1 /* site.c - manage communication with a remote network site */
3 /* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
12 /* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
21 #include <sys/socket.h>
25 #include "unaligned.h"
28 #define SETUP_BUFFER_LEN 2048
30 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
32 #define DEFAULT_SETUP_RETRIES 5
33 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
36 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38 #define DEFAULT_MOBILE_SETUP_RETRIES 30
39 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
42 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43 #define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
45 /* Each site can be in one of several possible states. */
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
84 #define SITE_RESOLVE 2
85 #define SITE_SENTMSG1 3
86 #define SITE_SENTMSG2 4
87 #define SITE_SENTMSG3 5
88 #define SITE_SENTMSG4 6
89 #define SITE_SENTMSG5 7
92 static cstring_t state_name(uint32_t state)
95 case 0: return "STOP";
97 case 2: return "RESOLVE";
98 case 3: return "SENTMSG1";
99 case 4: return "SENTMSG2";
100 case 5: return "SENTMSG3";
101 case 6: return "SENTMSG4";
102 case 7: return "SENTMSG5";
103 case 8: return "WAIT";
104 default: return "*bad state*";
110 #define LOG_UNEXPECTED 0x00000001
111 #define LOG_SETUP_INIT 0x00000002
112 #define LOG_SETUP_TIMEOUT 0x00000004
113 #define LOG_ACTIVATE_KEY 0x00000008
114 #define LOG_TIMEOUT_KEY 0x00000010
115 #define LOG_SEC 0x00000020
116 #define LOG_STATE 0x00000040
117 #define LOG_DROP 0x00000080
118 #define LOG_DUMP 0x00000100
119 #define LOG_ERROR 0x00000400
120 #define LOG_PEER_ADDRS 0x00000800
122 static struct flagstr log_event_table[]={
123 { "unexpected", LOG_UNEXPECTED },
124 { "setup-init", LOG_SETUP_INIT },
125 { "setup-timeout", LOG_SETUP_TIMEOUT },
126 { "activate-key", LOG_ACTIVATE_KEY },
127 { "timeout-key", LOG_TIMEOUT_KEY },
128 { "security", LOG_SEC },
129 { "state-change", LOG_STATE },
130 { "packet-drop", LOG_DROP },
131 { "dump-packets", LOG_DUMP },
132 { "errors", LOG_ERROR },
133 { "peer-addrs", LOG_PEER_ADDRS },
134 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
135 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
136 { "all", 0xffffffff },
141 /***** TRANSPORT PEERS declarations *****/
143 /* Details of "mobile peer" semantics:
145 - We record mobile_peers_max peer address/port numbers ("peers")
146 for key setup, and separately mobile_peers_max for data
147 transfer. If these lists fill up, we retain the newest peers.
148 (For non-mobile peers we only record one of each.)
150 - Outgoing packets are sent to every recorded peer in the
153 - Data transfer peers are straightforward: whenever we successfully
154 process a data packet, we record the peer. Also, whenever we
155 successfully complete a key setup, we merge the key setup
156 peers into the data transfer peers.
158 (For "non-mobile" peers we simply copy the peer used for
159 successful key setup, and don't change the peer otherwise.)
161 - Key setup peers are slightly more complicated.
163 Whenever we receive and successfully process a key exchange
164 packet, we record the peer.
166 Whenever we try to initiate a key setup, we copy the list of data
167 transfer peers and use it for key setup. But we also look to see
168 if the config supplies an address and port number and if so we
169 add that as a key setup peer (possibly evicting one of the data
170 transfer peers we just copied).
172 (For "non-mobile" peers, if we if we have a configured peer
173 address and port, we always use that; otherwise if we have a
174 current data peer address we use that; otherwise we do not
175 attempt to initiate a key setup for lack of a peer address.)
177 "Record the peer" means
178 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
179 2. add the peer of the just received packet to the applicable list
180 (possibly evicting older entries)
181 NB that we do not expire peers until an incoming packet arrives.
185 #define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
189 struct comm_addr addr;
193 /* configuration information */
194 /* runtime information */
196 transport_peer peers[MAX_MOBILE_PEERS_MAX];
199 static void transport_peers_clear(struct site *st, transport_peers *peers);
200 static int transport_peers_valid(transport_peers *peers);
201 static void transport_peers_copy(struct site *st, transport_peers *dst,
202 const transport_peers *src);
204 static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
205 static void transport_data_msgok(struct site *st, const struct comm_addr *a);
206 static bool_t transport_compute_setupinit_peers(struct site *st,
207 const struct comm_addr *configured_addr /* 0 if none or not found */);
208 static void transport_record_peer(struct site *st, transport_peers *peers,
209 const struct comm_addr *addr, const char *m);
211 static void transport_xmit(struct site *st, transport_peers *peers,
212 struct buffer_if *buf, bool_t candebug);
214 /***** END of transport peers declarations *****/
218 struct transform_inst_if *transform;
219 uint64_t key_timeout; /* End of life of current key */
220 uint32_t remote_session_id;
226 /* configuration information */
229 bool_t peer_mobile; /* Mobile client support */
230 int32_t transport_peers_max;
231 string_t tunname; /* localname<->remotename by default, used in logs */
232 string_t address; /* DNS name for bootstrapping, optional */
233 int remoteport; /* Port for bootstrapping, optional */
234 struct netlink_if *netlink;
235 struct comm_if **comms;
237 struct resolver_if *resolver;
239 struct random_if *random;
240 struct rsaprivkey_if *privkey;
241 struct rsapubkey_if *pubkey;
242 struct transform_if *transform;
244 struct hash_if *hash;
246 uint32_t index; /* Index of this site */
247 int32_t setup_retries; /* How many times to send setup packets */
248 int32_t setup_retry_interval; /* Initial timeout for setup packets */
249 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
250 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
251 int32_t key_lifetime; /* How long a key lasts once set up */
252 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
253 after this time, initiate a new
256 uint8_t *setupsig; /* Expected signature of incoming MSG1 packets */
257 int32_t setupsiglen; /* Allows us to discard packets quickly if
258 they are not for us */
259 bool_t setup_priority; /* Do we have precedence if both sites emit
260 message 1 simultaneously? */
263 /* runtime information */
265 uint64_t now; /* Most recently seen time */
267 /* The currently established session */
268 struct data_key current;
269 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
270 transport_peers peers; /* Current address(es) of peer for data traffic */
272 /* The current key setup protocol exchange. We can only be
273 involved in one of these at a time. There's a potential for
274 denial of service here (the attacker keeps sending a setup
275 packet; we keep trying to continue the exchange, and have to
276 timeout before we can listen for another setup packet); perhaps
277 we should keep a list of 'bad' sources for setup packets. */
278 uint32_t setup_session_id;
279 transport_peers setup_peers;
280 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
281 uint8_t remoteN[NONCELEN];
282 struct buffer_if buffer; /* Current outgoing key exchange packet */
283 struct buffer_if scratch;
284 int32_t retries; /* Number of retries remaining */
285 uint64_t timeout; /* Timeout for current state */
287 uint8_t *sharedsecret;
288 struct transform_inst_if *new_transform; /* For key setup/verify */
291 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
299 if (event&st->log_events) {
301 case LOG_UNEXPECTED: class=M_INFO; break;
302 case LOG_SETUP_INIT: class=M_INFO; break;
303 case LOG_SETUP_TIMEOUT: class=M_NOTICE; break;
304 case LOG_ACTIVATE_KEY: class=M_INFO; break;
305 case LOG_TIMEOUT_KEY: class=M_INFO; break;
306 case LOG_SEC: class=M_SECURITY; break;
307 case LOG_STATE: class=M_DEBUG; break;
308 case LOG_DROP: class=M_DEBUG; break;
309 case LOG_DUMP: class=M_DEBUG; break;
310 case LOG_ERROR: class=M_ERR; break;
311 case LOG_PEER_ADDRS: class=M_DEBUG; break;
312 default: class=M_ERR; break;
315 vsnprintf(buf,sizeof(buf),msg,ap);
316 st->log->log(st->log->st,class,"%s: %s",st->tunname,buf);
321 static void set_link_quality(struct site *st);
322 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
323 static void delete_one_key(struct site *st, struct data_key *key,
324 const char *reason /* may be 0 meaning don't log*/,
325 const char *which /* ignored if !reasonn */,
326 uint32_t loglevel /* ignored if !reasonn */);
327 static bool_t initiate_key_setup(struct site *st, cstring_t reason);
328 static void enter_state_run(struct site *st);
329 static bool_t enter_state_resolve(struct site *st);
330 static bool_t enter_new_state(struct site *st,uint32_t next);
331 static void enter_state_wait(struct site *st);
332 static void activate_new_key(struct site *st);
334 static bool_t current_valid(struct site *st)
336 return st->current.transform->valid(st->current.transform->st);
339 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
340 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
341 #define CHECK_TYPE(b,t) do { uint32_t type; \
342 CHECK_AVAIL((b),4); \
343 type=buf_unprepend_uint32((b)); \
344 if (type!=(t)) return False; } while(0)
363 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
364 out using a transform of config data supplied by netlink */
365 static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
371 st->retries=st->setup_retries;
372 BUF_ALLOC(&st->buffer,what);
373 buffer_init(&st->buffer,0);
374 buf_append_uint32(&st->buffer,
375 (type==LABEL_MSG1?0:st->setup_session_id));
376 buf_append_uint32(&st->buffer,st->index);
377 buf_append_uint32(&st->buffer,type);
378 buf_append_string(&st->buffer,st->localname);
379 buf_append_string(&st->buffer,st->remotename);
380 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
381 if (type==LABEL_MSG1) return True;
382 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
383 if (type==LABEL_MSG2) return True;
385 if (hacky_par_mid_failnow()) return False;
387 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
388 buf_append_string(&st->buffer,dhpub);
390 hash=safe_malloc(st->hash->len, "generate_msg");
391 hst=st->hash->init();
392 st->hash->update(hst,st->buffer.start,st->buffer.size);
393 st->hash->final(hst,hash);
394 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
395 buf_append_string(&st->buffer,sig);
401 static bool_t unpick_msg(struct site *st, uint32_t type,
402 struct buffer_if *msg, struct msg *m)
404 m->hashstart=msg->start;
406 m->dest=buf_unprepend_uint32(msg);
408 m->source=buf_unprepend_uint32(msg);
409 CHECK_TYPE(msg,type);
411 m->remlen=buf_unprepend_uint16(msg);
412 CHECK_AVAIL(msg,m->remlen);
413 m->remote=buf_unprepend(msg,m->remlen);
415 m->loclen=buf_unprepend_uint16(msg);
416 CHECK_AVAIL(msg,m->loclen);
417 m->local=buf_unprepend(msg,m->loclen);
418 CHECK_AVAIL(msg,NONCELEN);
419 m->nR=buf_unprepend(msg,NONCELEN);
420 if (type==LABEL_MSG1) {
424 CHECK_AVAIL(msg,NONCELEN);
425 m->nL=buf_unprepend(msg,NONCELEN);
426 if (type==LABEL_MSG2) {
431 m->pklen=buf_unprepend_uint16(msg);
432 CHECK_AVAIL(msg,m->pklen);
433 m->pk=buf_unprepend(msg,m->pklen);
434 m->hashlen=msg->start-m->hashstart;
436 m->siglen=buf_unprepend_uint16(msg);
437 CHECK_AVAIL(msg,m->siglen);
438 m->sig=buf_unprepend(msg,m->siglen);
443 static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
446 if (type==LABEL_MSG1) return True;
448 /* Check that the site names and our nonce have been sent
449 back correctly, and then store our peer's nonce. */
450 if (memcmp(m->remote,st->remotename,strlen(st->remotename)!=0)) {
451 *error="wrong remote site name";
454 if (memcmp(m->local,st->localname,strlen(st->localname)!=0)) {
455 *error="wrong local site name";
458 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
459 *error="wrong locally-generated nonce";
462 if (type==LABEL_MSG2) return True;
463 if (memcmp(m->nR,st->remoteN,NONCELEN)!=0) {
464 *error="wrong remotely-generated nonce";
467 if (type==LABEL_MSG3) return True;
468 if (type==LABEL_MSG4) return True;
469 *error="unknown message type";
473 static bool_t generate_msg1(struct site *st)
475 st->random->generate(st->random->st,NONCELEN,st->localN);
476 return generate_msg(st,LABEL_MSG1,"site:MSG1");
479 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
480 const struct comm_addr *src)
484 /* We've already determined we're in an appropriate state to
485 process an incoming MSG1, and that the MSG1 has correct values
488 if (!unpick_msg(st,LABEL_MSG1,msg1,&m)) return False;
490 transport_record_peer(st,&st->setup_peers,src,"msg1");
491 st->setup_session_id=m.source;
492 memcpy(st->remoteN,m.nR,NONCELEN);
496 static bool_t generate_msg2(struct site *st)
498 st->random->generate(st->random->st,NONCELEN,st->localN);
499 return generate_msg(st,LABEL_MSG2,"site:MSG2");
502 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
503 const struct comm_addr *src)
508 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
509 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
510 slog(st,LOG_SEC,"msg2: %s",err);
513 st->setup_session_id=m.source;
514 memcpy(st->remoteN,m.nR,NONCELEN);
518 static bool_t generate_msg3(struct site *st)
520 /* Now we have our nonce and their nonce. Think of a secret key,
521 and create message number 3. */
522 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
523 return generate_msg(st,LABEL_MSG3,"site:MSG3");
526 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
527 const struct comm_addr *src)
534 if (!unpick_msg(st,LABEL_MSG3,msg3,&m)) return False;
535 if (!check_msg(st,LABEL_MSG3,&m,&err)) {
536 slog(st,LOG_SEC,"msg3: %s",err);
540 /* Check signature and store g^x mod m */
541 hash=safe_malloc(st->hash->len, "process_msg3");
542 hst=st->hash->init();
543 st->hash->update(hst,m.hashstart,m.hashlen);
544 st->hash->final(hst,hash);
545 /* Terminate signature with a '0' - cheating, but should be ok */
547 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
548 slog(st,LOG_SEC,"msg3 signature failed check!");
554 /* Terminate their DH public key with a '0' */
556 /* Invent our DH secret key */
557 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
559 /* Generate the shared key */
560 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
561 st->sharedsecret,st->transform->keylen);
563 /* Set up the transform */
564 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
565 st->transform->keylen);
570 static bool_t generate_msg4(struct site *st)
572 /* We have both nonces, their public key and our private key. Generate
573 our public key, sign it and send it to them. */
574 return generate_msg(st,LABEL_MSG4,"site:MSG4");
577 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
578 const struct comm_addr *src)
585 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
586 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
587 slog(st,LOG_SEC,"msg4: %s",err);
591 /* Check signature and store g^x mod m */
592 hash=safe_malloc(st->hash->len, "process_msg4");
593 hst=st->hash->init();
594 st->hash->update(hst,m.hashstart,m.hashlen);
595 st->hash->final(hst,hash);
596 /* Terminate signature with a '0' - cheating, but should be ok */
598 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
599 slog(st,LOG_SEC,"msg4 signature failed check!");
605 /* Terminate their DH public key with a '0' */
607 /* Generate the shared key */
608 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
609 st->sharedsecret,st->transform->keylen);
610 /* Set up the transform */
611 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
612 st->transform->keylen);
623 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
627 m->dest=buf_unprepend_uint32(msg0);
629 m->source=buf_unprepend_uint32(msg0);
631 m->type=buf_unprepend_uint32(msg0);
633 /* Leaves transformed part of buffer untouched */
636 static bool_t generate_msg5(struct site *st)
638 cstring_t transform_err;
640 BUF_ALLOC(&st->buffer,"site:MSG5");
641 /* We are going to add four words to the message */
642 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
643 /* Give the netlink code an opportunity to put its own stuff in the
644 message (configuration information, etc.) */
645 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
646 st->new_transform->forwards(st->new_transform->st,&st->buffer,
648 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
649 buf_prepend_uint32(&st->buffer,st->index);
650 buf_prepend_uint32(&st->buffer,st->setup_session_id);
652 st->retries=st->setup_retries;
656 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
657 const struct comm_addr *src,
658 struct transform_inst_if *transform)
661 cstring_t transform_err;
663 if (!unpick_msg0(st,msg5,&m)) return False;
665 if (transform->reverse(transform->st,msg5,&transform_err)) {
666 /* There's a problem */
667 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
670 /* Buffer should now contain untransformed PING packet data */
672 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
673 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
676 /* Older versions of secnet used to write some config data here
677 * which we ignore. So we don't CHECK_EMPTY */
681 static void create_msg6(struct site *st, struct transform_inst_if *transform,
684 cstring_t transform_err;
686 BUF_ALLOC(&st->buffer,"site:MSG6");
687 /* We are going to add four words to the message */
688 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
689 /* Give the netlink code an opportunity to put its own stuff in the
690 message (configuration information, etc.) */
691 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
692 transform->forwards(transform->st,&st->buffer,&transform_err);
693 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
694 buf_prepend_uint32(&st->buffer,st->index);
695 buf_prepend_uint32(&st->buffer,session_id);
698 static bool_t generate_msg6(struct site *st)
700 create_msg6(st,st->new_transform,st->setup_session_id);
701 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
705 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
706 const struct comm_addr *src)
709 cstring_t transform_err;
711 if (!unpick_msg0(st,msg6,&m)) return False;
713 if (st->new_transform->reverse(st->new_transform->st,
714 msg6,&transform_err)) {
715 /* There's a problem */
716 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
719 /* Buffer should now contain untransformed PING packet data */
721 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
722 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
725 /* Older versions of secnet used to write some config data here
726 * which we ignore. So we don't CHECK_EMPTY */
730 static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0)
732 cstring_t transform_err, newkey_err="n/a";
736 if (!unpick_msg0(st,msg0,&m)) return False;
738 /* Keep a copy so we can try decrypting it with multiple keys */
739 buffer_copy(&st->scratch, msg0);
741 problem = st->current.transform->reverse(st->current.transform->st,
742 msg0,&transform_err);
743 if (!problem) return True;
746 slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
750 if (st->state==SITE_SENTMSG5) {
751 buffer_copy(msg0, &st->scratch);
752 if (!st->new_transform->reverse(st->new_transform->st,
754 /* It looks like we didn't get the peer's MSG6 */
755 /* This is like a cut-down enter_new_state(SITE_RUN) */
756 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
757 BUF_FREE(&st->buffer);
759 activate_new_key(st);
760 return True; /* do process the data in this packet */
764 slog(st,LOG_SEC,"transform: %s (new: %s)",transform_err,newkey_err);
765 initiate_key_setup(st,"incoming message would not decrypt");
769 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
770 const struct comm_addr *src)
774 if (!decrypt_msg0(st,msg0))
778 type=buf_unprepend_uint32(msg0);
781 /* We must forget about the current session. */
782 delete_keys(st,"request from peer",LOG_SEC);
785 /* Deliver to netlink layer */
786 st->netlink->deliver(st->netlink->st,msg0);
787 transport_data_msgok(st,src);
788 /* See whether we should start negotiating a new key */
789 if (st->now > st->renegotiate_key_time)
790 initiate_key_setup(st,"incoming packet in renegotiation window");
793 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
800 static void dump_packet(struct site *st, struct buffer_if *buf,
801 const struct comm_addr *addr, bool_t incoming)
803 uint32_t dest=ntohl(*(uint32_t *)buf->start);
804 uint32_t source=ntohl(*(uint32_t *)(buf->start+4));
805 uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8));
807 if (st->log_events & LOG_DUMP)
808 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
809 st->tunname,incoming?"incoming":"outgoing",
810 dest,source,msgtype);
813 static uint32_t site_status(void *st)
818 static bool_t send_msg(struct site *st)
821 transport_xmit(st, &st->setup_peers, &st->buffer, True);
822 st->timeout=st->now+st->setup_retry_interval;
826 slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet "
827 "(in state %s)",state_name(st->state));
828 enter_state_wait(st);
833 static void site_resolve_callback(void *sst, struct in_addr *address)
836 struct comm_addr ca_buf, *ca_use;
838 if (st->state!=SITE_RESOLVE) {
839 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
844 ca_buf.comm=st->comms[0];
845 ca_buf.sin.sin_family=AF_INET;
846 ca_buf.sin.sin_port=htons(st->remoteport);
847 ca_buf.sin.sin_addr=*address;
850 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
853 if (transport_compute_setupinit_peers(st,ca_use)) {
854 enter_new_state(st,SITE_SENTMSG1);
856 /* Can't figure out who to try to to talk to */
857 slog(st,LOG_SETUP_INIT,"key exchange failed: cannot find peer address");
862 static bool_t initiate_key_setup(struct site *st, cstring_t reason)
864 if (st->state!=SITE_RUN) return False;
865 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
867 slog(st,LOG_SETUP_INIT,"resolving peer address");
868 return enter_state_resolve(st);
869 } else if (transport_compute_setupinit_peers(st,0)) {
870 return enter_new_state(st,SITE_SENTMSG1);
872 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
876 static void activate_new_key(struct site *st)
878 struct transform_inst_if *t;
880 /* We have two transform instances, which we swap between active
882 t=st->current.transform;
883 st->current.transform=st->new_transform;
888 st->current.key_timeout=st->now+st->key_lifetime;
889 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
890 transport_peers_copy(st,&st->peers,&st->setup_peers);
891 st->current.remote_session_id=st->setup_session_id;
893 slog(st,LOG_ACTIVATE_KEY,"new key activated");
897 static void delete_one_key(struct site *st, struct data_key *key,
898 cstring_t reason, cstring_t which, uint32_t loglevel)
900 if (!key->transform->valid(key->transform->st)) return;
901 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
902 key->transform->delkey(key->transform->st);
906 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
908 if (current_valid(st)) {
909 slog(st,loglevel,"session closed (%s)",reason);
911 delete_one_key(st,&st->current,0,0,0);
912 set_link_quality(st);
916 static void state_assert(struct site *st, bool_t ok)
918 if (!ok) fatal("site:state_assert");
921 static void enter_state_stop(struct site *st)
925 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
926 st->new_transform->delkey(st->new_transform->st);
929 static void set_link_quality(struct site *st)
932 if (current_valid(st))
933 quality=LINK_QUALITY_UP;
934 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
935 quality=LINK_QUALITY_DOWN;
936 else if (st->address)
937 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
938 else if (transport_peers_valid(&st->peers))
939 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
941 quality=LINK_QUALITY_DOWN;
943 st->netlink->set_quality(st->netlink->st,quality);
946 static void enter_state_run(struct site *st)
948 slog(st,LOG_STATE,"entering state RUN");
952 st->setup_session_id=0;
953 transport_peers_clear(st,&st->setup_peers);
954 memset(st->localN,0,NONCELEN);
955 memset(st->remoteN,0,NONCELEN);
956 st->new_transform->delkey(st->new_transform->st);
957 memset(st->dhsecret,0,st->dh->len);
958 memset(st->sharedsecret,0,st->transform->keylen);
959 set_link_quality(st);
962 static bool_t enter_state_resolve(struct site *st)
964 state_assert(st,st->state==SITE_RUN);
965 slog(st,LOG_STATE,"entering state RESOLVE");
966 st->state=SITE_RESOLVE;
967 st->resolver->request(st->resolver->st,st->address,
968 site_resolve_callback,st);
972 static bool_t enter_new_state(struct site *st, uint32_t next)
974 bool_t (*gen)(struct site *st);
977 slog(st,LOG_STATE,"entering state %s",state_name(next));
980 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
984 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
985 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
989 state_assert(st,st->state==SITE_SENTMSG1);
990 BUF_FREE(&st->buffer);
994 state_assert(st,st->state==SITE_SENTMSG2);
995 BUF_FREE(&st->buffer);
999 state_assert(st,st->state==SITE_SENTMSG3);
1000 BUF_FREE(&st->buffer);
1004 state_assert(st,st->state==SITE_SENTMSG4);
1005 BUF_FREE(&st->buffer);
1010 fatal("enter_new_state(%s): invalid new state",state_name(next));
1014 if (hacky_par_start_failnow()) return False;
1016 r= gen(st) && send_msg(st);
1019 st->setup_retries, st->setup_retry_interval,
1024 if (next==SITE_RUN) {
1025 BUF_FREE(&st->buffer); /* Never reused */
1026 st->timeout=0; /* Never retransmit */
1027 activate_new_key(st);
1031 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1032 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1033 in either state, and enter_state_wait() will
1035 enter_state_wait(st);
1039 /* msg7 tells our peer that we're about to forget our key */
1040 static bool_t send_msg7(struct site *st, cstring_t reason)
1042 cstring_t transform_err;
1044 if (current_valid(st) && st->buffer.free
1045 && transport_peers_valid(&st->peers)) {
1046 BUF_ALLOC(&st->buffer,"site:MSG7");
1047 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
1048 buf_append_uint32(&st->buffer,LABEL_MSG7);
1049 buf_append_string(&st->buffer,reason);
1050 st->current.transform->forwards(st->current.transform->st,
1051 &st->buffer, &transform_err);
1052 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
1053 buf_prepend_uint32(&st->buffer,st->index);
1054 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
1055 transport_xmit(st,&st->peers,&st->buffer,True);
1056 BUF_FREE(&st->buffer);
1062 /* We go into this state if our peer becomes uncommunicative. Similar to
1063 the "stop" state, we forget all session keys for a while, before
1064 re-entering the "run" state. */
1065 static void enter_state_wait(struct site *st)
1067 slog(st,LOG_STATE,"entering state WAIT");
1068 st->timeout=st->now+st->wait_timeout;
1069 st->state=SITE_WAIT;
1070 set_link_quality(st);
1071 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1072 /* XXX Erase keys etc. */
1075 static inline void site_settimeout(uint64_t timeout, int *timeout_io)
1078 int64_t offset=timeout-*now;
1079 if (offset<0) offset=0;
1080 if (offset>INT_MAX) offset=INT_MAX;
1081 if (*timeout_io<0 || offset<*timeout_io)
1086 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
1089 struct site *st=sst;
1091 *nfds_io=0; /* We don't use any file descriptors */
1094 /* Work out when our next timeout is. The earlier of 'timeout' or
1095 'current.key_timeout'. A stored value of '0' indicates no timeout
1097 site_settimeout(st->timeout, timeout_io);
1098 site_settimeout(st->current.key_timeout, timeout_io);
1100 return 0; /* success */
1103 static void check_expiry(struct site *st, struct data_key *key,
1106 if (key->key_timeout && *now>key->key_timeout) {
1107 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1111 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1112 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
1114 struct site *st=sst;
1117 if (st->timeout && *now>st->timeout) {
1119 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1120 if (!hacky_par_start_failnow())
1122 } else if (st->state==SITE_WAIT) {
1123 enter_state_run(st);
1125 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1129 check_expiry(st,&st->current,"current key");
1132 /* This function is called by the netlink device to deliver packets
1133 intended for the remote network. The packet is in "raw" wire
1134 format, but is guaranteed to be word-aligned. */
1135 static void site_outgoing(void *sst, struct buffer_if *buf)
1137 struct site *st=sst;
1138 cstring_t transform_err;
1140 if (st->state==SITE_STOP) {
1145 /* In all other states we consider delivering the packet if we have
1146 a valid key and a valid address to send it to. */
1147 if (current_valid(st) && transport_peers_valid(&st->peers)) {
1148 /* Transform it and send it */
1150 buf_prepend_uint32(buf,LABEL_MSG9);
1151 st->current.transform->forwards(st->current.transform->st,
1152 buf, &transform_err);
1153 buf_prepend_uint32(buf,LABEL_MSG0);
1154 buf_prepend_uint32(buf,st->index);
1155 buf_prepend_uint32(buf,st->current.remote_session_id);
1156 transport_xmit(st,&st->peers,buf,False);
1162 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
1164 initiate_key_setup(st,"outgoing packet");
1167 /* This function is called by the communication device to deliver
1168 packets from our peers. */
1169 static bool_t site_incoming(void *sst, struct buffer_if *buf,
1170 const struct comm_addr *source)
1172 struct site *st=sst;
1174 if (buf->size < 12) return False;
1176 uint32_t dest=ntohl(*(uint32_t *)buf->start);
1179 /* It could be for any site - it should have LABEL_MSG1 and
1180 might have our name and our peer's name in it */
1181 if (buf->size<(st->setupsiglen+8+NONCELEN)) return False;
1182 if (memcmp(buf->start+8,st->setupsig,st->setupsiglen)==0) {
1183 /* It's addressed to us. Decide what to do about it. */
1184 dump_packet(st,buf,source,True);
1185 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1186 st->state==SITE_WAIT) {
1187 /* We should definitely process it */
1188 if (process_msg1(st,buf,source)) {
1189 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1190 enter_new_state(st,SITE_SENTMSG2);
1192 slog(st,LOG_ERROR,"failed to process incoming msg1");
1196 } else if (st->state==SITE_SENTMSG1) {
1197 /* We've just sent a message 1! They may have crossed on
1198 the wire. If we have priority then we ignore the
1199 incoming one, otherwise we process it as usual. */
1200 if (st->setup_priority) {
1202 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1203 "priority => ignore incoming msg1");
1206 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1207 "priority => use incoming msg1");
1208 if (process_msg1(st,buf,source)) {
1209 BUF_FREE(&st->buffer); /* Free our old message 1 */
1210 enter_new_state(st,SITE_SENTMSG2);
1212 slog(st,LOG_ERROR,"failed to process an incoming "
1213 "crossed msg1 (we have low priority)");
1219 /* The message 1 was received at an unexpected stage of the
1220 key setup. XXX POLICY - what do we do? */
1221 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1225 return False; /* Not for us. */
1227 if (dest==st->index) {
1228 /* Explicitly addressed to us */
1229 uint32_t msgtype=ntohl(get_uint32(buf->start+8));
1230 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1233 /* If the source is our current peer then initiate a key setup,
1234 because our peer's forgotten the key */
1235 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
1236 initiate_key_setup(st,"received a NAK");
1238 slog(st,LOG_SEC,"bad incoming NAK");
1242 process_msg0(st,buf,source);
1245 /* Setup packet: should not have been explicitly addressed
1247 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
1250 /* Setup packet: expected only in state SENTMSG1 */
1251 if (st->state!=SITE_SENTMSG1) {
1252 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
1253 } else if (process_msg2(st,buf,source)) {
1254 transport_setup_msgok(st,source);
1255 enter_new_state(st,SITE_SENTMSG3);
1257 slog(st,LOG_SEC,"invalid MSG2");
1261 /* Setup packet: expected only in state SENTMSG2 */
1262 if (st->state!=SITE_SENTMSG2) {
1263 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1264 } else if (process_msg3(st,buf,source)) {
1265 transport_setup_msgok(st,source);
1266 enter_new_state(st,SITE_SENTMSG4);
1268 slog(st,LOG_SEC,"invalid MSG3");
1272 /* Setup packet: expected only in state SENTMSG3 */
1273 if (st->state!=SITE_SENTMSG3) {
1274 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
1275 } else if (process_msg4(st,buf,source)) {
1276 transport_setup_msgok(st,source);
1277 enter_new_state(st,SITE_SENTMSG5);
1279 slog(st,LOG_SEC,"invalid MSG4");
1283 /* Setup packet: expected only in state SENTMSG4 */
1284 /* (may turn up in state RUN if our return MSG6 was lost
1285 and the new key has already been activated. In that
1286 case we discard it. The peer will realise that we
1287 are using the new key when they see our data packets.
1288 Until then the peer's data packets to us get discarded. */
1289 if (st->state==SITE_SENTMSG4) {
1290 if (process_msg5(st,buf,source,st->new_transform)) {
1291 transport_setup_msgok(st,source);
1292 enter_new_state(st,SITE_RUN);
1294 slog(st,LOG_SEC,"invalid MSG5");
1296 } else if (st->state==SITE_RUN) {
1297 if (process_msg5(st,buf,source,st->current.transform)) {
1298 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
1299 transport_setup_msgok(st,source);
1300 create_msg6(st,st->current.transform,
1301 st->current.remote_session_id);
1302 transport_xmit(st,&st->peers,&st->buffer,True);
1303 BUF_FREE(&st->buffer);
1305 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
1308 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
1312 /* Setup packet: expected only in state SENTMSG5 */
1313 if (st->state!=SITE_SENTMSG5) {
1314 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1315 } else if (process_msg6(st,buf,source)) {
1316 BUF_FREE(&st->buffer); /* Free message 5 */
1317 transport_setup_msgok(st,source);
1318 activate_new_key(st);
1320 slog(st,LOG_SEC,"invalid MSG6");
1324 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
1335 static void site_control(void *vst, bool_t run)
1337 struct site *st=vst;
1338 if (run) enter_state_run(st);
1339 else enter_state_stop(st);
1342 static void site_phase_hook(void *sst, uint32_t newphase)
1344 struct site *st=sst;
1346 /* The program is shutting down; tell our peer */
1347 send_msg7(st,"shutting down");
1350 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1353 static uint32_t index_sequence;
1359 st=safe_malloc(sizeof(*st),"site_apply");
1361 st->cl.description="site";
1362 st->cl.type=CL_SITE;
1364 st->cl.interface=&st->ops;
1366 st->ops.control=site_control;
1367 st->ops.status=site_status;
1369 /* First parameter must be a dict */
1370 item=list_elem(args,0);
1371 if (!item || item->type!=t_dict)
1372 cfgfatal(loc,"site","parameter must be a dictionary\n");
1374 dict=item->data.dict;
1375 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1376 st->remotename=dict_read_string(dict, "name", True, "site", loc);
1378 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
1379 bool_t local_mobile=
1380 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
1382 /* Sanity check (which also allows the 'sites' file to include
1383 site() closures for all sites including our own): refuse to
1384 talk to ourselves */
1385 if (strcmp(st->localname,st->remotename)==0) {
1386 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
1388 if (st->peer_mobile != local_mobile)
1389 cfgfatal(loc,"site","site %s's peer-mobile=%d"
1390 " but our local-mobile=%d\n",
1391 st->localname, st->peer_mobile, local_mobile);
1395 if (st->peer_mobile && local_mobile) {
1396 Message(M_WARNING,"site %s: site is mobile but so are we"
1397 " -> ignoring this site\n", st->remotename);
1402 assert(index_sequence < 0xffffffffUL);
1403 st->index = ++index_sequence;
1404 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
1406 list_t *comms_cfg=dict_lookup(dict,"comm");
1407 if (!comms_cfg) cfgfatal(loc,"site","closure list \"comm\" not found\n");
1408 st->ncomms=list_length(comms_cfg);
1409 st->comms=safe_malloc_ary(sizeof(*st->comms),st->ncomms,"comms");
1411 for (i=0; i<st->ncomms; i++) {
1412 item_t *item=list_elem(comms_cfg,i);
1413 if (item->type!=t_closure)
1414 cfgfatal(loc,"site","comm is not a closure\n");
1415 closure_t *cl=item->data.closure;
1416 if (cl->type!=CL_COMM) cfgfatal(loc,"site","comm closure wrong type\n");
1417 st->comms[i]=cl->interface;
1420 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1421 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1422 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1424 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
1425 st->address=dict_read_string(dict, "address", False, "site", loc);
1427 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1428 else st->remoteport=0;
1429 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1432 find_cl_if(dict,"transform",CL_TRANSFORM,True,"site",loc);
1434 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1435 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1437 #define DEFAULT(D) (st->peer_mobile || local_mobile \
1438 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
1439 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
1441 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
1442 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
1443 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
1444 st->wait_timeout= CFG_NUMBER("wait-time", WAIT_TIME);
1446 st->mobile_peer_expiry= dict_read_number(
1447 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
1449 st->transport_peers_max= !st->peer_mobile ? 1 : dict_read_number(
1450 dict,"mobile-peers-max",False,"site",loc,DEFAULT_MOBILE_PEERS_MAX);
1451 if (st->transport_peers_max<1 ||
1452 st->transport_peers_max>=MAX_MOBILE_PEERS_MAX) {
1453 cfgfatal(loc,"site","mobile-peers-max must be in range 1.."
1454 STRING(MAX_MOBILE_PEERS_MAX) "\n");
1457 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
1458 st->key_renegotiate_time=st->key_lifetime/2;
1460 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
1461 st->key_renegotiate_time=dict_read_number(
1462 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
1463 if (st->key_renegotiate_time > st->key_lifetime) {
1464 cfgfatal(loc,"site",
1465 "renegotiate-time must be less than key-lifetime\n");
1468 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1469 log_event_table,"site");
1471 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1473 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1475 /* The information we expect to see in incoming messages of type 1 */
1476 /* fixme: lots of unchecked overflows here, but the results are only
1477 corrupted packets rather than undefined behaviour */
1478 st->setupsiglen=strlen(st->remotename)+strlen(st->localname)+8;
1479 st->setupsig=safe_malloc(st->setupsiglen,"site_apply");
1480 put_uint32(st->setupsig+0,LABEL_MSG1);
1481 put_uint16(st->setupsig+4,strlen(st->remotename));
1482 memcpy(&st->setupsig[6],st->remotename,strlen(st->remotename));
1483 put_uint16(st->setupsig+(6+strlen(st->remotename)),strlen(st->localname));
1484 memcpy(&st->setupsig[8+strlen(st->remotename)],st->localname,
1485 strlen(st->localname));
1486 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1488 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1490 buffer_new(&st->scratch,0);
1491 BUF_ALLOC(&st->scratch,"site:scratch");
1493 /* We are interested in poll(), but only for timeouts. We don't have
1494 any fds of our own. */
1495 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1498 st->current.key_timeout=0;
1499 transport_peers_clear(st,&st->peers);
1500 transport_peers_clear(st,&st->setup_peers);
1501 /* XXX mlock these */
1502 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
1503 st->sharedsecret=safe_malloc(st->transform->keylen,"site:sharedsecret");
1505 /* We need to compute some properties of our comms */
1506 #define COMPUTE_WORST(pad) \
1507 int worst_##pad=0; \
1508 for (i=0; i<st->ncomms; i++) { \
1509 int thispad=st->comms[i]->pad; \
1510 if (thispad > worst_##pad) \
1511 worst_##pad=thispad; \
1513 COMPUTE_WORST(min_start_pad)
1514 COMPUTE_WORST(min_end_pad)
1516 /* We need to register the remote networks with the netlink device */
1517 st->netlink->reg(st->netlink->st, site_outgoing, st,
1518 st->transform->max_start_pad+(4*4)+
1519 worst_min_start_pad,
1520 st->transform->max_end_pad+worst_min_end_pad);
1522 for (i=0; i<st->ncomms; i++)
1523 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
1525 st->current.transform=st->transform->create(st->transform->st);
1526 st->new_transform=st->transform->create(st->transform->st);
1528 enter_state_stop(st);
1530 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1532 return new_closure(&st->cl);
1535 void site_module(dict_t *dict)
1537 add_closure(dict,"site",site_apply);
1541 /***** TRANSPORT PEERS definitions *****/
1543 static void transport_peers_debug(struct site *st, transport_peers *dst,
1544 const char *didwhat,
1545 int nargs, const struct comm_addr *args,
1550 if (!(st->log_events & LOG_PEER_ADDRS))
1551 return; /* an optimisation */
1553 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
1554 (dst==&st->peers ? "data" :
1555 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
1556 didwhat, nargs, dst->npeers);
1558 for (i=0, argp=(void*)args;
1560 i++, (argp+=stride?stride:sizeof(*args))) {
1561 const struct comm_addr *ca=(void*)argp;
1562 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
1563 i, ca->comm->addr_to_string(ca->comm->st,ca));
1565 for (i=0; i<dst->npeers; i++) {
1566 struct timeval diff;
1567 timersub(tv_now,&dst->peers[i].last,&diff);
1568 const struct comm_addr *ca=&dst->peers[i].addr;
1569 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
1570 i, ca->comm->addr_to_string(ca->comm->st,ca),
1571 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
1575 static int transport_peer_compar(const void *av, const void *bv) {
1576 const transport_peer *a=av;
1577 const transport_peer *b=bv;
1578 /* put most recent first in the array */
1579 if (timercmp(&a->last, &b->last, <)) return +1;
1580 if (timercmp(&a->last, &b->last, >)) return -11;
1584 static void transport_peers_expire(struct site *st, transport_peers *peers) {
1585 /* peers must be sorted first */
1586 int previous_peers=peers->npeers;
1587 struct timeval oldest;
1588 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
1589 oldest.tv_usec = tv_now->tv_usec;
1590 while (peers->npeers>1 &&
1591 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
1593 if (peers->npeers != previous_peers)
1594 transport_peers_debug(st,peers,"expire", 0,0,0);
1597 static void transport_record_peer(struct site *st, transport_peers *peers,
1598 const struct comm_addr *addr, const char *m) {
1599 int slot, changed=0;
1601 for (slot=0; slot<peers->npeers; slot++)
1602 if (!memcmp(&peers->peers[slot].addr, addr, sizeof(*addr)))
1606 if (peers->npeers==st->transport_peers_max)
1607 slot=st->transport_peers_max;
1609 slot=peers->npeers++;
1612 peers->peers[slot].addr=*addr;
1613 peers->peers[slot].last=*tv_now;
1615 if (peers->npeers>1)
1616 qsort(peers->peers, peers->npeers,
1617 sizeof(*peers->peers), transport_peer_compar);
1619 if (changed || peers->npeers!=1)
1620 transport_peers_debug(st,peers,m, 1,addr,0);
1621 transport_peers_expire(st, peers);
1624 static bool_t transport_compute_setupinit_peers(struct site *st,
1625 const struct comm_addr *configured_addr /* 0 if none or not found */) {
1627 if (!configured_addr && !transport_peers_valid(&st->peers))
1630 slog(st,LOG_SETUP_INIT,
1631 (!configured_addr ? "using only %d old peer address(es)"
1632 : "using configured address, and/or perhaps %d old peer address(es)"),
1635 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
1636 * have transport_peers_max==1. The effect is that this code
1637 * always uses the configured address if supplied, or otherwise
1638 * the existing data peer if one exists; this is as desired. */
1640 transport_peers_copy(st,&st->setup_peers,&st->peers);
1642 if (configured_addr)
1643 transport_record_peer(st,&st->setup_peers,configured_addr,"setupinit");
1645 assert(transport_peers_valid(&st->setup_peers));
1649 static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
1650 if (st->peer_mobile)
1651 transport_record_peer(st,&st->setup_peers,a,"setupmsg");
1653 static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
1654 if (st->peer_mobile)
1655 transport_record_peer(st,&st->peers,a,"datamsg");
1658 static int transport_peers_valid(transport_peers *peers) {
1659 return peers->npeers;
1661 static void transport_peers_clear(struct site *st, transport_peers *peers) {
1663 transport_peers_debug(st,peers,"clear",0,0,0);
1665 static void transport_peers_copy(struct site *st, transport_peers *dst,
1666 const transport_peers *src) {
1667 dst->npeers=src->npeers;
1668 memcpy(dst->peers, src->peers, sizeof(*dst->peers) * dst->npeers);
1669 transport_peers_debug(st,dst,"copy",
1670 src->npeers, &src->peers->addr, sizeof(*src->peers));
1673 void transport_xmit(struct site *st, transport_peers *peers,
1674 struct buffer_if *buf, bool_t candebug) {
1676 transport_peers_expire(st, peers);
1677 for (slot=0; slot<peers->npeers; slot++) {
1678 transport_peer *peer=&peers->peers[slot];
1680 dump_packet(st, buf, &peer->addr, False);
1681 peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr);
1685 /***** END of transport peers declarations *****/