[SECNET PATCH 05/12] polypath asymmetric routing: Priority to mobile sites

Ian Jackson ijackson at chiark.greenend.org.uk
Wed May 15 23:13:30 BST 2019 

It is better for the mobile peer to win the key setup priority
battle.  That makes handling the transport address implications,
particularly those of the MSG1, easier.

Since both ends must agree on who has priority, this must be
negotiated.  We use a capability bit for this.  Since the decision is
taken when we have only seen each other's MSG1, it must be an early
capability.  For compatibility with ancient (and security-buggy)
secnets, we can avoid advertising it if neither end is mobile.

Signed-off-by: Ian Jackson <ijackson at chiark.greenend.org.uk>
---
 magic.h | 5 +++--
 site.c  | 8 ++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/magic.h b/magic.h
index 4fe83f3..4389d54 100644
--- a/magic.h
+++ b/magic.h
@@ -36,9 +36,10 @@
 #define LABEL_PROD    0x0a0a0a0a
 
 /* uses of the 32-bit capability bitmap */
-#define CAPAB_EARLY           0x00000000 /* no Early flags yet (see NOTES) */
+#define CAPAB_EARLY           CAPAB_PRIORITY_MOBILE
 #define CAPAB_TRANSFORM_MASK  0x0000ffff
-/* remaining 16 bits are unused */
+#define CAPAB_PRIORITY_MOBILE 0x80000000 /* mobile site has MSG1 priority */
+/* remaining bits are unused */
 
 /*
  * The transform capability mask is a set of bits, one for each
diff --git a/site.c b/site.c
index 4a980d3..7185142 100644
--- a/site.c
+++ b/site.c
@@ -1742,6 +1742,11 @@ static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
 }
 
 static bool_t we_have_priority(struct site *st, const struct msg *m) {
+    if ((st->local_capabilities & m->remote_capabilities)
+	&& CAPAB_PRIORITY_MOBILE) {
+	if (st->local_mobile) return True;
+	if (st-> peer_mobile) return False;
+    }
     return st->our_name_later;
 }
 
@@ -2150,6 +2155,9 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
 	st->local_capabilities |= capbit;
     }
 
+    if (st->local_mobile || st->peer_mobile)
+	st->local_capabilities |= CAPAB_PRIORITY_MOBILE;
+
     /* We need to register the remote networks with the netlink device */
     uint32_t netlink_mtu; /* local virtual interface mtu */
     st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);
-- 
2.11.0

More information about the sgo-software-discuss mailing list