2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include "connection.h"
51 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
54 static void send_udppacket(node_t *, vpn_packet_t *);
56 unsigned replaywin = 16;
57 bool localdiscovery = true;
59 #define MAX_SEQNO 1073741824
61 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
62 mtuprobes == 31: sleep pinginterval seconds
63 mtuprobes == 32: send 1 burst, sleep pingtimeout second
64 mtuprobes == 33: no response from other side, restart PMTU discovery process
66 Probes are sent in batches of at least three, with random sizes between the
67 lower and upper boundaries for the MTU thus far discovered.
69 After the initial discovery, a fourth packet is added to each batch with a
70 size larger than the currently known PMTU, to test if the PMTU has increased.
72 In case local discovery is enabled, another packet is added to each batch,
73 which will be broadcast to the local network.
77 static void send_mtu_probe_handler(void *data) {
83 if(!n->status.reachable || !n->status.validkey) {
84 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
89 if(n->mtuprobes > 32) {
92 timeout = pinginterval;
96 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
97 n->status.udp_confirmed = false;
103 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
104 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
108 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
109 if(n->minmtu > n->maxmtu)
110 n->minmtu = n->maxmtu;
112 n->maxmtu = n->minmtu;
114 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
118 if(n->mtuprobes == 31) {
119 timeout = pinginterval;
121 } else if(n->mtuprobes == 32) {
122 timeout = pingtimeout;
125 for(int i = 0; i < 4 + localdiscovery; i++) {
129 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
132 } else if(n->maxmtu <= n->minmtu) {
135 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
142 memset(packet.data, 0, 14);
143 randomize(packet.data + 14, len - 14);
146 n->status.send_locally = i >= 4 && n->mtuprobes <= 10 && n->prevedge;
148 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
150 send_udppacket(n, &packet);
153 n->status.send_locally = false;
154 n->probe_counter = 0;
155 gettimeofday(&n->probe_time, NULL);
157 /* Calculate the packet loss of incoming traffic by comparing the rate of
158 packets received to the rate with which the sequence number has increased.
161 if(n->received > n->prev_received)
162 n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
164 n->packetloss = n->received_seqno <= n->prev_received_seqno;
166 n->prev_received_seqno = n->received_seqno;
167 n->prev_received = n->received;
170 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
173 void send_mtu_probe(node_t *n) {
174 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
175 send_mtu_probe_handler(n);
178 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
179 if(!packet->data[0]) {
180 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe request %d from %s (%s)", packet->len, n->name, n->hostname);
182 /* It's a probe request, send back a reply */
184 /* Type 2 probe replies were introduced in protocol 17.3 */
185 if ((n->options >> 24) >= 3) {
186 uint8_t* data = packet->data;
188 uint16_t len16 = htons(len); memcpy(data, &len16, 2); data += 2;
190 gettimeofday(&now, NULL);
191 uint32_t sec = htonl(now.tv_sec); memcpy(data, &sec, 4); data += 4;
192 uint32_t usec = htonl(now.tv_usec); memcpy(data, &usec, 4); data += 4;
193 packet->len = data - packet->data;
195 /* Legacy protocol: n won't understand type 2 probe replies. */
199 /* Temporarily set udp_confirmed, so that the reply is sent
200 back exactly the way it came in. */
202 bool udp_confirmed = n->status.udp_confirmed;
203 n->status.udp_confirmed = true;
204 send_udppacket(n, packet);
205 n->status.udp_confirmed = udp_confirmed;
207 length_t probelen = len;
208 if (packet->data[0] == 2) {
210 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received invalid (too short) MTU probe reply from %s (%s)", n->name, n->hostname);
212 uint16_t probelen16; memcpy(&probelen16, packet->data + 1, 2); probelen = ntohs(probelen16);
215 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d MTU probe reply %d from %s (%s)", packet->data[0], probelen, n->name, n->hostname);
217 /* It's a valid reply: now we know bidirectional communication
218 is possible using the address and socket that the reply
221 n->status.udp_confirmed = true;
223 /* If we haven't established the PMTU yet, restart the discovery process. */
225 if(n->mtuprobes > 30) {
226 if (probelen == n->maxmtu + 8) {
227 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
239 /* If applicable, raise the minimum supported MTU */
241 if(probelen > n->maxmtu)
242 probelen = n->maxmtu;
243 if(n->minmtu < probelen)
244 n->minmtu = probelen;
246 /* Calculate RTT and bandwidth.
247 The RTT is the time between the MTU probe burst was sent and the first
248 reply is received. The bandwidth is measured using the time between the
249 arrival of the first and third probe reply (or type 2 probe requests).
252 struct timeval now, diff;
253 gettimeofday(&now, NULL);
254 timersub(&now, &n->probe_time, &diff);
256 struct timeval probe_timestamp = now;
257 if (packet->data[0] == 2 && packet->len >= 11) {
258 uint32_t sec; memcpy(&sec, packet->data + 3, 4);
259 uint32_t usec; memcpy(&usec, packet->data + 7, 4);
260 probe_timestamp.tv_sec = ntohl(sec);
261 probe_timestamp.tv_usec = ntohl(usec);
266 if(n->probe_counter == 1) {
267 n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
268 n->probe_time = probe_timestamp;
269 } else if(n->probe_counter == 3) {
270 struct timeval probe_timestamp_diff;
271 timersub(&probe_timestamp, &n->probe_time, &probe_timestamp_diff);
272 n->bandwidth = 2.0 * probelen / (probe_timestamp_diff.tv_sec + probe_timestamp_diff.tv_usec * 1e-6);
273 logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
278 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
280 memcpy(dest, source, len);
282 } else if(level == 10) {
284 lzo_uint lzolen = MAXSIZE;
285 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
290 } else if(level < 10) {
292 unsigned long destlen = MAXSIZE;
293 if(compress2(dest, &destlen, source, len, level) == Z_OK)
300 lzo_uint lzolen = MAXSIZE;
301 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
311 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
313 memcpy(dest, source, len);
315 } else if(level > 9) {
317 lzo_uint lzolen = MAXSIZE;
318 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
326 unsigned long destlen = MAXSIZE;
327 if(uncompress(dest, &destlen, source, len) == Z_OK)
339 static void receive_packet(node_t *n, vpn_packet_t *packet) {
340 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
341 packet->len, n->name, n->hostname);
344 n->in_bytes += packet->len;
349 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
351 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
353 if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest))
356 return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
359 static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
360 vpn_packet_t pkt1, pkt2;
361 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
365 if(n->status.sptps) {
366 if(!n->sptps.state) {
367 if(!n->status.waitingforkey) {
368 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
371 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
375 return sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
378 if(!n->status.validkey) {
379 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
383 /* Check packet length */
385 if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) {
386 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
387 n->name, n->hostname);
391 /* Check the message authentication code */
393 if(digest_active(n->indigest)) {
394 inpkt->len -= digest_length(n->indigest);
395 if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
396 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
400 /* Decrypt the packet */
402 if(cipher_active(n->incipher)) {
403 vpn_packet_t *outpkt = pkt[nextpkt++];
406 if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
407 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
411 outpkt->len = outlen;
415 /* Check the sequence number */
417 inpkt->len -= sizeof inpkt->seqno;
419 memcpy(&seqno, inpkt->seqno, sizeof seqno);
420 seqno = ntohl(seqno);
423 if(seqno != n->received_seqno + 1) {
424 if(seqno >= n->received_seqno + replaywin * 8) {
425 if(n->farfuture++ < replaywin >> 2) {
426 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
427 n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture);
430 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
431 seqno - n->received_seqno - 1, n->name, n->hostname);
432 memset(n->late, 0, replaywin);
433 } else if (seqno <= n->received_seqno) {
434 if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) {
435 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
436 n->name, n->hostname, seqno, n->received_seqno);
440 for(int i = n->received_seqno + 1; i < seqno; i++)
441 n->late[(i / 8) % replaywin] |= 1 << i % 8;
446 n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8);
449 if(seqno > n->received_seqno)
450 n->received_seqno = seqno;
454 if(n->received_seqno > MAX_SEQNO)
457 /* Decompress the packet */
459 length_t origlen = inpkt->len;
461 if(n->incompression) {
462 vpn_packet_t *outpkt = pkt[nextpkt++];
464 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
465 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
466 n->name, n->hostname);
472 origlen -= MTU/64 + 20;
477 if(!inpkt->data[12] && !inpkt->data[13])
478 mtu_probe_h(n, inpkt, origlen);
480 receive_packet(n, inpkt);
484 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
487 if(len > sizeof outpkt.data)
491 if(c->options & OPTION_TCPONLY)
494 outpkt.priority = -1;
495 memcpy(outpkt.data, buffer, len);
497 receive_packet(c->node, &outpkt);
500 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
501 if(!n->status.validkey) {
502 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
503 if(!n->status.waitingforkey)
505 else if(n->last_req_key + 10 < now.tv_sec) {
506 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
507 sptps_stop(&n->sptps);
508 n->status.waitingforkey = false;
517 if(!(origpkt->data[12] | origpkt->data[13])) {
518 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
522 if(routing_mode == RMODE_ROUTER)
527 if(origpkt->len < offset)
532 if(n->outcompression) {
533 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
535 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
536 } else if(len < origpkt->len - offset) {
537 outpkt.len = len + offset;
539 type |= PKT_COMPRESSED;
543 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
547 static void adapt_socket(const sockaddr_t *sa, int *sock) {
548 /* Make sure we have a suitable socket for the chosen address */
549 if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) {
550 for(int i = 0; i < listen_sockets; i++) {
551 if(listen_socket[i].sa.sa.sa_family == sa->sa.sa_family) {
559 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
564 /* If the UDP address is confirmed, use it. */
565 if(n->status.udp_confirmed)
568 /* Send every third packet to n->address; that could be set
569 to the node's reflexive UDP address discovered during key
578 /* Otherwise, address are found in edges to this node.
579 So we pick a random edge and a random socket. */
582 int j = rand() % n->edge_tree->count;
583 edge_t *candidate = NULL;
585 for splay_each(edge_t, e, n->edge_tree) {
587 candidate = e->reverse;
593 *sa = &candidate->address;
594 *sock = rand() % listen_sockets;
597 adapt_socket(*sa, sock);
600 static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) {
603 /* Pick one of the edges from this node at random, then use its local address. */
606 int j = rand() % n->edge_tree->count;
607 edge_t *candidate = NULL;
609 for splay_each(edge_t, e, n->edge_tree) {
616 if (candidate && candidate->local_address.sa.sa_family) {
617 *sa = &candidate->local_address;
618 *sock = rand() % listen_sockets;
619 adapt_socket(*sa, sock);
623 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
624 vpn_packet_t pkt1, pkt2;
625 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
626 vpn_packet_t *inpkt = origpkt;
628 vpn_packet_t *outpkt;
629 int origlen = origpkt->len;
631 #if defined(SOL_IP) && defined(IP_TOS)
632 static int priority = 0;
633 int origpriority = origpkt->priority;
636 if(!n->status.reachable) {
637 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
642 return send_sptps_packet(n, origpkt);
644 /* Make sure we have a valid key */
646 if(!n->status.validkey) {
647 logger(DEBUG_TRAFFIC, LOG_INFO,
648 "No valid key known yet for %s (%s), forwarding via TCP",
649 n->name, n->hostname);
651 if(n->last_req_key + 10 <= now.tv_sec) {
653 n->last_req_key = now.tv_sec;
656 send_tcppacket(n->nexthop->connection, origpkt);
661 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
662 logger(DEBUG_TRAFFIC, LOG_INFO,
663 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
664 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
667 send_packet(n->nexthop, origpkt);
669 send_tcppacket(n->nexthop->connection, origpkt);
674 /* Compress the packet */
676 if(n->outcompression) {
677 outpkt = pkt[nextpkt++];
679 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
680 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
681 n->name, n->hostname);
688 /* Add sequence number */
690 uint32_t seqno = htonl(++(n->sent_seqno));
691 memcpy(inpkt->seqno, &seqno, sizeof inpkt->seqno);
692 inpkt->len += sizeof inpkt->seqno;
694 /* Encrypt the packet */
696 if(cipher_active(n->outcipher)) {
697 outpkt = pkt[nextpkt++];
700 if(!cipher_encrypt(n->outcipher, inpkt->seqno, inpkt->len, outpkt->seqno, &outlen, true)) {
701 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
705 outpkt->len = outlen;
709 /* Add the message authentication code */
711 if(digest_active(n->outdigest)) {
712 if(!digest_create(n->outdigest, inpkt->seqno, inpkt->len, inpkt->seqno + inpkt->len)) {
713 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
717 inpkt->len += digest_length(n->outdigest);
720 /* Send the packet */
722 const sockaddr_t *sa = NULL;
725 if(n->status.send_locally)
726 choose_local_address(n, &sa, &sock);
728 choose_udp_address(n, &sa, &sock);
730 #if defined(SOL_IP) && defined(IP_TOS)
731 if(priorityinheritance && origpriority != priority
732 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
733 priority = origpriority;
734 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
735 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
736 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
740 if(sendto(listen_socket[sock].udp.fd, inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
741 if(sockmsgsize(sockerrno)) {
742 if(n->maxmtu >= origlen)
743 n->maxmtu = origlen - 1;
744 if(n->mtu >= origlen)
745 n->mtu = origlen - 1;
747 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
751 origpkt->len = origlen;
754 static bool send_sptps_data_priv(node_t *to, node_t *from, int type, const char *data, size_t len) {
755 node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop;
756 bool direct = from == myself && to == relay;
757 bool relay_supported = (relay->options >> 24) >= 4;
759 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU.
760 TODO: When relaying, the original sender does not know the end-to-end PMTU (it only knows the PMTU of the first hop).
761 This can lead to scenarios where large packets are sent over UDP to relay, but then relay has no choice but fall back to TCP. */
763 if(type == SPTPS_HANDSHAKE || ((myself->options | relay->options) & OPTION_TCPONLY) || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
764 char buf[len * 4 / 3 + 5];
765 b64encode(data, buf, len);
766 /* If no valid key is known yet, send the packets using ANS_KEY requests,
767 to ensure we get to learn the reflexive UDP address. */
768 if(from == myself && !to->status.validkey) {
769 to->incompression = myself->incompression;
770 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
772 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, REQ_SPTPS, buf);
777 if(relay_supported) overhead += sizeof to->id + sizeof from->id;
778 char buf[len + overhead]; char* buf_ptr = buf;
779 if(relay_supported) {
781 /* Inform the recipient that this packet was sent directly. */
782 node_id_t nullid = {0};
783 memcpy(buf_ptr, &nullid, sizeof nullid); buf_ptr += sizeof nullid;
785 memcpy(buf_ptr, &to->id, sizeof to->id); buf_ptr += sizeof to->id;
787 memcpy(buf_ptr, &from->id, sizeof from->id); buf_ptr += sizeof from->id;
790 /* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */
791 memcpy(buf_ptr, data, len); buf_ptr += len;
793 const sockaddr_t *sa = NULL;
795 if(relay->status.send_locally)
796 choose_local_address(relay, &sa, &sock);
798 choose_udp_address(relay, &sa, &sock);
799 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname);
800 if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
801 if(sockmsgsize(sockerrno)) {
802 // Compensate for SPTPS overhead
803 len -= SPTPS_DATAGRAM_OVERHEAD;
804 if(relay->maxmtu >= len)
805 relay->maxmtu = len - 1;
806 if(relay->mtu >= len)
807 relay->mtu = len - 1;
809 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno));
817 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
818 return send_sptps_data_priv(handle, myself, type, data, len);
821 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
822 node_t *from = handle;
824 if(type == SPTPS_HANDSHAKE) {
825 if(!from->status.validkey) {
826 from->status.validkey = true;
827 from->status.waitingforkey = false;
828 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
834 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
840 if(type == PKT_PROBE) {
842 memcpy(inpkt.data, data, len);
843 mtu_probe_h(from, &inpkt, len);
847 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
848 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
852 /* Check if we have the headers we need */
853 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
854 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
856 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
857 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
860 int offset = (type & PKT_MAC) ? 0 : 14;
861 if(type & PKT_COMPRESSED) {
862 length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
866 inpkt.len = ulen + offset;
868 if(inpkt.len > MAXSIZE)
871 memcpy(inpkt.data + offset, data, len);
872 inpkt.len = len + offset;
875 /* Generate the Ethernet packet type if necessary */
877 switch(inpkt.data[14] >> 4) {
879 inpkt.data[12] = 0x08;
880 inpkt.data[13] = 0x00;
883 inpkt.data[12] = 0x86;
884 inpkt.data[13] = 0xDD;
887 logger(DEBUG_TRAFFIC, LOG_ERR,
888 "Unknown IP version %d while reading packet from %s (%s)",
889 inpkt.data[14] >> 4, from->name, from->hostname);
894 receive_packet(from, &inpkt);
899 send a packet to the given vpn ip.
901 void send_packet(node_t *n, vpn_packet_t *packet) {
906 memcpy(packet->data, mymac.x, ETH_ALEN);
908 n->out_bytes += packet->len;
909 devops.write(packet);
913 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
914 packet->len, n->name, n->hostname);
916 if(!n->status.reachable) {
917 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
918 n->name, n->hostname);
923 n->out_bytes += packet->len;
925 if(n->status.sptps) {
926 send_sptps_packet(n, packet);
930 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
933 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
934 n->name, via->name, n->via->hostname);
936 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
937 if(!send_tcppacket(via->connection, packet))
938 terminate_connection(via->connection, true);
940 send_udppacket(via, packet);
943 /* Broadcast a packet using the minimum spanning tree */
945 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
946 // Always give ourself a copy of the packet.
948 send_packet(myself, packet);
950 // In TunnelServer mode, do not forward broadcast packets.
951 // The MST might not be valid and create loops.
952 if(tunnelserver || broadcast_mode == BMODE_NONE)
955 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
956 packet->len, from->name, from->hostname);
958 switch(broadcast_mode) {
959 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
960 // This guarantees all nodes receive the broadcast packet, and
961 // usually distributes the sending of broadcast packets over all nodes.
963 for list_each(connection_t, c, connection_list)
964 if(c->edge && c->status.mst && c != from->nexthop->connection)
965 send_packet(c->node, packet);
968 // In direct mode, we send copies to each node we know of.
969 // However, this only reaches nodes that can be reached in a single hop.
970 // We don't have enough information to forward broadcast packets in this case.
975 for splay_each(node_t, n, node_tree)
976 if(n->status.reachable && n != myself && ((n->via == myself && n->nexthop == n) || n->via == n))
977 send_packet(n, packet);
985 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
988 static time_t last_hard_try = 0;
990 for splay_each(edge_t, e, edge_weight_tree) {
991 if(!e->to->status.reachable || e->to == myself)
994 if(sockaddrcmp_noport(from, &e->address)) {
995 if(last_hard_try == now.tv_sec)
1000 if(!try_mac(e->to, pkt))
1008 last_hard_try = now.tv_sec;
1010 last_hard_try = now.tv_sec;
1014 void handle_incoming_vpn_data(void *data, int flags) {
1015 listen_socket_t *ls = data;
1018 sockaddr_t from = {{0}};
1019 socklen_t fromlen = sizeof from;
1021 node_t *to = myself;
1024 len = recvfrom(ls->udp.fd, &pkt.dstid, MAXSIZE, 0, &from.sa, &fromlen);
1026 if(len <= 0 || len > MAXSIZE) {
1027 if(!sockwouldblock(sockerrno))
1028 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1034 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
1036 bool direct = false;
1037 if(len >= sizeof pkt.dstid + sizeof pkt.srcid) {
1038 n = lookup_node_id(&pkt.srcid);
1040 node_id_t nullid = {0};
1041 if(memcmp(&pkt.dstid, &nullid, sizeof nullid) == 0) {
1042 /* A zero dstid is used to indicate a direct, non-relayed packet. */
1045 to = lookup_node_id(&pkt.dstid);
1047 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet presumably sent by %s (%s) but with unknown destination ID", n->name, n->hostname);
1051 pkt.len -= sizeof pkt.dstid + sizeof pkt.srcid;
1056 /* We are being asked to relay this packet. */
1058 /* Don't allow random strangers to relay through us. Note that we check for *any* known address since we are not necessarily the first relay. */
1059 if (!lookup_node_udp(&from)) {
1060 logger(DEBUG_PROTOCOL, LOG_WARNING, "Refusing to relay packet from (presumably) %s (%s) to (presumably) %s (%s) because the packet comes from an unknown address", n->name, n->hostname, to->name, to->hostname);
1064 send_sptps_data_priv(to, n, 0, pkt.seqno, pkt.len);
1069 /* Most likely an old-style packet without node IDs. */
1071 memmove(pkt.seqno, &pkt.dstid, sizeof pkt - offsetof(vpn_packet_t, seqno));
1072 n = lookup_node_udp(&from);
1076 n = try_harder(&from, &pkt);
1079 if(debug_level >= DEBUG_PROTOCOL) {
1080 hostname = sockaddr2hostname(&from);
1081 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1087 if(!receive_udppacket(n, &pkt))
1090 n->sock = ls - listen_socket;
1091 if(direct && sockaddrcmp(&from, &n->address))
1092 update_node_udp(n, &from);
1095 void handle_device_data(void *data, int flags) {
1096 vpn_packet_t packet;
1098 packet.priority = 0;
1100 if(devops.read(&packet)) {
1101 myself->in_packets++;
1102 myself->in_bytes += packet.len;
1103 route(myself, &packet);