It is better for the mobile peer to win the key setup priority
battle. That makes handling the transport address implications,
particularly those of the MSG1, easier.
Since both ends must agree on who has priority, this must be
negotiated. We use a capability bit for this. Since the decision is
taken when we have only seen each other's MSG1, it must be an early
capability. For compatibility with ancient (and security-buggy)
secnets, we can avoid advertising it if neither end is mobile.
In practice, in my tests, this change avoids a spurious key setup
failure when my laptop's secnet is restarted: the new secnet gets a
new NATted address, but the server has priority and insists on talking
to the old address.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
v2: Document in NOTES following rebase over
"NOTES: Describe the current allocation of capability bits."
bits 10 to 15 are reserved for future expansion. The the low eight bits
are reserved for local use, e.g., to allow migration from one set of
parameters for a particular transform to a different, incompatible set
bits 10 to 15 are reserved for future expansion. The the low eight bits
are reserved for local use, e.g., to allow migration from one set of
parameters for a particular transform to a different, incompatible set
-of parameters for the same transform. The high 16 bits have not yet
-been assigned a purpose.
+of parameters for the same transform. Bit 31, if advertised by both
+ends, indicates that a mobile end gets priority in case of crossed MSG1.
+The remaining bits have not yet been assigned a purpose.
No early capability bits are currently defined.
No early capability bits are currently defined.
#define LABEL_PROD 0x0a0a0a0a
/* uses of the 32-bit capability bitmap */
#define LABEL_PROD 0x0a0a0a0a
/* uses of the 32-bit capability bitmap */
-#define CAPAB_EARLY 0x00000000 /* no Early flags yet (see NOTES) */
+#define CAPAB_EARLY CAPAB_PRIORITY_MOBILE
#define CAPAB_TRANSFORM_MASK 0x0000ffff
#define CAPAB_TRANSFORM_MASK 0x0000ffff
-/* remaining 16 bits are unused */
+#define CAPAB_PRIORITY_MOBILE 0x80000000 /* mobile site has MSG1 priority */
+/* remaining bits are unused */
/*
* The transform capability mask is a set of bits, one for each
/*
* The transform capability mask is a set of bits, one for each
}
static bool_t we_have_priority(struct site *st, const struct msg *m) {
}
static bool_t we_have_priority(struct site *st, const struct msg *m) {
+ if ((st->local_capabilities & m->remote_capabilities)
+ && CAPAB_PRIORITY_MOBILE) {
+ if (st->local_mobile) return True;
+ if (st-> peer_mobile) return False;
+ }
return st->our_name_later;
}
return st->our_name_later;
}
st->local_capabilities |= capbit;
}
st->local_capabilities |= capbit;
}
+ if (st->local_mobile || st->peer_mobile)
+ st->local_capabilities |= CAPAB_PRIORITY_MOBILE;
+
/* We need to register the remote networks with the netlink device */
uint32_t netlink_mtu; /* local virtual interface mtu */
st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);
/* We need to register the remote networks with the netlink device */
uint32_t netlink_mtu; /* local virtual interface mtu */
st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);