1 /* site.c - manage communication with a remote network site */
3 /* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
12 /* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
21 #include <sys/socket.h>
25 #include "unaligned.h"
28 #define SETUP_BUFFER_LEN 2048
30 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
32 #define DEFAULT_SETUP_RETRIES 5
33 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
36 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38 #define DEFAULT_MOBILE_SETUP_RETRIES 30
39 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
42 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
44 /* Each site can be in one of several possible states. */
47 SITE_STOP - nothing is allowed to happen; tunnel is down;
48 all session keys have been erased
49 -> SITE_RUN upon external instruction
50 SITE_RUN - site up, maybe with valid key
51 -> SITE_RESOLVE upon outgoing packet and no valid key
52 we start name resolution for the other end of the tunnel
53 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
54 we send an appropriate message 2
55 SITE_RESOLVE - waiting for name resolution
56 -> SITE_SENTMSG1 upon successful resolution
57 we send an appropriate message 1
58 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
59 we abort resolution and
60 -> SITE_WAIT on timeout or resolution failure
62 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
63 -> SITE_SENTMSG3 upon valid incoming message 2
64 -> SITE_WAIT on timeout
66 -> SITE_SENTMSG4 upon valid incoming message 3
67 -> SITE_WAIT on timeout
69 -> SITE_SENTMSG5 upon valid incoming message 4
70 -> SITE_WAIT on timeout
72 -> SITE_RUN upon valid incoming message 5
73 -> SITE_WAIT on timeout
75 -> SITE_RUN upon valid incoming message 6
76 -> SITE_WAIT on timeout
77 SITE_WAIT - failed to establish key; do nothing for a while
78 -> SITE_RUN on timeout
83 #define SITE_RESOLVE 2
84 #define SITE_SENTMSG1 3
85 #define SITE_SENTMSG2 4
86 #define SITE_SENTMSG3 5
87 #define SITE_SENTMSG4 6
88 #define SITE_SENTMSG5 7
91 int32_t site_max_start_pad = 4*4;
93 static cstring_t state_name(uint32_t state)
96 case 0: return "STOP";
98 case 2: return "RESOLVE";
99 case 3: return "SENTMSG1";
100 case 4: return "SENTMSG2";
101 case 5: return "SENTMSG3";
102 case 6: return "SENTMSG4";
103 case 7: return "SENTMSG5";
104 case 8: return "WAIT";
105 default: return "*bad state*";
111 #define LOG_UNEXPECTED 0x00000001
112 #define LOG_SETUP_INIT 0x00000002
113 #define LOG_SETUP_TIMEOUT 0x00000004
114 #define LOG_ACTIVATE_KEY 0x00000008
115 #define LOG_TIMEOUT_KEY 0x00000010
116 #define LOG_SEC 0x00000020
117 #define LOG_STATE 0x00000040
118 #define LOG_DROP 0x00000080
119 #define LOG_DUMP 0x00000100
120 #define LOG_ERROR 0x00000400
121 #define LOG_PEER_ADDRS 0x00000800
123 static struct flagstr log_event_table[]={
124 { "unexpected", LOG_UNEXPECTED },
125 { "setup-init", LOG_SETUP_INIT },
126 { "setup-timeout", LOG_SETUP_TIMEOUT },
127 { "activate-key", LOG_ACTIVATE_KEY },
128 { "timeout-key", LOG_TIMEOUT_KEY },
129 { "security", LOG_SEC },
130 { "state-change", LOG_STATE },
131 { "packet-drop", LOG_DROP },
132 { "dump-packets", LOG_DUMP },
133 { "errors", LOG_ERROR },
134 { "peer-addrs", LOG_PEER_ADDRS },
135 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
136 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
137 { "all", 0xffffffff },
142 /***** TRANSPORT PEERS declarations *****/
144 /* Details of "mobile peer" semantics:
146 - We use the same data structure for the different configurations,
147 but manage it with different algorithms.
149 - We record up to mobile_peers_max peer address/port numbers
150 ("peers") for key setup, and separately up to mobile_peers_max
153 - In general, we make a new set of addrs (see below) when we start
154 a new key exchange; the key setup addrs become the data transport
155 addrs when key setup complets.
157 If our peer is mobile:
159 - We send to all recent addresses of incoming packets, plus
160 initially all configured addresses (which we also expire).
162 - So, we record addrs of good incoming packets, as follows:
163 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
164 2. add the peer of the just received packet to the applicable list
165 (possibly evicting the oldest entries to make room)
166 NB that we do not expire peers until an incoming packet arrives.
168 - If the peer has a configured address or name, we record them the
169 same way, but only as a result of our own initiation of key
170 setup. (We might evict some incoming packet addrs to make room.)
172 - The default number of addrs to keep is 3, or 4 if we have a
173 configured name or address. That's space for two configured
174 addresses (one IPv6 and one IPv4), plus two received addresses.
176 - Outgoing packets are sent to every recorded address in the
177 applicable list. Any unsupported[1] addresses are deleted from
178 the list right away. (This should only happen to configured
179 addresses, of course, but there is no need to check that.)
181 - When we successfully complete a key setup, we merge the key setup
182 peers into the data transfer peers.
184 [1] An unsupported address is one for whose AF we don't have a
185 socket (perhaps because we got EAFNOSUPPORT or some such) or for
186 which sendto gives ENETUNREACH.
188 If neither end is mobile:
190 - When peer initiated the key exchange, we use the incoming packet
193 - When we initiate the key exchange, we try configured addresses
194 until we get one which isn't unsupported then fixate on that.
196 - When we complete a key setup, we replace the data transport peers
197 with those from the key setup.
201 - We can't tell when local network setup changes so we can't cache
202 the unsupported addrs and completely remove the spurious calls to
203 sendto, but we can optimise things a bit by deprioritising addrs
204 which seem to be unsupported.
206 - Use only configured addresses. (Except, that if our peer
207 initiated a key exchange we use the incoming packet address until
208 our name resolution completes.)
210 - When we send a packet, try each address in turn; if addr
211 supported, put that address to the end of the list for future
212 packets, and go onto the next address.
214 - When we complete a key setup, we replace the data transport peers
215 with those from the key setup.
221 struct comm_addr addr;
225 /* configuration information */
226 /* runtime information */
228 transport_peer peers[MAX_PEER_ADDRS];
231 /* Basic operations on transport peer address sets */
232 static void transport_peers_clear(struct site *st, transport_peers *peers);
233 static int transport_peers_valid(transport_peers *peers);
234 static void transport_peers_copy(struct site *st, transport_peers *dst,
235 const transport_peers *src);
237 /* Record address of incoming setup packet; resp. data packet. */
238 static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
239 static void transport_data_msgok(struct site *st, const struct comm_addr *a);
241 /* Initialise the setup addresses. Called before we send the first
242 * packet in a key exchange. If we are the initiator, as a result of
243 * resolve completing (or being determined not to be relevant) or an
244 * incoming PROD; if we are the responder, as a result of the MSG1. */
245 static bool_t transport_compute_setupinit_peers(struct site *st,
246 const struct comm_addr *configured_addrs /* 0 if none or not found */,
247 int n_configured_addrs /* 0 if none or not found */,
248 const struct comm_addr *incoming_packet_addr /* 0 if none */);
250 /* Called if we are the responder in a key setup, when the resolve
251 * completes. transport_compute_setupinit_peers will hvae been called
252 * earlier. If _complete is called, we are still doing the key setup
253 * (and we should use the new values for both the rest of the key
254 * setup and the ongoing data exchange); if _tardy is called, the key
255 * setup is done (either completed or not) and only the data peers are
257 static void transport_resolve_complete(struct site *st,
258 const struct comm_addr *addrs, int naddrs);
259 static void transport_resolve_complete_tardy(struct site *st,
260 const struct comm_addr *addrs, int naddrs);
262 static void transport_xmit(struct site *st, transport_peers *peers,
263 struct buffer_if *buf, bool_t candebug);
265 /***** END of transport peers declarations *****/
269 struct transform_inst_if *transform;
270 uint64_t key_timeout; /* End of life of current key */
271 uint32_t remote_session_id;
277 /* configuration information */
280 bool_t local_mobile, peer_mobile; /* Mobile client support */
281 int32_t transport_peers_max;
282 string_t tunname; /* localname<->remotename by default, used in logs */
283 string_t address; /* DNS name for bootstrapping, optional */
284 int remoteport; /* Port for bootstrapping, optional */
286 struct netlink_if *netlink;
287 struct comm_if **comms;
289 struct resolver_if *resolver;
291 struct random_if *random;
292 struct rsaprivkey_if *privkey;
293 struct rsapubkey_if *pubkey;
294 struct transform_if **transforms;
297 struct hash_if *hash;
299 uint32_t index; /* Index of this site */
300 uint32_t local_capabilities;
301 int32_t setup_retries; /* How many times to send setup packets */
302 int32_t setup_retry_interval; /* Initial timeout for setup packets */
303 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
304 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
305 int32_t key_lifetime; /* How long a key lasts once set up */
306 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
307 after this time, initiate a new
310 bool_t setup_priority; /* Do we have precedence if both sites emit
311 message 1 simultaneously? */
314 /* runtime information */
316 uint64_t now; /* Most recently seen time */
317 bool_t allow_send_prod;
320 /* The currently established session */
321 struct data_key current;
322 struct data_key auxiliary_key;
323 bool_t auxiliary_is_new;
324 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
325 uint64_t auxiliary_renegotiate_key_time;
326 transport_peers peers; /* Current address(es) of peer for data traffic */
328 /* The current key setup protocol exchange. We can only be
329 involved in one of these at a time. There's a potential for
330 denial of service here (the attacker keeps sending a setup
331 packet; we keep trying to continue the exchange, and have to
332 timeout before we can listen for another setup packet); perhaps
333 we should keep a list of 'bad' sources for setup packets. */
334 uint32_t remote_capabilities;
335 uint16_t remote_adv_mtu;
336 struct transform_if *chosen_transform;
337 uint32_t setup_session_id;
338 transport_peers setup_peers;
339 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
340 uint8_t remoteN[NONCELEN];
341 struct buffer_if buffer; /* Current outgoing key exchange packet */
342 struct buffer_if scratch;
343 int32_t retries; /* Number of retries remaining */
344 uint64_t timeout; /* Timeout for current state */
346 uint8_t *sharedsecret;
347 uint32_t sharedsecretlen, sharedsecretallocd;
348 struct transform_inst_if *new_transform; /* For key setup/verify */
351 static uint32_t event_log_priority(struct site *st, uint32_t event)
353 if (!(event&st->log_events))
356 case LOG_UNEXPECTED: return M_INFO;
357 case LOG_SETUP_INIT: return M_INFO;
358 case LOG_SETUP_TIMEOUT: return M_NOTICE;
359 case LOG_ACTIVATE_KEY: return M_INFO;
360 case LOG_TIMEOUT_KEY: return M_INFO;
361 case LOG_SEC: return M_SECURITY;
362 case LOG_STATE: return M_DEBUG;
363 case LOG_DROP: return M_DEBUG;
364 case LOG_DUMP: return M_DEBUG;
365 case LOG_ERROR: return M_ERR;
366 case LOG_PEER_ADDRS: return M_DEBUG;
367 default: return M_ERR;
371 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
373 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
377 class=event_log_priority(st, event);
379 slilog_part(st->log,class,"%s: ",st->tunname);
380 vslilog_part(st->log,class,msg,ap);
381 slilog_part(st->log,class,"\n");
385 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
387 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
391 vslog(st,event,msg,ap);
395 static void logtimeout(struct site *st, const char *fmt, ...)
397 static void logtimeout(struct site *st, const char *fmt, ...)
399 uint32_t class=event_log_priority(st,LOG_SETUP_TIMEOUT);
406 slilog_part(st->log,class,"%s: ",st->tunname);
407 vslilog_part(st->log,class,fmt,ap);
411 for (i=0, delim=" (tried ";
412 i<st->setup_peers.npeers;
414 transport_peer *peer=&st->setup_peers.peers[i];
415 const char *s=comm_addr_to_string(&peer->addr);
416 slilog_part(st->log,class,"%s%s",delim,s);
419 slilog_part(st->log,class,")\n");
423 static void set_link_quality(struct site *st);
424 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
425 static void delete_one_key(struct site *st, struct data_key *key,
426 const char *reason /* may be 0 meaning don't log*/,
427 const char *which /* ignored if !reasonn */,
428 uint32_t loglevel /* ignored if !reasonn */);
429 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
430 const struct comm_addr *prod_hint);
431 static void enter_state_run(struct site *st);
432 static bool_t enter_state_resolve(struct site *st);
433 static bool_t enter_new_state(struct site *st,uint32_t next);
434 static void enter_state_wait(struct site *st);
435 static void activate_new_key(struct site *st);
437 static bool_t is_transform_valid(struct transform_inst_if *transform)
439 return transform && transform->valid(transform->st);
442 static bool_t current_valid(struct site *st)
444 return is_transform_valid(st->current.transform);
447 #define DEFINE_CALL_TRANSFORM(fwdrev) \
448 static int call_transform_##fwdrev(struct site *st, \
449 struct transform_inst_if *transform, \
450 struct buffer_if *buf, \
451 const char **errmsg) \
453 if (!is_transform_valid(transform)) { \
454 *errmsg="transform not set up"; \
457 return transform->fwdrev(transform->st,buf,errmsg); \
460 DEFINE_CALL_TRANSFORM(forwards)
461 DEFINE_CALL_TRANSFORM(reverse)
463 static void dispose_transform(struct transform_inst_if **transform_var)
465 struct transform_inst_if *transform=*transform_var;
467 transform->delkey(transform->st);
468 transform->destroy(transform->st);
473 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
474 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
475 #define CHECK_TYPE(b,t) do { uint32_t type; \
476 CHECK_AVAIL((b),4); \
477 type=buf_unprepend_uint32((b)); \
478 if (type!=(t)) return False; } while(0)
480 static _Bool type_is_msg34(uint32_t type)
483 type == LABEL_MSG3 ||
484 type == LABEL_MSG3BIS ||
491 struct buffer_if extrainfo;
498 struct parsedname remote;
499 struct parsedname local;
500 uint32_t remote_capabilities;
502 int capab_transformnum;
512 static void set_new_transform(struct site *st, char *pk)
514 /* Make room for the shared key */
515 st->sharedsecretlen=st->chosen_transform->keylen?:st->dh->ceil_len;
516 assert(st->sharedsecretlen);
517 if (st->sharedsecretlen > st->sharedsecretallocd) {
518 st->sharedsecretallocd=st->sharedsecretlen;
519 st->sharedsecret=realloc(st->sharedsecret,st->sharedsecretallocd);
521 if (!st->sharedsecret) fatal_perror("site:sharedsecret");
523 /* Generate the shared key */
524 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,pk,
525 st->sharedsecret,st->sharedsecretlen);
527 /* Set up the transform */
528 struct transform_if *generator=st->chosen_transform;
529 struct transform_inst_if *generated=generator->create(generator->st);
530 generated->setkey(generated->st,st->sharedsecret,
531 st->sharedsecretlen,st->setup_priority);
532 dispose_transform(&st->new_transform);
533 st->new_transform=generated;
535 slog(st,LOG_SETUP_INIT,"key exchange negotiated transform"
536 " %d (capabilities ours=%#"PRIx32" theirs=%#"PRIx32")",
537 st->chosen_transform->capab_transformnum,
538 st->local_capabilities, st->remote_capabilities);
542 int32_t lenpos, afternul;
544 static void append_string_xinfo_start(struct buffer_if *buf,
545 struct xinfoadd *xia,
547 /* Helps construct one of the names with additional info as found
548 * in MSG1..4. Call this function first, then append all the
549 * desired extra info (not including the nul byte) to the buffer,
550 * then call append_string_xinfo_done. */
552 xia->lenpos = buf->size;
553 buf_append_string(buf,str);
554 buf_append_uint8(buf,0);
555 xia->afternul = buf->size;
557 static void append_string_xinfo_done(struct buffer_if *buf,
558 struct xinfoadd *xia)
560 /* we just need to adjust the string length */
561 if (buf->size == xia->afternul) {
562 /* no extra info, strip the nul too */
563 buf_unappend_uint8(buf);
565 put_uint16(buf->start+xia->lenpos, buf->size-(xia->lenpos+2));
569 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
570 out using a transform of config data supplied by netlink */
571 static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
577 st->retries=st->setup_retries;
578 BUF_ALLOC(&st->buffer,what);
579 buffer_init(&st->buffer,0);
580 buf_append_uint32(&st->buffer,
581 (type==LABEL_MSG1?0:st->setup_session_id));
582 buf_append_uint32(&st->buffer,st->index);
583 buf_append_uint32(&st->buffer,type);
586 append_string_xinfo_start(&st->buffer,&xia,st->localname);
587 if ((st->local_capabilities & CAPAB_EARLY) || (type != LABEL_MSG1)) {
588 buf_append_uint32(&st->buffer,st->local_capabilities);
590 if (type_is_msg34(type)) {
591 buf_append_uint16(&st->buffer,st->mtu_target);
593 append_string_xinfo_done(&st->buffer,&xia);
595 buf_append_string(&st->buffer,st->remotename);
596 BUF_ADD_OBJ(append,&st->buffer,st->localN);
597 if (type==LABEL_MSG1) return True;
598 BUF_ADD_OBJ(append,&st->buffer,st->remoteN);
599 if (type==LABEL_MSG2) return True;
601 if (hacky_par_mid_failnow()) return False;
603 if (type==LABEL_MSG3BIS)
604 buf_append_uint8(&st->buffer,st->chosen_transform->capab_transformnum);
606 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
607 buf_append_string(&st->buffer,dhpub);
609 hash=safe_malloc(st->hash->len, "generate_msg");
610 hst=st->hash->init();
611 st->hash->update(hst,st->buffer.start,st->buffer.size);
612 st->hash->final(hst,hash);
613 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
614 buf_append_string(&st->buffer,sig);
620 static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
623 nm->len=buf_unprepend_uint16(msg);
624 CHECK_AVAIL(msg,nm->len);
625 nm->name=buf_unprepend(msg,nm->len);
626 uint8_t *nul=memchr(nm->name,0,nm->len);
628 buffer_readonly_view(&nm->extrainfo,0,0);
630 buffer_readonly_view(&nm->extrainfo, nul+1, msg->start-(nul+1));
631 nm->len=nul-nm->name;
636 static bool_t unpick_msg(struct site *st, uint32_t type,
637 struct buffer_if *msg, struct msg *m)
639 m->capab_transformnum=-1;
640 m->hashstart=msg->start;
642 m->dest=buf_unprepend_uint32(msg);
644 m->source=buf_unprepend_uint32(msg);
645 CHECK_TYPE(msg,type);
646 if (!unpick_name(msg,&m->remote)) return False;
647 m->remote_capabilities=0;
649 if (m->remote.extrainfo.size) {
650 CHECK_AVAIL(&m->remote.extrainfo,4);
651 m->remote_capabilities=buf_unprepend_uint32(&m->remote.extrainfo);
653 if (type_is_msg34(type) && m->remote.extrainfo.size) {
654 CHECK_AVAIL(&m->remote.extrainfo,2);
655 m->remote_mtu=buf_unprepend_uint16(&m->remote.extrainfo);
657 if (!unpick_name(msg,&m->local)) return False;
658 if (type==LABEL_PROD) {
662 CHECK_AVAIL(msg,NONCELEN);
663 m->nR=buf_unprepend(msg,NONCELEN);
664 if (type==LABEL_MSG1) {
668 CHECK_AVAIL(msg,NONCELEN);
669 m->nL=buf_unprepend(msg,NONCELEN);
670 if (type==LABEL_MSG2) {
674 if (type==LABEL_MSG3BIS) {
676 m->capab_transformnum = buf_unprepend_uint8(msg);
678 m->capab_transformnum = CAPAB_TRANSFORMNUM_ANCIENT;
681 m->pklen=buf_unprepend_uint16(msg);
682 CHECK_AVAIL(msg,m->pklen);
683 m->pk=buf_unprepend(msg,m->pklen);
684 m->hashlen=msg->start-m->hashstart;
686 m->siglen=buf_unprepend_uint16(msg);
687 CHECK_AVAIL(msg,m->siglen);
688 m->sig=buf_unprepend(msg,m->siglen);
693 static bool_t name_matches(const struct parsedname *nm, const char *expected)
695 int expected_len=strlen(expected);
697 nm->len == expected_len &&
698 !memcmp(nm->name, expected, expected_len);
701 static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
704 if (type==LABEL_MSG1) return True;
706 /* Check that the site names and our nonce have been sent
707 back correctly, and then store our peer's nonce. */
708 if (!name_matches(&m->remote,st->remotename)) {
709 *error="wrong remote site name";
712 if (!name_matches(&m->local,st->localname)) {
713 *error="wrong local site name";
716 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
717 *error="wrong locally-generated nonce";
720 if (type==LABEL_MSG2) return True;
721 if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)!=0) {
722 *error="wrong remotely-generated nonce";
725 /* MSG3 has complicated rules about capabilities, which are
726 * handled in process_msg3. */
727 if (type==LABEL_MSG3 || type==LABEL_MSG3BIS) return True;
728 if (m->remote_capabilities!=st->remote_capabilities) {
729 *error="remote capabilities changed";
732 if (type==LABEL_MSG4) return True;
733 *error="unknown message type";
737 static bool_t generate_msg1(struct site *st)
739 st->random->generate(st->random->st,NONCELEN,st->localN);
740 return generate_msg(st,LABEL_MSG1,"site:MSG1");
743 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
744 const struct comm_addr *src, struct msg *m)
746 /* We've already determined we're in an appropriate state to
747 process an incoming MSG1, and that the MSG1 has correct values
750 st->setup_session_id=m->source;
751 st->remote_capabilities=m->remote_capabilities;
752 memcpy(st->remoteN,m->nR,NONCELEN);
756 static bool_t generate_msg2(struct site *st)
758 st->random->generate(st->random->st,NONCELEN,st->localN);
759 return generate_msg(st,LABEL_MSG2,"site:MSG2");
762 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
763 const struct comm_addr *src)
768 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
769 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
770 slog(st,LOG_SEC,"msg2: %s",err);
773 st->setup_session_id=m.source;
774 st->remote_capabilities=m.remote_capabilities;
776 /* Select the transform to use */
778 uint32_t remote_transforms = st->remote_capabilities & CAPAB_TRANSFORM_MASK;
779 if (!remote_transforms)
780 /* old secnets only had this one transform */
781 remote_transforms = 1UL << CAPAB_TRANSFORMNUM_ANCIENT;
783 struct transform_if *ti;
785 for (i=0; i<st->ntransforms; i++) {
786 ti=st->transforms[i];
787 if ((1UL << ti->capab_transformnum) & remote_transforms)
788 goto transform_found;
790 slog(st,LOG_ERROR,"no transforms in common"
791 " (us %#"PRIx32"; them: %#"PRIx32")",
792 st->local_capabilities & CAPAB_TRANSFORM_MASK,
796 st->chosen_transform=ti;
798 memcpy(st->remoteN,m.nR,NONCELEN);
802 static bool_t generate_msg3(struct site *st)
804 /* Now we have our nonce and their nonce. Think of a secret key,
805 and create message number 3. */
806 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
807 return generate_msg(st,
808 (st->remote_capabilities & CAPAB_TRANSFORM_MASK
809 ? LABEL_MSG3BIS : LABEL_MSG3),
813 static bool_t process_msg3_msg4(struct site *st, struct msg *m)
818 /* Check signature and store g^x mod m */
819 hash=safe_malloc(st->hash->len, "process_msg3_msg4");
820 hst=st->hash->init();
821 st->hash->update(hst,m->hashstart,m->hashlen);
822 st->hash->final(hst,hash);
823 /* Terminate signature with a '0' - cheating, but should be ok */
825 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m->sig)) {
826 slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
832 st->remote_adv_mtu=m->remote_mtu;
837 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
838 const struct comm_addr *src, uint32_t msgtype)
843 assert(msgtype==LABEL_MSG3 || msgtype==LABEL_MSG3BIS);
845 if (!unpick_msg(st,msgtype,msg3,&m)) return False;
846 if (!check_msg(st,msgtype,&m,&err)) {
847 slog(st,LOG_SEC,"msg3: %s",err);
850 uint32_t capab_adv_late = m.remote_capabilities
851 & ~st->remote_capabilities & CAPAB_EARLY;
852 if (capab_adv_late) {
853 slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
854 " %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
855 capab_adv_late, st->remote_capabilities, m.remote_capabilities);
858 st->remote_capabilities|=m.remote_capabilities;
860 struct transform_if *ti;
862 for (i=0; i<st->ntransforms; i++) {
863 ti=st->transforms[i];
864 if (ti->capab_transformnum == m.capab_transformnum)
865 goto transform_found;
867 slog(st,LOG_SEC,"peer chose unknown-to-us transform %d!",
868 m.capab_transformnum);
871 st->chosen_transform=ti;
873 if (!process_msg3_msg4(st,&m))
876 /* Terminate their DH public key with a '0' */
878 /* Invent our DH secret key */
879 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
881 /* Generate the shared key and set up the transform */
882 set_new_transform(st,m.pk);
887 static bool_t generate_msg4(struct site *st)
889 /* We have both nonces, their public key and our private key. Generate
890 our public key, sign it and send it to them. */
891 return generate_msg(st,LABEL_MSG4,"site:MSG4");
894 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
895 const struct comm_addr *src)
900 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
901 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
902 slog(st,LOG_SEC,"msg4: %s",err);
906 if (!process_msg3_msg4(st,&m))
909 /* Terminate their DH public key with a '0' */
912 /* Generate the shared key and set up the transform */
913 set_new_transform(st,m.pk);
924 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
928 m->dest=buf_unprepend_uint32(msg0);
930 m->source=buf_unprepend_uint32(msg0);
932 m->type=buf_unprepend_uint32(msg0);
934 /* Leaves transformed part of buffer untouched */
937 static bool_t generate_msg5(struct site *st)
939 cstring_t transform_err;
941 BUF_ALLOC(&st->buffer,"site:MSG5");
942 /* We are going to add four words to the message */
943 buffer_init(&st->buffer,calculate_max_start_pad());
944 /* Give the netlink code an opportunity to put its own stuff in the
945 message (configuration information, etc.) */
946 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
947 if (call_transform_forwards(st,st->new_transform,
948 &st->buffer,&transform_err))
950 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
951 buf_prepend_uint32(&st->buffer,st->index);
952 buf_prepend_uint32(&st->buffer,st->setup_session_id);
954 st->retries=st->setup_retries;
958 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
959 const struct comm_addr *src,
960 struct transform_inst_if *transform)
963 cstring_t transform_err;
965 if (!unpick_msg0(st,msg5,&m)) return False;
967 if (call_transform_reverse(st,transform,msg5,&transform_err)) {
968 /* There's a problem */
969 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
972 /* Buffer should now contain untransformed PING packet data */
974 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
975 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
978 /* Older versions of secnet used to write some config data here
979 * which we ignore. So we don't CHECK_EMPTY */
983 static void create_msg6(struct site *st, struct transform_inst_if *transform,
986 cstring_t transform_err;
988 BUF_ALLOC(&st->buffer,"site:MSG6");
989 /* We are going to add four words to the message */
990 buffer_init(&st->buffer,calculate_max_start_pad());
991 /* Give the netlink code an opportunity to put its own stuff in the
992 message (configuration information, etc.) */
993 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
994 int problem = call_transform_forwards(st,transform,
995 &st->buffer,&transform_err);
997 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
998 buf_prepend_uint32(&st->buffer,st->index);
999 buf_prepend_uint32(&st->buffer,session_id);
1002 static bool_t generate_msg6(struct site *st)
1004 if (!is_transform_valid(st->new_transform))
1006 create_msg6(st,st->new_transform,st->setup_session_id);
1007 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
1011 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
1012 const struct comm_addr *src)
1015 cstring_t transform_err;
1017 if (!unpick_msg0(st,msg6,&m)) return False;
1019 if (call_transform_reverse(st,st->new_transform,msg6,&transform_err)) {
1020 /* There's a problem */
1021 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
1024 /* Buffer should now contain untransformed PING packet data */
1025 CHECK_AVAIL(msg6,4);
1026 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
1027 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
1030 /* Older versions of secnet used to write some config data here
1031 * which we ignore. So we don't CHECK_EMPTY */
1035 static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0,
1036 const struct comm_addr *src)
1038 cstring_t transform_err, auxkey_err, newkey_err="n/a";
1042 if (!unpick_msg0(st,msg0,&m)) return False;
1044 /* Keep a copy so we can try decrypting it with multiple keys */
1045 buffer_copy(&st->scratch, msg0);
1047 problem = call_transform_reverse(st,st->current.transform,
1048 msg0,&transform_err);
1050 if (!st->auxiliary_is_new)
1051 delete_one_key(st,&st->auxiliary_key,
1052 "peer has used new key","auxiliary key",LOG_SEC);
1058 buffer_copy(msg0, &st->scratch);
1059 problem = call_transform_reverse(st,st->auxiliary_key.transform,
1062 slog(st,LOG_DROP,"processing packet which uses auxiliary key");
1063 if (st->auxiliary_is_new) {
1064 /* We previously timed out in state SENTMSG5 but it turns
1065 * out that our peer did in fact get our MSG5 and is
1066 * using the new key. So we should switch to it too. */
1067 /* This is a bit like activate_new_key. */
1070 st->current=st->auxiliary_key;
1071 st->auxiliary_key=t;
1073 delete_one_key(st,&st->auxiliary_key,"peer has used new key",
1074 "previous key",LOG_SEC);
1075 st->auxiliary_is_new=0;
1076 st->renegotiate_key_time=st->auxiliary_renegotiate_key_time;
1083 if (st->state==SITE_SENTMSG5) {
1084 buffer_copy(msg0, &st->scratch);
1085 problem = call_transform_reverse(st,st->new_transform,
1088 /* It looks like we didn't get the peer's MSG6 */
1089 /* This is like a cut-down enter_new_state(SITE_RUN) */
1090 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
1091 BUF_FREE(&st->buffer);
1093 activate_new_key(st);
1094 return True; /* do process the data in this packet */
1100 slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)",
1101 transform_err,auxkey_err,newkey_err);
1102 initiate_key_setup(st,"incoming message would not decrypt",0);
1103 send_nak(src,m.dest,m.source,m.type,msg0,"message would not decrypt");
1107 slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
1111 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
1112 const struct comm_addr *src)
1116 if (!decrypt_msg0(st,msg0,src))
1119 CHECK_AVAIL(msg0,4);
1120 type=buf_unprepend_uint32(msg0);
1123 /* We must forget about the current session. */
1124 delete_keys(st,"request from peer",LOG_SEC);
1127 /* Deliver to netlink layer */
1128 st->netlink->deliver(st->netlink->st,msg0);
1129 transport_data_msgok(st,src);
1130 /* See whether we should start negotiating a new key */
1131 if (st->now > st->renegotiate_key_time)
1132 initiate_key_setup(st,"incoming packet in renegotiation window",0);
1135 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
1142 static void dump_packet(struct site *st, struct buffer_if *buf,
1143 const struct comm_addr *addr, bool_t incoming)
1145 uint32_t dest=get_uint32(buf->start);
1146 uint32_t source=get_uint32(buf->start+4);
1147 uint32_t msgtype=get_uint32(buf->start+8);
1149 if (st->log_events & LOG_DUMP)
1150 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
1151 st->tunname,incoming?"incoming":"outgoing",
1152 dest,source,msgtype);
1155 static uint32_t site_status(void *st)
1160 static bool_t send_msg(struct site *st)
1162 if (st->retries>0) {
1163 transport_xmit(st, &st->setup_peers, &st->buffer, True);
1164 st->timeout=st->now+st->setup_retry_interval;
1167 } else if (st->state==SITE_SENTMSG5) {
1168 logtimeout(st,"timed out sending MSG5, stashing new key");
1169 /* We stash the key we have produced, in case it turns out that
1170 * our peer did see our MSG5 after all and starts using it. */
1171 /* This is a bit like some of activate_new_key */
1172 struct transform_inst_if *t;
1173 t=st->auxiliary_key.transform;
1174 st->auxiliary_key.transform=st->new_transform;
1175 st->new_transform=t;
1176 dispose_transform(&st->new_transform);
1178 st->auxiliary_is_new=1;
1179 st->auxiliary_key.key_timeout=st->now+st->key_lifetime;
1180 st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time;
1181 st->auxiliary_key.remote_session_id=st->setup_session_id;
1183 enter_state_wait(st);
1186 logtimeout(st,"timed out sending key setup packet "
1187 "(in state %s)",state_name(st->state));
1188 enter_state_wait(st);
1193 static void site_resolve_callback(void *sst, const struct comm_addr *addrs,
1194 int naddrs, int was_naddrs)
1196 struct site *st=sst;
1198 st->resolving=False;
1201 slog(st,LOG_STATE,"resolution of %s completed, %d addrs, eg: %s",
1202 st->address, was_naddrs, comm_addr_to_string(&addrs[0]));;
1203 if (naddrs != was_naddrs) {
1204 slog(st,LOG_SETUP_INIT,"resolution of supplied addresses/names"
1205 " yielded too many results (%d > %d), some ignored",
1206 was_naddrs, naddrs);
1209 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
1212 switch (st->state) {
1214 if (transport_compute_setupinit_peers(st,addrs,naddrs,0)) {
1215 enter_new_state(st,SITE_SENTMSG1);
1217 /* Can't figure out who to try to to talk to */
1218 slog(st,LOG_SETUP_INIT,
1219 "key exchange failed: cannot find peer address");
1220 enter_state_run(st);
1223 case SITE_SENTMSG1: case SITE_SENTMSG2:
1224 case SITE_SENTMSG3: case SITE_SENTMSG4:
1227 /* We start using the address immediately for data too.
1228 * It's best to store it in st->peers now because we might
1229 * go via SENTMSG5, WAIT, and a MSG0, straight into using
1230 * the new key (without updating the data peer addrs). */
1231 transport_resolve_complete(st,addrs,naddrs);
1232 } else if (st->local_mobile) {
1233 /* We can't let this rest because we may have a peer
1234 * address which will break in the future. */
1235 slog(st,LOG_SETUP_INIT,"resolution of %s failed: "
1236 "abandoning key exchange",st->address);
1237 enter_state_wait(st);
1239 slog(st,LOG_SETUP_INIT,"resolution of %s failed: "
1240 " continuing to use source address of peer's packets"
1241 " for key exchange and ultimately data",
1247 slog(st,LOG_SETUP_INIT,"resolution of %s completed tardily,"
1248 " updating peer address(es)",st->address);
1249 transport_resolve_complete_tardy(st,addrs,naddrs);
1250 } else if (st->local_mobile) {
1251 /* Not very good. We should queue (another) renegotiation
1252 * so that we can update the peer address. */
1253 st->key_renegotiate_time=st->now+st->wait_timeout;
1255 slog(st,LOG_SETUP_INIT,"resolution of %s failed: "
1256 " continuing to use source address of peer's packets",
1267 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
1268 const struct comm_addr *prod_hint)
1270 /* Reentrancy hazard: can call enter_new_state/enter_state_* */
1271 if (st->state!=SITE_RUN) return False;
1272 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
1274 slog(st,LOG_SETUP_INIT,"resolving peer address");
1275 return enter_state_resolve(st);
1276 } else if (transport_compute_setupinit_peers(st,0,0,prod_hint)) {
1277 return enter_new_state(st,SITE_SENTMSG1);
1279 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
1283 static void activate_new_key(struct site *st)
1285 struct transform_inst_if *t;
1287 /* We have three transform instances, which we swap between old,
1289 t=st->auxiliary_key.transform;
1290 st->auxiliary_key.transform=st->current.transform;
1291 st->current.transform=st->new_transform;
1292 st->new_transform=t;
1293 dispose_transform(&st->new_transform);
1296 st->auxiliary_is_new=0;
1297 st->auxiliary_key.key_timeout=st->current.key_timeout;
1298 st->current.key_timeout=st->now+st->key_lifetime;
1299 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
1300 transport_peers_copy(st,&st->peers,&st->setup_peers);
1301 st->current.remote_session_id=st->setup_session_id;
1303 /* Compute the inter-site MTU. This is min( our_mtu, their_mtu ).
1304 * But their mtu be unspecified, in which case we just use ours. */
1305 uint32_t intersite_mtu=
1306 MIN(st->mtu_target, st->remote_adv_mtu ?: ~(uint32_t)0);
1307 st->netlink->set_mtu(st->netlink->st,intersite_mtu);
1309 slog(st,LOG_ACTIVATE_KEY,"new key activated"
1310 " (mtu ours=%"PRId32" theirs=%"PRId32" intersite=%"PRId32")",
1311 st->mtu_target, st->remote_adv_mtu, intersite_mtu);
1312 enter_state_run(st);
1315 static void delete_one_key(struct site *st, struct data_key *key,
1316 cstring_t reason, cstring_t which, uint32_t loglevel)
1318 if (!is_transform_valid(key->transform)) return;
1319 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
1320 dispose_transform(&key->transform);
1324 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
1326 if (current_valid(st)) {
1327 slog(st,loglevel,"session closed (%s)",reason);
1329 delete_one_key(st,&st->current,0,0,0);
1330 set_link_quality(st);
1332 delete_one_key(st,&st->auxiliary_key,0,0,0);
1335 static void state_assert(struct site *st, bool_t ok)
1337 if (!ok) fatal("site:state_assert");
1340 static void enter_state_stop(struct site *st)
1342 st->state=SITE_STOP;
1344 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
1345 dispose_transform(&st->new_transform);
1348 static void set_link_quality(struct site *st)
1351 if (current_valid(st))
1352 quality=LINK_QUALITY_UP;
1353 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
1354 quality=LINK_QUALITY_DOWN;
1355 else if (st->address)
1356 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
1357 else if (transport_peers_valid(&st->peers))
1358 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
1360 quality=LINK_QUALITY_DOWN;
1362 st->netlink->set_quality(st->netlink->st,quality);
1365 static void enter_state_run(struct site *st)
1367 slog(st,LOG_STATE,"entering state RUN");
1371 st->setup_session_id=0;
1372 transport_peers_clear(st,&st->setup_peers);
1373 FILLZERO(st->localN);
1374 FILLZERO(st->remoteN);
1375 dispose_transform(&st->new_transform);
1376 memset(st->dhsecret,0,st->dh->len);
1377 memset(st->sharedsecret,0,st->sharedsecretlen);
1378 set_link_quality(st);
1381 static bool_t ensure_resolving(struct site *st)
1383 /* Reentrancy hazard: may call site_resolve_callback and hence
1384 * enter_new_state, enter_state_* and generate_msg*. */
1388 assert(st->address);
1390 /* resolver->request might reentrantly call site_resolve_callback
1391 * which will clear st->resolving, so we need to set it beforehand
1392 * rather than afterwards; also, it might return False, in which
1393 * case we have to clear ->resolving again. */
1395 bool_t ok = st->resolver->request(st->resolver->st,st->address,
1396 st->remoteport,st->comms[0],
1397 site_resolve_callback,st);
1399 st->resolving=False;
1404 static bool_t enter_state_resolve(struct site *st)
1406 /* Reentrancy hazard! See ensure_resolving. */
1407 state_assert(st,st->state==SITE_RUN);
1408 slog(st,LOG_STATE,"entering state RESOLVE");
1409 st->state=SITE_RESOLVE;
1410 return ensure_resolving(st);
1413 static bool_t enter_new_state(struct site *st, uint32_t next)
1415 bool_t (*gen)(struct site *st);
1418 slog(st,LOG_STATE,"entering state %s",state_name(next));
1421 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
1425 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1426 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
1430 state_assert(st,st->state==SITE_SENTMSG1);
1431 BUF_FREE(&st->buffer);
1435 state_assert(st,st->state==SITE_SENTMSG2);
1436 BUF_FREE(&st->buffer);
1440 state_assert(st,st->state==SITE_SENTMSG3);
1441 BUF_FREE(&st->buffer);
1445 state_assert(st,st->state==SITE_SENTMSG4);
1446 BUF_FREE(&st->buffer);
1451 fatal("enter_new_state(%s): invalid new state",state_name(next));
1455 if (hacky_par_start_failnow()) return False;
1457 r= gen(st) && send_msg(st);
1460 st->setup_retries, st->setup_retry_interval,
1465 if (next==SITE_RUN) {
1466 BUF_FREE(&st->buffer); /* Never reused */
1467 st->timeout=0; /* Never retransmit */
1468 activate_new_key(st);
1472 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1473 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1474 in either state, and enter_state_wait() will
1476 enter_state_wait(st);
1480 /* msg7 tells our peer that we're about to forget our key */
1481 static bool_t send_msg7(struct site *st, cstring_t reason)
1483 cstring_t transform_err;
1485 if (current_valid(st) && st->buffer.free
1486 && transport_peers_valid(&st->peers)) {
1487 BUF_ALLOC(&st->buffer,"site:MSG7");
1488 buffer_init(&st->buffer,calculate_max_start_pad());
1489 buf_append_uint32(&st->buffer,LABEL_MSG7);
1490 buf_append_string(&st->buffer,reason);
1491 if (call_transform_forwards(st, st->current.transform,
1492 &st->buffer, &transform_err))
1494 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
1495 buf_prepend_uint32(&st->buffer,st->index);
1496 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
1497 transport_xmit(st,&st->peers,&st->buffer,True);
1498 BUF_FREE(&st->buffer);
1505 /* We go into this state if our peer becomes uncommunicative. Similar to
1506 the "stop" state, we forget all session keys for a while, before
1507 re-entering the "run" state. */
1508 static void enter_state_wait(struct site *st)
1510 slog(st,LOG_STATE,"entering state WAIT");
1511 st->timeout=st->now+st->wait_timeout;
1512 st->state=SITE_WAIT;
1513 set_link_quality(st);
1514 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1515 /* XXX Erase keys etc. */
1518 static void generate_prod(struct site *st, struct buffer_if *buf)
1521 buf_append_uint32(buf,0);
1522 buf_append_uint32(buf,0);
1523 buf_append_uint32(buf,LABEL_PROD);
1524 buf_append_string(buf,st->localname);
1525 buf_append_string(buf,st->remotename);
1528 static void generate_send_prod(struct site *st,
1529 const struct comm_addr *source)
1531 if (!st->allow_send_prod) return; /* too soon */
1532 if (!(st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1533 st->state==SITE_WAIT)) return; /* we'd ignore peer's MSG1 */
1535 slog(st,LOG_SETUP_INIT,"prodding peer for key exchange");
1536 st->allow_send_prod=0;
1537 generate_prod(st,&st->scratch);
1538 dump_packet(st,&st->scratch,source,False);
1539 source->comm->sendmsg(source->comm->st, &st->scratch, source);
1542 static inline void site_settimeout(uint64_t timeout, int *timeout_io)
1545 int64_t offset=timeout-*now;
1546 if (offset<0) offset=0;
1547 if (offset>INT_MAX) offset=INT_MAX;
1548 if (*timeout_io<0 || offset<*timeout_io)
1553 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
1556 struct site *st=sst;
1558 *nfds_io=0; /* We don't use any file descriptors */
1561 /* Work out when our next timeout is. The earlier of 'timeout' or
1562 'current.key_timeout'. A stored value of '0' indicates no timeout
1564 site_settimeout(st->timeout, timeout_io);
1565 site_settimeout(st->current.key_timeout, timeout_io);
1566 site_settimeout(st->auxiliary_key.key_timeout, timeout_io);
1568 return 0; /* success */
1571 static void check_expiry(struct site *st, struct data_key *key,
1574 if (key->key_timeout && *now>key->key_timeout) {
1575 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1579 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1580 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
1582 struct site *st=sst;
1585 if (st->timeout && *now>st->timeout) {
1587 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1588 if (!hacky_par_start_failnow())
1590 } else if (st->state==SITE_WAIT) {
1591 enter_state_run(st);
1593 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1597 check_expiry(st,&st->current,"current key");
1598 check_expiry(st,&st->auxiliary_key,"auxiliary key");
1601 /* This function is called by the netlink device to deliver packets
1602 intended for the remote network. The packet is in "raw" wire
1603 format, but is guaranteed to be word-aligned. */
1604 static void site_outgoing(void *sst, struct buffer_if *buf)
1606 struct site *st=sst;
1607 cstring_t transform_err;
1609 if (st->state==SITE_STOP) {
1614 st->allow_send_prod=1;
1616 /* In all other states we consider delivering the packet if we have
1617 a valid key and a valid address to send it to. */
1618 if (current_valid(st) && transport_peers_valid(&st->peers)) {
1619 /* Transform it and send it */
1621 buf_prepend_uint32(buf,LABEL_MSG9);
1622 if (call_transform_forwards(st, st->current.transform,
1623 buf, &transform_err))
1625 buf_prepend_uint32(buf,LABEL_MSG0);
1626 buf_prepend_uint32(buf,st->index);
1627 buf_prepend_uint32(buf,st->current.remote_session_id);
1628 transport_xmit(st,&st->peers,buf,False);
1635 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
1637 initiate_key_setup(st,"outgoing packet",0);
1640 static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
1641 uint32_t type, struct msg *m)
1642 /* For packets which are identified by the local and remote names.
1643 * If it has our name and our peer's name in it it's for us. */
1645 struct buffer_if buf[1];
1646 buffer_readonly_clone(buf,buf_in);
1647 return unpick_msg(st,type,buf,m)
1648 && name_matches(&m->remote,st->remotename)
1649 && name_matches(&m->local,st->localname);
1652 /* This function is called by the communication device to deliver
1653 packets from our peers.
1654 It should return True if the packet is recognised as being for
1655 this current site instance (and should therefore not be processed
1656 by other sites), even if the packet was otherwise ignored. */
1657 static bool_t site_incoming(void *sst, struct buffer_if *buf,
1658 const struct comm_addr *source)
1660 struct site *st=sst;
1662 if (buf->size < 12) return False;
1664 uint32_t dest=get_uint32(buf->start);
1665 uint32_t msgtype=get_uint32(buf->start+8);
1666 struct msg named_msg;
1668 if (msgtype==LABEL_MSG1) {
1669 if (!named_for_us(st,buf,msgtype,&named_msg))
1671 /* It's a MSG1 addressed to us. Decide what to do about it. */
1672 dump_packet(st,buf,source,True);
1673 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1674 st->state==SITE_WAIT) {
1675 /* We should definitely process it */
1676 transport_compute_setupinit_peers(st,0,0,source);
1677 if (process_msg1(st,buf,source,&named_msg)) {
1678 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1679 bool_t entered=enter_new_state(st,SITE_SENTMSG2);
1680 if (entered && st->address && st->local_mobile)
1681 /* We must do this as the very last thing, because
1682 the resolver callback might reenter us. */
1683 ensure_resolving(st);
1685 slog(st,LOG_ERROR,"failed to process incoming msg1");
1689 } else if (st->state==SITE_SENTMSG1) {
1690 /* We've just sent a message 1! They may have crossed on
1691 the wire. If we have priority then we ignore the
1692 incoming one, otherwise we process it as usual. */
1693 if (st->setup_priority) {
1695 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1696 "priority => ignore incoming msg1");
1699 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1700 "priority => use incoming msg1");
1701 if (process_msg1(st,buf,source,&named_msg)) {
1702 BUF_FREE(&st->buffer); /* Free our old message 1 */
1703 transport_setup_msgok(st,source);
1704 enter_new_state(st,SITE_SENTMSG2);
1706 slog(st,LOG_ERROR,"failed to process an incoming "
1707 "crossed msg1 (we have low priority)");
1713 /* The message 1 was received at an unexpected stage of the
1714 key setup. XXX POLICY - what do we do? */
1715 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1719 if (msgtype==LABEL_PROD) {
1720 if (!named_for_us(st,buf,msgtype,&named_msg))
1722 dump_packet(st,buf,source,True);
1723 if (st->state!=SITE_RUN) {
1724 slog(st,LOG_DROP,"ignoring PROD when not in state RUN");
1725 } else if (current_valid(st)) {
1726 slog(st,LOG_DROP,"ignoring PROD when we think we have a key");
1728 initiate_key_setup(st,"peer sent PROD packet",source);
1733 if (dest==st->index) {
1734 /* Explicitly addressed to us */
1735 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1738 /* If the source is our current peer then initiate a key setup,
1739 because our peer's forgotten the key */
1740 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
1742 initiated = initiate_key_setup(st,"received a NAK",source);
1743 if (!initiated) generate_send_prod(st,source);
1745 slog(st,LOG_SEC,"bad incoming NAK");
1749 process_msg0(st,buf,source);
1752 /* Setup packet: should not have been explicitly addressed
1754 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
1757 /* Setup packet: expected only in state SENTMSG1 */
1758 if (st->state!=SITE_SENTMSG1) {
1759 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
1760 } else if (process_msg2(st,buf,source)) {
1761 transport_setup_msgok(st,source);
1762 enter_new_state(st,SITE_SENTMSG3);
1764 slog(st,LOG_SEC,"invalid MSG2");
1769 /* Setup packet: expected only in state SENTMSG2 */
1770 if (st->state!=SITE_SENTMSG2) {
1771 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1772 } else if (process_msg3(st,buf,source,msgtype)) {
1773 transport_setup_msgok(st,source);
1774 enter_new_state(st,SITE_SENTMSG4);
1776 slog(st,LOG_SEC,"invalid MSG3");
1780 /* Setup packet: expected only in state SENTMSG3 */
1781 if (st->state!=SITE_SENTMSG3) {
1782 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
1783 } else if (process_msg4(st,buf,source)) {
1784 transport_setup_msgok(st,source);
1785 enter_new_state(st,SITE_SENTMSG5);
1787 slog(st,LOG_SEC,"invalid MSG4");
1791 /* Setup packet: expected only in state SENTMSG4 */
1792 /* (may turn up in state RUN if our return MSG6 was lost
1793 and the new key has already been activated. In that
1794 case we discard it. The peer will realise that we
1795 are using the new key when they see our data packets.
1796 Until then the peer's data packets to us get discarded. */
1797 if (st->state==SITE_SENTMSG4) {
1798 if (process_msg5(st,buf,source,st->new_transform)) {
1799 transport_setup_msgok(st,source);
1800 enter_new_state(st,SITE_RUN);
1802 slog(st,LOG_SEC,"invalid MSG5");
1804 } else if (st->state==SITE_RUN) {
1805 if (process_msg5(st,buf,source,st->current.transform)) {
1806 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
1807 transport_setup_msgok(st,source);
1808 create_msg6(st,st->current.transform,
1809 st->current.remote_session_id);
1810 transport_xmit(st,&st->peers,&st->buffer,True);
1811 BUF_FREE(&st->buffer);
1813 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
1816 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
1820 /* Setup packet: expected only in state SENTMSG5 */
1821 if (st->state!=SITE_SENTMSG5) {
1822 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1823 } else if (process_msg6(st,buf,source)) {
1824 BUF_FREE(&st->buffer); /* Free message 5 */
1825 transport_setup_msgok(st,source);
1826 activate_new_key(st);
1828 slog(st,LOG_SEC,"invalid MSG6");
1832 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
1843 static void site_control(void *vst, bool_t run)
1845 struct site *st=vst;
1846 if (run) enter_state_run(st);
1847 else enter_state_stop(st);
1850 static void site_phase_hook(void *sst, uint32_t newphase)
1852 struct site *st=sst;
1854 /* The program is shutting down; tell our peer */
1855 send_msg7(st,"shutting down");
1858 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1861 static uint32_t index_sequence;
1867 st=safe_malloc(sizeof(*st),"site_apply");
1869 st->cl.description="site";
1870 st->cl.type=CL_SITE;
1872 st->cl.interface=&st->ops;
1874 st->ops.control=site_control;
1875 st->ops.status=site_status;
1877 /* First parameter must be a dict */
1878 item=list_elem(args,0);
1879 if (!item || item->type!=t_dict)
1880 cfgfatal(loc,"site","parameter must be a dictionary\n");
1882 dict=item->data.dict;
1883 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1884 st->remotename=dict_read_string(dict, "name", True, "site", loc);
1886 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
1888 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
1890 /* Sanity check (which also allows the 'sites' file to include
1891 site() closures for all sites including our own): refuse to
1892 talk to ourselves */
1893 if (strcmp(st->localname,st->remotename)==0) {
1894 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
1896 if (st->peer_mobile != st->local_mobile)
1897 cfgfatal(loc,"site","site %s's peer-mobile=%d"
1898 " but our local-mobile=%d\n",
1899 st->localname, st->peer_mobile, st->local_mobile);
1903 if (st->peer_mobile && st->local_mobile) {
1904 Message(M_WARNING,"site %s: site is mobile but so are we"
1905 " -> ignoring this site\n", st->remotename);
1910 assert(index_sequence < 0xffffffffUL);
1911 st->index = ++index_sequence;
1912 st->local_capabilities = 0;
1913 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
1915 #define GET_CLOSURE_LIST(dictkey,things,nthings,CL_TYPE) do{ \
1916 list_t *things##_cfg=dict_lookup(dict,dictkey); \
1917 if (!things##_cfg) \
1918 cfgfatal(loc,"site","closure list \"%s\" not found\n",dictkey); \
1919 st->nthings=list_length(things##_cfg); \
1920 st->things=safe_malloc_ary(sizeof(*st->things),st->nthings,dictkey "s"); \
1921 assert(st->nthings); \
1922 for (i=0; i<st->nthings; i++) { \
1923 item_t *item=list_elem(things##_cfg,i); \
1924 if (item->type!=t_closure) \
1925 cfgfatal(loc,"site","%s is not a closure\n",dictkey); \
1926 closure_t *cl=item->data.closure; \
1927 if (cl->type!=CL_TYPE) \
1928 cfgfatal(loc,"site","%s closure wrong type\n",dictkey); \
1929 st->things[i]=cl->interface; \
1933 GET_CLOSURE_LIST("comm",comms,ncomms,CL_COMM);
1935 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1936 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1937 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1939 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
1940 st->address=dict_read_string(dict, "address", False, "site", loc);
1942 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1943 else st->remoteport=0;
1944 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1946 GET_CLOSURE_LIST("transform",transforms,ntransforms,CL_TRANSFORM);
1948 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1949 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1951 #define DEFAULT(D) (st->peer_mobile || st->local_mobile \
1952 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
1953 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
1955 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
1956 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
1957 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
1958 st->wait_timeout= CFG_NUMBER("wait-time", WAIT_TIME);
1959 st->mtu_target= dict_read_number(dict,"mtu-target",False,"site",loc,0);
1961 st->mobile_peer_expiry= dict_read_number(
1962 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
1964 const char *peerskey= st->peer_mobile
1965 ? "mobile-peers-max" : "static-peers-max";
1966 st->transport_peers_max= dict_read_number(
1967 dict,peerskey,False,"site",loc, st->address ? 4 : 3);
1968 if (st->transport_peers_max<1 ||
1969 st->transport_peers_max>MAX_PEER_ADDRS) {
1970 cfgfatal(loc,"site", "%s must be in range 1.."
1971 STRING(MAX_PEER_ADDRS) "\n", peerskey);
1974 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
1975 st->key_renegotiate_time=st->key_lifetime/2;
1977 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
1978 st->key_renegotiate_time=dict_read_number(
1979 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
1980 if (st->key_renegotiate_time > st->key_lifetime) {
1981 cfgfatal(loc,"site",
1982 "renegotiate-time must be less than key-lifetime\n");
1985 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1986 log_event_table,"site");
1988 st->resolving=False;
1989 st->allow_send_prod=0;
1991 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1993 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1995 /* The information we expect to see in incoming messages of type 1 */
1996 /* fixme: lots of unchecked overflows here, but the results are only
1997 corrupted packets rather than undefined behaviour */
1998 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
2000 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
2002 buffer_new(&st->scratch,SETUP_BUFFER_LEN);
2003 BUF_ALLOC(&st->scratch,"site:scratch");
2005 /* We are interested in poll(), but only for timeouts. We don't have
2006 any fds of our own. */
2007 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
2010 st->remote_capabilities=0;
2011 st->chosen_transform=0;
2012 st->current.key_timeout=0;
2013 st->auxiliary_key.key_timeout=0;
2014 transport_peers_clear(st,&st->peers);
2015 transport_peers_clear(st,&st->setup_peers);
2016 /* XXX mlock these */
2017 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
2018 st->sharedsecretlen=st->sharedsecretallocd=0;
2021 for (i=0; i<st->ntransforms; i++) {
2022 struct transform_if *ti=st->transforms[i];
2023 uint32_t capbit = 1UL << ti->capab_transformnum;
2024 if (st->local_capabilities & capbit)
2025 slog(st,LOG_ERROR,"transformnum capability bit"
2026 " %d (%#"PRIx32") reused", ti->capab_transformnum, capbit);
2027 st->local_capabilities |= capbit;
2030 /* We need to register the remote networks with the netlink device */
2031 uint32_t netlink_mtu; /* local virtual interface mtu */
2032 st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);
2033 if (!st->mtu_target)
2034 st->mtu_target=netlink_mtu;
2036 for (i=0; i<st->ncomms; i++)
2037 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
2039 st->current.transform=0;
2040 st->auxiliary_key.transform=0;
2041 st->new_transform=0;
2042 st->auxiliary_is_new=0;
2044 enter_state_stop(st);
2046 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
2048 return new_closure(&st->cl);
2051 void site_module(dict_t *dict)
2053 add_closure(dict,"site",site_apply);
2057 /***** TRANSPORT PEERS definitions *****/
2059 static void transport_peers_debug(struct site *st, transport_peers *dst,
2060 const char *didwhat,
2061 int nargs, const struct comm_addr *args,
2066 if (!(st->log_events & LOG_PEER_ADDRS))
2067 return; /* an optimisation */
2069 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
2070 (dst==&st->peers ? "data" :
2071 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
2072 didwhat, nargs, dst->npeers);
2074 for (i=0, argp=(void*)args;
2076 i++, (argp+=stride?stride:sizeof(*args))) {
2077 const struct comm_addr *ca=(void*)argp;
2078 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
2079 i, comm_addr_to_string(ca));
2081 for (i=0; i<dst->npeers; i++) {
2082 struct timeval diff;
2083 timersub(tv_now,&dst->peers[i].last,&diff);
2084 const struct comm_addr *ca=&dst->peers[i].addr;
2085 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
2086 i, comm_addr_to_string(ca),
2087 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
2091 static void transport_peers_expire(struct site *st, transport_peers *peers) {
2092 /* peers must be sorted first */
2093 int previous_peers=peers->npeers;
2094 struct timeval oldest;
2095 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
2096 oldest.tv_usec = tv_now->tv_usec;
2097 while (peers->npeers>1 &&
2098 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
2100 if (peers->npeers != previous_peers)
2101 transport_peers_debug(st,peers,"expire", 0,0,0);
2104 static bool_t transport_peer_record_one(struct site *st, transport_peers *peers,
2105 const struct comm_addr *ca,
2106 const struct timeval *tv) {
2107 /* returns false if output is full */
2110 if (peers->npeers >= st->transport_peers_max)
2113 for (search=0; search<peers->npeers; search++)
2114 if (comm_addr_equal(&peers->peers[search].addr, ca))
2117 peers->peers[peers->npeers].addr = *ca;
2118 peers->peers[peers->npeers].last = *tv;
2123 static void transport_record_peers(struct site *st, transport_peers *peers,
2124 const struct comm_addr *addrs, int naddrs,
2126 /* We add addrs into peers. The new entries end up at the front
2127 * and displace entries towards the end (perhaps even off the
2128 * end). Any existing matching entries are moved up to the front.
2130 * Caller must first call transport_peers_expire. */
2132 if (naddrs==1 && peers->npeers>=1 &&
2133 comm_addr_equal(&addrs[0], &peers->peers[0].addr)) {
2134 /* optimisation, also avoids debug for trivial updates */
2135 peers->peers[0].last = *tv_now;
2139 int old_npeers=peers->npeers;
2140 transport_peer old_peers[old_npeers];
2141 COPY_ARRAY(old_peers,peers->peers,old_npeers);
2145 for (i=0; i<naddrs; i++) {
2146 if (!transport_peer_record_one(st,peers, &addrs[i], tv_now))
2149 for (i=0; i<old_npeers; i++) {
2150 const transport_peer *old=&old_peers[i];
2151 if (!transport_peer_record_one(st,peers, &old->addr, &old->last))
2155 transport_peers_debug(st,peers,m, naddrs,addrs,0);
2158 static void transport_expire_record_peers(struct site *st,
2159 transport_peers *peers,
2160 const struct comm_addr *addrs,
2161 int naddrs, const char *m) {
2162 /* Convenience function */
2163 transport_peers_expire(st,peers);
2164 transport_record_peers(st,peers,addrs,naddrs,m);
2167 static bool_t transport_compute_setupinit_peers(struct site *st,
2168 const struct comm_addr *configured_addrs /* 0 if none or not found */,
2169 int n_configured_addrs /* 0 if none or not found */,
2170 const struct comm_addr *incoming_packet_addr /* 0 if none */) {
2171 if (!n_configured_addrs && !incoming_packet_addr &&
2172 !transport_peers_valid(&st->peers))
2175 slog(st,LOG_SETUP_INIT,
2176 "using: %d configured addr(s);%s %d old peer addrs(es)",
2178 incoming_packet_addr ? " incoming packet address;" : "",
2181 /* Non-mobile peers try addresses until one is plausible. The
2182 * effect is that this code always tries first the configured
2183 * address if supplied, or otherwise the address of the incoming
2184 * PROD, or finally the existing data peer if one exists; this is
2187 transport_peers_copy(st,&st->setup_peers,&st->peers);
2188 transport_peers_expire(st,&st->setup_peers);
2190 if (incoming_packet_addr)
2191 transport_record_peers(st,&st->setup_peers,
2192 incoming_packet_addr,1, "incoming");
2194 if (n_configured_addrs)
2195 transport_record_peers(st,&st->setup_peers,
2196 configured_addrs,n_configured_addrs, "setupinit");
2198 assert(transport_peers_valid(&st->setup_peers));
2202 static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
2203 if (st->peer_mobile)
2204 transport_expire_record_peers(st,&st->setup_peers,a,1,"setupmsg");
2206 static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
2207 if (st->peer_mobile)
2208 transport_expire_record_peers(st,&st->peers,a,1,"datamsg");
2211 static int transport_peers_valid(transport_peers *peers) {
2212 return peers->npeers;
2214 static void transport_peers_clear(struct site *st, transport_peers *peers) {
2216 transport_peers_debug(st,peers,"clear",0,0,0);
2218 static void transport_peers_copy(struct site *st, transport_peers *dst,
2219 const transport_peers *src) {
2220 dst->npeers=src->npeers;
2221 COPY_ARRAY(dst->peers, src->peers, dst->npeers);
2222 transport_peers_debug(st,dst,"copy",
2223 src->npeers, &src->peers->addr, sizeof(*src->peers));
2226 static void transport_resolve_complete(struct site *st,
2227 const struct comm_addr *addrs,
2229 transport_expire_record_peers(st,&st->peers,addrs,naddrs,
2231 transport_expire_record_peers(st,&st->setup_peers,addrs,naddrs,
2235 static void transport_resolve_complete_tardy(struct site *st,
2236 const struct comm_addr *addrs,
2238 transport_expire_record_peers(st,&st->peers,addrs,naddrs,
2239 "resolved tardily");
2242 static void transport_peers__copy_by_mask(transport_peer *out, int *nout_io,
2244 const transport_peers *inp) {
2245 /* out and in->peers may be the same region, or nonoverlapping */
2246 const transport_peer *in=inp->peers;
2248 for (slot=0; slot<inp->npeers; slot++) {
2249 if (!(mask & (1U << slot)))
2251 if (!(out==in && slot==*nout_io))
2252 COPY_OBJ(out[*nout_io], in[slot]);
2257 void transport_xmit(struct site *st, transport_peers *peers,
2258 struct buffer_if *buf, bool_t candebug) {
2260 transport_peers_expire(st, peers);
2261 unsigned failed=0; /* bitmask */
2262 assert(MAX_PEER_ADDRS < sizeof(unsigned)*CHAR_BIT);
2265 for (slot=0; slot<peers->npeers; slot++) {
2266 transport_peer *peer=&peers->peers[slot];
2268 dump_packet(st, buf, &peer->addr, False);
2270 peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr);
2272 failed |= 1U << slot;
2275 if (ok && !st->peer_mobile)
2278 /* Now we need to demote/delete failing addrs: if we are mobile we
2279 * merely demote them; otherwise we delete them. */
2280 if (st->local_mobile) {
2281 unsigned expected = ((1U << nfailed)-1) << (peers->npeers-nfailed);
2282 /* `expected' has all the failures at the end already */
2283 if (failed != expected) {
2285 transport_peer failedpeers[nfailed];
2286 transport_peers__copy_by_mask(failedpeers, &fslot, failed,peers);
2287 assert(fslot == nfailed);
2289 transport_peers__copy_by_mask(peers->peers,&wslot,~failed,peers);
2290 assert(wslot+nfailed == peers->npeers);
2291 COPY_ARRAY(peers->peers+wslot, failedpeers, nfailed);
2294 if (failed && peers->npeers > 1) {
2296 transport_peers__copy_by_mask(peers->peers,&wslot,~failed,peers);
2297 peers->npeers=wslot;
2302 /***** END of transport peers declarations *****/