X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_packet.c;h=8b877c21a93e59349695fac2aef00542b3db1522;hp=d64b6bf911d8bd5fbdf744617abe6068eb0252c6;hb=412f3fb5101514d9a7d4d9e5729ee9c665a07cb6;hpb=a1ab57e2755df6c1a8fab95a0886fea368200b96 diff --git a/src/net_packet.c b/src/net_packet.c index d64b6bf9..8b877c21 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1,7 +1,7 @@ /* net_packet.c -- Handles in- and outgoing VPN packets - Copyright (C) 1998-2003 Ivo Timmermans , - 2000-2003 Guus Sliepen + Copyright (C) 1998-2005 Ivo Timmermans, + 2000-2006 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.43 2003/10/11 12:16:12 guus Exp $ + $Id$ */ #include "system.h" @@ -35,6 +35,7 @@ #include "conf.h" #include "connection.h" #include "device.h" +#include "ethernet.h" #include "event.h" #include "graph.h" #include "list.h" @@ -47,14 +48,73 @@ #include "utils.h" #include "xalloc.h" +#ifdef WSAEMSGSIZE +#define EMSGSIZE WSAEMSGSIZE +#endif + int keylifetime = 0; int keyexpires = 0; EVP_CIPHER_CTX packet_ctx; static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; +static void send_udppacket(node_t *, vpn_packet_t *); #define MAX_SEQNO 1073741824 +void send_mtu_probe(node_t *n) +{ + vpn_packet_t packet; + int len, i; + + cp(); + + n->mtuprobes++; + n->mtuevent = NULL; + + if(n->mtuprobes >= 10 && !n->minmtu) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("No response to MTU probes from %s (%s)"), n->name, n->hostname); + return; + } + + for(i = 0; i < 3; i++) { + if(n->mtuprobes >= 30 || n->minmtu >= n->maxmtu) { + n->mtu = n->minmtu; + ifdebug(TRAFFIC) logger(LOG_INFO, _("Fixing MTU of %s (%s) to %d after %d probes"), n->name, n->hostname, n->mtu, n->mtuprobes); + return; + } + + len = n->minmtu + 1 + random() % (n->maxmtu - n->minmtu); + if(len < 64) + len = 64; + + memset(packet.data, 0, 14); + RAND_pseudo_bytes(packet.data + 14, len - 14); + packet.len = len; + + ifdebug(TRAFFIC) logger(LOG_INFO, _("Sending MTU probe length %d to %s (%s)"), len, n->name, n->hostname); + + send_udppacket(n, &packet); + } + + n->mtuevent = xmalloc(sizeof(*n->mtuevent)); + n->mtuevent->handler = (event_handler_t)send_mtu_probe; + n->mtuevent->data = n; + n->mtuevent->time = now + 1; + event_add(n->mtuevent); +} + +void mtu_probe_h(node_t *n, vpn_packet_t *packet) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Got MTU probe length %d from %s (%s)"), packet->len, n->name, n->hostname); + + if(!packet->data[0]) { + packet->data[0] = 1; + send_packet(n, packet); + } else { + if(n->minmtu < packet->len) + n->minmtu = packet->len; + } +} + static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { if(level == 10) { @@ -104,7 +164,7 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); - route_incoming(n, packet); + route(n, packet); } static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) @@ -114,7 +174,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) int nextpkt = 0; vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; - char hmac[EVP_MAX_MD_SIZE]; + unsigned char hmac[EVP_MAX_MD_SIZE]; int i; cp(); @@ -132,7 +192,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->digest && myself->maclength) { inpkt->len -= myself->maclength; HMAC(myself->digest, myself->key, myself->keylength, - (char *) &inpkt->seqno, inpkt->len, hmac, NULL); + (unsigned char *) &inpkt->seqno, inpkt->len, (unsigned char *)hmac, NULL); if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) { ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), @@ -147,9 +207,9 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) outpkt = pkt[nextpkt++]; if(!EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL) - || !EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, - (char *) &inpkt->seqno, inpkt->len) - || !EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { + || !EVP_DecryptUpdate(&packet_ctx, (unsigned char *) &outpkt->seqno, &outlen, + (unsigned char *) &inpkt->seqno, inpkt->len) + || !EVP_DecryptFinal_ex(&packet_ctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) { ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"), n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); return; @@ -171,17 +231,21 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) memset(n->late, 0, sizeof(n->late)); } else if (inpkt->seqno <= n->received_seqno) { - if(inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8 || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) { + if((n->received_seqno >= sizeof(n->late) * 8 && inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8) || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) { logger(LOG_WARNING, _("Got late or replayed packet from %s (%s), seqno %d, last received %d"), n->name, n->hostname, inpkt->seqno, n->received_seqno); - } else - for(i = n->received_seqno + 1; i < inpkt->seqno; i++) - n->late[(inpkt->seqno / 8) % sizeof(n->late)] |= 1 << i % 8; + return; + } + } else { + for(i = n->received_seqno + 1; i < inpkt->seqno; i++) + n->late[(i / 8) % sizeof(n->late)] |= 1 << i % 8; } } - n->received_seqno = inpkt->seqno; - n->late[(n->received_seqno / 8) % sizeof(n->late)] &= ~(1 << n->received_seqno % 8); + n->late[(inpkt->seqno / 8) % sizeof(n->late)] &= ~(1 << inpkt->seqno % 8); + + if(inpkt->seqno > n->received_seqno) + n->received_seqno = inpkt->seqno; if(n->received_seqno > MAX_SEQNO) keyexpires = 0; @@ -203,7 +267,10 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->connection) n->connection->last_ping_time = now; - receive_packet(n, inpkt); + if(!inpkt->data[12] && !inpkt->data[13]) + mtu_probe_h(n, inpkt); + else + receive_packet(n, inpkt); } void receive_tcppacket(connection_t *c, char *buffer, int len) @@ -218,10 +285,11 @@ void receive_tcppacket(connection_t *c, char *buffer, int len) receive_packet(c->node, &outpkt); } -static void send_udppacket(node_t *n, vpn_packet_t *inpkt) +static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { vpn_packet_t pkt1, pkt2; vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; + vpn_packet_t *inpkt = origpkt; int nextpkt = 0; vpn_packet_t *outpkt; int origlen; @@ -242,8 +310,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) /* Since packet is on the stack of handle_tap_input(), we have to make a copy of it first. */ - copy = xmalloc(sizeof(vpn_packet_t)); - memcpy(copy, inpkt, sizeof(vpn_packet_t)); + *(copy = xmalloc(sizeof(*copy))) = *inpkt; list_insert_tail(n->queue, copy); @@ -286,12 +353,12 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) outpkt = pkt[nextpkt++]; if(!EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL) - || !EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen, - (char *) &inpkt->seqno, inpkt->len) - || !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { + || !EVP_EncryptUpdate(&n->packet_ctx, (unsigned char *) &outpkt->seqno, &outlen, + (unsigned char *) &inpkt->seqno, inpkt->len) + || !EVP_EncryptFinal_ex(&n->packet_ctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) { ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"), n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); - return; + goto end; } outpkt->len = outlen + outpad; @@ -301,8 +368,8 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) /* Add the message authentication code */ if(n->digest && n->maclength) { - HMAC(n->digest, n->key, n->keylength, (char *) &inpkt->seqno, - inpkt->len, (char *) &inpkt->seqno + inpkt->len, &outlen); + HMAC(n->digest, n->key, n->keylength, (unsigned char *) &inpkt->seqno, + inpkt->len, (unsigned char *) &inpkt->seqno + inpkt->len, NULL); inpkt->len += n->maclength; } @@ -328,11 +395,17 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) #endif if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { - logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); - return; + if(errno == EMSGSIZE) { + if(n->maxmtu >= origlen) + n->maxmtu = origlen - 1; + if(n->mtu >= origlen) + n->mtu = origlen - 1; + } else + logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); } - inpkt->len = origlen; +end: + origpkt->len = origlen; } /* @@ -344,14 +417,16 @@ void send_packet(const node_t *n, vpn_packet_t *packet) cp(); - ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - packet->len, n->name, n->hostname); - if(n == myself) { - ifdebug(TRAFFIC) logger(LOG_NOTICE, _("Packet is looping back to us!")); + if(overwrite_mac) + memcpy(packet->data, mymac.x, ETH_ALEN); + write_packet(packet); return; } + ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + packet->len, n->name, n->hostname); + if(!n->status.reachable) { ifdebug(TRAFFIC) logger(LOG_INFO, _("Node %s (%s) is not reachable"), n->name, n->hostname); @@ -383,6 +458,9 @@ void broadcast_packet(const node_t *from, vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), packet->len, from->name, from->hostname); + if(from != myself) + send_packet(myself, packet); + for(node = connection_tree->head; node; node = node->next) { c = node->data;