ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/protocol.C
Revision: 1.14
Committed: Sat Mar 22 22:39:11 2003 UTC (21 years, 3 months ago) by pcg
Content type: text/plain
Branch: MAIN
Changes since 1.13: +0 -4 lines
Log Message: 
*** empty log message ***

File Contents

# Content
1 /*
2 protocol.C -- handle the protocol, encryption, handshaking etc.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 */
18
19 #include "config.h"
20
21 #include <list>
22
23 #include <cstdlib>
24 #include <cstring>
25 #include <cstdio>
26
27 #include <sys/types.h>
28 #include <sys/socket.h>
29 #include <sys/poll.h>
30 #include <sys/wait.h>
31 #include <netinet/in.h>
32 #include <arpa/inet.h>
33 #include <errno.h>
34 #include <time.h>
35 #include <unistd.h>
36
37 #include <openssl/rand.h>
38 #include <openssl/hmac.h>
39 #include <openssl/evp.h>
40 #include <openssl/rsa.h>
41 #include <openssl/err.h>
42
43 extern "C" {
44 # include "lzf/lzf.h"
45 }
46
47 #include "gettext.h"
48 #include "pidfile.h"
49
50 #include "conf.h"
51 #include "slog.h"
52 #include "device.h"
53 #include "protocol.h"
54
55 #if !HAVE_RAND_PSEUDO_BYTES
56 # define RAND_pseudo_bytes RAND_bytes
57 #endif
58
59 static time_t next_timecheck;
60
61 #define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic
62
63 static const rsachallenge &
64 challenge_bytes ()
65 {
66 static rsachallenge challenge;
67 static double challenge_ttl; // time this challenge needs to be recreated
68
69 if (NOW > challenge_ttl)
70 {
71 RAND_bytes ((unsigned char *)&challenge, sizeof (challenge));
72 challenge_ttl = NOW + CHALLENGE_TTL;
73 }
74
75 return challenge;
76 }
77
78 // caching of rsa operations really helps slow computers
79 struct rsa_entry {
80 tstamp expire;
81 rsachallenge chg;
82 RSA *key; // which key
83 rsaencrdata encr;
84
85 rsa_entry ()
86 {
87 expire = NOW + CHALLENGE_TTL;
88 }
89 };
90
91 struct rsa_cache : list<rsa_entry>
92 {
93 void cleaner_cb (tstamp &ts); time_watcher cleaner;
94
95 const rsaencrdata *public_encrypt (RSA *key, const rsachallenge &chg)
96 {
97 for (iterator i = begin (); i != end (); ++i)
98 {
99 if (i->key == key && !memcmp (&chg, &i->chg, sizeof chg))
100 return &i->encr;
101 }
102
103 if (cleaner.at < NOW)
104 cleaner.start (NOW + CHALLENGE_TTL);
105
106 resize (size () + 1);
107 rsa_entry *e = &(*rbegin ());
108
109 e->key = key;
110 memcpy (&e->chg, &chg, sizeof chg);
111
112 if (0 > RSA_public_encrypt (sizeof chg,
113 (unsigned char *)&chg, (unsigned char *)&e->encr,
114 key, RSA_PKCS1_OAEP_PADDING))
115 fatal ("RSA_public_encrypt error");
116
117 return &e->encr;
118 }
119
120 const rsachallenge *private_decrypt (RSA *key, const rsaencrdata &encr)
121 {
122 for (iterator i = begin (); i != end (); ++i)
123 if (i->key == key && !memcmp (&encr, &i->encr, sizeof encr))
124 return &i->chg;
125
126 if (cleaner.at < NOW)
127 cleaner.start (NOW + CHALLENGE_TTL);
128
129 resize (size () + 1);
130 rsa_entry *e = &(*rbegin ());
131
132 e->key = key;
133 memcpy (&e->encr, &encr, sizeof encr);
134
135 if (0 > RSA_private_decrypt (sizeof encr,
136 (unsigned char *)&encr, (unsigned char *)&e->chg,
137 key, RSA_PKCS1_OAEP_PADDING))
138 {
139 pop_back ();
140 return 0;
141 }
142
143 return &e->chg;
144 }
145
146 rsa_cache ()
147 : cleaner (this, &rsa_cache::cleaner_cb)
148 { }
149
150 } rsa_cache;
151
152 void rsa_cache::cleaner_cb (tstamp &ts)
153 {
154 if (empty ())
155 ts = TSTAMP_CANCEL;
156 else
157 {
158 ts = NOW + 3;
159 for (iterator i = begin (); i != end (); )
160 {
161 if (i->expire >= NOW)
162 i = erase (i);
163 else
164 ++i;
165 }
166 }
167 }
168
169 // run a script. yes, it's a template function. yes, c++
170 // is not a functional language. yes, this suxx.
171 template<class owner>
172 static void
173 run_script (owner *obj, const char *(owner::*setup)(), bool wait)
174 {
175 int pid;
176
177 if ((pid = fork ()) == 0)
178 {
179 char *filename;
180 asprintf (&filename, "%s/%s", confbase, (obj->*setup) ());
181 execl (filename, filename, (char *) 0);
182 exit (255);
183 }
184 else if (pid > 0)
185 {
186 if (wait)
187 {
188 waitpid (pid, 0, 0);
189 /* TODO: check status */
190 }
191 }
192 }
193
194 // xor the socket address into the challenge to ensure different challenges
195 // per host. we could rely on the OAEP padding, but this doesn't hurt.
196 void
197 xor_sa (rsachallenge &k, SOCKADDR *sa)
198 {
199 ((u32 *) k)[(CHG_CIPHER_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
200 ((u16 *) k)[(CHG_CIPHER_KEY + 4) / 2] ^= sa->sin_port;
201 ((u32 *) k)[(CHG_HMAC_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
202 ((u16 *) k)[(CHG_HMAC_KEY + 4) / 2] ^= sa->sin_port;
203 }
204
205 struct crypto_ctx
206 {
207 EVP_CIPHER_CTX cctx;
208 HMAC_CTX hctx;
209
210 crypto_ctx (const rsachallenge &challenge, int enc);
211 ~crypto_ctx ();
212 };
213
214 crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc)
215 {
216 EVP_CIPHER_CTX_init (&cctx);
217 EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
218 HMAC_CTX_init (&hctx);
219 HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
220 }
221
222 crypto_ctx::~crypto_ctx ()
223 {
224 EVP_CIPHER_CTX_cleanup (&cctx);
225 HMAC_CTX_cleanup (&hctx);
226 }
227
228 //////////////////////////////////////////////////////////////////////////////
229
230 void pkt_queue::put (tap_packet *p)
231 {
232 if (queue[i])
233 {
234 delete queue[i];
235 j = (j + 1) % QUEUEDEPTH;
236 }
237
238 queue[i] = p;
239
240 i = (i + 1) % QUEUEDEPTH;
241 }
242
243 tap_packet *pkt_queue::get ()
244 {
245 tap_packet *p = queue[j];
246
247 if (p)
248 {
249 queue[j] = 0;
250 j = (j + 1) % QUEUEDEPTH;
251 }
252
253 return p;
254 }
255
256 pkt_queue::pkt_queue ()
257 {
258 memset (queue, 0, sizeof (queue));
259 i = 0;
260 j = 0;
261 }
262
263 pkt_queue::~pkt_queue ()
264 {
265 for (i = QUEUEDEPTH; --i > 0; )
266 delete queue[i];
267 }
268
269 // only do action once every x seconds per host.
270 // currently this is quite a slow implementation,
271 // but suffices for normal operation.
272 struct u32_rate_limiter : private map<u32, tstamp>
273 {
274 tstamp every;
275
276 bool can (u32 host);
277
278 u32_rate_limiter (tstamp every = 1)
279 {
280 this->every = every;
281 }
282 };
283
284 struct net_rate_limiter : u32_rate_limiter
285 {
286 bool can (SOCKADDR *sa) { return u32_rate_limiter::can((u32)sa->sin_addr.s_addr); }
287 bool can (sockinfo &si) { return u32_rate_limiter::can((u32)si.host); }
288
289 net_rate_limiter (tstamp every) : u32_rate_limiter (every) {}
290 };
291
292 bool u32_rate_limiter::can (u32 host)
293 {
294 iterator i;
295
296 for (i = begin (); i != end (); )
297 if (i->second <= NOW)
298 {
299 erase (i);
300 i = begin ();
301 }
302 else
303 ++i;
304
305 i = find (host);
306
307 if (i != end ())
308 return false;
309
310 insert (value_type (host, NOW + every));
311
312 return true;
313 }
314
315 /////////////////////////////////////////////////////////////////////////////
316
317 static void next_wakeup (time_t next)
318 {
319 if (next_timecheck > next)
320 next_timecheck = next;
321 }
322
323 static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
324
325 struct hmac_packet:net_packet
326 {
327 u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
328
329 void hmac_set (crypto_ctx * ctx);
330 bool hmac_chk (crypto_ctx * ctx);
331
332 private:
333 void hmac_gen (crypto_ctx * ctx)
334 {
335 unsigned int xlen;
336 HMAC_CTX *hctx = &ctx->hctx;
337
338 HMAC_Init_ex (hctx, 0, 0, 0, 0);
339 HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet),
340 len - sizeof (hmac_packet));
341 HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen);
342 }
343 };
344
345 void
346 hmac_packet::hmac_set (crypto_ctx * ctx)
347 {
348 hmac_gen (ctx);
349
350 memcpy (hmac, hmac_digest, HMACLENGTH);
351 }
352
353 bool
354 hmac_packet::hmac_chk (crypto_ctx * ctx)
355 {
356 hmac_gen (ctx);
357
358 return !memcmp (hmac, hmac_digest, HMACLENGTH);
359 }
360
361 struct vpn_packet : hmac_packet
362 {
363 enum ptype
364 {
365 PT_RESET = 0,
366 PT_DATA_UNCOMPRESSED,
367 PT_DATA_COMPRESSED,
368 PT_PING, PT_PONG, // wasting namespace space? ;)
369 PT_AUTH, // authentification
370 PT_CONNECT_REQ, // want other host to contact me
371 PT_CONNECT_INFO, // request connection to some node
372 PT_REKEY, // rekeying (not yet implemented)
373 PT_MAX
374 };
375
376 u8 type;
377 u8 srcdst, src1, dst1;
378
379 void set_hdr (ptype type, unsigned int dst);
380
381 unsigned int src ()
382 {
383 return src1 | ((srcdst >> 4) << 8);
384 }
385
386 unsigned int dst ()
387 {
388 return dst1 | ((srcdst & 0xf) << 8);
389 }
390
391 ptype typ ()
392 {
393 return (ptype) type;
394 }
395 };
396
397 void vpn_packet::set_hdr (ptype type, unsigned int dst)
398 {
399 this->type = type;
400
401 int src = THISNODE->id;
402
403 src1 = src;
404 srcdst = ((src >> 8) << 4) | (dst >> 8);
405 dst1 = dst;
406 }
407
408 #define MAXVPNDATA (MAX_MTU - 6 - 6)
409 #define DATAHDR (sizeof (u32) + RAND_SIZE)
410
411 struct vpndata_packet:vpn_packet
412 {
413 u8 data[MAXVPNDATA + DATAHDR]; // seqno
414
415 void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
416 tap_packet *unpack (connection *conn, u32 &seqno);
417 private:
418
419 const u32 data_hdr_size () const
420 {
421 return sizeof (vpndata_packet) - sizeof (net_packet) - MAXVPNDATA - DATAHDR;
422 }
423 };
424
425 void
426 vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
427 {
428 EVP_CIPHER_CTX *cctx = &conn->octx->cctx;
429 int outl = 0, outl2;
430 ptype type = PT_DATA_UNCOMPRESSED;
431
432 #if ENABLE_COMPRESSION
433 u8 cdata[MAX_MTU];
434 u32 cl;
435
436 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
437 if (cl)
438 {
439 type = PT_DATA_COMPRESSED;
440 d = cdata;
441 l = cl + 2;
442
443 d[0] = cl >> 8;
444 d[1] = cl;
445 }
446 #endif
447
448 EVP_EncryptInit_ex (cctx, 0, 0, 0, 0);
449
450 struct {
451 #if RAND_SIZE
452 u8 rnd[RAND_SIZE];
453 #endif
454 u32 seqno;
455 } datahdr;
456
457 datahdr.seqno = ntohl (seqno);
458 #if RAND_SIZE
459 RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);
460 #endif
461
462 EVP_EncryptUpdate (cctx,
463 (unsigned char *) data + outl, &outl2,
464 (unsigned char *) &datahdr, DATAHDR);
465 outl += outl2;
466
467 EVP_EncryptUpdate (cctx,
468 (unsigned char *) data + outl, &outl2,
469 (unsigned char *) d, l);
470 outl += outl2;
471
472 EVP_EncryptFinal_ex (cctx, (unsigned char *) data + outl, &outl2);
473 outl += outl2;
474
475 len = outl + data_hdr_size ();
476
477 set_hdr (type, dst);
478
479 hmac_set (conn->octx);
480 }
481
482 tap_packet *
483 vpndata_packet::unpack (connection *conn, u32 &seqno)
484 {
485 EVP_CIPHER_CTX *cctx = &conn->ictx->cctx;
486 int outl = 0, outl2;
487 tap_packet *p = new tap_packet;
488 u8 *d;
489 u32 l = len - data_hdr_size ();
490
491 EVP_DecryptInit_ex (cctx, 0, 0, 0, 0);
492
493 #if ENABLE_COMPRESSION
494 u8 cdata[MAX_MTU];
495
496 if (type == PT_DATA_COMPRESSED)
497 d = cdata;
498 else
499 #endif
500 d = &(*p)[6 + 6 - DATAHDR];
501
502 /* this overwrites part of the src mac, but we fix that later */
503 EVP_DecryptUpdate (cctx,
504 d, &outl2,
505 (unsigned char *)&data, len - data_hdr_size ());
506 outl += outl2;
507
508 EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2);
509 outl += outl2;
510
511 seqno = ntohl (*(u32 *)(d + RAND_SIZE));
512
513 id2mac (dst () ? dst() : THISNODE->id, p->dst);
514 id2mac (src (), p->src);
515
516 #if ENABLE_COMPRESSION
517 if (type == PT_DATA_COMPRESSED)
518 {
519 u32 cl = (d[DATAHDR] << 8) | d[DATAHDR + 1];
520 p->len = lzf_decompress (d + DATAHDR + 2, cl, &(*p)[6 + 6], MAX_MTU) + 6 + 6;
521 }
522 else
523 p->len = outl + (6 + 6 - DATAHDR);
524 #endif
525
526 return p;
527 }
528
529 struct ping_packet : vpn_packet
530 {
531 void setup (int dst, ptype type)
532 {
533 set_hdr (type, dst);
534 len = sizeof (*this) - sizeof (net_packet);
535 }
536 };
537
538 struct config_packet : vpn_packet
539 {
540 // actually, hmaclen cannot be checked because the hmac
541 // field comes before this data, so peers with other
542 // hmacs simply will not work.
543 u8 prot_major, prot_minor, randsize, hmaclen;
544 u8 flags, challengelen, pad2, pad3;
545 u32 cipher_nid;
546 u32 digest_nid;
547
548 const u8 curflags () const
549 {
550 return 0x80
551 | (ENABLE_COMPRESSION ? 0x01 : 0x00);
552 }
553
554 void setup (ptype type, int dst)
555 {
556 prot_major = PROTOCOL_MAJOR;
557 prot_minor = PROTOCOL_MINOR;
558 randsize = RAND_SIZE;
559 hmaclen = HMACLENGTH;
560 flags = curflags ();
561 challengelen = sizeof (rsachallenge);
562
563 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
564 digest_nid = htonl (EVP_MD_type (DIGEST));
565
566 len = sizeof (*this) - sizeof (net_packet);
567 set_hdr (type, dst);
568 }
569
570 bool chk_config ()
571 {
572 return prot_major == PROTOCOL_MAJOR
573 && randsize == RAND_SIZE
574 && hmaclen == HMACLENGTH
575 && flags == curflags ()
576 && challengelen == sizeof (rsachallenge)
577 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))
578 && digest_nid == htonl (EVP_MD_type (DIGEST));
579 }
580 };
581
582 struct auth_packet : config_packet
583 {
584 char magic[8];
585 u8 subtype;
586 u8 pad1, pad2;
587 rsaencrdata challenge;
588
589 auth_packet (int dst, auth_subtype stype)
590 {
591 config_packet::setup (PT_AUTH, dst);
592 subtype = stype;
593 len = sizeof (*this) - sizeof (net_packet);
594 strncpy (magic, MAGIC, 8);
595 }
596 };
597
598 struct connect_req_packet : vpn_packet
599 {
600 u8 id;
601 u8 pad1, pad2, pad3;
602
603 connect_req_packet (int dst, int id)
604 {
605 this->id = id;
606 set_hdr (PT_CONNECT_REQ, dst);
607 len = sizeof (*this) - sizeof (net_packet);
608 }
609 };
610
611 struct connect_info_packet : vpn_packet
612 {
613 u8 id;
614 u8 pad1, pad2, pad3;
615 sockinfo si;
616
617 connect_info_packet (int dst, int id, sockinfo &si)
618 {
619 this->id = id;
620 this->si = si;
621 set_hdr (PT_CONNECT_INFO, dst);
622 len = sizeof (*this) - sizeof (net_packet);
623 }
624 };
625
626 /////////////////////////////////////////////////////////////////////////////
627
628 void
629 fill_sa (SOCKADDR *sa, conf_node *conf)
630 {
631 sa->sin_family = AF_INET;
632 sa->sin_port = htons (conf->port);
633 sa->sin_addr.s_addr = 0;
634
635 if (conf->hostname)
636 {
637 struct hostent *he = gethostbyname (conf->hostname);
638
639 if (he
640 && he->h_addrtype == AF_INET && he->h_length == 4 && he->h_addr_list[0])
641 {
642 //sa->sin_family = he->h_addrtype;
643 memcpy (&sa->sin_addr, he->h_addr_list[0], 4);
644 }
645 else
646 slog (L_NOTICE, _("unable to resolve host '%s'"), conf->hostname);
647 }
648 }
649
650 void
651 connection::reset_dstaddr ()
652 {
653 fill_sa (&sa, conf);
654 }
655
656 void
657 connection::send_ping (SOCKADDR *dsa, u8 pong)
658 {
659 ping_packet *pkt = new ping_packet;
660
661 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
662 vpn->send_vpn_packet (pkt, dsa, IPTOS_LOWDELAY);
663
664 delete pkt;
665 }
666
667 void
668 connection::send_reset (SOCKADDR *dsa)
669 {
670 static net_rate_limiter limiter(1);
671
672 if (limiter.can (dsa) && connectmode != conf_node::C_DISABLED)
673 {
674 config_packet *pkt = new config_packet;
675
676 pkt->setup (vpn_packet::PT_RESET, conf->id);
677 vpn->send_vpn_packet (pkt, dsa, IPTOS_MINCOST);
678
679 delete pkt;
680 }
681 }
682
683 static rsachallenge *
684 gen_challenge (u32 seqrand, SOCKADDR *sa)
685 {
686 static rsachallenge k;
687
688 memcpy (&k, &challenge_bytes (), sizeof (k));
689 *(u32 *)&k[CHG_SEQNO] ^= seqrand;
690 xor_sa (k, sa);
691
692 return &k;
693 }
694
695 void
696 connection::send_auth (auth_subtype subtype, SOCKADDR *sa, const rsachallenge *k)
697 {
698 static net_rate_limiter limiter(0.2);
699
700 if (subtype != AUTH_INIT || limiter.can (sa))
701 {
702 if (!k)
703 k = gen_challenge (seqrand, sa);
704
705 auth_packet *pkt = new auth_packet (conf->id, subtype);
706
707 memcpy (pkt->challenge, rsa_cache.public_encrypt (conf->rsa_key, *k), sizeof (rsaencrdata));
708
709 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa));
710
711 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY);
712
713 delete pkt;
714 }
715 }
716
717 void
718 connection::establish_connection_cb (tstamp &ts)
719 {
720 if (ictx || conf == THISNODE || connectmode == conf_node::C_NEVER)
721 ts = TSTAMP_CANCEL;
722 else if (ts <= NOW)
723 {
724 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.25;
725
726 if (retry_int < 3600 * 8)
727 retry_cnt++;
728
729 if (connectmode == conf_node::C_ONDEMAND
730 && retry_int > ::conf.keepalive)
731 retry_int = ::conf.keepalive;
732
733 ts = NOW + retry_int;
734
735 if (conf->hostname)
736 {
737 reset_dstaddr ();
738 if (sa.sin_addr.s_addr)
739 if (retry_cnt < 4)
740 send_auth (AUTH_INIT, &sa);
741 else
742 send_ping (&sa, 0);
743 }
744 else
745 vpn->connect_request (conf->id);
746 }
747 }
748
749 void
750 connection::reset_connection ()
751 {
752 if (ictx && octx)
753 {
754 slog (L_INFO, _("connection to %d (%s) lost"), conf->id, conf->nodename);
755
756 if (::conf.script_node_down)
757 run_script (this, &connection::script_node_down, false);
758 }
759
760 delete ictx; ictx = 0;
761 delete octx; octx = 0;
762
763 RAND_bytes ((unsigned char *)&seqrand, sizeof (u32));
764
765 sa.sin_port = 0;
766 sa.sin_addr.s_addr = 0;
767
768 last_activity = 0;
769
770 rekey.reset ();
771 keepalive.reset ();
772 establish_connection.reset ();
773 }
774
775 void
776 connection::shutdown ()
777 {
778 if (ictx && octx)
779 send_reset (&sa);
780
781 reset_connection ();
782 }
783
784 void
785 connection::rekey_cb (tstamp &ts)
786 {
787 ts = TSTAMP_CANCEL;
788
789 reset_connection ();
790 establish_connection ();
791 }
792
793 void
794 connection::send_data_packet (tap_packet * pkt, bool broadcast)
795 {
796 vpndata_packet *p = new vpndata_packet;
797 int tos = 0;
798
799 if (conf->inherit_tos
800 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
801 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
802 tos = (*pkt)[15] & IPTOS_TOS_MASK;
803
804 p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
805 vpn->send_vpn_packet (p, &sa, tos);
806
807 delete p;
808
809 if (oseqno > MAX_SEQNO)
810 rekey ();
811 }
812
813 void
814 connection::inject_data_packet (tap_packet *pkt, bool broadcast)
815 {
816 if (ictx && octx)
817 send_data_packet (pkt, broadcast);
818 else
819 {
820 if (!broadcast)//DDDD
821 queue.put (new tap_packet (*pkt));
822
823 establish_connection ();
824 }
825 }
826
827 void
828 connection::recv_vpn_packet (vpn_packet *pkt, SOCKADDR *ssa)
829 {
830 last_activity = NOW;
831
832 slog (L_NOISE, "<<%d received packet type %d from %d to %d",
833 conf->id, pkt->typ (), pkt->src (), pkt->dst ());
834
835 switch (pkt->typ ())
836 {
837 case vpn_packet::PT_PING:
838 send_ping (ssa, 1); // pong
839 break;
840
841 case vpn_packet::PT_PONG:
842 // we send pings instead of auth packets after some retries,
843 // so reset the retry counter and establish a conenction
844 // when we receive a pong.
845 if (!ictx && !octx)
846 {
847 retry_cnt = 0;
848 establish_connection.at = 0;
849 establish_connection ();
850 }
851
852 break;
853
854 case vpn_packet::PT_RESET:
855 {
856 reset_connection ();
857
858 config_packet *p = (config_packet *) pkt;
859 if (!p->chk_config ())
860 {
861 slog (L_WARN, _("protocol mismatch, disabling node '%s'"), conf->nodename);
862 connectmode = conf_node::C_DISABLED;
863 }
864 else if (connectmode == conf_node::C_ALWAYS)
865 establish_connection ();
866 }
867 break;
868
869 case vpn_packet::PT_AUTH:
870 {
871 auth_packet *p = (auth_packet *) pkt;
872
873 slog (L_TRACE, "<<%d PT_AUTH(%d)", conf->id, p->subtype);
874
875 if (p->chk_config ()
876 && !strncmp (p->magic, MAGIC, 8))
877 {
878 if (p->prot_minor != PROTOCOL_MINOR)
879 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."),
880 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
881
882 if (p->subtype == AUTH_INIT)
883 send_auth (AUTH_INITREPLY, ssa);
884
885 const rsachallenge *k = rsa_cache.private_decrypt (::conf.rsa_key, p->challenge);
886
887 if (!k)
888 {
889 slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"),
890 conf->nodename, (const char *)sockinfo (ssa));
891 break;
892 }
893
894 retry_cnt = 0;
895 establish_connection.set (NOW + 8); //? ;)
896 keepalive.reset ();
897 rekey.reset ();
898
899 switch (p->subtype)
900 {
901 case AUTH_INIT:
902 case AUTH_INITREPLY:
903 delete ictx;
904 ictx = 0;
905
906 delete octx;
907
908 octx = new crypto_ctx (*k, 1);
909 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
910
911 send_auth (AUTH_REPLY, ssa, k);
912 break;
913
914 case AUTH_REPLY:
915
916 if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge)))
917 {
918 delete ictx;
919
920 ictx = new crypto_ctx (*k, 0);
921 iseqno.reset (ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
922
923 sa = *ssa;
924
925 rekey.set (NOW + ::conf.rekey);
926 keepalive.set (NOW + ::conf.keepalive);
927
928 // send queued packets
929 while (tap_packet *p = queue.get ())
930 {
931 send_data_packet (p);
932 delete p;
933 }
934
935 connectmode = conf->connectmode;
936
937 slog (L_INFO, _("connection to %d (%s %s) established"),
938 conf->id, conf->nodename, (const char *)sockinfo (ssa));
939
940 if (::conf.script_node_up)
941 run_script (this, &connection::script_node_up, false);
942 }
943 else
944 slog (L_ERR, _("sent and received challenge do not match with (%s %s))"),
945 conf->nodename, (const char *)sockinfo (ssa));
946
947 break;
948 default:
949 slog (L_ERR, _("authentification illegal subtype error (%s %s)"),
950 conf->nodename, (const char *)sockinfo (ssa));
951 break;
952 }
953 }
954 else
955 send_reset (ssa);
956
957 break;
958 }
959
960 case vpn_packet::PT_DATA_COMPRESSED:
961 #if !ENABLE_COMPRESSION
962 send_reset (ssa);
963 break;
964 #endif
965 case vpn_packet::PT_DATA_UNCOMPRESSED:
966
967 if (ictx && octx)
968 {
969 vpndata_packet *p = (vpndata_packet *)pkt;
970
971 if (*ssa == sa)
972 {
973 if (!p->hmac_chk (ictx))
974 slog (L_ERR, _("hmac authentication error, received invalid packet\n"
975 "could be an attack, or just corruption or an synchronization error"));
976 else
977 {
978 u32 seqno;
979 tap_packet *d = p->unpack (this, seqno);
980
981 if (iseqno.recv_ok (seqno))
982 {
983 vpn->tap->send (d);
984
985 if (p->dst () == 0) // re-broadcast
986 for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
987 {
988 connection *c = *i;
989
990 if (c->conf != THISNODE && c->conf != conf)
991 c->inject_data_packet (d);
992 }
993
994 delete d;
995
996 break;
997 }
998 }
999 }
1000 else
1001 slog (L_ERR, _("received data packet from unknown source %s"), (const char *)sockinfo (ssa));//D
1002 }
1003
1004 send_reset (ssa);
1005 break;
1006
1007 case vpn_packet::PT_CONNECT_REQ:
1008 if (ictx && octx && *ssa == sa && pkt->hmac_chk (ictx))
1009 {
1010 connect_req_packet *p = (connect_req_packet *) pkt;
1011
1012 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
1013
1014 connection *c = vpn->conns[p->id - 1];
1015
1016 slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n",
1017 conf->id, p->id, c->ictx && c->octx);
1018
1019 if (c->ictx && c->octx)
1020 {
1021 // send connect_info packets to both sides, in case one is
1022 // behind a nat firewall (or both ;)
1023 {
1024 sockinfo si(sa);
1025
1026 slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n",
1027 c->conf->id, conf->id, (const char *)si);
1028
1029 connect_info_packet *r = new connect_info_packet (c->conf->id, conf->id, si);
1030
1031 r->hmac_set (c->octx);
1032 vpn->send_vpn_packet (r, &c->sa);
1033
1034 delete r;
1035 }
1036
1037 {
1038 sockinfo si(c->sa);
1039
1040 slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n",
1041 conf->id, c->conf->id, (const char *)si);
1042
1043 connect_info_packet *r = new connect_info_packet (conf->id, c->conf->id, si);
1044
1045 r->hmac_set (octx);
1046 vpn->send_vpn_packet (r, &sa);
1047
1048 delete r;
1049 }
1050 }
1051 }
1052
1053 break;
1054
1055 case vpn_packet::PT_CONNECT_INFO:
1056 if (ictx && octx && *ssa == sa && pkt->hmac_chk (ictx))
1057 {
1058 connect_info_packet *p = (connect_info_packet *) pkt;
1059
1060 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
1061
1062 connection *c = vpn->conns[p->id - 1];
1063
1064 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
1065 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
1066
1067 c->send_auth (AUTH_INIT, p->si.sa ());
1068 }
1069 break;
1070
1071 default:
1072 send_reset (ssa);
1073 break;
1074 }
1075 }
1076
1077 void connection::keepalive_cb (tstamp &ts)
1078 {
1079 if (NOW >= last_activity + ::conf.keepalive + 30)
1080 {
1081 reset_connection ();
1082 establish_connection ();
1083 }
1084 else if (NOW < last_activity + ::conf.keepalive)
1085 ts = last_activity + ::conf.keepalive;
1086 else if (conf->connectmode != conf_node::C_ONDEMAND
1087 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1088 {
1089 send_ping (&sa);
1090 ts = NOW + 5;
1091 }
1092 else
1093 reset_connection ();
1094
1095 }
1096
1097 void connection::connect_request (int id)
1098 {
1099 connect_req_packet *p = new connect_req_packet (conf->id, id);
1100
1101 slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", id, conf->id);
1102 p->hmac_set (octx);
1103 vpn->send_vpn_packet (p, &sa);
1104
1105 delete p;
1106 }
1107
1108 void connection::script_node ()
1109 {
1110 vpn->script_if_up ();
1111
1112 char *env;
1113 asprintf (&env, "DESTID=%d", conf->id);
1114 putenv (env);
1115 asprintf (&env, "DESTNODE=%s", conf->nodename);
1116 putenv (env);
1117 asprintf (&env, "DESTIP=%s", inet_ntoa (sa.sin_addr));
1118 putenv (env);
1119 asprintf (&env, "DESTPORT=%d", ntohs (sa.sin_port));
1120 putenv (env);
1121 }
1122
1123 const char *connection::script_node_up ()
1124 {
1125 script_node ();
1126
1127 putenv ("STATE=up");
1128
1129 return ::conf.script_node_up ? ::conf.script_node_up : "node-up";
1130 }
1131
1132 const char *connection::script_node_down ()
1133 {
1134 script_node ();
1135
1136 putenv ("STATE=down");
1137
1138 return ::conf.script_node_up ? ::conf.script_node_down : "node-down";
1139 }
1140
1141 connection::connection(struct vpn *vpn_)
1142 : vpn(vpn_)
1143 , rekey (this, &connection::rekey_cb)
1144 , keepalive (this, &connection::keepalive_cb)
1145 , establish_connection (this, &connection::establish_connection_cb)
1146 {
1147 octx = ictx = 0;
1148 retry_cnt = 0;
1149
1150 connectmode = conf_node::C_ALWAYS; // initial setting
1151 reset_connection ();
1152 }
1153
1154 connection::~connection ()
1155 {
1156 shutdown ();
1157 }
1158
1159 /////////////////////////////////////////////////////////////////////////////
1160
1161 const char *vpn::script_if_up ()
1162 {
1163 // the tunnel device mtu should be the physical mtu - overhead
1164 // the tricky part is rounding to the cipher key blocksize
1165 int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - UDP_OVERHEAD;
1166 mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion
1167 mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round
1168 mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again
1169
1170 char *env;
1171 asprintf (&env, "CONFBASE=%s", confbase);
1172 putenv (env);
1173 asprintf (&env, "NODENAME=%s", THISNODE->nodename);
1174 putenv (env);
1175 asprintf (&env, "NODEID=%d", THISNODE->id);
1176 putenv (env);
1177 asprintf (&env, "IFNAME=%s", tap->interface ());
1178 putenv (env);
1179 asprintf (&env, "MTU=%d", mtu);
1180 putenv (env);
1181 asprintf (&env, "MAC=%02x:%02x:%02x:%02x:%02x:%02x",
1182 0xfe, 0xfd, 0x80, 0x00, THISNODE->id >> 8,
1183 THISNODE->id & 0xff);
1184 putenv (env);
1185
1186 return ::conf.script_if_up ? ::conf.script_if_up : "if-up";
1187 }
1188
1189 int
1190 vpn::setup (void)
1191 {
1192 struct sockaddr_in sa;
1193
1194 socket_fd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP);
1195 if (socket_fd < 0)
1196 return -1;
1197
1198 fill_sa (&sa, THISNODE);
1199
1200 if (bind (socket_fd, (sockaddr *)&sa, sizeof (sa)))
1201 {
1202 slog (L_ERR, _("can't bind to %s: %s"), (const char *)sockinfo(sa), strerror (errno));
1203 exit (1);
1204 }
1205
1206 #ifdef IP_MTU_DISCOVER
1207 // this I really consider a linux bug. I am neither connected
1208 // nor do I fragment myself. Linux still sets DF and doesn't
1209 // fragment for me sometimes.
1210 {
1211 int oval = IP_PMTUDISC_DONT;
1212 setsockopt (socket_fd, SOL_IP, IP_MTU_DISCOVER, &oval, sizeof oval);
1213 }
1214 #endif
1215 {
1216 int oval = 1;
1217 setsockopt (socket_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval);
1218 }
1219
1220 udp_ev_watcher.start (socket_fd, POLLIN);
1221
1222 tap = new tap_device ();
1223 if (!tap) //D this, of course, never catches
1224 {
1225 slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname);
1226 exit (1);
1227 }
1228
1229 run_script (this, &vpn::script_if_up, true);
1230
1231 vpn_ev_watcher.start (tap->fd, POLLIN);
1232
1233 reconnect_all ();
1234
1235 return 0;
1236 }
1237
1238 void
1239 vpn::send_vpn_packet (vpn_packet *pkt, SOCKADDR *sa, int tos)
1240 {
1241 setsockopt (socket_fd, SOL_IP, IP_TOS, &tos, sizeof tos);
1242 sendto (socket_fd, &((*pkt)[0]), pkt->len, 0, (sockaddr *)sa, sizeof (*sa));
1243 }
1244
1245 void
1246 vpn::shutdown_all ()
1247 {
1248 for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c)
1249 (*c)->shutdown ();
1250 }
1251
1252 void
1253 vpn::reconnect_all ()
1254 {
1255 for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c)
1256 delete *c;
1257
1258 conns.clear ();
1259
1260 for (configuration::node_vector::iterator i = conf.nodes.begin ();
1261 i != conf.nodes.end (); ++i)
1262 {
1263 connection *conn = new connection (this);
1264
1265 conn->conf = *i;
1266 conns.push_back (conn);
1267
1268 conn->establish_connection ();
1269 }
1270 }
1271
1272 connection *vpn::find_router ()
1273 {
1274 u32 prio = 0;
1275 connection *router = 0;
1276
1277 for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i)
1278 {
1279 connection *c = *i;
1280
1281 if (c->conf->routerprio > prio
1282 && c->connectmode == conf_node::C_ALWAYS
1283 && c->conf != THISNODE
1284 && c->ictx && c->octx)
1285 {
1286 prio = c->conf->routerprio;
1287 router = c;
1288 }
1289 }
1290
1291 return router;
1292 }
1293
1294 void vpn::connect_request (int id)
1295 {
1296 connection *c = find_router ();
1297
1298 if (c)
1299 c->connect_request (id);
1300 //else // does not work, because all others must connect to the same router
1301 // // no router found, aggressively connect to all routers
1302 // for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i)
1303 // if ((*i)->conf->routerprio)
1304 // (*i)->establish_connection ();
1305 }
1306
1307 void
1308 vpn::udp_ev (short revents)
1309 {
1310 if (revents & (POLLIN | POLLERR))
1311 {
1312 vpn_packet *pkt = new vpn_packet;
1313 struct sockaddr_in sa;
1314 socklen_t sa_len = sizeof (sa);
1315 int len;
1316
1317 len = recvfrom (socket_fd, &((*pkt)[0]), MAXSIZE, 0, (sockaddr *)&sa, &sa_len);
1318
1319 if (len > 0)
1320 {
1321 pkt->len = len;
1322
1323 unsigned int src = pkt->src ();
1324 unsigned int dst = pkt->dst ();
1325
1326 slog (L_NOISE, _("<<?/%s received possible vpn packet type %d from %d to %d, length %d"),
1327 (const char *)sockinfo (sa), pkt->typ (), pkt->src (), pkt->dst (), pkt->len);
1328
1329 if (dst > conns.size () || pkt->typ () >= vpn_packet::PT_MAX)
1330 slog (L_WARN, _("<<? received CORRUPTED packet type %d from %d to %d"),
1331 pkt->typ (), pkt->src (), pkt->dst ());
1332 else if (dst == 0 && !THISNODE->routerprio)
1333 slog (L_WARN, _("<<%d received broadcast, but we are no router"), dst);
1334 else if (dst != 0 && dst != THISNODE->id)
1335 slog (L_WARN,
1336 _("received frame for node %d ('%s') from %s, but this is node %d ('%s')"),
1337 dst, conns[dst - 1]->conf->nodename,
1338 (const char *)sockinfo (sa),
1339 THISNODE->id, THISNODE->nodename);
1340 else if (src == 0 || src > conns.size ())
1341 slog (L_WARN, _("received frame from unknown node %d (%s)"), src, (const char *)sockinfo (sa));
1342 else
1343 conns[src - 1]->recv_vpn_packet (pkt, &sa);
1344 }
1345 else
1346 {
1347 // probably ECONNRESET or somesuch
1348 slog (L_DEBUG, _("%s: %s"), (const char *)sockinfo(sa), strerror (errno));
1349 }
1350
1351 delete pkt;
1352 }
1353 else if (revents & POLLHUP)
1354 {
1355 // this cannot ;) happen on udp sockets
1356 slog (L_ERR, _("FATAL: POLLHUP on socket fd, terminating."));
1357 exit (1);
1358 }
1359 else
1360 {
1361 slog (L_ERR,
1362 _("FATAL: unknown revents %08x in socket, terminating\n"),
1363 revents);
1364 exit (1);
1365 }
1366 }
1367
1368 void
1369 vpn::vpn_ev (short revents)
1370 {
1371 if (revents & POLLIN)
1372 {
1373 /* process data */
1374 tap_packet *pkt;
1375
1376 pkt = tap->recv ();
1377
1378 int dst = mac2id (pkt->dst);
1379 int src = mac2id (pkt->src);
1380
1381 if (src != THISNODE->id)
1382 {
1383 slog (L_ERR, _("FATAL: tap packet not originating on current node received, terminating."));
1384 exit (1);
1385 }
1386
1387 if (dst == THISNODE->id)
1388 {
1389 slog (L_ERR, _("FATAL: tap packet destined for current node received, terminating."));
1390 exit (1);
1391 }
1392
1393 if (dst > conns.size ())
1394 slog (L_ERR, _("tap packet for unknown node %d received, ignoring."), dst);
1395 else
1396 {
1397 if (dst)
1398 {
1399 // unicast
1400 if (dst != THISNODE->id)
1401 conns[dst - 1]->inject_data_packet (pkt);
1402 }
1403 else
1404 {
1405 // broadcast, first check router, then self, then english
1406 connection *router = find_router ();
1407
1408 if (router)
1409 router->inject_data_packet (pkt, true);
1410 else
1411 for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c)
1412 if ((*c)->conf != THISNODE)
1413 (*c)->inject_data_packet (pkt);
1414 }
1415 }
1416
1417 delete pkt;
1418 }
1419 else if (revents & (POLLHUP | POLLERR))
1420 {
1421 slog (L_ERR, _("FATAL: POLLHUP or POLLERR on network device fd, terminating."));
1422 exit (1);
1423 }
1424 else
1425 abort ();
1426 }
1427
1428 void
1429 vpn::event_cb (tstamp &ts)
1430 {
1431 if (events)
1432 {
1433 if (events & EVENT_SHUTDOWN)
1434 {
1435 shutdown_all ();
1436
1437 remove_pid (pidfilename);
1438
1439 slog (L_INFO, _("vped terminating"));
1440
1441 exit (0);
1442 }
1443
1444 if (events & EVENT_RECONNECT)
1445 reconnect_all ();
1446
1447 events = 0;
1448 }
1449
1450 ts = TSTAMP_CANCEL;
1451 }
1452
1453 vpn::vpn (void)
1454 : udp_ev_watcher (this, &vpn::udp_ev)
1455 , vpn_ev_watcher (this, &vpn::vpn_ev)
1456 , event (this, &vpn::event_cb)
1457 {
1458 }
1459
1460 vpn::~vpn ()
1461 {
1462 }
1463