2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 2014-2017 Guus Sliepen <guus@meshlink.io>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include "connection.h"
27 #include "meshlink_internal.h"
38 static void send_udppacket(meshlink_handle_t *mesh, node_t *, vpn_packet_t *);
40 #define MAX_SEQNO 1073741824
41 #define PROBE_OVERHEAD (SPTPS_DATAGRAM_OVERHEAD + 40)
43 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
44 mtuprobes == 31: sleep pinginterval seconds
45 mtuprobes == 32: send 1 burst, sleep pingtimeout second
46 mtuprobes == 33: no response from other side, restart PMTU discovery process
48 Probes are sent in batches of at least three, with random sizes between the
49 lower and upper boundaries for the MTU thus far discovered.
51 After the initial discovery, a fourth packet is added to each batch with a
52 size larger than the currently known PMTU, to test if the PMTU has increased.
54 In case local discovery is enabled, another packet is added to each batch,
55 which will be broadcast to the local network.
59 static void send_mtu_probe_handler(event_loop_t *loop, void *data) {
60 meshlink_handle_t *mesh = loop->data;
66 if(!n->status.reachable || !n->status.validkey) {
67 logger(mesh, MESHLINK_INFO, "Trying to send MTU probe to unreachable or rekeying node %s", n->name);
72 if(n->mtuprobes > 32) {
75 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
79 logger(mesh, MESHLINK_INFO, "%s did not respond to UDP ping, restarting PMTU discovery", n->name);
80 n->status.udp_confirmed = false;
85 update_node_pmtu(mesh, n);
88 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
89 logger(mesh, MESHLINK_INFO, "No response to MTU probes from %s", n->name);
93 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
94 if(n->minmtu > n->maxmtu) {
95 n->minmtu = n->maxmtu;
96 update_node_pmtu(mesh, n);
98 n->maxmtu = n->minmtu;
102 logger(mesh, MESHLINK_INFO, "Fixing MTU of %s to %d after %d probes", n->name, n->mtu, n->mtuprobes);
106 if(n->mtuprobes == 31) {
107 if(!n->minmtu && n->status.want_udp && n->nexthop && n->nexthop->connection) {
108 /* Send a dummy ANS_KEY to try to update the reflexive UDP address */
109 send_request(mesh, n->nexthop->connection, NULL, "%d %s %s . -1 -1 -1 0", ANS_KEY, mesh->self->name, n->name);
110 n->status.want_udp = false;
113 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
115 } else if(n->mtuprobes == 32) {
116 timeout = mesh->dev_class_traits[n->devclass].pingtimeout;
119 for(int i = 0; i < 5; i++) {
123 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU) {
128 } else if(n->maxmtu <= n->minmtu) {
131 len = n->minmtu + 1 + prng(mesh, n->maxmtu - n->minmtu);
140 memset(packet.data, 0, 14);
141 randomize(packet.data + 14, len - 14);
143 n->status.broadcast = i >= 4 && n->mtuprobes <= 10 && n->prevedge;
145 logger(mesh, MESHLINK_DEBUG, "Sending MTU probe length %d to %s", len, n->name);
147 n->out_meta += packet.len + PROBE_OVERHEAD;
148 send_udppacket(mesh, n, &packet);
151 n->status.broadcast = false;
154 timeout_set(&mesh->loop, &n->mtutimeout, &(struct timespec) {
155 timeout, prng(mesh, TIMER_FUDGE)
159 void send_mtu_probe(meshlink_handle_t *mesh, node_t *n) {
160 timeout_add(&mesh->loop, &n->mtutimeout, send_mtu_probe_handler, n, &(struct timespec) {
163 send_mtu_probe_handler(&mesh->loop, n);
166 static void mtu_probe_h(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet, uint16_t len) {
167 n->in_meta += len + PROBE_OVERHEAD;
170 logger(mesh, MESHLINK_WARNING, "Got too short MTU probe length %d from %s", packet->len, n->name);
174 logger(mesh, MESHLINK_DEBUG, "Got MTU probe length %d from %s", packet->len, n->name);
176 if(!packet->data[0]) {
177 /* It's a probe request, send back a reply */
181 /* Temporarily set udp_confirmed, so that the reply is sent
182 back exactly the way it came in. */
184 bool udp_confirmed = n->status.udp_confirmed;
185 n->status.udp_confirmed = true;
186 logger(mesh, MESHLINK_DEBUG, "Sending MTU probe reply %d to %s", packet->len, n->name);
187 n->out_meta += packet->len + PROBE_OVERHEAD;
188 send_udppacket(mesh, n, packet);
189 n->status.udp_confirmed = udp_confirmed;
191 /* It's a valid reply: now we know bidirectional communication
192 is possible using the address and socket that the reply
195 if(!n->status.udp_confirmed) {
196 char *address, *port;
197 sockaddr2str(&n->address, &address, &port);
199 if(n->nexthop && n->nexthop->connection) {
200 send_request(mesh, n->nexthop->connection, NULL, "%d %s %s . -1 -1 -1 0 %s %s", ANS_KEY, n->name, n->name, address, port);
202 logger(mesh, MESHLINK_WARNING, "Cannot send reflexive address to %s via %s", n->name, n->nexthop ? n->nexthop->name : n->name);
207 n->status.udp_confirmed = true;
210 /* If we haven't established the PMTU yet, restart the discovery process. */
212 if(n->mtuprobes > 30) {
213 if(len == n->maxmtu + 8) {
214 logger(mesh, MESHLINK_INFO, "Increase in PMTU to %s detected, restarting PMTU discovery", n->name);
227 /* If applicable, raise the minimum supported MTU */
229 if(len > n->maxmtu) {
233 if(n->minmtu < len) {
235 update_node_pmtu(mesh, n);
242 static void receive_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
243 logger(mesh, MESHLINK_DEBUG, "Received packet of %d bytes from %s", packet->len, n->name);
245 if(n->status.blacklisted) {
246 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
248 route(mesh, n, packet);
252 static bool try_mac(meshlink_handle_t *mesh, node_t *n, const vpn_packet_t *inpkt) {
254 return sptps_verify_datagram(&n->sptps, inpkt->data, inpkt->len);
257 static void receive_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *inpkt) {
258 if(!n->status.reachable) {
259 logger(mesh, MESHLINK_ERROR, "Got SPTPS data from unreachable node %s", n->name);
263 if(!n->sptps.state) {
264 if(!n->status.waitingforkey) {
265 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but we haven't exchanged keys yet", n->name);
266 send_req_key(mesh, n);
268 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but he hasn't got our key yet", n->name);
274 if(!sptps_receive_data(&n->sptps, inpkt->data, inpkt->len)) {
275 logger(mesh, MESHLINK_ERROR, "Could not process SPTPS data from %s: %s", n->name, strerror(errno));
279 static void send_sptps_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
280 if(!n->status.reachable) {
281 logger(mesh, MESHLINK_ERROR, "Trying to send SPTPS data to unreachable node %s", n->name);
285 if(!n->status.validkey) {
286 if(n->connection && (n->connection->flags & PROTOCOL_TINY) & n->connection->status.active) {
287 send_raw_packet(mesh, n->connection, origpkt);
291 logger(mesh, MESHLINK_INFO, "No valid key known yet for %s", n->name);
293 if(!n->status.waitingforkey) {
294 send_req_key(mesh, n);
295 } else if(n->last_req_key + 10 < mesh->loop.now.tv_sec) {
296 logger(mesh, MESHLINK_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
297 sptps_stop(&n->sptps);
298 n->status.waitingforkey = false;
299 send_req_key(mesh, n);
307 // If it's a probe, send it immediately without trying to compress it.
309 sptps_send_record(&n->sptps, PKT_PROBE, origpkt->data, origpkt->len);
313 sptps_send_record(&n->sptps, type, origpkt->data, origpkt->len);
317 static void choose_udp_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock, sockaddr_t *sa_buf) {
322 /* If the UDP address is confirmed, use it. */
323 if(n->status.udp_confirmed) {
327 /* Send every third packet to n->address; that could be set
328 to the node's reflexive UDP address discovered during key
331 if(++mesh->udp_choice >= 3) {
332 mesh->udp_choice = 0;
336 /* If we have learned an address via Catta, try this once every batch */
337 if(mesh->udp_choice == 1 && n->catta_address.sa.sa_family != AF_UNSPEC) {
338 *sa = &n->catta_address;
342 /* Else, if we have a canonical address, try this once every batch */
343 if(mesh->udp_choice == 1 && n->canonical_address) {
344 char *host = xstrdup(n->canonical_address);
345 char *port = strchr(host, ' ');
349 *sa_buf = str2sockaddr_random(mesh, host, port);
352 if(sa_buf->sa.sa_family != AF_UNKNOWN) {
361 /* Otherwise, address are found in edges to this node.
362 So we pick a random edge and a random socket. */
364 edge_t *candidate = NULL;
368 int j = prng(mesh, n->edge_tree->count);
370 for splay_each(edge_t, e, n->edge_tree) {
372 candidate = e->reverse;
379 *sa = &candidate->address;
380 *sock = prng(mesh, mesh->listen_sockets);
385 /* Make sure we have a suitable socket for the chosen address */
386 if(mesh->listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
387 for(int i = 0; i < mesh->listen_sockets; i++) {
388 if(mesh->listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
396 static void choose_broadcast_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
397 *sock = prng(mesh, mesh->listen_sockets);
398 sockaddr_t *broadcast_sa = &mesh->listen_socket[*sock].broadcast_sa;
400 if(broadcast_sa->sa.sa_family == AF_INET6) {
401 broadcast_sa->in6.sin6_port = n->prevedge->address.in.sin_port;
403 broadcast_sa->in.sin_port = n->prevedge->address.in.sin_port;
409 static void send_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
410 if(!n->status.reachable) {
411 logger(mesh, MESHLINK_INFO, "Trying to send UDP packet to unreachable node %s", n->name);
415 send_sptps_packet(mesh, n, origpkt);
418 bool send_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
424 meshlink_handle_t *mesh = to->mesh;
426 if(!to->status.reachable) {
427 logger(mesh, MESHLINK_ERROR, "Trying to send SPTPS data to unreachable node %s", to->name);
431 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
433 if(type >= SPTPS_HANDSHAKE || (type != PKT_PROBE && (len - 21) > to->minmtu)) {
434 char buf[len * 4 / 3 + 5];
435 b64encode(data, buf, len);
437 if(!to->nexthop || !to->nexthop->connection) {
438 logger(mesh, MESHLINK_WARNING, "Unable to forward SPTPS packet to %s via %s", to->name, to->nexthop ? to->nexthop->name : to->name);
442 /* If no valid key is known yet, send the packets using ANS_KEY requests,
443 to ensure we get to learn the reflexive UDP address. */
444 if(!to->status.validkey) {
445 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, mesh->self->name, to->name, buf, 0);
447 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %d %s", REQ_KEY, mesh->self->name, to->name, REQ_SPTPS, buf);
451 /* Otherwise, send the packet via UDP */
454 const sockaddr_t *sa;
457 if(to->status.broadcast) {
458 choose_broadcast_address(mesh, to, &sa, &sock);
460 choose_udp_address(mesh, to, &sa, &sock, &sa_buf);
463 if(sendto(mesh->listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
464 if(sockmsgsize(sockerrno)) {
465 if(to->maxmtu >= len) {
466 to->maxmtu = len - 1;
473 logger(mesh, MESHLINK_WARNING, "Error sending UDP SPTPS packet to %s: %s", to->name, sockstrerror(sockerrno));
481 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
483 assert(!data || len);
485 node_t *from = handle;
486 meshlink_handle_t *mesh = from->mesh;
488 if(type == SPTPS_HANDSHAKE) {
489 if(!from->status.validkey) {
490 logger(mesh, MESHLINK_INFO, "SPTPS key exchange with %s successful", from->name);
491 from->status.validkey = true;
492 from->status.waitingforkey = false;
495 utcp_reset_timers(from->utcp);
503 logger(mesh, MESHLINK_ERROR, "Packet from %s larger than maximum supported size (%d > %d)", from->name, len, MAXSIZE);
509 if(type == PKT_PROBE) {
512 memcpy(inpkt.data, data, len);
513 mtu_probe_h(mesh, from, &inpkt, len);
519 if(type & ~(PKT_COMPRESSED)) {
520 logger(mesh, MESHLINK_ERROR, "Unexpected SPTPS record type %d len %d from %s", type, len, from->name);
524 if(type & PKT_COMPRESSED) {
525 logger(mesh, MESHLINK_ERROR, "Error while decompressing packet from %s", from->name);
529 memcpy(inpkt.data, data, len); // TODO: get rid of memcpy
532 receive_packet(mesh, from, &inpkt);
537 send a packet to the given vpn ip.
539 void send_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
540 if(n == mesh->self) {
541 // TODO: send to application
545 logger(mesh, MESHLINK_DEBUG, "Sending packet of %d bytes to %s", packet->len, n->name);
547 if(!n->status.reachable) {
548 logger(mesh, MESHLINK_WARNING, "Node %s is not reachable", n->name);
552 n->status.want_udp = true;
554 send_sptps_packet(mesh, n, packet);
558 static node_t *try_harder(meshlink_handle_t *mesh, const sockaddr_t *from, const vpn_packet_t *pkt) {
562 for splay_each(edge_t, e, mesh->edges) {
563 if(!e->to->status.reachable || e->to == mesh->self) {
567 if(sockaddrcmp_noport(from, &e->address)) {
568 if(mesh->last_hard_try == mesh->loop.now.tv_sec) {
575 if(!try_mac(mesh, e->to, pkt)) {
584 mesh->last_hard_try = mesh->loop.now.tv_sec;
590 void handle_incoming_vpn_data(event_loop_t *loop, void *data, int flags) {
592 meshlink_handle_t *mesh = loop->data;
593 listen_socket_t *ls = data;
597 socklen_t fromlen = sizeof(from);
601 memset(&from, 0, sizeof(from));
603 len = recvfrom(ls->udp.fd, pkt.data, MAXSIZE, 0, &from.sa, &fromlen);
605 if(len <= 0 || len > MAXSIZE) {
606 if(!sockwouldblock(sockerrno)) {
607 logger(mesh, MESHLINK_ERROR, "Receiving packet failed: %s", sockstrerror(sockerrno));
615 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
617 n = lookup_node_udp(mesh, &from);
620 n = try_harder(mesh, &from, &pkt);
623 update_node_udp(mesh, n, &from);
624 } else if(mesh->log_level <= MESHLINK_WARNING) {
625 hostname = sockaddr2hostname(&from);
626 logger(mesh, MESHLINK_WARNING, "Received UDP packet from unknown source %s", hostname);
634 if(n->status.blacklisted) {
635 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
639 n->sock = ls - mesh->listen_socket;
641 receive_udppacket(mesh, n, &pkt);