along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net_packet.c,v 1.1.2.44 2003/12/12 19:52:25 guus Exp $
+ $Id: net_packet.c,v 1.1.2.49 2003/12/27 16:32:52 guus Exp $
*/
#include "system.h"
#include "conf.h"
#include "connection.h"
#include "device.h"
+#include "ethernet.h"
#include "event.h"
#include "graph.h"
#include "list.h"
#include "utils.h"
#include "xalloc.h"
+#ifdef WSAEMSGSIZE
+#define EMSGSIZE WSAEMSGSIZE
+#endif
+
int keylifetime = 0;
int keyexpires = 0;
+bool strictsource = true;
EVP_CIPHER_CTX packet_ctx;
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
+static void send_udppacket(node_t *, vpn_packet_t *);
#define MAX_SEQNO 1073741824
+void send_mtu_probe(node_t *n)
+{
+ vpn_packet_t packet;
+ int len, i;
+
+ cp();
+
+ n->mtuprobes++;
+ n->mtuevent = NULL;
+
+ if(n->mtuprobes >= 10 && !n->minmtu) {
+ ifdebug(TRAFFIC) logger(LOG_INFO, _("No response to MTU probes from %s (%s)"), n->name, n->hostname);
+ return;
+ }
+
+ for(i = 0; i < 3; i++) {
+ if(n->mtuprobes >= 30 || n->minmtu >= n->maxmtu) {
+ n->mtu = n->minmtu;
+ ifdebug(TRAFFIC) logger(LOG_INFO, _("Fixing MTU of %s (%s) to %d after %d probes"), n->name, n->hostname, n->mtu, n->mtuprobes);
+ return;
+ }
+
+ len = n->minmtu + 1 + random() % (n->maxmtu - n->minmtu);
+ if(len < 64)
+ len = 64;
+
+ memset(packet.data, 0, 14);
+ RAND_pseudo_bytes(packet.data + 14, len - 14);
+ packet.len = len;
+
+ ifdebug(TRAFFIC) logger(LOG_INFO, _("Sending MTU probe length %d to %s (%s)"), len, n->name, n->hostname);
+
+ send_udppacket(n, &packet);
+ }
+
+ n->mtuevent = xmalloc(sizeof(*n->mtuevent));
+ n->mtuevent->handler = (event_handler_t)send_mtu_probe;
+ n->mtuevent->data = n;
+ n->mtuevent->time = now + 1;
+ event_add(n->mtuevent);
+}
+
+void mtu_probe_h(node_t *n, vpn_packet_t *packet) {
+ ifdebug(TRAFFIC) logger(LOG_INFO, _("Got MTU probe length %d from %s (%s)"), packet->len, n->name, n->hostname);
+
+ if(!packet->data[0]) {
+ packet->data[0] = 1;
+ send_packet(n, packet);
+ } else {
+ if(n->minmtu < packet->len)
+ n->minmtu = packet->len;
+ }
+}
+
static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level)
{
if(level == 10) {
route(n, packet);
}
+static bool authenticate_udppacket(node_t *n, vpn_packet_t *inpkt) {
+ char hmac[EVP_MAX_MD_SIZE];
+
+ if(inpkt->len < sizeof(inpkt->seqno) + (myself->digest ? myself->maclength : 0))
+ return false;
+
+ /* Check the message authentication code */
+
+ if(myself->digest && myself->maclength) {
+ HMAC(myself->digest, myself->key, myself->keylength,
+ (char *) &inpkt->seqno, inpkt->len - myself->maclength, hmac, NULL);
+
+ if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - myself->maclength, myself->maclength))
+ return false;
+ }
+
+ return true;
+}
+
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
{
vpn_packet_t pkt1, pkt2;
int nextpkt = 0;
vpn_packet_t *outpkt = pkt[0];
int outlen, outpad;
- char hmac[EVP_MAX_MD_SIZE];
int i;
cp();
- /* Check packet length */
-
- if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) {
- ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"),
- n->name, n->hostname);
+ if(!authenticate_udppacket(n, inpkt)) {
+ ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
+ n->name, n->hostname);
return;
}
- /* Check the message authentication code */
-
- if(myself->digest && myself->maclength) {
- inpkt->len -= myself->maclength;
- HMAC(myself->digest, myself->key, myself->keylength,
- (char *) &inpkt->seqno, inpkt->len, hmac, NULL);
-
- if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) {
- ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
- n->name, n->hostname);
- return;
- }
- }
+ inpkt->len -= myself->digest ? myself->maclength : 0;
/* Decrypt the packet */
if(n->connection)
n->connection->last_ping_time = now;
- receive_packet(n, inpkt);
+ if(!inpkt->data[12] && !inpkt->data[13])
+ mtu_probe_h(n, inpkt);
+ else
+ receive_packet(n, inpkt);
}
void receive_tcppacket(connection_t *c, char *buffer, int len)
|| !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
- return;
+ goto end;
}
outpkt->len = outlen + outpad;
#endif
if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) {
- logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno));
- return;
+ if(errno == EMSGSIZE) {
+ if(n->maxmtu >= origlen)
+ n->maxmtu = origlen - 1;
+ if(n->mtu >= origlen)
+ n->mtu = origlen - 1;
+ } else
+ logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno));
}
+end:
inpkt->len = origlen;
}
cp();
if(n == myself) {
+ if(overwrite_mac)
+ memcpy(packet->data, mymac.x, ETH_ALEN);
write_packet(packet);
return;
}
sockaddr_t from;
socklen_t fromlen = sizeof(from);
node_t *n;
+ static time_t lasttime = 0;
cp();
n = lookup_node_udp(&from);
+ if(!n && !strictsource && myself->digest && myself->maclength && lasttime != now) {
+ avl_node_t *node;
+
+ lasttime = now;
+
+ for(node = node_tree->head; node; node = node->next) {
+ n = node->data;
+
+ if(authenticate_udppacket(n, &pkt)) {
+ update_node_address(n, &from);
+ logger(LOG_DEBUG, _("Updated address of node %s to %s"), n->name, n->hostname);
+ break;
+ }
+ }
+ }
+
if(!n) {
hostname = sockaddr2hostname(&from);
- logger(LOG_WARNING, _("Received UDP packet from unknown source %s"),
- hostname);
+ logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname);
free(hostname);
return;
}