if (!ictx && !octx) 763 if (!ictx && !octx)
689 { 764 {
690 retry_cnt = 0; 765 retry_cnt = 0;
691 next_retry = 0; 766 establish_connection.at = 0;
692 establish_connection (); 767 establish_connection ();
693 } 768 }
694 769
695 break; 770 break;
696 771
697 case vpn_packet::PT_RESET: 772 case vpn_packet::PT_RESET:
698 { 773 {
699 reset_connection (); 774 reset_connection ();
700 775
701 config_packet *p = (config_packet *) pkt; 776 config_packet *p = (config_packet *) pkt;
702 if (p->chk_config ()) 777 if (!p->chk_config ())
778 {
779 slog (L_WARN, _("disabling node '%s' because of differing protocol"), conf->nodename);
780 connectmode = conf_node::C_NEVER;
781 }
703 if (connectmode == conf_node::C_ALWAYS) 782 else if (connectmode == conf_node::C_ALWAYS)
704 establish_connection (); 783 establish_connection ();
705
706 //D slog the protocol mismatch?
707 } 784 }
708 break; 785 break;
709 786
710 case vpn_packet::PT_AUTH: 787 case vpn_packet::PT_AUTH:
711 { 788 {
723 if (p->subtype == AUTH_INIT) 800 if (p->subtype == AUTH_INIT)
724 send_auth (AUTH_INITREPLY, ssa); 801 send_auth (AUTH_INITREPLY, ssa);
725 802
726 rsachallenge k; 803 rsachallenge k;
727 804
728#if ENABLE_TRUST
729 if (0 > RSA_private_decrypt (sizeof (rsaencrdata), 805 if (0 > RSA_private_decrypt (sizeof (rsaencrdata),
730 (unsigned char *)&p->challenge, (unsigned char *)&k, 806 (unsigned char *)&p->challenge, (unsigned char *)&k,
731 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING)) 807 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
732 // continued below
733#else
734 rsaencrdata j;
735
736 if (0 > RSA_private_decrypt (sizeof (rsaencrdata),
737 (unsigned char *)&p->challenge, (unsigned char *)&j,
738 ::conf.rsa_key, RSA_NO_PADDING))
739 fatal ("RSA_private_decrypt error");
740
741 if (0 > RSA_public_decrypt (sizeof (k),
742 (unsigned char *)&j, (unsigned char *)&k,
743 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
744 // continued below
745#endif
746 { 808 {
747 slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"), 809 slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"),
748 conf->nodename, (const char *)sockinfo (ssa)); 810 conf->nodename, (const char *)sockinfo (ssa));
749 break; 811 break;
750 } 812 }
751 813
752 retry_cnt = 0; 814 retry_cnt = 0;
753 next_retry = now + 8; 815 establish_connection.set (NOW + 8); //? ;)
816 keepalive.reset ();
817 rekey.reset ();
754 818
755 switch (p->subtype) 819 switch (p->subtype)
756 { 820 {
757 case AUTH_INIT: 821 case AUTH_INIT:
758 case AUTH_INITREPLY: 822 case AUTH_INITREPLY:
777 ictx = new crypto_ctx (k, 0); 841 ictx = new crypto_ctx (k, 0);
778 iseqno.reset (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); // at least 2**31 sequence numbers are valid 842 iseqno.reset (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); // at least 2**31 sequence numbers are valid
779 843
780 sa = *ssa; 844 sa = *ssa;
781 845
782 next_rekey = now + ::conf.rekey; 846 rekey.set (NOW + ::conf.rekey);
783 next_wakeup (next_rekey); 847 keepalive.set (NOW + ::conf.keepalive);
784 848
785 // send queued packets 849 // send queued packets
786 while (tap_packet *p = queue.get ()) 850 while (tap_packet *p = queue.get ())
787 { 851 {
788 send_data_packet (p); 852 send_data_packet (p);
929 send_reset (ssa); 993 send_reset (ssa);
930 break; 994 break;
931 } 995 }
932} 996}
933 997
934void connection::timer () 998void connection::keepalive_cb (tstamp &ts)
935{ 999{
936 if (conf != THISNODE) 1000 if (NOW >= last_activity + ::conf.keepalive + 30)
937 { 1001 {
938 if (now >= next_retry && connectmode == conf_node::C_ALWAYS) 1002 reset_connection ();
939 establish_connection (); 1003 establish_connection ();
940 1004 }
941 if (ictx && octx)
942 {
943 if (now >= next_rekey)
944 rekey ();
945 else if (now >= last_activity + ::conf.keepalive + 30)
946 {
947 reset_connection ();
948 establish_connection ();
949 }
950 else if (now >= last_activity + ::conf.keepalive) 1005 else if (NOW < last_activity + ::conf.keepalive)
1006 ts = last_activity + ::conf.keepalive;
951 if (conf->connectmode != conf_node::C_ONDEMAND 1007 else if (conf->connectmode != conf_node::C_ONDEMAND
952 || THISNODE->connectmode != conf_node::C_ONDEMAND) 1008 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1009 {
953 send_ping (&sa); 1010 send_ping (&sa);
954 else 1011 ts = NOW + 5;
1012 }
1013 else
955 reset_connection (); 1014 reset_connection ();
956 1015
957 }
958 }
959} 1016}
960 1017
961void connection::connect_request (int id) 1018void connection::connect_request (int id)
962{ 1019{
963 connect_req_packet *p = new connect_req_packet (conf->id, id); 1020 connect_req_packet *p = new connect_req_packet (conf->id, id);
1000 putenv ("STATE=down"); 1057 putenv ("STATE=down");
1001 1058
1002 return ::conf.script_node_up ? ::conf.script_node_down : "node-down"; 1059 return ::conf.script_node_up ? ::conf.script_node_down : "node-down";
1003} 1060}
1004 1061
1062connection::connection(struct vpn *vpn_)
1063: vpn(vpn_)
1064, rekey (this, &connection::rekey_cb)
1065, keepalive (this, &connection::keepalive_cb)
1066, establish_connection (this, &connection::establish_connection_cb)
1067{
1068 octx = ictx = 0;
1069 retry_cnt = 0;
1070
1071 connectmode = conf_node::C_ALWAYS; // initial setting
1072 reset_connection ();
1073}
1074
1075connection::~connection ()
1076{
1077 shutdown ();
1078}
1079
1005///////////////////////////////////////////////////////////////////////////// 1080/////////////////////////////////////////////////////////////////////////////
1006
1007vpn::vpn (void)
1008{}
1009 1081
1010const char *vpn::script_if_up () 1082const char *vpn::script_if_up ()
1011{ 1083{
1012 // the tunnel device mtu should be the physical mtu - overhead 1084 // the tunnel device mtu should be the physical mtu - overhead
1013 // the tricky part is rounding to the cipher key blocksize 1085 // the tricky part is rounding to the cipher key blocksize
1064 { 1136 {
1065 int oval = 1; 1137 int oval = 1;
1066 setsockopt (socket_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval); 1138 setsockopt (socket_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval);
1067 } 1139 }
1068 1140
1141 udp_ev_watcher.start (socket_fd, POLLIN);
1142
1069 tap = new tap_device (); 1143 tap = new tap_device ();
1070 if (!tap) //D this, of course, never catches 1144 if (!tap) //D this, of course, never catches
1071 { 1145 {
1072 slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname); 1146 slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname);
1073 exit (1); 1147 exit (1);
1074 } 1148 }
1075 1149
1076 run_script (this, &vpn::script_if_up, true); 1150 run_script (this, &vpn::script_if_up, true);
1151
1152 vpn_ev_watcher.start (tap->fd, POLLIN);
1153
1154 reconnect_all ();
1077 1155
1078 return 0; 1156 return 0;
1079} 1157}
1080 1158
1081void 1159void
1146 // if ((*i)->conf->routerprio) 1224 // if ((*i)->conf->routerprio)
1147 // (*i)->establish_connection (); 1225 // (*i)->establish_connection ();
1148} 1226}
1149 1227
1150void 1228void
1151vpn::main_loop () 1229vpn::udp_ev (short revents)
1152{ 1230{
1153 struct pollfd pollfd[2]; 1231 if (revents & (POLLIN | POLLERR))
1154
1155 pollfd[0].fd = tap->fd;
1156 pollfd[0].events = POLLIN;
1157 pollfd[1].fd = socket_fd;
1158 pollfd[1].events = POLLIN;
1159
1160 events = 0;
1161 now = time (0);
1162 next_timecheck = now + 1;
1163
1164 reconnect_all ();
1165
1166 for (;;)
1167 { 1232 {
1168 int npoll = poll (pollfd, 2, (next_timecheck - now) * 1000); 1233 vpn_packet *pkt = new vpn_packet;
1169 1234 struct sockaddr_in sa;
1170 now = time (0); 1235 socklen_t sa_len = sizeof (sa);
1236 int len;
1171 1237
1238 len = recvfrom (socket_fd, &((*pkt)[0]), MAXSIZE, 0, (sockaddr *)&sa, &sa_len);
1239
1172 if (npoll > 0) 1240 if (len > 0)
1173 { 1241 {
1174 if (pollfd[1].revents) 1242 pkt->len = len;
1243
1244 unsigned int src = pkt->src ();
1245 unsigned int dst = pkt->dst ();
1246
1247 slog (L_NOISE, _("<<?/%s received possible vpn packet type %d from %d to %d, length %d"),
1248 (const char *)sockinfo (sa), pkt->typ (), pkt->src (), pkt->dst (), pkt->len);
1249
1250 if (dst > conns.size () || pkt->typ () >= vpn_packet::PT_MAX)
1251 slog (L_WARN, _("<<? received CORRUPTED packet type %d from %d to %d"),
1252 pkt->typ (), pkt->src (), pkt->dst ());
1253 else if (dst == 0 && !THISNODE->routerprio)
1254 slog (L_WARN, _("<<%d received broadcast, but we are no router"), dst);
1255 else if (dst != 0 && dst != THISNODE->id)
1256 slog (L_WARN,
1257 _("received frame for node %d ('%s') from %s, but this is node %d ('%s')"),
1258 dst, conns[dst - 1]->conf->nodename,
1259 (const char *)sockinfo (sa),
1260 THISNODE->id, THISNODE->nodename);
1261 else if (src == 0 || src > conns.size ())
1262 slog (L_WARN, _("received frame from unknown node %d (%s)"), src, (const char *)sockinfo (sa));
1263 else
1264 conns[src - 1]->recv_vpn_packet (pkt, &sa);
1265 }
1266 else
1267 {
1268 // probably ECONNRESET or somesuch
1269 slog (L_DEBUG, _("%s: %s"), (const char *)sockinfo(sa), strerror (errno));
1270 }
1271
1272 delete pkt;
1273 }
1274 else if (revents & POLLHUP)
1275 {
1276 // this cannot ;) happen on udp sockets
1277 slog (L_ERR, _("FATAL: POLLHUP on socket fd, terminating."));
1278 exit (1);
1279 }
1280 else
1281 {
1282 slog (L_ERR,
1283 _("FATAL: unknown revents %08x in socket, terminating\n"),
1284 revents);
1285 exit (1);
1286 }
1287}
1288
1289void
1290vpn::vpn_ev (short revents)
1291{
1292 if (revents & POLLIN)
1293 {
1294 /* process data */
1295 tap_packet *pkt;
1296
1297 pkt = tap->recv ();
1298
1299 int dst = mac2id (pkt->dst);
1300 int src = mac2id (pkt->src);
1301
1302 if (src != THISNODE->id)
1303 {
1304 slog (L_ERR, _("FATAL: tap packet not originating on current node received, terminating."));
1305 exit (1);
1306 }
1307
1308 if (dst == THISNODE->id)
1309 {
1310 slog (L_ERR, _("FATAL: tap packet destined for current node received, terminating."));
1311 exit (1);
1312 }
1313
1314 if (dst > conns.size ())
1315 slog (L_ERR, _("tap packet for unknown node %d received, ignoring."), dst);
1316 else
1317 {
1318 if (dst)
1175 { 1319 {
1176 if (pollfd[1].revents & (POLLIN | POLLERR)) 1320 // unicast
1177 {
1178 vpn_packet *pkt = new vpn_packet;
1179 struct sockaddr_in sa;
1180 socklen_t sa_len = sizeof (sa);
1181 int len;
1182
1183 len = recvfrom (socket_fd, &((*pkt)[0]), MAXSIZE, 0, (sockaddr *)&sa, &sa_len);
1184
1185 if (len > 0)
1186 {
1187 pkt->len = len;
1188
1189 unsigned int src = pkt->src ();
1190 unsigned int dst = pkt->dst ();
1191
1192 slog (L_NOISE, _("<<?/%s received possible vpn packet type %d from %d to %d, length %d"),
1193 (const char *)sockinfo (sa), pkt->typ (), pkt->src (), pkt->dst (), pkt->len);
1194
1195 if (dst > conns.size () || pkt->typ () >= vpn_packet::PT_MAX)
1196 slog (L_WARN, _("<<? received CORRUPTED packet type %d from %d to %d"),
1197 pkt->typ (), pkt->src (), pkt->dst ());
1198 else if (dst == 0 && !THISNODE->routerprio)
1199 slog (L_WARN, _("<<%d received broadcast, but we are no router"), dst);
1200 else if (dst != 0 && dst != THISNODE->id) 1321 if (dst != THISNODE->id)
1201 slog (L_WARN,
1202 _("received frame for node %d ('%s') from %s, but this is node %d ('%s')"),
1203 dst, conns[dst - 1]->conf->nodename,
1204 (const char *)sockinfo (sa),
1205 THISNODE->id, THISNODE->nodename);
1206 else if (src == 0 || src > conns.size ())
1207 slog (L_WARN, _("received frame from unknown node %d (%s)"), src, (const char *)sockinfo (sa));
1208 else
1209 conns[src - 1]->recv_vpn_packet (pkt, &sa); 1322 conns[dst - 1]->inject_data_packet (pkt);
1210 }
1211 else
1212 {
1213 // probably ECONNRESET or somesuch
1214 slog (L_DEBUG, _("%s: %s"), (const char *)sockinfo(sa), strerror (errno));
1215 }
1216
1217 delete pkt;
1218 } 1323 }
1219 else if (pollfd[1].revents & POLLHUP) 1324 else
1220 { 1325 {
1221 // this cannot ;) happen on udp sockets 1326 // broadcast, first check router, then self, then english
1222 slog (L_ERR, _("FATAL: POLLHUP on socket fd, terminating.")); 1327 connection *router = find_router ();
1223 exit (1); 1328
1224 } 1329 if (router)
1330 router->inject_data_packet (pkt, true);
1225 else 1331 else
1226 {
1227 slog (L_ERR,
1228 _("FATAL: unknown revents %08x in socket, terminating\n"),
1229 pollfd[1].revents);
1230 exit (1);
1231 }
1232 }
1233
1234 // I use else here to give vpn_packets absolute priority
1235 else if (pollfd[0].revents)
1236 {
1237 if (pollfd[0].revents & POLLIN)
1238 {
1239 /* process data */
1240 tap_packet *pkt;
1241
1242 pkt = tap->recv ();
1243
1244 int dst = mac2id (pkt->dst);
1245 int src = mac2id (pkt->src);
1246
1247 if (src != THISNODE->id)
1248 {
1249 slog (L_ERR, _("FATAL: tap packet not originating on current node received, terminating."));
1250 exit (1);
1251 }
1252
1253 if (dst == THISNODE->id)
1254 {
1255 slog (L_ERR, _("FATAL: tap packet destined for current node received, terminating."));
1256 exit (1);
1257 }
1258
1259 if (dst > conns.size ())
1260 slog (L_ERR, _("tap packet for unknown node %d received, ignoring."), dst);
1261 else
1262 {
1263 if (dst)
1264 {
1265 // unicast
1266 if (dst != THISNODE->id)
1267 conns[dst - 1]->inject_data_packet (pkt);
1268 }
1269 else
1270 {
1271 // broadcast, first check router, then self, then english
1272 connection *router = find_router ();
1273
1274 if (router)
1275 router->inject_data_packet (pkt, true);
1276 else
1277 for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) 1332 for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c)
1278 if ((*c)->conf != THISNODE) 1333 if ((*c)->conf != THISNODE)
1279 (*c)->inject_data_packet (pkt); 1334 (*c)->inject_data_packet (pkt);
1280 }
1281 }
1282
1283 delete pkt;
1284 }
1285 else if (pollfd[0].revents & (POLLHUP | POLLERR))
1286 {
1287 slog (L_ERR, _("FATAL: POLLHUP or POLLERR on network device fd, terminating."));
1288 exit (1);
1289 }
1290 else
1291 abort ();
1292 } 1335 }
1293 } 1336 }
1294 1337
1338 delete pkt;
1339 }
1340 else if (revents & (POLLHUP | POLLERR))
1341 {
1342 slog (L_ERR, _("FATAL: POLLHUP or POLLERR on network device fd, terminating."));
1343 exit (1);
1344 }
1345 else
1346 abort ();
1347}
1348
1349void
1350vpn::event_cb (tstamp &ts)
1351{
1295 if (events) 1352 if (events)
1353 {
1354 if (events & EVENT_SHUTDOWN)
1296 { 1355 {
1297 if (events & EVENT_SHUTDOWN)
1298 {
1299 shutdown_all (); 1356 shutdown_all ();
1300 1357
1301 remove_pid (pidfilename); 1358 remove_pid (pidfilename);
1302 1359
1303 slog (L_INFO, _("vped terminating")); 1360 slog (L_INFO, _("vped terminating"));
1304 1361
1305 exit (0); 1362 exit (0);
1306 }
1307
1308 if (events & EVENT_RECONNECT)
1309 reconnect_all ();
1310
1311 events = 0;
1312 } 1363 }
1313 1364
1314 // very very very dumb and crude and inefficient timer handling, or maybe not? 1365 if (events & EVENT_RECONNECT)
1315 if (now >= next_timecheck) 1366 reconnect_all ();
1316 {
1317 next_timecheck = now + TIMER_GRANULARITY;
1318 1367
1319 for (conns_vector::iterator c = conns.begin (); 1368 events = 0;
1320 c != conns.end (); ++c)
1321 (*c)->timer ();
1322 }
1323 } 1369 }
1370
1371 ts = TSTAMP_CANCEL;
1372}
1373
1374vpn::vpn (void)
1375: udp_ev_watcher (this, &vpn::udp_ev)
1376, vpn_ev_watcher (this, &vpn::vpn_ev)
1377, event (this, &vpn::event_cb)
1378{
1324} 1379}
1325 1380
1326vpn::~vpn () 1381vpn::~vpn ()
1327{} 1382{
1383}
1328 1384

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines