2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 2014-2017 Guus Sliepen <guus@meshlink.io>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include "connection.h"
27 #include "meshlink_internal.h"
37 static void send_udppacket(meshlink_handle_t *mesh, node_t *, vpn_packet_t *);
39 #define MAX_SEQNO 1073741824
41 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
42 mtuprobes == 31: sleep pinginterval seconds
43 mtuprobes == 32: send 1 burst, sleep pingtimeout second
44 mtuprobes == 33: no response from other side, restart PMTU discovery process
46 Probes are sent in batches of at least three, with random sizes between the
47 lower and upper boundaries for the MTU thus far discovered.
49 After the initial discovery, a fourth packet is added to each batch with a
50 size larger than the currently known PMTU, to test if the PMTU has increased.
52 In case local discovery is enabled, another packet is added to each batch,
53 which will be broadcast to the local network.
57 static void send_mtu_probe_handler(event_loop_t *loop, void *data) {
58 meshlink_handle_t *mesh = loop->data;
64 if(!n->status.reachable || !n->status.validkey) {
65 logger(mesh, MESHLINK_INFO, "Trying to send MTU probe to unreachable or rekeying node %s", n->name);
70 if(n->mtuprobes > 32) {
73 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
77 logger(mesh, MESHLINK_INFO, "%s did not respond to UDP ping, restarting PMTU discovery", n->name);
78 n->status.udp_confirmed = false;
83 update_node_pmtu(mesh, n);
86 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
87 logger(mesh, MESHLINK_INFO, "No response to MTU probes from %s", n->name);
91 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
92 if(n->minmtu > n->maxmtu) {
93 n->minmtu = n->maxmtu;
94 update_node_pmtu(mesh, n);
96 n->maxmtu = n->minmtu;
100 logger(mesh, MESHLINK_INFO, "Fixing MTU of %s to %d after %d probes", n->name, n->mtu, n->mtuprobes);
104 if(n->mtuprobes == 31) {
105 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
107 } else if(n->mtuprobes == 32) {
108 timeout = mesh->dev_class_traits[n->devclass].pingtimeout;
111 for(int i = 0; i < 5; i++) {
115 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU) {
120 } else if(n->maxmtu <= n->minmtu) {
123 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
132 memset(packet.data, 0, 14);
133 randomize(packet.data + 14, len - 14);
135 n->status.broadcast = i >= 4 && n->mtuprobes <= 10 && n->prevedge;
137 logger(mesh, MESHLINK_DEBUG, "Sending MTU probe length %d to %s", len, n->name);
139 send_udppacket(mesh, n, &packet);
142 n->status.broadcast = false;
145 timeout_set(&mesh->loop, &n->mtutimeout, &(struct timeval) {
146 timeout, rand() % 100000
150 void send_mtu_probe(meshlink_handle_t *mesh, node_t *n) {
151 timeout_add(&mesh->loop, &n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval) {
154 send_mtu_probe_handler(&mesh->loop, n);
157 static void mtu_probe_h(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet, uint16_t len) {
158 logger(mesh, MESHLINK_DEBUG, "Got MTU probe length %d from %s", packet->len, n->name);
160 if(!packet->data[0]) {
161 /* It's a probe request, send back a reply */
165 /* Temporarily set udp_confirmed, so that the reply is sent
166 back exactly the way it came in. */
168 bool udp_confirmed = n->status.udp_confirmed;
169 n->status.udp_confirmed = true;
170 send_udppacket(mesh, n, packet);
171 n->status.udp_confirmed = udp_confirmed;
173 /* It's a valid reply: now we know bidirectional communication
174 is possible using the address and socket that the reply
177 n->status.udp_confirmed = true;
179 /* If we haven't established the PMTU yet, restart the discovery process. */
181 if(n->mtuprobes > 30) {
182 if(len == n->maxmtu + 8) {
183 logger(mesh, MESHLINK_INFO, "Increase in PMTU to %s detected, restarting PMTU discovery", n->name);
196 /* If applicable, raise the minimum supported MTU */
198 if(len > n->maxmtu) {
202 if(n->minmtu < len) {
204 update_node_pmtu(mesh, n);
211 static void receive_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
212 logger(mesh, MESHLINK_DEBUG, "Received packet of %d bytes from %s", packet->len, n->name);
214 if(n->status.blacklisted) {
215 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
218 n->in_bytes += packet->len;
220 route(mesh, n, packet);
224 static bool try_mac(meshlink_handle_t *mesh, node_t *n, const vpn_packet_t *inpkt) {
226 return sptps_verify_datagram(&n->sptps, inpkt->data, inpkt->len);
229 static void receive_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *inpkt) {
230 if(!n->sptps.state) {
231 if(!n->status.waitingforkey) {
232 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but we haven't exchanged keys yet", n->name);
233 send_req_key(mesh, n);
235 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but he hasn't got our key yet", n->name);
241 sptps_receive_data(&n->sptps, inpkt->data, inpkt->len);
244 static void send_sptps_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
245 if(!n->status.validkey) {
246 logger(mesh, MESHLINK_INFO, "No valid key known yet for %s", n->name);
248 if(!n->status.waitingforkey) {
249 send_req_key(mesh, n);
250 } else if(n->last_req_key + 10 < mesh->loop.now.tv_sec) {
251 logger(mesh, MESHLINK_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
252 sptps_stop(&n->sptps);
253 n->status.waitingforkey = false;
254 send_req_key(mesh, n);
262 // If it's a probe, send it immediately without trying to compress it.
264 sptps_send_record(&n->sptps, PKT_PROBE, origpkt->data, origpkt->len);
268 sptps_send_record(&n->sptps, type, origpkt->data, origpkt->len);
272 static void choose_udp_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
277 /* If the UDP address is confirmed, use it. */
278 if(n->status.udp_confirmed) {
282 /* Send every third packet to n->address; that could be set
283 to the node's reflexive UDP address discovered during key
286 if(++mesh->udp_choice >= 3) {
287 mesh->udp_choice = 0;
291 /* Otherwise, address are found in edges to this node.
292 So we pick a random edge and a random socket. */
295 int j = rand() % n->edge_tree->count;
296 edge_t *candidate = NULL;
298 for splay_each(edge_t, e, n->edge_tree) {
300 candidate = e->reverse;
306 *sa = &candidate->address;
307 *sock = rand() % mesh->listen_sockets;
310 /* Make sure we have a suitable socket for the chosen address */
311 if(mesh->listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
312 for(int i = 0; i < mesh->listen_sockets; i++) {
313 if(mesh->listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
321 static void choose_broadcast_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
322 static sockaddr_t broadcast_ipv4 = {
324 .sin_family = AF_INET,
325 .sin_addr.s_addr = -1,
329 static sockaddr_t broadcast_ipv6 = {
331 .sin6_family = AF_INET6,
332 .sin6_addr.s6_addr[0x0] = 0xff,
333 .sin6_addr.s6_addr[0x1] = 0x02,
334 .sin6_addr.s6_addr[0xf] = 0x01,
338 *sock = rand() % mesh->listen_sockets;
340 if(mesh->listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
341 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
342 broadcast_ipv6.in6.sin6_scope_id = mesh->listen_socket[*sock].sa.in6.sin6_scope_id;
343 *sa = &broadcast_ipv6;
345 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
346 *sa = &broadcast_ipv4;
350 static void send_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
351 if(!n->status.reachable) {
352 logger(mesh, MESHLINK_INFO, "Trying to send UDP packet to unreachable node %s", n->name);
356 send_sptps_packet(mesh, n, origpkt);
359 bool send_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
361 meshlink_handle_t *mesh = to->mesh;
363 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
365 if(type >= SPTPS_HANDSHAKE || (type != PKT_PROBE && len > to->minmtu)) {
366 char buf[len * 4 / 3 + 5];
367 b64encode(data, buf, len);
369 /* If no valid key is known yet, send the packets using ANS_KEY requests,
370 to ensure we get to learn the reflexive UDP address. */
371 if(!to->status.validkey) {
372 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, mesh->self->name, to->name, buf, 0);
374 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %d %s", REQ_KEY, mesh->self->name, to->name, REQ_SPTPS, buf);
378 /* Otherwise, send the packet via UDP */
380 const sockaddr_t *sa;
383 if(to->status.broadcast) {
384 choose_broadcast_address(mesh, to, &sa, &sock);
386 choose_udp_address(mesh, to, &sa, &sock);
389 if(sendto(mesh->listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
390 if(sockmsgsize(sockerrno)) {
391 if(to->maxmtu >= len) {
392 to->maxmtu = len - 1;
399 logger(mesh, MESHLINK_WARNING, "Error sending UDP SPTPS packet to %s: %s", to->name, sockstrerror(sockerrno));
407 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
408 node_t *from = handle;
409 meshlink_handle_t *mesh = from->mesh;
411 if(type == SPTPS_HANDSHAKE) {
412 if(!from->status.validkey) {
413 logger(mesh, MESHLINK_INFO, "SPTPS key exchange with %s successful", from->name);
414 from->status.validkey = true;
415 from->status.waitingforkey = false;
418 utcp_reset_timers(from->utcp);
426 logger(mesh, MESHLINK_ERROR, "Packet from %s larger than maximum supported size (%d > %d)", from->name, len, MTU);
432 if(type == PKT_PROBE) {
435 memcpy(inpkt.data, data, len);
436 mtu_probe_h(mesh, from, &inpkt, len);
442 if(type & ~(PKT_COMPRESSED)) {
443 logger(mesh, MESHLINK_ERROR, "Unexpected SPTPS record type %d len %d from %s", type, len, from->name);
447 if(type & PKT_COMPRESSED) {
448 logger(mesh, MESHLINK_ERROR, "Error while decompressing packet from %s", from->name);
452 memcpy(inpkt.data, data, len); // TODO: get rid of memcpy
455 receive_packet(mesh, from, &inpkt);
460 send a packet to the given vpn ip.
462 void send_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
463 if(n == mesh->self) {
465 n->out_bytes += packet->len;
466 // TODO: send to application
470 logger(mesh, MESHLINK_DEBUG, "Sending packet of %d bytes to %s", packet->len, n->name);
472 if(!n->status.reachable) {
473 logger(mesh, MESHLINK_WARNING, "Node %s is not reachable", n->name);
478 n->out_bytes += packet->len;
480 send_sptps_packet(mesh, n, packet);
484 /* Broadcast a packet using the minimum spanning tree */
486 void broadcast_packet(meshlink_handle_t *mesh, const node_t *from, vpn_packet_t *packet) {
487 // Always give ourself a copy of the packet.
488 if(from != mesh->self) {
489 send_packet(mesh, mesh->self, packet);
492 logger(mesh, MESHLINK_INFO, "Broadcasting packet of %d bytes from %s", packet->len, from->name);
494 for list_each(connection_t, c, mesh->connections)
495 if(c->status.active && c->status.mst && c != from->nexthop->connection) {
496 send_packet(mesh, c->node, packet);
500 static node_t *try_harder(meshlink_handle_t *mesh, const sockaddr_t *from, const vpn_packet_t *pkt) {
504 for splay_each(edge_t, e, mesh->edges) {
505 if(!e->to->status.reachable || e->to == mesh->self) {
509 if(sockaddrcmp_noport(from, &e->address)) {
510 if(mesh->last_hard_try == mesh->loop.now.tv_sec) {
517 if(!try_mac(mesh, e->to, pkt)) {
526 mesh->last_hard_try = mesh->loop.now.tv_sec;
532 void handle_incoming_vpn_data(event_loop_t *loop, void *data, int flags) {
534 meshlink_handle_t *mesh = loop->data;
535 listen_socket_t *ls = data;
539 socklen_t fromlen = sizeof(from);
543 memset(&from, 0, sizeof(from));
545 len = recvfrom(ls->udp.fd, pkt.data, MAXSIZE, 0, &from.sa, &fromlen);
547 if(len <= 0 || len > MAXSIZE) {
548 if(!sockwouldblock(sockerrno)) {
549 logger(mesh, MESHLINK_ERROR, "Receiving packet failed: %s", sockstrerror(sockerrno));
557 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
559 n = lookup_node_udp(mesh, &from);
562 n = try_harder(mesh, &from, &pkt);
565 update_node_udp(mesh, n, &from);
566 } else if(mesh->log_level >= MESHLINK_WARNING) {
567 hostname = sockaddr2hostname(&from);
568 logger(mesh, MESHLINK_WARNING, "Received UDP packet from unknown source %s", hostname);
576 if(n->status.blacklisted) {
577 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
581 n->sock = ls - mesh->listen_socket;
583 receive_udppacket(mesh, n, &pkt);