Tinc improvements

Daniel Schall Daniel-Schall at web.de
Mon Jan 3 19:01:46 CET 2011 

Dear Guus,

I've attached my first git commit to your repository.
It does not contain any new functionalities, but it is a first try to
interact with your git copy.

Could you please verify, if you can push this commit to your repository?
If it works, I'll send you the rest of my work, which contains:

1) some small improvements in logging
	(using flags instead of counters)

2) the multicast announcement stuff we talked about in the last months

3) an improved PMTU discovery with predictable packet sizes for the
probe packets

By the way, I've re-formatted the code to better suit your coding style.
 

Best,

Daniel
-------------- next part --------------
commit 50a9f9c9d055dbd20d81e7072f4a059e17c68118
Author: Daniel Schall <tinc-devel at mon-clan.de> 2011-01-03 18:46:51
Committer: Daniel Schall <tinc-devel at mon-clan.de> 2011-01-03 18:46:51
Parent: 4b8a5993036fccc2108fcc2550649d9b78fb1ab7 (Update the NEWS.)

add iphlpapi and other headers to have.h and configure.in
add flags to vpn_packet
--------------------------------- configure.in --------------------------------
diff --git a/configure.in b/configure.in
index 8e1ae87..b1f7d78 100644
--- a/configure.in
+++ b/configure.in
@@ -63,7 +63,7 @@
   *mingw*)
     AC_DEFINE(HAVE_MINGW, 1, [MinGW])
     [ rm -f src/device.c; cp -f src/mingw/device.c src/device.c ]
-    LIBS="$LIBS -lws2_32"
+    LIBS="$LIBS -lws2_32 -liphlpapi"
   ;;
   *)
     AC_MSG_ERROR("Unknown operating system.")
@@ -108,6 +108,15 @@
 )
 AC_CHECK_HEADERS([netinet/tcp.h netinet/ip_icmp.h netinet/icmp6.h],
   [], [], [#include "have.h"]
+)
+AC_CHECK_HEADERS([ifaddrs.h],
+  [], [], [#include "have.h"]
+)
+AC_CHECK_HEADERS([sys/sockio.h],
+  [], [], [#include "have.h"]
+)
+AC_CHECK_HEADERS([sys/sockios.h],
+  [], [], [#include "have.h"]
 )
 
 dnl Checks for typedefs, structures, and compiler characteristics.
------------------------------------ have.h -----------------------------------
diff --git a/have.h b/have.h
index 923e76a..35de33c 100644
--- a/have.h
+++ b/have.h
@@ -178,4 +178,16 @@
 #include <netinet/if_ether.h>
 #endif
 
+#ifdef HAVE_IFADDRS_H
+#include <ifaddrs.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKIO
+#include <sys/sockio.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKIOS
+#include <sys/sockios.h>
+#endif
+
 #endif /* __TINC_SYSTEM_H__ */
---------------------------------- src/net.h ----------------------------------
diff --git a/src/net.h b/src/net.h
index 55856e2..ab6bd41 100644
--- a/src/net.h
+++ b/src/net.h
@@ -31,7 +31,7 @@
 #define MTU 1518				/* 1500 bytes payload + 14 bytes ethernet header + 4 bytes VLAN tag */
 #endif
 
-#define MAXSIZE (MTU + 4 + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + MTU/64 + 20)	/* MTU + seqno + padding + HMAC + compressor overhead */
+#define MAXSIZE (MTU + 4 + 4 + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + MTU/64 + 20)	/* MTU + flags + seqno + padding + HMAC + compressor overhead */
 #define MAXBUFSIZE ((MAXSIZE > 2048 ? MAXSIZE : 2048) + 128)	/* Enough room for a request with a MAXSIZEd packet or a 8192 bits RSA key */
 
 #define MAXSOCKETS 128			/* Overkill... */
@@ -79,6 +79,11 @@
 typedef struct vpn_packet_t {
 	length_t len;				/* the actual number of bytes in the `data' field */
 	int priority;				/* priority or TOS */
+	struct {
+		uint32_t local:1;		/* is this packet sent to a local interface? */
+		uint32_t pmtud:1;		/* is this packet used for PMTU discovery? */
+		uint32_t unused:30;		/* unused bits */
+	} flags;
 	uint32_t seqno;				/* 32 bits sequence number (network byte order of course) */
 	uint8_t data[MAXSIZE];
 } vpn_packet_t;
------------------------------- src/net_packet.c ------------------------------
diff --git a/src/net_packet.c b/src/net_packet.c
index aef5534..5556326 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -72,6 +72,7 @@
 
 void send_mtu_probe(node_t *n) {
 	vpn_packet_t packet;
+	memset(&packet.flags, 0, sizeof(packet.flags));
 	int len, i;
 	int timeout = 1;
 	
@@ -238,12 +239,12 @@
 static bool try_mac(const node_t *n, const vpn_packet_t *inpkt) {
 	unsigned char hmac[EVP_MAX_MD_SIZE];
 
-	if(!n->indigest || !n->inmaclength || !n->inkey || inpkt->len < sizeof inpkt->seqno + n->inmaclength)
+	if(!n->indigest || !n->inmaclength || !n->inkey || inpkt->len < sizeof inpkt->seqno + sizeof inpkt->flags + n->inmaclength)
 		return false;
 
-	HMAC(n->indigest, n->inkey, n->inkeylength, (unsigned char *) &inpkt->seqno, inpkt->len - n->inmaclength, (unsigned char *)hmac, NULL);
+	HMAC(n->indigest, n->inkey, n->inkeylength, (unsigned char *) &inpkt->seqno, inpkt->len - sizeof inpkt->flags - n->inmaclength, (unsigned char *)hmac, NULL);
 
-	return !memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - n->inmaclength, n->inmaclength);
+	return !memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - sizeof inpkt->flags - n->inmaclength, n->inmaclength);
 }
 
 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
@@ -260,6 +261,10 @@
 					n->name, n->hostname);
 		return;
 	}
+
+	/* Remove flags */
+
+	inpkt->len -= sizeof(inpkt->flags);
 
 	/* Check packet length */
 
@@ -367,6 +372,7 @@
 
 void receive_tcppacket(connection_t *c, char *buffer, int len) {
 	vpn_packet_t outpkt;
+	memset(&outpkt.flags, 0, sizeof(outpkt.flags));
 
 	outpkt.len = len;
 	if(c->options & OPTION_TCPONLY)
@@ -475,6 +481,10 @@
 		inpkt->len += n->outmaclength;
 	}
 
+	/* Add flags (not encrypted) */
+
+	inpkt->len += sizeof(inpkt->flags);
+
 	/* Determine which socket we have to use */
 
 	for(sock = 0; sock < listen_sockets; sock++)
@@ -574,29 +584,28 @@
 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
 	avl_node_t *node;
 	edge_t *e;
-	node_t *n = NULL;
 	static time_t last_hard_try = 0;
 
-	for(node = edge_weight_tree->head; node; node = node->next) {
+	for (node = edge_weight_tree->head; node; node = node->next) {
 		e = node->data;
 
-		if(sockaddrcmp_noport(from, &e->address)) {
-			if(last_hard_try == now)
-				continue;
-			last_hard_try = now;
+		if (sockaddrcmp_noport(from, &e->address)) {
+			//			if(last_hard_try == now)
+			//				continue;
+			//			last_hard_try = now;
+			continue;
 		}
 
-		if(!n)
-			n = e->to;
+		//		if(!n)
+		//			n = e->to;
 
-		if(!try_mac(e->to, pkt))
+		if (!try_mac(e->to, pkt)) {
 			continue;
-
-		n = e->to;
-		break;
+		}
+		return e->to;
 	}
 
-	return n;
+	return NULL;
 }
 
 void handle_incoming_vpn_data(int sock) {
@@ -606,7 +615,7 @@
 	socklen_t fromlen = sizeof(from);
 	node_t *n;
 
-	pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
+	pkt.len = recvfrom(sock, (char *) &pkt.flags, MAXSIZE, 0, &from.sa, &fromlen);
 
 	if(pkt.len < 0) {
 		if(!sockwouldblock(sockerrno))

More information about the tinc-devel mailing list