From: Guus Sliepen Date: Mon, 1 Feb 2010 23:51:44 +0000 (+0100) Subject: Determine peer's reflexive address and port when exchanging keys. X-Git-Tag: release-1.0.12~5 X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=4a0b9981513059755b9fd15b38fc198f46a0d6f2;hp=d15099e0029578bfd24d6b464b941f4693280001 Determine peer's reflexive address and port when exchanging keys. To help peers that are behind NAT connect to each other directly via UDP, they need to know the exact external address and port that they use. Keys exchanged between NATted peers necessarily go via a third node, which knows this address and port, and can append this information to the keys, which is in turned used by the peers. Since PMTU discovery will immediately trigger UDP communication from both sides to each other, this should allow direct communication between peers behind full, address-restricted and port-restricted cone NAT. --- diff --git a/src/protocol_key.c b/src/protocol_key.c index ad393d38..8096af57 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -179,12 +179,14 @@ bool ans_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; char key[MAX_STRING_SIZE]; + char address[MAX_STRING_SIZE] = ""; + char port[MAX_STRING_SIZE] = ""; int cipher, digest, maclength, compression; node_t *from, *to; - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING, from_name, to_name, key, &cipher, &digest, &maclength, - &compression) != 7) { + &compression, address, port) < 7) { logger(LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name, c->hostname); return false; @@ -223,6 +225,16 @@ bool ans_key_h(connection_t *c) { return true; } + if(!*address) { + char *address, *port; + ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name); + sockaddr2str(&from->address, &address, &port); + send_request(to->nexthop->connection, "%s %s %s", c->buffer, address, port); + free(address); + free(port); + return true; + } + return send_request(to->nexthop->connection, "%s", c->buffer); } @@ -290,6 +302,12 @@ bool ans_key_h(connection_t *c) { from->status.validkey = true; from->sent_seqno = 0; + if(*address && *port) { + ifdebug(PROTOCOL) logger(LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port); + sockaddr_t sa = str2sockaddr(address, port); + update_node_udp(from, &sa); + } + if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes) send_mtu_probe(from);