2 meshlink.c -- Implementation of the MeshLink API.
3 Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 #define VAR_SERVER 1 /* Should be in tinc.conf */
20 #define VAR_HOST 2 /* Can be in host config file */
21 #define VAR_MULTIPLE 4 /* Multiple statements allowed */
22 #define VAR_OBSOLETE 8 /* Should not be used anymore */
23 #define VAR_SAFE 16 /* Variable is safe when accepting invitations */
34 #include "meshlink_internal.h"
39 #include "ed25519/sha512.h"
42 //TODO: this can go away completely
43 const var_t variables[] = {
44 /* Server configuration */
45 {"AddressFamily", VAR_SERVER},
46 {"AutoConnect", VAR_SERVER | VAR_SAFE},
47 {"BindToAddress", VAR_SERVER | VAR_MULTIPLE},
48 {"BindToInterface", VAR_SERVER},
49 {"Broadcast", VAR_SERVER | VAR_SAFE},
50 {"ConnectTo", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE},
51 {"DecrementTTL", VAR_SERVER},
52 {"Device", VAR_SERVER},
53 {"DeviceType", VAR_SERVER},
54 {"DirectOnly", VAR_SERVER},
55 {"ECDSAPrivateKeyFile", VAR_SERVER},
56 {"ExperimentalProtocol", VAR_SERVER},
57 {"Forwarding", VAR_SERVER},
58 {"GraphDumpFile", VAR_SERVER | VAR_OBSOLETE},
59 {"Hostnames", VAR_SERVER},
60 {"IffOneQueue", VAR_SERVER},
61 {"Interface", VAR_SERVER},
62 {"KeyExpire", VAR_SERVER},
63 {"ListenAddress", VAR_SERVER | VAR_MULTIPLE},
64 {"LocalDiscovery", VAR_SERVER},
65 {"MACExpire", VAR_SERVER},
66 {"MaxConnectionBurst", VAR_SERVER},
67 {"MaxOutputBufferSize", VAR_SERVER},
68 {"MaxTimeout", VAR_SERVER},
69 {"Mode", VAR_SERVER | VAR_SAFE},
71 {"PingInterval", VAR_SERVER},
72 {"PingTimeout", VAR_SERVER},
73 {"PriorityInheritance", VAR_SERVER},
74 {"PrivateKey", VAR_SERVER | VAR_OBSOLETE},
75 {"PrivateKeyFile", VAR_SERVER},
76 {"ProcessPriority", VAR_SERVER},
77 {"Proxy", VAR_SERVER},
78 {"ReplayWindow", VAR_SERVER},
79 {"ScriptsExtension", VAR_SERVER},
80 {"ScriptsInterpreter", VAR_SERVER},
81 {"StrictSubnets", VAR_SERVER},
82 {"TunnelServer", VAR_SERVER},
83 {"VDEGroup", VAR_SERVER},
84 {"VDEPort", VAR_SERVER},
85 /* Host configuration */
86 {"Address", VAR_HOST | VAR_MULTIPLE},
87 {"Cipher", VAR_SERVER | VAR_HOST},
88 {"ClampMSS", VAR_SERVER | VAR_HOST},
89 {"Compression", VAR_SERVER | VAR_HOST},
90 {"Digest", VAR_SERVER | VAR_HOST},
91 {"ECDSAPublicKey", VAR_HOST},
92 {"ECDSAPublicKeyFile", VAR_SERVER | VAR_HOST},
93 {"IndirectData", VAR_SERVER | VAR_HOST},
94 {"MACLength", VAR_SERVER | VAR_HOST},
95 {"PMTU", VAR_SERVER | VAR_HOST},
96 {"PMTUDiscovery", VAR_SERVER | VAR_HOST},
98 {"PublicKey", VAR_HOST | VAR_OBSOLETE},
99 {"PublicKeyFile", VAR_SERVER | VAR_HOST | VAR_OBSOLETE},
100 {"Subnet", VAR_HOST | VAR_MULTIPLE | VAR_SAFE},
101 {"TCPOnly", VAR_SERVER | VAR_HOST},
102 {"Weight", VAR_HOST | VAR_SAFE},
106 static char *get_line(const char **data) {
115 static char line[1024];
116 const char *end = strchr(*data, '\n');
117 size_t len = end ? end - *data : strlen(*data);
118 if(len >= sizeof line) {
119 fprintf(stderr, "Maximum line length exceeded!\n");
122 if(len && !isprint(**data))
125 memcpy(line, *data, len);
136 static char *get_value(const char *data, const char *var) {
137 char *line = get_line(&data);
141 char *sep = line + strcspn(line, " \t=");
142 char *val = sep + strspn(sep, " \t");
144 val += 1 + strspn(val + 1, " \t");
146 if(strcasecmp(line, var))
150 static FILE *fopenmask(const char *filename, const char *mode, mode_t perms) {
151 mode_t mask = umask(0);
154 FILE *f = fopen(filename, mode);
156 if((perms & 0444) && f)
157 fchmod(fileno(f), perms);
163 static bool finalize_join(meshlink_handle_t *mesh) {
164 char *name = xstrdup(get_value(mesh->data, "Name"));
166 fprintf(stderr, "No Name found in invitation!\n");
170 if(!check_id(name)) {
171 fprintf(stderr, "Invalid Name found in invitation: %s!\n", name);
175 if(mkdir(mesh->confbase, 0777) && errno != EEXIST) {
176 fprintf(stderr, "Could not create directory %s: %s\n", mesh->confbase, strerror(errno));
180 if(mkdir(mesh->hosts_dir, 0777) && errno != EEXIST) {
181 fprintf(stderr, "Could not create directory %s: %s\n", mesh->hosts_dir, strerror(errno));
185 FILE *f = fopen(mesh->meshlink_conf, "w");
187 fprintf(stderr, "Could not create file %s: %s\n", mesh->meshlink_conf, strerror(errno));
191 fprintf(f, "Name = %s\n", name);
193 char filename[PATH_MAX];
194 snprintf(filename,PATH_MAX, "%s" SLASH "%s", mesh->hosts_dir, name);
195 FILE *fh = fopen(filename, "w");
197 fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno));
201 // Filter first chunk on approved keywords, split between tinc.conf and hosts/Name
202 // Other chunks go unfiltered to their respective host config files
203 const char *p = mesh->data;
206 while((l = get_line(&p))) {
211 // Split line into variable and value
212 int len = strcspn(l, "\t =");
214 value += strspn(value, "\t ");
217 value += strspn(value, "\t ");
222 if(!strcasecmp(l, "Name"))
223 if(strcmp(value, name))
227 else if(!strcasecmp(l, "NetName"))
230 // Check the list of known variables //TODO: most variables will not be available in meshlink, only name and key will be absolutely necessary
233 for(i = 0; variables[i].name; i++) {
234 if(strcasecmp(l, variables[i].name))
240 // Ignore unknown and unsafe variables
242 fprintf(stderr, "Ignoring unknown variable '%s' in invitation.\n", l);
244 } else if(!(variables[i].type & VAR_SAFE)) {
245 fprintf(stderr, "Ignoring unsafe variable '%s' in invitation.\n", l);
249 // Copy the safe variable to the right config file
250 fprintf(variables[i].type & VAR_HOST ? fh : f, "%s = %s\n", l, value);
255 while(l && !strcasecmp(l, "Name")) {
256 if(!check_id(value)) {
257 fprintf(stderr, "Invalid Name found in invitation.\n");
261 if(!strcmp(value, name)) {
262 fprintf(stderr, "Secondary chunk would overwrite our own host config file.\n");
266 snprintf(filename,PATH_MAX, "%s" SLASH "%s", mesh->hosts_dir, value);
267 f = fopen(filename, "w");
270 fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno));
274 while((l = get_line(&p))) {
275 if(!strcmp(l, "#---------------------------------------------------------------#"))
277 int len = strcspn(l, "\t =");
278 if(len == 4 && !strncasecmp(l, "Name", 4)) {
280 value += strspn(value, "\t ");
283 value += strspn(value, "\t ");
296 // Generate our key and send a copy to the server
297 ecdsa_t *key = ecdsa_generate();
301 char *b64key = ecdsa_get_base64_public_key(key);
305 snprintf(filename,PATH_MAX, "%s" SLASH "ecdsa_key.priv", mesh->confbase);
306 f = fopenmask(filename, "w", 0600);
308 if(!ecdsa_write_pem_private_key(key, f)) {
309 fprintf(stderr, "Error writing private key!\n");
317 fprintf(fh, "ECDSAPublicKey = %s\n", b64key);
319 sptps_send_record(&(mesh->sptps), 1, b64key, strlen(b64key));
326 fprintf(stderr, "Configuration stored in: %s\n", mesh->confbase);
331 static bool invitation_send(void *handle, uint8_t type, const char *data, size_t len) {
332 meshlink_handle_t* mesh = handle;
334 int result = send(mesh->sock, data, len, 0);
335 if(result == -1 && errno == EINTR)
345 static bool invitation_receive(void *handle, uint8_t type, const char *msg, uint16_t len) {
346 meshlink_handle_t* mesh = handle;
348 case SPTPS_HANDSHAKE:
349 return sptps_send_record(&(mesh->sptps), 0, mesh->cookie, sizeof mesh->cookie);
352 mesh->data = xrealloc(mesh->data, mesh->thedatalen + len + 1);
353 memcpy(mesh->data + mesh->thedatalen, msg, len);
354 mesh->thedatalen += len;
355 mesh->data[mesh->thedatalen] = 0;
359 return finalize_join(mesh);
362 fprintf(stderr, "Invitation succesfully accepted.\n");
363 shutdown(mesh->sock, SHUT_RDWR);
364 mesh->success = true;
374 static bool recvline(meshlink_handle_t* mesh, size_t len) {
375 char *newline = NULL;
380 while(!(newline = memchr(mesh->buffer, '\n', mesh->blen))) {
381 int result = recv(mesh->sock, mesh->buffer + mesh->blen, sizeof mesh->buffer - mesh->blen, 0);
382 if(result == -1 && errno == EINTR)
386 mesh->blen += result;
389 if(newline - mesh->buffer >= len)
392 len = newline - mesh->buffer;
394 memcpy(mesh->line, mesh->buffer, len);
396 memmove(mesh->buffer, newline + 1, mesh->blen - len - 1);
397 mesh->blen -= len + 1;
401 static bool sendline(int fd, char *format, ...) {
402 static char buffer[4096];
407 va_start(ap, format);
408 blen = vsnprintf(buffer, sizeof buffer, format, ap);
411 if(blen < 1 || blen >= sizeof buffer)
418 int result = send(fd, p, blen, MSG_NOSIGNAL);
419 if(result == -1 && errno == EINTR)
429 int rstrip(char *value) {
430 int len = strlen(value);
431 while(len && strchr("\t\r\n ", value[len - 1]))
437 static const char *errstr[] = {
438 [MESHLINK_OK] = "No error",
439 [MESHLINK_ENOMEM] = "Out of memory",
440 [MESHLINK_ENOENT] = "No such node",
443 const char *meshlink_strerror(meshlink_errno_t errno) {
444 return errstr[errno];
447 static bool ecdsa_keygen(meshlink_handle_t *mesh) {
450 char pubname[PATH_MAX], privname[PATH_MAX];
452 fprintf(stderr, "Generating ECDSA keypair:\n");
454 if(!(key = ecdsa_generate())) {
455 fprintf(stderr, "Error during key generation!\n");
458 fprintf(stderr, "Done.\n");
460 snprintf(privname, sizeof privname, "%s" SLASH "ecdsa_key.priv", mesh->confbase);
461 f = fopen(privname, "w");
467 fchmod(fileno(f), 0600);
470 if(!ecdsa_write_pem_private_key(key, f)) {
471 fprintf(stderr, "Error writing private key!\n");
480 snprintf(pubname, sizeof pubname, "%s" SLASH "hosts" SLASH "%s", mesh->confbase, mesh->name);
481 f = fopen(pubname, "a");
486 char *pubkey = ecdsa_get_base64_public_key(key);
487 fprintf(f, "ECDSAPublicKey = %s\n", pubkey);
496 static bool try_bind(int port) {
497 struct addrinfo *ai = NULL;
498 struct addrinfo hint = {
499 .ai_flags = AI_PASSIVE,
500 .ai_family = AF_UNSPEC,
501 .ai_socktype = SOCK_STREAM,
502 .ai_protocol = IPPROTO_TCP,
506 snprintf(portstr, sizeof portstr, "%d", port);
508 if(getaddrinfo(NULL, portstr, &hint, &ai) || !ai)
512 int fd = socket(ai->ai_family, SOCK_STREAM, IPPROTO_TCP);
515 int result = bind(fd, ai->ai_addr, ai->ai_addrlen);
525 int check_port(meshlink_handle_t *mesh) {
529 fprintf(stderr, "Warning: could not bind to port 655.\n");
531 for(int i = 0; i < 100; i++) {
532 int port = 0x1000 + (rand() & 0x7fff);
534 char filename[PATH_MAX];
535 snprintf(filename, sizeof filename, "%s" SLASH "hosts" SLASH "%s", mesh->confbase, mesh->name);
536 FILE *f = fopen(filename, "a");
538 fprintf(stderr, "Please change MeshLink's Port manually.\n");
542 fprintf(f, "Port = %d\n", port);
544 fprintf(stderr, "MeshLink will instead listen on port %d.\n", port);
549 fprintf(stderr, "Please change MeshLink's Port manually.\n");
553 static bool meshlink_setup(meshlink_handle_t *mesh) {
555 if(mkdir(mesh->confbase, 0777) && errno != EEXIST) {
556 fprintf(stderr, "Could not create directory %s: %s\n", mesh->confbase, strerror(errno));
560 snprintf(mesh->hosts_dir, sizeof mesh->hosts_dir, "%s" SLASH "hosts", mesh->confbase);
562 if(mkdir(mesh->hosts_dir, 0777) && errno != EEXIST) {
563 fprintf(stderr, "Could not create directory %s: %s\n", mesh->hosts_dir, strerror(errno));
567 snprintf(mesh->meshlink_conf, sizeof mesh->meshlink_conf, "%s" SLASH "meshlink.conf", mesh->confbase);
569 if(!access(mesh->meshlink_conf, F_OK)) {
570 fprintf(stderr, "Configuration file %s already exists!\n", mesh->meshlink_conf);
574 FILE *f = fopen(mesh->meshlink_conf, "w");
576 fprintf(stderr, "Could not create file %s: %s\n", mesh->meshlink_conf, strerror(errno));
580 fprintf(f, "Name = %s\n", mesh->name);
583 if(!ecdsa_keygen(mesh))
591 meshlink_handle_t *meshlink_open(const char *confbase, const char *name) {
592 // Validate arguments provided by the application
594 if(!confbase || !*confbase) {
595 fprintf(stderr, "No confbase given!\n");
599 if(!name || !*name) {
600 fprintf(stderr, "No name given!\n");
604 if(!check_id(name)) {
605 fprintf(stderr, "Invalid name given!\n");
609 meshlink_handle_t *mesh = xzalloc(sizeof *mesh);
610 mesh->confbase = xstrdup(confbase);
611 mesh->name = xstrdup(name);
612 event_loop_init(&mesh->loop);
613 mesh->loop.data = mesh;
615 // TODO: should be set by a function.
616 mesh->debug_level = 5;
618 // Check whether meshlink.conf already exists
620 char filename[PATH_MAX];
621 snprintf(filename, sizeof filename, "%s" SLASH "meshlink.conf", confbase);
623 if(access(filename, R_OK)) {
624 if(errno == ENOENT) {
626 meshlink_setup(mesh);
628 fprintf(stderr, "Cannot not read from %s: %s\n", filename, strerror(errno));
629 return meshlink_close(mesh), NULL;
633 // Read the configuration
635 init_configuration(&mesh->config);
637 if(!read_server_config(mesh))
638 return meshlink_close(mesh), NULL;
640 // Setup up everything
641 // TODO: we should not open listening sockets yet
643 if(!setup_network(mesh))
644 return meshlink_close(mesh), NULL;
649 void *meshlink_main_loop(void *arg) {
650 meshlink_handle_t *mesh = arg;
652 try_outgoing_connections(mesh);
659 bool meshlink_start(meshlink_handle_t *mesh) {
660 // TODO: open listening sockets first
662 // Start the main thread
664 if(pthread_create(&mesh->thread, NULL, meshlink_main_loop, mesh) != 0) {
665 fprintf(stderr, "Could not start thread: %s\n", strerror(errno));
666 memset(&mesh->thread, 0, sizeof mesh->thread);
673 void meshlink_stop(meshlink_handle_t *mesh) {
674 // TODO: close the listening sockets to signal the main thread to shut down
676 // Wait for the main thread to finish
678 pthread_join(mesh->thread, NULL);
681 void meshlink_close(meshlink_handle_t *mesh) {
682 // Close and free all resources used.
684 close_network_connections(mesh);
686 logger(DEBUG_ALWAYS, LOG_NOTICE, "Terminating");
688 exit_configuration(&mesh->config);
689 event_loop_exit(&mesh->loop);
692 void meshlink_set_receive_cb(meshlink_handle_t *mesh, meshlink_receive_cb_t cb) {
693 mesh->receive_cb = cb;
696 void meshlink_set_node_status_cb(meshlink_handle_t *mesh, meshlink_node_status_cb_t cb) {
697 mesh->node_status_cb = cb;
700 void meshlink_set_log_cb(meshlink_handle_t *mesh, meshlink_log_level_t level, meshlink_log_cb_t cb) {
702 mesh->log_level = level;
705 bool meshlink_send(meshlink_handle_t *mesh, meshlink_node_t *destination, const void *data, unsigned int len) {
707 meshlink_packethdr_t *hdr = (meshlink_packethdr_t *)packet.data;
708 if (sizeof(meshlink_packethdr_t) + len > MAXSIZE) {
713 packet.probe = false;
714 memset(hdr, 0, sizeof *hdr);
715 memcpy(hdr->destination, destination->name, sizeof hdr->destination);
716 memcpy(hdr->source, mesh->self->name, sizeof hdr->source);
718 packet.len = sizeof *hdr + len;
719 memcpy(packet.data + sizeof *hdr, data, len);
721 mesh->self->in_packets++;
722 mesh->self->in_bytes += packet.len;
723 route(mesh, mesh->self, &packet);
727 meshlink_node_t *meshlink_get_node(meshlink_handle_t *mesh, const char *name) {
728 return (meshlink_node_t *)lookup_node(mesh, name);
732 size_t meshlink_get_all_nodes(meshlink_handle_t *mesh, meshlink_node_t **nodes, size_t nmemb) {
736 char *meshlink_sign(meshlink_handle_t *mesh, const char *data, size_t len) {
740 bool meshlink_verify(meshlink_handle_t *mesh, meshlink_node_t *source, const char *data, size_t len, const char *signature) {
744 char *meshlink_invite(meshlink_handle_t *mesh, const char *name) {
748 bool meshlink_join(meshlink_handle_t *mesh, const char *invitation) {
751 // Make sure confbase exists and is accessible.
752 if(mkdir(mesh->confbase, 0777) && errno != EEXIST) {
753 fprintf(stderr, "Could not create directory %s: %s\n", mesh->confbase, strerror(errno));
757 if(access(mesh->confbase, R_OK | W_OK | X_OK)) {
758 fprintf(stderr, "No permission to write in directory %s: %s\n", mesh->confbase, strerror(errno));
762 // TODO: Either remove or reintroduce netname in meshlink
763 // If a netname or explicit configuration directory is specified, check for an existing meshlink.conf.
764 //if((mesh->netname || confbasegiven) && !access(meshlink_conf, F_OK)) {
765 // fprintf(stderr, "Configuration file %s already exists!\n", meshlink_conf);
769 char *slash = strchr(invitation, '/');
775 if(strlen(slash) != 48)
778 char *address = invitation;
780 if(*address == '[') {
782 char *bracket = strchr(address, ']');
786 if(bracket[1] == ':')
789 port = strchr(address, ':');
794 if(!mesh->myport || !*port)
797 if(!b64decode(slash, mesh->hash, 18) || !b64decode(slash + 24, mesh->cookie, 18))
800 // Generate a throw-away key for the invitation.
801 ecdsa_t *key = ecdsa_generate();
805 char *b64key = ecdsa_get_base64_public_key(key);
807 // Connect to the meshlink daemon mentioned in the URL.
808 struct addrinfo *ai = str2addrinfo(address, port, SOCK_STREAM);
812 mesh->sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
813 if(mesh->sock <= 0) {
814 fprintf(stderr, "Could not open socket: %s\n", strerror(errno));
818 if(connect(mesh->sock, ai->ai_addr, ai->ai_addrlen)) {
819 fprintf(stderr, "Could not connect to %s port %s: %s\n", address, port, strerror(errno));
820 closesocket(mesh->sock);
824 fprintf(stderr, "Connected to %s port %s...\n", address, port);
826 // Tell him we have an invitation, and give him our throw-away key.
827 int len = snprintf(invitation, sizeof invitation, "0 ?%s %d.%d\n", b64key, PROT_MAJOR, PROT_MINOR);
828 if(len <= 0 || len >= sizeof invitation)
831 if(!sendline(mesh->sock, "0 ?%s %d.%d", b64key, PROT_MAJOR, 1)) {
832 fprintf(stderr, "Error sending request to %s port %s: %s\n", address, port, strerror(errno));
833 closesocket(mesh->sock);
837 char hisname[4096] = "";
838 int code, hismajor, hisminor = 0;
840 if(!recvline(mesh, sizeof mesh->line) || sscanf(mesh->line, "%d %s %d.%d", &code, hisname, &hismajor, &hisminor) < 3 || code != 0 || hismajor != PROT_MAJOR || !check_id(hisname) || !recvline(mesh, sizeof mesh->line) || !rstrip(mesh->line) || sscanf(mesh->line, "%d ", &code) != 1 || code != ACK || strlen(mesh->line) < 3) {
841 fprintf(stderr, "Cannot read greeting from peer\n");
842 closesocket(mesh->sock);
846 // Check if the hash of the key he gave us matches the hash in the URL.
847 char *fingerprint = mesh->line + 2;
849 if(!sha512(fingerprint, strlen(fingerprint), hishash)) {
850 fprintf(stderr, "Could not create hash\n%s\n", mesh->line + 2);
853 if(memcmp(hishash, mesh->hash, 18)) {
854 fprintf(stderr, "Peer has an invalid key!\n%s\n", mesh->line + 2);
859 ecdsa_t *hiskey = ecdsa_set_base64_public_key(fingerprint);
863 // Start an SPTPS session
864 if(!sptps_start(&mesh->sptps, mesh, true, false, key, hiskey, "meshlink invitation", 15, invitation_send, invitation_receive))
867 // Feed rest of input buffer to SPTPS
868 if(!sptps_receive_data(&mesh->sptps, mesh->buffer, mesh->blen))
871 while((len = recv(mesh->sock, mesh->line, sizeof mesh->line, 0))) {
875 fprintf(stderr, "Error reading data from %s port %s: %s\n", address, port, strerror(errno));
879 if(!sptps_receive_data(&mesh->sptps, mesh->line, len))
883 sptps_stop(&mesh->sptps);
886 closesocket(mesh->sock);
889 fprintf(stderr, "Connection closed by peer, invitation cancelled.\n");
896 fprintf(stderr, "Invalid invitation URL.\n");
900 char *meshlink_export(meshlink_handle_t *mesh) {
904 bool meshlink_import(meshlink_handle_t *mesh, const char *data) {
908 void meshlink_blacklist(meshlink_handle_t *mesh, meshlink_node_t *node) {
911 static void __attribute__((constructor)) meshlink_init(void) {
915 static void __attribute__((destructor)) meshlink_exit(void) {
projects / meshlink / blob