From: Guus Sliepen Date: Thu, 25 Dec 2014 17:13:24 +0000 (+0100) Subject: Merge remote-tracking branch 'groxxda/gui-fixes' into 1.1 X-Git-Tag: release-1.1pre11~10 X-Git-Url: https://www.tinc-vpn.org/git/browse?a=commitdiff_plain;h=266afc6c63d3d02584feb24b69063f97057daac8;hp=c269a17ca4d4e4946a3f8ab05da8cdd338d97ffb;p=tinc Merge remote-tracking branch 'groxxda/gui-fixes' into 1.1 --- diff --git a/src/Makefile.am b/src/Makefile.am index c48e3fdd..02d7ec2b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -21,7 +21,6 @@ ed25519_SOURCES = \ ed25519/keypair.c \ ed25519/precomp_data.h \ ed25519/sc.c ed25519/sc.h \ - ed25519/seed.c \ ed25519/sha512.c ed25519/sha512.h \ ed25519/sign.c \ ed25519/verify.c diff --git a/src/bsd/device.c b/src/bsd/device.c index d0d0b58c..d1a993bb 100644 --- a/src/bsd/device.c +++ b/src/bsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction BSD tun/tap device Copyright (C) 2001-2005 Ivo Timmermans, - 2001-2013 Guus Sliepen + 2001-2014 Guus Sliepen 2009 Grzegorz Dymarek This program is free software; you can redistribute it and/or modify @@ -222,10 +222,10 @@ static bool read_packet(vpn_packet_t *packet) { #ifdef ENABLE_TUNEMU case DEVICE_TYPE_TUNEMU: if(device_type == DEVICE_TYPE_TUNEMU) - inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14); + inlen = tunemu_read(device_fd, DATA(packet) + 14, MTU - 14); else #endif - inlen = read(device_fd, packet->data + 14, MTU - 14); + inlen = read(device_fd, DATA(packet) + 14, MTU - 14); if(inlen <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, @@ -233,29 +233,29 @@ static bool read_packet(vpn_packet_t *packet) { return false; } - switch(packet->data[14] >> 4) { + switch(DATA(packet)[14] >> 4) { case 4: - packet->data[12] = 0x08; - packet->data[13] = 0x00; + DATA(packet)[12] = 0x08; + DATA(packet)[13] = 0x00; break; case 6: - packet->data[12] = 0x86; - packet->data[13] = 0xDD; + DATA(packet)[12] = 0x86; + DATA(packet)[13] = 0xDD; break; default: logger(DEBUG_TRAFFIC, LOG_ERR, "Unknown IP version %d while reading packet from %s %s", - packet->data[14] >> 4, device_info, device); + DATA(packet)[14] >> 4, device_info, device); return false; } - memset(packet->data, 0, 12); + memset(DATA(packet), 0, 12); packet->len = inlen + 14; break; case DEVICE_TYPE_TUNIFHEAD: { u_int32_t type; - struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, MTU - 14}}; + struct iovec vector[2] = {{&type, sizeof type}, {DATA(packet) + 14, MTU - 14}}; if((inlen = readv(device_fd, vector, 2)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, @@ -265,13 +265,13 @@ static bool read_packet(vpn_packet_t *packet) { switch (ntohl(type)) { case AF_INET: - packet->data[12] = 0x08; - packet->data[13] = 0x00; + DATA(packet)[12] = 0x08; + DATA(packet)[13] = 0x00; break; case AF_INET6: - packet->data[12] = 0x86; - packet->data[13] = 0xDD; + DATA(packet)[12] = 0x86; + DATA(packet)[13] = 0xDD; break; default: @@ -281,13 +281,13 @@ static bool read_packet(vpn_packet_t *packet) { return false; } - memset(packet->data, 0, 12); + memset(DATA(packet), 0, 12); packet->len = inlen + 10; break; } case DEVICE_TYPE_TAP: - if((inlen = read(device_fd, packet->data, MTU)) <= 0) { + if((inlen = read(device_fd, DATA(packet), MTU)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); return false; @@ -312,7 +312,7 @@ static bool write_packet(vpn_packet_t *packet) { switch(device_type) { case DEVICE_TYPE_TUN: - if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { + if(write(device_fd, DATA(packet) + 14, packet->len - 14) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info, device, strerror(errno)); return false; @@ -321,10 +321,10 @@ static bool write_packet(vpn_packet_t *packet) { case DEVICE_TYPE_TUNIFHEAD: { u_int32_t type; - struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, packet->len - 14}}; + struct iovec vector[2] = {{&type, sizeof type}, {DATA(packet) + 14, packet->len - 14}}; int af; - af = (packet->data[12] << 8) + packet->data[13]; + af = (DATA(packet)[12] << 8) + DATA(packet)[13]; switch (af) { case 0x0800: @@ -349,7 +349,7 @@ static bool write_packet(vpn_packet_t *packet) { } case DEVICE_TYPE_TAP: - if(write(device_fd, packet->data, packet->len) < 0) { + if(write(device_fd, DATA(packet), packet->len) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info, device, strerror(errno)); return false; @@ -358,7 +358,7 @@ static bool write_packet(vpn_packet_t *packet) { #ifdef ENABLE_TUNEMU case DEVICE_TYPE_TUNEMU: - if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) { + if(tunemu_write(device_fd, DATA(packet) + 14, packet->len - 14) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info, device, strerror(errno)); return false; diff --git a/src/cygwin/device.c b/src/cygwin/device.c index d522b4f4..4c3a60d9 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Windows tap driver in a Cygwin environment Copyright (C) 2002-2005 Ivo Timmermans, - 2002-2013 Guus Sliepen + 2002-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -227,7 +227,7 @@ static void close_device(void) { static bool read_packet(vpn_packet_t *packet) { int inlen; - if((inlen = read(sp[0], packet->data, MTU)) <= 0) { + if((inlen = read(sp[0], DATA(packet), MTU)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); return false; @@ -247,7 +247,7 @@ static bool write_packet(vpn_packet_t *packet) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info); - if(!WriteFile (device_handle, packet->data, packet->len, &outlen, NULL)) { + if(!WriteFile (device_handle, DATA(packet), packet->len, &outlen, NULL)) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info, device, winerror(GetLastError())); return false; } diff --git a/src/ed25519/seed.c b/src/ed25519/seed.c deleted file mode 100644 index ca4089c1..00000000 --- a/src/ed25519/seed.c +++ /dev/null @@ -1,40 +0,0 @@ -#include "ed25519.h" - -#ifndef ED25519_NO_SEED - -#ifdef _WIN32 -#include -#include -#else -#include -#endif - -int ed25519_create_seed(unsigned char *seed) { -#ifdef _WIN32 - HCRYPTPROV prov; - - if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - return 1; - } - - if (!CryptGenRandom(prov, 32, seed)) { - CryptReleaseContext(prov, 0); - return 1; - } - - CryptReleaseContext(prov, 0); -#else - FILE *f = fopen("/dev/urandom", "rb"); - - if (f == NULL) { - return 1; - } - - fread(seed, 1, 32, f); - fclose(f); -#endif - - return 0; -} - -#endif \ No newline at end of file diff --git a/src/graph.c b/src/graph.c index 690f4bd5..70d65731 100644 --- a/src/graph.c +++ b/src/graph.c @@ -275,13 +275,6 @@ static void check_reachability(void) { update_node_udp(n, NULL); memset(&n->status, 0, sizeof n->status); n->options = 0; - } else if(n->connection) { - if(n->status.sptps) { - if(n->connection->outgoing) - send_req_key(n); - } else { - send_ans_key(n); - } } } diff --git a/src/hash.c b/src/hash.c index 8fb9ca69..91fc3d67 100644 --- a/src/hash.c +++ b/src/hash.c @@ -91,6 +91,13 @@ void *hash_search_or_insert(hash_t *hash, const void *key, const void *value) { return NULL; } +/* Deleting */ + +void hash_delete(hash_t *hash, const void *key) { + uint32_t i = modulo(hash_function(key, hash->size), hash->n); + hash->values[i] = NULL; +} + /* Utility functions */ void hash_clear(hash_t *hash) { diff --git a/src/hash.h b/src/hash.h index 83ed6aff..30a15fb2 100644 --- a/src/hash.h +++ b/src/hash.h @@ -31,6 +31,7 @@ extern hash_t *hash_alloc(size_t n, size_t size) __attribute__ ((__malloc__)); extern void hash_free(hash_t *); extern void hash_insert(hash_t *, const void *key, const void *value); +extern void hash_delete(hash_t *, const void *key); extern void *hash_search(const hash_t *, const void *key); extern void *hash_search_or_insert(hash_t *, const void *key, const void *value); diff --git a/src/info.c b/src/info.c index c9b00946..b9a6fcf9 100644 --- a/src/info.c +++ b/src/info.c @@ -50,6 +50,7 @@ static int info_node(int fd, const char *item) { char line[4096]; char node[4096]; + char id[4096]; char from[4096]; char to[4096]; char subnet[4096]; @@ -68,12 +69,12 @@ static int info_node(int fd, const char *item) { long int last_state_change; while(recvline(fd, line, sizeof line)) { - int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %"PRIx32" %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, &status_union.raw, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change); + int n = sscanf(line, "%d %d %s %s %s port %s %d %d %d %d %x %"PRIx32" %s %s %d %hd %hd %hd %ld", &code, &req, node, id, host, port, &cipher, &digest, &maclength, &compression, &options, &status_union.raw, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change); if(n == 2) break; - if(n != 18) { + if(n != 19) { fprintf(stderr, "Unable to parse node dump from tincd.\n"); return 1; } @@ -95,6 +96,7 @@ static int info_node(int fd, const char *item) { } printf("Node: %s\n", item); + printf("Node ID: %s\n", id); printf("Address: %s port %s\n", host, port); char timestr[32] = "never"; diff --git a/src/invitation.c b/src/invitation.c index 28f9f8ce..dff8d5fe 100644 --- a/src/invitation.c +++ b/src/invitation.c @@ -787,7 +787,7 @@ ask_netname: } -static bool invitation_send(void *handle, uint8_t type, const char *data, size_t len) { +static bool invitation_send(void *handle, uint8_t type, const void *data, size_t len) { while(len) { int result = send(sock, data, len, 0); if(result == -1 && errno == EINTR) @@ -800,7 +800,7 @@ static bool invitation_send(void *handle, uint8_t type, const char *data, size_t return true; } -static bool invitation_receive(void *handle, uint8_t type, const char *msg, uint16_t len) { +static bool invitation_receive(void *handle, uint8_t type, const void *msg, uint16_t len) { switch(type) { case SPTPS_HANDSHAKE: return sptps_send_record(&sptps, 0, cookie, sizeof cookie); diff --git a/src/linux/device.c b/src/linux/device.c index cfd99ff4..5717d920 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Linux ethertap and tun/tap device Copyright (C) 2001-2005 Ivo Timmermans, - 2001-2013 Guus Sliepen + 2001-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -105,6 +105,14 @@ static bool setup_device(void) { logger(DEBUG_ALWAYS, LOG_INFO, "%s is a %s", device, device_info); + if(ifr.ifr_flags & IFF_TAP) { + struct ifreq ifr_mac = {}; + if(!ioctl(device_fd, SIOCGIFHWADDR, &ifr_mac)) + memcpy(mymac.x, ifr_mac.ifr_hwaddr.sa_data, ETH_ALEN); + else + logger(DEBUG_ALWAYS, LOG_WARNING, "Could not get MAC address of %s: %s", device, strerror(errno)); + } + return true; } @@ -123,7 +131,7 @@ static bool read_packet(vpn_packet_t *packet) { switch(device_type) { case DEVICE_TYPE_TUN: - inlen = read(device_fd, packet->data + 10, MTU - 10); + inlen = read(device_fd, DATA(packet) + 10, MTU - 10); if(inlen <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", @@ -131,11 +139,11 @@ static bool read_packet(vpn_packet_t *packet) { return false; } - memset(packet->data, 0, 12); + memset(DATA(packet), 0, 12); packet->len = inlen + 10; break; case DEVICE_TYPE_TAP: - inlen = read(device_fd, packet->data, MTU); + inlen = read(device_fd, DATA(packet), MTU); if(inlen <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", @@ -161,15 +169,15 @@ static bool write_packet(vpn_packet_t *packet) { switch(device_type) { case DEVICE_TYPE_TUN: - packet->data[10] = packet->data[11] = 0; - if(write(device_fd, packet->data + 10, packet->len - 10) < 0) { + DATA(packet)[10] = DATA(packet)[11] = 0; + if(write(device_fd, DATA(packet) + 10, packet->len - 10) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); return false; } break; case DEVICE_TYPE_TAP: - if(write(device_fd, packet->data, packet->len) < 0) { + if(write(device_fd, DATA(packet), packet->len) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); return false; diff --git a/src/meta.c b/src/meta.c index fbd3e26f..73769d9a 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,6 +1,6 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2013 Guus Sliepen , + Copyright (C) 2000-2014 Guus Sliepen , 2000-2005 Ivo Timmermans 2006 Scott Lamb @@ -30,7 +30,7 @@ #include "utils.h" #include "xalloc.h" -bool send_meta_sptps(void *handle, uint8_t type, const char *buffer, size_t length) { +bool send_meta_sptps(void *handle, uint8_t type, const void *buffer, size_t length) { connection_t *c = handle; if(!c) { @@ -80,7 +80,8 @@ void broadcast_meta(connection_t *from, const char *buffer, int length) { send_meta(c, buffer, length); } -bool receive_meta_sptps(void *handle, uint8_t type, const char *data, uint16_t length) { +bool receive_meta_sptps(void *handle, uint8_t type, const void *vdata, uint16_t length) { + const char *data = vdata; connection_t *c = handle; if(!c) { diff --git a/src/meta.h b/src/meta.h index 2a712283..ddc5418d 100644 --- a/src/meta.h +++ b/src/meta.h @@ -1,6 +1,6 @@ /* meta.h -- header for meta.c - Copyright (C) 2000-2012 Guus Sliepen , + Copyright (C) 2000-2014 Guus Sliepen , 2000-2005 Ivo Timmermans This program is free software; you can redistribute it and/or modify @@ -24,8 +24,8 @@ #include "connection.h" extern bool send_meta(struct connection_t *, const char *, int); -extern bool send_meta_sptps(void *, uint8_t, const char *, size_t); -extern bool receive_meta_sptps(void *, uint8_t, const char *, uint16_t); +extern bool send_meta_sptps(void *, uint8_t, const void *, size_t); +extern bool receive_meta_sptps(void *, uint8_t, const void *, uint16_t); extern void broadcast_meta(struct connection_t *, const char *, int); extern bool receive_meta(struct connection_t *); diff --git a/src/mingw/device.c b/src/mingw/device.c index 6ee26e7b..19719a7a 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Windows tap driver in a MinGW environment Copyright (C) 2002-2005 Ivo Timmermans, - 2002-2013 Guus Sliepen + 2002-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -236,7 +236,7 @@ static bool write_packet(vpn_packet_t *packet) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info); - if(!WriteFile(device_handle, packet->data, packet->len, &outlen, &overlapped)) { + if(!WriteFile(device_handle, DATA(packet), packet->len, &outlen, &overlapped)) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info, device, winerror(GetLastError())); return false; } diff --git a/src/multicast_device.c b/src/multicast_device.c index 4d5f10a1..931a8d02 100644 --- a/src/multicast_device.c +++ b/src/multicast_device.c @@ -162,13 +162,13 @@ static void close_device(void) { static bool read_packet(vpn_packet_t *packet) { int lenin; - if((lenin = recv(device_fd, (void *)packet->data, MTU, 0)) <= 0) { + if((lenin = recv(device_fd, DATA(packet), MTU, 0)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, sockstrerror(sockerrno)); return false; } - if(!memcmp(&ignore_src, packet->data + 6, sizeof ignore_src)) { + if(!memcmp(&ignore_src, DATA(packet) + 6, sizeof ignore_src)) { logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Ignoring loopback packet of %d bytes from %s", lenin, device_info); return false; } @@ -185,13 +185,13 @@ static bool write_packet(vpn_packet_t *packet) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info); - if(sendto(device_fd, (void *)packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) { + if(sendto(device_fd, DATA(packet), packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, sockstrerror(sockerrno)); return false; } - memcpy(&ignore_src, packet->data + 6, sizeof ignore_src); + memcpy(&ignore_src, DATA(packet) + 6, sizeof ignore_src); return true; } diff --git a/src/net.h b/src/net.h index d8aa64cd..dcc99a4a 100644 --- a/src/net.h +++ b/src/net.h @@ -32,8 +32,8 @@ #define MTU 1518 /* 1500 bytes payload + 14 bytes ethernet header + 4 bytes VLAN tag */ #endif -/* MAXSIZE is the maximum size of an encapsulated packet: MTU + seqno + padding + HMAC + compressor overhead */ -#define MAXSIZE (MTU + 4 + CIPHER_MAX_BLOCK_SIZE + DIGEST_MAX_SIZE + MTU/64 + 20) +/* MAXSIZE is the maximum size of an encapsulated packet: MTU + seqno + srcid + dstid + padding + HMAC + compressor overhead */ +#define MAXSIZE (MTU + 4 + sizeof(node_id_t) + sizeof(node_id_t) + CIPHER_MAX_BLOCK_SIZE + DIGEST_MAX_SIZE + MTU/64 + 20) /* MAXBUFSIZE is the maximum size of a request: enough for a MAXSIZEd packet or a 8192 bits RSA key */ #define MAXBUFSIZE ((MAXSIZE > 2048 ? MAXSIZE : 2048) + 128) @@ -52,7 +52,12 @@ typedef struct ipv6_t { uint16_t x[8]; } ipv6_t; +typedef struct node_id_t { + uint8_t x[6]; +} node_id_t; + typedef short length_t; +typedef uint32_t seqno_t; #define AF_UNKNOWN 255 @@ -80,10 +85,16 @@ typedef union sockaddr_t { #define SALEN(s) (s.sa_family==AF_INET?sizeof(struct sockaddr_in):sizeof(struct sockaddr_in6)) #endif +#define SEQNO(x) ((x)->data + (x)->offset - 4) +#define SRCID(x) ((node_id_t *)((x)->data + (x)->offset - 6)) +#define DSTID(x) ((node_id_t *)((x)->data + (x)->offset - 12)) +#define DATA(x) ((x)->data + (x)->offset) +#define DEFAULT_PACKET_OFFSET 12 + typedef struct vpn_packet_t { - length_t len; /* the actual number of bytes in the `data' field */ + length_t len; /* The actual number of valid bytes in the `data' field (including seqno or dstid/srcid) */ + length_t offset; /* Offset in the buffer where the packet data starts (righter after seqno or dstid/srcid) */ int priority; /* priority or TOS */ - uint32_t seqno; /* 32 bits sequence number (network byte order of course) */ uint8_t data[MAXSIZE]; } vpn_packet_t; @@ -172,8 +183,8 @@ extern void handle_new_meta_connection(void *, int); extern void handle_new_unix_connection(void *, int); extern int setup_listen_socket(const sockaddr_t *); extern int setup_vpn_in_socket(const sockaddr_t *); -extern bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len); -extern bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len); +extern bool send_sptps_data(void *handle, uint8_t type, const void *data, size_t len); +extern bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len); extern void send_packet(struct node_t *, vpn_packet_t *); extern void receive_tcppacket(struct connection_t *, const char *, int); extern void broadcast_packet(const struct node_t *, vpn_packet_t *); diff --git a/src/net_packet.c b/src/net_packet.c index b9f1957b..c1461091 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1,7 +1,7 @@ /* net_packet.c -- Handles in- and outgoing VPN packets Copyright (C) 1998-2005 Ivo Timmermans, - 2000-2013 Guus Sliepen + 2000-2014 Guus Sliepen 2010 Timothy Redaelli 2010 Brandon Black @@ -139,8 +139,9 @@ static void send_mtu_probe_handler(void *data) { len = 64; vpn_packet_t packet; - memset(packet.data, 0, 14); - randomize(packet.data + 14, len - 14); + packet.offset = DEFAULT_PACKET_OFFSET; + memset(DATA(&packet), 0, 14); + randomize(DATA(&packet) + 14, len - 14); packet.len = len; packet.priority = 0; n->status.send_locally = i >= 4 && n->mtuprobes <= 10 && n->prevedge; @@ -176,24 +177,24 @@ void send_mtu_probe(node_t *n) { } static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) { - if(!packet->data[0]) { + if(!DATA(packet)[0]) { logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe request %d from %s (%s)", packet->len, n->name, n->hostname); /* It's a probe request, send back a reply */ /* Type 2 probe replies were introduced in protocol 17.3 */ if ((n->options >> 24) >= 3) { - uint8_t* data = packet->data; + uint8_t *data = DATA(packet); *data++ = 2; uint16_t len16 = htons(len); memcpy(data, &len16, 2); data += 2; struct timeval now; gettimeofday(&now, NULL); uint32_t sec = htonl(now.tv_sec); memcpy(data, &sec, 4); data += 4; uint32_t usec = htonl(now.tv_usec); memcpy(data, &usec, 4); data += 4; - packet->len = data - packet->data; + packet->len -= 10; } else { /* Legacy protocol: n won't understand type 2 probe replies. */ - packet->data[0] = 1; + DATA(packet)[0] = 1; } /* Temporarily set udp_confirmed, so that the reply is sent @@ -205,14 +206,14 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) { n->status.udp_confirmed = udp_confirmed; } else { length_t probelen = len; - if (packet->data[0] == 2) { + if (DATA(packet)[0] == 2) { if (len < 3) logger(DEBUG_TRAFFIC, LOG_WARNING, "Received invalid (too short) MTU probe reply from %s (%s)", n->name, n->hostname); else { - uint16_t probelen16; memcpy(&probelen16, packet->data + 1, 2); probelen = ntohs(probelen16); + uint16_t probelen16; memcpy(&probelen16, DATA(packet) + 1, 2); probelen = ntohs(probelen16); } } - logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d MTU probe reply %d from %s (%s)", packet->data[0], probelen, n->name, n->hostname); + logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d MTU probe reply %d from %s (%s)", DATA(packet)[0], probelen, n->name, n->hostname); /* It's a valid reply: now we know bidirectional communication is possible using the address and socket that the reply @@ -254,9 +255,9 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) { timersub(&now, &n->probe_time, &diff); struct timeval probe_timestamp = now; - if (packet->data[0] == 2 && packet->len >= 11) { - uint32_t sec; memcpy(&sec, packet->data + 3, 4); - uint32_t usec; memcpy(&usec, packet->data + 7, 4); + if (DATA(packet)[0] == 2 && packet->len >= 11) { + uint32_t sec; memcpy(&sec, DATA(packet) + 3, 4); + uint32_t usec; memcpy(&usec, DATA(packet) + 7, 4); probe_timestamp.tv_sec = ntohl(sec); probe_timestamp.tv_usec = ntohl(usec); } @@ -348,19 +349,21 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) { static bool try_mac(node_t *n, const vpn_packet_t *inpkt) { if(n->status.sptps) - return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len); + return sptps_verify_datagram(&n->sptps, DATA(inpkt), inpkt->len); - if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) + if(!digest_active(n->indigest) || inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) return false; - return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest)); + return digest_verify(n->indigest, SEQNO(inpkt), inpkt->len - digest_length(n->indigest), DATA(inpkt) + inpkt->len - digest_length(n->indigest)); } -static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { +static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t pkt1, pkt2; vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; int nextpkt = 0; size_t outlen; + pkt1.offset = DEFAULT_PACKET_OFFSET; + pkt2.offset = DEFAULT_PACKET_OFFSET; if(n->status.sptps) { if(!n->sptps.state) { @@ -370,32 +373,40 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { } else { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname); } - return; + return false; } - sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len); - return; + inpkt->offset += 2 * sizeof(node_id_t); + if(!sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len - 2 * sizeof(node_id_t))) { + logger(DEBUG_TRAFFIC, LOG_ERR, "Got bad packet from %s (%s)", n->name, n->hostname); + return false; + } + return true; } if(!n->status.validkey) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname); - return; + return false; } /* Check packet length */ - if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) { + if(inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)", n->name, n->hostname); - return; + return false; } + /* It's a legacy UDP packet, the data starts after the seqno */ + + inpkt->offset += sizeof(seqno_t); + /* Check the message authentication code */ if(digest_active(n->indigest)) { inpkt->len -= digest_length(n->indigest); - if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) { + if(!digest_verify(n->indigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname); - return; + return false; } } /* Decrypt the packet */ @@ -404,9 +415,9 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t *outpkt = pkt[nextpkt++]; outlen = MAXSIZE; - if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) { + if(!cipher_decrypt(n->incipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname); - return; + return false; } outpkt->len = outlen; @@ -415,38 +426,40 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { /* Check the sequence number */ - inpkt->len -= sizeof inpkt->seqno; - inpkt->seqno = ntohl(inpkt->seqno); + seqno_t seqno; + memcpy(&seqno, SEQNO(inpkt), sizeof seqno); + seqno = ntohl(seqno); + inpkt->len -= sizeof seqno; if(replaywin) { - if(inpkt->seqno != n->received_seqno + 1) { - if(inpkt->seqno >= n->received_seqno + replaywin * 8) { + if(seqno != n->received_seqno + 1) { + if(seqno >= n->received_seqno + replaywin * 8) { if(n->farfuture++ < replaywin >> 2) { logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)", - n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture); - return; + n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture); + return false; } logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)", - inpkt->seqno - n->received_seqno - 1, n->name, n->hostname); + seqno - n->received_seqno - 1, n->name, n->hostname); memset(n->late, 0, replaywin); - } else if (inpkt->seqno <= n->received_seqno) { - if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) { + } else if (seqno <= n->received_seqno) { + if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) { logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d", - n->name, n->hostname, inpkt->seqno, n->received_seqno); - return; + n->name, n->hostname, seqno, n->received_seqno); + return false; } } else { - for(int i = n->received_seqno + 1; i < inpkt->seqno; i++) + for(int i = n->received_seqno + 1; i < seqno; i++) n->late[(i / 8) % replaywin] |= 1 << i % 8; } } n->farfuture = 0; - n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8); + n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8); } - if(inpkt->seqno > n->received_seqno) - n->received_seqno = inpkt->seqno; + if(seqno > n->received_seqno) + n->received_seqno = seqno; n->received++; @@ -460,10 +473,10 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { if(n->incompression) { vpn_packet_t *outpkt = pkt[nextpkt++]; - if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) { + if((outpkt->len = uncompress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->incompression)) < 0) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)", n->name, n->hostname); - return; + return false; } inpkt = outpkt; @@ -473,16 +486,18 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { inpkt->priority = 0; - if(!inpkt->data[12] && !inpkt->data[13]) + if(!DATA(inpkt)[12] && !DATA(inpkt)[13]) mtu_probe_h(n, inpkt, origlen); else receive_packet(n, inpkt); + return true; } void receive_tcppacket(connection_t *c, const char *buffer, int len) { vpn_packet_t outpkt; + outpkt.offset = DEFAULT_PACKET_OFFSET; - if(len > sizeof outpkt.data) + if(len > sizeof outpkt.data - outpkt.offset) return; outpkt.len = len; @@ -490,30 +505,46 @@ void receive_tcppacket(connection_t *c, const char *buffer, int len) { outpkt.priority = 0; else outpkt.priority = -1; - memcpy(outpkt.data, buffer, len); + memcpy(DATA(&outpkt), buffer, len); receive_packet(c->node, &outpkt); } +static bool try_sptps(node_t *n) { + if(n->status.validkey) + return true; + + /* If n is a TCP-only neighbor, we'll only use "cleartext" PACKET + messages anyway, so there's no need for SPTPS at all. */ + if(n->connection && ((myself->options | n->options) & OPTION_TCPONLY)) + return false; + + logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname); + + if(!n->status.waitingforkey) + send_req_key(n); + else if(n->last_req_key + 10 < now.tv_sec) { + logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name); + sptps_stop(&n->sptps); + n->status.waitingforkey = false; + send_req_key(n); + } + + return false; +} + static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) { - if(!n->status.validkey) { - logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname); - if(!n->status.waitingforkey) - send_req_key(n); - else if(n->last_req_key + 10 < now.tv_sec) { - logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name); - sptps_stop(&n->sptps); - n->status.waitingforkey = false; - send_req_key(n); - } + /* Note: condition order is as intended - even if we have a direct + metaconnection, we want to try SPTPS anyway as it's the only way to + get UDP going */ + if(!try_sptps(n) && !n->connection) return; - } uint8_t type = 0; int offset = 0; - if(!(origpkt->data[12] | origpkt->data[13])) { - sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len); + if(!(DATA(origpkt)[12] | DATA(origpkt)[13])) { + sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len); return; } @@ -528,7 +559,8 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) { vpn_packet_t outpkt; if(n->outcompression) { - int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression); + outpkt.offset = 0; + int len = compress_packet(DATA(&outpkt) + offset, DATA(origpkt) + offset, origpkt->len - offset, n->outcompression); if(len < 0) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname); } else if(len < origpkt->len - offset) { @@ -538,7 +570,14 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) { } } - sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset); + /* If we have a direct metaconnection to n, and we can't use UDP, then + don't bother with SPTPS and just use a "plaintext" PACKET message. + We don't really care about end-to-end security since we're not + sending the message through any intermediate nodes. */ + if(n->connection && origpkt->len > n->minmtu) + send_tcppacket(n->connection, origpkt); + else + sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset); return; } @@ -631,6 +670,9 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { int origpriority = origpkt->priority; #endif + pkt1.offset = DEFAULT_PACKET_OFFSET; + pkt2.offset = DEFAULT_PACKET_OFFSET; + if(!n->status.reachable) { logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname); return; @@ -656,7 +698,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { return; } - if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) { + if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (DATA(inpkt)[12] | DATA(inpkt)[13])) { logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) larger than minimum MTU, forwarding via %s", n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP"); @@ -674,7 +716,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { if(n->outcompression) { outpkt = pkt[nextpkt++]; - if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) { + if((outpkt->len = compress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->outcompression)) < 0) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname); return; @@ -685,8 +727,9 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Add sequence number */ - inpkt->seqno = htonl(++(n->sent_seqno)); - inpkt->len += sizeof inpkt->seqno; + seqno_t seqno = htonl(++(n->sent_seqno)); + memcpy(SEQNO(inpkt), &seqno, sizeof seqno); + inpkt->len += sizeof seqno; /* Encrypt the packet */ @@ -694,7 +737,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { outpkt = pkt[nextpkt++]; outlen = MAXSIZE; - if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) { + if(!cipher_encrypt(n->outcipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname); goto end; } @@ -706,7 +749,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Add the message authentication code */ if(digest_active(n->outdigest)) { - if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) { + if(!digest_create(n->outdigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) { logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname); goto end; } @@ -734,7 +777,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { } #endif - if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { + if(sendto(listen_socket[sock].udp.fd, SEQNO(inpkt), inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { if(sockmsgsize(sockerrno)) { if(n->maxmtu >= origlen) n->maxmtu = origlen - 1; @@ -748,44 +791,67 @@ end: origpkt->len = origlen; } -bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) { - node_t *to = handle; +static bool send_sptps_data_priv(node_t *to, node_t *from, int type, const void *data, size_t len) { + node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop; + bool direct = from == myself && to == relay; + bool relay_supported = (relay->options >> 24) >= 4; + bool tcponly = (myself->options | relay->options) & OPTION_TCPONLY; - /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */ + /* We don't really need the relay's key, but we need to establish a UDP tunnel with it and discover its MTU. */ + if (!direct && relay_supported && !tcponly) + try_sptps(relay); - if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > to->minmtu)) { + /* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU. + TODO: When relaying, the original sender does not know the end-to-end PMTU (it only knows the PMTU of the first hop). + This can lead to scenarios where large packets are sent over UDP to relay, but then relay has no choice but fall back to TCP. */ + + if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) { char buf[len * 4 / 3 + 5]; b64encode(data, buf, len); /* If no valid key is known yet, send the packets using ANS_KEY requests, to ensure we get to learn the reflexive UDP address. */ - if(!to->status.validkey) { + if(from == myself && !to->status.validkey) { to->incompression = myself->incompression; - return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, to->incompression); + return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression); } else { - return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf); + return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, REQ_SPTPS, buf); } } - /* Otherwise, send the packet via UDP */ + size_t overhead = 0; + if(relay_supported) overhead += sizeof to->id + sizeof from->id; + char buf[len + overhead]; char* buf_ptr = buf; + if(relay_supported) { + if(direct) { + /* Inform the recipient that this packet was sent directly. */ + node_id_t nullid = {}; + memcpy(buf_ptr, &nullid, sizeof nullid); buf_ptr += sizeof nullid; + } else { + memcpy(buf_ptr, &to->id, sizeof to->id); buf_ptr += sizeof to->id; + } + memcpy(buf_ptr, &from->id, sizeof from->id); buf_ptr += sizeof from->id; + + } + /* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */ + memcpy(buf_ptr, data, len); buf_ptr += len; const sockaddr_t *sa = NULL; int sock; - - if(to->status.send_locally) - choose_local_address(to, &sa, &sock); + if(relay->status.send_locally) + choose_local_address(relay, &sa, &sock); if(!sa) - choose_udp_address(to, &sa, &sock); - - if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { + choose_udp_address(relay, &sa, &sock); + logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname); + if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { if(sockmsgsize(sockerrno)) { // Compensate for SPTPS overhead len -= SPTPS_DATAGRAM_OVERHEAD; - if(to->maxmtu >= len) - to->maxmtu = len - 1; - if(to->mtu >= len) - to->mtu = len - 1; + if(relay->maxmtu >= len) + relay->maxmtu = len - 1; + if(relay->mtu >= len) + relay->mtu = len - 1; } else { - logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno)); + logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno)); return false; } } @@ -793,7 +859,11 @@ bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) { return true; } -bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) { +bool send_sptps_data(void *handle, uint8_t type, const void *data, size_t len) { + return send_sptps_data_priv(handle, myself, type, data, len); +} + +bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) { node_t *from = handle; if(type == SPTPS_HANDSHAKE) { @@ -811,10 +881,11 @@ bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t } vpn_packet_t inpkt; + inpkt.offset = DEFAULT_PACKET_OFFSET; if(type == PKT_PROBE) { inpkt.len = len; - memcpy(inpkt.data, data, len); + memcpy(DATA(&inpkt), data, len); mtu_probe_h(from, &inpkt, len); return true; } @@ -834,7 +905,7 @@ bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t int offset = (type & PKT_MAC) ? 0 : 14; if(type & PKT_COMPRESSED) { - length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression); + length_t ulen = uncompress_packet(DATA(&inpkt) + offset, (const uint8_t *)data, len, from->incompression); if(ulen < 0) { return false; } else { @@ -843,25 +914,25 @@ bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t if(inpkt.len > MAXSIZE) abort(); } else { - memcpy(inpkt.data + offset, data, len); + memcpy(DATA(&inpkt) + offset, data, len); inpkt.len = len + offset; } /* Generate the Ethernet packet type if necessary */ if(offset) { - switch(inpkt.data[14] >> 4) { + switch(DATA(&inpkt)[14] >> 4) { case 4: - inpkt.data[12] = 0x08; - inpkt.data[13] = 0x00; + DATA(&inpkt)[12] = 0x08; + DATA(&inpkt)[13] = 0x00; break; case 6: - inpkt.data[12] = 0x86; - inpkt.data[13] = 0xDD; + DATA(&inpkt)[12] = 0x86; + DATA(&inpkt)[13] = 0xDD; break; default: logger(DEBUG_TRAFFIC, LOG_ERR, "Unknown IP version %d while reading packet from %s (%s)", - inpkt.data[14] >> 4, from->name, from->hostname); + DATA(&inpkt)[14] >> 4, from->name, from->hostname); return false; } } @@ -878,7 +949,7 @@ void send_packet(node_t *n, vpn_packet_t *packet) { if(n == myself) { if(overwrite_mac) - memcpy(packet->data, mymac.x, ETH_ALEN); + memcpy(DATA(packet), mymac.x, ETH_ALEN); n->out_packets++; n->out_bytes += packet->len; devops.write(packet); @@ -990,12 +1061,14 @@ void handle_incoming_vpn_data(void *data, int flags) { listen_socket_t *ls = data; vpn_packet_t pkt; char *hostname; - sockaddr_t from = {{0}}; - socklen_t fromlen = sizeof from; - node_t *n; - int len; + node_id_t nullid = {}; + sockaddr_t addr = {}; + socklen_t addrlen = sizeof addr; + node_t *from, *to; + bool direct = false; - len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); + pkt.offset = 0; + int len = recvfrom(ls->udp.fd, DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen); if(len <= 0 || len > MAXSIZE) { if(!sockwouldblock(sockerrno)) @@ -1005,32 +1078,76 @@ void handle_incoming_vpn_data(void *data, int flags) { pkt.len = len; - sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ + sockaddrunmap(&addr); /* Some braindead IPv6 implementations do stupid things. */ - n = lookup_node_udp(&from); + // Try to figure out who sent this packet. + + node_t *n = lookup_node_udp(&addr); + + if(!n) { + // It might be from a 1.1 node, which might have a source ID in the packet. + pkt.offset = 2 * sizeof(node_id_t); + from = lookup_node_id(SRCID(&pkt)); + if(from && !memcmp(DSTID(&pkt), &nullid, sizeof nullid) && from->status.sptps) { + if(sptps_verify_datagram(&from->sptps, DATA(&pkt), pkt.len - 2 * sizeof(node_id_t))) + n = from; + else + goto skip_harder; + } + } + + if(!n) { + pkt.offset = 0; + n = try_harder(&addr, &pkt); + } +skip_harder: if(!n) { - n = try_harder(&from, &pkt); - if(n) - update_node_udp(n, &from); - else if(debug_level >= DEBUG_PROTOCOL) { - hostname = sockaddr2hostname(&from); + if(debug_level >= DEBUG_PROTOCOL) { + hostname = sockaddr2hostname(&addr); logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname); free(hostname); + } + return; + } + + if(n->status.sptps) { + pkt.offset = 2 * sizeof(node_id_t); + + if(!memcmp(DSTID(&pkt), &nullid, sizeof nullid)) { + direct = true; + from = n; + to = myself; + } else { + from = lookup_node_id(SRCID(&pkt)); + to = lookup_node_id(DSTID(&pkt)); + } + if(!from || !to) { + logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from %s (%s) with unknown source and/or destination ID", n->name, n->hostname); return; } - else + + if(to != myself) { + send_sptps_data_priv(to, n, 0, DATA(&pkt), pkt.len - 2 * sizeof(node_id_t)); return; + } + } else { + direct = true; + from = n; } - n->sock = ls - listen_socket; + pkt.offset = 0; + if(!receive_udppacket(from, &pkt)) + return; - receive_udppacket(n, &pkt); + n->sock = ls - listen_socket; + if(direct && sockaddrcmp(&addr, &n->address)) + update_node_udp(n, &addr); } void handle_device_data(void *data, int flags) { vpn_packet_t packet; - + packet.offset = DEFAULT_PACKET_OFFSET; packet.priority = 0; if(devops.read(&packet)) { diff --git a/src/net_setup.c b/src/net_setup.c index 665e3c66..a7ed3a89 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -44,6 +44,7 @@ #include "xalloc.h" char *myport; +static char *myname; static io_t device_io; devops_t devops; bool device_standby = false; @@ -715,7 +716,7 @@ void device_enable(void) { xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); - xasprintf(&envp[3], "NAME=%s", myself->name); + xasprintf(&envp[3], "NAME=%s", myname); execute_script("tinc-up", envp); @@ -728,7 +729,7 @@ void device_disable(void) { xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); - xasprintf(&envp[3], "NAME=%s", myself->name); + xasprintf(&envp[3], "NAME=%s", myname); execute_script("tinc-down", envp); @@ -752,6 +753,7 @@ static bool setup_myself(void) { return false; } + myname = xstrdup(name); myself = new_node(); myself->connection = new_connection(); myself->name = name; @@ -1112,7 +1114,7 @@ void close_network_connections(void) { if (!device_standby) device_disable(); - if(myport) free(myport); + free(myport); if (device_fd >= 0) io_del(&device_io); @@ -1121,5 +1123,9 @@ void close_network_connections(void) { exit_control(); + free(myname); + free(scriptextension); + free(scriptinterpreter); + return; } diff --git a/src/node.c b/src/node.c index aab83ca7..e97bfaf3 100644 --- a/src/node.c +++ b/src/node.c @@ -30,8 +30,12 @@ #include "utils.h" #include "xalloc.h" +static digest_t *sha256; + splay_tree_t *node_tree; +static splay_tree_t *node_id_tree; static hash_t *node_udp_cache; +static hash_t *node_id_cache; node_t *myself; @@ -39,14 +43,26 @@ static int node_compare(const node_t *a, const node_t *b) { return strcmp(a->name, b->name); } +static int node_id_compare(const node_t *a, const node_t *b) { + return memcmp(&a->id, &b->id, sizeof(node_id_t)); +} + void init_nodes(void) { + sha256 = digest_open_by_name("sha256", sizeof(node_id_t)); + node_tree = splay_alloc_tree((splay_compare_t) node_compare, (splay_action_t) free_node); + node_id_tree = splay_alloc_tree((splay_compare_t) node_id_compare, NULL); node_udp_cache = hash_alloc(0x100, sizeof(sockaddr_t)); + node_id_cache = hash_alloc(0x100, sizeof(node_id_t)); } void exit_nodes(void) { + hash_free(node_id_cache); hash_free(node_udp_cache); + splay_delete_tree(node_id_tree); splay_delete_tree(node_tree); + + digest_close(sha256); } node_t *new_node(void) { @@ -93,16 +109,23 @@ void free_node(node_t *n) { } void node_add(node_t *n) { + digest_create(sha256, n->name, strlen(n->name), &n->id); + splay_insert(node_tree, n); + splay_insert(node_id_tree, n); } void node_del(node_t *n) { + hash_delete(node_udp_cache, &n->address); + hash_delete(node_id_cache, &n->id); + for splay_each(subnet_t, s, n->subnet_tree) subnet_del(n, s); for splay_each(edge_t, e, n->edge_tree) edge_del(e); + splay_delete(node_id_tree, n); splay_delete(node_tree, n); } @@ -114,6 +137,18 @@ node_t *lookup_node(char *name) { return splay_search(node_tree, &n); } +node_t *lookup_node_id(const node_id_t *id) { + node_t *n = hash_search(node_id_cache, id); + if(!n) { + node_t tmp = {.id = *id}; + n = splay_search(node_id_tree, &tmp); + if(n) + hash_insert(node_id_cache, id, n); + } + + return n; +} + node_t *lookup_node_udp(const sockaddr_t *sa) { return hash_search(node_udp_cache, sa); } @@ -124,7 +159,7 @@ void update_node_udp(node_t *n, const sockaddr_t *sa) { return; } - hash_insert(node_udp_cache, &n->address, NULL); + hash_delete(node_udp_cache, &n->address); if(sa) { n->address = *sa; @@ -140,15 +175,27 @@ void update_node_udp(node_t *n, const sockaddr_t *sa) { n->hostname = sockaddr2hostname(&n->address); logger(DEBUG_PROTOCOL, LOG_DEBUG, "UDP address of %s set to %s", n->name, n->hostname); } + + /* invalidate UDP information - note that this is a security feature as well to make sure + we can't be tricked into flooding any random address with UDP packets */ + n->status.udp_confirmed = false; + n->mtuprobes = 0; + n->minmtu = 0; + n->maxmtu = MTU; } bool dump_nodes(connection_t *c) { - for splay_each(node_t, n, node_tree) - send_request(c, "%d %d %s %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", CONTROL, REQ_DUMP_NODES, - n->name, n->hostname ?: "unknown port unknown", cipher_get_nid(n->outcipher), + for splay_each(node_t, n, node_tree) { + char id[2 * sizeof n->id + 1]; + for (size_t c = 0; c < sizeof n->id; ++c) + sprintf(id + 2 * c, "%02hhx", n->id.x[c]); + id[sizeof id - 1] = 0; + send_request(c, "%d %d %s %s %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", CONTROL, REQ_DUMP_NODES, + n->name, id, n->hostname ?: "unknown port unknown", cipher_get_nid(n->outcipher), digest_get_nid(n->outdigest), (int)digest_length(n->outdigest), n->outcompression, n->options, bitfield_to_int(&n->status, sizeof n->status), n->nexthop ? n->nexthop->name : "-", n->via ? n->via->name ?: "-" : "-", n->distance, n->mtu, n->minmtu, n->maxmtu, (long)n->last_state_change); + } return send_request(c, "%d %d", CONTROL, REQ_DUMP_NODES); } diff --git a/src/node.h b/src/node.h index 605477e5..b6db18b3 100644 --- a/src/node.h +++ b/src/node.h @@ -43,6 +43,7 @@ typedef struct node_status_t { typedef struct node_t { char *name; /* name of this node */ + node_id_t id; /* unique node ID (name hash) */ uint32_t options; /* options turned on for this node */ int sock; /* Socket to use for outgoing UDP packets */ @@ -111,6 +112,7 @@ extern void free_node(node_t *); extern void node_add(node_t *); extern void node_del(node_t *); extern node_t *lookup_node(char *); +extern node_t *lookup_node_id(const node_id_t *); extern node_t *lookup_node_udp(const sockaddr_t *); extern bool dump_nodes(struct connection_t *); extern bool dump_traffic(struct connection_t *); diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c index 6c5cbc88..5b866b0b 100644 --- a/src/openssl/crypto.c +++ b/src/openssl/crypto.c @@ -1,6 +1,6 @@ /* crypto.c -- Cryptographic miscellaneous functions and initialisation - Copyright (C) 2007-2013 Guus Sliepen + Copyright (C) 2007-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -25,8 +25,65 @@ #include "../crypto.h" +#ifndef HAVE_MINGW + +static int random_fd = -1; + +static void random_init(void) { + random_fd = open("/dev/urandom", O_RDONLY); + if(random_fd < 0) + random_fd = open("/dev/random", O_RDONLY); + if(random_fd < 0) { + fprintf(stderr, "Could not open source of random numbers: %s\n", strerror(errno)); + abort(); + } +} + +static void random_exit(void) { + close(random_fd); +} + +void randomize(void *out, size_t outlen) { + while(outlen) { + size_t len = read(random_fd, out, outlen); + if(len <= 0) { + if(errno == EAGAIN || errno == EINTR) + continue; + fprintf(stderr, "Could not read random numbers: %s\n", strerror(errno)); + abort(); + } + out += len; + outlen -= len; + } +} + +#else + +#include +HCRYPTPROV prov; + +void random_init(void) { + if(!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { + fprintf(stderr, "CryptAcquireContext() failed!\n"); + abort(); + } +} + +void random_exit(void) { + CryptReleaseContext(prov, 0); +} + +void randomize(void *out, size_t outlen) { + if(!CryptGenRandom(prov, outlen, out)) { + fprintf(stderr, "CryptGenRandom() failed\n"); + abort(); + } +} + +#endif + void crypto_init(void) { - RAND_load_file("/dev/urandom", 1024); + random_init(); ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); @@ -42,8 +99,7 @@ void crypto_init(void) { void crypto_exit(void) { EVP_cleanup(); -} - -void randomize(void *out, size_t outlen) { - RAND_pseudo_bytes(out, outlen); + ERR_free_strings(); + ENGINE_cleanup(); + random_exit(); } diff --git a/src/protocol.h b/src/protocol.h index 1a1fb3f8..080d50c1 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -26,7 +26,7 @@ /* Protocol version. Different major versions are incompatible. */ #define PROT_MAJOR 17 -#define PROT_MINOR 3 /* Should not exceed 255! */ +#define PROT_MINOR 4 /* Should not exceed 255! */ /* Silly Windows */ diff --git a/src/protocol_auth.c b/src/protocol_auth.c index ac486ea6..47c248db 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -198,7 +198,7 @@ static bool finalize_invitation(connection_t *c, const char *data, uint16_t len) return true; } -static bool receive_invitation_sptps(void *handle, uint8_t type, const char *data, uint16_t len) { +static bool receive_invitation_sptps(void *handle, uint8_t type, const void *data, uint16_t len) { connection_t *c = handle; if(type == 128) @@ -379,13 +379,13 @@ bool id_h(connection_t *c, const char *request) { } if(experimental) - if(!read_ecdsa_public_key(c)) - return false; - } else { - if(c->protocol_minor && !ecdsa_active(c->ecdsa)) - c->protocol_minor = 1; + read_ecdsa_public_key(c); + /* Ignore failures if no key known yet */ } + if(c->protocol_minor && !ecdsa_active(c->ecdsa)) + c->protocol_minor = 1; + /* Forbid version rollback for nodes whose Ed25519 key we know */ if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) { @@ -421,7 +421,7 @@ bool send_metakey(connection_t *c) { if(!(c->outdigest = digest_open_sha1(-1))) return false; - size_t len = rsa_size(c->rsa); + const size_t len = rsa_size(c->rsa); char key[len]; char enckey[len]; char hexkey[2 * len + 1]; @@ -480,7 +480,7 @@ bool send_metakey(connection_t *c) { bool metakey_h(connection_t *c, const char *request) { char hexkey[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; - size_t len = rsa_size(myself->connection->rsa); + const size_t len = rsa_size(myself->connection->rsa); char enckey[len]; char key[len]; @@ -540,7 +540,7 @@ bool metakey_h(connection_t *c, const char *request) { } bool send_challenge(connection_t *c) { - size_t len = rsa_size(c->rsa); + const size_t len = rsa_size(c->rsa); char buffer[len * 2 + 1]; if(!c->hischallenge) @@ -561,7 +561,7 @@ bool send_challenge(connection_t *c) { bool challenge_h(connection_t *c, const char *request) { char buffer[MAX_STRING_SIZE]; - size_t len = rsa_size(myself->connection->rsa); + const size_t len = rsa_size(myself->connection->rsa); size_t digestlen = digest_length(c->indigest); char digest[digestlen]; @@ -726,7 +726,21 @@ static bool upgrade_h(connection_t *c, const char *request) { } if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) { - logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname); + char *knownkey = ecdsa_get_base64_public_key(c->ecdsa); + bool different = strcmp(knownkey, pubkey); + free(knownkey); + if(different) { + logger(DEBUG_ALWAYS, LOG_ERR, "Already have an Ed25519 public key from %s (%s) which is different from the one presented now!", c->name, c->hostname); + return false; + } + logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), ignoring.", c->name, c->hostname); + c->allow_request = TERMREQ; + return send_termreq(c); + } + + c->ecdsa = ecdsa_set_base64_public_key(pubkey); + if(!c->ecdsa) { + logger(DEBUG_ALWAYS, LOG_INFO, "Got bad Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname); return false; } diff --git a/src/protocol_key.c b/src/protocol_key.c index abde7772..8b19d900 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -1,7 +1,7 @@ /* protocol_key.c -- handle the meta-protocol, key exchange Copyright (C) 1999-2005 Ivo Timmermans, - 2000-2013 Guus Sliepen + 2000-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -87,7 +87,7 @@ bool key_changed_h(connection_t *c, const char *request) { return true; } -static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data, size_t len) { +static bool send_initial_sptps_data(void *handle, uint8_t type, const void *data, size_t len) { node_t *to = handle; to->sptps.send_data = send_sptps_data; char buf[len * 4 / 3 + 5]; @@ -255,6 +255,7 @@ bool req_key_h(connection_t *c, const char *request) { return true; } + /* TODO: forwarding SPTPS packets in this way is inefficient because we send them over TCP without checking for UDP connectivity */ send_request(to->nexthop->connection, "%s", request); } @@ -398,7 +399,9 @@ bool ans_key_h(connection_t *c, const char *request) { update_node_udp(from, &sa); } - if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY)) + /* Don't send probes if we can't send UDP packets directly to that node. + TODO: the indirect (via) condition can change at any time as edges are added and removed, so this should probably be moved to graph.c. */ + if((from->via == myself || from->via == from) && from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY)) send_mtu_probe(from); } diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 022438ec..713dacf1 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -131,7 +131,7 @@ bool send_tcppacket(connection_t *c, const vpn_packet_t *packet) { if(!send_request(c, "%d %hd", PACKET, packet->len)) return false; - return send_meta(c, (char *)packet->data, packet->len); + return send_meta(c, (char *)DATA(packet), packet->len); } bool tcppacket_h(connection_t *c, const char *request) { diff --git a/src/raw_socket_device.c b/src/raw_socket_device.c index a8c2c861..eb38be26 100644 --- a/src/raw_socket_device.c +++ b/src/raw_socket_device.c @@ -93,7 +93,7 @@ static void close_device(void) { static bool read_packet(vpn_packet_t *packet) { int inlen; - if((inlen = read(device_fd, packet->data, MTU)) <= 0) { + if((inlen = read(device_fd, DATA(packet), MTU)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); return false; @@ -111,7 +111,7 @@ static bool write_packet(vpn_packet_t *packet) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info); - if(write(device_fd, packet->data, packet->len) < 0) { + if(write(device_fd, DATA(packet), packet->len) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); return false; diff --git a/src/route.c b/src/route.c index 17f1c71a..27851469 100644 --- a/src/route.c +++ b/src/route.c @@ -115,16 +115,16 @@ static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *pac /* Find TCP header */ int start = ether_size; - uint16_t type = packet->data[12] << 8 | packet->data[13]; + uint16_t type = DATA(packet)[12] << 8 | DATA(packet)[13]; if(type == ETH_P_8021Q) { start += 4; - type = packet->data[16] << 8 | packet->data[17]; + type = DATA(packet)[16] << 8 | DATA(packet)[17]; } - if(type == ETH_P_IP && packet->data[start + 9] == 6) - start += (packet->data[start] & 0xf) * 4; - else if(type == ETH_P_IPV6 && packet->data[start + 6] == 6) + if(type == ETH_P_IP && DATA(packet)[start + 9] == 6) + start += (DATA(packet)[start] & 0xf) * 4; + else if(type == ETH_P_IPV6 && DATA(packet)[start + 6] == 6) start += 40; else return; @@ -133,38 +133,38 @@ static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *pac return; /* Use data offset field to calculate length of options field */ - int len = ((packet->data[start + 12] >> 4) - 5) * 4; + int len = ((DATA(packet)[start + 12] >> 4) - 5) * 4; if(packet->len < start + 20 + len) return; /* Search for MSS option header */ for(int i = 0; i < len;) { - if(packet->data[start + 20 + i] == 0) + if(DATA(packet)[start + 20 + i] == 0) break; - if(packet->data[start + 20 + i] == 1) { + if(DATA(packet)[start + 20 + i] == 1) { i++; continue; } - if(i > len - 2 || i > len - packet->data[start + 21 + i]) + if(i > len - 2 || i > len - DATA(packet)[start + 21 + i]) break; - if(packet->data[start + 20 + i] != 2) { - if(packet->data[start + 21 + i] < 2) + if(DATA(packet)[start + 20 + i] != 2) { + if(DATA(packet)[start + 21 + i] < 2) break; - i += packet->data[start + 21 + i]; + i += DATA(packet)[start + 21 + i]; continue; } - if(packet->data[start + 21] != 4) + if(DATA(packet)[start + 21] != 4) break; /* Found it */ - uint16_t oldmss = packet->data[start + 22 + i] << 8 | packet->data[start + 23 + i]; + uint16_t oldmss = DATA(packet)[start + 22 + i] << 8 | DATA(packet)[start + 23 + i]; uint16_t newmss = mtu - start - 20; - uint16_t csum = packet->data[start + 16] << 8 | packet->data[start + 17]; + uint16_t csum = DATA(packet)[start + 16] << 8 | DATA(packet)[start + 17]; if(oldmss <= newmss) break; @@ -172,23 +172,23 @@ static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *pac logger(DEBUG_TRAFFIC, LOG_INFO, "Clamping MSS of packet from %s to %s to %d", source->name, via->name, newmss); /* Update the MSS value and the checksum */ - packet->data[start + 22 + i] = newmss >> 8; - packet->data[start + 23 + i] = newmss & 0xff; + DATA(packet)[start + 22 + i] = newmss >> 8; + DATA(packet)[start + 23 + i] = newmss & 0xff; csum ^= 0xffff; csum -= oldmss; csum += newmss; csum ^= 0xffff; - packet->data[start + 16] = csum >> 8; - packet->data[start + 17] = csum & 0xff; + DATA(packet)[start + 16] = csum >> 8; + DATA(packet)[start + 17] = csum & 0xff; break; } } static void swap_mac_addresses(vpn_packet_t *packet) { mac_t tmp; - memcpy(&tmp, &packet->data[0], sizeof tmp); - memcpy(&packet->data[0], &packet->data[6], sizeof tmp); - memcpy(&packet->data[6], &tmp, sizeof tmp); + memcpy(&tmp, &DATA(packet)[0], sizeof tmp); + memcpy(&DATA(packet)[0], &DATA(packet)[6], sizeof tmp); + memcpy(&DATA(packet)[6], &tmp, sizeof tmp); } static void age_subnets(void *data) { @@ -267,7 +267,7 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_ /* Copy headers from packet into properly aligned structs on the stack */ - memcpy(&ip, packet->data + ether_size, ip_size); + memcpy(&ip, DATA(packet) + ether_size, ip_size); /* Remember original source and destination */ @@ -284,7 +284,7 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_ /* Copy first part of original contents to ICMP message */ - memmove(packet->data + ether_size + ip_size + icmp_size, packet->data + ether_size, oldlen); + memmove(DATA(packet) + ether_size + ip_size + icmp_size, DATA(packet) + ether_size, oldlen); /* Fill in IPv4 header */ @@ -309,12 +309,12 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_ icmp.icmp_cksum = 0; icmp.icmp_cksum = inet_checksum(&icmp, icmp_size, ~0); - icmp.icmp_cksum = inet_checksum(packet->data + ether_size + ip_size + icmp_size, oldlen, icmp.icmp_cksum); + icmp.icmp_cksum = inet_checksum(DATA(packet) + ether_size + ip_size + icmp_size, oldlen, icmp.icmp_cksum); /* Copy structs on stack back to packet */ - memcpy(packet->data + ether_size, &ip, ip_size); - memcpy(packet->data + ether_size + ip_size, &icmp, icmp_size); + memcpy(DATA(packet) + ether_size, &ip, ip_size); + memcpy(DATA(packet) + ether_size + ip_size, &icmp, icmp_size); packet->len = ether_size + ip_size + icmp_size + oldlen; @@ -330,8 +330,9 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t et uint8_t *offset; uint16_t ip_off, origf; - memcpy(&ip, packet->data + ether_size, ip_size); + memcpy(&ip, DATA(packet) + ether_size, ip_size); fragment.priority = packet->priority; + fragment.offset = DEFAULT_PACKET_OFFSET; if(ip.ip_hl != ip_size / 4) return; @@ -345,7 +346,7 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t et logger(DEBUG_TRAFFIC, LOG_INFO, "Fragmenting packet of %d bytes to %s (%s)", packet->len, dest->name, dest->hostname); - offset = packet->data + ether_size + ip_size; + offset = DATA(packet) + ether_size + ip_size; maxlen = (dest->mtu - ether_size - ip_size) & ~0x7; ip_off = ntohs(ip.ip_off); origf = ip_off & ~IP_OFFMASK; @@ -353,7 +354,7 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t et while(todo) { len = todo > maxlen ? maxlen : todo; - memcpy(fragment.data + ether_size + ip_size, offset, len); + memcpy(DATA(&fragment) + ether_size + ip_size, offset, len); todo -= len; offset += len; @@ -361,8 +362,8 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t et ip.ip_off = htons(ip_off | origf | (todo ? IP_MF : 0)); ip.ip_sum = 0; ip.ip_sum = inet_checksum(&ip, ip_size, ~0); - memcpy(fragment.data, packet->data, ether_size); - memcpy(fragment.data + ether_size, &ip, ip_size); + memcpy(DATA(&fragment), DATA(packet), ether_size); + memcpy(DATA(&fragment) + ether_size, &ip, ip_size); fragment.len = ether_size + ip_size + len; send_packet(dest, &fragment); @@ -379,7 +380,7 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) { node_t *via; ipv4_t dest; - memcpy(&dest, &packet->data[30], sizeof dest); + memcpy(&dest, &DATA(packet)[30], sizeof dest); subnet = lookup_subnet_ipv4(&dest); if(!subnet) { @@ -411,7 +412,7 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) { return route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_ANO); if(priorityinheritance) - packet->priority = packet->data[15]; + packet->priority = DATA(packet)[15]; via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; @@ -425,7 +426,7 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) { if(via && packet->len > MAX(via->mtu, 590) && via != myself) { logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu); - if(packet->data[20] & 0x40) { + if(DATA(packet)[20] & 0x40) { packet->len = MAX(via->mtu, 590); route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); } else { @@ -463,7 +464,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_ /* Copy headers from packet to structs on the stack */ - memcpy(&ip6, packet->data + ether_size, ip6_size); + memcpy(&ip6, DATA(packet) + ether_size, ip6_size); /* Remember original source and destination */ @@ -480,7 +481,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_ /* Copy first part of original contents to ICMP message */ - memmove(packet->data + ether_size + ip6_size + icmp6_size, packet->data + ether_size, pseudo.length); + memmove(DATA(packet) + ether_size + ip6_size + icmp6_size, DATA(packet) + ether_size, pseudo.length); /* Fill in IPv6 header */ @@ -506,14 +507,14 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_ checksum = inet_checksum(&pseudo, sizeof pseudo, ~0); checksum = inet_checksum(&icmp6, icmp6_size, checksum); - checksum = inet_checksum(packet->data + ether_size + ip6_size + icmp6_size, ntohl(pseudo.length) - icmp6_size, checksum); + checksum = inet_checksum(DATA(packet) + ether_size + ip6_size + icmp6_size, ntohl(pseudo.length) - icmp6_size, checksum); icmp6.icmp6_cksum = checksum; /* Copy structs on stack back to packet */ - memcpy(packet->data + ether_size, &ip6, ip6_size); - memcpy(packet->data + ether_size + ip6_size, &icmp6, icmp6_size); + memcpy(DATA(packet) + ether_size, &ip6, ip6_size); + memcpy(DATA(packet) + ether_size + ip6_size, &icmp6, icmp6_size); packet->len = ether_size + ip6_size + ntohl(pseudo.length); @@ -526,7 +527,7 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ether_size + ip6_size)) return; - if(packet->data[20] == IPPROTO_ICMPV6 && checklength(source, packet, ether_size + ip6_size + icmp6_size) && packet->data[54] == ND_NEIGHBOR_SOLICIT) { + if(DATA(packet)[20] == IPPROTO_ICMPV6 && checklength(source, packet, ether_size + ip6_size + icmp6_size) && DATA(packet)[54] == ND_NEIGHBOR_SOLICIT) { route_neighborsol(source, packet); return; } @@ -535,7 +536,7 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) { node_t *via; ipv6_t dest; - memcpy(&dest, &packet->data[38], sizeof dest); + memcpy(&dest, &DATA(packet)[38], sizeof dest); subnet = lookup_subnet_ipv6(&dest); if(!subnet) { @@ -621,15 +622,15 @@ static void route_neighborsol(node_t *source, vpn_packet_t *packet) { /* Copy headers from packet to structs on the stack */ - memcpy(&ip6, packet->data + ether_size, ip6_size); - memcpy(&ns, packet->data + ether_size + ip6_size, ns_size); + memcpy(&ip6, DATA(packet) + ether_size, ip6_size); + memcpy(&ns, DATA(packet) + ether_size + ip6_size, ns_size); if(has_opt) - memcpy(&opt, packet->data + ether_size + ip6_size + ns_size, opt_size); + memcpy(&opt, DATA(packet) + ether_size + ip6_size + ns_size, opt_size); /* First, snatch the source address from the neighbor solicitation packet */ if(overwrite_mac) - memcpy(mymac.x, packet->data + ETH_ALEN, ETH_ALEN); + memcpy(mymac.x, DATA(packet) + ETH_ALEN, ETH_ALEN); /* Check if this is a valid neighbor solicitation request */ @@ -655,7 +656,7 @@ static void route_neighborsol(node_t *source, vpn_packet_t *packet) { checksum = inet_checksum(&ns, ns_size, checksum); if(has_opt) { checksum = inet_checksum(&opt, opt_size, checksum); - checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum); + checksum = inet_checksum(DATA(packet) + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum); } if(checksum) { @@ -688,14 +689,14 @@ static void route_neighborsol(node_t *source, vpn_packet_t *packet) { /* Create neighbor advertation reply */ - memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */ - packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + memcpy(DATA(packet), DATA(packet) + ETH_ALEN, ETH_ALEN); /* copy destination address */ + DATA(packet)[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ ip6.ip6_dst = ip6.ip6_src; /* swap destination and source protocoll address */ ip6.ip6_src = ns.nd_ns_target; if(has_opt) - memcpy(packet->data + ether_size + ip6_size + ns_size + opt_size, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */ + memcpy(DATA(packet) + ether_size + ip6_size + ns_size + opt_size, DATA(packet) + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */ ns.nd_ns_cksum = 0; ns.nd_ns_type = ND_NEIGHBOR_ADVERT; @@ -718,17 +719,17 @@ static void route_neighborsol(node_t *source, vpn_packet_t *packet) { checksum = inet_checksum(&ns, ns_size, checksum); if(has_opt) { checksum = inet_checksum(&opt, opt_size, checksum); - checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum); + checksum = inet_checksum(DATA(packet) + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum); } ns.nd_ns_hdr.icmp6_cksum = checksum; /* Copy structs on stack back to packet */ - memcpy(packet->data + ether_size, &ip6, ip6_size); - memcpy(packet->data + ether_size + ip6_size, &ns, ns_size); + memcpy(DATA(packet) + ether_size, &ip6, ip6_size); + memcpy(DATA(packet) + ether_size + ip6_size, &ns, ns_size); if(has_opt) - memcpy(packet->data + ether_size + ip6_size + ns_size, &opt, opt_size); + memcpy(DATA(packet) + ether_size + ip6_size + ns_size, &opt, opt_size); send_packet(source, packet); } @@ -751,11 +752,11 @@ static void route_arp(node_t *source, vpn_packet_t *packet) { /* First, snatch the source address from the ARP packet */ if(overwrite_mac) - memcpy(mymac.x, packet->data + ETH_ALEN, ETH_ALEN); + memcpy(mymac.x, DATA(packet) + ETH_ALEN, ETH_ALEN); /* Copy headers from packet to structs on the stack */ - memcpy(&arp, packet->data + ether_size, arp_size); + memcpy(&arp, DATA(packet) + ether_size, arp_size); /* Check if this is a valid ARP request */ @@ -781,20 +782,20 @@ static void route_arp(node_t *source, vpn_packet_t *packet) { if(subnet->owner == myself) return; /* silently ignore */ - memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */ - packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + memcpy(DATA(packet), DATA(packet) + ETH_ALEN, ETH_ALEN); /* copy destination address */ + DATA(packet)[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ memcpy(&addr, arp.arp_tpa, sizeof addr); /* save protocol addr */ memcpy(arp.arp_tpa, arp.arp_spa, sizeof addr); /* swap destination and source protocol address */ memcpy(arp.arp_spa, &addr, sizeof addr); /* ... */ memcpy(arp.arp_tha, arp.arp_sha, ETH_ALEN); /* set target hard/proto addr */ - memcpy(arp.arp_sha, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */ + memcpy(arp.arp_sha, DATA(packet) + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */ arp.arp_op = htons(ARPOP_REPLY); /* Copy structs on stack back to packet */ - memcpy(packet->data + ether_size, &arp, arp_size); + memcpy(DATA(packet) + ether_size, &arp, arp_size); send_packet(source, packet); } @@ -807,13 +808,13 @@ static void route_mac(node_t *source, vpn_packet_t *packet) { if(source == myself) { mac_t src; - memcpy(&src, &packet->data[6], sizeof src); + memcpy(&src, &DATA(packet)[6], sizeof src); learn_mac(&src); } /* Lookup destination address */ - memcpy(&dest, &packet->data[0], sizeof dest); + memcpy(&dest, &DATA(packet)[0], sizeof dest); subnet = lookup_subnet_mac(NULL, &dest); if(!subnet || !subnet->owner) { @@ -829,10 +830,10 @@ static void route_mac(node_t *source, vpn_packet_t *packet) { if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself) return; - uint16_t type = packet->data[12] << 8 | packet->data[13]; + uint16_t type = DATA(packet)[12] << 8 | DATA(packet)[13]; if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size) - packet->priority = packet->data[15]; + packet->priority = DATA(packet)[15]; // Handle packets larger than PMTU @@ -846,12 +847,12 @@ static void route_mac(node_t *source, vpn_packet_t *packet) { length_t ethlen = 14; if(type == ETH_P_8021Q) { - type = packet->data[16] << 8 | packet->data[17]; + type = DATA(packet)[16] << 8 | DATA(packet)[17]; ethlen += 4; } if(type == ETH_P_IP && packet->len > 576 + ethlen) { - if(packet->data[6 + ethlen] & 0x40) { + if(DATA(packet)[6 + ethlen] & 0x40) { packet->len = via->mtu; route_ipv4_unreachable(source, packet, ethlen, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); } else { @@ -883,16 +884,16 @@ static void send_pcap(vpn_packet_t *packet) { len = c->outmaclength; if(send_request(c, "%d %d %d", CONTROL, REQ_PCAP, len)) - send_meta(c, (char *)packet->data, len); + send_meta(c, (char *)DATA(packet), len); } } static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) { - uint16_t type = packet->data[12] << 8 | packet->data[13]; + uint16_t type = DATA(packet)[12] << 8 | DATA(packet)[13]; length_t ethlen = ether_size; if(type == ETH_P_8021Q) { - type = packet->data[16] << 8 | packet->data[17]; + type = DATA(packet)[16] << 8 | DATA(packet)[17]; ethlen += 4; } @@ -901,22 +902,22 @@ static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ethlen + ip_size)) return false; - if(packet->data[ethlen + 8] < 1) { - if(packet->data[ethlen + 11] != IPPROTO_ICMP || packet->data[ethlen + 32] != ICMP_TIME_EXCEEDED) + if(DATA(packet)[ethlen + 8] < 1) { + if(DATA(packet)[ethlen + 11] != IPPROTO_ICMP || DATA(packet)[ethlen + 32] != ICMP_TIME_EXCEEDED) route_ipv4_unreachable(source, packet, ethlen, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL); return false; } - uint16_t old = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9]; - packet->data[ethlen + 8]--; - uint16_t new = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9]; + uint16_t old = DATA(packet)[ethlen + 8] << 8 | DATA(packet)[ethlen + 9]; + DATA(packet)[ethlen + 8]--; + uint16_t new = DATA(packet)[ethlen + 8] << 8 | DATA(packet)[ethlen + 9]; - uint32_t checksum = packet->data[ethlen + 10] << 8 | packet->data[ethlen + 11]; + uint32_t checksum = DATA(packet)[ethlen + 10] << 8 | DATA(packet)[ethlen + 11]; checksum += old + (~new & 0xFFFF); while(checksum >> 16) checksum = (checksum & 0xFFFF) + (checksum >> 16); - packet->data[ethlen + 10] = checksum >> 8; - packet->data[ethlen + 11] = checksum & 0xff; + DATA(packet)[ethlen + 10] = checksum >> 8; + DATA(packet)[ethlen + 11] = checksum & 0xff; return true; @@ -924,13 +925,13 @@ static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) { if(!checklength(source, packet, ethlen + ip6_size)) return false; - if(packet->data[ethlen + 7] < 1) { - if(packet->data[ethlen + 6] != IPPROTO_ICMPV6 || packet->data[ethlen + 40] != ICMP6_TIME_EXCEEDED) + if(DATA(packet)[ethlen + 7] < 1) { + if(DATA(packet)[ethlen + 6] != IPPROTO_ICMPV6 || DATA(packet)[ethlen + 40] != ICMP6_TIME_EXCEEDED) route_ipv6_unreachable(source, packet, ethlen, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT); return false; } - packet->data[ethlen + 7]--; + DATA(packet)[ethlen + 7]--; return true; @@ -955,7 +956,7 @@ void route(node_t *source, vpn_packet_t *packet) { if(!do_decrement_ttl(source, packet)) return; - uint16_t type = packet->data[12] << 8 | packet->data[13]; + uint16_t type = DATA(packet)[12] << 8 | DATA(packet)[13]; switch (routing_mode) { case RMODE_ROUTER: diff --git a/src/solaris/device.c b/src/solaris/device.c index a4c0d27e..fadae573 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -2,7 +2,7 @@ device.c -- Interaction with Solaris tun device Copyright (C) 2001-2005 Ivo Timmermans, 2002-2010 OpenVPN Technologies, Inc. - 2001-2013 Guus Sliepen + 2001-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -299,31 +299,31 @@ static bool read_packet(vpn_packet_t *packet) { switch(device_type) { case DEVICE_TYPE_TUN: - if((inlen = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { + if((inlen = read(device_fd, DATA(packet) + 14, MTU - 14)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); return false; } - switch(packet->data[14] >> 4) { + switch(DATA(packet)[14] >> 4) { case 4: - packet->data[12] = 0x08; - packet->data[13] = 0x00; + DATA(packet)[12] = 0x08; + DATA(packet)[13] = 0x00; break; case 6: - packet->data[12] = 0x86; - packet->data[13] = 0xDD; + DATA(packet)[12] = 0x86; + DATA(packet)[13] = 0xDD; break; default: - logger(DEBUG_TRAFFIC, LOG_ERR, "Unknown IP version %d while reading packet from %s %s", packet->data[14] >> 4, device_info, device); + logger(DEBUG_TRAFFIC, LOG_ERR, "Unknown IP version %d while reading packet from %s %s", DATA(packet)[14] >> 4, device_info, device); return false; } - memset(packet->data, 0, 12); + memset(DATA(packet), 0, 12); packet->len = inlen + 14; break; case DEVICE_TYPE_TAP: - if((inlen = read(device_fd, packet->data, MTU)) <= 0) { + if((inlen = read(device_fd, DATA(packet), MTU)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); return false; } @@ -345,14 +345,14 @@ static bool write_packet(vpn_packet_t *packet) { switch(device_type) { case DEVICE_TYPE_TUN: - if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { + if(write(device_fd, DATA(packet) + 14, packet->len - 14) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); return false; } break; case DEVICE_TYPE_TAP: - if(write(device_fd, packet->data, packet->len) < 0) { + if(write(device_fd, DATA(packet), packet->len) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); return false; } diff --git a/src/sptps.c b/src/sptps.c index e9ce94ae..a5987682 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -1,6 +1,6 @@ /* sptps.c -- Simple Peer-to-Peer Security - Copyright (C) 2011-2013 Guus Sliepen , + Copyright (C) 2011-2014 Guus Sliepen , 2010 Brandon L. Black This program is free software; you can redistribute it and/or modify @@ -81,7 +81,7 @@ static void warning(sptps_t *s, const char *format, ...) { } // Send a record (datagram version, accepts all record types, handles encryption and authentication). -static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const char *data, uint16_t len) { +static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const void *data, uint16_t len) { char buffer[len + 21UL]; // Create header with sequence number, length and record type @@ -102,7 +102,7 @@ static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const char *data } } // Send a record (private version, accepts all record types, handles encryption and authentication). -static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_t len) { +static bool send_record_priv(sptps_t *s, uint8_t type, const void *data, uint16_t len) { if(s->datagram) return send_record_priv_datagram(s, type, data, len); @@ -127,7 +127,7 @@ static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_ } // Send an application record. -bool sptps_send_record(sptps_t *s, uint8_t type, const char *data, uint16_t len) { +bool sptps_send_record(sptps_t *s, uint8_t type, const void *data, uint16_t len) { // Sanity checks: application cannot send data before handshake is finished, // and only record types 0..127 are allowed. if(!s->outstate) @@ -424,7 +424,7 @@ static bool sptps_check_seqno(sptps_t *s, uint32_t seqno, bool update_state) { } // Check datagram for valid HMAC -bool sptps_verify_datagram(sptps_t *s, const char *data, size_t len) { +bool sptps_verify_datagram(sptps_t *s, const void *data, size_t len) { if(!s->instate || len < 21) return error(s, EIO, "Received short packet"); @@ -495,7 +495,7 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len } // Receive incoming data. Check if it contains a complete record, if so, handle it. -bool sptps_receive_data(sptps_t *s, const char *data, size_t len) { +bool sptps_receive_data(sptps_t *s, const void *data, size_t len) { if(!s->state) return error(s, EIO, "Invalid session state zero"); @@ -582,7 +582,7 @@ bool sptps_receive_data(sptps_t *s, const char *data, size_t len) { } // Start a SPTPS session. -bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_t *mykey, ecdsa_t *hiskey, const char *label, size_t labellen, send_data_t send_data, receive_record_t receive_record) { +bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_t *mykey, ecdsa_t *hiskey, const void *label, size_t labellen, send_data_t send_data, receive_record_t receive_record) { // Initialise struct sptps memset(s, 0, sizeof *s); diff --git a/src/sptps.h b/src/sptps.h index efca2b3e..a2633bd1 100644 --- a/src/sptps.h +++ b/src/sptps.h @@ -1,6 +1,6 @@ /* sptps.h -- Simple Peer-to-Peer Security - Copyright (C) 2011-2013 Guus Sliepen , + Copyright (C) 2011-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -42,8 +42,8 @@ // Overhead for datagrams #define SPTPS_DATAGRAM_OVERHEAD 21 -typedef bool (*send_data_t)(void *handle, uint8_t type, const char *data, size_t len); -typedef bool (*receive_record_t)(void *handle, uint8_t type, const char *data, uint16_t len); +typedef bool (*send_data_t)(void *handle, uint8_t type, const void *data, size_t len); +typedef bool (*receive_record_t)(void *handle, uint8_t type, const void *data, uint16_t len); typedef struct sptps { bool initiator; @@ -85,11 +85,11 @@ extern unsigned int sptps_replaywin; extern void sptps_log_quiet(sptps_t *s, int s_errno, const char *format, va_list ap); extern void sptps_log_stderr(sptps_t *s, int s_errno, const char *format, va_list ap); extern void (*sptps_log)(sptps_t *s, int s_errno, const char *format, va_list ap); -extern bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_t *mykey, ecdsa_t *hiskey, const char *label, size_t labellen, send_data_t send_data, receive_record_t receive_record); +extern bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_t *mykey, ecdsa_t *hiskey, const void *label, size_t labellen, send_data_t send_data, receive_record_t receive_record); extern bool sptps_stop(sptps_t *s); -extern bool sptps_send_record(sptps_t *s, uint8_t type, const char *data, uint16_t len); -extern bool sptps_receive_data(sptps_t *s, const char *data, size_t len); +extern bool sptps_send_record(sptps_t *s, uint8_t type, const void *data, uint16_t len); +extern bool sptps_receive_data(sptps_t *s, const void *data, size_t len); extern bool sptps_force_kex(sptps_t *s); -extern bool sptps_verify_datagram(sptps_t *s, const char *data, size_t len); +extern bool sptps_verify_datagram(sptps_t *s, const void *data, size_t len); #endif diff --git a/src/sptps_speed.c b/src/sptps_speed.c index 1ba00f2c..ab41e8d5 100644 --- a/src/sptps_speed.c +++ b/src/sptps_speed.c @@ -1,6 +1,6 @@ /* sptps_speed.c -- SPTPS benchmark - Copyright (C) 2013 Guus Sliepen , + Copyright (C) 2013-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -35,13 +35,13 @@ bool send_meta(void *c, const char *msg , int len) { return false; } char *logfilename = NULL; struct timeval now; -static bool send_data(void *handle, uint8_t type, const char *data, size_t len) { +static bool send_data(void *handle, uint8_t type, const void *data, size_t len) { int fd = *(int *)handle; send(fd, data, len, 0); return true; } -static bool receive_record(void *handle, uint8_t type, const char *data, uint16_t len) { +static bool receive_record(void *handle, uint8_t type, const void *data, uint16_t len) { return true; } diff --git a/src/sptps_test.c b/src/sptps_test.c index 1fb7f97c..95bfda86 100644 --- a/src/sptps_test.c +++ b/src/sptps_test.c @@ -1,6 +1,6 @@ /* sptps_test.c -- Simple Peer-to-Peer Security test program - Copyright (C) 2011-2013 Guus Sliepen , + Copyright (C) 2011-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -43,7 +43,7 @@ static bool writeonly; static int in = 0; static int out = 1; -static bool send_data(void *handle, uint8_t type, const char *data, size_t len) { +static bool send_data(void *handle, uint8_t type, const void *data, size_t len) { char hex[len * 2 + 1]; bin2hex(data, hex, len); if(verbose) @@ -54,7 +54,7 @@ static bool send_data(void *handle, uint8_t type, const char *data, size_t len) return true; } -static bool receive_record(void *handle, uint8_t type, const char *data, uint16_t len) { +static bool receive_record(void *handle, uint8_t type, const void *data, uint16_t len) { if(verbose) fprintf(stderr, "Received type %d record of %hu bytes:\n", type, len); if(!writeonly) diff --git a/src/subnet.c b/src/subnet.c index 5356f3a7..534e5b53 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -207,21 +207,21 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) { // Prepare environment variables to be passed to the script char *envp[10] = {NULL}; - xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); - xasprintf(&envp[1], "DEVICE=%s", device ? : ""); - xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); - xasprintf(&envp[3], "NODE=%s", owner->name); + int n = 0; + xasprintf(&envp[n++], "NETNAME=%s", netname ? : ""); + xasprintf(&envp[n++], "DEVICE=%s", device ? : ""); + xasprintf(&envp[n++], "INTERFACE=%s", iface ? : ""); + xasprintf(&envp[n++], "NODE=%s", owner->name); if(owner != myself) { sockaddr2str(&owner->address, &address, &port); - // 4 and 5 are reserved for SUBNET and WEIGHT - xasprintf(&envp[6], "REMOTEADDRESS=%s", address); - xasprintf(&envp[7], "REMOTEPORT=%s", port); + xasprintf(&envp[n++], "REMOTEADDRESS=%s", address); + xasprintf(&envp[n++], "REMOTEPORT=%s", port); free(port); free(address); } - xasprintf(&envp[8], "NAME=%s", myself->name); + xasprintf(&envp[n++], "NAME=%s", myself->name); name = up ? "subnet-up" : "subnet-down"; @@ -238,12 +238,10 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) { weight = empty; // Prepare the SUBNET and WEIGHT variables - if(envp[4]) - free(envp[4]); - if(envp[5]) - free(envp[5]); - xasprintf(&envp[4], "SUBNET=%s", netstr); - xasprintf(&envp[5], "WEIGHT=%s", weight); + free(envp[n]); + free(envp[n + 1]); + xasprintf(&envp[n], "SUBNET=%s", netstr); + xasprintf(&envp[n + 1], "WEIGHT=%s", weight); execute_script(name, envp); } @@ -257,8 +255,8 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) { weight = empty; // Prepare the SUBNET and WEIGHT variables - xasprintf(&envp[4], "SUBNET=%s", netstr); - xasprintf(&envp[5], "WEIGHT=%s", weight); + xasprintf(&envp[n], "SUBNET=%s", netstr); + xasprintf(&envp[n + 1], "WEIGHT=%s", weight); execute_script(name, envp); } diff --git a/src/tincctl.c b/src/tincctl.c index b15676c8..b287467d 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -1002,6 +1002,7 @@ static int cmd_dump(int argc, char *argv[]) { break; char node[4096]; + char id[4096]; char from[4096]; char to[4096]; char subnet[4096]; @@ -1019,8 +1020,8 @@ static int cmd_dump(int argc, char *argv[]) { switch(req) { case REQ_DUMP_NODES: { - int n = sscanf(line, "%*d %*d %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", node, host, port, &cipher, &digest, &maclength, &compression, &options, &status_int, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change); - if(n != 16) { + int n = sscanf(line, "%*d %*d %s %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", node, id, host, port, &cipher, &digest, &maclength, &compression, &options, &status_int, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change); + if(n != 17) { fprintf(stderr, "Unable to parse node dump from tincd: %s\n", line); return 1; } @@ -1043,8 +1044,8 @@ static int cmd_dump(int argc, char *argv[]) { } else { if(only_reachable && !status.reachable) continue; - printf("%s at %s port %s cipher %d digest %d maclength %d compression %d options %x status %04x nexthop %s via %s distance %d pmtu %hd (min %hd max %hd)\n", - node, host, port, cipher, digest, maclength, compression, options, status_int, nexthop, via, distance, pmtu, minmtu, maxmtu); + printf("%s id %s at %s port %s cipher %d digest %d maclength %d compression %d options %x status %04x nexthop %s via %s distance %d pmtu %hd (min %hd max %hd)\n", + node, id, host, port, cipher, digest, maclength, compression, options, status_int, nexthop, via, distance, pmtu, minmtu, maxmtu); } } break; diff --git a/src/uml_device.c b/src/uml_device.c index f2b52cbb..57d48438 100644 --- a/src/uml_device.c +++ b/src/uml_device.c @@ -244,7 +244,7 @@ static bool read_packet(vpn_packet_t *packet) { } case 2: { - if((inlen = read(data_fd, packet->data, MTU)) <= 0) { + if((inlen = read(data_fd, DATA(packet), MTU)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); event_exit(); @@ -275,7 +275,7 @@ static bool write_packet(vpn_packet_t *packet) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info); - if(write(write_fd, packet->data, packet->len) < 0) { + if(write(write_fd, DATA(packet), packet->len) < 0) { if(errno != EINTR && errno != EAGAIN) { logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); event_exit(); diff --git a/src/vde_device.c b/src/vde_device.c index 55d66b46..73ad7136 100644 --- a/src/vde_device.c +++ b/src/vde_device.c @@ -97,7 +97,7 @@ static void close_device(void) { } static bool read_packet(vpn_packet_t *packet) { - int lenin = (ssize_t)plug.vde_recv(conn, packet->data, MTU, 0); + int lenin = (ssize_t)plug.vde_recv(conn, DATA(packet), MTU, 0); if(lenin <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); event_exit(); @@ -112,7 +112,7 @@ static bool read_packet(vpn_packet_t *packet) { } static bool write_packet(vpn_packet_t *packet) { - if((ssize_t)plug.vde_send(conn, packet->data, packet->len, 0) < 0) { + if((ssize_t)plug.vde_send(conn, DATA(packet), packet->len, 0) < 0) { if(errno != EINTR && errno != EAGAIN) { logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); event_exit();