2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 2014-2017 Guus Sliepen <guus@meshlink.io>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include "connection.h"
27 #include "meshlink_internal.h"
38 static void send_udppacket(meshlink_handle_t *mesh, node_t *, vpn_packet_t *);
40 #define MAX_SEQNO 1073741824
41 #define PROBE_OVERHEAD (SPTPS_DATAGRAM_OVERHEAD + 40)
43 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
44 mtuprobes == 31: sleep pinginterval seconds
45 mtuprobes == 32: send 1 burst, sleep pingtimeout second
46 mtuprobes == 33: no response from other side, restart PMTU discovery process
48 Probes are sent in batches of at least three, with random sizes between the
49 lower and upper boundaries for the MTU thus far discovered.
51 After the initial discovery, a fourth packet is added to each batch with a
52 size larger than the currently known PMTU, to test if the PMTU has increased.
54 In case local discovery is enabled, another packet is added to each batch,
55 which will be broadcast to the local network.
59 static void send_mtu_probe_handler(event_loop_t *loop, void *data) {
60 meshlink_handle_t *mesh = loop->data;
66 if(!n->status.reachable || !n->status.validkey) {
67 logger(mesh, MESHLINK_INFO, "Trying to send MTU probe to unreachable or rekeying node %s", n->name);
72 if(n->mtuprobes > 32) {
75 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
79 logger(mesh, MESHLINK_INFO, "%s did not respond to UDP ping, restarting PMTU discovery", n->name);
80 n->status.udp_confirmed = false;
85 update_node_pmtu(mesh, n);
88 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
89 logger(mesh, MESHLINK_INFO, "No response to MTU probes from %s", n->name);
93 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
94 if(n->minmtu > n->maxmtu) {
95 n->minmtu = n->maxmtu;
96 update_node_pmtu(mesh, n);
98 n->maxmtu = n->minmtu;
102 logger(mesh, MESHLINK_INFO, "Fixing MTU of %s to %d after %d probes", n->name, n->mtu, n->mtuprobes);
106 if(n->mtuprobes == 31) {
107 if(!n->minmtu && n->status.want_udp && n->nexthop && n->nexthop->connection) {
108 /* Send a dummy ANS_KEY to try to update the reflexive UDP address */
109 send_request(mesh, n->nexthop->connection, NULL, "%d %s %s . -1 -1 -1 0", ANS_KEY, mesh->self->name, n->name);
110 n->status.want_udp = false;
113 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
115 } else if(n->mtuprobes == 32) {
116 timeout = mesh->dev_class_traits[n->devclass].pingtimeout;
119 for(int i = 0; i < 5; i++) {
123 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU) {
128 } else if(n->maxmtu <= n->minmtu) {
131 len = n->minmtu + 1 + prng(mesh, n->maxmtu - n->minmtu);
140 memset(packet.data, 0, 14);
141 randomize(packet.data + 14, len - 14);
143 n->status.broadcast = i >= 4 && n->mtuprobes <= 10 && n->prevedge;
145 logger(mesh, MESHLINK_DEBUG, "Sending MTU probe length %d to %s", len, n->name);
147 n->out_meta += packet.len + PROBE_OVERHEAD;
148 mesh->self->out_meta += packet.len + PROBE_OVERHEAD;
149 send_udppacket(mesh, n, &packet);
152 n->status.broadcast = false;
155 timeout_set(&mesh->loop, &n->mtutimeout, &(struct timespec) {
156 timeout, prng(mesh, TIMER_FUDGE)
160 void send_mtu_probe(meshlink_handle_t *mesh, node_t *n) {
161 timeout_add(&mesh->loop, &n->mtutimeout, send_mtu_probe_handler, n, &(struct timespec) {
164 send_mtu_probe_handler(&mesh->loop, n);
167 static void mtu_probe_h(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet, uint16_t len) {
168 n->in_meta += len + PROBE_OVERHEAD;
169 mesh->self->in_meta += len + PROBE_OVERHEAD;
172 logger(mesh, MESHLINK_WARNING, "Got too short MTU probe length %d from %s", packet->len, n->name);
176 logger(mesh, MESHLINK_DEBUG, "Got MTU probe length %d from %s", packet->len, n->name);
178 if(!packet->data[0]) {
179 /* It's a probe request, send back a reply */
183 /* Temporarily set udp_confirmed, so that the reply is sent
184 back exactly the way it came in. */
186 bool udp_confirmed = n->status.udp_confirmed;
187 n->status.udp_confirmed = true;
188 logger(mesh, MESHLINK_DEBUG, "Sending MTU probe reply %d to %s", packet->len, n->name);
189 n->out_meta += packet->len + PROBE_OVERHEAD;
190 mesh->self->out_meta += packet->len + PROBE_OVERHEAD;
191 send_udppacket(mesh, n, packet);
192 n->status.udp_confirmed = udp_confirmed;
194 /* It's a valid reply: now we know bidirectional communication
195 is possible using the address and socket that the reply
198 if(!n->status.udp_confirmed) {
199 char *address, *port;
200 sockaddr2str(&n->address, &address, &port);
202 if(n->nexthop && n->nexthop->connection) {
203 send_request(mesh, n->nexthop->connection, NULL, "%d %s %s . -1 -1 -1 0 %s %s", ANS_KEY, n->name, n->name, address, port);
205 logger(mesh, MESHLINK_WARNING, "Cannot send reflexive address to %s via %s", n->name, n->nexthop ? n->nexthop->name : n->name);
210 n->status.udp_confirmed = true;
213 /* If we haven't established the PMTU yet, restart the discovery process. */
215 if(n->mtuprobes > 30) {
216 if(len == n->maxmtu + 8) {
217 logger(mesh, MESHLINK_INFO, "Increase in PMTU to %s detected, restarting PMTU discovery", n->name);
230 /* If applicable, raise the minimum supported MTU */
232 if(len > n->maxmtu) {
236 if(n->minmtu < len) {
238 update_node_pmtu(mesh, n);
245 static void receive_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
246 logger(mesh, MESHLINK_DEBUG, "Received packet of %d bytes from %s", packet->len, n->name);
248 if(n->status.blacklisted) {
249 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
251 route(mesh, n, packet);
255 static bool try_mac(meshlink_handle_t *mesh, node_t *n, const vpn_packet_t *inpkt) {
257 return sptps_verify_datagram(&n->sptps, inpkt->data, inpkt->len);
260 static void receive_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *inpkt) {
261 if(!n->status.reachable) {
262 logger(mesh, MESHLINK_ERROR, "Got SPTPS data from unreachable node %s", n->name);
266 if(!n->sptps.state) {
267 if(!n->status.waitingforkey) {
268 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but we haven't exchanged keys yet", n->name);
269 send_req_key(mesh, n);
271 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but he hasn't got our key yet", n->name);
277 if(!sptps_receive_data(&n->sptps, inpkt->data, inpkt->len)) {
278 logger(mesh, MESHLINK_ERROR, "Could not process SPTPS data from %s: %s", n->name, strerror(errno));
282 static void send_sptps_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
283 if(!n->status.reachable) {
284 logger(mesh, MESHLINK_ERROR, "Trying to send SPTPS data to unreachable node %s", n->name);
288 if(!n->status.validkey) {
289 if(n->connection && (n->connection->flags & PROTOCOL_TINY) & n->connection->status.active) {
290 send_raw_packet(mesh, n->connection, origpkt);
294 logger(mesh, MESHLINK_INFO, "No valid key known yet for %s", n->name);
296 if(!n->status.waitingforkey) {
297 send_req_key(mesh, n);
298 } else if(n->last_req_key + 10 < mesh->loop.now.tv_sec) {
299 logger(mesh, MESHLINK_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
300 sptps_stop(&n->sptps);
301 n->status.waitingforkey = false;
302 send_req_key(mesh, n);
310 // If it's a probe, send it immediately without trying to compress it.
312 sptps_send_record(&n->sptps, PKT_PROBE, origpkt->data, origpkt->len);
316 sptps_send_record(&n->sptps, type, origpkt->data, origpkt->len);
320 static void choose_udp_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock, sockaddr_t *sa_buf) {
325 /* If the UDP address is confirmed, use it. */
326 if(n->status.udp_confirmed) {
330 /* Send every third packet to n->address; that could be set
331 to the node's reflexive UDP address discovered during key
334 if(++mesh->udp_choice >= 3) {
335 mesh->udp_choice = 0;
339 /* If we have learned an address via Catta, try this once every batch */
340 if(mesh->udp_choice == 1 && n->catta_address.sa.sa_family != AF_UNSPEC) {
341 *sa = &n->catta_address;
345 /* Else, if we have a canonical address, try this once every batch */
346 if(mesh->udp_choice == 1 && n->canonical_address) {
347 char *host = xstrdup(n->canonical_address);
348 char *port = strchr(host, ' ');
352 *sa_buf = str2sockaddr_random(mesh, host, port);
355 if(sa_buf->sa.sa_family != AF_UNKNOWN) {
364 /* Otherwise, address are found in edges to this node.
365 So we pick a random edge and a random socket. */
367 edge_t *candidate = NULL;
371 int j = prng(mesh, n->edge_tree->count);
373 for splay_each(edge_t, e, n->edge_tree) {
375 candidate = e->reverse;
382 *sa = &candidate->address;
383 *sock = prng(mesh, mesh->listen_sockets);
388 /* Make sure we have a suitable socket for the chosen address */
389 if(mesh->listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
390 for(int i = 0; i < mesh->listen_sockets; i++) {
391 if(mesh->listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
399 static void choose_broadcast_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
400 *sock = prng(mesh, mesh->listen_sockets);
401 sockaddr_t *broadcast_sa = &mesh->listen_socket[*sock].broadcast_sa;
403 if(broadcast_sa->sa.sa_family == AF_INET6) {
404 broadcast_sa->in6.sin6_port = n->prevedge->address.in.sin_port;
406 broadcast_sa->in.sin_port = n->prevedge->address.in.sin_port;
412 static void send_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
413 if(!n->status.reachable) {
414 logger(mesh, MESHLINK_INFO, "Trying to send UDP packet to unreachable node %s", n->name);
418 send_sptps_packet(mesh, n, origpkt);
421 bool send_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
427 meshlink_handle_t *mesh = to->mesh;
429 if(!to->status.reachable) {
430 logger(mesh, MESHLINK_ERROR, "Trying to send SPTPS data to unreachable node %s", to->name);
434 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
436 if(type >= SPTPS_HANDSHAKE || (type != PKT_PROBE && (len - 21) > to->minmtu)) {
437 char buf[len * 4 / 3 + 5];
438 b64encode(data, buf, len);
440 if(!to->nexthop || !to->nexthop->connection) {
441 logger(mesh, MESHLINK_WARNING, "Unable to forward SPTPS packet to %s via %s", to->name, to->nexthop ? to->nexthop->name : to->name);
445 /* If no valid key is known yet, send the packets using ANS_KEY requests,
446 to ensure we get to learn the reflexive UDP address. */
447 if(!to->status.validkey) {
448 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, mesh->self->name, to->name, buf, 0);
450 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %d %s", REQ_KEY, mesh->self->name, to->name, REQ_SPTPS, buf);
454 /* Otherwise, send the packet via UDP */
457 const sockaddr_t *sa;
460 if(to->status.broadcast) {
461 choose_broadcast_address(mesh, to, &sa, &sock);
463 choose_udp_address(mesh, to, &sa, &sock, &sa_buf);
466 if(sendto(mesh->listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
467 if(sockmsgsize(sockerrno)) {
468 if(to->maxmtu >= len) {
469 to->maxmtu = len - 1;
476 logger(mesh, MESHLINK_WARNING, "Error sending UDP SPTPS packet to %s: %s", to->name, sockstrerror(sockerrno));
484 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
486 assert(!data || len);
488 node_t *from = handle;
489 meshlink_handle_t *mesh = from->mesh;
491 if(type == SPTPS_HANDSHAKE) {
492 if(!from->status.validkey) {
493 logger(mesh, MESHLINK_INFO, "SPTPS key exchange with %s successful", from->name);
494 from->status.validkey = true;
495 from->status.waitingforkey = false;
498 utcp_reset_timers(from->utcp);
506 logger(mesh, MESHLINK_ERROR, "Packet from %s larger than maximum supported size (%d > %d)", from->name, len, MAXSIZE);
512 if(type == PKT_PROBE) {
515 memcpy(inpkt.data, data, len);
516 mtu_probe_h(mesh, from, &inpkt, len);
522 if(type & ~(PKT_COMPRESSED)) {
523 logger(mesh, MESHLINK_ERROR, "Unexpected SPTPS record type %d len %d from %s", type, len, from->name);
527 if(type & PKT_COMPRESSED) {
528 logger(mesh, MESHLINK_ERROR, "Error while decompressing packet from %s", from->name);
532 memcpy(inpkt.data, data, len); // TODO: get rid of memcpy
535 receive_packet(mesh, from, &inpkt);
540 send a packet to the given vpn ip.
542 void send_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
543 if(n == mesh->self) {
544 // TODO: send to application
548 logger(mesh, MESHLINK_DEBUG, "Sending packet of %d bytes to %s", packet->len, n->name);
550 if(!n->status.reachable) {
551 logger(mesh, MESHLINK_WARNING, "Node %s is not reachable", n->name);
555 n->status.want_udp = true;
557 send_sptps_packet(mesh, n, packet);
561 static node_t *try_harder(meshlink_handle_t *mesh, const sockaddr_t *from, const vpn_packet_t *pkt) {
565 for splay_each(edge_t, e, mesh->edges) {
566 if(!e->to->status.reachable || e->to == mesh->self) {
570 if(sockaddrcmp_noport(from, &e->address)) {
571 if(mesh->last_hard_try == mesh->loop.now.tv_sec) {
578 if(!try_mac(mesh, e->to, pkt)) {
587 mesh->last_hard_try = mesh->loop.now.tv_sec;
593 void handle_incoming_vpn_data(event_loop_t *loop, void *data, int flags) {
595 meshlink_handle_t *mesh = loop->data;
596 listen_socket_t *ls = data;
600 socklen_t fromlen = sizeof(from);
604 memset(&from, 0, sizeof(from));
606 len = recvfrom(ls->udp.fd, pkt.data, MAXSIZE, 0, &from.sa, &fromlen);
608 if(len <= 0 || len > MAXSIZE) {
609 if(!sockwouldblock(sockerrno)) {
610 logger(mesh, MESHLINK_ERROR, "Receiving packet failed: %s", sockstrerror(sockerrno));
618 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
620 n = lookup_node_udp(mesh, &from);
623 n = try_harder(mesh, &from, &pkt);
626 update_node_udp(mesh, n, &from);
627 } else if(mesh->log_level <= MESHLINK_WARNING) {
628 hostname = sockaddr2hostname(&from);
629 logger(mesh, MESHLINK_WARNING, "Received UDP packet from unknown source %s", hostname);
637 if(n->status.blacklisted) {
638 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
642 n->sock = ls - mesh->listen_socket;
644 receive_udppacket(mesh, n, &pkt);