5 * Communication with the peer
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Header files ------------------------------------------------------*/
33 /*----- Static variables --------------------------------------------------*/
35 static peer *peers = 0;
38 /*----- Tunnel table ------------------------------------------------------*/
40 const tunnel_ops *tunnels[] = {
54 /*----- Main code ---------------------------------------------------------*/
56 /* --- @p_pingtype@ --- *
58 * Arguments: @unsigned msg@ = message type
60 * Returns: String to describe the message.
63 static const char *p_pingtype(unsigned msg)
65 switch (msg & MSG_TYPEMASK) {
68 return "transport-ping";
71 return "encrypted-ping";
77 /* --- @p_ponged@ --- *
79 * Arguments: @peer *p@ = peer packet arrived from
80 * @unsigned msg@ = message type
81 * @buf *b@ = buffer containing payload
85 * Use: Processes a ping response.
88 static void p_ponged(peer *p, unsigned msg, buf *b)
95 trace(T_PEER, "peer: received %s reply from %s",
96 p_pingtype(msg), p->spec.name);
97 trace_block(T_PACKET, "peer: ping contents", BBASE(b), BSZ(b));
100 if (buf_getu32(b, &id) ||
101 (magic = buf_get(b, sizeof(pg->magic))) == 0 ||
103 a_warn("PEER %s malformed-%s", p->spec.name, p_pingtype(msg));
107 for (pg = p->pings; pg; pg = pg->next) {
111 a_warn("PEER %s unexpected-%s 0x%08lx",
112 p->spec.name, p_pingtype(msg), (unsigned long)id);
116 if (memcmp(magic, pg->magic, sizeof(pg->magic)) != 0) {
117 a_warn("PEER %s corrupt-%s", p->spec.name, p_pingtype(msg));
120 p_pingdone(pg, PING_OK);
123 /* --- @p_read@ --- *
125 * Arguments: @int fd@ = file descriptor to read from
126 * @unsigned mode@ = what happened
127 * @void *v@ = an uninteresting pointer
131 * Use: Reads a packet from somewhere.
134 static void p_read(int fd, unsigned mode, void *v)
143 /* --- Read the data --- */
147 n = recvfrom(fd, buf_i, sizeof(buf_i), 0, &a.sa, &sz);
149 a_warn("PEER - socket-read-error -- %s", strerror(errno));
153 /* --- If the packet is a greeting, don't check peers --- */
155 if (n && buf_i[0] == (MSG_MISC | MISC_GREET)) {
157 trace(T_PEER, "peer: greeting received from INET %s %u",
158 inet_ntoa(a.sin.sin_addr),
159 (unsigned)ntohs(a.sin.sin_port));
160 trace_block(T_PACKET, "peer: greeting contents", buf_i, n);
162 buf_init(&b, buf_i, n);
164 if (c_check(&b) || BLEFT(&b)) {
165 a_warn("PEER - invalid-greeting");
168 a_notify("GREET %s INET %s %u",
169 b64_encode(buf_i + 1, n - 1),
170 inet_ntoa(a.sin.sin_addr),
171 (unsigned)ntohs(a.sin.sin_port));
175 /* --- Find the appropriate peer --- */
177 assert(a.sa.sa_family == AF_INET);
178 for (p = peers; p; p = p->next) {
179 if (p->spec.sa.sin.sin_addr.s_addr == a.sin.sin_addr.s_addr &&
180 p->spec.sa.sin.sin_port == a.sin.sin_port)
183 a_warn("PEER - unexpected-source INET %s %u",
184 inet_ntoa(a.sin.sin_addr), (unsigned)ntohs(a.sin.sin_port));
189 trace(T_PEER, "peer: packet received from `%s'", p->spec.name);
190 trace_block(T_PACKET, "peer: packet contents", buf_i, n);
193 /* --- Pick the packet apart --- */
195 p->st.t_last = time(0);
198 buf_init(&b, buf_i, n);
199 if ((ch = buf_getbyte(&b)) < 0) {
200 a_warn("PEER %s bad-packet no-type", p->spec.name);
203 switch (ch & MSG_CATMASK) {
205 if (ch & MSG_TYPEMASK) {
206 a_warn("PEER %s bad-packet unknown-type 0x%02x", p->spec.name, ch);
210 buf_init(&bb, buf_o, sizeof(buf_o));
211 if (ksl_decrypt(&p->ks, MSG_PACKET, &b, &bb)) {
213 a_warn("PEER %s decrypt-failed", p->spec.name);
218 p->st.sz_ipin += BSZ(&b);
219 p->t->ops->inject(p->t, &bb);
222 a_warn("PEER %s packet-build-failed", p->spec.name);
226 kx_message(&p->kx, ch & MSG_TYPEMASK, &b);
229 switch (ch & MSG_TYPEMASK) {
231 T( trace(T_PEER, "peer: received NOP packet"); )
234 buf_put(p_txstart(p, MSG_MISC | MISC_PONG), BCUR(&b), BLEFT(&b));
238 p_ponged(p, MISC_PONG, &b);
241 buf_init(&bb, buf_t, sizeof(buf_t));
242 if (ksl_decrypt(&p->ks, ch, &b, &bb)) {
244 a_warn("PEER %s decrypt-failed", p->spec.name);
249 if (ksl_encrypt(&p->ks, MSG_MISC | MISC_EPONG, &bb,
250 p_txstart(p, MSG_MISC | MISC_EPONG)))
256 buf_init(&bb, buf_t, sizeof(buf_t));
257 if (ksl_decrypt(&p->ks, ch, &b, &bb)) {
259 a_warn("PEER %s decrypt-failed", p->spec.name);
264 p_ponged(p, MISC_EPONG, &bb);
271 a_warn("PEER %s bad-packet unknown-category 0x%02x", p->spec.name, ch);
276 /* --- @p_txstart@ --- *
278 * Arguments: @peer *p@ = pointer to peer block
279 * @unsigned msg@ = message type code
281 * Returns: A pointer to a buffer to write to.
283 * Use: Starts sending to a peer. Only one send can happen at a
287 buf *p_txstart(peer *p, unsigned msg)
289 buf_init(&p->b, buf_o, sizeof(buf_o));
290 buf_putbyte(&p->b, msg);
294 /* --- @p_txend@ --- *
296 * Arguments: @peer *p@ = pointer to peer block
300 * Use: Sends a packet to the peer.
303 static void p_setkatimer(peer *);
305 static int p_dotxend(peer *p)
308 a_warn("PEER %s packet-build-failed", p->spec.name);
311 IF_TRACING(T_PEER, trace_block(T_PACKET, "peer: sending packet",
312 BBASE(&p->b), BLEN(&p->b)); )
313 if (sendto(sock.fd, BBASE(&p->b), BLEN(&p->b),
314 0, &p->spec.sa.sa, p->spec.sasz) < 0) {
315 a_warn("PEER %s socket-write-error -- %s",
316 p->spec.name, strerror(errno));
320 p->st.sz_out += BLEN(&p->b);
325 void p_txend(peer *p)
327 if (p_dotxend(p) && p->spec.t_ka) {
328 sel_rmtimer(&p->tka);
333 /* --- @p_pingwrite@ --- *
335 * Arguments: @ping *p@ = ping structure
336 * @buf *b@ = buffer to write in
340 * Use: Fills in a ping structure and writes the packet payload.
343 static void p_pingwrite(ping *p, buf *b)
345 static uint32 seq = 0;
348 GR_FILL(&rand_global, p->magic, sizeof(p->magic));
349 buf_putu32(b, p->id);
350 buf_put(b, p->magic, sizeof(p->magic));
353 /* --- @p_pingdone@ --- *
355 * Arguments: @ping *p@ = ping structure
356 * @int rc@ = return code to pass on
360 * Use: Disposes of a ping structure, maybe sending a notification.
363 void p_pingdone(ping *p, int rc)
365 if (p->prev) p->prev->next = p->next;
366 else p->p->pings = p->next;
367 if (p->next) p->next->prev = p->prev;
368 if (rc != PING_TIMEOUT) sel_rmtimer(&p->t);
369 T( trace(T_PEER, "peer: ping 0x%08lx done (rc = %d)",
370 (unsigned long)p->id, rc); )
371 if (rc >= 0) p->func(rc, p->arg);
374 /* --- @p_pingtimeout@ --- *
376 * Arguments: @struct timeval *now@ = the time now
377 * @void *pv@ = pointer to ping block
381 * Use: Called when a ping times out.
384 static void p_pingtimeout(struct timeval *now, void *pv)
388 T( trace(T_PEER, "peer: ping 0x%08lx timed out", (unsigned long)p->id); )
389 p_pingdone(p, PING_TIMEOUT);
392 /* --- @p_pingsend@ --- *
394 * Arguments: @peer *p@ = destination peer
395 * @ping *pg@ = structure to fill in
396 * @unsigned type@ = message type
397 * @unsigned long timeout@ = how long to wait before giving up
398 * @void (*func)(int, void *)@ = callback function
399 * @void *arg@ = argument for callback
401 * Returns: Zero if successful, nonzero if it failed.
403 * Use: Sends a ping to a peer. Call @func@ with a nonzero argument
404 * if we get an answer within the timeout, or zero if no answer.
407 int p_pingsend(peer *p, ping *pg, unsigned type,
408 unsigned long timeout,
409 void (*func)(int, void *), void *arg)
417 b = p_txstart(p, MSG_MISC | MISC_PING);
422 pg->msg = MISC_EPONG;
423 b = p_txstart(p, MSG_MISC | MISC_EPING);
424 buf_init(&bb, buf_t, sizeof(buf_t));
425 p_pingwrite(pg, &bb);
427 if (ksl_encrypt(&p->ks, MSG_MISC | MISC_EPING, &bb, b))
443 if (p->pings) p->pings->prev = pg;
445 gettimeofday(&tv, 0);
446 tv.tv_sec += timeout;
447 sel_addtimer(&sel, &pg->t, &tv, p_pingtimeout, pg);
448 T( trace(T_PEER, "peer: send %s 0x%08lx to %s",
449 p_pingtype(type), (unsigned long)pg->id, p->spec.name); )
453 /* --- @p_greet@ --- *
455 * Arguments: @peer *p@ = peer to send to
456 * @const void *c@ = pointer to challenge
457 * @size_t sz@ = size of challenge
461 * Use: Sends a greeting packet.
464 void p_greet(peer *p, const void *c, size_t sz)
466 buf *b = p_txstart(p, MSG_MISC | MISC_GREET);
473 * Arguments: @peer *p@ = pointer to peer block
474 * @buf *b@ = buffer containing incoming packet
478 * Use: Handles a packet which needs to be sent to a peer.
481 void p_tun(peer *p, buf *b)
483 buf *bb = p_txstart(p, MSG_PACKET);
486 if (ksl_encrypt(&p->ks, MSG_PACKET, b, bb))
488 if (BOK(bb) && BLEN(bb)) {
490 p->st.sz_ipout += BLEN(bb);
495 /* --- @p_keyreload@ --- *
501 * Use: Forces a check of the daemon's keyring files.
504 void p_keyreload(void)
509 for (p = peers; p; p = p->next)
514 /* --- @p_interval@ --- *
520 * Use: Called periodically to do tidying.
523 void p_interval(void)
528 for (p = peers; p; p = p->next)
532 /* --- @p_stats@ --- *
534 * Arguments: @peer *p@ = pointer to a peer block
536 * Returns: A pointer to the peer's statistics.
539 stats *p_stats(peer *p) { return (&p->st); }
541 /* --- @p_ifname@ --- *
543 * Arguments: @peer *p@ = pointer to a peer block
545 * Returns: A pointer to the peer's interface name.
548 const char *p_ifname(peer *p) { return (p->t->ops->ifname(p->t)); }
550 /* --- @p_addr@ --- *
552 * Arguments: @peer *p@ = pointer to a peer block
554 * Returns: A pointer to the peer's address.
557 const addr *p_addr(peer *p) { return (&p->spec.sa); }
559 /* --- @p_init@ --- *
561 * Arguments: @struct in_addr addr@ = address to bind to
562 * @unsigned port@ = port number to listen to
566 * Use: Initializes the peer system; creates the socket.
569 void p_init(struct in_addr addr, unsigned port)
572 struct sockaddr_in sin;
575 /* --- Note on socket buffer sizes --- *
577 * For some bizarre reason, Linux 2.2 (at least) doubles the socket buffer
578 * sizes I pass to @setsockopt@. I'm not putting special-case code here
579 * for Linux: BSD (at least TCPv2) does what I tell it rather than second-
583 if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
584 die(EXIT_FAILURE, "socket creation failed: %s", strerror(errno));
586 sin.sin_family = AF_INET;
588 sin.sin_port = htons(port);
589 if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)))
590 die(EXIT_FAILURE, "bind failed: %s", strerror(errno));
591 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len, sizeof(len)) ||
592 setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &len, sizeof(len))) {
593 die(EXIT_FAILURE, "failed to set socket buffer sizes: %s",
596 fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
597 sel_initfile(&sel, &sock, fd, SEL_READ, p_read, 0);
599 T( trace(T_PEER, "peer: created socket"); )
602 /* --- @p_port@ --- *
606 * Returns: Port number used for socket.
609 unsigned p_port(void)
612 size_t sz = sizeof(addr);
614 if (getsockname(sock.fd, &a.sa, &sz))
615 die(EXIT_FAILURE, "couldn't read port number: %s", strerror(errno));
616 assert(a.sa.sa_family == AF_INET);
617 return (ntohs(a.sin.sin_port));
620 /* --- @p_keepalive@ --- *
622 * Arguments: @struct timeval *now@ = the current time
623 * @void *pv@ = peer to wake up
627 * Use: Sends a keepalive ping message to its peer.
630 static void p_keepalive(struct timeval *now, void *pv)
633 p_txstart(p, MSG_MISC | MISC_NOP); p_dotxend(p);
634 T( trace(T_PEER, "peer: sent keepalive to %s", p->spec.name); )
638 /* --- @p_setkatimer@ --- *
640 * Arguments: @peer *p@ = peer to set
644 * Use: Resets the keepalive timer thing.
647 static void p_setkatimer(peer *p)
653 gettimeofday(&tv, 0);
654 tv.tv_sec += p->spec.t_ka;
655 sel_addtimer(&sel, &p->tka, &tv, p_keepalive, p);
658 /* --- @p_create@ --- *
660 * Arguments: @peerspec *spec@ = information about this peer
662 * Returns: Pointer to the peer block, or null if it failed.
664 * Use: Creates a new named peer block. No peer is actually attached
668 peer *p_create(peerspec *spec)
670 peer *p = CREATE(peer);
672 T( trace(T_PEER, "peer: creating new peer `%s'", spec->name); )
674 p->spec.name = xstrdup(spec->name);
678 memset(&p->st, 0, sizeof(stats));
679 p->st.t_start = time(0);
680 if ((p->t = spec->tops->create(p)) == 0)
683 if (kx_init(&p->kx, p, &p->ks))
689 switch (p->spec.sa.sa.sa_family) {
691 a_notify("ADD %s %s INET %s %u",
693 p->t->ops->ifname(p->t),
694 inet_ntoa(p->spec.sa.sin.sin_addr),
695 (unsigned)ntohs(p->spec.sa.sin.sin_port));
698 a_notify("ADD %s %s UNKNOWN", spec->name, p->t->ops->ifname(p->t));
701 a_notify("KXSTART %s", spec->name); /* Couldn't tell anyone before */
706 sel_rmtimer(&p->tka);
707 p->t->ops->destroy(p->t);
714 /* --- @p_name@ --- *
716 * Arguments: @peer *p@ = pointer to a peer block
718 * Returns: A pointer to the peer's name.
721 const char *p_name(peer *p) { return (p->spec.name); }
723 /* --- @p_spec@ --- *
725 * Arguments: @peer *p@ = pointer to a peer block
727 * Returns: Pointer to the peer's specification
730 const peerspec *p_spec(peer *p) { return (&p->spec); }
732 /* --- @p_find@ --- *
734 * Arguments: @const char *name@ = name to look up
736 * Returns: Pointer to the peer block, or null if not found.
738 * Use: Finds a peer by name.
741 peer *p_find(const char *name)
744 for (p = peers; p; p = p->next) {
745 if (strcmp(name, p->spec.name) == 0)
751 /* --- @p_destroy@ --- *
753 * Arguments: @peer *p@ = pointer to a peer
757 * Use: Destroys a peer.
760 void p_destroy(peer *p)
764 T( trace(T_PEER, "peer: destroying peer `%s'", p->spec.name); )
765 a_notify("KILL %s", p->spec.name);
768 p->t->ops->destroy(p->t);
770 sel_rmtimer(&p->tka);
772 for (pg = p->pings; pg; pg = ppg) {
774 p_pingdone(pg, PING_PEERDIED);
777 p->next->prev = p->prev;
779 p->prev->next = p->next;
785 /* --- @p_first@, @p_next@ --- *
787 * Arguments: @peer *p@ = a peer block
789 * Returns: @peer_first@ returns the first peer in some ordering;
790 * @peer_next@ returns the peer following a given one in the
791 * same ordering. Null is returned for the end of the list.
794 peer *p_first(void) { return (peers); }
795 peer *p_next(peer *p) { return (p->next); }
797 /*----- That's all, folks -------------------------------------------------*/