-void send_udppacket(node_t *n, vpn_packet_t *inpkt)
-{
- vpn_packet_t pkt1, pkt2;
- vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2};
- int nextpkt = 0;
- vpn_packet_t *outpkt;
- int origlen;
- int outlen, outpad;
- long int complen = MTU + 12;
- EVP_CIPHER_CTX ctx;
- vpn_packet_t *copy;
- static int priority = 0;
- int origpriority;
- int sock;
-cp
- /* Make sure we have a valid key */
-
- if(!n->status.validkey)
- {
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
- n->name, n->hostname);
-
- /* Since packet is on the stack of handle_tap_input(),
- we have to make a copy of it first. */
-
- copy = xmalloc(sizeof(vpn_packet_t));
- memcpy(copy, inpkt, sizeof(vpn_packet_t));
-
- list_insert_tail(n->queue, copy);
-
- if(!n->status.waitingforkey)
- send_req_key(n->nexthop->connection, myself, n);
-
- n->status.waitingforkey = 1;
-
- return;
- }
-
- origlen = inpkt->len;
- origpriority = inpkt->priority;
-
- /* Compress the packet */
-
- if(n->compression)
- {
- outpkt = pkt[nextpkt++];
-
- if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK)
- {
- syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname);
- return;
- }
-
- outpkt->len = complen;
- inpkt = outpkt;
- }
-
- /* Add sequence number */
-
- inpkt->seqno = htonl(++(n->sent_seqno));
- inpkt->len += sizeof(inpkt->seqno);
-
- /* Encrypt the packet */
-
- if(n->cipher)
- {
- outpkt = pkt[nextpkt++];
-
- EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len);
- EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len);
- EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad);
-
- outpkt->len = outlen + outpad;
- inpkt = outpkt;
- }
-
- /* Add the message authentication code */
-
- if(n->digest && n->maclength)
- {
- HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen);
- inpkt->len += n->maclength;
- }
-
- /* Determine which socket we have to use */
-
- for(sock = 0; sock < listen_sockets; sock++)
- if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family)
- break;
-
- if(sock >= listen_sockets)
- sock = 0; /* If none is available, just use the first and hope for the best. */
-
- /* Send the packet */
-
-#if defined(SOL_IP) && defined(IP_TOS)
- if(priorityinheritance && origpriority != priority && listen_socket[sock].sa.sa.sa_family == AF_INET)
- {
- priority = origpriority;
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority);
- if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
- syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno));
- }
-#endif
-
- if((sendto(listen_socket[sock].udp, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0)
- {
- syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"),
- n->name, n->hostname, strerror(errno));
- return;
- }
-
- inpkt->len = origlen;
-cp
+static void choose_udp_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
+ /* Latest guess */
+ *sa = &n->address;
+ *sock = n->sock;
+
+ /* If the UDP address is confirmed, use it. */
+ if(n->status.udp_confirmed) {
+ return;
+ }
+
+ /* Send every third packet to n->address; that could be set
+ to the node's reflexive UDP address discovered during key
+ exchange. */
+
+ if(++mesh->udp_choice >= 3) {
+ mesh->udp_choice = 0;
+ return;
+ }
+
+ /* If we have learned an address via Catta, try this once every batch */
+ if(mesh->udp_choice == 1 && n->catta_address.sa.sa_family != AF_UNSPEC) {
+ *sa = &n->catta_address;
+ goto check_socket;
+ }
+
+ /* Otherwise, address are found in edges to this node.
+ So we pick a random edge and a random socket. */
+
+ int i = 0;
+ int j = prng(mesh, n->edge_tree->count);
+ edge_t *candidate = NULL;
+
+ for splay_each(edge_t, e, n->edge_tree) {
+ if(i++ == j) {
+ candidate = e->reverse;
+ break;
+ }
+ }
+
+ if(candidate) {
+ *sa = &candidate->address;
+ *sock = prng(mesh, mesh->listen_sockets);
+ }
+
+check_socket:
+
+ /* Make sure we have a suitable socket for the chosen address */
+ if(mesh->listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
+ for(int i = 0; i < mesh->listen_sockets; i++) {
+ if(mesh->listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
+ *sock = i;
+ break;
+ }
+ }
+ }
+}
+
+static void choose_broadcast_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
+ *sock = prng(mesh, mesh->listen_sockets);
+ sockaddr_t *broadcast_sa = &mesh->listen_socket[*sock].broadcast_sa;
+
+ if(broadcast_sa->sa.sa_family == AF_INET6) {
+ broadcast_sa->in6.sin6_port = n->prevedge->address.in.sin_port;
+ } else {
+ broadcast_sa->in.sin_port = n->prevedge->address.in.sin_port;
+ }
+
+ *sa = broadcast_sa;
+}
+
+static void send_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
+ if(!n->status.reachable) {
+ logger(mesh, MESHLINK_INFO, "Trying to send UDP packet to unreachable node %s", n->name);
+ return;
+ }
+
+ send_sptps_packet(mesh, n, origpkt);
+}
+
+bool send_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
+ assert(handle);
+ assert(data);
+ assert(len);
+
+ node_t *to = handle;
+ meshlink_handle_t *mesh = to->mesh;
+
+ /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
+
+ if(type >= SPTPS_HANDSHAKE || (type != PKT_PROBE && (len - 21) > to->minmtu)) {
+ char buf[len * 4 / 3 + 5];
+ b64encode(data, buf, len);
+
+ /* If no valid key is known yet, send the packets using ANS_KEY requests,
+ to ensure we get to learn the reflexive UDP address. */
+ if(!to->status.validkey) {
+ return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, mesh->self->name, to->name, buf, 0);
+ } else {
+ return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %d %s", REQ_KEY, mesh->self->name, to->name, REQ_SPTPS, buf);
+ }
+ }
+
+ /* Otherwise, send the packet via UDP */
+
+ const sockaddr_t *sa;
+ int sock;
+
+ if(to->status.broadcast) {
+ choose_broadcast_address(mesh, to, &sa, &sock);
+ } else {
+ choose_udp_address(mesh, to, &sa, &sock);
+ }
+
+ if(sendto(mesh->listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
+ if(sockmsgsize(sockerrno)) {
+ if(to->maxmtu >= len) {
+ to->maxmtu = len - 1;
+ }
+
+ if(to->mtu >= len) {
+ to->mtu = len - 1;
+ }
+ } else {
+ logger(mesh, MESHLINK_WARNING, "Error sending UDP SPTPS packet to %s: %s", to->name, sockstrerror(sockerrno));
+ return false;
+ }
+ }
+
+ return true;
+}
+
+bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
+ assert(handle);
+ assert(!data || len);
+
+ node_t *from = handle;
+ meshlink_handle_t *mesh = from->mesh;
+
+ if(type == SPTPS_HANDSHAKE) {
+ if(!from->status.validkey) {
+ logger(mesh, MESHLINK_INFO, "SPTPS key exchange with %s successful", from->name);
+ from->status.validkey = true;
+ from->status.waitingforkey = false;
+
+ if(from->utcp) {
+ utcp_reset_timers(from->utcp);
+ }
+ }
+
+ return true;
+ }
+
+ if(len > MAXSIZE) {
+ logger(mesh, MESHLINK_ERROR, "Packet from %s larger than maximum supported size (%d > %d)", from->name, len, MAXSIZE);
+ return false;
+ }
+
+ vpn_packet_t inpkt;
+
+ if(type == PKT_PROBE) {
+ inpkt.len = len;
+ inpkt.probe = true;
+ memcpy(inpkt.data, data, len);
+ mtu_probe_h(mesh, from, &inpkt, len);
+ return true;
+ } else {
+ inpkt.probe = false;
+ }
+
+ if(type & ~(PKT_COMPRESSED)) {
+ logger(mesh, MESHLINK_ERROR, "Unexpected SPTPS record type %d len %d from %s", type, len, from->name);
+ return false;
+ }
+
+ if(type & PKT_COMPRESSED) {
+ logger(mesh, MESHLINK_ERROR, "Error while decompressing packet from %s", from->name);
+ return false;
+ }
+
+ memcpy(inpkt.data, data, len); // TODO: get rid of memcpy
+ inpkt.len = len;
+
+ receive_packet(mesh, from, &inpkt);
+ return true;