2 protocol.c -- handle the meta-protocol
3 Copyright (C) 1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: protocol.c,v 1.28.4.30 2000/09/14 11:54:51 guus Exp $
25 #include <sys/types.h>
30 #include <sys/socket.h>
37 #include <netinet/in.h>
47 /* Generic outgoing request routine - takes care of logging and error detection as well */
49 int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...)
54 if(debug_lvl >= DEBUG_PROTOCOL)
55 syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), requestname[request], cl->id, cl->hostname);
57 va_start(args, format);
58 len = vasprintf(&buffer, format, args);
61 if(len < 0 || !buffer)
63 syslog(LOG_ERR, _("Error during vasprintf(): %m"));
67 if(debug_lvl >= DEBUG_META)
68 syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), cl->id, cl->hostname, buffer);
70 if(cl->status.encrypted)
72 /* FIXME: Do encryption */
75 if((write(cl->meta_socket, buffer, buflen)) < 0)
77 syslog(LOG_ERR, _("Sending meta data failed: %m"));
83 /* Connection protocol:
100 Part of the challenge is directly used to set the blowfish key and the initial vector.
101 (Twee vliegen in één klap!)
104 int send_id(conn_list_t *cl)
107 return send_request(cl, "%d %s %d %s", ID, myself->id, myself->version, opt2str(myself->options));
110 int id_h(conn_list_t *cl)
115 if(sscanf(cl->buffer, "%*d %as %d %as", &cl->id, &cl->version, &options) != 3)
117 syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname);
121 /* Check if version matches */
123 if(cl->version != myself->version)
125 syslog(LOG_ERR, _("Peer %s uses incompatible version %d"), cl->hostname, cl->min_version, cl->max_version);
129 /* Check if option string is valid */
131 if((cl->options = str2opt(options)) == -1)
133 syslog(LOG_ERR, _("Peer %s uses invalid option string"), cl->hostname);
137 /* Check if identity is a valid name */
139 if(!check_id(cl->id))
141 syslog(LOG_ERR, _("Peer %s uses invalid identity name"), cl->hostname);
145 /* Load information about peer */
149 syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->id);
154 /* First check if the host we connected to is already in our
155 connection list. If so, we are probably making a loop, which
159 if(cl->status.outgoing)
161 if((old=lookup_id(cl->id)))
163 if(debug_lvl > DEBUG_CONNECTIONS)
164 syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->id, cl->hostname);
165 cl->status.outgoing = 0;
166 old->status.outgoing = 1;
167 terminate_connection(cl);
172 /* Send a challenge to verify the identity */
174 cl->allow_request = CHAL_REPLY;
176 return send_challenge(cl);
179 int send_challenge(conn_list_t *cl)
188 /* Allocate buffers for the challenge and the hash */
190 cl->chal_hash = xmalloc(SHA_DIGEST_LEN);
191 keylength = BN_num_bytes(cl->rsakey.n);
192 buffer = xmalloc(keylength*2);
194 /* Copy random data and the public key to the buffer */
196 RAND_bytes(buffer, keylength);
197 BN_bn2bin(cl->rsakey.n, buffer+keylength);
199 /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */
201 if(!cl->status.encrypted)
203 set_metakey(cl, buffer, keylength);
206 /* Calculate the hash from that */
208 SHA1(buffer, keylength*2, cl->chal_hash);
210 /* Convert the random data to a hexadecimal formatted string */
212 bin2hex(buffer,buffer,keylength);
213 buffer[keylength*2] = '\0';
215 /* Send the challenge */
217 cl->allow_request = CHAL_REPLY;
218 x = send_request(cl, "%d %s", CHALLENGE, buffer);
220 cl->status.encrypted = 1;
225 int challenge_h(conn_list_t *cl)
229 if(sscanf(cl->buffer, "%*d %as", &cl->id, &challenge) != 1)
231 syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), cl->id, cl->hostname);
235 /* Rest is done by send_chal_reply() */
237 x = send_chal_reply(cl, challenge);
243 int send_chal_reply(conn_list_t *cl, char *challenge)
250 keylength = BN_num_bytes(myself->rsakey.n);
252 /* Check if the length of the challenge is all right */
254 if(strlen(challenge) != keylength*2)
256 syslog(LOG_ERROR, _("Intruder: wrong challenge length from %s (%s)"), cl->id, cl->hostname);
260 /* Allocate buffers for the challenge and the hash */
262 buffer = xmalloc(keylength*2);
263 hash = xmalloc(SHA_DIGEST_LEN*2+1);
265 /* Copy the incoming random data and our public key to the buffer */
267 hex2bin(challenge, buffer, keylength);
268 BN_bn2bin(myself->rsakey.n, buffer+keylength);
270 /* Calculate the hash from that */
272 SHA1(buffer, keylength*2, hash);
274 /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */
276 if(!cl->status.encrypted)
278 set_metakey(cl, buffer, keylength);
279 cl->status.encrypted = 1;
284 /* Convert the hash to a hexadecimal formatted string */
286 bin2hex(hash,hash,SHA_DIGEST_LEN);
287 hash[SHA_DIGEST_LEN*2] = '\0';
291 if(cl->status.outgoing)
292 cl->allow_resuest = ID;
294 cl->allow_request = ACK;
296 x = send_request(cl, "%d %s", CHAL_REPLY, hash);
302 int chal_reply_h(conn_list_t *cl)
306 if(sscanf(cl->buffer, "%*d %as", &cl->id, &hash) != 2)
308 syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->id, cl->hostname);
312 /* Check if the length of the hash is all right */
314 if(strlen(hash) != SHA_DIGEST_LEN*2)
316 syslog(LOG_ERROR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->id, cl->hostname);
320 /* Convert the hash to binary format */
322 hex2bin(hash, hash, SHA_DIGEST_LEN);
324 /* Verify the incoming hash with the calculated hash */
326 if{!memcmp(hash, cl->chal_hash, SHA_DIGEST_LEN)}
328 syslog(LOG_ERROR, _("Intruder: wrong challenge reply from %s (%s)"), cl->id, cl->hostname);
332 /* Identity has now been positively verified.
333 If we are accepting this new connection, then send our identity,
334 if we are making this connecting, acknowledge.
341 if(cl->status.outgoing)
343 cl->allow_request = ACK;
348 cl->allow_request = CHALLENGE;
353 int send_ack(conn_list_t *cl)
356 return send_request(cl, "%d", ACK);
359 int ack_h(conn_list_t *cl)
363 /* Okay, before we active the connection, we check if there is another entry
364 in the connection list with the same vpn_ip. If so, it presumably is an
365 old connection that has timed out but we don't know it yet.
368 while((old = lookup_id(cl->id)))
370 if(debug_lvl > DEBUG_CONNECTIONS)
371 syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"),
372 cl->id, old->hostname, cl->hostname);
373 old->status.active = 0;
374 terminate_connection(old);
377 /* Activate this connection */
379 cl->allow_request = ALL;
380 cl->status.active = 1;
382 if(debug_lvl > DEBUG_CONNECTIONS)
383 syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->id, cl->hostname);
385 /* Exchange information about other tinc daemons */
387 notify_others(cl, NULL, send_add_host);
393 if(cl->status.outgoing)
399 /* Address and subnet information exchange */
401 int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
404 return send_request(cl, "%d %s %d %s", ADD_SUBNET, other->id, subnet->type, net2str(subnet));
407 int add_subnet_h(conn_list_t *cl)
411 int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
414 return send_request(cl, "%d %s %d %s", DEL_SUBNET, other->id, subnet->type, net2str(subnet));
417 int del_subnet_h(conn_list_t *cl)
421 /* New and closed connections notification */
423 int send_add_host(conn_list_t *cl, conn_list_t *other)
426 return send_request(cl, "%d %s %lx:%d %s", ADD_HOST, other->id, other->address, other->port, opt2str(other->options));
429 int add_host_h(conn_list_t *cl)
432 conn_list_t *old, *new;
434 new = new_conn_list();
436 if(sscanf(cl->buffer, "%*d %as %lx:%d %as", &new->id, &new->address, &new->port, &options) != 4)
438 syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->id, cl->hostname);
442 /* Check if option string is valid */
444 if((new->options = str2opt(options) == -1)
446 syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid option string"), cl->hostname);
450 /* Check if identity is a valid name */
452 if(!check_id(new->id))
454 syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->id, cl->hostname);
458 /* Check if somebody tries to add ourself */
460 if(!strcmp(new->id, myself->id))
462 syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->id, cl->hostname);
467 /* Fill in more of the new conn_list structure */
469 new->hostname = hostlookup(htonl(new->address));
471 /* Check if the new host already exists in the connnection list */
473 if((old = lookup_id(id))
475 if((new->address == old->address) && (new->port == old->port))
477 if(debug_lvl > DEBUG_CONNECTIONS)
478 syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), old->id, old->hostname, new->id, new->hostname);
483 if(debug_lvl > DEBUG_CONNECTIONS)
484 syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), old->id, old->hostname);
485 old->status.active = 0;
486 terminate_connection(old);
490 /* Fill in rest of conn_list structure */
493 new->status.active = 1;
495 /* Hook it up into the conn_list */
497 conn_list_add(conn_list, new);
499 /* Tell the rest about the new host */
501 notify_others(new, cl, send_add_host);
507 int send_del_host(conn_list_t *cl, conn_list_t *other)
510 return send_request(cl, "%d %s %lx:%d", DEL_HOST, other->id, other->address, other->port);
513 int del_host_h(conn_list_t *cl)
520 if(sscanf(cl->buffer, "%*d %as %lx:%d", &id, &address, &port) != 3)
522 syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->id, cl->hostname);
526 /* Check if somebody tries to delete ourself */
528 if(!strcmp(id, myself->id))
530 syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), cl->id, cl->hostname);
535 /* Check if the new host already exists in the connnection list */
537 if((old = lookup_id(id))
539 if((address == old->address) && (port == old->port))
541 notify_others(old, cl, send_del_host);
543 fw->status.termreq = 1;
544 fw->status.active = 0;
546 terminate_connection(fw);
552 if(debug_lvl > DEBUG_CONNECTIONS)
554 syslog(LOG_NOTICE, _("Got DEL_HOST for %s from %s (%s) which is not in our connection list"), id, cl->id, cl->hostname);
560 /* Status and error notification routines */
562 int send_status(conn_list_t *cl, int statusno, char *statusstring)
566 statusstring = status_text[statusno];
568 return send_request(cl, "%d %d %s", STATUS, statusno, statusstring);
571 int status_h(conn_list_t *cl)
576 if(sscanf(cl->buffer, "%*d %d %as", &statusno, &statusstring) != 2)
578 syslog(LOG_ERR, _("Got bad STATUS from %s (%s)"), cl->id, cl->hostname);
582 if(debug_lvl > DEBUG_STATUS)
584 syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), cl->id, cl->hostname, status_text[statusno], statusstring);
592 int send_error(conn_list_t *cl, int errno, char *errstring)
596 errorstring = error_text[errno];
597 return send_request(cl, "%d %d %s", ERROR, errno, errstring);
600 int error_h(conn_list_t *cl)
605 if(sscanf(cl->buffer, "%*d %d %as", &errno, &errorstring) != 2)
607 syslog(LOG_ERR, _("Got bad error from %s (%s)"), cl->id, cl->hostname);
611 if(debug_lvl > DEBUG_error)
613 syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), cl->id, cl->hostname, error_text[errno], errorstring);
617 cl->status.termreq = 1;
618 terminate_connection(cl);
623 int send_termreq(conn_list_t *cl)
626 return send_request(cl, "%d", TERMREQ);
629 int termreq_h(conn_list_t *cl)
632 cl->status.termreq = 1;
633 terminate_connection(cl);
638 /* Keepalive routines - FIXME: needs a closer look */
640 int send_ping(conn_list_t *cl)
642 cl->status.pinged = 1;
644 return send_request(cl, "%d", PING);
647 int ping_h(conn_list_t *cl)
650 return send_pong(cl);
653 int send_pong(conn_list_t *cl)
656 return send_request(cl, "%d", PONG);
659 int pong_h(conn_list_t *cl)
662 cl->status.got_pong = 1;
669 int send_key_changed(conn_list_t *from, conn_list_t *cl)
673 for(p = conn_list; p != NULL; p = p->next)
675 if(p!=cl && p->status.meta && p->status.active)
676 send_request(p, "%d %s", KEY_CHANGED, from->id);
682 int key_changed_h(conn_list_t *cl)
687 if(sscanf(cl->buffer, "%*d %as", &from_id) != 1)
689 syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), cl->id, cl->hostname);
693 if(!(from = lookup_id(from_id)))
695 syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id);
702 from->status.validkey = 0;
703 from->status.waitingforkey = 0;
705 send_key_changed(from, cl);
710 int send_req_key(conn_list_t *from, conn_list_t *to)
713 return send_request(to->nexthop, "%d %s %s", REQ_KEY, from->id, to->id);
716 int req_key_h(conn_list_t *cl)
718 char *from_id, *to_id;
719 conn_list_t *from, *to;
721 if(sscanf(cl->buffer, "%*d %as %as", &from_id, &to_id) != 2)
723 syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), cl->id, cl->hostname);
727 if(!(from = lookup_id(from_id)))
729 syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id);
730 free(from_id); free(to_id);
734 /* Check if this key request is for us */
736 if(!strcmp(id, myself->strcmp))
738 send_ans_key(myself, from, myself->datakey);
742 if(!(to = lookup_id(to_id)))
744 syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->id, cl->hostname, to_id);
745 free(from_id); free(to_id);
748 send_req_key(from, to);
751 free(from_id); free(to_id);
756 int send_ans_key(conn_list_t *from, conn_list_t *to, char *datakey)
759 return send_request(to->nexthop, "%d %s %s %s", ANS_KEY, from->id, to->id, datakey);
762 int ans_key_h(conn_list_t *cl)
764 char *from_id, *to_id, *datakey;
766 conn_list_t *from, *to;
768 if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &datakey) != 3)
770 syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), cl->id, cl->hostname);
774 if(!(from = lookup_id(from_id)))
776 syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id);
777 free(from_id); free(to_id); free(datakey);
781 /* Check if this key request is for us */
783 if(!strcmp(id, myself->strcmp))
785 /* It is for us, convert it to binary and set the key with it. */
787 keylength = strlen(datakey);
789 if((keylength%2) || (keylength <= 0))
791 syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->id, cl->hostname, from->id);
792 free(from_id); free(to_id); free(datakey);
796 hex2bin(datakey, datakey, keylength);
797 BF_set_key(cl->datakey, keylength, datakey);
801 if(!(to = lookup_id(to_id)))
803 syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->id, cl->hostname, to_id);
804 free(from_id); free(to_id); free(datakey);
807 send_ans_key(from, to, datakey);
810 free(from_id); free(to_id); free(datakey);
818 Notify all my direct connections of a new host
819 that was added to the vpn, with the exception
820 of the source of the announcement.
823 int notify_others(conn_list_t *new, conn_list_t *source,
824 int (*function)(conn_list_t*, conn_list_t*))
828 for(p = conn_list; p != NULL; p = p->next)
829 if(p != new && p != source && p->status.meta && p->status.active)
836 Notify one connection of everything
840 int notify_one(conn_list_t *new)
844 for(p = conn_list; p != NULL; p = p->next)
845 if(p != new && p->status.active)
846 send_add_host(new, p);
851 /* "Complete overhaul". */
853 int (*request_handlers[])(conn_list_t*) = {
854 id_h, challenge_h, chal_reply_h, ack_h,
855 status_h, error_h, termreq_h,
857 add_host_h, del_host_h,
858 add_subnet_h, del_subnet_h,
859 key_changed_h, req_key_h, ans_key_h,
862 char (*request_name[]) = {
863 "ID", "CHALLENGE", "CHAL_REPLY", "ACK",
864 "STATUS", "ERROR", "TERMREQ",
866 "ADD_HOST", "DEL_HOST",
867 "ADD_SUBNET", "DEL_SUBNET",
868 "KEY_CHANGED", "REQ_KEY", "ANS_KEY",