1 /* site.c - manage communication with a remote network site */
3 /* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
12 /* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
21 #include <sys/socket.h>
25 #include "unaligned.h"
28 #define SETUP_BUFFER_LEN 2048
30 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
32 #define DEFAULT_SETUP_RETRIES 5
33 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
36 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38 #define DEFAULT_MOBILE_SETUP_RETRIES 30
39 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
42 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43 #define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
45 /* Each site can be in one of several possible states. */
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
84 #define SITE_RESOLVE 2
85 #define SITE_SENTMSG1 3
86 #define SITE_SENTMSG2 4
87 #define SITE_SENTMSG3 5
88 #define SITE_SENTMSG4 6
89 #define SITE_SENTMSG5 7
92 int32_t site_max_start_pad
= 4*4;
94 static cstring_t
state_name(uint32_t state
)
97 case 0: return "STOP";
99 case 2: return "RESOLVE";
100 case 3: return "SENTMSG1";
101 case 4: return "SENTMSG2";
102 case 5: return "SENTMSG3";
103 case 6: return "SENTMSG4";
104 case 7: return "SENTMSG5";
105 case 8: return "WAIT";
106 default: return "*bad state*";
112 #define LOG_UNEXPECTED 0x00000001
113 #define LOG_SETUP_INIT 0x00000002
114 #define LOG_SETUP_TIMEOUT 0x00000004
115 #define LOG_ACTIVATE_KEY 0x00000008
116 #define LOG_TIMEOUT_KEY 0x00000010
117 #define LOG_SEC 0x00000020
118 #define LOG_STATE 0x00000040
119 #define LOG_DROP 0x00000080
120 #define LOG_DUMP 0x00000100
121 #define LOG_ERROR 0x00000400
122 #define LOG_PEER_ADDRS 0x00000800
124 static struct flagstr log_event_table
[]={
125 { "unexpected", LOG_UNEXPECTED
},
126 { "setup-init", LOG_SETUP_INIT
},
127 { "setup-timeout", LOG_SETUP_TIMEOUT
},
128 { "activate-key", LOG_ACTIVATE_KEY
},
129 { "timeout-key", LOG_TIMEOUT_KEY
},
130 { "security", LOG_SEC
},
131 { "state-change", LOG_STATE
},
132 { "packet-drop", LOG_DROP
},
133 { "dump-packets", LOG_DUMP
},
134 { "errors", LOG_ERROR
},
135 { "peer-addrs", LOG_PEER_ADDRS
},
136 { "default", LOG_SETUP_INIT
|LOG_SETUP_TIMEOUT
|
137 LOG_ACTIVATE_KEY
|LOG_TIMEOUT_KEY
|LOG_SEC
|LOG_ERROR
},
138 { "all", 0xffffffff },
143 /***** TRANSPORT PEERS declarations *****/
145 /* Details of "mobile peer" semantics:
147 - We record mobile_peers_max peer address/port numbers ("peers")
148 for key setup, and separately mobile_peers_max for data
149 transfer. If these lists fill up, we retain the newest peers.
150 (For non-mobile peers we only record one of each.)
152 - Outgoing packets are sent to every recorded peer in the
155 - Data transfer peers are straightforward: whenever we successfully
156 process a data packet, we record the peer. Also, whenever we
157 successfully complete a key setup, we merge the key setup
158 peers into the data transfer peers.
160 (For "non-mobile" peers we simply copy the peer used for
161 successful key setup, and don't change the peer otherwise.)
163 - Key setup peers are slightly more complicated.
165 Whenever we receive and successfully process a key exchange
166 packet, we record the peer.
168 Whenever we try to initiate a key setup, we copy the list of data
169 transfer peers and use it for key setup. But we also look to see
170 if the config supplies an address and port number and if so we
171 add that as a key setup peer (possibly evicting one of the data
172 transfer peers we just copied).
174 (For "non-mobile" peers, if we if we have a configured peer
175 address and port, we always use that; otherwise if we have a
176 current data peer address we use that; otherwise we do not
177 attempt to initiate a key setup for lack of a peer address.)
179 "Record the peer" means
180 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
181 2. add the peer of the just received packet to the applicable list
182 (possibly evicting older entries)
183 NB that we do not expire peers until an incoming packet arrives.
187 #define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
191 struct comm_addr addr
;
195 /* configuration information */
196 /* runtime information */
198 transport_peer peers
[MAX_MOBILE_PEERS_MAX
];
201 static void transport_peers_clear(struct site
*st
, transport_peers
*peers
);
202 static int transport_peers_valid(transport_peers
*peers
);
203 static void transport_peers_copy(struct site
*st
, transport_peers
*dst
,
204 const transport_peers
*src
);
206 static void transport_setup_msgok(struct site
*st
, const struct comm_addr
*a
);
207 static void transport_data_msgok(struct site
*st
, const struct comm_addr
*a
);
208 static bool_t
transport_compute_setupinit_peers(struct site
*st
,
209 const struct comm_addr
*configured_addr
/* 0 if none or not found */,
210 const struct comm_addr
*prod_hint_addr
/* 0 if none */);
211 static void transport_record_peer(struct site
*st
, transport_peers
*peers
,
212 const struct comm_addr
*addr
, const char *m
);
214 static void transport_xmit(struct site
*st
, transport_peers
*peers
,
215 struct buffer_if
*buf
, bool_t candebug
);
217 /***** END of transport peers declarations *****/
221 struct transform_inst_if
*transform
;
222 uint64_t key_timeout
; /* End of life of current key */
223 uint32_t remote_session_id
;
229 /* configuration information */
232 bool_t peer_mobile
; /* Mobile client support */
233 int32_t transport_peers_max
;
234 string_t tunname
; /* localname<->remotename by default, used in logs */
235 string_t address
; /* DNS name for bootstrapping, optional */
236 int remoteport
; /* Port for bootstrapping, optional */
238 struct netlink_if
*netlink
;
239 struct comm_if
**comms
;
241 struct resolver_if
*resolver
;
243 struct random_if
*random
;
244 struct rsaprivkey_if
*privkey
;
245 struct rsapubkey_if
*pubkey
;
246 struct transform_if
**transforms
;
249 struct hash_if
*hash
;
251 uint32_t index
; /* Index of this site */
252 uint32_t local_capabilities
;
253 int32_t setup_retries
; /* How many times to send setup packets */
254 int32_t setup_retry_interval
; /* Initial timeout for setup packets */
255 int32_t wait_timeout
; /* How long to wait if setup unsuccessful */
256 int32_t mobile_peer_expiry
; /* How long to remember 2ary addresses */
257 int32_t key_lifetime
; /* How long a key lasts once set up */
258 int32_t key_renegotiate_time
; /* If we see traffic (or a keepalive)
259 after this time, initiate a new
262 bool_t setup_priority
; /* Do we have precedence if both sites emit
263 message 1 simultaneously? */
266 /* runtime information */
268 uint64_t now
; /* Most recently seen time */
269 bool_t allow_send_prod
;
271 /* The currently established session */
272 struct data_key current
;
273 struct data_key auxiliary_key
;
274 bool_t auxiliary_is_new
;
275 uint64_t renegotiate_key_time
; /* When we can negotiate a new key */
276 uint64_t auxiliary_renegotiate_key_time
;
277 transport_peers peers
; /* Current address(es) of peer for data traffic */
279 /* The current key setup protocol exchange. We can only be
280 involved in one of these at a time. There's a potential for
281 denial of service here (the attacker keeps sending a setup
282 packet; we keep trying to continue the exchange, and have to
283 timeout before we can listen for another setup packet); perhaps
284 we should keep a list of 'bad' sources for setup packets. */
285 uint32_t remote_capabilities
;
286 uint16_t remote_adv_mtu
;
287 struct transform_if
*chosen_transform
;
288 uint32_t setup_session_id
;
289 transport_peers setup_peers
;
290 uint8_t localN
[NONCELEN
]; /* Nonces for key exchange */
291 uint8_t remoteN
[NONCELEN
];
292 struct buffer_if buffer
; /* Current outgoing key exchange packet */
293 struct buffer_if scratch
;
294 int32_t retries
; /* Number of retries remaining */
295 uint64_t timeout
; /* Timeout for current state */
297 uint8_t *sharedsecret
;
298 uint32_t sharedsecretlen
, sharedsecretallocd
;
299 struct transform_inst_if
*new_transform
; /* For key setup/verify */
302 static uint32_t event_log_priority(struct site
*st
, uint32_t event
)
304 if (!(event
&st
->log_events
))
307 case LOG_UNEXPECTED
: return M_INFO
;
308 case LOG_SETUP_INIT
: return M_INFO
;
309 case LOG_SETUP_TIMEOUT
: return M_NOTICE
;
310 case LOG_ACTIVATE_KEY
: return M_INFO
;
311 case LOG_TIMEOUT_KEY
: return M_INFO
;
312 case LOG_SEC
: return M_SECURITY
;
313 case LOG_STATE
: return M_DEBUG
;
314 case LOG_DROP
: return M_DEBUG
;
315 case LOG_DUMP
: return M_DEBUG
;
316 case LOG_ERROR
: return M_ERR
;
317 case LOG_PEER_ADDRS
: return M_DEBUG
;
318 default: return M_ERR
;
322 static void vslog(struct site
*st
, uint32_t event
, cstring_t msg
, va_list ap
)
324 static void vslog(struct site
*st
, uint32_t event
, cstring_t msg
, va_list ap
)
328 class=event_log_priority(st
, event
);
330 slilog_part(st
->log
,class,"%s: ",st
->tunname
);
331 vslilog_part(st
->log
,class,msg
,ap
);
332 slilog_part(st
->log
,class,"\n");
336 static void slog(struct site
*st
, uint32_t event
, cstring_t msg
, ...)
338 static void slog(struct site
*st
, uint32_t event
, cstring_t msg
, ...)
342 vslog(st
,event
,msg
,ap
);
346 static void logtimeout(struct site
*st
, const char *fmt
, ...)
348 static void logtimeout(struct site
*st
, const char *fmt
, ...)
350 uint32_t class=event_log_priority(st
,LOG_SETUP_TIMEOUT
);
357 slilog_part(st
->log
,class,"%s: ",st
->tunname
);
358 vslilog_part(st
->log
,class,fmt
,ap
);
362 for (i
=0, delim
=" (tried ";
363 i
<st
->setup_peers
.npeers
;
365 transport_peer
*peer
=&st
->setup_peers
.peers
[i
];
366 const char *s
=comm_addr_to_string(&peer
->addr
);
367 slilog_part(st
->log
,class,"%s%s",delim
,s
);
370 slilog_part(st
->log
,class,")\n");
374 static void set_link_quality(struct site
*st
);
375 static void delete_keys(struct site
*st
, cstring_t reason
, uint32_t loglevel
);
376 static void delete_one_key(struct site
*st
, struct data_key
*key
,
377 const char *reason
/* may be 0 meaning don't log*/,
378 const char *which
/* ignored if !reasonn */,
379 uint32_t loglevel
/* ignored if !reasonn */);
380 static bool_t
initiate_key_setup(struct site
*st
, cstring_t reason
,
381 const struct comm_addr
*prod_hint
);
382 static void enter_state_run(struct site
*st
);
383 static bool_t
enter_state_resolve(struct site
*st
);
384 static bool_t
enter_new_state(struct site
*st
,uint32_t next
);
385 static void enter_state_wait(struct site
*st
);
386 static void activate_new_key(struct site
*st
);
388 static bool_t
is_transform_valid(struct transform_inst_if
*transform
)
390 return transform
&& transform
->valid(transform
->st
);
393 static bool_t
current_valid(struct site
*st
)
395 return is_transform_valid(st
->current
.transform
);
398 #define DEFINE_CALL_TRANSFORM(fwdrev) \
399 static int call_transform_##fwdrev(struct site *st, \
400 struct transform_inst_if *transform, \
401 struct buffer_if *buf, \
402 const char **errmsg) \
404 if (!is_transform_valid(transform)) { \
405 *errmsg="transform not set up"; \
408 return transform->fwdrev(transform->st,buf,errmsg); \
411 DEFINE_CALL_TRANSFORM(forwards
)
412 DEFINE_CALL_TRANSFORM(reverse
)
414 static void dispose_transform(struct transform_inst_if
**transform_var
)
416 struct transform_inst_if
*transform
=*transform_var
;
418 transform
->delkey(transform
->st
);
419 transform
->destroy(transform
->st
);
424 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
425 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
426 #define CHECK_TYPE(b,t) do { uint32_t type; \
427 CHECK_AVAIL((b),4); \
428 type=buf_unprepend_uint32((b)); \
429 if (type!=(t)) return False; } while(0)
431 static _Bool
type_is_msg34(uint32_t type
)
434 type
== LABEL_MSG3
||
435 type
== LABEL_MSG3BIS
||
442 struct buffer_if extrainfo
;
449 struct parsedname remote
;
450 struct parsedname local
;
451 uint32_t remote_capabilities
;
453 int capab_transformnum
;
463 static void set_new_transform(struct site
*st
, char *pk
)
465 /* Make room for the shared key */
466 st
->sharedsecretlen
=st
->chosen_transform
->keylen?
:st
->dh
->ceil_len
;
467 assert(st
->sharedsecretlen
);
468 if (st
->sharedsecretlen
> st
->sharedsecretallocd
) {
469 st
->sharedsecretallocd
=st
->sharedsecretlen
;
470 st
->sharedsecret
=realloc(st
->sharedsecret
,st
->sharedsecretallocd
);
472 if (!st
->sharedsecret
) fatal_perror("site:sharedsecret");
474 /* Generate the shared key */
475 st
->dh
->makeshared(st
->dh
->st
,st
->dhsecret
,st
->dh
->len
,pk
,
476 st
->sharedsecret
,st
->sharedsecretlen
);
478 /* Set up the transform */
479 struct transform_if
*generator
=st
->chosen_transform
;
480 struct transform_inst_if
*generated
=generator
->create(generator
->st
);
481 generated
->setkey(generated
->st
,st
->sharedsecret
,
482 st
->sharedsecretlen
,st
->setup_priority
);
483 dispose_transform(&st
->new_transform
);
484 st
->new_transform
=generated
;
486 slog(st
,LOG_SETUP_INIT
,"key exchange negotiated transform"
487 " %d (capabilities ours=%#"PRIx32
" theirs=%#"PRIx32
")",
488 st
->chosen_transform
->capab_transformnum
,
489 st
->local_capabilities
, st
->remote_capabilities
);
493 int32_t lenpos
, afternul
;
495 static void append_string_xinfo_start(struct buffer_if
*buf
,
496 struct xinfoadd
*xia
,
498 /* Helps construct one of the names with additional info as found
499 * in MSG1..4. Call this function first, then append all the
500 * desired extra info (not including the nul byte) to the buffer,
501 * then call append_string_xinfo_done. */
503 xia
->lenpos
= buf
->size
;
504 buf_append_string(buf
,str
);
505 buf_append_uint8(buf
,0);
506 xia
->afternul
= buf
->size
;
508 static void append_string_xinfo_done(struct buffer_if
*buf
,
509 struct xinfoadd
*xia
)
511 /* we just need to adjust the string length */
512 if (buf
->size
== xia
->afternul
) {
513 /* no extra info, strip the nul too */
514 buf_unappend_uint8(buf
);
516 put_uint16(buf
->start
+xia
->lenpos
, buf
->size
-(xia
->lenpos
+2));
520 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
521 out using a transform of config data supplied by netlink */
522 static bool_t
generate_msg(struct site
*st
, uint32_t type
, cstring_t what
)
528 st
->retries
=st
->setup_retries
;
529 BUF_ALLOC(&st
->buffer
,what
);
530 buffer_init(&st
->buffer
,0);
531 buf_append_uint32(&st
->buffer
,
532 (type
==LABEL_MSG1?
0:st
->setup_session_id
));
533 buf_append_uint32(&st
->buffer
,st
->index
);
534 buf_append_uint32(&st
->buffer
,type
);
537 append_string_xinfo_start(&st
->buffer
,&xia
,st
->localname
);
538 if ((st
->local_capabilities
& CAPAB_EARLY
) || (type
!= LABEL_MSG1
)) {
539 buf_append_uint32(&st
->buffer
,st
->local_capabilities
);
541 if (type_is_msg34(type
)) {
542 buf_append_uint16(&st
->buffer
,st
->mtu_target
);
544 append_string_xinfo_done(&st
->buffer
,&xia
);
546 buf_append_string(&st
->buffer
,st
->remotename
);
547 memcpy(buf_append(&st
->buffer
,NONCELEN
),st
->localN
,NONCELEN
);
548 if (type
==LABEL_MSG1
) return True
;
549 memcpy(buf_append(&st
->buffer
,NONCELEN
),st
->remoteN
,NONCELEN
);
550 if (type
==LABEL_MSG2
) return True
;
552 if (hacky_par_mid_failnow()) return False
;
554 if (type
==LABEL_MSG3BIS
)
555 buf_append_uint8(&st
->buffer
,st
->chosen_transform
->capab_transformnum
);
557 dhpub
=st
->dh
->makepublic(st
->dh
->st
,st
->dhsecret
,st
->dh
->len
);
558 buf_append_string(&st
->buffer
,dhpub
);
560 hash
=safe_malloc(st
->hash
->len
, "generate_msg");
561 hst
=st
->hash
->init();
562 st
->hash
->update(hst
,st
->buffer
.start
,st
->buffer
.size
);
563 st
->hash
->final(hst
,hash
);
564 sig
=st
->privkey
->sign(st
->privkey
->st
,hash
,st
->hash
->len
);
565 buf_append_string(&st
->buffer
,sig
);
571 static bool_t
unpick_name(struct buffer_if
*msg
, struct parsedname
*nm
)
574 nm
->len
=buf_unprepend_uint16(msg
);
575 CHECK_AVAIL(msg
,nm
->len
);
576 nm
->name
=buf_unprepend(msg
,nm
->len
);
577 uint8_t *nul
=memchr(nm
->name
,0,nm
->len
);
579 buffer_readonly_view(&nm
->extrainfo
,0,0);
581 buffer_readonly_view(&nm
->extrainfo
, nul
+1, msg
->start
-(nul
+1));
582 nm
->len
=nul
-nm
->name
;
587 static bool_t
unpick_msg(struct site
*st
, uint32_t type
,
588 struct buffer_if
*msg
, struct msg
*m
)
590 m
->capab_transformnum
=-1;
591 m
->hashstart
=msg
->start
;
593 m
->dest
=buf_unprepend_uint32(msg
);
595 m
->source
=buf_unprepend_uint32(msg
);
596 CHECK_TYPE(msg
,type
);
597 if (!unpick_name(msg
,&m
->remote
)) return False
;
598 m
->remote_capabilities
=0;
600 if (m
->remote
.extrainfo
.size
) {
601 CHECK_AVAIL(&m
->remote
.extrainfo
,4);
602 m
->remote_capabilities
=buf_unprepend_uint32(&m
->remote
.extrainfo
);
604 if (type_is_msg34(type
) && m
->remote
.extrainfo
.size
) {
605 CHECK_AVAIL(&m
->remote
.extrainfo
,2);
606 m
->remote_mtu
=buf_unprepend_uint16(&m
->remote
.extrainfo
);
608 if (!unpick_name(msg
,&m
->local
)) return False
;
609 if (type
==LABEL_PROD
) {
613 CHECK_AVAIL(msg
,NONCELEN
);
614 m
->nR
=buf_unprepend(msg
,NONCELEN
);
615 if (type
==LABEL_MSG1
) {
619 CHECK_AVAIL(msg
,NONCELEN
);
620 m
->nL
=buf_unprepend(msg
,NONCELEN
);
621 if (type
==LABEL_MSG2
) {
625 if (type
==LABEL_MSG3BIS
) {
627 m
->capab_transformnum
= buf_unprepend_uint8(msg
);
629 m
->capab_transformnum
= CAPAB_TRANSFORMNUM_ANCIENT
;
632 m
->pklen
=buf_unprepend_uint16(msg
);
633 CHECK_AVAIL(msg
,m
->pklen
);
634 m
->pk
=buf_unprepend(msg
,m
->pklen
);
635 m
->hashlen
=msg
->start
-m
->hashstart
;
637 m
->siglen
=buf_unprepend_uint16(msg
);
638 CHECK_AVAIL(msg
,m
->siglen
);
639 m
->sig
=buf_unprepend(msg
,m
->siglen
);
644 static bool_t
name_matches(const struct parsedname
*nm
, const char *expected
)
646 int expected_len
=strlen(expected
);
648 nm
->len
== expected_len
&&
649 !memcmp(nm
->name
, expected
, expected_len
);
652 static bool_t
check_msg(struct site
*st
, uint32_t type
, struct msg
*m
,
655 if (type
==LABEL_MSG1
) return True
;
657 /* Check that the site names and our nonce have been sent
658 back correctly, and then store our peer's nonce. */
659 if (!name_matches(&m
->remote
,st
->remotename
)) {
660 *error
="wrong remote site name";
663 if (!name_matches(&m
->local
,st
->localname
)) {
664 *error
="wrong local site name";
667 if (memcmp(m
->nL
,st
->localN
,NONCELEN
)!=0) {
668 *error
="wrong locally-generated nonce";
671 if (type
==LABEL_MSG2
) return True
;
672 if (!consttime_memeq(m
->nR
,st
->remoteN
,NONCELEN
)!=0) {
673 *error
="wrong remotely-generated nonce";
676 /* MSG3 has complicated rules about capabilities, which are
677 * handled in process_msg3. */
678 if (type
==LABEL_MSG3
|| type
==LABEL_MSG3BIS
) return True
;
679 if (m
->remote_capabilities
!=st
->remote_capabilities
) {
680 *error
="remote capabilities changed";
683 if (type
==LABEL_MSG4
) return True
;
684 *error
="unknown message type";
688 static bool_t
generate_msg1(struct site
*st
)
690 st
->random
->generate(st
->random
->st
,NONCELEN
,st
->localN
);
691 return generate_msg(st
,LABEL_MSG1
,"site:MSG1");
694 static bool_t
process_msg1(struct site
*st
, struct buffer_if
*msg1
,
695 const struct comm_addr
*src
, struct msg
*m
)
697 /* We've already determined we're in an appropriate state to
698 process an incoming MSG1, and that the MSG1 has correct values
701 transport_record_peer(st
,&st
->setup_peers
,src
,"msg1");
702 st
->setup_session_id
=m
->source
;
703 st
->remote_capabilities
=m
->remote_capabilities
;
704 memcpy(st
->remoteN
,m
->nR
,NONCELEN
);
708 static bool_t
generate_msg2(struct site
*st
)
710 st
->random
->generate(st
->random
->st
,NONCELEN
,st
->localN
);
711 return generate_msg(st
,LABEL_MSG2
,"site:MSG2");
714 static bool_t
process_msg2(struct site
*st
, struct buffer_if
*msg2
,
715 const struct comm_addr
*src
)
720 if (!unpick_msg(st
,LABEL_MSG2
,msg2
,&m
)) return False
;
721 if (!check_msg(st
,LABEL_MSG2
,&m
,&err
)) {
722 slog(st
,LOG_SEC
,"msg2: %s",err
);
725 st
->setup_session_id
=m
.source
;
726 st
->remote_capabilities
=m
.remote_capabilities
;
728 /* Select the transform to use */
730 uint32_t remote_transforms
= st
->remote_capabilities
& CAPAB_TRANSFORM_MASK
;
731 if (!remote_transforms
)
732 /* old secnets only had this one transform */
733 remote_transforms
= 1UL << CAPAB_TRANSFORMNUM_ANCIENT
;
735 struct transform_if
*ti
;
737 for (i
=0; i
<st
->ntransforms
; i
++) {
738 ti
=st
->transforms
[i
];
739 if ((1UL << ti
->capab_transformnum
) & remote_transforms
)
740 goto transform_found
;
742 slog(st
,LOG_ERROR
,"no transforms in common"
743 " (us %#"PRIx32
"; them: %#"PRIx32
")",
744 st
->local_capabilities
& CAPAB_TRANSFORM_MASK
,
748 st
->chosen_transform
=ti
;
750 memcpy(st
->remoteN
,m
.nR
,NONCELEN
);
754 static bool_t
generate_msg3(struct site
*st
)
756 /* Now we have our nonce and their nonce. Think of a secret key,
757 and create message number 3. */
758 st
->random
->generate(st
->random
->st
,st
->dh
->len
,st
->dhsecret
);
759 return generate_msg(st
,
760 (st
->remote_capabilities
& CAPAB_TRANSFORM_MASK
761 ? LABEL_MSG3BIS
: LABEL_MSG3
),
765 static bool_t
process_msg3_msg4(struct site
*st
, struct msg
*m
)
770 /* Check signature and store g^x mod m */
771 hash
=safe_malloc(st
->hash
->len
, "process_msg3_msg4");
772 hst
=st
->hash
->init();
773 st
->hash
->update(hst
,m
->hashstart
,m
->hashlen
);
774 st
->hash
->final(hst
,hash
);
775 /* Terminate signature with a '0' - cheating, but should be ok */
777 if (!st
->pubkey
->check(st
->pubkey
->st
,hash
,st
->hash
->len
,m
->sig
)) {
778 slog(st
,LOG_SEC
,"msg3/msg4 signature failed check!");
784 st
->remote_adv_mtu
=m
->remote_mtu
;
789 static bool_t
process_msg3(struct site
*st
, struct buffer_if
*msg3
,
790 const struct comm_addr
*src
, uint32_t msgtype
)
795 assert(msgtype
==LABEL_MSG3
|| msgtype
==LABEL_MSG3BIS
);
797 if (!unpick_msg(st
,msgtype
,msg3
,&m
)) return False
;
798 if (!check_msg(st
,msgtype
,&m
,&err
)) {
799 slog(st
,LOG_SEC
,"msg3: %s",err
);
802 uint32_t capab_adv_late
= m
.remote_capabilities
803 & ~st
->remote_capabilities
& CAPAB_EARLY
;
804 if (capab_adv_late
) {
805 slog(st
,LOG_SEC
,"msg3 impermissibly adds early capability flag(s)"
806 " %#"PRIx32
" (was %#"PRIx32
", now %#"PRIx32
")",
807 capab_adv_late
, st
->remote_capabilities
, m
.remote_capabilities
);
810 st
->remote_capabilities
|=m
.remote_capabilities
;
812 struct transform_if
*ti
;
814 for (i
=0; i
<st
->ntransforms
; i
++) {
815 ti
=st
->transforms
[i
];
816 if (ti
->capab_transformnum
== m
.capab_transformnum
)
817 goto transform_found
;
819 slog(st
,LOG_SEC
,"peer chose unknown-to-us transform %d!",
820 m
.capab_transformnum
);
823 st
->chosen_transform
=ti
;
825 if (!process_msg3_msg4(st
,&m
))
828 /* Terminate their DH public key with a '0' */
830 /* Invent our DH secret key */
831 st
->random
->generate(st
->random
->st
,st
->dh
->len
,st
->dhsecret
);
833 /* Generate the shared key and set up the transform */
834 set_new_transform(st
,m
.pk
);
839 static bool_t
generate_msg4(struct site
*st
)
841 /* We have both nonces, their public key and our private key. Generate
842 our public key, sign it and send it to them. */
843 return generate_msg(st
,LABEL_MSG4
,"site:MSG4");
846 static bool_t
process_msg4(struct site
*st
, struct buffer_if
*msg4
,
847 const struct comm_addr
*src
)
852 if (!unpick_msg(st
,LABEL_MSG4
,msg4
,&m
)) return False
;
853 if (!check_msg(st
,LABEL_MSG4
,&m
,&err
)) {
854 slog(st
,LOG_SEC
,"msg4: %s",err
);
858 if (!process_msg3_msg4(st
,&m
))
861 /* Terminate their DH public key with a '0' */
864 /* Generate the shared key and set up the transform */
865 set_new_transform(st
,m
.pk
);
876 static bool_t
unpick_msg0(struct site
*st
, struct buffer_if
*msg0
,
880 m
->dest
=buf_unprepend_uint32(msg0
);
882 m
->source
=buf_unprepend_uint32(msg0
);
884 m
->type
=buf_unprepend_uint32(msg0
);
886 /* Leaves transformed part of buffer untouched */
889 static bool_t
generate_msg5(struct site
*st
)
891 cstring_t transform_err
;
893 BUF_ALLOC(&st
->buffer
,"site:MSG5");
894 /* We are going to add four words to the message */
895 buffer_init(&st
->buffer
,calculate_max_start_pad());
896 /* Give the netlink code an opportunity to put its own stuff in the
897 message (configuration information, etc.) */
898 buf_prepend_uint32(&st
->buffer
,LABEL_MSG5
);
899 if (call_transform_forwards(st
,st
->new_transform
,
900 &st
->buffer
,&transform_err
))
902 buf_prepend_uint32(&st
->buffer
,LABEL_MSG5
);
903 buf_prepend_uint32(&st
->buffer
,st
->index
);
904 buf_prepend_uint32(&st
->buffer
,st
->setup_session_id
);
906 st
->retries
=st
->setup_retries
;
910 static bool_t
process_msg5(struct site
*st
, struct buffer_if
*msg5
,
911 const struct comm_addr
*src
,
912 struct transform_inst_if
*transform
)
915 cstring_t transform_err
;
917 if (!unpick_msg0(st
,msg5
,&m
)) return False
;
919 if (call_transform_reverse(st
,transform
,msg5
,&transform_err
)) {
920 /* There's a problem */
921 slog(st
,LOG_SEC
,"process_msg5: transform: %s",transform_err
);
924 /* Buffer should now contain untransformed PING packet data */
926 if (buf_unprepend_uint32(msg5
)!=LABEL_MSG5
) {
927 slog(st
,LOG_SEC
,"MSG5/PING packet contained wrong label");
930 /* Older versions of secnet used to write some config data here
931 * which we ignore. So we don't CHECK_EMPTY */
935 static void create_msg6(struct site
*st
, struct transform_inst_if
*transform
,
938 cstring_t transform_err
;
940 BUF_ALLOC(&st
->buffer
,"site:MSG6");
941 /* We are going to add four words to the message */
942 buffer_init(&st
->buffer
,calculate_max_start_pad());
943 /* Give the netlink code an opportunity to put its own stuff in the
944 message (configuration information, etc.) */
945 buf_prepend_uint32(&st
->buffer
,LABEL_MSG6
);
946 int problem
= call_transform_forwards(st
,transform
,
947 &st
->buffer
,&transform_err
);
949 buf_prepend_uint32(&st
->buffer
,LABEL_MSG6
);
950 buf_prepend_uint32(&st
->buffer
,st
->index
);
951 buf_prepend_uint32(&st
->buffer
,session_id
);
954 static bool_t
generate_msg6(struct site
*st
)
956 if (!is_transform_valid(st
->new_transform
))
958 create_msg6(st
,st
->new_transform
,st
->setup_session_id
);
959 st
->retries
=1; /* Peer will retransmit MSG5 if this packet gets lost */
963 static bool_t
process_msg6(struct site
*st
, struct buffer_if
*msg6
,
964 const struct comm_addr
*src
)
967 cstring_t transform_err
;
969 if (!unpick_msg0(st
,msg6
,&m
)) return False
;
971 if (call_transform_reverse(st
,st
->new_transform
,msg6
,&transform_err
)) {
972 /* There's a problem */
973 slog(st
,LOG_SEC
,"process_msg6: transform: %s",transform_err
);
976 /* Buffer should now contain untransformed PING packet data */
978 if (buf_unprepend_uint32(msg6
)!=LABEL_MSG6
) {
979 slog(st
,LOG_SEC
,"MSG6/PONG packet contained invalid data");
982 /* Older versions of secnet used to write some config data here
983 * which we ignore. So we don't CHECK_EMPTY */
987 static bool_t
decrypt_msg0(struct site
*st
, struct buffer_if
*msg0
,
988 const struct comm_addr
*src
)
990 cstring_t transform_err
, auxkey_err
, newkey_err
="n/a";
994 if (!unpick_msg0(st
,msg0
,&m
)) return False
;
996 /* Keep a copy so we can try decrypting it with multiple keys */
997 buffer_copy(&st
->scratch
, msg0
);
999 problem
= call_transform_reverse(st
,st
->current
.transform
,
1000 msg0
,&transform_err
);
1002 if (!st
->auxiliary_is_new
)
1003 delete_one_key(st
,&st
->auxiliary_key
,
1004 "peer has used new key","auxiliary key",LOG_SEC
);
1010 buffer_copy(msg0
, &st
->scratch
);
1011 problem
= call_transform_reverse(st
,st
->auxiliary_key
.transform
,
1014 slog(st
,LOG_DROP
,"processing packet which uses auxiliary key");
1015 if (st
->auxiliary_is_new
) {
1016 /* We previously timed out in state SENTMSG5 but it turns
1017 * out that our peer did in fact get our MSG5 and is
1018 * using the new key. So we should switch to it too. */
1019 /* This is a bit like activate_new_key. */
1022 st
->current
=st
->auxiliary_key
;
1023 st
->auxiliary_key
=t
;
1025 delete_one_key(st
,&st
->auxiliary_key
,"peer has used new key",
1026 "previous key",LOG_SEC
);
1027 st
->auxiliary_is_new
=0;
1028 st
->renegotiate_key_time
=st
->auxiliary_renegotiate_key_time
;
1035 if (st
->state
==SITE_SENTMSG5
) {
1036 buffer_copy(msg0
, &st
->scratch
);
1037 problem
= call_transform_reverse(st
,st
->new_transform
,
1040 /* It looks like we didn't get the peer's MSG6 */
1041 /* This is like a cut-down enter_new_state(SITE_RUN) */
1042 slog(st
,LOG_STATE
,"will enter state RUN (MSG0 with new key)");
1043 BUF_FREE(&st
->buffer
);
1045 activate_new_key(st
);
1046 return True
; /* do process the data in this packet */
1052 slog(st
,LOG_SEC
,"transform: %s (aux: %s, new: %s)",
1053 transform_err
,auxkey_err
,newkey_err
);
1054 initiate_key_setup(st
,"incoming message would not decrypt",0);
1055 send_nak(src
,m
.dest
,m
.source
,m
.type
,msg0
,"message would not decrypt");
1059 slog(st
,LOG_DROP
,"transform: %s (merely skew)",transform_err
);
1063 static bool_t
process_msg0(struct site
*st
, struct buffer_if
*msg0
,
1064 const struct comm_addr
*src
)
1068 if (!decrypt_msg0(st
,msg0
,src
))
1071 CHECK_AVAIL(msg0
,4);
1072 type
=buf_unprepend_uint32(msg0
);
1075 /* We must forget about the current session. */
1076 delete_keys(st
,"request from peer",LOG_SEC
);
1079 /* Deliver to netlink layer */
1080 st
->netlink
->deliver(st
->netlink
->st
,msg0
);
1081 transport_data_msgok(st
,src
);
1082 /* See whether we should start negotiating a new key */
1083 if (st
->now
> st
->renegotiate_key_time
)
1084 initiate_key_setup(st
,"incoming packet in renegotiation window",0);
1087 slog(st
,LOG_SEC
,"incoming encrypted message of type %08x "
1094 static void dump_packet(struct site
*st
, struct buffer_if
*buf
,
1095 const struct comm_addr
*addr
, bool_t incoming
)
1097 uint32_t dest
=get_uint32(buf
->start
);
1098 uint32_t source
=get_uint32(buf
->start
+4);
1099 uint32_t msgtype
=get_uint32(buf
->start
+8);
1101 if (st
->log_events
& LOG_DUMP
)
1102 slilog(st
->log
,M_DEBUG
,"%s: %s: %08x<-%08x: %08x:",
1103 st
->tunname
,incoming?
"incoming":"outgoing",
1104 dest
,source
,msgtype
);
1107 static uint32_t site_status(void *st
)
1112 static bool_t
send_msg(struct site
*st
)
1114 if (st
->retries
>0) {
1115 transport_xmit(st
, &st
->setup_peers
, &st
->buffer
, True
);
1116 st
->timeout
=st
->now
+st
->setup_retry_interval
;
1119 } else if (st
->state
==SITE_SENTMSG5
) {
1120 logtimeout(st
,"timed out sending MSG5, stashing new key");
1121 /* We stash the key we have produced, in case it turns out that
1122 * our peer did see our MSG5 after all and starts using it. */
1123 /* This is a bit like some of activate_new_key */
1124 struct transform_inst_if
*t
;
1125 t
=st
->auxiliary_key
.transform
;
1126 st
->auxiliary_key
.transform
=st
->new_transform
;
1127 st
->new_transform
=t
;
1128 dispose_transform(&st
->new_transform
);
1130 st
->auxiliary_is_new
=1;
1131 st
->auxiliary_key
.key_timeout
=st
->now
+st
->key_lifetime
;
1132 st
->auxiliary_renegotiate_key_time
=st
->now
+st
->key_renegotiate_time
;
1133 st
->auxiliary_key
.remote_session_id
=st
->setup_session_id
;
1135 enter_state_wait(st
);
1138 logtimeout(st
,"timed out sending key setup packet "
1139 "(in state %s)",state_name(st
->state
));
1140 enter_state_wait(st
);
1145 static void site_resolve_callback(void *sst
, struct in_addr
*address
)
1147 struct site
*st
=sst
;
1148 struct comm_addr ca_buf
, *ca_use
;
1150 if (st
->state
!=SITE_RESOLVE
) {
1151 slog(st
,LOG_UNEXPECTED
,"site_resolve_callback called unexpectedly");
1156 ca_buf
.comm
=st
->comms
[0];
1157 ca_buf
.sin
.sin_family
=AF_INET
;
1158 ca_buf
.sin
.sin_port
=htons(st
->remoteport
);
1159 ca_buf
.sin
.sin_addr
=*address
;
1162 slog(st
,LOG_ERROR
,"resolution of %s failed",st
->address
);
1165 if (transport_compute_setupinit_peers(st
,ca_use
,0)) {
1166 enter_new_state(st
,SITE_SENTMSG1
);
1168 /* Can't figure out who to try to to talk to */
1169 slog(st
,LOG_SETUP_INIT
,"key exchange failed: cannot find peer address");
1170 enter_state_run(st
);
1174 static bool_t
initiate_key_setup(struct site
*st
, cstring_t reason
,
1175 const struct comm_addr
*prod_hint
)
1177 /* Reentrancy hazard: can call enter_new_state/enter_state_* */
1178 if (st
->state
!=SITE_RUN
) return False
;
1179 slog(st
,LOG_SETUP_INIT
,"initiating key exchange (%s)",reason
);
1181 slog(st
,LOG_SETUP_INIT
,"resolving peer address");
1182 return enter_state_resolve(st
);
1183 } else if (transport_compute_setupinit_peers(st
,0,prod_hint
)) {
1184 return enter_new_state(st
,SITE_SENTMSG1
);
1186 slog(st
,LOG_SETUP_INIT
,"key exchange failed: no address for peer");
1190 static void activate_new_key(struct site
*st
)
1192 struct transform_inst_if
*t
;
1194 /* We have three transform instances, which we swap between old,
1196 t
=st
->auxiliary_key
.transform
;
1197 st
->auxiliary_key
.transform
=st
->current
.transform
;
1198 st
->current
.transform
=st
->new_transform
;
1199 st
->new_transform
=t
;
1200 dispose_transform(&st
->new_transform
);
1203 st
->auxiliary_is_new
=0;
1204 st
->auxiliary_key
.key_timeout
=st
->current
.key_timeout
;
1205 st
->current
.key_timeout
=st
->now
+st
->key_lifetime
;
1206 st
->renegotiate_key_time
=st
->now
+st
->key_renegotiate_time
;
1207 transport_peers_copy(st
,&st
->peers
,&st
->setup_peers
);
1208 st
->current
.remote_session_id
=st
->setup_session_id
;
1210 /* Compute the inter-site MTU. This is min( our_mtu, their_mtu ).
1211 * But their mtu be unspecified, in which case we just use ours. */
1212 uint32_t intersite_mtu
=
1213 MIN(st
->mtu_target
, st
->remote_adv_mtu ?
: ~(uint32_t)0);
1214 st
->netlink
->set_mtu(st
->netlink
->st
,intersite_mtu
);
1216 slog(st
,LOG_ACTIVATE_KEY
,"new key activated"
1217 " (mtu ours=%"PRId32
" theirs=%"PRId32
" intersite=%"PRId32
")",
1218 st
->mtu_target
, st
->remote_adv_mtu
, intersite_mtu
);
1219 enter_state_run(st
);
1222 static void delete_one_key(struct site
*st
, struct data_key
*key
,
1223 cstring_t reason
, cstring_t which
, uint32_t loglevel
)
1225 if (!is_transform_valid(key
->transform
)) return;
1226 if (reason
) slog(st
,loglevel
,"%s deleted (%s)",which
,reason
);
1227 dispose_transform(&key
->transform
);
1231 static void delete_keys(struct site
*st
, cstring_t reason
, uint32_t loglevel
)
1233 if (current_valid(st
)) {
1234 slog(st
,loglevel
,"session closed (%s)",reason
);
1236 delete_one_key(st
,&st
->current
,0,0,0);
1237 set_link_quality(st
);
1239 delete_one_key(st
,&st
->auxiliary_key
,0,0,0);
1242 static void state_assert(struct site
*st
, bool_t ok
)
1244 if (!ok
) fatal("site:state_assert");
1247 static void enter_state_stop(struct site
*st
)
1249 st
->state
=SITE_STOP
;
1251 delete_keys(st
,"entering state STOP",LOG_TIMEOUT_KEY
);
1252 dispose_transform(&st
->new_transform
);
1255 static void set_link_quality(struct site
*st
)
1258 if (current_valid(st
))
1259 quality
=LINK_QUALITY_UP
;
1260 else if (st
->state
==SITE_WAIT
|| st
->state
==SITE_STOP
)
1261 quality
=LINK_QUALITY_DOWN
;
1262 else if (st
->address
)
1263 quality
=LINK_QUALITY_DOWN_CURRENT_ADDRESS
;
1264 else if (transport_peers_valid(&st
->peers
))
1265 quality
=LINK_QUALITY_DOWN_STALE_ADDRESS
;
1267 quality
=LINK_QUALITY_DOWN
;
1269 st
->netlink
->set_quality(st
->netlink
->st
,quality
);
1272 static void enter_state_run(struct site
*st
)
1274 slog(st
,LOG_STATE
,"entering state RUN");
1278 st
->setup_session_id
=0;
1279 transport_peers_clear(st
,&st
->setup_peers
);
1280 memset(st
->localN
,0,NONCELEN
);
1281 memset(st
->remoteN
,0,NONCELEN
);
1282 dispose_transform(&st
->new_transform
);
1283 memset(st
->dhsecret
,0,st
->dh
->len
);
1284 memset(st
->sharedsecret
,0,st
->sharedsecretlen
);
1285 set_link_quality(st
);
1288 static bool_t
enter_state_resolve(struct site
*st
)
1290 /* Reentrancy hazard! See ensure_resolving. */
1291 state_assert(st
,st
->state
==SITE_RUN
);
1292 slog(st
,LOG_STATE
,"entering state RESOLVE");
1293 st
->state
=SITE_RESOLVE
;
1294 st
->resolver
->request(st
->resolver
->st
,st
->address
,
1295 site_resolve_callback
,st
);
1299 static bool_t
enter_new_state(struct site
*st
, uint32_t next
)
1301 bool_t (*gen
)(struct site
*st
);
1304 slog(st
,LOG_STATE
,"entering state %s",state_name(next
));
1307 state_assert(st
,st
->state
==SITE_RUN
|| st
->state
==SITE_RESOLVE
);
1311 state_assert(st
,st
->state
==SITE_RUN
|| st
->state
==SITE_RESOLVE
||
1312 st
->state
==SITE_SENTMSG1
|| st
->state
==SITE_WAIT
);
1316 state_assert(st
,st
->state
==SITE_SENTMSG1
);
1317 BUF_FREE(&st
->buffer
);
1321 state_assert(st
,st
->state
==SITE_SENTMSG2
);
1322 BUF_FREE(&st
->buffer
);
1326 state_assert(st
,st
->state
==SITE_SENTMSG3
);
1327 BUF_FREE(&st
->buffer
);
1331 state_assert(st
,st
->state
==SITE_SENTMSG4
);
1332 BUF_FREE(&st
->buffer
);
1337 fatal("enter_new_state(%s): invalid new state",state_name(next
));
1341 if (hacky_par_start_failnow()) return False
;
1343 r
= gen(st
) && send_msg(st
);
1346 st
->setup_retries
, st
->setup_retry_interval
,
1351 if (next
==SITE_RUN
) {
1352 BUF_FREE(&st
->buffer
); /* Never reused */
1353 st
->timeout
=0; /* Never retransmit */
1354 activate_new_key(st
);
1358 slog(st
,LOG_ERROR
,"error entering state %s",state_name(next
));
1359 st
->buffer
.free
=False
; /* Unconditionally use the buffer; it may be
1360 in either state, and enter_state_wait() will
1362 enter_state_wait(st
);
1366 /* msg7 tells our peer that we're about to forget our key */
1367 static bool_t
send_msg7(struct site
*st
, cstring_t reason
)
1369 cstring_t transform_err
;
1371 if (current_valid(st
) && st
->buffer
.free
1372 && transport_peers_valid(&st
->peers
)) {
1373 BUF_ALLOC(&st
->buffer
,"site:MSG7");
1374 buffer_init(&st
->buffer
,calculate_max_start_pad());
1375 buf_append_uint32(&st
->buffer
,LABEL_MSG7
);
1376 buf_append_string(&st
->buffer
,reason
);
1377 if (call_transform_forwards(st
, st
->current
.transform
,
1378 &st
->buffer
, &transform_err
))
1380 buf_prepend_uint32(&st
->buffer
,LABEL_MSG0
);
1381 buf_prepend_uint32(&st
->buffer
,st
->index
);
1382 buf_prepend_uint32(&st
->buffer
,st
->current
.remote_session_id
);
1383 transport_xmit(st
,&st
->peers
,&st
->buffer
,True
);
1384 BUF_FREE(&st
->buffer
);
1391 /* We go into this state if our peer becomes uncommunicative. Similar to
1392 the "stop" state, we forget all session keys for a while, before
1393 re-entering the "run" state. */
1394 static void enter_state_wait(struct site
*st
)
1396 slog(st
,LOG_STATE
,"entering state WAIT");
1397 st
->timeout
=st
->now
+st
->wait_timeout
;
1398 st
->state
=SITE_WAIT
;
1399 set_link_quality(st
);
1400 BUF_FREE(&st
->buffer
); /* will have had an outgoing packet in it */
1401 /* XXX Erase keys etc. */
1404 static void generate_prod(struct site
*st
, struct buffer_if
*buf
)
1407 buf_append_uint32(buf
,0);
1408 buf_append_uint32(buf
,0);
1409 buf_append_uint32(buf
,LABEL_PROD
);
1410 buf_append_string(buf
,st
->localname
);
1411 buf_append_string(buf
,st
->remotename
);
1414 static void generate_send_prod(struct site
*st
,
1415 const struct comm_addr
*source
)
1417 if (!st
->allow_send_prod
) return; /* too soon */
1418 if (!(st
->state
==SITE_RUN
|| st
->state
==SITE_RESOLVE
||
1419 st
->state
==SITE_WAIT
)) return; /* we'd ignore peer's MSG1 */
1421 slog(st
,LOG_SETUP_INIT
,"prodding peer for key exchange");
1422 st
->allow_send_prod
=0;
1423 generate_prod(st
,&st
->scratch
);
1424 dump_packet(st
,&st
->scratch
,source
,False
);
1425 source
->comm
->sendmsg(source
->comm
->st
, &st
->scratch
, source
);
1428 static inline void site_settimeout(uint64_t timeout
, int *timeout_io
)
1431 int64_t offset
=timeout
-*now
;
1432 if (offset
<0) offset
=0;
1433 if (offset
>INT_MAX
) offset
=INT_MAX
;
1434 if (*timeout_io
<0 || offset
<*timeout_io
)
1439 static int site_beforepoll(void *sst
, struct pollfd
*fds
, int *nfds_io
,
1442 struct site
*st
=sst
;
1444 *nfds_io
=0; /* We don't use any file descriptors */
1447 /* Work out when our next timeout is. The earlier of 'timeout' or
1448 'current.key_timeout'. A stored value of '0' indicates no timeout
1450 site_settimeout(st
->timeout
, timeout_io
);
1451 site_settimeout(st
->current
.key_timeout
, timeout_io
);
1452 site_settimeout(st
->auxiliary_key
.key_timeout
, timeout_io
);
1454 return 0; /* success */
1457 static void check_expiry(struct site
*st
, struct data_key
*key
,
1460 if (key
->key_timeout
&& *now
>key
->key_timeout
) {
1461 delete_one_key(st
,key
,"maximum life exceeded",which
,LOG_TIMEOUT_KEY
);
1465 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1466 static void site_afterpoll(void *sst
, struct pollfd
*fds
, int nfds
)
1468 struct site
*st
=sst
;
1471 if (st
->timeout
&& *now
>st
->timeout
) {
1473 if (st
->state
>=SITE_SENTMSG1
&& st
->state
<=SITE_SENTMSG5
) {
1474 if (!hacky_par_start_failnow())
1476 } else if (st
->state
==SITE_WAIT
) {
1477 enter_state_run(st
);
1479 slog(st
,LOG_ERROR
,"site_afterpoll: unexpected timeout, state=%d",
1483 check_expiry(st
,&st
->current
,"current key");
1484 check_expiry(st
,&st
->auxiliary_key
,"auxiliary key");
1487 /* This function is called by the netlink device to deliver packets
1488 intended for the remote network. The packet is in "raw" wire
1489 format, but is guaranteed to be word-aligned. */
1490 static void site_outgoing(void *sst
, struct buffer_if
*buf
)
1492 struct site
*st
=sst
;
1493 cstring_t transform_err
;
1495 if (st
->state
==SITE_STOP
) {
1500 st
->allow_send_prod
=1;
1502 /* In all other states we consider delivering the packet if we have
1503 a valid key and a valid address to send it to. */
1504 if (current_valid(st
) && transport_peers_valid(&st
->peers
)) {
1505 /* Transform it and send it */
1507 buf_prepend_uint32(buf
,LABEL_MSG9
);
1508 if (call_transform_forwards(st
, st
->current
.transform
,
1509 buf
, &transform_err
))
1511 buf_prepend_uint32(buf
,LABEL_MSG0
);
1512 buf_prepend_uint32(buf
,st
->index
);
1513 buf_prepend_uint32(buf
,st
->current
.remote_session_id
);
1514 transport_xmit(st
,&st
->peers
,buf
,False
);
1521 slog(st
,LOG_DROP
,"discarding outgoing packet of size %d",buf
->size
);
1523 initiate_key_setup(st
,"outgoing packet",0);
1526 static bool_t
named_for_us(struct site
*st
, const struct buffer_if
*buf_in
,
1527 uint32_t type
, struct msg
*m
)
1528 /* For packets which are identified by the local and remote names.
1529 * If it has our name and our peer's name in it it's for us. */
1531 struct buffer_if buf
[1];
1532 buffer_readonly_clone(buf
,buf_in
);
1533 return unpick_msg(st
,type
,buf
,m
)
1534 && name_matches(&m
->remote
,st
->remotename
)
1535 && name_matches(&m
->local
,st
->localname
);
1538 /* This function is called by the communication device to deliver
1539 packets from our peers.
1540 It should return True if the packet is recognised as being for
1541 this current site instance (and should therefore not be processed
1542 by other sites), even if the packet was otherwise ignored. */
1543 static bool_t
site_incoming(void *sst
, struct buffer_if
*buf
,
1544 const struct comm_addr
*source
)
1546 struct site
*st
=sst
;
1548 if (buf
->size
< 12) return False
;
1550 uint32_t dest
=get_uint32(buf
->start
);
1551 uint32_t msgtype
=get_uint32(buf
->start
+8);
1552 struct msg named_msg
;
1554 if (msgtype
==LABEL_MSG1
) {
1555 if (!named_for_us(st
,buf
,msgtype
,&named_msg
))
1557 /* It's a MSG1 addressed to us. Decide what to do about it. */
1558 dump_packet(st
,buf
,source
,True
);
1559 if (st
->state
==SITE_RUN
|| st
->state
==SITE_RESOLVE
||
1560 st
->state
==SITE_WAIT
) {
1561 /* We should definitely process it */
1562 if (process_msg1(st
,buf
,source
,&named_msg
)) {
1563 slog(st
,LOG_SETUP_INIT
,"key setup initiated by peer");
1564 enter_new_state(st
,SITE_SENTMSG2
);
1566 slog(st
,LOG_ERROR
,"failed to process incoming msg1");
1570 } else if (st
->state
==SITE_SENTMSG1
) {
1571 /* We've just sent a message 1! They may have crossed on
1572 the wire. If we have priority then we ignore the
1573 incoming one, otherwise we process it as usual. */
1574 if (st
->setup_priority
) {
1576 slog(st
,LOG_DUMP
,"crossed msg1s; we are higher "
1577 "priority => ignore incoming msg1");
1580 slog(st
,LOG_DUMP
,"crossed msg1s; we are lower "
1581 "priority => use incoming msg1");
1582 if (process_msg1(st
,buf
,source
,&named_msg
)) {
1583 BUF_FREE(&st
->buffer
); /* Free our old message 1 */
1584 enter_new_state(st
,SITE_SENTMSG2
);
1586 slog(st
,LOG_ERROR
,"failed to process an incoming "
1587 "crossed msg1 (we have low priority)");
1593 /* The message 1 was received at an unexpected stage of the
1594 key setup. XXX POLICY - what do we do? */
1595 slog(st
,LOG_UNEXPECTED
,"unexpected incoming message 1");
1599 if (msgtype
==LABEL_PROD
) {
1600 if (!named_for_us(st
,buf
,msgtype
,&named_msg
))
1602 dump_packet(st
,buf
,source
,True
);
1603 if (st
->state
!=SITE_RUN
) {
1604 slog(st
,LOG_DROP
,"ignoring PROD when not in state RUN");
1605 } else if (current_valid(st
)) {
1606 slog(st
,LOG_DROP
,"ignoring PROD when we think we have a key");
1608 initiate_key_setup(st
,"peer sent PROD packet",source
);
1613 if (dest
==st
->index
) {
1614 /* Explicitly addressed to us */
1615 if (msgtype
!=LABEL_MSG0
) dump_packet(st
,buf
,source
,True
);
1618 /* If the source is our current peer then initiate a key setup,
1619 because our peer's forgotten the key */
1620 if (get_uint32(buf
->start
+4)==st
->current
.remote_session_id
) {
1622 initiated
= initiate_key_setup(st
,"received a NAK",0);
1623 if (!initiated
) generate_send_prod(st
,source
);
1625 slog(st
,LOG_SEC
,"bad incoming NAK");
1629 process_msg0(st
,buf
,source
);
1632 /* Setup packet: should not have been explicitly addressed
1634 slog(st
,LOG_SEC
,"incoming explicitly addressed msg1");
1637 /* Setup packet: expected only in state SENTMSG1 */
1638 if (st
->state
!=SITE_SENTMSG1
) {
1639 slog(st
,LOG_UNEXPECTED
,"unexpected MSG2");
1640 } else if (process_msg2(st
,buf
,source
)) {
1641 transport_setup_msgok(st
,source
);
1642 enter_new_state(st
,SITE_SENTMSG3
);
1644 slog(st
,LOG_SEC
,"invalid MSG2");
1649 /* Setup packet: expected only in state SENTMSG2 */
1650 if (st
->state
!=SITE_SENTMSG2
) {
1651 slog(st
,LOG_UNEXPECTED
,"unexpected MSG3");
1652 } else if (process_msg3(st
,buf
,source
,msgtype
)) {
1653 transport_setup_msgok(st
,source
);
1654 enter_new_state(st
,SITE_SENTMSG4
);
1656 slog(st
,LOG_SEC
,"invalid MSG3");
1660 /* Setup packet: expected only in state SENTMSG3 */
1661 if (st
->state
!=SITE_SENTMSG3
) {
1662 slog(st
,LOG_UNEXPECTED
,"unexpected MSG4");
1663 } else if (process_msg4(st
,buf
,source
)) {
1664 transport_setup_msgok(st
,source
);
1665 enter_new_state(st
,SITE_SENTMSG5
);
1667 slog(st
,LOG_SEC
,"invalid MSG4");
1671 /* Setup packet: expected only in state SENTMSG4 */
1672 /* (may turn up in state RUN if our return MSG6 was lost
1673 and the new key has already been activated. In that
1674 case we discard it. The peer will realise that we
1675 are using the new key when they see our data packets.
1676 Until then the peer's data packets to us get discarded. */
1677 if (st
->state
==SITE_SENTMSG4
) {
1678 if (process_msg5(st
,buf
,source
,st
->new_transform
)) {
1679 transport_setup_msgok(st
,source
);
1680 enter_new_state(st
,SITE_RUN
);
1682 slog(st
,LOG_SEC
,"invalid MSG5");
1684 } else if (st
->state
==SITE_RUN
) {
1685 if (process_msg5(st
,buf
,source
,st
->current
.transform
)) {
1686 slog(st
,LOG_DROP
,"got MSG5, retransmitting MSG6");
1687 transport_setup_msgok(st
,source
);
1688 create_msg6(st
,st
->current
.transform
,
1689 st
->current
.remote_session_id
);
1690 transport_xmit(st
,&st
->peers
,&st
->buffer
,True
);
1691 BUF_FREE(&st
->buffer
);
1693 slog(st
,LOG_SEC
,"invalid MSG5 (in state RUN)");
1696 slog(st
,LOG_UNEXPECTED
,"unexpected MSG5");
1700 /* Setup packet: expected only in state SENTMSG5 */
1701 if (st
->state
!=SITE_SENTMSG5
) {
1702 slog(st
,LOG_UNEXPECTED
,"unexpected MSG6");
1703 } else if (process_msg6(st
,buf
,source
)) {
1704 BUF_FREE(&st
->buffer
); /* Free message 5 */
1705 transport_setup_msgok(st
,source
);
1706 activate_new_key(st
);
1708 slog(st
,LOG_SEC
,"invalid MSG6");
1712 slog(st
,LOG_SEC
,"received message of unknown type 0x%08x",
1723 static void site_control(void *vst
, bool_t run
)
1725 struct site
*st
=vst
;
1726 if (run
) enter_state_run(st
);
1727 else enter_state_stop(st
);
1730 static void site_phase_hook(void *sst
, uint32_t newphase
)
1732 struct site
*st
=sst
;
1734 /* The program is shutting down; tell our peer */
1735 send_msg7(st
,"shutting down");
1738 static list_t
*site_apply(closure_t
*self
, struct cloc loc
, dict_t
*context
,
1741 static uint32_t index_sequence
;
1747 st
=safe_malloc(sizeof(*st
),"site_apply");
1749 st
->cl
.description
="site";
1750 st
->cl
.type
=CL_SITE
;
1752 st
->cl
.interface
=&st
->ops
;
1754 st
->ops
.control
=site_control
;
1755 st
->ops
.status
=site_status
;
1757 /* First parameter must be a dict */
1758 item
=list_elem(args
,0);
1759 if (!item
|| item
->type
!=t_dict
)
1760 cfgfatal(loc
,"site","parameter must be a dictionary\n");
1762 dict
=item
->data
.dict
;
1763 st
->localname
=dict_read_string(dict
, "local-name", True
, "site", loc
);
1764 st
->remotename
=dict_read_string(dict
, "name", True
, "site", loc
);
1766 st
->peer_mobile
=dict_read_bool(dict
,"mobile",False
,"site",loc
,False
);
1767 bool_t local_mobile
=
1768 dict_read_bool(dict
,"local-mobile",False
,"site",loc
,False
);
1770 /* Sanity check (which also allows the 'sites' file to include
1771 site() closures for all sites including our own): refuse to
1772 talk to ourselves */
1773 if (strcmp(st
->localname
,st
->remotename
)==0) {
1774 Message(M_DEBUG
,"site %s: local-name==name -> ignoring this site\n",
1776 if (st
->peer_mobile
!= local_mobile
)
1777 cfgfatal(loc
,"site","site %s's peer-mobile=%d"
1778 " but our local-mobile=%d\n",
1779 st
->localname
, st
->peer_mobile
, local_mobile
);
1783 if (st
->peer_mobile
&& local_mobile
) {
1784 Message(M_WARNING
,"site %s: site is mobile but so are we"
1785 " -> ignoring this site\n", st
->remotename
);
1790 assert(index_sequence
< 0xffffffffUL
);
1791 st
->index
= ++index_sequence
;
1792 st
->local_capabilities
= 0;
1793 st
->netlink
=find_cl_if(dict
,"link",CL_NETLINK
,True
,"site",loc
);
1795 #define GET_CLOSURE_LIST(dictkey,things,nthings,CL_TYPE) do{ \
1796 list_t *things##_cfg=dict_lookup(dict,dictkey); \
1797 if (!things##_cfg) \
1798 cfgfatal(loc,"site","closure list \"%s\" not found\n",dictkey); \
1799 st->nthings=list_length(things##_cfg); \
1800 st->things=safe_malloc_ary(sizeof(*st->things),st->nthings,dictkey "s"); \
1801 assert(st->nthings); \
1802 for (i=0; i<st->nthings; i++) { \
1803 item_t *item=list_elem(things##_cfg,i); \
1804 if (item->type!=t_closure) \
1805 cfgfatal(loc,"site","%s is not a closure\n",dictkey); \
1806 closure_t *cl=item->data.closure; \
1807 if (cl->type!=CL_TYPE) \
1808 cfgfatal(loc,"site","%s closure wrong type\n",dictkey); \
1809 st->things[i]=cl->interface; \
1813 GET_CLOSURE_LIST("comm",comms
,ncomms
,CL_COMM
);
1815 st
->resolver
=find_cl_if(dict
,"resolver",CL_RESOLVER
,True
,"site",loc
);
1816 st
->log
=find_cl_if(dict
,"log",CL_LOG
,True
,"site",loc
);
1817 st
->random
=find_cl_if(dict
,"random",CL_RANDOMSRC
,True
,"site",loc
);
1819 st
->privkey
=find_cl_if(dict
,"local-key",CL_RSAPRIVKEY
,True
,"site",loc
);
1820 st
->address
=dict_read_string(dict
, "address", False
, "site", loc
);
1822 st
->remoteport
=dict_read_number(dict
,"port",True
,"site",loc
,0);
1823 else st
->remoteport
=0;
1824 st
->pubkey
=find_cl_if(dict
,"key",CL_RSAPUBKEY
,True
,"site",loc
);
1826 GET_CLOSURE_LIST("transform",transforms
,ntransforms
,CL_TRANSFORM
);
1828 st
->dh
=find_cl_if(dict
,"dh",CL_DH
,True
,"site",loc
);
1829 st
->hash
=find_cl_if(dict
,"hash",CL_HASH
,True
,"site",loc
);
1831 #define DEFAULT(D) (st->peer_mobile || local_mobile \
1832 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
1833 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
1835 st
->key_lifetime
= CFG_NUMBER("key-lifetime", KEY_LIFETIME
);
1836 st
->setup_retries
= CFG_NUMBER("setup-retries", SETUP_RETRIES
);
1837 st
->setup_retry_interval
= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL
);
1838 st
->wait_timeout
= CFG_NUMBER("wait-time", WAIT_TIME
);
1839 st
->mtu_target
= dict_read_number(dict
,"mtu-target",False
,"site",loc
,0);
1841 st
->mobile_peer_expiry
= dict_read_number(
1842 dict
,"mobile-peer-expiry",False
,"site",loc
,DEFAULT_MOBILE_PEER_EXPIRY
);
1844 st
->transport_peers_max
= !st
->peer_mobile ?
1 : dict_read_number(
1845 dict
,"mobile-peers-max",False
,"site",loc
,DEFAULT_MOBILE_PEERS_MAX
);
1846 if (st
->transport_peers_max
<1 ||
1847 st
->transport_peers_max
>=MAX_MOBILE_PEERS_MAX
) {
1848 cfgfatal(loc
,"site","mobile-peers-max must be in range 1.."
1849 STRING(MAX_MOBILE_PEERS_MAX
) "\n");
1852 if (st
->key_lifetime
< DEFAULT(KEY_RENEGOTIATE_GAP
)*2)
1853 st
->key_renegotiate_time
=st
->key_lifetime
/2;
1855 st
->key_renegotiate_time
=st
->key_lifetime
-DEFAULT(KEY_RENEGOTIATE_GAP
);
1856 st
->key_renegotiate_time
=dict_read_number(
1857 dict
,"renegotiate-time",False
,"site",loc
,st
->key_renegotiate_time
);
1858 if (st
->key_renegotiate_time
> st
->key_lifetime
) {
1859 cfgfatal(loc
,"site",
1860 "renegotiate-time must be less than key-lifetime\n");
1863 st
->log_events
=string_list_to_word(dict_lookup(dict
,"log-events"),
1864 log_event_table
,"site");
1866 st
->allow_send_prod
=0;
1868 st
->tunname
=safe_malloc(strlen(st
->localname
)+strlen(st
->remotename
)+5,
1870 sprintf(st
->tunname
,"%s<->%s",st
->localname
,st
->remotename
);
1872 /* The information we expect to see in incoming messages of type 1 */
1873 /* fixme: lots of unchecked overflows here, but the results are only
1874 corrupted packets rather than undefined behaviour */
1875 st
->setup_priority
=(strcmp(st
->localname
,st
->remotename
)>0);
1877 buffer_new(&st
->buffer
,SETUP_BUFFER_LEN
);
1879 buffer_new(&st
->scratch
,SETUP_BUFFER_LEN
);
1880 BUF_ALLOC(&st
->scratch
,"site:scratch");
1882 /* We are interested in poll(), but only for timeouts. We don't have
1883 any fds of our own. */
1884 register_for_poll(st
, site_beforepoll
, site_afterpoll
, 0, "site");
1887 st
->remote_capabilities
=0;
1888 st
->chosen_transform
=0;
1889 st
->current
.key_timeout
=0;
1890 st
->auxiliary_key
.key_timeout
=0;
1891 transport_peers_clear(st
,&st
->peers
);
1892 transport_peers_clear(st
,&st
->setup_peers
);
1893 /* XXX mlock these */
1894 st
->dhsecret
=safe_malloc(st
->dh
->len
,"site:dhsecret");
1895 st
->sharedsecretlen
=st
->sharedsecretallocd
=0;
1898 for (i
=0; i
<st
->ntransforms
; i
++) {
1899 struct transform_if
*ti
=st
->transforms
[i
];
1900 uint32_t capbit
= 1UL << ti
->capab_transformnum
;
1901 if (st
->local_capabilities
& capbit
)
1902 slog(st
,LOG_ERROR
,"transformnum capability bit"
1903 " %d (%#"PRIx32
") reused", ti
->capab_transformnum
, capbit
);
1904 st
->local_capabilities
|= capbit
;
1907 /* We need to register the remote networks with the netlink device */
1908 uint32_t netlink_mtu
; /* local virtual interface mtu */
1909 st
->netlink
->reg(st
->netlink
->st
, site_outgoing
, st
, &netlink_mtu
);
1910 if (!st
->mtu_target
)
1911 st
->mtu_target
=netlink_mtu
;
1913 for (i
=0; i
<st
->ncomms
; i
++)
1914 st
->comms
[i
]->request_notify(st
->comms
[i
]->st
, st
, site_incoming
);
1916 st
->current
.transform
=0;
1917 st
->auxiliary_key
.transform
=0;
1918 st
->new_transform
=0;
1919 st
->auxiliary_is_new
=0;
1921 enter_state_stop(st
);
1923 add_hook(PHASE_SHUTDOWN
,site_phase_hook
,st
);
1925 return new_closure(&st
->cl
);
1928 void site_module(dict_t
*dict
)
1930 add_closure(dict
,"site",site_apply
);
1934 /***** TRANSPORT PEERS definitions *****/
1936 static void transport_peers_debug(struct site
*st
, transport_peers
*dst
,
1937 const char *didwhat
,
1938 int nargs
, const struct comm_addr
*args
,
1943 if (!(st
->log_events
& LOG_PEER_ADDRS
))
1944 return; /* an optimisation */
1946 slog(st
, LOG_PEER_ADDRS
, "peers (%s) %s nargs=%d => npeers=%d",
1947 (dst
==&st
->peers ?
"data" :
1948 dst
==&st
->setup_peers ?
"setup" : "UNKNOWN"),
1949 didwhat
, nargs
, dst
->npeers
);
1951 for (i
=0, argp
=(void*)args
;
1953 i
++, (argp
+=stride?stride
:sizeof(*args
))) {
1954 const struct comm_addr
*ca
=(void*)argp
;
1955 slog(st
, LOG_PEER_ADDRS
, " args: addrs[%d]=%s",
1956 i
, comm_addr_to_string(ca
));
1958 for (i
=0; i
<dst
->npeers
; i
++) {
1959 struct timeval diff
;
1960 timersub(tv_now
,&dst
->peers
[i
].last
,&diff
);
1961 const struct comm_addr
*ca
=&dst
->peers
[i
].addr
;
1962 slog(st
, LOG_PEER_ADDRS
, " peers: addrs[%d]=%s T-%ld.%06ld",
1963 i
, comm_addr_to_string(ca
),
1964 (unsigned long)diff
.tv_sec
, (unsigned long)diff
.tv_usec
);
1968 static int transport_peer_compar(const void *av
, const void *bv
) {
1969 const transport_peer
*a
=av
;
1970 const transport_peer
*b
=bv
;
1971 /* put most recent first in the array */
1972 if (timercmp(&a
->last
, &b
->last
, <)) return +1;
1973 if (timercmp(&a
->last
, &b
->last
, >)) return -11;
1977 static void transport_peers_expire(struct site
*st
, transport_peers
*peers
) {
1978 /* peers must be sorted first */
1979 int previous_peers
=peers
->npeers
;
1980 struct timeval oldest
;
1981 oldest
.tv_sec
= tv_now
->tv_sec
- st
->mobile_peer_expiry
;
1982 oldest
.tv_usec
= tv_now
->tv_usec
;
1983 while (peers
->npeers
>1 &&
1984 timercmp(&peers
->peers
[peers
->npeers
-1].last
, &oldest
, <))
1986 if (peers
->npeers
!= previous_peers
)
1987 transport_peers_debug(st
,peers
,"expire", 0,0,0);
1990 static void transport_record_peer(struct site
*st
, transport_peers
*peers
,
1991 const struct comm_addr
*addr
, const char *m
) {
1992 int slot
, changed
=0;
1994 for (slot
=0; slot
<peers
->npeers
; slot
++)
1995 if (!memcmp(&peers
->peers
[slot
].addr
, addr
, sizeof(*addr
)))
1999 if (peers
->npeers
==st
->transport_peers_max
)
2000 slot
=st
->transport_peers_max
-1;
2002 slot
=peers
->npeers
++;
2005 peers
->peers
[slot
].addr
=*addr
;
2006 peers
->peers
[slot
].last
=*tv_now
;
2008 if (peers
->npeers
>1)
2009 qsort(peers
->peers
, peers
->npeers
,
2010 sizeof(*peers
->peers
), transport_peer_compar
);
2012 if (changed
|| peers
->npeers
!=1)
2013 transport_peers_debug(st
,peers
,m
, 1,addr
,0);
2014 transport_peers_expire(st
, peers
);
2017 static bool_t
transport_compute_setupinit_peers(struct site
*st
,
2018 const struct comm_addr
*configured_addr
/* 0 if none or not found */,
2019 const struct comm_addr
*prod_hint_addr
/* 0 if none */) {
2021 if (!configured_addr
&& !prod_hint_addr
&&
2022 !transport_peers_valid(&st
->peers
))
2025 slog(st
,LOG_SETUP_INIT
,
2026 "using:%s%s %d old peer address(es)",
2027 configured_addr ?
" configured address;" : "",
2028 prod_hint_addr ?
" PROD hint address;" : "",
2031 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
2032 * have transport_peers_max==1. The effect is that this code
2033 * always uses the configured address if supplied, or otherwise
2034 * the address of the incoming PROD, or the existing data peer if
2035 * one exists; this is as desired. */
2037 transport_peers_copy(st
,&st
->setup_peers
,&st
->peers
);
2040 transport_record_peer(st
,&st
->setup_peers
,prod_hint_addr
,"prod");
2042 if (configured_addr
)
2043 transport_record_peer(st
,&st
->setup_peers
,configured_addr
,"setupinit");
2045 assert(transport_peers_valid(&st
->setup_peers
));
2049 static void transport_setup_msgok(struct site
*st
, const struct comm_addr
*a
) {
2050 if (st
->peer_mobile
)
2051 transport_record_peer(st
,&st
->setup_peers
,a
,"setupmsg");
2053 static void transport_data_msgok(struct site
*st
, const struct comm_addr
*a
) {
2054 if (st
->peer_mobile
)
2055 transport_record_peer(st
,&st
->peers
,a
,"datamsg");
2058 static int transport_peers_valid(transport_peers
*peers
) {
2059 return peers
->npeers
;
2061 static void transport_peers_clear(struct site
*st
, transport_peers
*peers
) {
2063 transport_peers_debug(st
,peers
,"clear",0,0,0);
2065 static void transport_peers_copy(struct site
*st
, transport_peers
*dst
,
2066 const transport_peers
*src
) {
2067 dst
->npeers
=src
->npeers
;
2068 memcpy(dst
->peers
, src
->peers
, sizeof(*dst
->peers
) * dst
->npeers
);
2069 transport_peers_debug(st
,dst
,"copy",
2070 src
->npeers
, &src
->peers
->addr
, sizeof(*src
->peers
));
2073 void transport_xmit(struct site
*st
, transport_peers
*peers
,
2074 struct buffer_if
*buf
, bool_t candebug
) {
2076 transport_peers_expire(st
, peers
);
2077 for (slot
=0; slot
<peers
->npeers
; slot
++) {
2078 transport_peer
*peer
=&peers
->peers
[slot
];
2080 dump_packet(st
, buf
, &peer
->addr
, False
);
2081 peer
->addr
.comm
->sendmsg(peer
->addr
.comm
->st
, buf
, &peer
->addr
);
2085 /***** END of transport peers declarations *****/