1 | /* |
1 | /* |
2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008,2010,2011 Marc Lehmann <gvpe@schmorp.de> |
4 | |
4 | |
5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
6 | |
6 | |
7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
… | |
… | |
135 | fcntl (fd, F_SETFL, O_NONBLOCK); |
135 | fcntl (fd, F_SETFL, O_NONBLOCK); |
136 | fcntl (fd, F_SETFD, FD_CLOEXEC); |
136 | fcntl (fd, F_SETFD, FD_CLOEXEC); |
137 | |
137 | |
138 | #ifdef SO_MARK |
138 | #ifdef SO_MARK |
139 | if (::conf.nfmark) |
139 | if (::conf.nfmark) |
140 | setsockopt (ipv4_fd, SOL_SOCKET, SO_MARK, &::conf.nfmark, sizeof ::conf.nfmark); |
140 | if (setsockopt (fd, SOL_SOCKET, SO_MARK, &::conf.nfmark, sizeof ::conf.nfmark)) |
|
|
141 | slog (L_WARN, _("unable to set nfmark on %s socket: %s"), strprotocol (prot), strerror (errno)); |
141 | #endif |
142 | #endif |
142 | |
143 | |
143 | return fd; |
144 | return fd; |
144 | } |
145 | } |
145 | |
146 | |
… | |
… | |
481 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst (), pkt->len); |
482 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst (), pkt->len); |
482 | |
483 | |
483 | if (src == 0 || src > conns.size () |
484 | if (src == 0 || src > conns.size () |
484 | || dst > conns.size () |
485 | || dst > conns.size () |
485 | || pkt->typ () >= vpn_packet::PT_MAX) |
486 | || pkt->typ () >= vpn_packet::PT_MAX) |
486 | slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)."), |
|
|
487 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ()); |
|
|
488 | else if (dst > conns.size ()) |
|
|
489 | slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)."), |
487 | slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)."), |
490 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ()); |
488 | (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ()); |
491 | else |
489 | else |
492 | { |
490 | { |
493 | connection *c = conns[src - 1]; |
491 | connection *c = conns[src - 1]; |
… | |
… | |
520 | return send_ipv4_packet (pkt, si, tos); |
518 | return send_ipv4_packet (pkt, si, tos); |
521 | |
519 | |
522 | case PROT_UDPv4: |
520 | case PROT_UDPv4: |
523 | return send_udpv4_packet (pkt, si, tos); |
521 | return send_udpv4_packet (pkt, si, tos); |
524 | |
522 | |
525 | #if ENABLE_TCP |
523 | #if ENABLE_TCP |
526 | case PROT_TCPv4: |
524 | case PROT_TCPv4: |
527 | return send_tcpv4_packet (pkt, si, tos); |
525 | return send_tcpv4_packet (pkt, si, tos); |
528 | #endif |
526 | #endif |
529 | #if ENABLE_ICMP |
527 | #if ENABLE_ICMP |
530 | case PROT_ICMPv4: |
528 | case PROT_ICMPv4: |
… | |
… | |
558 | if (len > 0) |
556 | if (len > 0) |
559 | { |
557 | { |
560 | pkt->len = len; |
558 | pkt->len = len; |
561 | |
559 | |
562 | // raw sockets deliver the ipv4 header, but don't expect it on sends |
560 | // raw sockets deliver the ipv4 header, but don't expect it on sends |
563 | pkt->skip_hdr (IP_OVERHEAD); |
561 | pkt->skip_hdr (pkt->ipv4_hdr_len ()); |
564 | |
562 | |
565 | recv_vpn_packet (pkt, si); |
563 | recv_vpn_packet (pkt, si); |
566 | } |
564 | } |
567 | else |
565 | else |
568 | { |
566 | { |
… | |
… | |
605 | if (hdr->type == ::conf.icmp_type |
603 | if (hdr->type == ::conf.icmp_type |
606 | && hdr->code == 255) |
604 | && hdr->code == 255) |
607 | { |
605 | { |
608 | // raw sockets deliver the ipv4, but don't expect it on sends |
606 | // raw sockets deliver the ipv4, but don't expect it on sends |
609 | // this is slow, but... |
607 | // this is slow, but... |
610 | pkt->skip_hdr (ICMP_OVERHEAD); |
608 | pkt->skip_hdr (pkt->ipv4_hdr_len () + (ICMP_OVERHEAD - IP_OVERHEAD)); |
611 | |
609 | |
612 | recv_vpn_packet (pkt, si); |
610 | recv_vpn_packet (pkt, si); |
613 | } |
611 | } |
614 | } |
612 | } |
615 | else |
613 | else |
… | |
… | |
757 | |
755 | |
758 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
756 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
759 | (*c)->establish_connection (); |
757 | (*c)->establish_connection (); |
760 | } |
758 | } |
761 | |
759 | |
|
|
760 | bool |
762 | bool vpn::can_direct (conf_node *src, conf_node *dst) const |
761 | vpn::can_direct (conf_node *src, conf_node *dst) const |
763 | { |
762 | { |
764 | return src != dst |
763 | return src != dst |
765 | && src->may_direct (dst) |
764 | && src->may_direct (dst) |
766 | && dst->may_direct (src) |
765 | && dst->may_direct (src) |
767 | && (((src->protocols & dst->protocols) && src->connectmode == conf_node::C_ALWAYS) |
766 | && (((src->protocols & dst->protocols) && src->connectmode == conf_node::C_ALWAYS) |
768 | || (src->protocols & dst->connectable_protocols ())); |
767 | || (src->protocols & dst->connectable_protocols ())); |
769 | } |
768 | } |
770 | |
769 | |
771 | // only works for indirect and routed connections: find a router |
770 | // only works for indirect and routed connections: find a router |
772 | // from THISNODE to dst |
771 | // from THISNODE to dst |
|
|
772 | connection * |
773 | connection *vpn::find_router_for (const connection *dst) |
773 | vpn::find_router_for (const connection *dst) |
774 | { |
774 | { |
775 | connection *router = 0; |
775 | connection *router = 0; |
776 | |
776 | |
777 | // first try to find a router with a direct connection, route there |
777 | // first try to find a router with a direct connection, route there |
778 | // regardless of any other considerations. |
778 | // regardless of any other considerations. |
… | |
… | |
817 | } |
817 | } |
818 | |
818 | |
819 | return router; |
819 | return router; |
820 | } |
820 | } |
821 | |
821 | |
|
|
822 | void |
822 | void vpn::connection_established (connection *c) |
823 | vpn::connection_established (connection *c) |
823 | { |
824 | { |
824 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
825 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
825 | { |
826 | { |
826 | connection *o = *i; |
827 | connection *o = *i; |
827 | |
828 | |
… | |
… | |
835 | o->rekey (); |
836 | o->rekey (); |
836 | } |
837 | } |
837 | } |
838 | } |
838 | } |
839 | } |
839 | |
840 | |
|
|
841 | void |
840 | void vpn::send_connect_request (connection *c) |
842 | vpn::send_connect_request (connection *c) |
841 | { |
843 | { |
842 | connection *r = find_router_for (c); |
844 | connection *r = find_router_for (c); |
843 | |
845 | |
844 | if (r) |
846 | if (r) |
845 | { |
847 | { |