along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol.c,v 1.28.4.15 2000/06/29 13:04:15 guus Exp $
+ $Id: protocol.c,v 1.28.4.24 2000/08/08 17:07:48 guus Exp $
*/
#include "config.h"
#include <utils.h>
#include <xalloc.h>
+#include <netinet/in.h>
+
#include "conf.h"
#include "encr.h"
#include "net.h"
return 0;
}
+/* Evil hack - TCP tunneling is bad */
+int send_tcppacket(conn_list_t *cl, void *data, int len)
+{
+cp
+ if(debug_lvl > 3)
+ syslog(LOG_DEBUG, _("Sending PACKET to %s (%s)"),
+ cl->vpn_hostname, cl->real_hostname);
+
+ buflen = snprintf(buffer, MAXBUFSIZE, "%d %d\n", PACKET, len);
+
+ if((write(cl->meta_socket, buffer, buflen)) < 0)
+ {
+ syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__);
+ return -1;
+ }
+
+ if((write(cl->meta_socket, data, len)) < 0)
+ {
+ syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__);
+ return -1;
+ }
+cp
+ return 0;
+}
+
int send_ping(conn_list_t *cl)
{
cp
int basic_info_h(conn_list_t *cl)
{
+ conn_list_t *old;
cp
if(debug_lvl > 1)
syslog(LOG_DEBUG, _("Got BASIC_INFO from %s"), cl->real_hostname);
if(cl->status.outgoing)
{
+ /* First check if the host we connected to is already in our
+ connection list. If so, we are probably making a loop, which
+ is not desirable.
+ */
+
+ if((old=lookup_conn(cl->vpn_ip)))
+ {
+ if(debug_lvl>0)
+ syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"),
+ cl->vpn_hostname, cl->real_hostname);
+ cl->status.outgoing = 0;
+ old->status.outgoing = 1;
+ terminate_connection(cl);
+ return 0;
+ }
+
if(setup_vpn_connection(cl) < 0)
return -1;
send_basic_info(cl);
}
else
{
+
if(setup_vpn_connection(cl) < 0)
return -1;
send_passphrase(cl);
if(verify_passphrase(cl, g_n))
{
/* intruder! */
- syslog(LOG_ERR, _("Intruder: passphrase does not match!"));
+ syslog(LOG_ERR, _("Intruder from %s: passphrase for %s does not match!"),
+ cl->real_hostname, cl->vpn_hostname);
return -1;
}
/* Okay, before we active the connection, we check if there is another entry
in the connection list with the same vpn_ip. If so, it presumably is an
- old connection that has timed out but we don't know it yet. Because our
- conn_list entry is not active, lookup_conn will skip ourself. */
-
- while(old = lookup_conn(cl->vpn_ip))
- terminate_connection(old);
+ old connection that has timed out but we don't know it yet.
+ */
+ while((old = lookup_conn(cl->vpn_ip)))
+ {
+ if(debug_lvl > 1)
+ syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"),
+ cl->vpn_hostname, old->real_hostname, cl->real_hostname);
+ old->status.active = 0;
+ terminate_connection(old);
+ }
+
cl->status.active = 1;
if(debug_lvl > 0)
cl->status.active = 1;
- syslog(LOG_NOTICE, _("Connection with %s (%s) activated"),
+ if(debug_lvl > 0)
+ syslog(LOG_NOTICE, _("Connection with %s (%s) activated"),
cl->vpn_hostname, cl->real_hostname);
notify_others(cl, NULL, send_add_host);
cl->status.termreq = 1;
- if(cl->status.active)
- notify_others(cl, NULL, send_del_host);
-
- cl->status.active = 0;
-
terminate_connection(cl);
cp
return 0;
return 0;
}
+ /* Connections lists are really messed up if this happens */
+ if(vpn_ip == myself->vpn_ip)
+ {
+ syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"),
+ cl->vpn_hostname, cl->real_hostname);
+ sighup = 1;
+ return 0;
+ }
+
if(debug_lvl > 1)
syslog(LOG_DEBUG, _("Got DEL_HOST for %s (%s) from %s (%s)"),
fw->vpn_hostname, fw->real_hostname, cl->vpn_hostname, cl->real_hostname);
return 0;
}
+int tcppacket_h(conn_list_t *cl)
+{
+ int len;
+cp
+ if(!cl->status.active)
+ {
+ syslog(LOG_ERR, _("Got unauthorized PACKET from %s (%s)"),
+ cl->vpn_hostname, cl->real_hostname);
+ return -1;
+ }
+
+ if(sscanf(cl->buffer, "%*d %d", &len) != 1)
+ {
+ syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"),
+ cl->vpn_hostname, cl->real_hostname);
+ return -1;
+ }
+
+ if(len > MTU)
+ {
+ syslog(LOG_ERR, _("Got too big PACKET from %s (%s)"),
+ cl->vpn_hostname, cl->real_hostname);
+ return -1;
+ }
+
+ if(debug_lvl > 3)
+ syslog(LOG_DEBUG, _("Got PACKET length %d from %s (%s)"), len,
+ cl->vpn_hostname, cl->real_hostname);
+
+ cl->tcppacket=len;
+cp
+ return 0;
+}
+
+
int ping_h(conn_list_t *cl)
{
cp
return -1;
}
- while(old = lookup_conn(vpn_ip))
- terminate_connection(old);
+ if((old = lookup_conn(vpn_ip)))
+ {
+ if((real_ip==old->real_ip) && (vpn_mask==old->vpn_mask) && (port==old->port))
+ {
+ if(debug_lvl>1)
+ syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"),
+ old->vpn_hostname, old->real_hostname, cl->vpn_hostname, cl->real_hostname);
+ goto skip_add_host; /* One goto a day keeps the deeply nested if constructions away. */
+ }
+ else
+ {
+ if(debug_lvl>1)
+ syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"),
+ old->vpn_hostname, old->real_hostname);
+ old->status.active = 0;
+ terminate_connection(old);
+ }
+ }
+
+ /* Connections lists are really messed up if this happens */
+ if(vpn_ip == myself->vpn_ip)
+ {
+ syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"),
+ cl->vpn_hostname, cl->real_hostname);
+ sighup = 1;
+ return 0;
+ }
ncn = new_conn_list();
ncn->real_ip = real_ip;
ncn->vpn_hostname, ncn->real_hostname, cl->vpn_hostname, cl->real_hostname);
notify_others(ncn, cl, send_add_host);
+
+skip_add_host:
cp
return 0;
}
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ tcppacket_h, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
req_key_h, ans_key_h, key_changed_h, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0
};