X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=site.c;h=8223fb3f81d678e228cd606aeb5d65aa7c92a609;hp=6101b2bd32f54b5f0d9d842cb14446762d9a87e0;hb=8dea8d37a13fcc615daba3375809900f04a2e5a2;hpb=9d3a4132788b198345116624761c12ed7bc936b6 diff --git a/site.c b/site.c index 6101b2b..8223fb3 100644 --- a/site.c +++ b/site.c @@ -7,6 +7,7 @@ #include #include "util.h" +#include "ipaddr.h" #include "unaligned.h" #define SETUP_BUFFER_LEN 2048 @@ -15,7 +16,7 @@ #define DEFAULT_KEY_RENEGOTIATE_GAP 300000 /* Five minutes */ #define DEFAULT_SETUP_RETRIES 5 #define DEFAULT_SETUP_TIMEOUT 1000 -#define DEFAULT_WAIT_TIME 10000 +#define DEFAULT_WAIT_TIME 20000 /* Each site can be in one of several possible states. */ @@ -64,23 +65,21 @@ #define SITE_SENTMSG5 7 #define SITE_WAIT 8 -#if 0 static string_t state_name(uint32_t state) { switch (state) { - case 0: return "SITE_STOP"; - case 1: return "SITE_RUN"; - case 2: return "SITE_RESOLVE"; - case 3: return "SITE_SENTMSG1"; - case 4: return "SITE_SENTMSG2"; - case 5: return "SITE_SENTMSG3"; - case 6: return "SITE_SENTMSG4"; - case 7: return "SITE_SENTMSG5"; - case 8: return "SITE_WAIT"; + case 0: return "STOP"; + case 1: return "RUN"; + case 2: return "RESOLVE"; + case 3: return "SENTMSG1"; + case 4: return "SENTMSG2"; + case 5: return "SENTMSG3"; + case 6: return "SENTMSG4"; + case 7: return "SENTMSG5"; + case 8: return "WAIT"; default: return "*bad state*"; } } -#endif /* 0 */ #define LABEL_MSG0 0x00020200 #define LABEL_MSG1 0x01010101 @@ -121,6 +120,12 @@ static struct flagstr log_event_table[]={ { NULL, 0 } }; +static struct flagstr netlink_option_table[]={ + { "soft", NETLINK_OPTION_SOFTROUTE }, + { "allow-route", NETLINK_OPTION_ALLOW_ROUTE }, + { NULL, 0} +}; + struct site { closure_t cl; struct site_if ops; @@ -190,12 +195,27 @@ static void slog(struct site *st, uint32_t event, string_t msg, ...) { va_list ap; uint8_t buf[240]; + uint32_t class; va_start(ap,msg); if (event&st->log_events) { + switch(event) { + case LOG_UNEXPECTED: class=M_INFO; break; + case LOG_SETUP_INIT: class=M_INFO; break; + case LOG_SETUP_TIMEOUT: class=M_NOTICE; break; + case LOG_ACTIVATE_KEY: class=M_INFO; break; + case LOG_TIMEOUT_KEY: class=M_INFO; break; + case LOG_SEC: class=M_SECURITY; break; + case LOG_STATE: class=M_DEBUG; break; + case LOG_DROP: class=M_DEBUG; break; + case LOG_DUMP: class=M_DEBUG; break; + case LOG_ERROR: class=M_ERROR; break; + default: class=M_ERROR; break; + } + vsnprintf(buf,240,msg,ap); - st->log->log(st->log->st,0,"%s: %s",st->tunname,buf); + st->log->log(st->log->st,class,"%s: %s",st->tunname,buf); } va_end(ap); } @@ -609,7 +629,7 @@ static bool_t process_msg0(struct site *st, struct buffer_if *msg0, msg0,&transform_err)) { /* There's a problem */ slog(st,LOG_SEC,"transform: %s",transform_err); - return False; + return initiate_key_setup(st); } CHECK_AVAIL(msg0,4); type=buf_unprepend_uint32(msg0); @@ -634,7 +654,7 @@ static void dump_packet(struct site *st, struct buffer_if *buf, uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8)); if (st->log_events & LOG_DUMP) - log(st->log,0,"%s: %s: %08x<-%08x: %08x:", + log(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:", st->tunname,incoming?"incoming":"outgoing", dest,source,msgtype); } @@ -653,7 +673,8 @@ static bool_t send_msg(struct site *st) st->retries--; return True; } else { - slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet"); + slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet " + "(in state %s)",state_name(st->state)); enter_state_wait(st); return False; } @@ -1121,6 +1142,7 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, struct site *st; item_t *item; dict_t *dict; + uint32_t netlink_options; st=safe_malloc(sizeof(*st),"site_apply"); @@ -1144,7 +1166,7 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, site() closures for all sites including our own): refuse to talk to ourselves */ if (strcmp(st->localname,st->remotename)==0) { - Message(M_INFO,"site %s: local-name==name -> ignoring this site\n", + Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n", st->localname); free(st); return NULL; @@ -1156,9 +1178,10 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc); st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc); - st->remoteport=dict_read_number(dict,"port",True,"site",loc,0); - st->address=dict_read_string(dict, "address", False, "site", loc); + if (st->address) + st->remoteport=dict_read_number(dict,"port",True,"site",loc,0); + else st->remoteport=0; dict_read_subnet_list(dict, "networks", True, "site", loc, &st->remotenets); st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc); @@ -1193,12 +1216,14 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, st->log_events=string_list_to_word(dict_lookup(dict,"log-events"), log_event_table,"site"); + netlink_options=string_list_to_word(dict_lookup(dict,"netlink-options"), + netlink_option_table,"site"); + st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5, "site_apply"); sprintf(st->tunname,"%s<->%s",st->localname,st->remotename); /* The information we expect to see in incoming messages of type 1 */ - /* XXX fix this bit for unaligned access */ st->setupsiglen=strlen(st->remotename)+strlen(st->localname)+8; st->setupsig=safe_malloc(st->setupsiglen,"site_apply"); put_uint32(st->setupsig+0,LABEL_MSG1); @@ -1228,7 +1253,7 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, site_outgoing, st, st->transform->max_start_pad+(4*4), st->transform->max_end_pad, - (st->address!=NULL), st->tunname); + netlink_options, st->tunname); if (!st->netlink_cid) { Message(M_WARNING,"%s: netlink device did not let us register " "our remote networks. This site will not start.\n",