X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_packet.c;h=ae5a8402a7af159ad3873b877854c2b286a0c485;hp=c0bd24767ad5fefae59adedeafa15fa0d6aeb5f2;hb=56aad1bb486675ff9aba31418708cc179eea0381;hpb=5db596c6844169f1eb5f804b72abe99d067aaa5a

diff --git a/src/net_packet.c b/src/net_packet.c
index c0bd2476..ae5a8402 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -17,39 +17,13 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_packet.c,v 1.1.2.33 2003/07/12 17:41:46 guus Exp $
+    $Id: net_packet.c,v 1.1.2.49 2003/12/27 16:32:52 guus Exp $
 */
 
-#include "config.h"
-
-#include <errno.h>
-#include <fcntl.h>
-#include <netdb.h>
-#include <netinet/in.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <signal.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/ioctl.h>
-/* SunOS really wants sys/socket.h BEFORE net/if.h,
-   and FreeBSD wants these lines below the rest. */
-#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <net/if.h>
-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include <netinet/in_systm.h>
-#endif
-#ifdef HAVE_NETINET_IP_H
-#include <netinet/ip.h>
-#endif
-#ifdef HAVE_NETINET_TCP_H
-#include <netinet/tcp.h>
-#endif
+#include "system.h"
 
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
@@ -57,36 +31,91 @@
 #include <zlib.h>
 #include <lzo1x.h>
 
-#include <utils.h>
-#include <xalloc.h>
-#include <avl_tree.h>
-#include <list.h>
-
+#include "avl_tree.h"
 #include "conf.h"
 #include "connection.h"
-#include "meta.h"
+#include "device.h"
+#include "ethernet.h"
+#include "event.h"
+#include "graph.h"
+#include "list.h"
+#include "logger.h"
 #include "net.h"
 #include "netutl.h"
-#include "process.h"
 #include "protocol.h"
-#include "subnet.h"
-#include "graph.h"
 #include "process.h"
 #include "route.h"
-#include "device.h"
-#include "event.h"
-#include "logger.h"
+#include "utils.h"
+#include "xalloc.h"
 
-#include "system.h"
+#ifdef WSAEMSGSIZE
+#define EMSGSIZE WSAEMSGSIZE
+#endif
 
 int keylifetime = 0;
 int keyexpires = 0;
+bool strictsource = true;
 EVP_CIPHER_CTX packet_ctx;
 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
 
+static void send_udppacket(node_t *, vpn_packet_t *);
 
 #define MAX_SEQNO 1073741824
 
+void send_mtu_probe(node_t *n)
+{
+	vpn_packet_t packet;
+	int len, i;
+	
+	cp();
+
+	n->mtuprobes++;
+	n->mtuevent = NULL;
+
+	if(n->mtuprobes >= 10 && !n->minmtu) {
+		ifdebug(TRAFFIC) logger(LOG_INFO, _("No response to MTU probes from %s (%s)"), n->name, n->hostname);
+		return;
+	}
+
+	for(i = 0; i < 3; i++) {
+		if(n->mtuprobes >= 30 || n->minmtu >= n->maxmtu) {
+			n->mtu = n->minmtu;
+			ifdebug(TRAFFIC) logger(LOG_INFO, _("Fixing MTU of %s (%s) to %d after %d probes"), n->name, n->hostname, n->mtu, n->mtuprobes);
+			return;
+		}
+
+		len = n->minmtu + 1 + random() % (n->maxmtu - n->minmtu);
+		if(len < 64)
+			len = 64;
+		
+		memset(packet.data, 0, 14);
+		RAND_pseudo_bytes(packet.data + 14, len - 14);
+		packet.len = len;
+
+		ifdebug(TRAFFIC) logger(LOG_INFO, _("Sending MTU probe length %d to %s (%s)"), len, n->name, n->hostname);
+
+		send_udppacket(n, &packet);
+	}
+
+	n->mtuevent = xmalloc(sizeof(*n->mtuevent));
+	n->mtuevent->handler = (event_handler_t)send_mtu_probe;
+	n->mtuevent->data = n;
+	n->mtuevent->time = now + 1;
+	event_add(n->mtuevent);
+}
+
+void mtu_probe_h(node_t *n, vpn_packet_t *packet) {
+	ifdebug(TRAFFIC) logger(LOG_INFO, _("Got MTU probe length %d from %s (%s)"), packet->len, n->name, n->hostname);
+
+	if(!packet->data[0]) {
+		packet->data[0] = 1;
+		send_packet(n, packet);
+	} else {
+		if(n->minmtu < packet->len)
+			n->minmtu = packet->len;
+	}
+}
+
 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level)
 {
 	if(level == 10) {
@@ -136,7 +165,26 @@ static void receive_packet(node_t *n, vpn_packet_t *packet)
 	ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"),
 			   packet->len, n->name, n->hostname);
 
-	route_incoming(n, packet);
+	route(n, packet);
+}
+
+static bool authenticate_udppacket(node_t *n, vpn_packet_t *inpkt) {
+	char hmac[EVP_MAX_MD_SIZE];
+
+	if(inpkt->len < sizeof(inpkt->seqno) + (myself->digest ? myself->maclength : 0))
+		return false;
+
+	/* Check the message authentication code */
+
+	if(myself->digest && myself->maclength) {
+		HMAC(myself->digest, myself->key, myself->keylength,
+			 (char *) &inpkt->seqno, inpkt->len - myself->maclength, hmac, NULL);
+
+		if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - myself->maclength, myself->maclength))
+			return false;
+	}
+
+	return true;
 }
 
 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
@@ -146,36 +194,31 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
 	int nextpkt = 0;
 	vpn_packet_t *outpkt = pkt[0];
 	int outlen, outpad;
-	char hmac[EVP_MAX_MD_SIZE];
 	int i;
 
 	cp();
 
-	/* Check the message authentication code */
-
-	if(myself->digest && myself->maclength) {
-		inpkt->len -= myself->maclength;
-		HMAC(myself->digest, myself->key, myself->keylength,
-			 (char *) &inpkt->seqno, inpkt->len, hmac, NULL);
-
-		if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) {
-			ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
+	if(!authenticate_udppacket(n, inpkt)) {
+		ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
 					   n->name, n->hostname);
-			return;
-		}
+		return;
 	}
 
+	inpkt->len -= myself->digest ? myself->maclength : 0;
+
 	/* Decrypt the packet */
 
 	if(myself->cipher) {
 		outpkt = pkt[nextpkt++];
 
-//		EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key,
-//						myself->key + myself->cipher->key_len);
-		EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL);
-		EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
-						  (char *) &inpkt->seqno, inpkt->len);
-		EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
+		if(!EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL)
+				|| !EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
+					(char *) &inpkt->seqno, inpkt->len)
+				|| !EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+			ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
+						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return;
+		}
 		
 		outpkt->len = outlen + outpad;
 		inpkt = outpkt;
@@ -214,15 +257,21 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
 		outpkt = pkt[nextpkt++];
 
 		if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, myself->compression)) < 0) {
-			logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"),
-				   n->name, n->hostname);
+			ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"),
+				  		 n->name, n->hostname);
 			return;
 		}
 
 		inpkt = outpkt;
 	}
 
-	receive_packet(n, inpkt);
+	if(n->connection)
+		n->connection->last_ping_time = now;
+
+	if(!inpkt->data[12] && !inpkt->data[13])
+		mtu_probe_h(n, inpkt);
+	else
+		receive_packet(n, inpkt);
 }
 
 void receive_tcppacket(connection_t *c, char *buffer, int len)
@@ -261,8 +310,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt)
 
 		/* Since packet is on the stack of handle_tap_input(), we have to make a copy of it first. */
 
-		copy = xmalloc(sizeof(vpn_packet_t));
-		memcpy(copy, inpkt, sizeof(vpn_packet_t));
+		*(copy = xmalloc(sizeof(*copy))) = *inpkt;
 
 		list_insert_tail(n->queue, copy);
 
@@ -272,7 +320,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt)
 		if(!n->status.waitingforkey)
 			send_req_key(n->nexthop->connection, myself, n);
 
-		n->status.waitingforkey = 1;
+		n->status.waitingforkey = true;
 
 		return;
 	}
@@ -286,7 +334,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt)
 		outpkt = pkt[nextpkt++];
 
 		if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->compression)) < 0) {
-			logger(LOG_ERR, _("Error while compressing packet to %s (%s)"),
+			ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while compressing packet to %s (%s)"),
 				   n->name, n->hostname);
 			return;
 		}
@@ -304,11 +352,14 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt)
 	if(n->cipher) {
 		outpkt = pkt[nextpkt++];
 
-//		EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len);
-		EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL);
-		EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
-						  (char *) &inpkt->seqno, inpkt->len);
-		EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
+		if(!EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL)
+				|| !EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
+					(char *) &inpkt->seqno, inpkt->len)
+				|| !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+			ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
+						n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
+			goto end;
+		}
 
 		outpkt->len = outlen + outpad;
 		inpkt = outpkt;
@@ -339,37 +390,43 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt)
 		priority = origpriority;
 		ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority);
 		if(setsockopt(listen_socket[sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority)))	/* SO_PRIORITY doesn't seem to work */
-			logger(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt",
-				   strerror(errno));
+			logger(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno));
 	}
 #endif
 
 	if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) {
-		logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name,
-			   n->hostname, strerror(errno));
-		return;
+		if(errno == EMSGSIZE) {
+			if(n->maxmtu >= origlen)
+				n->maxmtu = origlen - 1;
+			if(n->mtu >= origlen)
+				n->mtu = origlen - 1;
+		} else
+			logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno));
 	}
 
+end:
 	inpkt->len = origlen;
 }
 
 /*
   send a packet to the given vpn ip.
 */
-void send_packet(node_t *n, vpn_packet_t *packet)
+void send_packet(const node_t *n, vpn_packet_t *packet)
 {
 	node_t *via;
 
 	cp();
 
-	ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
-			   packet->len, n->name, n->hostname);
-
 	if(n == myself) {
-		ifdebug(TRAFFIC) logger(LOG_NOTICE, _("Packet is looping back to us!"));
+		if(overwrite_mac)
+			 memcpy(packet->data, mymac.x, ETH_ALEN);
+		write_packet(packet);
 		return;
 	}
 
+	ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
+			   packet->len, n->name, n->hostname);
+
 	if(!n->status.reachable) {
 		ifdebug(TRAFFIC) logger(LOG_INFO, _("Node %s (%s) is not reachable"),
 				   n->name, n->hostname);
@@ -383,15 +440,15 @@ void send_packet(node_t *n, vpn_packet_t *packet)
 			   n->name, via->name, n->via->hostname);
 
 	if((myself->options | via->options) & OPTION_TCPONLY) {
-		if(send_tcppacket(via->connection, packet))
-			terminate_connection(via->connection, 1);
+		if(!send_tcppacket(via->connection, packet))
+			terminate_connection(via->connection, true);
 	} else
 		send_udppacket(via, packet);
 }
 
 /* Broadcast a packet using the minimum spanning tree */
 
-void broadcast_packet(node_t *from, vpn_packet_t *packet)
+void broadcast_packet(const node_t *from, vpn_packet_t *packet)
 {
 	avl_node_t *node;
 	connection_t *c;
@@ -402,7 +459,7 @@ void broadcast_packet(node_t *from, vpn_packet_t *packet)
 			   packet->len, from->name, from->hostname);
 
 	for(node = connection_tree->head; node; node = node->next) {
-		c = (connection_t *) node->data;
+		c = node->data;
 
 		if(c->status.active && c->status.mst && c != from->nexthop->connection)
 			send_packet(c->node, packet);
@@ -419,7 +476,7 @@ void flush_queue(node_t *n)
 
 	for(node = n->queue->head; node; node = next) {
 		next = node->next;
-		send_udppacket(n, (vpn_packet_t *) node->data);
+		send_udppacket(n, node->data);
 		list_delete_node(n->queue, node);
 	}
 }
@@ -427,29 +484,17 @@ void flush_queue(node_t *n)
 void handle_incoming_vpn_data(int sock)
 {
 	vpn_packet_t pkt;
-	int x, l = sizeof(x);
 	char *hostname;
 	sockaddr_t from;
 	socklen_t fromlen = sizeof(from);
 	node_t *n;
+	static time_t lasttime = 0;
 
 	cp();
 
-	if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) {
-		logger(LOG_ERR, _("This is a bug: %s:%d: %d:%s"),
-			   __FILE__, __LINE__, sock, strerror(errno));
-		cp_trace();
-		exit(1);
-	}
-
-	if(x) {
-		logger(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
-		return;
-	}
-
 	pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
 
-	if(pkt.len <= 0) {
+	if(pkt.len < 0) {
 		logger(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno));
 		return;
 	}
@@ -458,16 +503,28 @@ void handle_incoming_vpn_data(int sock)
 
 	n = lookup_node_udp(&from);
 
+	if(!n && !strictsource && myself->digest && myself->maclength && lasttime != now) {
+		avl_node_t *node;
+
+		lasttime = now;
+
+		for(node = node_tree->head; node; node = node->next) {
+			n = node->data;
+
+			if(authenticate_udppacket(n, &pkt)) {
+				update_node_address(n, &from);
+				logger(LOG_DEBUG, _("Updated address of node %s to %s"), n->name, n->hostname);
+				break;
+			}
+		}
+	}
+
 	if(!n) {
 		hostname = sockaddr2hostname(&from);
-		logger(LOG_WARNING, _("Received UDP packet from unknown source %s"),
-			   hostname);
+		logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname);
 		free(hostname);
 		return;
 	}
 
-	if(n->connection)
-		n->connection->last_ping_time = now;
-
 	receive_udppacket(n, &pkt);
 }