X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol.c;h=d5bb675935c954356f01613d95661d4d718ba7ef;hb=66e535a729dd5a9e45600ab74dc19c2b4062ee96;hp=6740cb0d30ede6ef0a1ecc3cad79f17da049b05f;hpb=e8e7379311ca3bf6e1fdd7d0f477a43e510e2317;p=tinc

diff --git a/src/protocol.c b/src/protocol.c
index 6740cb0d..d5bb6759 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: protocol.c,v 1.28.4.15 2000/06/29 13:04:15 guus Exp $
+    $Id: protocol.c,v 1.28.4.24 2000/08/08 17:07:48 guus Exp $
 */
 
 #include "config.h"
@@ -34,6 +34,8 @@
 #include <utils.h>
 #include <xalloc.h>
 
+#include <netinet/in.h>
+
 #include "conf.h"
 #include "encr.h"
 #include "net.h"
@@ -120,6 +122,31 @@ cp
   return 0;
 }
 
+/* Evil hack - TCP tunneling is bad */
+int send_tcppacket(conn_list_t *cl, void *data, int len)
+{
+cp
+  if(debug_lvl > 3)
+    syslog(LOG_DEBUG, _("Sending PACKET to %s (%s)"),
+	   cl->vpn_hostname, cl->real_hostname);
+
+  buflen = snprintf(buffer, MAXBUFSIZE, "%d %d\n", PACKET, len);
+
+  if((write(cl->meta_socket, buffer, buflen)) < 0)
+    {
+      syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__);
+      return -1;
+    }
+    
+  if((write(cl->meta_socket, data, len)) < 0)
+    {
+      syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__);
+      return -1;
+    }
+cp
+  return 0;
+}
+
 int send_ping(conn_list_t *cl)
 {
 cp
@@ -391,6 +418,7 @@ cp
 
 int basic_info_h(conn_list_t *cl)
 {
+  conn_list_t *old;
 cp
   if(debug_lvl > 1)
     syslog(LOG_DEBUG, _("Got BASIC_INFO from %s"), cl->real_hostname);
@@ -413,12 +441,29 @@ cp
 
   if(cl->status.outgoing)
     {
+      /* First check if the host we connected to is already in our
+         connection list. If so, we are probably making a loop, which
+         is not desirable.
+       */
+       
+      if((old=lookup_conn(cl->vpn_ip)))
+        {
+          if(debug_lvl>0)
+            syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"),
+              cl->vpn_hostname, cl->real_hostname);
+          cl->status.outgoing = 0;
+          old->status.outgoing = 1;
+          terminate_connection(cl);
+          return 0;
+        }
+
       if(setup_vpn_connection(cl) < 0)
 	return -1;
       send_basic_info(cl);
     }
   else
     {
+        
       if(setup_vpn_connection(cl) < 0)
 	return -1;
       send_passphrase(cl);
@@ -471,7 +516,8 @@ cp
   if(verify_passphrase(cl, g_n))
     {
       /* intruder! */
-      syslog(LOG_ERR, _("Intruder: passphrase does not match!"));
+      syslog(LOG_ERR, _("Intruder from %s: passphrase for %s does not match!"),
+              cl->real_hostname, cl->vpn_hostname);
       return -1;
     }
 
@@ -483,12 +529,18 @@ cp
 
       /* Okay, before we active the connection, we check if there is another entry
          in the connection list with the same vpn_ip. If so, it presumably is an
-         old connection that has timed out but we don't know it yet. Because our
-         conn_list entry is not active, lookup_conn will skip ourself. */
-
-      while(old = lookup_conn(cl->vpn_ip)) 
-        terminate_connection(old);
+         old connection that has timed out but we don't know it yet.
+       */
 
+      while((old = lookup_conn(cl->vpn_ip))) 
+        {
+          if(debug_lvl > 1)
+            syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"),
+            cl->vpn_hostname, old->real_hostname, cl->real_hostname);
+          old->status.active = 0;
+          terminate_connection(old);
+        }
+        
       cl->status.active = 1;
 
       if(debug_lvl > 0)
@@ -511,7 +563,8 @@ cp
   
   cl->status.active = 1;
 
-  syslog(LOG_NOTICE, _("Connection with %s (%s) activated"),
+  if(debug_lvl > 0)
+    syslog(LOG_NOTICE, _("Connection with %s (%s) activated"),
               cl->vpn_hostname, cl->real_hostname);
 
   notify_others(cl, NULL, send_add_host);
@@ -538,11 +591,6 @@ cp
   
   cl->status.termreq = 1;
 
-  if(cl->status.active)
-    notify_others(cl, NULL, send_del_host);
-
-  cl->status.active = 0;
-
   terminate_connection(cl);
 cp
   return 0;
@@ -594,6 +642,15 @@ cp
       return 0;
     }
 
+  /* Connections lists are really messed up if this happens */
+  if(vpn_ip == myself->vpn_ip)
+    {
+      syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"),
+               cl->vpn_hostname, cl->real_hostname);
+      sighup = 1;
+      return 0;
+    }
+
   if(debug_lvl > 1)
     syslog(LOG_DEBUG, _("Got DEL_HOST for %s (%s) from %s (%s)"),
            fw->vpn_hostname, fw->real_hostname, cl->vpn_hostname, cl->real_hostname);
@@ -608,6 +665,41 @@ cp
   return 0;
 }
 
+int tcppacket_h(conn_list_t *cl)
+{
+  int len;
+cp
+  if(!cl->status.active)
+    {
+      syslog(LOG_ERR, _("Got unauthorized PACKET from %s (%s)"),
+              cl->vpn_hostname, cl->real_hostname);
+      return -1;
+    }
+
+  if(sscanf(cl->buffer, "%*d %d", &len) != 1)
+    {
+       syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"),
+              cl->vpn_hostname, cl->real_hostname);
+       return -1;
+    }  
+
+  if(len > MTU)
+    {
+       syslog(LOG_ERR, _("Got too big PACKET from %s (%s)"),
+              cl->vpn_hostname, cl->real_hostname);
+       return -1;
+    }  
+
+  if(debug_lvl > 3)
+    syslog(LOG_DEBUG, _("Got PACKET length %d from %s (%s)"), len,
+              cl->vpn_hostname, cl->real_hostname);
+
+  cl->tcppacket=len;
+cp
+  return 0;
+}
+
+
 int ping_h(conn_list_t *cl)
 {
 cp
@@ -672,8 +764,33 @@ cp
        return -1;
     }  
 
-  while(old = lookup_conn(vpn_ip))
-      terminate_connection(old);
+  if((old = lookup_conn(vpn_ip)))
+    {
+      if((real_ip==old->real_ip) && (vpn_mask==old->vpn_mask) && (port==old->port))
+        {
+          if(debug_lvl>1)
+            syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"),
+                   old->vpn_hostname, old->real_hostname, cl->vpn_hostname, cl->real_hostname);
+          goto skip_add_host;  /* One goto a day keeps the deeply nested if constructions away. */
+        }
+      else
+        {
+          if(debug_lvl>1)
+            syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"),
+                   old->vpn_hostname, old->real_hostname);
+          old->status.active = 0;
+          terminate_connection(old);
+        }
+    }
+  
+  /* Connections lists are really messed up if this happens */
+  if(vpn_ip == myself->vpn_ip)
+    {
+      syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"),
+               cl->vpn_hostname, cl->real_hostname);
+      sighup = 1;
+      return 0;
+    }
     
   ncn = new_conn_list();
   ncn->real_ip = real_ip;
@@ -693,6 +810,8 @@ cp
            ncn->vpn_hostname, ncn->real_hostname, cl->vpn_hostname, cl->real_hostname);
 
   notify_others(ncn, cl, send_add_host);
+
+skip_add_host:
 cp
   return 0;
 }
@@ -906,13 +1025,19 @@ int (*request_handlers[256])(conn_list_t*) = {
   0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
   0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
   0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  tcppacket_h, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
   0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
   req_key_h, ans_key_h, key_changed_h, 0, 0, 0, 0, 0, 0, 0,
   0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0
 };