From f25868fd2b58bc0b350a5cfaf342480f28f804cf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 28 Oct 2000 21:05:20 +0000 Subject: [PATCH] - Lots of small fixes - Exchange subnets on acknowledgement of connection - Do proper lookup when incoming packets from tap - off-by-a small number-error when reading/sending tap packets --- lib/utils.c | 2 +- lib/utils.h | 2 +- src/net.c | 44 ++++++++++++++++++++++++++++------------- src/protocol.c | 53 +++++++++++++++++++++++++++++++++----------------- src/protocol.h | 6 +++--- src/subnet.c | 50 ++++++++++++++++++++++++++++++++++------------- src/subnet.h | 4 ++-- src/tincd.c | 8 +++++--- 8 files changed, 115 insertions(+), 54 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index fc7abe4c..795ece92 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -59,7 +59,7 @@ void bin2hex(char *src, char *dst, int length) } } -char *cp_trace() +void cp_trace() { syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d ...", cp_file[(cp_index+7)%8], cp_line[(cp_index+7)%8], diff --git a/lib/utils.h b/lib/utils.h index cc3d322d..c172daa2 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -46,6 +46,6 @@ extern volatile int cp_index; extern void hex2bin(char *src, char *dst, int length); extern void bin2hex(char *src, char *dst, int length); -extern char *cp_trace(void); +extern void cp_trace(void); #endif /* __TINC_UTILS_H__ */ diff --git a/src/net.c b/src/net.c index d99bd287..85255a4b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.46 2000/10/28 16:41:38 guus Exp $ + $Id: net.c,v 1.35.4.47 2000/10/28 21:05:17 guus Exp $ */ #include "config.h" @@ -99,10 +99,16 @@ int xsend(conn_list_t *cl, vpn_packet_t *inpkt) int outlen, outpad; cp outpkt.len = inpkt->len; +/* EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL); EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad); - outlen += outpad; + outlen += outpad + 2; + + Do encryption when everything else is fixed... +*/ + outlen = outpkt.len + 2; + memcpy(&outpkt, inpkt, outlen); if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), @@ -112,7 +118,7 @@ cp cl->want_ping = 1; - if((send(cl->socket, (char *) &(outpkt.len), outlen + 2, 0)) < 0) + if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); @@ -128,11 +134,17 @@ int xrecv(vpn_packet_t *inpkt) int outlen, outpad; cp outpkt.len = inpkt->len; +/* EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad); outlen += outpad; - + + Do decryption is everything else is fixed... +*/ + outlen = outpkt.len+2; + memcpy(&outpkt, inpkt, outlen); + /* FIXME sometime add_mac_addresses(&outpkt); */ @@ -303,10 +315,12 @@ cp if(!cl->status.validkey) { +/* Don't queue until everything else is fixed. if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); +*/ if(!cl->status.waitingforkey) send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */ return 0; @@ -314,10 +328,12 @@ cp if(!cl->status.active) { +/* Don't queue until everything else is fixed. if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); +*/ return 0; /* We don't want to mess up, do we? */ } @@ -734,7 +750,7 @@ sigalrm_handler(int a) cp cfg = get_config_val(upstreamcfg, connectto); - if(!cfg && upstreamcfg == myself->config) + if(!cfg && upstreamcfg == config) /* No upstream IP given, we're listen only. */ return; @@ -750,7 +766,7 @@ cp } signal(SIGALRM, sigalrm_handler); - upstreamcfg = myself->config; + upstreamcfg = config; seconds_till_retry += 5; if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */ seconds_till_retry = MAXTIMEOUT; @@ -796,7 +812,7 @@ cp free(scriptname); - if(!(cfg = get_config_val(myself->config, connectto))) + if(!(cfg = get_config_val(config, connectto))) /* No upstream IP given, we're listen only. */ return 0; @@ -809,7 +825,7 @@ cp } signal(SIGALRM, sigalrm_handler); - upstreamcfg = myself->config; + upstreamcfg = config; seconds_till_retry = MAXTIMEOUT; syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); alarm(seconds_till_retry); @@ -1205,25 +1221,27 @@ cp void handle_tap_input(void) { vpn_packet_t vp; + subnet_t *subnet; + ipv4_t dest; int lenin; cp if(taptype = 1) { if((lenin = read(tap_fd, vp.data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); + syslog(LOG_ERR, _("Error while reading from tun/tap device: %m")); return; } vp.len = lenin; } else { - if((lenin = read(tap_fd, &vp, MTU)) <= 0) + if((lenin = read(tap_fd, &vp.len, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); + syslog(LOG_ERR, _("Error while reading from ethertap device: %m")); return; } - vp.len = lenin - 2; +// vp.len = lenin - 2; } total_tap_in += lenin; @@ -1240,7 +1258,7 @@ cp syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len); } -// route_packet(&vp); + send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp); cp } diff --git a/src/protocol.c b/src/protocol.c index fe0d180e..c3681af4 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.45 2000/10/24 15:46:17 guus Exp $ + $Id: protocol.c,v 1.28.4.46 2000/10/28 21:05:18 guus Exp $ */ #include "config.h" @@ -439,7 +439,8 @@ cp int ack_h(conn_list_t *cl) { - conn_list_t *old; + conn_list_t *old, *p; + subnet_t *s; cp /* Okay, before we active the connection, we check if there is another entry in the connection list with the same name. If so, it presumably is an @@ -455,37 +456,42 @@ cp terminate_connection(old); } + /* Notify others of this connection */ + + for(p = conn_list; p; p = p->next) + if(p->status.active) + send_add_host(p, cl); + /* Activate this connection */ cl->allow_request = ALL; cl->status.active = 1; + cl->nexthop = cl; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); - /* Exchange information about other tinc daemons */ - -/* FIXME: reprogram this. - notify_others(cl, NULL, send_add_host); - notify_one(cl); -*/ +cp + if(!cl->status.outgoing) + send_ack(cl); + /* Send him our subnets */ + + for(s = myself->subnets; s; s = s->next) + send_add_subnet(cl, s); cp - if(cl->status.outgoing) - return 0; - else - return send_ack(cl); + return 0; } /* Address and subnet information exchange */ -int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) +int send_add_subnet(conn_list_t *cl, subnet_t *subnet) { int x; char *netstr; cp x = send_request(cl, "%d %s %s", ADD_SUBNET, - other->name, netstr = net2str(subnet)); + subnet->owner->name, netstr = net2str(subnet)); free(netstr); cp return x; @@ -498,7 +504,7 @@ int add_subnet_h(conn_list_t *cl) conn_list_t *owner; subnet_t *subnet, *old; cp - if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3) + if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 2) { syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname); free(name); free(subnetstr); @@ -553,10 +559,16 @@ cp return 0; } -int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) +int send_del_subnet(conn_list_t *cl, subnet_t *subnet) { + int x; + char *netstr; cp - return send_request(cl, "%d %s %s", DEL_SUBNET, other->name, net2str(subnet)); + netstr = net2str(subnet); + x = send_request(cl, "%d %s %s", DEL_SUBNET, subnet->owner->name, netstr); + free(netstr); +cp + return x; } int del_subnet_h(conn_list_t *cl) @@ -711,7 +723,7 @@ cp /* Fill in rest of conn_list structure */ - new->myuplink = cl; + new->nexthop = cl; new->status.active = 1; /* Hook it up into the conn_list */ @@ -1063,6 +1075,7 @@ cp keylength = strlen(pktkey); +/* Don't do this... yet if((keylength%2) || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), @@ -1073,6 +1086,10 @@ cp keylength /= 2; hex2bin(pktkey, pktkey, keylength); BF_set_key(cl->cipher_pktkey, keylength, pktkey); +*/ + + cl->status.validkey = 1; + cl->status.waitingforkey = 0; } else { diff --git a/src/protocol.h b/src/protocol.h index c3147a76..682f76a0 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.12 2000/10/20 15:34:38 guus Exp $ + $Id: protocol.h,v 1.5.4.13 2000/10/28 21:05:20 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -58,8 +58,8 @@ extern int send_ping(conn_list_t*); extern int send_pong(conn_list_t*); extern int send_add_host(conn_list_t*, conn_list_t*); extern int send_del_host(conn_list_t*, conn_list_t*); -extern int send_add_subnet(conn_list_t*, conn_list_t*, subnet_t*); -extern int send_del_subnet(conn_list_t*, conn_list_t*, subnet_t*); +extern int send_add_subnet(conn_list_t*, subnet_t*); +extern int send_del_subnet(conn_list_t*, subnet_t*); extern int send_key_changed(conn_list_t*, conn_list_t*); extern int send_req_key(conn_list_t*, conn_list_t*); extern int send_ans_key(conn_list_t*, conn_list_t*, char*); diff --git a/src/subnet.c b/src/subnet.c index c7b2ed7e..215b156b 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,15 +17,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.6 2000/10/28 16:41:40 guus Exp $ + $Id: subnet.c,v 1.1.2.7 2000/10/28 21:05:20 guus Exp $ */ +#include + #include "config.h" #include #include #include "subnet.h" #include "net.h" +#include "conf.h" +#include "system.h" /* lists type of subnet */ @@ -56,7 +60,7 @@ cp /* Link it into the owners list of subnets (unsorted) */ - subnet->next = cl->subnets->next; + subnet->next = cl->subnets; subnet->prev = NULL; if(subnet->next) subnet->next->prev = subnet; @@ -70,7 +74,7 @@ cp insert before first -> add it in front of list rest: insert after another subnet */ - +cp if(subnet_list[subnet->type]) { p = q = subnet_list[subnet->type]; @@ -83,8 +87,8 @@ cp q = p; } } - - if(!subnet_list[subnet->type] || p == subnet_list[subnet->type]) /* First two cases */ +cp + if(p == subnet_list[subnet->type]) /* First two cases */ { /* Insert in front */ subnet->global_next = subnet_list[subnet->type]; @@ -98,7 +102,7 @@ cp subnet->global_prev = q; q->global_next = subnet; } - +cp if(subnet->global_next) subnet->global_next->global_prev = subnet; cp @@ -146,9 +150,9 @@ subnet_t *str2net(char *subnetstr) cp if(sscanf(subnetstr, "%d,", &type) != 1) return NULL; - +cp subnet = new_subnet(); - +cp switch(type) { case SUBNET_MAC: @@ -194,7 +198,6 @@ cp return NULL; } break; - break; default: free_subnet(subnet); return NULL; @@ -217,8 +220,10 @@ cp subnet->net.mac.address.x[3], subnet->net.mac.address.x[4], subnet->net.mac.address.x[5]); + break; case SUBNET_IPV4: asprintf(&netstr, "%d,%lx/%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); + break; case SUBNET_IPV6: asprintf(&netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", subnet->net.ipv6.address.x[0], @@ -237,8 +242,9 @@ cp subnet->net.ipv6.mask.x[5], subnet->net.ipv6.mask.x[6], subnet->net.ipv6.mask.x[7]); + break; default: - netstr = NULL; + asprintf(&netstr, _("unknown")); } cp return netstr; @@ -250,7 +256,7 @@ subnet_t *lookup_subnet_mac(mac_t address) { subnet_t *subnet; cp - for(subnet = subnet_list[SUBNET_MAC]; subnet != NULL; subnet = subnet->next) + for(subnet = subnet_list[SUBNET_MAC]; subnet != NULL; subnet = subnet->global_next) { if(memcmp(&address, &subnet->net.mac.address, sizeof(address)) == 0) break; @@ -263,7 +269,7 @@ subnet_t *lookup_subnet_ipv4(ipv4_t address) { subnet_t *subnet; cp - for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->next) + for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->global_next) { if((address & subnet->net.ipv4.mask) == subnet->net.ipv4.address) break; @@ -277,7 +283,7 @@ subnet_t *lookup_subnet_ipv6(ipv6_t address) subnet_t *subnet; int i; cp - for(subnet = subnet_list[SUBNET_IPV6]; subnet != NULL; subnet = subnet->next) + for(subnet = subnet_list[SUBNET_IPV6]; subnet != NULL; subnet = subnet->global_next) { for(i=0; i<8; i++) if((address.x[i] & subnet->net.ipv6.mask.x[i]) != subnet->net.ipv6.address.x[i]) @@ -288,3 +294,21 @@ cp cp return subnet; } + +void dump_subnet_list(void) +{ + subnet_t *subnet; + char *netstr; +cp + syslog(LOG_DEBUG, _("Subnet list:")); + + for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->global_next) + { + netstr = net2str(subnet); + syslog(LOG_DEBUG, "%s owner %s", netstr, subnet->owner->name); + free(netstr); + } + + syslog(LOG_DEBUG, _("End of subnet list.")); +cp +} diff --git a/src/subnet.h b/src/subnet.h index 0d628767..994c541c 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.4 2000/10/28 16:41:40 guus Exp $ + $Id: subnet.h,v 1.1.2.5 2000/10/28 21:05:20 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -84,6 +84,6 @@ extern subnet_t *str2net(char *); extern subnet_t *lookup_subnet_mac(mac_t); extern subnet_t *lookup_subnet_ipv4(ipv4_t); extern subnet_t *lookup_subnet_ipv6(ipv6_t); - +extern void dump_subnet_list(void); #endif /* __TINC_SUBNET_H__ */ diff --git a/src/tincd.c b/src/tincd.c index a06f3fe3..41361d7c 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.15 2000/10/21 11:52:08 guus Exp $ + $Id: tincd.c,v 1.10.4.16 2000/10/28 21:05:20 guus Exp $ */ #include "config.h" @@ -47,6 +47,7 @@ #include "net.h" #include "netutl.h" #include "protocol.h" +#include "subnet.h" #include "system.h" @@ -534,8 +535,9 @@ sigusr1_handler(int a) RETSIGTYPE sigusr2_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); + dump_subnet_list(); +// if(debug_lvl > DEBUG_NOTHING) +// syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); /* FIXME: reprogram this. regenerate_keys(); */ -- 2.20.1