ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/protocol.C
(Generate patch)

Comparing gvpe/src/protocol.C (file contents):
Revision 1.4 by pcg, Thu Mar 6 18:43:07 2003 UTC vs.
Revision 1.8 by pcg, Mon Mar 17 15:20:18 2003 UTC

481connection::send_ping (SOCKADDR *dsa, u8 pong) 481connection::send_ping (SOCKADDR *dsa, u8 pong)
482{ 482{
483 ping_packet *pkt = new ping_packet; 483 ping_packet *pkt = new ping_packet;
484 484
485 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); 485 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
486 vpn->send_vpn_packet (pkt, dsa); 486 vpn->send_vpn_packet (pkt, dsa, IPTOS_LOWDELAY);
487 487
488 delete pkt; 488 delete pkt;
489} 489}
490 490
491void 491void
496 if (limiter.can (dsa)) 496 if (limiter.can (dsa))
497 { 497 {
498 config_packet *pkt = new config_packet; 498 config_packet *pkt = new config_packet;
499 499
500 pkt->setup (vpn_packet::PT_RESET, conf->id); 500 pkt->setup (vpn_packet::PT_RESET, conf->id);
501 vpn->send_vpn_packet (pkt, dsa); 501 vpn->send_vpn_packet (pkt, dsa, IPTOS_MINCOST);
502 502
503 delete pkt; 503 delete pkt;
504 } 504 }
505} 505}
506 506
550 fatal ("RSA_public_encrypt error"); 550 fatal ("RSA_public_encrypt error");
551#endif 551#endif
552 552
553 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa)); 553 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa));
554 554
555 vpn->send_vpn_packet (pkt, sa); 555 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY);
556 556
557 delete pkt; 557 delete pkt;
558 } 558 }
559} 559}
560 560
561void 561void
562connection::establish_connection () 562connection::establish_connection ()
563{ 563{
564 if (!ictx && conf != THISNODE && conf->connectmode != conf_node::C_NEVER) 564 if (!ictx && conf != THISNODE && connectmode != conf_node::C_NEVER)
565 { 565 {
566 if (now >= next_retry) 566 if (now >= next_retry)
567 { 567 {
568 int retry_int = retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2); 568 int retry_int = retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2);
569 569
570 if (retry_cnt < (17 << 2) | 3) 570 if (retry_cnt < (17 << 2) | 3)
571 retry_cnt++; 571 retry_cnt++;
572 572
573 if (conf->connectmode == conf_node::C_ONDEMAND 573 if (connectmode == conf_node::C_ONDEMAND
574 && retry_int > ::conf.keepalive) 574 && retry_int > ::conf.keepalive)
575 retry_int = ::conf.keepalive; 575 retry_int = ::conf.keepalive;
576 576
577 next_retry = now + retry_int; 577 next_retry = now + retry_int;
578 next_wakeup (next_retry); 578 next_wakeup (next_retry);
635 635
636void 636void
637connection::send_data_packet (tap_packet * pkt, bool broadcast) 637connection::send_data_packet (tap_packet * pkt, bool broadcast)
638{ 638{
639 vpndata_packet *p = new vpndata_packet; 639 vpndata_packet *p = new vpndata_packet;
640 int tos = 0;
641
642 if (conf->inherit_tos
643 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
644 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
645 tos = (*pkt)[15] & IPTOS_TOS_MASK;
640 646
641 p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs 647 p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
642 vpn->send_vpn_packet (p, &sa); 648 vpn->send_vpn_packet (p, &sa, tos);
643 649
644 delete p; 650 delete p;
645 651
646 if (oseqno > MAX_SEQNO) 652 if (oseqno > MAX_SEQNO)
647 rekey (); 653 rekey ();
692 { 698 {
693 reset_connection (); 699 reset_connection ();
694 700
695 config_packet *p = (config_packet *) pkt; 701 config_packet *p = (config_packet *) pkt;
696 if (p->chk_config ()) 702 if (p->chk_config ())
697 if (conf->connectmode == conf_node::C_ALWAYS) 703 if (connectmode == conf_node::C_ALWAYS)
698 establish_connection (); 704 establish_connection ();
699 705
700 //D slog the protocol mismatch? 706 //D slog the protocol mismatch?
701 } 707 }
702 break; 708 break;
766 if (!memcmp ((u8 *)gen_challenge (ssa) + sizeof (u32), (u8 *)&k + sizeof (u32), 772 if (!memcmp ((u8 *)gen_challenge (ssa) + sizeof (u32), (u8 *)&k + sizeof (u32),
767 sizeof (rsachallenge) - sizeof (u32))) 773 sizeof (rsachallenge) - sizeof (u32)))
768 { 774 {
769 delete ictx; 775 delete ictx;
770 776
771 ictx = new crypto_ctx (k, 0); 777 ictx = new crypto_ctx (k, 0);
772 iseqno = *(u32 *)&k[CHG_SEQNO] & 0x7fffffff; // at least 2**31 sequence numbers are valid 778 iseqno.reset (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); // at least 2**31 sequence numbers are valid
773 ismask = 0xffffffff; // initially, all lower sequence numbers are invalid
774 779
775 sa = *ssa; 780 sa = *ssa;
776 781
777 next_rekey = now + ::conf.rekey; 782 next_rekey = now + ::conf.rekey;
778 next_wakeup (next_rekey); 783 next_wakeup (next_rekey);
781 while (tap_packet *p = queue.get ()) 786 while (tap_packet *p = queue.get ())
782 { 787 {
783 send_data_packet (p); 788 send_data_packet (p);
784 delete p; 789 delete p;
785 } 790 }
791
792 connectmode = conf->connectmode;
786 793
787 slog (L_INFO, _("connection to %d (%s %s) established"), 794 slog (L_INFO, _("connection to %d (%s %s) established"),
788 conf->id, conf->nodename, (const char *)sockinfo (ssa)); 795 conf->id, conf->nodename, (const char *)sockinfo (ssa));
789 796
790 if (::conf.script_node_up) 797 if (::conf.script_node_up)
826 else 833 else
827 { 834 {
828 u32 seqno; 835 u32 seqno;
829 tap_packet *d = p->unpack (this, seqno); 836 tap_packet *d = p->unpack (this, seqno);
830 837
831 if (seqno <= iseqno - 32) 838 if (iseqno.recv_ok (seqno))
832 slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n"
833 "possible replay attack, or just massive packet reordering"), seqno, iseqno + 1);//D
834 else if (seqno > iseqno + 32)
835 slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n"
836 "possible replay attack, or just massive packet loss"), seqno, iseqno + 1);//D
837 else
838 { 839 {
839 if (seqno > iseqno)
840 {
841 ismask <<= seqno - iseqno;
842 iseqno = seqno;
843 }
844
845 u32 mask = 1 << (iseqno - seqno);
846
847 //printf ("received seqno %08lx, iseqno %08lx, mask %08lx is %08lx\n", seqno, iseqno, mask, ismask);
848 if (ismask & mask)
849 slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n"
850 "possible replay attack, or just packet duplication"), seqno, iseqno + 1);//D
851 else
852 {
853 ismask |= mask;
854
855 vpn->tap->send (d); 840 vpn->tap->send (d);
856 841
857 if (p->dst () == 0) // re-broadcast 842 if (p->dst () == 0) // re-broadcast
858 for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i) 843 for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
859 { 844 {
860 connection *c = *i; 845 connection *c = *i;
861 846
862 if (c->conf != THISNODE && c->conf != conf) 847 if (c->conf != THISNODE && c->conf != conf)
863 c->inject_data_packet (d); 848 c->inject_data_packet (d);
864 }
865
866 delete d;
867
868 break;
869 } 849 }
850
851 delete d;
852
853 break;
870 } 854 }
871 } 855 }
872 } 856 }
873 else 857 else
874 slog (L_ERR, _("received data packet from unknown source %s"), (const char *)sockinfo (ssa));//D 858 slog (L_ERR, _("received data packet from unknown source %s"), (const char *)sockinfo (ssa));//D
949 933
950void connection::timer () 934void connection::timer ()
951{ 935{
952 if (conf != THISNODE) 936 if (conf != THISNODE)
953 { 937 {
954 if (now >= next_retry && conf->connectmode == conf_node::C_ALWAYS) 938 if (now >= next_retry && connectmode == conf_node::C_ALWAYS)
955 establish_connection (); 939 establish_connection ();
956 940
957 if (ictx && octx) 941 if (ictx && octx)
958 { 942 {
959 if (now >= next_rekey) 943 if (now >= next_rekey)
1093 1077
1094 return 0; 1078 return 0;
1095} 1079}
1096 1080
1097void 1081void
1098vpn::send_vpn_packet (vpn_packet *pkt, SOCKADDR *sa) 1082vpn::send_vpn_packet (vpn_packet *pkt, SOCKADDR *sa, int tos)
1099{ 1083{
1084 setsockopt (socket_fd, SOL_IP, IP_TOS, &tos, sizeof tos);
1100 sendto (socket_fd, &((*pkt)[0]), pkt->len, 0, (sockaddr *)sa, sizeof (*sa)); 1085 sendto (socket_fd, &((*pkt)[0]), pkt->len, 0, (sockaddr *)sa, sizeof (*sa));
1101} 1086}
1102 1087
1103void 1088void
1104vpn::shutdown_all () 1089vpn::shutdown_all ()
1121 connection *conn = new connection (this); 1106 connection *conn = new connection (this);
1122 1107
1123 conn->conf = *i; 1108 conn->conf = *i;
1124 conns.push_back (conn); 1109 conns.push_back (conn);
1125 1110
1126 if (conn->conf->connectmode == conf_node::C_ALWAYS)
1127 conn->establish_connection (); 1111 conn->establish_connection ();
1128 } 1112 }
1129} 1113}
1130 1114
1131connection *vpn::find_router () 1115connection *vpn::find_router ()
1132{ 1116{
1136 for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) 1120 for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i)
1137 { 1121 {
1138 connection *c = *i; 1122 connection *c = *i;
1139 1123
1140 if (c->conf->routerprio > prio 1124 if (c->conf->routerprio > prio
1141 && c->conf->connectmode == conf_node::C_ALWAYS 1125 && c->connectmode == conf_node::C_ALWAYS
1142 && c->conf != THISNODE 1126 && c->conf != THISNODE
1143 && c->ictx && c->octx) 1127 && c->ictx && c->octx)
1144 { 1128 {
1145 prio = c->conf->routerprio; 1129 prio = c->conf->routerprio;
1146 router = c; 1130 router = c;

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines