X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_packet.c;h=b444bc9310277605e4bec46108f25bd578eeba0f;hb=a22041922f160667573e9a5ae3f4195e1668906a;hp=aaa0c7206df76877207b3e916cdaa8e7fe97f4e4;hpb=d6c50eb73ad49bd2eac67214995dff76b7a20661;p=tinc diff --git a/src/net_packet.c b/src/net_packet.c index aaa0c720..b444bc93 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1,7 +1,8 @@ /* net_packet.c -- Handles in- and outgoing VPN packets Copyright (C) 1998-2005 Ivo Timmermans, - 2000-2009 Guus Sliepen + 2000-2010 Guus Sliepen + 2010 Timothy Redaelli This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,8 +21,19 @@ #include "system.h" +#include +#include +#include +#include +#include + +#ifdef HAVE_ZLIB #include +#endif + +#ifdef HAVE_LZO #include LZO1X_H +#endif #include "splay_tree.h" #include "cipher.h" @@ -44,7 +56,9 @@ int keylifetime = 0; int keyexpires = 0; +#ifdef HAVE_LZO static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; +#endif static void send_udppacket(node_t *, vpn_packet_t *); @@ -145,40 +159,61 @@ void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) { } static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { - if(level == 10) { + if(level == 0) { + memcpy(dest, source, len); + return len; + } else if(level == 10) { +#ifdef HAVE_LZO lzo_uint lzolen = MAXSIZE; lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem); return lzolen; +#else + return -1; +#endif } else if(level < 10) { +#ifdef HAVE_ZLIB unsigned long destlen = MAXSIZE; if(compress2(dest, &destlen, source, len, level) == Z_OK) return destlen; else +#endif return -1; } else { +#ifdef HAVE_LZO lzo_uint lzolen = MAXSIZE; lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem); return lzolen; +#else + return -1; +#endif } return -1; } static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { - if(level > 9) { + if(level == 0) { + memcpy(dest, source, len); + return len; + } else if(level > 9) { +#ifdef HAVE_LZO lzo_uint lzolen = MAXSIZE; if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) return lzolen; else +#endif return -1; - } else { + } +#ifdef HAVE_ZLIB + else { unsigned long destlen = MAXSIZE; if(uncompress(dest, &destlen, source, len) == Z_OK) return destlen; else return -1; } - +#endif + return -1; } @@ -195,7 +230,7 @@ static bool try_mac(node_t *n, const vpn_packet_t *inpkt) { if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) return false; - return digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len); + return digest_verify(&n->indigest, &inpkt->seqno, inpkt->len - n->indigest.maclength, (const char *)&inpkt->seqno + inpkt->len - n->indigest.maclength); } static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { @@ -222,11 +257,13 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { /* Check the message authentication code */ - if(digest_active(&n->indigest) && !digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) { - ifdebug(TRAFFIC) logger(LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname); - return; + if(digest_active(&n->indigest)) { + inpkt->len -= n->indigest.maclength; + if(!digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname); + return; + } } - /* Decrypt the packet */ if(cipher_active(&n->incipher)) { @@ -320,7 +357,9 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { vpn_packet_t *outpkt; int origlen; size_t outlen; +#if defined(SOL_IP) && defined(IP_TOS) static int priority = 0; +#endif int origpriority; int sock; @@ -332,14 +371,16 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Make sure we have a valid key */ if(!n->status.validkey) { + time_t now = time(NULL); + ifdebug(TRAFFIC) logger(LOG_INFO, "No valid key known yet for %s (%s), forwarding via TCP", n->name, n->hostname); - if(!n->status.waitingforkey) + if(n->last_req_key + 10 < now) { send_req_key(n); - - n->status.waitingforkey = true; + n->last_req_key = now; + } send_tcppacket(n->nexthop->connection, origpkt); @@ -501,31 +542,28 @@ void broadcast_packet(const node_t *from, vpn_packet_t *packet) { static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) { splay_node_t *node; - edge_t *e; - node_t *n = NULL; + node_t *n, *found = NULL; static time_t last_hard_try = 0; time_t now = time(NULL); - for(node = edge_weight_tree->head; node; node = node->next) { - e = node->data; - - if(sockaddrcmp_noport(from, &e->address)) { - if(last_hard_try == now) - continue; - last_hard_try = now; - } + if(last_hard_try == now) + return NULL; + else + last_hard_try = now; - if(!n) - n = e->to; + for(node = node_tree->head; node; node = node->next) { + n = node->data; - if(!try_mac(e->to, pkt)) + if(n == myself || !n->status.reachable || !digest_active(&n->indigest)) continue; - n = e->to; - break; + if(try_mac(n, pkt)) { + found = n; + break; + } } - return n; + return found; } void handle_incoming_vpn_data(int sock, short events, void *data) { @@ -534,15 +572,18 @@ void handle_incoming_vpn_data(int sock, short events, void *data) { sockaddr_t from; socklen_t fromlen = sizeof from; node_t *n; + int len; - pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); + len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); - if(pkt.len < 0) { + if(len <= 0 || len > MAXSIZE) { if(!sockwouldblock(sockerrno)) logger(LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno)); return; } + pkt.len = len; + sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ n = lookup_node_udp(&from);