chiark / gitweb /
3 months agoserver/: Post-merge fixup. bleeding
Mark Wooding [Wed, 11 Oct 2017 01:02:39 +0000 (02:02 +0100)]
server/: Post-merge fixup.

There's a slightly nasty semantic conflict between the two branches:
mdw/knock introduces a new function which sends a packet to an address
which might not belong to a registered peer, and mdw/ipv6 means that
this now has to cope with multiple address families.  The mess is
surprisingly limited, all things considered.

3 months agoMerge branches 'mdw/knock' and 'mdw/ipv6' into bleeding
Mark Wooding [Fri, 25 Jan 2019 12:08:24 +0000 (12:08 +0000)]
Merge branches 'mdw/knock' and 'mdw/ipv6' into bleeding

* mdw/knock:
  Add notion of `ephemeral' associations and a goodbye protocol.
  Add new `knock' protocol.
  server/{keyexch,peer}.c: Maybe key-exchange messages come out of the blue.
  server/keyexch.c (kx_message): Squish vertically.
  server/keyexch.c: Abstract out the common message-handling behaviour.
  server/keymgmt.c: Track and find keys by their 32-bit IDs.
  server/test.c: Add a program to assist unit tests.
  server/servutil.c: Add utilities for plain asymmetric encryption.
  server/servutil.c: Add utilities for simple leaky-bucket rate limiting.
  server/keyexch.c: Rename kx_init => kx_setup.
  server/: Augment challenges to allow a payload.
  server/chal.c: Capture `master->algs.bulk' in a variable.
  server/chal.c: Rename bulk => bchal.
  server/: Expose and enhance the bulk-key-derivation protocol.

* mdw/ipv6: (64 commits)
  contrib/ Accept IPv6 addresses.
  contrib/ Fixing for IPv6.
  svc/ Add IPv6 support.
  svc/ Split out a base class from `InetAddress'.
  svc/ Contemplate multiple address families.
  svc/ Allow multiple networks in a peer pattern.
  svc/ (kickpeers): Refactor and reformat the search loop.
  svc/ (kickpeers): Rename `map' variable.
  svc/ Process peer patterns in order.
  svc/ Maintain config groups in a dictionary.
  svc/ Make an `InetAddress' class to do address wrangling.
  svc/ Factor out network parsing.
  svc/ Gather address hacking functions into a new section.
  svc/ Introduce a function for parsing address strings.
  svc/ (strmask): Consistently return a string object.
  svc/ Fix netmask parsing.
  svc/ Leave time for network configuration to settle.
  svc/ Hoist `netupdown' above `kickpeers'.
  server/, mon/: Introduce transport of TrIPE over IPv6.
  server/addrmap.c (hash): Visually tighten the arithmetic.

3 months agoAdd notion of `ephemeral' associations and a goodbye protocol. mdw/knock
Mark Wooding [Tue, 5 Sep 2017 21:26:51 +0000 (22:26 +0100)]
Add notion of `ephemeral' associations and a goodbye protocol.

When TrIPE kills an ephemeral peer, it sends a `bye' message to the
peer.  When TrIPE receives `bye' from an ephemeral peer, it kills the
peer (without sending `bye' back).

Augment the `connect' service to set appropriate flags when adding
peers, and the Wireshark dissector to understand the new message.

10 months agocontrib/ Accept IPv6 addresses. mdw/ipv6
Mark Wooding [Thu, 12 Oct 2017 01:39:26 +0000 (02:39 +0100)]
contrib/ Accept IPv6 addresses.

10 months agocontrib/ Fixing for IPv6.
Mark Wooding [Tue, 26 Sep 2017 10:15:06 +0000 (11:15 +0100)]
contrib/ Fixing for IPv6.

Accept `INET6' addresses from the server; detect IPv6 literals from the
configuration file; and adjust the MTU accordingly to compensate for the
different IP header lengths.

10 months agosvc/ Add IPv6 support.
Mark Wooding [Fri, 29 Sep 2017 08:25:48 +0000 (09:25 +0100)]
svc/ Add IPv6 support.

This is now a simple matter of implementing an `Inet6Address' class and
tweaking the `parse_address' function.

10 months agosvc/ Split out a base class from `InetAddress'.
Mark Wooding [Fri, 29 Sep 2017 08:23:43 +0000 (09:23 +0100)]
svc/ Split out a base class from `InetAddress'.

Now adding more families should be pretty easy.

10 months agosvc/ Contemplate multiple address families.
Mark Wooding [Fri, 29 Sep 2017 08:15:05 +0000 (09:15 +0100)]
svc/ Contemplate multiple address families.

A number of relatively simple changes, with no overall functional change
except for a few diagnostic messages.

  * Attach the address-family code and a name string to the
    `InetAddress' class.  This will mean that we can add new address
    families without breaking things.

  * Make `testaddrs' (and related variables) be a dictionary, mapping
    address families to addresses, rather than just a lone address.

  * Ensure that the networks in a peer assignment belong to the same
    family.  They will do for now, because there's only one.

  * Have `kickpeers' maintain a local IP address for each family, rather
    than just a single one.

10 months agosvc/ Allow multiple networks in a peer pattern.
Mark Wooding [Fri, 29 Sep 2017 00:24:47 +0000 (01:24 +0100)]
svc/ Allow multiple networks in a peer pattern.

This is sensible now that we're not trying to compare them for

10 months agosvc/ (kickpeers): Refactor and reformat the search loop.
Mark Wooding [Fri, 29 Sep 2017 00:18:25 +0000 (01:18 +0100)]
svc/ (kickpeers): Refactor and reformat the search loop.

The `ip' variable wasn't doing anything except remembering whether we'd
found a match, so replace it with a flag.  This frees up the `ip' name,
so give that to the bizarrely named `ipq' variable which holds the
discovered local address.

10 months agosvc/ (kickpeers): Rename `map' variable.
Mark Wooding [Fri, 29 Sep 2017 00:13:53 +0000 (01:13 +0100)]
svc/ (kickpeers): Rename `map' variable.

We shall want to call the `map' function.

10 months agosvc/ Process peer patterns in order.
Mark Wooding [Fri, 29 Sep 2017 00:05:26 +0000 (01:05 +0100)]
svc/ Process peer patterns in order.

Rewrite the configuration file parser entirely so as to process the
patterns in order, rather than messing about with topological sorting.
This will let us introduce various improvements to patterns which don't
have a clear specificness ordering.

10 months agosvc/ Maintain config groups in a dictionary.
Mark Wooding [Thu, 28 Sep 2017 23:15:19 +0000 (00:15 +0100)]
svc/ Maintain config groups in a dictionary.

Nothing cares about the relative order of the groups, and the
`showgroup' command wants to be able to look one up by name.  Really,
the question is why I didn't do it like this the first time.

10 months agosvc/ Make an `InetAddress' class to do address wrangling.
Mark Wooding [Thu, 28 Sep 2017 18:54:32 +0000 (19:54 +0100)]
svc/ Make an `InetAddress' class to do address wrangling.

The name is a little misleading: it can also represent a network, but
separating the two turns out to be a little tedious, so I don't bother.

This means that the configuration now actually contains (PEER,
TEST-ADDRESS, LOCAL-NET) triples, rather than keeping the address and
mask portions of the LOCAL-NET separate.

This is rather an invasive change.  Sorry.

10 months agosvc/ Factor out network parsing.
Mark Wooding [Thu, 28 Sep 2017 18:26:51 +0000 (19:26 +0100)]
svc/ Factor out network parsing.

The new function is a little stricter than the old one.  The address
given must actually be the base address of the network, rather than any
old address within it.

10 months agosvc/ Gather address hacking functions into a new section.
Mark Wooding [Thu, 28 Sep 2017 18:20:35 +0000 (19:20 +0100)]
svc/ Gather address hacking functions into a new section.

10 months agosvc/ Introduce a function for parsing address strings.
Mark Wooding [Thu, 28 Sep 2017 18:16:33 +0000 (19:16 +0100)]
svc/ Introduce a function for parsing address strings.

It still returns a raw integer -- for now.  But it's a start.

10 months agosvc/ (strmask): Consistently return a string object.
Mark Wooding [Thu, 28 Sep 2017 18:12:54 +0000 (19:12 +0100)]
svc/ (strmask): Consistently return a string object.

Inexplicably, this used to return an integer if the mask covered a
prefix.  Fortunately, it was always invoked in order to produce a thing
which is printed via `%s', which stringifies anyway.

10 months agosvc/ Fix netmask parsing.
Mark Wooding [Thu, 28 Sep 2017 18:10:34 +0000 (19:10 +0100)]
svc/ Fix netmask parsing.

  * Improve the checking for a prefix length: see if the thing is
    entirely made of digits, rather than searching for a `.'.

  * More importantly, if we have a general netmask, then parse the
    correct part of the network spec as the mask.

10 months agosvc/ Leave time for network configuration to settle.
Mark Wooding [Thu, 28 Sep 2017 18:01:11 +0000 (19:01 +0100)]
svc/ Leave time for network configuration to settle.

Introduce new machinery to delay `kicking' the peer configuration.

  * Changes as a result of reports from NetworkManager and similar are
    now delayed, currently by 2s.  Further reports restart the delay, so
    we update 2s after the last report in a sequence.  This long delay
    is unfortunate, but necessary according to my experiments.

  * The 30s interval timer no longer does anything if a kick is
    scheduled but delayed.

  * Kicks resulting from initial state inspections aren't delayed;
    neither are direct user requests via the `up' and `down' commands.

10 months agosvc/ Hoist `netupdown' above `kickpeers'.
Mark Wooding [Thu, 28 Sep 2017 17:58:07 +0000 (18:58 +0100)]
svc/ Hoist `netupdown' above `kickpeers'.

This will be part of a collection of little functions, and some will
definitely want to be above `kickpeers'.  It seems silly to separate
them with this monster function.

10 months agoserver/, mon/: Introduce transport of TrIPE over IPv6.
Mark Wooding [Fri, 29 Sep 2017 09:08:52 +0000 (10:08 +0100)]
server/, mon/: Introduce transport of TrIPE over IPv6.

This depends on ADNS for IPv6 name resolution.

10 months agoserver/addrmap.c (hash): Visually tighten the arithmetic.
Mark Wooding [Fri, 29 Sep 2017 09:06:13 +0000 (10:06 +0100)]
server/addrmap.c (hash): Visually tighten the arithmetic.

10 months agoserver/: Eliminate the remaining address-family-specific knowledge.
Mark Wooding [Fri, 29 Sep 2017 08:58:08 +0000 (09:58 +0100)]
server/: Eliminate the remaining address-family-specific knowledge.

Outside of a few functions in `addrmap.c' and `servutil.c'.  Name
resolution now fails softly if it encounters an unexpected address
family (which can happen because of numeric conversion through
`getaddrinfo'), and the ADNS query flags are now set via the `aftab'.

10 months agoserver/: Maybe use GNU ADNS rather than mLib's `bres' for name resolution.
Mark Wooding [Fri, 29 Sep 2017 08:51:58 +0000 (09:51 +0100)]
server/: Maybe use GNU ADNS rather than mLib's `bres' for name resolution.

This will let us do IPv6 resolution later.  For now, very little looks
like it's changed.

10 months agoserver/: Use modern functions for address/text conversions.
Mark Wooding [Sat, 16 Sep 2017 18:21:28 +0000 (19:21 +0100)]
server/: Use modern functions for address/text conversions.

The tricky part is the change to the `p_init' function, which now takes
a list of `addrinfo' structures and goes through the motions of matching
the addresses up to `udpsock' slots, but actually everything is rigged
so that there's only the IPv4 entry.

10 months agoserver/admin.c (a_resolve): Parse using the `aftab' table.
Mark Wooding [Sat, 16 Sep 2017 18:09:40 +0000 (19:09 +0100)]
server/admin.c (a_resolve): Parse using the `aftab' table.

Also, introduce a new `ANY' pseudo-family which does the right thing
using the resolver.

10 months agoserver/: Introduce accessor functions for reading and writing port numbers.
Mark Wooding [Sat, 16 Sep 2017 16:38:32 +0000 (17:38 +0100)]
server/: Introduce accessor functions for reading and writing port numbers.

There are still some raw accesses to port numbers outside of address-
family switches, but these are all concerned with conversions between
address structures and strings, and this will be fixed in a later

10 months agoserver/admin.h: Consolidate address construction during resolution.
Mark Wooding [Sat, 16 Sep 2017 16:06:41 +0000 (17:06 +0100)]
server/admin.h: Consolidate address construction during resolution.

Previously, setting up the socket address was kind of scattered
throughout the resolver code: the address family was set up front; the
port number stashed a bit later; and then the address plugged in once
the resolution job finished.

Instead, keep the port number separate once we've worked out what it is,
and build the entire socket address in one go at each site (once in the
background-resolver callback, and once for parsing a numerical address).

10 months agoserver/admin.c (acmd_addr): Don't assert about the address family.
Mark Wooding [Sat, 16 Sep 2017 15:44:40 +0000 (16:44 +0100)]
server/admin.c (acmd_addr): Don't assert about the address family.

The `?ADDR' formatting directive can look after itself.

10 months agoserver/admin.c: Tweak tracing of background resolver jobs.
Mark Wooding [Sat, 16 Sep 2017 15:42:49 +0000 (16:42 +0100)]
server/admin.c: Tweak tracing of background resolver jobs.

This will make more sense later.

10 months agoserver/: Institute `address family table'; contemplate multiple sockets.
Mark Wooding [Sat, 16 Sep 2017 14:30:42 +0000 (15:30 +0100)]
server/: Institute `address family table'; contemplate multiple sockets.

This is a slightly oddly-shaped change which lays important groundwork
for the future.

  * Firstly, it creates a table of address families, currently not very
    interestingly since there's only one, but this will be an essential
    tool for adding IPv6 support later.

  * Secondly, it turns the peer module's `sock' into a global vector
    `udpsock' of UDP sockets, possibly one for each of the supported
    address families.  There's no real change here, because there's only
    one address family known, but the `port' command has grown an
    address-family argument in case they have different ports.  To make
    this work, each peer now keeps track of the index of the socket it
    should use for transmitting messages.

10 months agopathmtu/pathmtu.c: Support IPv6 in the `raw' probing strategy.
Mark Wooding [Fri, 15 Sep 2017 00:52:47 +0000 (01:52 +0100)]
pathmtu/pathmtu.c: Support IPv6 in the `raw' probing strategy.

Add code for constructing and parsing IPv6 packets.  This is rather
annoying and fiddly, in ways which are excitingly different from the
ways in which raw sockets are exciting and fiddly with IPv4.

10 months agopathmtu/pathmtu.c (raw): Switchify the code.
Mark Wooding [Fri, 15 Sep 2017 00:51:07 +0000 (01:51 +0100)]
pathmtu/pathmtu.c (raw): Switchify the code.

This is mostly an exercise in re-indenting things.  There's no
functional change; here, we just ease the transition to the next commit.

10 months agopathmtu/pathmtu.c (raw): Maintain the port numbers separately.
Mark Wooding [Fri, 15 Sep 2017 00:46:31 +0000 (01:46 +0100)]
pathmtu/pathmtu.c (raw): Maintain the port numbers separately.

The Linux raw-IPv6-sockets machinery doesn't like port numbers in socket
addresses, so keep track of the ports separately and clear out the port
numbers in the address structures.

10 months agopathmtu/pathmtu.c: Check against UDP header length, not pointer size.
Mark Wooding [Thu, 14 Sep 2017 12:25:12 +0000 (13:25 +0100)]
pathmtu/pathmtu.c: Check against UDP header length, not pointer size.

10 months agopathmtu/pathmtu.c: Use newer-style type names in pseudoheader struct.
Mark Wooding [Thu, 14 Sep 2017 10:32:18 +0000 (11:32 +0100)]
pathmtu/pathmtu.c: Use newer-style type names in pseudoheader struct.

10 months agopathmtu/pathmtu.c: Support IPv6 in Linux probing method.
Mark Wooding [Thu, 14 Sep 2017 09:14:59 +0000 (10:14 +0100)]
pathmtu/pathmtu.c: Support IPv6 in Linux probing method.

10 months agopathmtu/pathmtu.c: Support IPv6 addresses in the generic code.
Mark Wooding [Thu, 14 Sep 2017 08:57:32 +0000 (09:57 +0100)]
pathmtu/pathmtu.c: Support IPv6 addresses in the generic code.

They don't work in any of the low-level methods yet.  That's going to
come later.

10 months agopathmtu/pathmtu.c: Replace explicit `sockaddr_in' structures with union.
Mark Wooding [Thu, 14 Sep 2017 08:25:33 +0000 (09:25 +0100)]
pathmtu/pathmtu.c: Replace explicit `sockaddr_in' structures with union.

First steps towards IPv6 support.  There's no functional change, just a
bunch of refactoring and some extra checking which isn't currently

10 months agopathmtu/pathmtu.c (raw): Check the UDP packet signature.
Mark Wooding [Tue, 19 Sep 2017 09:02:25 +0000 (10:02 +0100)]
pathmtu/pathmtu.c (raw): Check the UDP packet signature.

10 months agopathmtu/pathmtu.c: Document the `--verbose' option.
Mark Wooding [Thu, 14 Sep 2017 08:38:04 +0000 (09:38 +0100)]
pathmtu/pathmtu.c: Document the `--verbose' option.

It wasn't supposed to be a secret.

10 months agopathmtu/pathmtu.c: Document the correct short option for `--version'.
Mark Wooding [Thu, 14 Sep 2017 08:56:11 +0000 (09:56 +0100)]
pathmtu/pathmtu.c: Document the correct short option for `--version'.

10 months agoproxy/tripe-mitm.c: Support for IPv6.
Mark Wooding [Wed, 13 Sep 2017 10:11:01 +0000 (11:11 +0100)]
proxy/tripe-mitm.c: Support for IPv6.

Now we're using getaddrinfo(3), we can also allow service names for
ports, but this is rather incidental.

10 months agoproxy/tripe-mitm.c: Allow user control over the delimiter.
Mark Wooding [Wed, 13 Sep 2017 09:19:56 +0000 (10:19 +0100)]
proxy/tripe-mitm.c: Allow user control over the delimiter.

It turns out that `:' was a terrible choice given the syntax of IPv6
addresses.  I probably knew this at the time, even.

10 months agoproxy/tripe-mitm.c: Abolish use of RC4.
Mark Wooding [Wed, 13 Sep 2017 09:04:46 +0000 (10:04 +0100)]
proxy/tripe-mitm.c: Abolish use of RC4.

10 months agoproxy/tripe-mitm.c: Reformat.
Mark Wooding [Wed, 13 Sep 2017 09:19:02 +0000 (10:19 +0100)]
proxy/tripe-mitm.c: Reformat.

10 months agopkstream/pkstream.c: Enable IPv6 address support.
Mark Wooding [Thu, 28 Sep 2017 01:04:53 +0000 (02:04 +0100)]
pkstream/pkstream.c: Enable IPv6 address support.

Implement the address-helper branches for IPv6, and set the default
address family to `AF_UNSPEC'.  Also, introduce command-line switches
for limiting address resolution.

10 months agopkstream/pkstream.c (parseaddr): Allow address literals in brackets.
Mark Wooding [Thu, 28 Sep 2017 01:02:03 +0000 (02:02 +0100)]
pkstream/pkstream.c (parseaddr): Allow address literals in brackets.

Actually, they don't have to be literals.  Don't tell anyone.

10 months agopkstream/pkstream.c: Be more careful about handling address families.
Mark Wooding [Thu, 28 Sep 2017 00:52:03 +0000 (01:52 +0100)]
pkstream/pkstream.c: Be more careful about handling address families.

  * Introduce a concept of `known' address families.  Currently, only
    `AF_INET' is known.

  * Filter `struct addrinfo' chains for known address families.  If we
    come up short, complain.

  * Tweak `aihints' to arrange that addresses which are supposed to
    match up actually will do: so server peer and bind addresses should
    match; client bind and connect addresses should match; and UDP local
    and remote addresses should match.

  * Initialize address structures using the `ai_family' slot from the
    appropriate `struct addrinfo' structure.

10 months agopkstream/pkstream.c: Introduce an `initsock' function which does nothing.
Mark Wooding [Thu, 28 Sep 2017 00:47:43 +0000 (01:47 +0100)]
pkstream/pkstream.c: Introduce an `initsock' function which does nothing.

Only it checks the address family first.  This will be important because
IPv6 sockets /do/ need a little special initialization.

10 months agopkstream/pkstream.c: Use `getaddrinfo' to resolve addresses and services.
Mark Wooding [Thu, 28 Sep 2017 00:41:43 +0000 (01:41 +0100)]
pkstream/pkstream.c: Use `getaddrinfo' to resolve addresses and services.

This will give us multiple addresses for simple queries, which we must
do something sensible with:

  * for server bind and peer addresses, we accumulate them in our
    address vectors as before;

  * for client bind addresses, and local UDP addresses, we just take
    the first match, and hope that's good enough; and

  * for client connect addresses, and remote UDP addresses, we try to
    connect to each address in turn and take the first one that works.

Some utility functions have been added or enhanced:

  * `pushaddr' has become `pushaddrs', and its job is now to push the
    addresses from a `struct addrinfo' chain onto an address vector; and

  * `copyaddr' has been introduced to do possible partial copies of

Note that everything is still strictly IPv4 throughout.  But almost all
of the pieces are now in place...

11 months agopkstream/pkstream.c: Allow multiple listening and peer addresses.
Mark Wooding [Wed, 27 Sep 2017 23:38:58 +0000 (00:38 +0100)]
pkstream/pkstream.c: Allow multiple listening and peer addresses.

When being a TCP server.

  * Accept multiple `-b' and `-p' options, and accumulate their values
    into string vectors;

  * expand the `connwait' addresses into vectors;

  * when resolving addresses, accumulate the addresses into the
    appropriate result vectors;

  * maintain multiple `sel_file' objects waiting for their respective
    listening sockets;

  * and search the vector of peers when accepting incoming
    connections (an empty vector means that all remote addresses are
    permitted, so we no longer need to dig into the address structure

11 months agopkstream/pkstream.c: Fetch protocol family codes from addresses.
Mark Wooding [Wed, 27 Sep 2017 22:56:07 +0000 (23:56 +0100)]
pkstream/pkstream.c: Fetch protocol family codes from addresses.

Now the only mentions of `AF_INET' are in the address-handling

11 months agopkstream/pkstream.c: Introduce helper functions to fiddle with addresses.
Mark Wooding [Wed, 27 Sep 2017 22:49:01 +0000 (23:49 +0100)]
pkstream/pkstream.c: Introduce helper functions to fiddle with addresses.

The remaining places where pieces of addresses are fiddled with
directly, outside of these new functions, are:

  * in `doaccept', where we continue inspect the peer address to see if
    it's a wildcard, because we'll handle this in a very different way
    later; and

  * in `parseaddr', which needs to fill in addresses and port numbers.

11 months agopkstream/pkstream.c: Wrap addresses up in a union.
Mark Wooding [Wed, 27 Sep 2017 22:38:38 +0000 (23:38 +0100)]
pkstream/pkstream.c: Wrap addresses up in a union.

This makes casting to `struct sockaddr' pointers more pleasant, but
doesn't do anything else of use yet.  No functional change.

11 months agopkstream/pkstream.c: Set a flag if we're listening.
Mark Wooding [Wed, 27 Sep 2017 22:30:30 +0000 (23:30 +0100)]
pkstream/pkstream.c: Set a flag if we're listening.

Rather than having to check the address.  This means that we don't need
to initialize `' if we /aren't/ listening, so don't.

11 months agopkstream/pkstream.c: Rearrange socket setup, particularly `parseaddr'.
Mark Wooding [Wed, 27 Sep 2017 19:49:00 +0000 (20:49 +0100)]
pkstream/pkstream.c: Rearrange socket setup, particularly `parseaddr'.

  * Have `parseaddr' fill in a socket address structure directly.

  * Change the interface to pass in either separate host and
    service (does this remind you of anything?) names, or a single
    combined string to be parsed apart, as indicated by a new flag

  * Have `main' keep track of the various host and service name strings
    and then sort everything out at the end, rather than exercising the
    resolver during option parsing.  Take advantage of this by
    diagnosing incompatible option combinations.

  * To make this work, upgrade `cw.peer' to be full socket address.

  * Factor out socket-address initialization, and initialize the
    structures on demand rather than in advance.

11 months agopkstream/pkstream.c: Reformat to my current conventions.
Mark Wooding [Wed, 27 Sep 2017 09:49:38 +0000 (10:49 +0100)]
pkstream/pkstream.c: Reformat to my current conventions.

Squash tightly related instructions onto single lines where they fit.
Hoist variable declarations from inner scopes up to the function scope.

11 months agopeerdb/ Add a new resolver based on adnshost(1).
Mark Wooding [Wed, 27 Sep 2017 09:03:06 +0000 (10:03 +0100)]
peerdb/ Add a new resolver based on adnshost(1).

This can resolve names to IPv6 addresses, so use it if it's available.

11 months agopeerdb/ Split out a resolver base class.
Mark Wooding [Wed, 27 Sep 2017 08:51:04 +0000 (09:51 +0100)]
peerdb/ Split out a resolver base class.

Now we can add different kinds of resolvers a bit more easily, and
choose which one we want to use.

11 months agopeerdb/ Add support for v4 and v6 address literals.
Mark Wooding [Wed, 27 Sep 2017 08:07:20 +0000 (09:07 +0100)]
peerdb/ Add support for v4 and v6 address literals.

At least they get canonified now.  I think v4 literals should have
worked before, but it seems that they didn't.  This adds a `6' flag to
request only the v6 addresses for a name, but currently you can predict
which addresses you get pretty well.

11 months agopeerdb/ Split `prepare' in twain.
Mark Wooding [Wed, 27 Sep 2017 08:40:01 +0000 (09:40 +0100)]
peerdb/ Split `prepare' in twain.

There's now a front-end, still called `prepare', which establishes the
`ResolvingHost' if necessary, and a back-end, `_prepare' which actually
does the work.

You might well think that this is preparatory work for splitting out a
superclass.  I couldn't possibly comment.

11 months agopeerdb/ Introduce the idea of multiple address families.
Mark Wooding [Tue, 26 Sep 2017 22:06:42 +0000 (23:06 +0100)]
peerdb/ Introduce the idea of multiple address families.

Have `ResolvingHost' track a list per address family.  Add a `4' flag
requesting just the IPv4 address(es), as if we had any other kind to

11 months agopeerdb/ Keep track of the canonical hostname too.
Mark Wooding [Tue, 26 Sep 2017 21:56:19 +0000 (22:56 +0100)]
peerdb/ Keep track of the canonical hostname too.

Not that I plan to do anything useful with that.

11 months agopeerdb/ Enhance addr-lookup syntax; return multiple addrs.
Mark Wooding [Tue, 26 Sep 2017 21:51:59 +0000 (22:51 +0100)]
peerdb/ Enhance addr-lookup syntax; return multiple addrs.

Keep track of multiple addresses for each host.  Extend the $[...]
syntax to allow substitution of all of the addresses, rather than just
the first.

11 months agopeerdb/ Split out a class for a host's resolved names.
Mark Wooding [Tue, 26 Sep 2017 21:37:16 +0000 (22:37 +0100)]
peerdb/ Split out a class for a host's resolved names.

This becomes the primary kind of object maintained in the resolver's

Also formalize the arrangements for reporting whether name resolution

This is an initial step towards introducing IPv6 support, initially in
this program, and later across the entire project.

11 months agoAdd new `knock' protocol.
Mark Wooding [Thu, 24 Aug 2017 20:31:43 +0000 (21:31 +0100)]
Add new `knock' protocol.

  * Add a new option to the `ADD' command giving the knock string to

  * Add new protocol messages `token-rq', `token', and `knock', which
    together allow a possibly unknown peer to collect a single-use
    token (`token-rq' and `token') which it can use to identify itself,
    and use this to introduce itself to its (presumably) static
    peer (`knock').  This last message can either provoke a `KNOCK'
    notification to a service, or initiate key-exchange using a
    piggybacked `pre-challenge', possibly after having updated the
    peer's address.

  * Update the `connect' service to collect the necessary knock strings
    from the peer database, and to respond to `KNOCK' notifications.

  * Update the Wireshark dissector to recognize and dissect the new
    messages.  (The `cap.knock' file sneakily includes a message from
    the future, to be dissected in a later modification.)

11 months agoserver/{keyexch,peer}.c: Maybe key-exchange messages come out of the blue.
Mark Wooding [Mon, 4 Sep 2017 00:15:35 +0000 (01:15 +0100)]
server/{keyexch,peer}.c: Maybe key-exchange messages come out of the blue.

Don't insist in `p_read' that key-exchange messages always come from a
known address.  Instead, leave this to `kx_message' to sort out.

This involves a change of interface to `kx_message', passing in the
sender address, and passing out an indication as to whether the address
was recognized.  It also means that there's a little extra fancy
footwork involved because `kx_message' might not have a key-exchange
control block conveniently to hand.

11 months agoserver/keyexch.c (kx_message): Squish vertically.
Mark Wooding [Mon, 4 Sep 2017 00:06:36 +0000 (01:06 +0100)]
server/keyexch.c (kx_message): Squish vertically.

This will make it look more like the new code I'm going to add.

11 months agoserver/keyexch.c: Abstract out the common message-handling behaviour.
Mark Wooding [Mon, 4 Sep 2017 00:02:02 +0000 (01:02 +0100)]
server/keyexch.c: Abstract out the common message-handling behaviour.

Add new functions for resetting the key-exchange state on reception, and
updating the statistics on send and receive.

11 months agoserver/keymgmt.c: Track and find keys by their 32-bit IDs.
Mark Wooding [Sun, 3 Sep 2017 23:17:40 +0000 (00:17 +0100)]
server/keymgmt.c: Track and find keys by their 32-bit IDs.

11 months agoserver/test.c: Add a program to assist unit tests.
Mark Wooding [Sat, 2 Sep 2017 21:04:42 +0000 (22:04 +0100)]
server/test.c: Add a program to assist unit tests.

11 months agoserver/servutil.c: Add utilities for plain asymmetric encryption.
Mark Wooding [Thu, 24 Aug 2017 20:25:53 +0000 (21:25 +0100)]
server/servutil.c: Add utilities for plain asymmetric encryption.

The encryption is standard KEM/DEM fare, using a Diffie--Hellman KEM and
a TrIPE bulk-crypto transform as a (very heavyweight) DEM.

11 months agoserver/servutil.c: Add utilities for simple leaky-bucket rate limiting.
Mark Wooding [Sat, 2 Sep 2017 13:59:53 +0000 (14:59 +0100)]
server/servutil.c: Add utilities for simple leaky-bucket rate limiting.

11 months agoserver/keyexch.c: Rename kx_init => kx_setup.
Mark Wooding [Sun, 3 Sep 2017 23:16:33 +0000 (00:16 +0100)]
server/keyexch.c: Rename kx_init => kx_setup.

I need the name for startup-time initialization of the key-exchange

11 months agoserver/: Augment challenges to allow a payload.
Mark Wooding [Mon, 4 Sep 2017 08:36:10 +0000 (09:36 +0100)]
server/: Augment challenges to allow a payload.

  * Augment the external interface to take a pointer/length pair
    designating the payload.

  * Change the bulk-crypto interface to pass the sequence number in
    separately from the (repurposed) payload buffer.

  * Modify the `naclbox' challenge handling to hash the payload using
    Poly1305, rather than just producing some Salsa20 output.

11 months agoserver/chal.c: Capture `master->algs.bulk' in a variable.
Mark Wooding [Sun, 3 Sep 2017 12:15:03 +0000 (13:15 +0100)]
server/chal.c: Capture `master->algs.bulk' in a variable.

Makes the code a bit less noisy.

11 months agoserver/chal.c: Rename bulk => bchal.
Mark Wooding [Sun, 3 Sep 2017 10:57:49 +0000 (11:57 +0100)]
server/chal.c: Rename bulk => bchal.

This makes space for other bulk-crypto objects in this file.  Also,
sneakily, rename the code section with the idea that there might be
another one later.

11 months agoserver/: Expose and enhance the bulk-key-derivation protocol.
Mark Wooding [Thu, 24 Aug 2017 21:24:07 +0000 (22:24 +0100)]
server/: Expose and enhance the bulk-key-derivation protocol.

  * Rename `struct rawkey' to `deriveargs', and document it;

  * make `ks_derivekey' private in `bulkcrypto.c', and rename it

  * make the various contributions to the derived keys be optional and
    handle them not existing sensibly; and

  * cope with the idea that a caller might only want incoming or
    outgoing keys, but not both.

This lays the groundwork for a separately usable public-key encryption
scheme based on the existing machinery, but this will come a bit later.

11 months agoserver/ Add missing docs about `PRIVSEP' warnings. mdw/fixes
Mark Wooding [Sun, 13 May 2018 01:02:05 +0000 (02:02 +0100)]
server/ Add missing docs about `PRIVSEP' warnings.

I don't know where these went.

11 months agokeys/ Fix typoed signature scheme name.
Mark Wooding [Wed, 13 Jun 2018 10:21:21 +0000 (11:21 +0100)]
keys/ Fix typoed signature scheme name.

11 months agoserver/admin.c: Delete a redundant ignoring of `SIGPIPE'.
Mark Wooding [Sat, 12 May 2018 10:38:08 +0000 (11:38 +0100)]
server/admin.c: Delete a redundant ignoring of `SIGPIPE'.

The real one is in `main' in `tripe.c'.

11 months agoserver/tripe.h: Fix indentation of a preprocessor directive.
Mark Wooding [Sat, 19 May 2018 19:41:45 +0000 (20:41 +0100)]
server/tripe.h: Fix indentation of a preprocessor directive.

This appears to have been broken since 2005.

11 months agopeerdb/ (MissingSectionException): Fix constructor.
Mark Wooding [Mon, 11 Jun 2018 12:09:33 +0000 (13:09 +0100)]
peerdb/ (MissingSectionException): Fix constructor.

11 months agosvc/ (addpeer): Use `boolean' filter rather than a local hack.
Mark Wooding [Mon, 11 Jun 2018 12:02:03 +0000 (13:02 +0100)]
svc/ (addpeer): Use `boolean' filter rather than a local hack.

Now that `Peer.get' actually works properly, this is safe.

11 months agosvc/ (Peer.get): Don't apply filter to default value.
Mark Wooding [Mon, 11 Jun 2018 12:00:07 +0000 (13:00 +0100)]
svc/ (Peer.get): Don't apply filter to default value.

Callers don't expect this, and there will be unfortunate behaviour.  For
example, `T.timespec' explodes if handed a literal integer rather than a

11 months agoserver/ Add missing documentation for error messages.
Mark Wooding [Mon, 11 Jun 2018 11:58:01 +0000 (12:58 +0100)]
server/ Add missing documentation for error messages.

11 months agoserver/ Fix markup for error messages.
Mark Wooding [Mon, 11 Jun 2018 11:45:29 +0000 (12:45 +0100)]
server/ Fix markup for error messages.

11 months agopeerdb/ Mark expected errors and report appropriately.
Mark Wooding [Sun, 27 May 2018 15:43:16 +0000 (16:43 +0100)]
peerdb/ Mark expected errors and report appropriately.

Introduce an `ExpectedError' class and catch it at top level, reporting
the error message in the traditional Unix style.

11 months agopeerdb/ (BulkResolver): Add exception for resolution failure.
Mark Wooding [Sun, 27 May 2018 17:14:42 +0000 (18:14 +0100)]
peerdb/ (BulkResolver): Add exception for resolution failure.

There's a space for describing the error properly, but we can't do that
at the moment because mLib's background resolver isn't loved.

11 months agopeerdb/ (ConfigSection.items): Report `name'.
Mark Wooding [Sun, 27 May 2018 13:49:24 +0000 (14:49 +0100)]
peerdb/ (ConfigSection.items): Report `name'.

It's always there, even if it's synthetic.  This changes the output,
including a `name' item in each host, but this is harmless (or possibly
even useful).

Maybe this should have been `@name', but it's too late for that now.

11 months agopeerdb/ (ConfigSection): Fix handling of `@inherits'.
Mark Wooding [Sun, 27 May 2018 13:00:02 +0000 (14:00 +0100)]
peerdb/ (ConfigSection): Fix handling of `@inherits'.

  * Make `get' return it properly -- unexpanded (because that wouldn't
    make sense).

  * Make `items' mention it if applicable.

This doesn't affect the final output, since the CDB writing stage omits
keys whose name begins with `@'.

11 months agopeerdb/ (ConfigSection.items): Push more cautiously.
Mark Wooding [Sun, 27 May 2018 12:51:45 +0000 (13:51 +0100)]
peerdb/ (ConfigSection.items): Push more cautiously.

Instead of recording which sections have been visited, record all
sections which have been pushed and avoid pushing them again.  This
reduces pointless stack activity.

11 months agopeerdb/ (ConfigSection.items): Rename `d' to `seen'.
Mark Wooding [Sun, 27 May 2018 11:57:53 +0000 (12:57 +0100)]
peerdb/ (ConfigSection.items): Rename `d' to `seen'.

We haven't tried to store useful values in this dictionary for a long
time.  Give it a more useful name.

See?  I do think about this.

11 months agopeerdb/ Fix memoization while resolving inheritance.
Mark Wooding [Sun, 27 May 2018 01:28:20 +0000 (02:28 +0100)]
peerdb/ Fix memoization while resolving inheritance.

The memoization never worked properly.  It's clear, because the code
tries to store old values in the `map' dictionary, that it /wants/ to
optimize repeated visits to the same parent section, but unfortunately
nothing actually picks these saved values up again.  I can't tell any
more, but I think this is because the memoization map never stored the
path, so a second visit would return an unhelpful truncated path.

Also, the per-lookup memoization isn't really very effective: we
pointlessly walk the inheritance graph afresh for each `get' call.

Replace this with a per-section cache of inheritance-resolved lookups,
complete with path information.

11 months agopeerdb/ Factor out calculating the parent-section list.
Mark Wooding [Sun, 27 May 2018 01:20:47 +0000 (02:20 +0100)]
peerdb/ Factor out calculating the parent-section list.

11 months agopeerdb/ Remove (undocumented) whitespace fixing.
Mark Wooding [Sat, 26 May 2018 13:48:11 +0000 (14:48 +0100)]
peerdb/ Remove (undocumented) whitespace fixing.

I don't think we ever needed this, except that there's a longstanding
mLib bug which means that newlines (and other whitespace other than
actual space characters) aren't escaped in `lax' mode, which would have
caused the `cdb-map' output to be broken.

Easy fix: turn off lax mode.

11 months agopeerdb/ (ConfigSection.items): Just return names.
Mark Wooding [Sat, 26 May 2018 13:47:06 +0000 (14:47 +0100)]
peerdb/ (ConfigSection.items): Just return names.

It has to do a full `get' for each one anyway, which the caller can do
just as well if they actually want to.  Sometimes they don't, which
saves some effort.

11 months agopeerdb/ Abolish `ConfigSection.has_option'.
Mark Wooding [Sat, 26 May 2018 13:42:36 +0000 (14:42 +0100)]
peerdb/ Abolish `ConfigSection.has_option'.

Instead, the caller just catches `MissingKeyException'.