| 1 | /* |
1 | /* |
| 2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
| 3 | Copyright (C) 2003-2007 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
| 4 | |
4 | |
| 5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
| 6 | |
6 | |
| 7 | GVPE is free software; you can redistribute it and/or modify |
7 | GVPE is free software; you can redistribute it and/or modify it |
| 8 | it under the terms of the GNU General Public License as published by |
8 | under the terms of the GNU General Public License as published by the |
| 9 | the Free Software Foundation; either version 2 of the License, or |
9 | Free Software Foundation; either version 3 of the License, or (at your |
| 10 | (at your option) any later version. |
10 | option) any later version. |
| 11 | |
11 | |
| 12 | This program is distributed in the hope that it will be useful, |
12 | This program is distributed in the hope that it will be useful, but |
| 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General |
| 15 | GNU General Public License for more details. |
15 | Public License for more details. |
| 16 | |
16 | |
| 17 | You should have received a copy of the GNU General Public License |
17 | You should have received a copy of the GNU General Public License along |
| 18 | along with gvpe; if not, write to the Free Software |
18 | with this program; if not, see <http://www.gnu.org/licenses/>. |
| 19 | Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
19 | |
|
|
20 | Additional permission under GNU GPL version 3 section 7 |
|
|
21 | |
|
|
22 | If you modify this Program, or any covered work, by linking or |
|
|
23 | combining it with the OpenSSL project's OpenSSL library (or a modified |
|
|
24 | version of that library), containing parts covered by the terms of the |
|
|
25 | OpenSSL or SSLeay licenses, the licensors of this Program grant you |
|
|
26 | additional permission to convey the resulting work. Corresponding |
|
|
27 | Source for a non-source form of such a combination shall include the |
|
|
28 | source code for the parts of OpenSSL used as well as that of the |
|
|
29 | covered work. |
| 20 | */ |
30 | */ |
| 21 | |
31 | |
| 22 | #include "config.h" |
32 | #include "config.h" |
| 23 | |
33 | |
| 24 | #include <list> |
34 | #include <list> |
| … | |
… | |
| 87 | snprintf (ext, 16, "_%d", (*c)->conf->id); |
97 | snprintf (ext, 16, "_%d", (*c)->conf->id); |
| 88 | (*c)->script_init_env (ext); |
98 | (*c)->script_init_env (ext); |
| 89 | } |
99 | } |
| 90 | } |
100 | } |
| 91 | |
101 | |
|
|
102 | inline const char * |
| 92 | const char *vpn::script_if_init () |
103 | vpn::script_if_init () |
| 93 | { |
104 | { |
| 94 | script_init_env (); |
105 | script_init_env (); |
| 95 | |
106 | |
| 96 | return tap->if_up (); |
107 | return tap->if_up (); |
| 97 | } |
108 | } |
| 98 | |
109 | |
|
|
110 | inline const char * |
| 99 | const char *vpn::script_if_up () |
111 | vpn::script_if_up () |
| 100 | { |
112 | { |
| 101 | script_init_env (); |
113 | script_init_env (); |
| 102 | |
114 | |
| 103 | char *filename; |
115 | char *filename; |
| 104 | asprintf (&filename, |
116 | asprintf (&filename, |
| … | |
… | |
| 137 | |
149 | |
| 138 | sockinfo si (THISNODE, PROT_IPv4); |
150 | sockinfo si (THISNODE, PROT_IPv4); |
| 139 | |
151 | |
| 140 | if (bind (ipv4_fd, si.sav4 (), si.salenv4 ())) |
152 | if (bind (ipv4_fd, si.sav4 (), si.salenv4 ())) |
| 141 | { |
153 | { |
| 142 | slog (L_ERR, _("can't bind ipv4 socket on %s: %s"), (const char *)si, strerror (errno)); |
154 | slog (L_ERR, _("can't bind ipv4 socket on %s: %s, exiting."), (const char *)si, strerror (errno)); |
| 143 | exit (EXIT_FAILURE); |
155 | exit (EXIT_FAILURE); |
| 144 | } |
156 | } |
| 145 | |
157 | |
| 146 | ipv4_ev_watcher.start (ipv4_fd, EV_READ); |
158 | ipv4_ev_watcher.start (ipv4_fd, EV_READ); |
| 147 | } |
159 | } |
| … | |
… | |
| 177 | |
189 | |
| 178 | sockinfo si (THISNODE, PROT_UDPv4); |
190 | sockinfo si (THISNODE, PROT_UDPv4); |
| 179 | |
191 | |
| 180 | if (bind (udpv4_fd, si.sav4 (), si.salenv4 ())) |
192 | if (bind (udpv4_fd, si.sav4 (), si.salenv4 ())) |
| 181 | { |
193 | { |
| 182 | slog (L_ERR, _("can't bind udpv4 on %s: %s"), (const char *)si, strerror (errno)); |
194 | slog (L_ERR, _("can't bind udpv4 on %s: %s, exiting."), (const char *)si, strerror (errno)); |
| 183 | exit (EXIT_FAILURE); |
195 | exit (EXIT_FAILURE); |
| 184 | } |
196 | } |
| 185 | |
197 | |
| 186 | udpv4_ev_watcher.start (udpv4_fd, EV_READ); |
198 | udpv4_ev_watcher.start (udpv4_fd, EV_READ); |
| 187 | } |
199 | } |
| … | |
… | |
| 223 | |
235 | |
| 224 | sockinfo si (THISNODE, PROT_ICMPv4); |
236 | sockinfo si (THISNODE, PROT_ICMPv4); |
| 225 | |
237 | |
| 226 | if (bind (icmpv4_fd, si.sav4 (), si.salenv4 ())) |
238 | if (bind (icmpv4_fd, si.sav4 (), si.salenv4 ())) |
| 227 | { |
239 | { |
| 228 | slog (L_ERR, _("can't bind icmpv4 on %s: %s"), (const char *)si, strerror (errno)); |
240 | slog (L_ERR, _("can't bind icmpv4 on %s: %s, exiting."), (const char *)si, strerror (errno)); |
| 229 | exit (EXIT_FAILURE); |
241 | exit (EXIT_FAILURE); |
| 230 | } |
242 | } |
| 231 | |
243 | |
| 232 | icmpv4_ev_watcher.start (icmpv4_fd, EV_READ); |
244 | icmpv4_ev_watcher.start (icmpv4_fd, EV_READ); |
| 233 | } |
245 | } |
| … | |
… | |
| 254 | |
266 | |
| 255 | sockinfo si (THISNODE, PROT_TCPv4); |
267 | sockinfo si (THISNODE, PROT_TCPv4); |
| 256 | |
268 | |
| 257 | if (bind (tcpv4_fd, si.sav4 (), si.salenv4 ())) |
269 | if (bind (tcpv4_fd, si.sav4 (), si.salenv4 ())) |
| 258 | { |
270 | { |
| 259 | slog (L_ERR, _("can't bind tcpv4 on %s: %s"), (const char *)si, strerror (errno)); |
271 | slog (L_ERR, _("can't bind tcpv4 on %s: %s, exiting."), (const char *)si, strerror (errno)); |
| 260 | exit (EXIT_FAILURE); |
272 | exit (EXIT_FAILURE); |
| 261 | } |
273 | } |
| 262 | |
274 | |
| 263 | if (listen (tcpv4_fd, 5)) |
275 | if (listen (tcpv4_fd, 5)) |
| 264 | { |
276 | { |
| 265 | slog (L_ERR, _("can't listen tcpv4 on %s: %s"), (const char *)si, strerror (errno)); |
277 | slog (L_ERR, _("can't listen tcpv4 on %s: %s, exiting."), (const char *)si, strerror (errno)); |
| 266 | exit (EXIT_FAILURE); |
278 | exit (EXIT_FAILURE); |
| 267 | } |
279 | } |
| 268 | |
280 | |
| 269 | tcpv4_ev_watcher.start (tcpv4_fd, EV_READ); |
281 | tcpv4_ev_watcher.start (tcpv4_fd, EV_READ); |
| 270 | } |
282 | } |
| … | |
… | |
| 306 | THISNODE->dns_hostname ? THISNODE->dns_port : 0, |
318 | THISNODE->dns_hostname ? THISNODE->dns_port : 0, |
| 307 | PROT_DNSv4); |
319 | PROT_DNSv4); |
| 308 | |
320 | |
| 309 | if (bind (dnsv4_fd, si.sav4 (), si.salenv4 ())) |
321 | if (bind (dnsv4_fd, si.sav4 (), si.salenv4 ())) |
| 310 | { |
322 | { |
| 311 | slog (L_ERR, _("can't bind dnsv4 on %s: %s"), (const char *)si, strerror (errno)); |
323 | slog (L_ERR, _("can't bind dnsv4 on %s: %s, exiting."), (const char *)si, strerror (errno)); |
| 312 | exit (EXIT_FAILURE); |
324 | exit (EXIT_FAILURE); |
| 313 | } |
325 | } |
| 314 | |
326 | |
| 315 | dnsv4_ev_watcher.start (dnsv4_fd, EV_READ); |
327 | dnsv4_ev_watcher.start (dnsv4_fd, EV_READ); |
| 316 | } |
328 | } |
| … | |
… | |
| 323 | ///////////////////////////////////////////////////////////////////////////// |
335 | ///////////////////////////////////////////////////////////////////////////// |
| 324 | |
336 | |
| 325 | tap = new tap_device (); |
337 | tap = new tap_device (); |
| 326 | if (!tap) //D this, of course, never catches |
338 | if (!tap) //D this, of course, never catches |
| 327 | { |
339 | { |
| 328 | slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname); |
340 | slog (L_ERR, _("cannot create network interface '%s', exiting."), conf.ifname); |
| 329 | exit (EXIT_FAILURE); |
341 | exit (EXIT_FAILURE); |
| 330 | } |
342 | } |
| 331 | |
343 | |
| 332 | fcntl (tap->fd, F_SETFD, FD_CLOEXEC); |
344 | fcntl (tap->fd, F_SETFD, FD_CLOEXEC); |
| 333 | |
345 | |
|
|
346 | run_script_cb cb; |
|
|
347 | cb.set<vpn, &vpn::script_if_init> (this); |
|
|
348 | |
| 334 | if (tap->if_up () && |
349 | if (tap->if_up () && |
| 335 | !run_script (run_script_cb (this, &vpn::script_if_init), true)) |
350 | !run_script (cb, true)) |
| 336 | { |
351 | { |
| 337 | slog (L_ERR, _("interface initialization command '%s' failed, exiting."), |
352 | slog (L_ERR, _("interface initialization command '%s' failed, exiting."), |
| 338 | tap->if_up ()); |
353 | tap->if_up ()); |
| 339 | exit (EXIT_FAILURE); |
354 | exit (EXIT_FAILURE); |
| 340 | } |
355 | } |
| 341 | |
356 | |
| 342 | if (!run_script (run_script_cb (this, &vpn::script_if_up), true)) |
357 | cb.set<vpn, &vpn::script_if_up> (this); |
|
|
358 | if (!run_script (cb, true)) |
| 343 | { |
359 | { |
| 344 | slog (L_ERR, _("if-up command execution failed, exiting.")); |
360 | slog (L_ERR, _("if-up command execution failed, exiting.")); |
| 345 | exit (EXIT_FAILURE); |
361 | exit (EXIT_FAILURE); |
| 346 | } |
362 | } |
| 347 | |
363 | |
| … | |
… | |
| 423 | { |
439 | { |
| 424 | // broadcast, this is ugly, but due to the security policy |
440 | // broadcast, this is ugly, but due to the security policy |
| 425 | // we have to connect to all hosts... |
441 | // we have to connect to all hosts... |
| 426 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
442 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
| 427 | if ((*c)->conf != THISNODE) |
443 | if ((*c)->conf != THISNODE) |
| 428 | (*c)->inject_data_packet (pkt, true); |
444 | (*c)->inject_data_packet (pkt); |
| 429 | } |
445 | } |
| 430 | } |
446 | } |
| 431 | |
447 | |
| 432 | void |
448 | void |
| 433 | vpn::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
449 | vpn::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
| 434 | { |
450 | { |
| 435 | unsigned int src = pkt->src (); |
451 | unsigned int src = pkt->src (); |
| 436 | unsigned int dst = pkt->dst (); |
452 | unsigned int dst = pkt->dst (); |
| 437 | |
453 | |
| 438 | slog (L_NOISE, _("<<?/%s received possible vpn packet type %d from %d to %d, length %d"), |
454 | slog (L_NOISE, _("<<?/%s received possible vpn packet type %d from %d to %d, length %d."), |
| 439 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst (), pkt->len); |
455 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst (), pkt->len); |
| 440 | |
456 | |
| 441 | if (src == 0 || src > conns.size () |
457 | if (src == 0 || src > conns.size () |
| 442 | || dst > conns.size () |
458 | || dst > conns.size () |
| 443 | || pkt->typ () >= vpn_packet::PT_MAX) |
459 | || pkt->typ () >= vpn_packet::PT_MAX) |
| 444 | slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)"), |
460 | slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)."), |
| 445 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ()); |
461 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ()); |
| 446 | else if (dst > conns.size ()) |
462 | else if (dst > conns.size ()) |
| 447 | slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)"), |
463 | slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)."), |
| 448 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ()); |
464 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ()); |
| 449 | else |
465 | else |
| 450 | { |
466 | { |
| 451 | connection *c = conns[src - 1]; |
467 | connection *c = conns[src - 1]; |
| 452 | |
468 | |
| 453 | if (dst == 0) |
469 | if (dst == 0) |
| 454 | slog (L_WARN, _("%s(%s): received broadcast (protocol violation)"), |
470 | slog (L_WARN, _("%s(%s): received broadcast (protocol violation)."), |
| 455 | c->conf->nodename, (const char *)rsi); |
471 | c->conf->nodename, (const char *)rsi); |
| 456 | else if (dst != THISNODE->id) |
472 | else if (dst != THISNODE->id) |
| 457 | { |
473 | { |
| 458 | if (THISNODE->routerprio) |
474 | if (THISNODE->routerprio) |
| 459 | // the tos setting gets lost here. who cares. |
475 | // the tos setting gets lost here. who cares. |
| 460 | conns[dst - 1]->inject_vpn_packet (pkt); |
476 | conns[dst - 1]->inject_vpn_packet (pkt); |
| 461 | else |
477 | else |
| 462 | slog (L_WARN, |
478 | slog (L_WARN, |
| 463 | _("%s(%s): forwarding request (=> %s), but we are no router"), |
479 | _("%s(%s): request to forward packet to %s, but we are no router (config mismatch?)."), |
| 464 | c->conf->nodename, (const char *)rsi, |
480 | c->conf->nodename, (const char *)rsi, |
| 465 | conns[dst - 1]->conf->nodename); |
481 | conns[dst - 1]->conf->nodename); |
| 466 | } |
482 | } |
| 467 | else |
483 | else |
| 468 | c->recv_vpn_packet (pkt, rsi); |
484 | c->recv_vpn_packet (pkt, rsi); |
| … | |
… | |
| 491 | #if ENABLE_DNS |
507 | #if ENABLE_DNS |
| 492 | case PROT_DNSv4: |
508 | case PROT_DNSv4: |
| 493 | return send_dnsv4_packet (pkt, si, tos); |
509 | return send_dnsv4_packet (pkt, si, tos); |
| 494 | #endif |
510 | #endif |
| 495 | default: |
511 | default: |
| 496 | slog (L_CRIT, _("%s: FATAL: trying to send packet with unsupported protocol"), (const char *)si); |
512 | slog (L_CRIT, _("%s: FATAL: trying to send packet with unsupported protocol."), (const char *)si); |
| 497 | } |
513 | } |
| 498 | |
514 | |
| 499 | return false; |
515 | return false; |
| 500 | } |
516 | } |
| 501 | |
517 | |
| 502 | void |
518 | inline void |
| 503 | vpn::ipv4_ev (ev::io &w, int revents) |
519 | vpn::ipv4_ev (ev::io &w, int revents) |
| 504 | { |
520 | { |
| 505 | if (revents & EV_READ) |
521 | if (revents & EV_READ) |
| 506 | { |
522 | { |
| 507 | vpn_packet *pkt = new vpn_packet; |
523 | vpn_packet *pkt = new vpn_packet; |
| … | |
… | |
| 523 | recv_vpn_packet (pkt, si); |
539 | recv_vpn_packet (pkt, si); |
| 524 | } |
540 | } |
| 525 | else |
541 | else |
| 526 | { |
542 | { |
| 527 | // probably ECONNRESET or somesuch |
543 | // probably ECONNRESET or somesuch |
| 528 | slog (L_DEBUG, _("%s: %s"), (const char *)si, strerror (errno)); |
544 | slog (L_DEBUG, _("%s: %s."), (const char *)si, strerror (errno)); |
| 529 | } |
545 | } |
| 530 | |
546 | |
| 531 | delete pkt; |
547 | delete pkt; |
| 532 | } |
548 | } |
| 533 | else |
549 | else |
| 534 | { |
550 | { |
| 535 | slog (L_ERR, |
551 | slog (L_ERR, |
| 536 | _("FATAL: unknown revents %08x in socket, terminating\n"), |
552 | _("FATAL: unknown revents %08x in socket, exiting.\n"), |
| 537 | revents); |
553 | revents); |
| 538 | exit (EXIT_FAILURE); |
554 | exit (EXIT_FAILURE); |
| 539 | } |
555 | } |
| 540 | } |
556 | } |
| 541 | |
557 | |
| 542 | #if ENABLE_ICMP |
558 | #if ENABLE_ICMP |
| 543 | void |
559 | inline void |
| 544 | vpn::icmpv4_ev (ev::io &w, int revents) |
560 | vpn::icmpv4_ev (ev::io &w, int revents) |
| 545 | { |
561 | { |
| 546 | if (revents & EV_READ) |
562 | if (revents & EV_READ) |
| 547 | { |
563 | { |
| 548 | vpn_packet *pkt = new vpn_packet; |
564 | vpn_packet *pkt = new vpn_packet; |
| … | |
… | |
| 571 | } |
587 | } |
| 572 | } |
588 | } |
| 573 | else |
589 | else |
| 574 | { |
590 | { |
| 575 | // probably ECONNRESET or somesuch |
591 | // probably ECONNRESET or somesuch |
| 576 | slog (L_DEBUG, _("%s: %s"), (const char *)si, strerror (errno)); |
592 | slog (L_DEBUG, _("%s: %s."), (const char *)si, strerror (errno)); |
| 577 | } |
593 | } |
| 578 | |
594 | |
| 579 | delete pkt; |
595 | delete pkt; |
| 580 | } |
596 | } |
| 581 | else |
597 | else |
| 582 | { |
598 | { |
| 583 | slog (L_ERR, |
599 | slog (L_ERR, |
| 584 | _("FATAL: unknown revents %08x in socket, terminating\n"), |
600 | _("FATAL: unknown revents %08x in socket, exiting.\n"), |
| 585 | revents); |
601 | revents); |
| 586 | exit (EXIT_FAILURE); |
602 | exit (EXIT_FAILURE); |
| 587 | } |
603 | } |
| 588 | } |
604 | } |
| 589 | #endif |
605 | #endif |
| 590 | |
606 | |
| 591 | void |
607 | inline void |
| 592 | vpn::udpv4_ev (ev::io &w, int revents) |
608 | vpn::udpv4_ev (ev::io &w, int revents) |
| 593 | { |
609 | { |
| 594 | if (revents & EV_READ) |
610 | if (revents & EV_READ) |
| 595 | { |
611 | { |
| 596 | vpn_packet *pkt = new vpn_packet; |
612 | vpn_packet *pkt = new vpn_packet; |
| … | |
… | |
| 609 | recv_vpn_packet (pkt, si); |
625 | recv_vpn_packet (pkt, si); |
| 610 | } |
626 | } |
| 611 | else |
627 | else |
| 612 | { |
628 | { |
| 613 | // probably ECONNRESET or somesuch |
629 | // probably ECONNRESET or somesuch |
| 614 | slog (L_DEBUG, _("%s: fd %d, %s"), (const char *)si, w.fd, strerror (errno)); |
630 | slog (L_DEBUG, _("%s: fd %d, %s."), (const char *)si, w.fd, strerror (errno)); |
| 615 | } |
631 | } |
| 616 | |
632 | |
| 617 | delete pkt; |
633 | delete pkt; |
| 618 | } |
634 | } |
| 619 | else |
635 | else |
| 620 | { |
636 | { |
| 621 | slog (L_ERR, |
637 | slog (L_ERR, |
| 622 | _("FATAL: unknown revents %08x in socket, terminating\n"), |
638 | _("FATAL: unknown revents %08x in socket, exiting.\n"), |
| 623 | revents); |
639 | revents); |
| 624 | exit (EXIT_FAILURE); |
640 | exit (EXIT_FAILURE); |
| 625 | } |
641 | } |
| 626 | } |
642 | } |
| 627 | |
643 | |
| 628 | void |
644 | inline void |
| 629 | vpn::tap_ev (ev::io &w, int revents) |
645 | vpn::tap_ev (ev::io &w, int revents) |
| 630 | { |
646 | { |
| 631 | if (revents & EV_READ) |
647 | if (revents & EV_READ) |
| 632 | { |
648 | { |
| 633 | /* process data */ |
649 | /* process data */ |
| … | |
… | |
| 665 | } |
681 | } |
| 666 | else |
682 | else |
| 667 | abort (); |
683 | abort (); |
| 668 | } |
684 | } |
| 669 | |
685 | |
| 670 | void |
686 | inline void |
| 671 | vpn::event_cb (ev::timer &w, int) |
687 | vpn::event_cb (ev::timer &w, int) |
| 672 | { |
688 | { |
| 673 | if (events) |
689 | if (events) |
| 674 | { |
690 | { |
| 675 | if (events & EVENT_SHUTDOWN) |
691 | if (events & EVENT_SHUTDOWN) |
| 676 | { |
692 | { |
| 677 | slog (L_INFO, _("preparing shutdown...")); |
693 | slog (L_INFO, _("preparing shutdown...")); |
| 678 | |
694 | |
| 679 | shutdown_all (); |
695 | shutdown_all (); |
| 680 | remove_pid (conf.pidfilename); |
696 | remove_pid (conf.pidfilename); |
| 681 | slog (L_INFO, _("terminating")); |
697 | slog (L_INFO, _("exiting.")); |
| 682 | exit (EXIT_SUCCESS); |
698 | exit (EXIT_SUCCESS); |
| 683 | } |
699 | } |
| 684 | |
700 | |
| 685 | if (events & EVENT_RECONNECT) |
701 | if (events & EVENT_RECONNECT) |
| 686 | { |
702 | { |
| 687 | slog (L_INFO, _("forced reconnect")); |
703 | slog (L_INFO, _("forced reconnect.")); |
| 688 | |
704 | |
| 689 | reconnect_all (); |
705 | reconnect_all (); |
| 690 | } |
706 | } |
| 691 | |
707 | |
| 692 | events = 0; |
708 | events = 0; |
| … | |
… | |
| 708 | |
724 | |
| 709 | conns.clear (); |
725 | conns.clear (); |
| 710 | |
726 | |
| 711 | connection_init (); |
727 | connection_init (); |
| 712 | |
728 | |
| 713 | for (configuration::node_vector::iterator i = conf.nodes.begin (); |
729 | for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) |
| 714 | i != conf.nodes.end (); ++i) |
730 | conns.push_back (new connection (this, *i)); |
| 715 | { |
731 | |
| 716 | connection *conn = new connection (this, *i); |
732 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
| 717 | conns.push_back (conn); |
|
|
| 718 | conn->establish_connection (); |
733 | (*c)->establish_connection (); |
| 719 | } |
|
|
| 720 | } |
734 | } |
| 721 | |
735 | |
| 722 | connection *vpn::find_router () |
736 | bool vpn::can_direct (conf_node *src, conf_node *dst) const |
| 723 | { |
737 | { |
| 724 | u32 prio = 1; |
738 | return src != dst |
|
|
739 | && src->may_direct (dst) |
|
|
740 | && dst->may_direct (src) |
|
|
741 | && (((src->protocols & dst->protocols) && src->connectmode == conf_node::C_ALWAYS) |
|
|
742 | || (src->protocols & dst->connectable_protocols ())); |
|
|
743 | } |
|
|
744 | |
|
|
745 | // only works for indirect and routed connections: find a router |
|
|
746 | // from THISNODE to dst |
|
|
747 | connection *vpn::find_router_for (const connection *dst) |
|
|
748 | { |
| 725 | connection *router = 0; |
749 | connection *router = 0; |
| 726 | |
750 | |
|
|
751 | // first try to find a router with a direct connection |
|
|
752 | { |
|
|
753 | u32 prio = 1; |
|
|
754 | |
|
|
755 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
|
|
756 | { |
|
|
757 | connection *c = *i; |
|
|
758 | |
|
|
759 | if (c->conf->routerprio > prio |
|
|
760 | && c->conf != THISNODE |
|
|
761 | && c != dst |
|
|
762 | && can_direct (c->conf, dst->conf)) |
|
|
763 | { |
|
|
764 | if (c->ictx && c->octx) |
|
|
765 | { |
|
|
766 | prio = c->conf->routerprio; |
|
|
767 | router = c; |
|
|
768 | } |
|
|
769 | else |
|
|
770 | c->establish_connection (); |
|
|
771 | } |
|
|
772 | } |
|
|
773 | } |
|
|
774 | |
|
|
775 | if (router) |
|
|
776 | return router; |
|
|
777 | |
|
|
778 | // second try find the router with the highest priority higher than ours |
|
|
779 | { |
|
|
780 | u32 prio = 1; |
|
|
781 | |
|
|
782 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
|
|
783 | { |
|
|
784 | connection *c = *i; |
|
|
785 | |
|
|
786 | if (c->conf->routerprio > prio |
|
|
787 | && c->conf->routerprio > THISNODE->routerprio |
|
|
788 | && c != dst |
|
|
789 | && c->conf != THISNODE) |
|
|
790 | { |
|
|
791 | if (c->ictx && c->octx) |
|
|
792 | { |
|
|
793 | prio = c->conf->routerprio; |
|
|
794 | router = c; |
|
|
795 | } |
|
|
796 | else |
|
|
797 | c->establish_connection (); |
|
|
798 | } |
|
|
799 | } |
|
|
800 | } |
|
|
801 | return router; |
|
|
802 | } |
|
|
803 | |
|
|
804 | void vpn::connection_established (connection *c) |
|
|
805 | { |
| 727 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
806 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
| 728 | { |
807 | { |
| 729 | connection *c = *i; |
808 | connection *o = *i; |
| 730 | |
809 | |
| 731 | if (c->conf->routerprio > prio |
810 | if (!o->is_direct |
| 732 | && c->connectmode == conf_node::C_ALWAYS // so we don't drop the connection if in use |
811 | && o->si.valid () |
| 733 | && c->ictx && c->octx |
812 | && c->si != o->si |
| 734 | && c->conf != THISNODE) // redundant, since ictx==octx==0 always on thisnode |
813 | && c == find_router_for (o)) |
| 735 | { |
|
|
| 736 | prio = c->conf->routerprio; |
|
|
| 737 | router = c; |
|
|
| 738 | } |
814 | { |
|
|
815 | slog (L_DEBUG, _("%s: can now route packets via %s, re-keying connection."), |
|
|
816 | o->conf->nodename, c->conf->nodename); |
|
|
817 | o->rekey (); |
|
|
818 | } |
| 739 | } |
819 | } |
| 740 | |
|
|
| 741 | return router; |
|
|
| 742 | } |
820 | } |
| 743 | |
821 | |
| 744 | void vpn::send_connect_request (int id) |
822 | void vpn::send_connect_request (connection *c) |
| 745 | { |
823 | { |
| 746 | connection *c = find_router (); |
824 | connection *r = find_router_for (c); |
| 747 | |
825 | |
| 748 | if (c) |
826 | if (r) |
|
|
827 | { |
|
|
828 | slog (L_TRACE, _("%s: no way to connect, sending mediated connection request via %s."), |
|
|
829 | c->conf->nodename, r->conf->nodename); |
| 749 | c->send_connect_request (id); |
830 | r->send_connect_request (c->conf->id); |
|
|
831 | } |
| 750 | else |
832 | else |
| 751 | // no router found, aggressively connect to all routers |
833 | slog (L_DEBUG, _("%s: no way to connect and no router found: unable to connect."), |
| 752 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
834 | c->conf->nodename); |
| 753 | if ((*i)->conf->routerprio && (*i)->conf != THISNODE) |
|
|
| 754 | (*i)->establish_connection (); |
|
|
| 755 | } |
835 | } |
| 756 | |
836 | |
| 757 | void |
837 | void |
| 758 | connection::dump_status () |
838 | connection::dump_status () |
| 759 | { |
839 | { |
| 760 | slog (L_NOTICE, _("node %s (id %d)"), conf->nodename, conf->id); |
840 | slog (L_NOTICE, _("node %s (id %d)"), conf->nodename, conf->id); |
| 761 | slog (L_NOTICE, _(" connectmode %d (%d) / sockaddr %s / minor %d"), |
841 | slog (L_NOTICE, _(" connectmode %d (%d) / sockaddr %s / minor %d"), |
| 762 | connectmode, conf->connectmode, (const char *)si, (int)prot_minor); |
842 | connectmode, conf->connectmode, (const char *)si, (int)prot_minor); |
| 763 | slog (L_NOTICE, _(" ictx/octx %08lx/%08lx / oseqno %d / retry_cnt %d"), |
843 | slog (L_NOTICE, _(" ictx/octx %08lx/%08lx / oseqno %d / retry_cnt %d"), |
| 764 | (long)ictx, (long)octx, (int)oseqno, (int)retry_cnt); |
844 | (long)ictx, (long)octx, (int)oseqno, (int)retry_cnt); |
| 765 | slog (L_NOTICE, _(" establish_conn %ld / rekey %ld / keepalive %ld"), |
|
|
| 766 | (long)(establish_connection.at), (long)(rekey.at), (long)(keepalive.at)); |
|
|
| 767 | } |
845 | } |
| 768 | |
846 | |
| 769 | void |
847 | void |
| 770 | vpn::dump_status () |
848 | vpn::dump_status () |
| 771 | { |
849 | { |
| … | |
… | |
| 776 | |
854 | |
| 777 | slog (L_NOTICE, _("END status dump")); |
855 | slog (L_NOTICE, _("END status dump")); |
| 778 | } |
856 | } |
| 779 | |
857 | |
| 780 | vpn::vpn (void) |
858 | vpn::vpn (void) |
|
|
859 | { |
| 781 | : event (this, &vpn::event_cb) |
860 | event .set<vpn, &vpn::event_cb > (this); |
| 782 | , udpv4_ev_watcher (this, &vpn::udpv4_ev) |
861 | udpv4_ev_watcher .set<vpn, &vpn::udpv4_ev > (this); |
| 783 | , ipv4_ev_watcher (this, &vpn::ipv4_ev) |
862 | ipv4_ev_watcher .set<vpn, &vpn::ipv4_ev > (this); |
| 784 | #if ENABLE_TCP |
863 | #if ENABLE_TCP |
| 785 | , tcpv4_ev_watcher (this, &vpn::tcpv4_ev) |
864 | tcpv4_ev_watcher .set<vpn, &vpn::tcpv4_ev > (this); |
| 786 | #endif |
865 | #endif |
| 787 | #if ENABLE_ICMP |
866 | #if ENABLE_ICMP |
| 788 | , icmpv4_ev_watcher(this, &vpn::icmpv4_ev) |
867 | icmpv4_ev_watcher.set<vpn, &vpn::icmpv4_ev> (this); |
| 789 | #endif |
868 | #endif |
| 790 | #if ENABLE_DNS |
869 | #if ENABLE_DNS |
| 791 | , dnsv4_ev_watcher (this, &vpn::dnsv4_ev) |
870 | dnsv4_ev_watcher .set<vpn, &vpn::dnsv4_ev > (this); |
| 792 | #endif |
871 | #endif |
| 793 | , tap_ev_watcher (this, &vpn::tap_ev) |
872 | tap_ev_watcher .set<vpn, &vpn::tap_ev > (this); |
| 794 | { |
|
|
| 795 | } |
873 | } |
| 796 | |
874 | |
| 797 | vpn::~vpn () |
875 | vpn::~vpn () |
| 798 | { |
876 | { |
| 799 | } |
877 | } |
