… | |
… | |
481 | connection::send_ping (SOCKADDR *dsa, u8 pong) |
481 | connection::send_ping (SOCKADDR *dsa, u8 pong) |
482 | { |
482 | { |
483 | ping_packet *pkt = new ping_packet; |
483 | ping_packet *pkt = new ping_packet; |
484 | |
484 | |
485 | pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); |
485 | pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); |
486 | vpn->send_vpn_packet (pkt, dsa); |
486 | vpn->send_vpn_packet (pkt, dsa, IPTOS_LOWDELAY); |
487 | |
487 | |
488 | delete pkt; |
488 | delete pkt; |
489 | } |
489 | } |
490 | |
490 | |
491 | void |
491 | void |
… | |
… | |
496 | if (limiter.can (dsa)) |
496 | if (limiter.can (dsa)) |
497 | { |
497 | { |
498 | config_packet *pkt = new config_packet; |
498 | config_packet *pkt = new config_packet; |
499 | |
499 | |
500 | pkt->setup (vpn_packet::PT_RESET, conf->id); |
500 | pkt->setup (vpn_packet::PT_RESET, conf->id); |
501 | vpn->send_vpn_packet (pkt, dsa); |
501 | vpn->send_vpn_packet (pkt, dsa, IPTOS_MINCOST); |
502 | |
502 | |
503 | delete pkt; |
503 | delete pkt; |
504 | } |
504 | } |
505 | } |
505 | } |
506 | |
506 | |
… | |
… | |
550 | fatal ("RSA_public_encrypt error"); |
550 | fatal ("RSA_public_encrypt error"); |
551 | #endif |
551 | #endif |
552 | |
552 | |
553 | slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa)); |
553 | slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa)); |
554 | |
554 | |
555 | vpn->send_vpn_packet (pkt, sa); |
555 | vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); |
556 | |
556 | |
557 | delete pkt; |
557 | delete pkt; |
558 | } |
558 | } |
559 | } |
559 | } |
560 | |
560 | |
561 | void |
561 | void |
562 | connection::establish_connection () |
562 | connection::establish_connection () |
563 | { |
563 | { |
564 | if (!ictx && conf != THISNODE && conf->connectmode != conf_node::C_NEVER) |
564 | if (!ictx && conf != THISNODE && connectmode != conf_node::C_NEVER) |
565 | { |
565 | { |
566 | if (now >= next_retry) |
566 | if (now >= next_retry) |
567 | { |
567 | { |
568 | int retry_int = retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2); |
568 | int retry_int = retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2); |
569 | |
569 | |
570 | if (retry_cnt < (17 << 2) | 3) |
570 | if (retry_cnt < (17 << 2) | 3) |
571 | retry_cnt++; |
571 | retry_cnt++; |
572 | |
572 | |
573 | if (conf->connectmode == conf_node::C_ONDEMAND |
573 | if (connectmode == conf_node::C_ONDEMAND |
574 | && retry_int > ::conf.keepalive) |
574 | && retry_int > ::conf.keepalive) |
575 | retry_int = ::conf.keepalive; |
575 | retry_int = ::conf.keepalive; |
576 | |
576 | |
577 | next_retry = now + retry_int; |
577 | next_retry = now + retry_int; |
578 | next_wakeup (next_retry); |
578 | next_wakeup (next_retry); |
… | |
… | |
635 | |
635 | |
636 | void |
636 | void |
637 | connection::send_data_packet (tap_packet * pkt, bool broadcast) |
637 | connection::send_data_packet (tap_packet * pkt, bool broadcast) |
638 | { |
638 | { |
639 | vpndata_packet *p = new vpndata_packet; |
639 | vpndata_packet *p = new vpndata_packet; |
|
|
640 | int tos = 0; |
|
|
641 | |
|
|
642 | if (conf->inherit_tos |
|
|
643 | && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP |
|
|
644 | && ((*pkt)[14] & 0xf0) == 0x40) // IPv4 |
|
|
645 | tos = (*pkt)[15] & IPTOS_TOS_MASK; |
|
|
646 | printf ("%d %02x %02x %02x %02x = %02x\n", (int)conf->inherit_tos, (*pkt)[12],(*pkt)[13],(*pkt)[14],(*pkt)[15], tos); |
640 | |
647 | |
641 | p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs |
648 | p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs |
642 | vpn->send_vpn_packet (p, &sa); |
649 | vpn->send_vpn_packet (p, &sa, tos); |
643 | |
650 | |
644 | delete p; |
651 | delete p; |
645 | |
652 | |
646 | if (oseqno > MAX_SEQNO) |
653 | if (oseqno > MAX_SEQNO) |
647 | rekey (); |
654 | rekey (); |
… | |
… | |
692 | { |
699 | { |
693 | reset_connection (); |
700 | reset_connection (); |
694 | |
701 | |
695 | config_packet *p = (config_packet *) pkt; |
702 | config_packet *p = (config_packet *) pkt; |
696 | if (p->chk_config ()) |
703 | if (p->chk_config ()) |
697 | if (conf->connectmode == conf_node::C_ALWAYS) |
704 | if (connectmode == conf_node::C_ALWAYS) |
698 | establish_connection (); |
705 | establish_connection (); |
699 | |
706 | |
700 | //D slog the protocol mismatch? |
707 | //D slog the protocol mismatch? |
701 | } |
708 | } |
702 | break; |
709 | break; |
… | |
… | |
781 | while (tap_packet *p = queue.get ()) |
788 | while (tap_packet *p = queue.get ()) |
782 | { |
789 | { |
783 | send_data_packet (p); |
790 | send_data_packet (p); |
784 | delete p; |
791 | delete p; |
785 | } |
792 | } |
|
|
793 | |
|
|
794 | connectmode = conf->connectmode; |
786 | |
795 | |
787 | slog (L_INFO, _("connection to %d (%s %s) established"), |
796 | slog (L_INFO, _("connection to %d (%s %s) established"), |
788 | conf->id, conf->nodename, (const char *)sockinfo (ssa)); |
797 | conf->id, conf->nodename, (const char *)sockinfo (ssa)); |
789 | |
798 | |
790 | if (::conf.script_node_up) |
799 | if (::conf.script_node_up) |
… | |
… | |
889 | slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n", |
898 | slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n", |
890 | conf->id, p->id, c->ictx && c->octx); |
899 | conf->id, p->id, c->ictx && c->octx); |
891 | |
900 | |
892 | if (c->ictx && c->octx) |
901 | if (c->ictx && c->octx) |
893 | { |
902 | { |
|
|
903 | // send connect_info packets to both sides, in case one is |
|
|
904 | // behind a nat firewall (or both ;) |
|
|
905 | { |
894 | sockinfo si(sa); |
906 | sockinfo si(sa); |
895 | |
907 | |
896 | slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n", |
908 | slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n", |
897 | c->conf->id, p->id, (const char *)si); |
909 | c->conf->id, conf->id, (const char *)si); |
898 | |
910 | |
899 | connect_info_packet *r = new connect_info_packet (c->conf->id, conf->id, si); |
911 | connect_info_packet *r = new connect_info_packet (c->conf->id, conf->id, si); |
900 | |
912 | |
901 | r->hmac_set (c->octx); |
913 | r->hmac_set (c->octx); |
902 | vpn->send_vpn_packet (r, &c->sa); |
914 | vpn->send_vpn_packet (r, &c->sa); |
903 | |
915 | |
904 | delete r; |
916 | delete r; |
|
|
917 | } |
|
|
918 | |
|
|
919 | { |
|
|
920 | sockinfo si(c->sa); |
|
|
921 | |
|
|
922 | slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n", |
|
|
923 | conf->id, c->conf->id, (const char *)si); |
|
|
924 | |
|
|
925 | connect_info_packet *r = new connect_info_packet (conf->id, c->conf->id, si); |
|
|
926 | |
|
|
927 | r->hmac_set (octx); |
|
|
928 | vpn->send_vpn_packet (r, &sa); |
|
|
929 | |
|
|
930 | delete r; |
|
|
931 | } |
905 | } |
932 | } |
906 | } |
933 | } |
907 | |
934 | |
908 | break; |
935 | break; |
909 | |
936 | |
… | |
… | |
931 | |
958 | |
932 | void connection::timer () |
959 | void connection::timer () |
933 | { |
960 | { |
934 | if (conf != THISNODE) |
961 | if (conf != THISNODE) |
935 | { |
962 | { |
936 | if (now >= next_retry && conf->connectmode == conf_node::C_ALWAYS) |
963 | if (now >= next_retry && connectmode == conf_node::C_ALWAYS) |
937 | establish_connection (); |
964 | establish_connection (); |
938 | |
965 | |
939 | if (ictx && octx) |
966 | if (ictx && octx) |
940 | { |
967 | { |
941 | if (now >= next_rekey) |
968 | if (now >= next_rekey) |
… | |
… | |
1075 | |
1102 | |
1076 | return 0; |
1103 | return 0; |
1077 | } |
1104 | } |
1078 | |
1105 | |
1079 | void |
1106 | void |
1080 | vpn::send_vpn_packet (vpn_packet *pkt, SOCKADDR *sa) |
1107 | vpn::send_vpn_packet (vpn_packet *pkt, SOCKADDR *sa, int tos) |
1081 | { |
1108 | { |
|
|
1109 | setsockopt (socket_fd, SOL_IP, IP_TOS, &tos, sizeof tos); |
1082 | sendto (socket_fd, &((*pkt)[0]), pkt->len, 0, (sockaddr *)sa, sizeof (*sa)); |
1110 | sendto (socket_fd, &((*pkt)[0]), pkt->len, 0, (sockaddr *)sa, sizeof (*sa)); |
1083 | } |
1111 | } |
1084 | |
1112 | |
1085 | void |
1113 | void |
1086 | vpn::shutdown_all () |
1114 | vpn::shutdown_all () |
… | |
… | |
1103 | connection *conn = new connection (this); |
1131 | connection *conn = new connection (this); |
1104 | |
1132 | |
1105 | conn->conf = *i; |
1133 | conn->conf = *i; |
1106 | conns.push_back (conn); |
1134 | conns.push_back (conn); |
1107 | |
1135 | |
1108 | if (conn->conf->connectmode == conf_node::C_ALWAYS) |
|
|
1109 | conn->establish_connection (); |
1136 | conn->establish_connection (); |
1110 | } |
1137 | } |
1111 | } |
1138 | } |
1112 | |
1139 | |
1113 | connection *vpn::find_router () |
1140 | connection *vpn::find_router () |
1114 | { |
1141 | { |
… | |
… | |
1118 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
1145 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
1119 | { |
1146 | { |
1120 | connection *c = *i; |
1147 | connection *c = *i; |
1121 | |
1148 | |
1122 | if (c->conf->routerprio > prio |
1149 | if (c->conf->routerprio > prio |
1123 | && c->conf->connectmode == conf_node::C_ALWAYS |
1150 | && c->connectmode == conf_node::C_ALWAYS |
1124 | && c->conf != THISNODE |
1151 | && c->conf != THISNODE |
1125 | && c->ictx && c->octx) |
1152 | && c->ictx && c->octx) |
1126 | { |
1153 | { |
1127 | prio = c->conf->routerprio; |
1154 | prio = c->conf->routerprio; |
1128 | router = c; |
1155 | router = c; |