[ViewVC] Diff of: cvs/gvpe/src/protocol.C

Comparing gvpe/src/protocol.C (file contents):
Revision 1.2 by pcg, Sun Mar 2 23:04:02 2003 UTC vs.
Revision 1.14 by pcg, Sat Mar 22 22:39:11 2003 UTC

…		…
16	Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA	16	Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17	*/	17	*/
18		18
19	#include "config.h"	19	#include "config.h"
20		20
		21	#include <list>
		22
21	#include <cstdlib>	23	#include <cstdlib>
22	#include <cstring>	24	#include <cstring>
23	#include <cstdio>	25	#include <cstdio>
24		26
25	#include <sys/types.h>	27	#include <sys/types.h>
…		…
60		62
61	static const rsachallenge &	63	static const rsachallenge &
62	challenge_bytes ()	64	challenge_bytes ()
63	{	65	{
64	static rsachallenge challenge;	66	static rsachallenge challenge;
65	static time_t challenge_ttl; // time this challenge needs to be recreated	67	static double challenge_ttl; // time this challenge needs to be recreated
66		68
67	if (now > challenge_ttl)	69	if (NOW > challenge_ttl)
68	{	70	{
69	RAND_bytes ((unsigned char *)&challenge, sizeof (challenge));	71	RAND_bytes ((unsigned char *)&challenge, sizeof (challenge));
70	challenge_ttl = now + CHALLENGE_TTL;	72	challenge_ttl = NOW + CHALLENGE_TTL;
71	}	73	}
72		74
73	return challenge;	75	return challenge;
		76	}
		77
		78	// caching of rsa operations really helps slow computers
		79	struct rsa_entry {
		80	tstamp expire;
		81	rsachallenge chg;
		82	RSA *key; // which key
		83	rsaencrdata encr;
		84
		85	rsa_entry ()
		86	{
		87	expire = NOW + CHALLENGE_TTL;
		88	}
		89	};
		90
		91	struct rsa_cache : list<rsa_entry>
		92	{
		93	void cleaner_cb (tstamp &ts); time_watcher cleaner;
		94
		95	const rsaencrdata public_encrypt (RSA key, const rsachallenge &chg)
		96	{
		97	for (iterator i = begin (); i != end (); ++i)
		98	{
		99	if (i->key == key && !memcmp (&chg, &i->chg, sizeof chg))
		100	return &i->encr;
		101	}
		102
		103	if (cleaner.at < NOW)
		104	cleaner.start (NOW + CHALLENGE_TTL);
		105
		106	resize (size () + 1);
		107	rsa_entry e = &(rbegin ());
		108
		109	e->key = key;
		110	memcpy (&e->chg, &chg, sizeof chg);
		111
		112	if (0 > RSA_public_encrypt (sizeof chg,
		113	(unsigned char )&chg, (unsigned char )&e->encr,
		114	key, RSA_PKCS1_OAEP_PADDING))
		115	fatal ("RSA_public_encrypt error");
		116
		117	return &e->encr;
		118	}
		119
		120	const rsachallenge private_decrypt (RSA key, const rsaencrdata &encr)
		121	{
		122	for (iterator i = begin (); i != end (); ++i)
		123	if (i->key == key && !memcmp (&encr, &i->encr, sizeof encr))
		124	return &i->chg;
		125
		126	if (cleaner.at < NOW)
		127	cleaner.start (NOW + CHALLENGE_TTL);
		128
		129	resize (size () + 1);
		130	rsa_entry e = &(rbegin ());
		131
		132	e->key = key;
		133	memcpy (&e->encr, &encr, sizeof encr);
		134
		135	if (0 > RSA_private_decrypt (sizeof encr,
		136	(unsigned char )&encr, (unsigned char )&e->chg,
		137	key, RSA_PKCS1_OAEP_PADDING))
		138	{
		139	pop_back ();
		140	return 0;
		141	}
		142
		143	return &e->chg;
		144	}
		145
		146	rsa_cache ()
		147	: cleaner (this, &rsa_cache::cleaner_cb)
		148	{ }
		149
		150	} rsa_cache;
		151
		152	void rsa_cache::cleaner_cb (tstamp &ts)
		153	{
		154	if (empty ())
		155	ts = TSTAMP_CANCEL;
		156	else
		157	{
		158	ts = NOW + 3;
		159	for (iterator i = begin (); i != end (); )
		160	{
		161	if (i->expire >= NOW)
		162	i = erase (i);
		163	else
		164	++i;
		165	}
		166	}
74	}	167	}
75		168
76	// run a script. yes, it's a template function. yes, c++	169	// run a script. yes, it's a template function. yes, c++
77	// is not a functional language. yes, this suxx.	170	// is not a functional language. yes, this suxx.
78	template<class owner>	171	template<class owner>
…		…
112	struct crypto_ctx	205	struct crypto_ctx
113	{	206	{
114	EVP_CIPHER_CTX cctx;	207	EVP_CIPHER_CTX cctx;
115	HMAC_CTX hctx;	208	HMAC_CTX hctx;
116		209
117	crypto_ctx (rsachallenge &challenge, int enc);	210	crypto_ctx (const rsachallenge &challenge, int enc);
118	~crypto_ctx ();	211	~crypto_ctx ();
119	};	212	};
120		213
121	crypto_ctx::crypto_ctx (rsachallenge &challenge, int enc)	214	crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc)
122	{	215	{
123	EVP_CIPHER_CTX_init (&cctx);	216	EVP_CIPHER_CTX_init (&cctx);
124	EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);	217	EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
125	HMAC_CTX_init (&hctx);	218	HMAC_CTX_init (&hctx);
126	HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);	219	HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
…		…
128		221
129	crypto_ctx::~crypto_ctx ()	222	crypto_ctx::~crypto_ctx ()
130	{	223	{
131	EVP_CIPHER_CTX_cleanup (&cctx);	224	EVP_CIPHER_CTX_cleanup (&cctx);
132	HMAC_CTX_cleanup (&hctx);	225	HMAC_CTX_cleanup (&hctx);
		226	}
		227
		228	//////////////////////////////////////////////////////////////////////////////
		229
		230	void pkt_queue::put (tap_packet *p)
		231	{
		232	if (queue[i])
		233	{
		234	delete queue[i];
		235	j = (j + 1) % QUEUEDEPTH;
		236	}
		237
		238	queue[i] = p;
		239
		240	i = (i + 1) % QUEUEDEPTH;
		241	}
		242
		243	tap_packet *pkt_queue::get ()
		244	{
		245	tap_packet *p = queue[j];
		246
		247	if (p)
		248	{
		249	queue[j] = 0;
		250	j = (j + 1) % QUEUEDEPTH;
		251	}
		252
		253	return p;
		254	}
		255
		256	pkt_queue::pkt_queue ()
		257	{
		258	memset (queue, 0, sizeof (queue));
		259	i = 0;
		260	j = 0;
		261	}
		262
		263	pkt_queue::~pkt_queue ()
		264	{
		265	for (i = QUEUEDEPTH; --i > 0; )
		266	delete queue[i];
		267	}
		268
		269	// only do action once every x seconds per host.
		270	// currently this is quite a slow implementation,
		271	// but suffices for normal operation.
		272	struct u32_rate_limiter : private map<u32, tstamp>
		273	{
		274	tstamp every;
		275
		276	bool can (u32 host);
		277
		278	u32_rate_limiter (tstamp every = 1)
		279	{
		280	this->every = every;
		281	}
		282	};
		283
		284	struct net_rate_limiter : u32_rate_limiter
		285	{
		286	bool can (SOCKADDR *sa) { return u32_rate_limiter::can((u32)sa->sin_addr.s_addr); }
		287	bool can (sockinfo &si) { return u32_rate_limiter::can((u32)si.host); }
		288
		289	net_rate_limiter (tstamp every) : u32_rate_limiter (every) {}
		290	};
		291
		292	bool u32_rate_limiter::can (u32 host)
		293	{
		294	iterator i;
		295
		296	for (i = begin (); i != end (); )
		297	if (i->second <= NOW)
		298	{
		299	erase (i);
		300	i = begin ();
		301	}
		302	else
		303	++i;
		304
		305	i = find (host);
		306
		307	if (i != end ())
		308	return false;
		309
		310	insert (value_type (host, NOW + every));
		311
		312	return true;
133	}	313	}
134		314
135	/////////////////////////////////////////////////////////////////////////////	315	/////////////////////////////////////////////////////////////////////////////
136		316
137	static void next_wakeup (time_t next)	317	static void next_wakeup (time_t next)
…		…
200		380
201	unsigned int src ()	381	unsigned int src ()
202	{	382	{
203	return src1 \| ((srcdst >> 4) << 8);	383	return src1 \| ((srcdst >> 4) << 8);
204	}	384	}
		385
205	unsigned int dst ()	386	unsigned int dst ()
206	{	387	{
207	return dst1 \| ((srcdst & 0xf) << 8);	388	return dst1 \| ((srcdst & 0xf) << 8);
208	}	389	}
		390
209	ptype typ ()	391	ptype typ ()
210	{	392	{
211	return (ptype) type;	393	return (ptype) type;
212	}	394	}
213	};	395	};
…		…
252	u32 cl;	434	u32 cl;
253		435
254	cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);	436	cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
255	if (cl)	437	if (cl)
256	{	438	{
257	//printf ("compressed packet, %d => %d\n", l, cl);//D
258	type = PT_DATA_COMPRESSED;	439	type = PT_DATA_COMPRESSED;
259	d = cdata;	440	d = cdata;
260	l = cl + 2;	441	l = cl + 2;
261		442
262	d[0] = cl >> 8;	443	d[0] = cl >> 8;
…		…
264	}	445	}
265	#endif	446	#endif
266		447
267	EVP_EncryptInit_ex (cctx, 0, 0, 0, 0);	448	EVP_EncryptInit_ex (cctx, 0, 0, 0, 0);
268		449
		450	struct {
269	#if RAND_SIZE	451	#if RAND_SIZE
270	struct {
271	u8 rnd[RAND_SIZE];	452	u8 rnd[RAND_SIZE];
		453	#endif
272	u32 seqno;	454	u32 seqno;
273	} datahdr;	455	} datahdr;
274		456
275	datahdr.seqno = seqno;	457	datahdr.seqno = ntohl (seqno);
		458	#if RAND_SIZE
276	RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);	459	RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);
		460	#endif
277		461
278	EVP_EncryptUpdate (cctx,	462	EVP_EncryptUpdate (cctx,
279	(unsigned char *) data + outl, &outl2,	463	(unsigned char *) data + outl, &outl2,
280	(unsigned char *) &datahdr, DATAHDR);	464	(unsigned char *) &datahdr, DATAHDR);
281	outl += outl2;	465	outl += outl2;
282	#else
283	EVP_EncryptUpdate (cctx,
284	(unsigned char *) data + outl, &outl2,
285	(unsigned char *) &seqno, DATAHDR);
286	outl += outl2;
287	#endif
288		466
289	EVP_EncryptUpdate (cctx,	467	EVP_EncryptUpdate (cctx,
290	(unsigned char *) data + outl, &outl2,	468	(unsigned char *) data + outl, &outl2,
291	(unsigned char *) d, l);	469	(unsigned char *) d, l);
292	outl += outl2;	470	outl += outl2;
…		…
328	outl += outl2;	506	outl += outl2;
329		507
330	EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2);	508	EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2);
331	outl += outl2;	509	outl += outl2;
332		510
333	seqno = (u32 )(d + RAND_SIZE);	511	seqno = ntohl ((u32 )(d + RAND_SIZE));
334		512
335	id2mac (dst () ? dst() : THISNODE->id, p->dst);	513	id2mac (dst () ? dst() : THISNODE->id, p->dst);
336	id2mac (src (), p->src);	514	id2mac (src (), p->src);
337		515
338	#if ENABLE_COMPRESSION	516	#if ENABLE_COMPRESSION
339	if (type == PT_DATA_COMPRESSED)	517	if (type == PT_DATA_COMPRESSED)
340	{	518	{
341	u32 cl = (d[DATAHDR] << 8) \| d[DATAHDR + 1];	519	u32 cl = (d[DATAHDR] << 8) \| d[DATAHDR + 1];
342	p->len = lzf_decompress (d + DATAHDR + 2, cl, &(*p)[6 + 6], MAX_MTU) + 6 + 6;	520	p->len = lzf_decompress (d + DATAHDR + 2, cl, &(*p)[6 + 6], MAX_MTU) + 6 + 6;
343	//printf ("decompressxed %d(%d) => %d\n", cl, len - data_hdr_size (), p->len);//D
344	}	521	}
345	else	522	else
346	p->len = outl + (6 + 6 - DATAHDR);	523	p->len = outl + (6 + 6 - DATAHDR);
347	#endif	524	#endif
348		525
…		…
369	u32 digest_nid;	546	u32 digest_nid;
370		547
371	const u8 curflags () const	548	const u8 curflags () const
372	{	549	{
373	return 0x80	550	return 0x80
374	\| (ENABLE_COMPRESSION ? 0x01 : 0x00)	551	\| (ENABLE_COMPRESSION ? 0x01 : 0x00);
375	\| (ENABLE_TRUST ? 0x02 : 0x00);
376	}	552	}
377		553
378	void setup (ptype type, int dst)	554	void setup (ptype type, int dst)
379	{	555	{
380	prot_major = PROTOCOL_MAJOR;	556	prot_major = PROTOCOL_MAJOR;
…		…
481	connection::send_ping (SOCKADDR *dsa, u8 pong)	657	connection::send_ping (SOCKADDR *dsa, u8 pong)
482	{	658	{
483	ping_packet *pkt = new ping_packet;	659	ping_packet *pkt = new ping_packet;
484		660
485	pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);	661	pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
486	vpn->send_vpn_packet (pkt, dsa);	662	vpn->send_vpn_packet (pkt, dsa, IPTOS_LOWDELAY);
487		663
488	delete pkt;	664	delete pkt;
489	}	665	}
490		666
491	void	667	void
492	connection::send_reset (SOCKADDR *dsa)	668	connection::send_reset (SOCKADDR *dsa)
493	{	669	{
494	static net_rate_limiter limiter(1);	670	static net_rate_limiter limiter(1);
495		671
496	if (limiter.can (dsa))	672	if (limiter.can (dsa) && connectmode != conf_node::C_DISABLED)
497	{	673	{
498	config_packet *pkt = new config_packet;	674	config_packet *pkt = new config_packet;
499		675
500	pkt->setup (vpn_packet::PT_RESET, conf->id);	676	pkt->setup (vpn_packet::PT_RESET, conf->id);
501	vpn->send_vpn_packet (pkt, dsa);	677	vpn->send_vpn_packet (pkt, dsa, IPTOS_MINCOST);
502		678
503	delete pkt;	679	delete pkt;
504	}	680	}
505	}	681	}
506		682
507	static rsachallenge *	683	static rsachallenge *
508	gen_challenge (SOCKADDR *sa)	684	gen_challenge (u32 seqrand, SOCKADDR *sa)
509	{	685	{
510	static rsachallenge k;	686	static rsachallenge k;
511		687
512	memcpy (&k, &challenge_bytes (), sizeof (k));	688	memcpy (&k, &challenge_bytes (), sizeof (k));
513	RAND_bytes ((unsigned char *)&k[CHG_SEQNO], sizeof (u32));	689	(u32 )&k[CHG_SEQNO] ^= seqrand;
514	xor_sa (k, sa);	690	xor_sa (k, sa);
515		691
516	return &k;	692	return &k;
517	}	693	}
518		694
519	void	695	void
520	connection::send_auth (auth_subtype subtype, SOCKADDR sa, rsachallenge k)	696	connection::send_auth (auth_subtype subtype, SOCKADDR sa, const rsachallenge k)
521	{	697	{
522	static net_rate_limiter limiter(2);	698	static net_rate_limiter limiter(0.2);
523		699
524	if (subtype != AUTH_INIT \|\| limiter.can (sa))	700	if (subtype != AUTH_INIT \|\| limiter.can (sa))
525	{	701	{
		702	if (!k)
		703	k = gen_challenge (seqrand, sa);
		704
526	auth_packet *pkt = new auth_packet (conf->id, subtype);	705	auth_packet *pkt = new auth_packet (conf->id, subtype);
527		706
528	//printf ("send auth_packet subtype %d\n", subtype);//D	707	memcpy (pkt->challenge, rsa_cache.public_encrypt (conf->rsa_key, *k), sizeof (rsaencrdata));
529
530	if (!k)
531	k = gen_challenge (sa);
532
533	#if ENABLE_TRUST
534	if (0 > RSA_public_encrypt (sizeof (*k),
535	(unsigned char )k, (unsigned char )&pkt->challenge,
536	conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
537	fatal ("RSA_public_encrypt error");
538	#else
539	# error untrusted mode not yet implemented: programemr does not know how to
540	rsaencrdata enc;
541
542	if (0 > RSA_private_encrypt (sizeof (*k),
543	(unsigned char )k, (unsigned char )&enc,
544	::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
545	fatal ("RSA_private_encrypt error");
546
547	if (0 > RSA_public_encrypt (sizeof (enc),
548	(unsigned char )enc, (unsigned char )&pkt->challenge,
549	conf->rsa_key, RSA_NO_PADDING))
550	fatal ("RSA_public_encrypt error");
551	#endif
552		708
553	slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa));	709	slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa));
554		710
555	vpn->send_vpn_packet (pkt, sa);	711	vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY);
556		712
557	delete pkt;	713	delete pkt;
558	}	714	}
559	}	715	}
560		716
561	void	717	void
562	connection::establish_connection ()	718	connection::establish_connection_cb (tstamp &ts)
563	{	719	{
564	if (!ictx && conf != THISNODE && conf->connectmode != conf_node::C_NEVER)	720	if (ictx \|\| conf == THISNODE \|\| connectmode == conf_node::C_NEVER)
		721	ts = TSTAMP_CANCEL;
		722	else if (ts <= NOW)
565	{	723	{
566	if (now >= next_retry)	724	double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.25;
567	{
568	int retry_int = retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2);
569		725
570	if (retry_cnt < (17 << 2) \| 3)	726	if (retry_int < 3600 * 8)
571	retry_cnt++;	727	retry_cnt++;
572		728
573	if (conf->connectmode == conf_node::C_ONDEMAND	729	if (connectmode == conf_node::C_ONDEMAND
574	&& retry_int > ::conf.keepalive)	730	&& retry_int > ::conf.keepalive)
575	retry_int = ::conf.keepalive;	731	retry_int = ::conf.keepalive;
576		732
577	next_retry = now + retry_int;	733	ts = NOW + retry_int;
578	next_wakeup (next_retry);
579		734
580	if (conf->hostname)	735	if (conf->hostname)
581	{	736	{
582	reset_dstaddr ();	737	reset_dstaddr ();
583	if (sa.sin_addr.s_addr)	738	if (sa.sin_addr.s_addr)
584	if (retry_cnt < 4)	739	if (retry_cnt < 4)
585	send_auth (AUTH_INIT, &sa);	740	send_auth (AUTH_INIT, &sa);
586	else	741	else
587	send_ping (&sa, 0);	742	send_ping (&sa, 0);
588	}	743	}
589	else	744	else
590	vpn->connect_request (conf->id);	745	vpn->connect_request (conf->id);
591	}
592	}	746	}
593	}	747	}
594		748
595	void	749	void
596	connection::reset_connection ()	750	connection::reset_connection ()
…		…
601		755
602	if (::conf.script_node_down)	756	if (::conf.script_node_down)
603	run_script (this, &connection::script_node_down, false);	757	run_script (this, &connection::script_node_down, false);
604	}	758	}
605		759
606	delete ictx;	760	delete ictx; ictx = 0;
607	ictx = 0;	761	delete octx; octx = 0;
608		762
609	delete octx;	763	RAND_bytes ((unsigned char *)&seqrand, sizeof (u32));
610	octx = 0;
611		764
612	sa.sin_port = 0;	765	sa.sin_port = 0;
613	sa.sin_addr.s_addr = 0;	766	sa.sin_addr.s_addr = 0;
614		767
615	next_retry = 0;
616	next_rekey = 0;
617	last_activity = 0;	768	last_activity = 0;
		769
		770	rekey.reset ();
		771	keepalive.reset ();
		772	establish_connection.reset ();
618	}	773	}
619		774
620	void	775	void
621	connection::shutdown ()	776	connection::shutdown ()
622	{	777	{
…		…
625		780
626	reset_connection ();	781	reset_connection ();
627	}	782	}
628		783
629	void	784	void
630	connection::rekey ()	785	connection::rekey_cb (tstamp &ts)
631	{	786	{
		787	ts = TSTAMP_CANCEL;
		788
632	reset_connection ();	789	reset_connection ();
633	establish_connection ();	790	establish_connection ();
634	}	791	}
635		792
636	void	793	void
637	connection::send_data_packet (tap_packet * pkt, bool broadcast)	794	connection::send_data_packet (tap_packet * pkt, bool broadcast)
638	{	795	{
639	vpndata_packet *p = new vpndata_packet;	796	vpndata_packet *p = new vpndata_packet;
		797	int tos = 0;
		798
		799	if (conf->inherit_tos
		800	&& (pkt)[12] == 0x08 && (pkt)[13] == 0x00 // IP
		801	&& ((*pkt)[14] & 0xf0) == 0x40) // IPv4
		802	tos = (*pkt)[15] & IPTOS_TOS_MASK;
640		803
641	p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs	804	p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
642	vpn->send_vpn_packet (p, &sa);	805	vpn->send_vpn_packet (p, &sa, tos);
643		806
644	delete p;	807	delete p;
645		808
646	if (oseqno > MAX_SEQNO)	809	if (oseqno > MAX_SEQNO)
647	rekey ();	810	rekey ();
…		…
662	}	825	}
663		826
664	void	827	void
665	connection::recv_vpn_packet (vpn_packet pkt, SOCKADDR ssa)	828	connection::recv_vpn_packet (vpn_packet pkt, SOCKADDR ssa)
666	{	829	{
667	last_activity = now;	830	last_activity = NOW;
668		831
669	slog (L_NOISE, "<<%d received packet type %d from %d to %d",	832	slog (L_NOISE, "<<%d received packet type %d from %d to %d",
670	conf->id, pkt->typ (), pkt->src (), pkt->dst ());	833	conf->id, pkt->typ (), pkt->src (), pkt->dst ());
671		834
672	switch (pkt->typ ())	835	switch (pkt->typ ())
…		…
680	// so reset the retry counter and establish a conenction	843	// so reset the retry counter and establish a conenction
681	// when we receive a pong.	844	// when we receive a pong.
682	if (!ictx && !octx)	845	if (!ictx && !octx)
683	{	846	{
684	retry_cnt = 0;	847	retry_cnt = 0;
685	next_retry = 0;	848	establish_connection.at = 0;
686	establish_connection ();	849	establish_connection ();
687	}	850	}
688		851
689	break;	852	break;
690		853
691	case vpn_packet::PT_RESET:	854	case vpn_packet::PT_RESET:
692	{	855	{
693	reset_connection ();	856	reset_connection ();
694		857
695	config_packet p = (config_packet ) pkt;	858	config_packet p = (config_packet ) pkt;
696	if (p->chk_config ())	859	if (!p->chk_config ())
		860	{
		861	slog (L_WARN, _("protocol mismatch, disabling node '%s'"), conf->nodename);
		862	connectmode = conf_node::C_DISABLED;
		863	}
697	if (conf->connectmode == conf_node::C_ALWAYS)	864	else if (connectmode == conf_node::C_ALWAYS)
698	establish_connection ();	865	establish_connection ();
699
700	//D slog the protocol mismatch?
701	}	866	}
702	break;	867	break;
703		868
704	case vpn_packet::PT_AUTH:	869	case vpn_packet::PT_AUTH:
705	{	870	{
…		…
715	PROTOCOL_MINOR, conf->nodename, p->prot_minor);	880	PROTOCOL_MINOR, conf->nodename, p->prot_minor);
716		881
717	if (p->subtype == AUTH_INIT)	882	if (p->subtype == AUTH_INIT)
718	send_auth (AUTH_INITREPLY, ssa);	883	send_auth (AUTH_INITREPLY, ssa);
719		884
720	rsachallenge k;	885	const rsachallenge *k = rsa_cache.private_decrypt (::conf.rsa_key, p->challenge);
721		886
722	#if ENABLE_TRUST
723	if (0 > RSA_private_decrypt (sizeof (rsaencrdata),
724	(unsigned char )&p->challenge, (unsigned char )&k,
725	::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
726	// continued below
727	#else
728	rsaencrdata j;
729		887	if (!k)
730	if (0 > RSA_private_decrypt (sizeof (rsaencrdata),
731	(unsigned char )&p->challenge, (unsigned char )&j,
732	::conf.rsa_key, RSA_NO_PADDING))
733	fatal ("RSA_private_decrypt error");
734
735	if (0 > RSA_public_decrypt (sizeof (k),
736	(unsigned char )&j, (unsigned char )&k,
737	conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
738	// continued below
739	#endif
740	{	888	{
741	slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"),	889	slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"),
742	conf->nodename, (const char *)sockinfo (ssa));	890	conf->nodename, (const char *)sockinfo (ssa));
743	break;	891	break;
744	}	892	}
745		893
746	retry_cnt = 0;	894	retry_cnt = 0;
747	next_retry = now + 8;	895	establish_connection.set (NOW + 8); //? ;)
		896	keepalive.reset ();
		897	rekey.reset ();
748		898
749	switch (p->subtype)	899	switch (p->subtype)
750	{	900	{
751	case AUTH_INIT:	901	case AUTH_INIT:
752	case AUTH_INITREPLY:	902	case AUTH_INITREPLY:
753	delete ictx;	903	delete ictx;
754	ictx = 0;	904	ictx = 0;
755		905
756	delete octx;	906	delete octx;
757		907
758	octx = new crypto_ctx (k, 1);	908	octx = new crypto_ctx (*k, 1);
759	oseqno = (u32 )&k[CHG_SEQNO] & 0x7fffffff;	909	oseqno = ntohl ((u32 )&k[CHG_SEQNO]) & 0x7fffffff;
760		910
761	send_auth (AUTH_REPLY, ssa, &k);	911	send_auth (AUTH_REPLY, ssa, k);
762	break;	912	break;
763		913
764	case AUTH_REPLY:	914	case AUTH_REPLY:
765		915
766	if (!memcmp ((u8 )gen_challenge (ssa) + sizeof (u32), (u8 )&k + sizeof (u32),	916	if (!memcmp ((u8 )gen_challenge (seqrand, ssa), (u8 )k, sizeof (rsachallenge)))
767	sizeof (rsachallenge) - sizeof (u32)))
768	{	917	{
769	delete ictx;	918	delete ictx;
770		919
771	ictx = new crypto_ctx (k, 0);	920	ictx = new crypto_ctx (*k, 0);
772	iseqno = (u32 )&k[CHG_SEQNO] & 0x7fffffff; // at least 2**31 sequence numbers are valid	921	iseqno.reset (ntohl ((u32 )&k[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
773	ismask = 0xffffffff; // initially, all lower sequence numbers are invalid
774		922
775	sa = *ssa;	923	sa = *ssa;
776		924
777	next_rekey = now + ::conf.rekey;	925	rekey.set (NOW + ::conf.rekey);
778	next_wakeup (next_rekey);	926	keepalive.set (NOW + ::conf.keepalive);
779		927
780	// send queued packets	928	// send queued packets
781	while (tap_packet *p = queue.get ())	929	while (tap_packet *p = queue.get ())
782	{	930	{
783	send_data_packet (p);	931	send_data_packet (p);
784	delete p;	932	delete p;
785	}	933	}
		934
		935	connectmode = conf->connectmode;
786		936
787	slog (L_INFO, _("connection to %d (%s %s) established"),	937	slog (L_INFO, _("connection to %d (%s %s) established"),
788	conf->id, conf->nodename, (const char *)sockinfo (ssa));	938	conf->id, conf->nodename, (const char *)sockinfo (ssa));
789		939
790	if (::conf.script_node_up)	940	if (::conf.script_node_up)
…		…
826	else	976	else
827	{	977	{
828	u32 seqno;	978	u32 seqno;
829	tap_packet *d = p->unpack (this, seqno);	979	tap_packet *d = p->unpack (this, seqno);
830		980
831	if (seqno <= iseqno - 32)	981	if (iseqno.recv_ok (seqno))
832	slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n"
833	"possible replay attack, or just massive packet reordering"), seqno, iseqno + 1);//D
834	else if (seqno > iseqno + 32)
835	slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n"
836	"possible replay attack, or just massive packet loss"), seqno, iseqno + 1);//D
837	else
838	{	982	{
839	if (seqno > iseqno)
840	{
841	ismask <<= seqno - iseqno;
842	iseqno = seqno;
843	}
844
845	u32 mask = 1 << (iseqno - seqno);
846
847	//printf ("received seqno %08lx, iseqno %08lx, mask %08lx is %08lx\n", seqno, iseqno, mask, ismask);
848	if (ismask & mask)
849	slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n"
850	"possible replay attack, or just packet duplication"), seqno, iseqno + 1);//D
851	else
852	{
853	ismask \|= mask;
854
855	vpn->tap->send (d);	983	vpn->tap->send (d);
856		984
857	if (p->dst () == 0) // re-broadcast	985	if (p->dst () == 0) // re-broadcast
858	for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)	986	for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
859	{	987	{
860	connection c = i;	988	connection c = i;
861		989
862	if (c->conf != THISNODE && c->conf != conf)	990	if (c->conf != THISNODE && c->conf != conf)
863	c->inject_data_packet (d);	991	c->inject_data_packet (d);
864	}
865
866	delete d;
867
868	break;
869	}	992	}
		993
		994	delete d;
		995
		996	break;
870	}	997	}
871	}	998	}
872	}	999	}
873	else	1000	else
874	slog (L_ERR, _("received data packet from unknown source %s"), (const char *)sockinfo (ssa));//D	1001	slog (L_ERR, _("received data packet from unknown source %s"), (const char *)sockinfo (ssa));//D
…		…
889	slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n",	1016	slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n",
890	conf->id, p->id, c->ictx && c->octx);	1017	conf->id, p->id, c->ictx && c->octx);
891		1018
892	if (c->ictx && c->octx)	1019	if (c->ictx && c->octx)
893	{	1020	{
		1021	// send connect_info packets to both sides, in case one is
		1022	// behind a nat firewall (or both ;)
		1023	{
894	sockinfo si(sa);	1024	sockinfo si(sa);
895		1025
896	slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n",	1026	slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n",
897	c->conf->id, p->id, (const char *)si);	1027	c->conf->id, conf->id, (const char *)si);
898		1028
899	connect_info_packet *r = new connect_info_packet (c->conf->id, conf->id, si);	1029	connect_info_packet *r = new connect_info_packet (c->conf->id, conf->id, si);
900		1030
901	r->hmac_set (c->octx);	1031	r->hmac_set (c->octx);
902	vpn->send_vpn_packet (r, &c->sa);	1032	vpn->send_vpn_packet (r, &c->sa);
903		1033
904	delete r;	1034	delete r;
		1035	}
		1036
		1037	{
		1038	sockinfo si(c->sa);
		1039
		1040	slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n",
		1041	conf->id, c->conf->id, (const char *)si);
		1042
		1043	connect_info_packet *r = new connect_info_packet (conf->id, c->conf->id, si);
		1044
		1045	r->hmac_set (octx);
		1046	vpn->send_vpn_packet (r, &sa);
		1047
		1048	delete r;
		1049	}
905	}	1050	}
906	}	1051	}
907		1052
908	break;	1053	break;
909		1054
…		…
927	send_reset (ssa);	1072	send_reset (ssa);
928	break;	1073	break;
929	}	1074	}
930	}	1075	}
931		1076
932	void connection::timer ()	1077	void connection::keepalive_cb (tstamp &ts)
933	{	1078	{
934	if (conf != THISNODE)	1079	if (NOW >= last_activity + ::conf.keepalive + 30)
935	{	1080	{
936	if (now >= next_retry && conf->connectmode == conf_node::C_ALWAYS)	1081	reset_connection ();
937	establish_connection ();	1082	establish_connection ();
938		1083	}
939	if (ictx && octx)
940	{
941	if (now >= next_rekey)
942	rekey ();
943	else if (now >= last_activity + ::conf.keepalive + 30)
944	{
945	reset_connection ();
946	establish_connection ();
947	}
948	else if (now >= last_activity + ::conf.keepalive)	1084	else if (NOW < last_activity + ::conf.keepalive)
		1085	ts = last_activity + ::conf.keepalive;
949	if (conf->connectmode != conf_node::C_ONDEMAND	1086	else if (conf->connectmode != conf_node::C_ONDEMAND
950	\|\| THISNODE->connectmode != conf_node::C_ONDEMAND)	1087	\|\| THISNODE->connectmode != conf_node::C_ONDEMAND)
		1088	{
951	send_ping (&sa);	1089	send_ping (&sa);
952	else	1090	ts = NOW + 5;
		1091	}
		1092	else
953	reset_connection ();	1093	reset_connection ();
954		1094
955	}
956	}
957	}	1095	}
958		1096
959	void connection::connect_request (int id)	1097	void connection::connect_request (int id)
960	{	1098	{
961	connect_req_packet *p = new connect_req_packet (conf->id, id);	1099	connect_req_packet *p = new connect_req_packet (conf->id, id);
…		…
998	putenv ("STATE=down");	1136	putenv ("STATE=down");
999		1137
1000	return ::conf.script_node_up ? ::conf.script_node_down : "node-down";	1138	return ::conf.script_node_up ? ::conf.script_node_down : "node-down";
1001	}	1139	}
1002		1140
		1141	connection::connection(struct vpn *vpn_)
		1142	: vpn(vpn_)
		1143	, rekey (this, &connection::rekey_cb)
		1144	, keepalive (this, &connection::keepalive_cb)
		1145	, establish_connection (this, &connection::establish_connection_cb)
		1146	{
		1147	octx = ictx = 0;
		1148	retry_cnt = 0;
		1149
		1150	connectmode = conf_node::C_ALWAYS; // initial setting
		1151	reset_connection ();
		1152	}
		1153
		1154	connection::~connection ()
		1155	{
		1156	shutdown ();
		1157	}
		1158
1003	/////////////////////////////////////////////////////////////////////////////	1159	/////////////////////////////////////////////////////////////////////////////
1004
1005	vpn::vpn (void)
1006	{}
1007		1160
1008	const char *vpn::script_if_up ()	1161	const char *vpn::script_if_up ()
1009	{	1162	{
1010	// the tunnel device mtu should be the physical mtu - overhead	1163	// the tunnel device mtu should be the physical mtu - overhead
1011	// the tricky part is rounding to the cipher key blocksize	1164	// the tricky part is rounding to the cipher key blocksize
…		…
1062	{	1215	{
1063	int oval = 1;	1216	int oval = 1;
1064	setsockopt (socket_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval);	1217	setsockopt (socket_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval);
1065	}	1218	}
1066		1219
		1220	udp_ev_watcher.start (socket_fd, POLLIN);
		1221
1067	tap = new tap_device ();	1222	tap = new tap_device ();
1068	if (!tap) //D this, of course, never catches	1223	if (!tap) //D this, of course, never catches
1069	{	1224	{
1070	slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname);	1225	slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname);
1071	exit (1);	1226	exit (1);
1072	}	1227	}
1073		1228
1074	run_script (this, &vpn::script_if_up, true);	1229	run_script (this, &vpn::script_if_up, true);
1075		1230
		1231	vpn_ev_watcher.start (tap->fd, POLLIN);
		1232
		1233	reconnect_all ();
		1234
1076	return 0;	1235	return 0;
1077	}	1236	}
1078		1237
1079	void	1238	void
1080	vpn::send_vpn_packet (vpn_packet pkt, SOCKADDR sa)	1239	vpn::send_vpn_packet (vpn_packet pkt, SOCKADDR sa, int tos)
1081	{	1240	{
		1241	setsockopt (socket_fd, SOL_IP, IP_TOS, &tos, sizeof tos);
1082	sendto (socket_fd, &((pkt)[0]), pkt->len, 0, (sockaddr )sa, sizeof (*sa));	1242	sendto (socket_fd, &((pkt)[0]), pkt->len, 0, (sockaddr )sa, sizeof (*sa));
1083	}	1243	}
1084		1244
1085	void	1245	void
1086	vpn::shutdown_all ()	1246	vpn::shutdown_all ()
…		…
1103	connection *conn = new connection (this);	1263	connection *conn = new connection (this);
1104		1264
1105	conn->conf = *i;	1265	conn->conf = *i;
1106	conns.push_back (conn);	1266	conns.push_back (conn);
1107		1267
1108	if (conn->conf->connectmode == conf_node::C_ALWAYS)
1109	conn->establish_connection ();	1268	conn->establish_connection ();
1110	}	1269	}
1111	}	1270	}
1112		1271
1113	connection *vpn::find_router ()	1272	connection *vpn::find_router ()
1114	{	1273	{
…		…
1118	for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i)	1277	for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i)
1119	{	1278	{
1120	connection c = i;	1279	connection c = i;
1121		1280
1122	if (c->conf->routerprio > prio	1281	if (c->conf->routerprio > prio
1123	&& c->conf->connectmode == conf_node::C_ALWAYS	1282	&& c->connectmode == conf_node::C_ALWAYS
1124	&& c->conf != THISNODE	1283	&& c->conf != THISNODE
1125	&& c->ictx && c->octx)	1284	&& c->ictx && c->octx)
1126	{	1285	{
1127	prio = c->conf->routerprio;	1286	prio = c->conf->routerprio;
1128	router = c;	1287	router = c;
…		…
1136	{	1295	{
1137	connection *c = find_router ();	1296	connection *c = find_router ();
1138		1297
1139	if (c)	1298	if (c)
1140	c->connect_request (id);	1299	c->connect_request (id);
		1300	//else // does not work, because all others must connect to the same router
		1301	// // no router found, aggressively connect to all routers
		1302	// for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i)
		1303	// if ((*i)->conf->routerprio)
		1304	// (*i)->establish_connection ();
1141	}	1305	}
1142		1306
1143	void	1307	void
1144	vpn::main_loop ()	1308	vpn::udp_ev (short revents)
1145	{	1309	{
1146	struct pollfd pollfd[2];	1310	if (revents & (POLLIN \| POLLERR))
1147
1148	pollfd[0].fd = tap->fd;
1149	pollfd[0].events = POLLIN;
1150	pollfd[1].fd = socket_fd;
1151	pollfd[1].events = POLLIN;
1152
1153	events = 0;
1154	now = time (0);
1155	next_timecheck = now + 1;
1156
1157	reconnect_all ();
1158
1159	for (;;)
1160	{	1311	{
1161	int npoll = poll (pollfd, 2, (next_timecheck - now) * 1000);	1312	vpn_packet *pkt = new vpn_packet;
1162		1313	struct sockaddr_in sa;
1163	now = time (0);	1314	socklen_t sa_len = sizeof (sa);
		1315	int len;
1164		1316
		1317	len = recvfrom (socket_fd, &((pkt)[0]), MAXSIZE, 0, (sockaddr )&sa, &sa_len);
		1318
1165	if (npoll > 0)	1319	if (len > 0)
		1320	{
		1321	pkt->len = len;
		1322
		1323	unsigned int src = pkt->src ();
		1324	unsigned int dst = pkt->dst ();
		1325
		1326	slog (L_NOISE, _("<<?/%s received possible vpn packet type %d from %d to %d, length %d"),
		1327	(const char *)sockinfo (sa), pkt->typ (), pkt->src (), pkt->dst (), pkt->len);
		1328
		1329	if (dst > conns.size () \|\| pkt->typ () >= vpn_packet::PT_MAX)
		1330	slog (L_WARN, _("<<? received CORRUPTED packet type %d from %d to %d"),
		1331	pkt->typ (), pkt->src (), pkt->dst ());
		1332	else if (dst == 0 && !THISNODE->routerprio)
		1333	slog (L_WARN, _("<<%d received broadcast, but we are no router"), dst);
		1334	else if (dst != 0 && dst != THISNODE->id)
		1335	slog (L_WARN,
		1336	_("received frame for node %d ('%s') from %s, but this is node %d ('%s')"),
		1337	dst, conns[dst - 1]->conf->nodename,
		1338	(const char *)sockinfo (sa),
		1339	THISNODE->id, THISNODE->nodename);
		1340	else if (src == 0 \|\| src > conns.size ())
		1341	slog (L_WARN, _("received frame from unknown node %d (%s)"), src, (const char *)sockinfo (sa));
		1342	else
		1343	conns[src - 1]->recv_vpn_packet (pkt, &sa);
1166	{	1344	}
1167	if (pollfd[1].revents)	1345	else
		1346	{
		1347	// probably ECONNRESET or somesuch
		1348	slog (L_DEBUG, _("%s: %s"), (const char *)sockinfo(sa), strerror (errno));
		1349	}
		1350
		1351	delete pkt;
		1352	}
		1353	else if (revents & POLLHUP)
		1354	{
		1355	// this cannot ;) happen on udp sockets
		1356	slog (L_ERR, _("FATAL: POLLHUP on socket fd, terminating."));
		1357	exit (1);
		1358	}
		1359	else
		1360	{
		1361	slog (L_ERR,
		1362	_("FATAL: unknown revents %08x in socket, terminating\n"),
		1363	revents);
		1364	exit (1);
		1365	}
		1366	}
		1367
		1368	void
		1369	vpn::vpn_ev (short revents)
		1370	{
		1371	if (revents & POLLIN)
		1372	{
		1373	/* process data */
		1374	tap_packet *pkt;
		1375
		1376	pkt = tap->recv ();
		1377
		1378	int dst = mac2id (pkt->dst);
		1379	int src = mac2id (pkt->src);
		1380
		1381	if (src != THISNODE->id)
		1382	{
		1383	slog (L_ERR, _("FATAL: tap packet not originating on current node received, terminating."));
		1384	exit (1);
		1385	}
		1386
		1387	if (dst == THISNODE->id)
		1388	{
		1389	slog (L_ERR, _("FATAL: tap packet destined for current node received, terminating."));
		1390	exit (1);
		1391	}
		1392
		1393	if (dst > conns.size ())
		1394	slog (L_ERR, _("tap packet for unknown node %d received, ignoring."), dst);
		1395	else
		1396	{
		1397	if (dst)
1168	{	1398	{
1169	if (pollfd[1].revents & (POLLIN \| POLLERR))	1399	// unicast
1170	{
1171	vpn_packet *pkt = new vpn_packet;
1172	struct sockaddr_in sa;
1173	socklen_t sa_len = sizeof (sa);
1174	int len;
1175
1176	len = recvfrom (socket_fd, &((pkt)[0]), MAXSIZE, 0, (sockaddr )&sa, &sa_len);
1177
1178	if (len > 0)
1179	{
1180	pkt->len = len;
1181
1182	unsigned int src = pkt->src ();
1183	unsigned int dst = pkt->dst ();
1184
1185	slog (L_NOISE, _("<<?/%s received possible vpn packet type %d from %d to %d, length %d"),
1186	(const char *)sockinfo (sa), pkt->typ (), pkt->src (), pkt->dst (), pkt->len);
1187
1188	if (dst > conns.size () \|\| pkt->typ () >= vpn_packet::PT_MAX)
1189	slog (L_WARN, _("<<? received CORRUPTED packet type %d from %d to %d"),
1190	pkt->typ (), pkt->src (), pkt->dst ());
1191	else if (dst == 0 && !THISNODE->routerprio)
1192	slog (L_WARN, _("<<%d received broadcast, but we are no router"), dst);
1193	else if (dst != 0 && dst != THISNODE->id)	1400	if (dst != THISNODE->id)
1194	slog (L_WARN,
1195	_("received frame for node %d ('%s') from %s, but this is node %d ('%s')"),
1196	dst, conns[dst - 1]->conf->nodename,
1197	(const char *)sockinfo (sa),
1198	THISNODE->id, THISNODE->nodename);
1199	else if (src == 0 \|\| src > conns.size ())
1200	slog (L_WARN, _("received frame from unknown node %d (%s)"), src, (const char *)sockinfo (sa));
1201	else
1202	conns[src - 1]->recv_vpn_packet (pkt, &sa);	1401	conns[dst - 1]->inject_data_packet (pkt);
1203	}
1204	else
1205	{
1206	// probably ECONNRESET or somesuch
1207	slog (L_DEBUG, _("%s: %s"), (const char *)sockinfo(sa), strerror (errno));
1208	}
1209
1210	delete pkt;
1211	}	1402	}
1212	else if (pollfd[1].revents & POLLHUP)	1403	else
1213	{	1404	{
1214	// this cannot ;) happen on udp sockets	1405	// broadcast, first check router, then self, then english
1215	slog (L_ERR, _("FATAL: POLLHUP on socket fd, terminating."));	1406	connection *router = find_router ();
1216	exit (1);	1407
1217	}	1408	if (router)
		1409	router->inject_data_packet (pkt, true);
1218	else	1410	else
1219	{	1411	for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c)
1220	slog (L_ERR,	1412	if ((*c)->conf != THISNODE)
1221	_("FATAL: unknown revents %08x in socket, terminating\n"),	1413	(*c)->inject_data_packet (pkt);
1222	pollfd[1].revents);
1223	exit (1);
1224	}
1225	}	1414	}
		1415	}
1226		1416
1227	// I use else here to give vpn_packets absolute priority	1417	delete pkt;
1228	else if (pollfd[0].revents)	1418	}
1229	{
1230	if (pollfd[0].revents & POLLIN)
1231	{
1232	/* process data */
1233	tap_packet *pkt;
1234
1235	pkt = tap->recv ();
1236
1237	int dst = mac2id (pkt->dst);
1238	int src = mac2id (pkt->src);
1239
1240	if (src != THISNODE->id)
1241	{
1242	slog (L_ERR, _("FATAL: tap packet not originating on current node received, terminating."));
1243	exit (1);
1244	}
1245
1246	if (dst == THISNODE->id)
1247	{
1248	slog (L_ERR, _("FATAL: tap packet destined for current node received, terminating."));
1249	exit (1);
1250	}
1251
1252	if (dst > conns.size ())
1253	slog (L_ERR, _("tap packet for unknown node %d received, ignoring."), dst);
1254	else
1255	{
1256	if (dst)
1257	{
1258	// unicast
1259	if (dst != THISNODE->id)
1260	conns[dst - 1]->inject_data_packet (pkt);
1261	}
1262	else
1263	{
1264	// broadcast, first check router, then self, then english
1265	connection *router = find_router ();
1266
1267	if (router)
1268	router->inject_data_packet (pkt, true);
1269	else
1270	for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c)
1271	if ((*c)->conf != THISNODE)
1272	(*c)->inject_data_packet (pkt);
1273	}
1274	}
1275
1276	delete pkt;
1277	}
1278	else if (pollfd[0].revents & (POLLHUP \| POLLERR))	1419	else if (revents & (POLLHUP \| POLLERR))
1279	{	1420	{
1280	slog (L_ERR, _("FATAL: POLLHUP or POLLERR on network device fd, terminating."));	1421	slog (L_ERR, _("FATAL: POLLHUP or POLLERR on network device fd, terminating."));
1281	exit (1);	1422	exit (1);
1282	}	1423	}
1283	else	1424	else
1284	abort ();	1425	abort ();
1285	}	1426	}
1286	}
1287		1427
		1428	void
		1429	vpn::event_cb (tstamp &ts)
		1430	{
1288	if (events)	1431	if (events)
1289	{	1432	{
1290	if (events & EVENT_SHUTDOWN)	1433	if (events & EVENT_SHUTDOWN)
1291	{	1434	{
1292	shutdown_all ();	1435	shutdown_all ();
1293		1436
1294	remove_pid (pidfilename);	1437	remove_pid (pidfilename);
1295		1438
1296	slog (L_INFO, _("vped terminating"));	1439	slog (L_INFO, _("vped terminating"));
1297		1440
1298	exit (0);	1441	exit (0);
1299	}	1442	}
1300		1443
1301	if (events & EVENT_RECONNECT)	1444	if (events & EVENT_RECONNECT)
1302	reconnect_all ();	1445	reconnect_all ();
1303		1446
1304	events = 0;	1447	events = 0;
1305	}
1306
1307	// very very very dumb and crude and inefficient timer handling, or maybe not?
1308	if (now >= next_timecheck)
1309	{
1310	next_timecheck = now + TIMER_GRANULARITY;
1311
1312	for (conns_vector::iterator c = conns.begin ();
1313	c != conns.end (); ++c)
1314	(*c)->timer ();
1315	}
1316	}	1448	}
		1449
		1450	ts = TSTAMP_CANCEL;
		1451	}
		1452
		1453	vpn::vpn (void)
		1454	: udp_ev_watcher (this, &vpn::udp_ev)
		1455	, vpn_ev_watcher (this, &vpn::vpn_ev)
		1456	, event (this, &vpn::event_cb)
		1457	{
1317	}	1458	}
1318		1459
1319	vpn::~vpn ()	1460	vpn::~vpn ()
1320	{}	1461	{
		1462	}
1321		1463

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/protocol.C (file contents): Revision 1.2 by pcg, Sun Mar 2 23:04:02 2003 UTC vs. Revision 1.14 by pcg, Sat Mar 22 22:39:11 2003 UTC

Diff Legend

Comparing gvpe/src/protocol.C (file contents):
Revision 1.2 by pcg, Sun Mar 2 23:04:02 2003 UTC vs.
Revision 1.14 by pcg, Sat Mar 22 22:39:11 2003 UTC