X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/cb160b861b8b4f5798eb669f72bd8430eff05009..f8950c27dbaa98501a64cc3bdb98657c64641c4e:/server/peer.c diff --git a/server/peer.c b/server/peer.c index 06dd33db..34bfb6c4 100644 --- a/server/peer.c +++ b/server/peer.c @@ -9,30 +9,32 @@ * * This file is part of Trivial IP Encryption (TrIPE). * - * TrIPE is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * TrIPE is free software: you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your + * option) any later version. * - * TrIPE is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * TrIPE is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. * * You should have received a copy of the GNU General Public License - * along with TrIPE; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * along with TrIPE. If not, see . */ /*----- Header files ------------------------------------------------------*/ #include "tripe.h" +/*----- Global state ------------------------------------------------------*/ + +sel_file udpsock[NADDRFAM]; + /*----- Static variables --------------------------------------------------*/ static sym_table byname; static addrmap byaddr; -static sel_file sock; static unsigned nmobile; /*----- Tunnel table ------------------------------------------------------*/ @@ -167,6 +169,54 @@ static int p_encrypt(peer *p, int ty, buf *bin, buf *bout) return (err); } +/* --- @p_updateaddr@ --- * + * + * Arguments: @peer *p@ = pointer to peer block + * @const addr *a@ = address to associate with this peer + * + * Returns: Zero if the address was changed; @+1@ if it was already + * right. + * + * Use: Updates our idea of @p@'s address. + */ + +int p_updateaddr(peer *p, const addr *a) +{ + peer *q; + peer_byaddr *pa, *qa; + int ix; + unsigned f; + + /* --- Figure out how to proceed --- * + * + * If this address already belongs to a different peer, then swap the + * addresses over. This doesn't leave the displaced peer in an especially + * good state, but it ought to get sorted out soon enough. + */ + + pa = am_find(&byaddr, a, sizeof(peer_byaddr), &f); + if (f && pa->p == p) + return (+1); + else if (!f) { + T( trace(T_PEER, "peer: updating address for `%s'", p_name(p)); ) + am_remove(&byaddr, p->byaddr); + p->byaddr = pa; p->spec.sa = *a; pa->p = p; + p->afix = afix(p->spec.sa.sa.sa_family); assert(p->afix >= 0); + a_notify("NEWADDR", "?PEER", p, "?ADDR", a, A_END); + return (0); + } else { + q = pa->p; qa = p->byaddr; + T( trace(T_PEER, "peer: swapping addresses for `%s' and `%s'", + p_name(p), p_name(q)); ) + q->byaddr = qa; qa->p = q; q->spec.sa = p->spec.sa; + p->byaddr = pa; pa->p = p; p->spec.sa = *a; + ix = p->afix; p->afix = q->afix; q->afix = ix; + a_notify("NEWADDR", "?PEER", p, "?ADDR", a, A_END); + a_notify("NEWADDR", "?PEER", q, "?ADDR", &q->spec.sa, A_END); + return (0); + } +} + /* --- @p_decrypt@ --- * * * Arguments: @peer **pp@ = pointer to peer to decrypt message from @@ -189,9 +239,7 @@ static int p_decrypt(peer **pp, addr *a, size_t n, int ty, buf *bin, buf *bout) { peer *p, *q; - peer_byaddr *pa, *qa; int err = KSERR_DECRYPT; - unsigned f; /* --- If we have a match on the source address then try that first --- */ @@ -249,33 +297,11 @@ searched: return (-1); } - /* --- We found one that accepted, so update the peer's address --- * - * - * If we had an initial guess of which peer this packet came from -- i.e., - * @q@ is not null -- then swap the addresses over. This doesn't leave the - * evicted peer in an especially good state, but it ought to get sorted out - * soon enough. - */ + /* --- We found one that accepted, so update the peer's address --- */ if (!err) { *pp = p; - if (!q) { - T( trace(T_PEER, "peer: updating address for `%s'", p_name(p)); ) - pa = am_find(&byaddr, a, sizeof(peer_byaddr), &f); assert(!f); - am_remove(&byaddr, p->byaddr); - p->byaddr = pa; - pa->p = p; - p->spec.sa = *a; - a_notify("NEWADDR", "?PEER", p, "?ADDR", a, A_END); - } else { - T( trace(T_PEER, "peer: swapping addresses for `%s' and `%s'", - p_name(p), p_name(q)); ) - pa = p->byaddr; qa = q->byaddr; - pa->p = q; q->byaddr = pa; q->spec.sa = p->spec.sa; - qa->p = p; p->byaddr = qa; p->spec.sa = *a; - a_notify("NEWADDR", "?PEER", p, "?ADDR", a, A_END); - a_notify("NEWADDR", "?PEER", q, "?ADDR", &q->spec.sa, A_END); - } + p_updateaddr(p, a); } match: @@ -310,24 +336,32 @@ static void p_read(int fd, unsigned mode, void *v) ssize_t n; int ch; buf b, bb; +#ifndef NTRACE + int ix = -1; + char name[NI_MAXHOST], svc[NI_MAXSERV]; +#endif /* --- Read the data --- */ - TIMER; + QUICKRAND; sz = sizeof(addr); n = recvfrom(fd, buf_i, sizeof(buf_i), 0, &a.sa, &sz); if (n < 0) { a_warn("PEER", "-", "socket-read-error", "?ERRNO", A_END); return; } + IF_TRACING(T_PEER, { + ix = afix(a.sa.sa_family); + getnameinfo(&a.sa, sz, name, sizeof(name), svc, sizeof(svc), + NI_NUMERICHOST | NI_NUMERICSERV); + }) /* --- If the packet is a greeting, don't check peers --- */ if (n && buf_i[0] == (MSG_MISC | MISC_GREET)) { IF_TRACING(T_PEER, { - trace(T_PEER, "peer: greeting received from INET %s %u", - inet_ntoa(a.sin.sin_addr), - (unsigned)ntohs(a.sin.sin_port)); + trace(T_PEER, "peer: greeting received from %s %s %s", + aftab[ix].name, name, svc); trace_block(T_PACKET, "peer: greeting contents", buf_i, n); }) buf_init(&b, buf_i, n); @@ -353,11 +387,11 @@ static void p_read(int fd, unsigned mode, void *v) IF_TRACING(T_PEER, { if (p) { trace(T_PEER, - "peer: packet received from `%s' from address INET %s %d", - p_name(p), inet_ntoa(a.sin.sin_addr), ntohs(a.sin.sin_port)); + "peer: packet received from `%s' from address %s %s %s", + p_name(p), aftab[ix].name, name, svc); } else { - trace(T_PEER, "peer: packet received from unknown address INET %s %d", - inet_ntoa(a.sin.sin_addr), ntohs(a.sin.sin_port)); + trace(T_PEER, "peer: packet received from unknown address %s %s %s", + aftab[ix].name, name, svc); } trace_block(T_PACKET, "peer: packet contents", buf_i, n); }) @@ -482,14 +516,16 @@ static void p_setkatimer(peer *); static int p_dotxend(peer *p) { + socklen_t sasz = addrsz(&p->spec.sa); + if (!BOK(&p->b)) { a_warn("PEER", "?PEER", p, "packet-build-failed", A_END); return (0); } IF_TRACING(T_PEER, trace_block(T_PACKET, "peer: sending packet", BBASE(&p->b), BLEN(&p->b)); ) - if (sendto(sock.fd, BBASE(&p->b), BLEN(&p->b), - 0, &p->spec.sa.sa, p->spec.sasz) < 0) { + if (sendto(udpsock[p->afix].fd, BBASE(&p->b), BLEN(&p->b), + 0, &p->spec.sa.sa, sasz) < 0) { a_warn("PEER", "?PEER", p, "socket-write-error", "?ERRNO", A_END); return (0); } else { @@ -658,7 +694,7 @@ void p_tun(peer *p, buf *b) { buf *bb = p_txstart(p, MSG_PACKET); - TIMER; + QUICKRAND; p_encrypt(p, MSG_PACKET, b, bb); if (BOK(bb) && BLEN(bb)) { p->st.n_ipout++; @@ -744,45 +780,62 @@ const addr *p_addr(peer *p) { return (&p->spec.sa); } /* --- @p_init@ --- * * - * Arguments: @struct in_addr addr@ = address to bind to - * @unsigned port@ = port number to listen to + * Arguments: @struct addrinfo *ailist@ = addresses to bind to * * Returns: --- * * Use: Initializes the peer system; creates the socket. */ -void p_init(struct in_addr addr, unsigned port) +void p_init(struct addrinfo *ailist) { int fd; - struct sockaddr_in sin; int len = PKBUFSZ; + int i; + struct addrinfo *ai; + unsigned port, lastport = 0; + addr a; + socklen_t sz; - /* --- Note on socket buffer sizes --- * - * - * For some bizarre reason, Linux 2.2 (at least) doubles the socket buffer - * sizes I pass to @setsockopt@. I'm not putting special-case code here - * for Linux: BSD (at least TCPv2) does what I tell it rather than second- - * guessing me. - */ - - if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0) - die(EXIT_FAILURE, "socket creation failed: %s", strerror(errno)); - BURN(sin); - sin.sin_family = AF_INET; - sin.sin_addr = addr; - sin.sin_port = htons(port); - if (bind(fd, (struct sockaddr *)&sin, sizeof(sin))) - die(EXIT_FAILURE, "bind failed: %s", strerror(errno)); - if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len, sizeof(len)) || - setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &len, sizeof(len))) { - die(EXIT_FAILURE, "failed to set socket buffer sizes: %s", - strerror(errno)); + for (i = 0; i < NADDRFAM; i++) udpsock[i].fd = -1; + + for (ai = ailist; ai; ai = ai->ai_next) { + if ((i = afix(ai->ai_family)) < 0) continue; + if (udpsock[i].fd != -1) continue; + + /* --- Note on socket buffer sizes --- * + * + * For some bizarre reason, Linux 2.2 (at least) doubles the socket + * buffer sizes I pass to @setsockopt@. I'm not putting special-case + * code here for Linux: BSD (at least TCPv2) does what I tell it rather + * than second-guessing me. + */ + + if ((fd = socket(ai->ai_family, SOCK_DGRAM, 0)) < 0) + die(EXIT_FAILURE, "socket creation failed: %s", strerror(errno)); + assert(ai->ai_addrlen <= sizeof(a)); + memcpy(&a, ai->ai_addr, ai->ai_addrlen); + if ((port = getport(&a)) == 0 && lastport) setport(&a, lastport); + if (bind(fd, &a.sa, addrsz(&a))) + die(EXIT_FAILURE, "bind failed: %s", strerror(errno)); + if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len, sizeof(len)) || + setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &len, sizeof(len))) { + die(EXIT_FAILURE, "failed to set socket buffer sizes: %s", + strerror(errno)); + } + fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); + sel_initfile(&sel, &udpsock[i], fd, SEL_READ, p_read, 0); + sel_addfile(&udpsock[i]); + T( trace(T_PEER, "peer: created %s socket", aftab[i].name); ) + if (!port) { + sz = sizeof(a); + if (getsockname(fd, &a.sa, &sz)) { + die(EXIT_FAILURE, "failed to read local socket address: %s", + strerror(errno)); + } + lastport = getport(&a); + } } - fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); - sel_initfile(&sel, &sock, fd, SEL_READ, p_read, 0); - sel_addfile(&sock); - T( trace(T_PEER, "peer: created socket"); ) sym_create(&byname); am_create(&byaddr); @@ -790,20 +843,19 @@ void p_init(struct in_addr addr, unsigned port) /* --- @p_port@ --- * * - * Arguments: --- + * Arguments: @int i@ = address family index to retrieve * * Returns: Port number used for socket. */ -unsigned p_port(void) +unsigned p_port(int i) { addr a; socklen_t sz = sizeof(addr); - if (getsockname(sock.fd, &a.sa, &sz)) + if (getsockname(udpsock[i].fd, &a.sa, &sz)) die(EXIT_FAILURE, "couldn't read port number: %s", strerror(errno)); - assert(a.sa.sa_family == AF_INET); - return (ntohs(a.sin.sin_port)); + return (getport(&a)); } /* --- @p_keepalive@ --- * @@ -876,6 +928,7 @@ peer *p_create(peerspec *spec) p->ks = 0; p->pings = 0; p->ifname = 0; + p->afix = afix(p->spec.sa.sa.sa_family); assert(p->afix >= 0); memset(&p->st, 0, sizeof(stats)); p->st.t_start = time(0); if (!(tops->flags & TUNF_PRIVOPEN))