along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net_packet.c,v 1.1.2.47 2003/12/22 11:04:16 guus Exp $
+ $Id: net_packet.c,v 1.1.2.49 2003/12/27 16:32:52 guus Exp $
*/
#include "system.h"
#include "conf.h"
#include "connection.h"
#include "device.h"
+#include "ethernet.h"
#include "event.h"
#include "graph.h"
#include "list.h"
int keylifetime = 0;
int keyexpires = 0;
+bool strictsource = true;
EVP_CIPHER_CTX packet_ctx;
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
route(n, packet);
}
+static bool authenticate_udppacket(node_t *n, vpn_packet_t *inpkt) {
+ char hmac[EVP_MAX_MD_SIZE];
+
+ if(inpkt->len < sizeof(inpkt->seqno) + (myself->digest ? myself->maclength : 0))
+ return false;
+
+ /* Check the message authentication code */
+
+ if(myself->digest && myself->maclength) {
+ HMAC(myself->digest, myself->key, myself->keylength,
+ (char *) &inpkt->seqno, inpkt->len - myself->maclength, hmac, NULL);
+
+ if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - myself->maclength, myself->maclength))
+ return false;
+ }
+
+ return true;
+}
+
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
{
vpn_packet_t pkt1, pkt2;
int nextpkt = 0;
vpn_packet_t *outpkt = pkt[0];
int outlen, outpad;
- char hmac[EVP_MAX_MD_SIZE];
int i;
cp();
- /* Check packet length */
-
- if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) {
- ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"),
- n->name, n->hostname);
+ if(!authenticate_udppacket(n, inpkt)) {
+ ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
+ n->name, n->hostname);
return;
}
- /* Check the message authentication code */
-
- if(myself->digest && myself->maclength) {
- inpkt->len -= myself->maclength;
- HMAC(myself->digest, myself->key, myself->keylength,
- (char *) &inpkt->seqno, inpkt->len, hmac, NULL);
-
- if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) {
- ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
- n->name, n->hostname);
- return;
- }
- }
+ inpkt->len -= myself->digest ? myself->maclength : 0;
/* Decrypt the packet */
|| !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
- return;
+ goto end;
}
outpkt->len = outlen + outpad;
#endif
if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) {
- logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno));
if(errno == EMSGSIZE) {
if(n->maxmtu >= origlen)
n->maxmtu = origlen - 1;
if(n->mtu >= origlen)
n->mtu = origlen - 1;
- }
- return;
+ } else
+ logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno));
}
+end:
inpkt->len = origlen;
}
cp();
if(n == myself) {
+ if(overwrite_mac)
+ memcpy(packet->data, mymac.x, ETH_ALEN);
write_packet(packet);
return;
}
sockaddr_t from;
socklen_t fromlen = sizeof(from);
node_t *n;
+ static time_t lasttime = 0;
cp();
n = lookup_node_udp(&from);
+ if(!n && !strictsource && myself->digest && myself->maclength && lasttime != now) {
+ avl_node_t *node;
+
+ lasttime = now;
+
+ for(node = node_tree->head; node; node = node->next) {
+ n = node->data;
+
+ if(authenticate_udppacket(n, &pkt)) {
+ update_node_address(n, &from);
+ logger(LOG_DEBUG, _("Updated address of node %s to %s"), n->name, n->hostname);
+ break;
+ }
+ }
+ }
+
if(!n) {
hostname = sockaddr2hostname(&from);
- logger(LOG_WARNING, _("Received UDP packet from unknown source %s"),
- hostname);
+ logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname);
free(hostname);
return;
}
projects / tinc / blobdiff