static sym_table byname;
static addrmap byaddr;
static sel_file sock;
+static unsigned nmobile;
/*----- Tunnel table ------------------------------------------------------*/
p_pingdone(pg, PING_OK);
}
+/* --- @p_rxupdstats@ --- *
+ *
+ * Arguments: @peer *p@ = peer to update
+ * @size_t n@ = size of incoming packet
+ *
+ * Returns: ---
+ *
+ * Use: Updates the peer's incoming packet statistics.
+ */
+
+static void p_rxupdstats(peer *p, size_t n)
+{
+ p->st.t_last = time(0);
+ p->st.n_in++;
+ p->st.sz_in += n;
+}
+
/* --- @p_encrypt@ --- *
*
* Arguments: @peer *p@ = peer to encrypt message to
/* --- @p_decrypt@ --- *
*
- * Arguments: @peer *p@ = peer to decrypt message from
+ * Arguments: @peer **pp@ = pointer to peer to decrypt message from
+ * @addr *a@ = address the packet arrived on
+ * @size_t n@ = size of original incoming packet
* @int ty@ = message type to expect
* @buf *bin, *bout@ = input and output buffers
*
*
* Use: Convenience function for packet decryption. Reports errors
* and updates statistics appropriately.
+ *
+ * If @*pp@ is null on entry and there are mobile peers then we
+ * see if any of them can decrypt the packet. If so, we record
+ * @*a@ as the peer's new address and send a notification.
*/
-static int p_decrypt(peer *p, int ty, buf *bin, buf *bout)
+static int p_decrypt(peer **pp, addr *a, size_t n,
+ int ty, buf *bin, buf *bout)
{
- if (ksl_decrypt(&p->ks, ty, bin, bout)) {
- p->st.n_reject++;
- a_warn("PEER", "?PEER", p, "decrypt-failed", A_END);
+ peer *p;
+ peer_byaddr *pa;
+ int err = KSERR_DECRYPT;
+ unsigned f;
+
+ if (*pp) {
+ p = *pp;
+ T( trace(T_PEER, "peer: decrypting packet from known peer `%s'",
+ p_name(p)); )
+ err = ksl_decrypt(&p->ks, ty, bin, bout);
+ } else {
+ p = 0;
+ if (nmobile) {
+ T( trace(T_PEER, "peer: unknown source: trying mobile peers..."); )
+ FOREACH_PEER(q, {
+ if ((err = ksl_decrypt(&q->ks, ty, bin, bout)) == KSERR_DECRYPT) {
+ T( trace(T_PEER, "peer: peer `%s' failed to decrypt",
+ p_name(q)); )
+ continue;
+ } else {
+ p = *pp = q;
+ IF_TRACING(T_PEER, {
+ if (!err)
+ trace(T_PEER, "peer: peer `%s' reports success", p_name(p));
+ else {
+ trace(T_PEER, "peer: peer `%s' reports decryption error %d",
+ p_name(p), err);
+ }
+ })
+ break;
+ }
+ });
+ }
+ if (!p) {
+ a_warn("PEER", "-", "unexpected-source", "?ADDR", a, A_END);
+ return (-1);
+ }
+ if (!err) {
+ T( trace(T_PEER, "peer: updating address for `%s'", p_name(p)); )
+ p_rxupdstats(p, n);
+ pa = am_find(&byaddr, a, sizeof(peer_byaddr), &f); assert(!f);
+ am_remove(&byaddr, p->byaddr);
+ p->byaddr = pa;
+ pa->p = p;
+ p->spec.sa = *a;
+ a_notify("NEWADDR", "?PEER", p, "?ADDR", a, A_END);
+ }
+ }
+ if (err) {
+ if (p) p->st.n_reject++;
+ a_warn("PEER", "?PEER", p, "decrypt-failed",
+ "error-code", "%d", err, A_END);
return (-1);
}
if (!BOK(bout))
return;
}
- /* --- Find the appropriate peer --- */
+ /* --- Find the appropriate peer --- *
+ *
+ * At this stage, don't worry too much about whether we actually found it.
+ */
- if ((p = p_findbyaddr(&a)) == 0) {
- a_warn("PEER", "-", "unexpected-source", "?ADDR", &a, A_END);
- return;
- }
+ p = p_findbyaddr(&a);
IF_TRACING(T_PEER, {
- trace(T_PEER, "peer: packet received from `%s'", p->spec.name);
+ if (p) {
+ trace(T_PEER,
+ "peer: packet received from `%s' from address INET %s %d",
+ p_name(p), inet_ntoa(a.sin.sin_addr), ntohs(a.sin.sin_port));
+ } else {
+ trace(T_PEER, "peer: packet received from unknown address INET %s %d",
+ inet_ntoa(a.sin.sin_addr), ntohs(a.sin.sin_port));
+ }
trace_block(T_PACKET, "peer: packet contents", buf_i, n);
})
/* --- Pick the packet apart --- */
- p->st.t_last = time(0);
- p->st.n_in++;
- p->st.sz_in += n;
+ if (p) p_rxupdstats(p, n);
buf_init(&b, buf_i, n);
if ((ch = buf_getbyte(&b)) < 0) {
a_warn("PEER", "?PEER", p, "bad-packet", "no-type", A_END);
"bad-packet",
"unknown-type", "0x%02x", ch,
A_END);
- p->st.n_reject++;
+ if (p) p->st.n_reject++;
return;
}
buf_init(&bb, buf_o, sizeof(buf_o));
- if (p_decrypt(p, MSG_PACKET, &b, &bb))
+ if (p_decrypt(&p, &a, n, MSG_PACKET, &b, &bb))
return;
if (BOK(&bb)) {
p->st.n_ipin++;
}
break;
case MSG_KEYEXCH:
+ if (!p) goto unexp;
kx_message(&p->kx, ch & MSG_TYPEMASK, &b);
break;
case MSG_MISC:
switch (ch & MSG_TYPEMASK) {
case MISC_NOP:
+ if (!p) goto unexp;
T( trace(T_PEER, "peer: received NOP packet"); )
break;
case MISC_PING:
+ if (!p) goto unexp;
buf_put(p_txstart(p, MSG_MISC | MISC_PONG), BCUR(&b), BLEFT(&b));
p_txend(p);
break;
case MISC_PONG:
+ if (!p) goto unexp;
p_ponged(p, MISC_PONG, &b);
break;
case MISC_EPING:
buf_init(&bb, buf_t, sizeof(buf_t));
- if (p_decrypt(p, ch, &b, &bb))
+ if (p_decrypt(&p, &a, n, ch, &b, &bb))
return;
if (BOK(&bb)) {
buf_flip(&bb);
break;
case MISC_EPONG:
buf_init(&bb, buf_t, sizeof(buf_t));
- if (p_decrypt(p, ch, &b, &bb))
+ if (p_decrypt(&p, &a, n, ch, &b, &bb))
return;
if (BOK(&bb)) {
buf_flip(&bb);
}
break;
default:
- p->st.n_reject++;
+ if (p) p->st.n_reject++;
a_warn("PEER",
"?PEER", p,
"bad-packet",
"unknown-category" "0x%02x", ch,
A_END);
break;
+ unexp:
+ a_warn("PEER", "-", "unexpected-source", "?ADDR", &a, A_END);
+ break;
}
}
a_notify("KXSTART", "?PEER", p, A_END);
/* Couldn't tell anyone before */
}
+ if (p->spec.f & PSF_MOBILE) nmobile++;
return (p);
tidy_4:
* Returns: A pointer to the peer's name.
*/
-const char *p_name(peer *p) { return (p->spec.name); }
+const char *p_name(peer *p)
+ { if (p) return (p->spec.name); else return ("-"); }
/* --- @p_tag@ --- *
*
{
peer_byaddr *pa;
- if ((pa = am_find(&byaddr, a, 0, 0)) != 0)
+ if ((pa = am_find(&byaddr, a, 0, 0)) != 0) {
+ assert(pa->p);
return (pa->p);
+ }
return (0);
}
a_notify("KILL", "%s", p->spec.name, A_END);
ksl_free(&p->ks);
kx_free(&p->kx);
+ if (p->spec.f & PSF_MOBILE)
+ nmobile--;
if (p->ifname)
xfree(p->ifname);
if (p->spec.tag)
~mdw / tripe / commitdiff