From b2de6bd2d9b5e9047a660e926c4adb17da54fc29 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Wed, 15 May 2019 22:42:10 +0100 Subject: [PATCH] polypath asymmetric routing: Priority to mobile sites It is better for the mobile peer to win the key setup priority battle. That makes handling the transport address implications, particularly those of the MSG1, easier. Since both ends must agree on who has priority, this must be negotiated. We use a capability bit for this. Since the decision is taken when we have only seen each other's MSG1, it must be an early capability. For compatibility with ancient (and security-buggy) secnets, we can avoid advertising it if neither end is mobile. In practice, in my tests, this change avoids a spurious key setup failure when my laptop's secnet is restarted: the new secnet gets a new NATted address, but the server has priority and insists on talking to the old address. Signed-off-by: Ian Jackson --- v2: Document in NOTES following rebase over "NOTES: Describe the current allocation of capability bits." --- NOTES | 5 +++-- magic.h | 5 +++-- site.c | 8 ++++++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/NOTES b/NOTES index f827d80..840f06f 100644 --- a/NOTES +++ b/NOTES @@ -225,8 +225,9 @@ original CBCMAC-based transform, and bit 9 for the new EAX transform; bits 10 to 15 are reserved for future expansion. The the low eight bits are reserved for local use, e.g., to allow migration from one set of parameters for a particular transform to a different, incompatible set -of parameters for the same transform. The high 16 bits have not yet -been assigned a purpose. +of parameters for the same transform. Bit 31, if advertised by both +ends, indicates that a mobile end gets priority in case of crossed MSG1. +The remaining bits have not yet been assigned a purpose. No early capability bits are currently defined. diff --git a/magic.h b/magic.h index 4fe83f3..4389d54 100644 --- a/magic.h +++ b/magic.h @@ -36,9 +36,10 @@ #define LABEL_PROD 0x0a0a0a0a /* uses of the 32-bit capability bitmap */ -#define CAPAB_EARLY 0x00000000 /* no Early flags yet (see NOTES) */ +#define CAPAB_EARLY CAPAB_PRIORITY_MOBILE #define CAPAB_TRANSFORM_MASK 0x0000ffff -/* remaining 16 bits are unused */ +#define CAPAB_PRIORITY_MOBILE 0x80000000 /* mobile site has MSG1 priority */ +/* remaining bits are unused */ /* * The transform capability mask is a set of bits, one for each diff --git a/site.c b/site.c index 90ad2c5..db14523 100644 --- a/site.c +++ b/site.c @@ -1756,6 +1756,11 @@ static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in, } static bool_t we_have_priority(struct site *st, const struct msg *m) { + if ((st->local_capabilities & m->remote_capabilities) + && CAPAB_PRIORITY_MOBILE) { + if (st->local_mobile) return True; + if (st-> peer_mobile) return False; + } return st->our_name_later; } @@ -2165,6 +2170,9 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, st->local_capabilities |= capbit; } + if (st->local_mobile || st->peer_mobile) + st->local_capabilities |= CAPAB_PRIORITY_MOBILE; + /* We need to register the remote networks with the netlink device */ uint32_t netlink_mtu; /* local virtual interface mtu */ st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu); -- 2.30.2