2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 2014-2017 Guus Sliepen <guus@meshlink.io>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include "connection.h"
27 #include "meshlink_internal.h"
37 static void send_udppacket(meshlink_handle_t *mesh, node_t *, vpn_packet_t *);
39 #define MAX_SEQNO 1073741824
41 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
42 mtuprobes == 31: sleep pinginterval seconds
43 mtuprobes == 32: send 1 burst, sleep pingtimeout second
44 mtuprobes == 33: no response from other side, restart PMTU discovery process
46 Probes are sent in batches of at least three, with random sizes between the
47 lower and upper boundaries for the MTU thus far discovered.
49 After the initial discovery, a fourth packet is added to each batch with a
50 size larger than the currently known PMTU, to test if the PMTU has increased.
52 In case local discovery is enabled, another packet is added to each batch,
53 which will be broadcast to the local network.
57 static void send_mtu_probe_handler(event_loop_t *loop, void *data) {
58 meshlink_handle_t *mesh = loop->data;
64 if(!n->status.reachable || !n->status.validkey) {
65 logger(mesh, MESHLINK_INFO, "Trying to send MTU probe to unreachable or rekeying node %s", n->name);
70 if(n->mtuprobes > 32) {
73 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
77 logger(mesh, MESHLINK_INFO, "%s did not respond to UDP ping, restarting PMTU discovery", n->name);
78 n->status.udp_confirmed = false;
83 update_node_pmtu(mesh, n);
86 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
87 logger(mesh, MESHLINK_INFO, "No response to MTU probes from %s", n->name);
91 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
92 if(n->minmtu > n->maxmtu) {
93 n->minmtu = n->maxmtu;
94 update_node_pmtu(mesh, n);
96 n->maxmtu = n->minmtu;
100 logger(mesh, MESHLINK_INFO, "Fixing MTU of %s to %d after %d probes", n->name, n->mtu, n->mtuprobes);
104 if(n->mtuprobes == 31) {
105 if(!n->minmtu && n->status.want_udp) {
106 /* Send a dummy ANS_KEY to try to update the reflexive UDP address */
107 send_request(mesh, n->nexthop->connection, NULL, "%d %s %s . -1 -1 -1 0", ANS_KEY, mesh->self->name, n->name);
108 n->status.want_udp = false;
111 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
113 } else if(n->mtuprobes == 32) {
114 timeout = mesh->dev_class_traits[n->devclass].pingtimeout;
117 for(int i = 0; i < 5; i++) {
121 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU) {
126 } else if(n->maxmtu <= n->minmtu) {
129 len = n->minmtu + 1 + prng(mesh, n->maxmtu - n->minmtu);
138 memset(packet.data, 0, 14);
139 randomize(packet.data + 14, len - 14);
141 n->status.broadcast = i >= 4 && n->mtuprobes <= 10 && n->prevedge;
143 logger(mesh, MESHLINK_DEBUG, "Sending MTU probe length %d to %s", len, n->name);
145 send_udppacket(mesh, n, &packet);
148 n->status.broadcast = false;
151 timeout_set(&mesh->loop, &n->mtutimeout, &(struct timeval) {
152 timeout, prng(mesh, TIMER_FUDGE)
156 void send_mtu_probe(meshlink_handle_t *mesh, node_t *n) {
157 timeout_add(&mesh->loop, &n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval) {
160 send_mtu_probe_handler(&mesh->loop, n);
163 static void mtu_probe_h(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet, uint16_t len) {
165 logger(mesh, MESHLINK_WARNING, "Got too short MTU probe length %d from %s", packet->len, n->name);
169 logger(mesh, MESHLINK_DEBUG, "Got MTU probe length %d from %s", packet->len, n->name);
171 if(!packet->data[0]) {
172 /* It's a probe request, send back a reply */
176 /* Temporarily set udp_confirmed, so that the reply is sent
177 back exactly the way it came in. */
179 bool udp_confirmed = n->status.udp_confirmed;
180 n->status.udp_confirmed = true;
181 send_udppacket(mesh, n, packet);
182 n->status.udp_confirmed = udp_confirmed;
184 /* It's a valid reply: now we know bidirectional communication
185 is possible using the address and socket that the reply
188 n->status.udp_confirmed = true;
190 /* If we haven't established the PMTU yet, restart the discovery process. */
192 if(n->mtuprobes > 30) {
193 if(len == n->maxmtu + 8) {
194 logger(mesh, MESHLINK_INFO, "Increase in PMTU to %s detected, restarting PMTU discovery", n->name);
207 /* If applicable, raise the minimum supported MTU */
209 if(len > n->maxmtu) {
213 if(n->minmtu < len) {
215 update_node_pmtu(mesh, n);
222 static void receive_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
223 logger(mesh, MESHLINK_DEBUG, "Received packet of %d bytes from %s", packet->len, n->name);
225 if(n->status.blacklisted) {
226 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
229 n->in_bytes += packet->len;
231 route(mesh, n, packet);
235 static bool try_mac(meshlink_handle_t *mesh, node_t *n, const vpn_packet_t *inpkt) {
237 return sptps_verify_datagram(&n->sptps, inpkt->data, inpkt->len);
240 static void receive_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *inpkt) {
241 if(!n->sptps.state) {
242 if(!n->status.waitingforkey) {
243 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but we haven't exchanged keys yet", n->name);
244 send_req_key(mesh, n);
246 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but he hasn't got our key yet", n->name);
252 sptps_receive_data(&n->sptps, inpkt->data, inpkt->len);
255 static void send_sptps_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
256 if(!n->status.validkey) {
257 logger(mesh, MESHLINK_INFO, "No valid key known yet for %s", n->name);
259 if(!n->status.waitingforkey) {
260 send_req_key(mesh, n);
261 } else if(n->last_req_key + 10 < mesh->loop.now.tv_sec) {
262 logger(mesh, MESHLINK_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
263 sptps_stop(&n->sptps);
264 n->status.waitingforkey = false;
265 send_req_key(mesh, n);
273 // If it's a probe, send it immediately without trying to compress it.
275 sptps_send_record(&n->sptps, PKT_PROBE, origpkt->data, origpkt->len);
279 sptps_send_record(&n->sptps, type, origpkt->data, origpkt->len);
283 static void choose_udp_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
288 /* If the UDP address is confirmed, use it. */
289 if(n->status.udp_confirmed) {
293 /* Send every third packet to n->address; that could be set
294 to the node's reflexive UDP address discovered during key
297 if(++mesh->udp_choice >= 3) {
298 mesh->udp_choice = 0;
302 /* Otherwise, address are found in edges to this node.
303 So we pick a random edge and a random socket. */
306 int j = prng(mesh, n->edge_tree->count);
307 edge_t *candidate = NULL;
309 for splay_each(edge_t, e, n->edge_tree) {
311 candidate = e->reverse;
317 *sa = &candidate->address;
318 *sock = prng(mesh, mesh->listen_sockets);
321 /* Make sure we have a suitable socket for the chosen address */
322 if(mesh->listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
323 for(int i = 0; i < mesh->listen_sockets; i++) {
324 if(mesh->listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
332 static void choose_broadcast_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
333 *sock = prng(mesh, mesh->listen_sockets);
334 sockaddr_t *broadcast_sa = &mesh->listen_socket[*sock].broadcast_sa;
336 if(broadcast_sa->sa.sa_family == AF_INET6) {
337 broadcast_sa->in6.sin6_port = n->prevedge->address.in.sin_port;
339 broadcast_sa->in.sin_port = n->prevedge->address.in.sin_port;
345 static void send_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
346 if(!n->status.reachable) {
347 logger(mesh, MESHLINK_INFO, "Trying to send UDP packet to unreachable node %s", n->name);
351 send_sptps_packet(mesh, n, origpkt);
354 bool send_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
360 meshlink_handle_t *mesh = to->mesh;
362 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
364 if(type >= SPTPS_HANDSHAKE || (type != PKT_PROBE && len > to->minmtu)) {
365 char buf[len * 4 / 3 + 5];
366 b64encode(data, buf, len);
368 /* If no valid key is known yet, send the packets using ANS_KEY requests,
369 to ensure we get to learn the reflexive UDP address. */
370 if(!to->status.validkey) {
371 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, mesh->self->name, to->name, buf, 0);
373 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %d %s", REQ_KEY, mesh->self->name, to->name, REQ_SPTPS, buf);
377 /* Otherwise, send the packet via UDP */
379 const sockaddr_t *sa;
382 if(to->status.broadcast) {
383 choose_broadcast_address(mesh, to, &sa, &sock);
385 choose_udp_address(mesh, to, &sa, &sock);
388 if(sendto(mesh->listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
389 if(sockmsgsize(sockerrno)) {
390 if(to->maxmtu >= len) {
391 to->maxmtu = len - 1;
398 logger(mesh, MESHLINK_WARNING, "Error sending UDP SPTPS packet to %s: %s", to->name, sockstrerror(sockerrno));
406 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
408 assert(!data || len);
410 node_t *from = handle;
411 meshlink_handle_t *mesh = from->mesh;
413 if(type == SPTPS_HANDSHAKE) {
414 if(!from->status.validkey) {
415 logger(mesh, MESHLINK_INFO, "SPTPS key exchange with %s successful", from->name);
416 from->status.validkey = true;
417 from->status.waitingforkey = false;
420 utcp_reset_timers(from->utcp);
428 logger(mesh, MESHLINK_ERROR, "Packet from %s larger than maximum supported size (%d > %d)", from->name, len, MTU);
434 if(type == PKT_PROBE) {
437 memcpy(inpkt.data, data, len);
438 mtu_probe_h(mesh, from, &inpkt, len);
444 if(type & ~(PKT_COMPRESSED)) {
445 logger(mesh, MESHLINK_ERROR, "Unexpected SPTPS record type %d len %d from %s", type, len, from->name);
449 if(type & PKT_COMPRESSED) {
450 logger(mesh, MESHLINK_ERROR, "Error while decompressing packet from %s", from->name);
454 memcpy(inpkt.data, data, len); // TODO: get rid of memcpy
457 receive_packet(mesh, from, &inpkt);
462 send a packet to the given vpn ip.
464 void send_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
465 if(n == mesh->self) {
467 n->out_bytes += packet->len;
468 // TODO: send to application
472 logger(mesh, MESHLINK_DEBUG, "Sending packet of %d bytes to %s", packet->len, n->name);
474 if(!n->status.reachable) {
475 logger(mesh, MESHLINK_WARNING, "Node %s is not reachable", n->name);
480 n->out_bytes += packet->len;
481 n->status.want_udp = true;
483 send_sptps_packet(mesh, n, packet);
487 static node_t *try_harder(meshlink_handle_t *mesh, const sockaddr_t *from, const vpn_packet_t *pkt) {
491 for splay_each(edge_t, e, mesh->edges) {
492 if(!e->to->status.reachable || e->to == mesh->self) {
496 if(sockaddrcmp_noport(from, &e->address)) {
497 if(mesh->last_hard_try == mesh->loop.now.tv_sec) {
504 if(!try_mac(mesh, e->to, pkt)) {
513 mesh->last_hard_try = mesh->loop.now.tv_sec;
519 void handle_incoming_vpn_data(event_loop_t *loop, void *data, int flags) {
521 meshlink_handle_t *mesh = loop->data;
522 listen_socket_t *ls = data;
526 socklen_t fromlen = sizeof(from);
530 memset(&from, 0, sizeof(from));
532 len = recvfrom(ls->udp.fd, pkt.data, MAXSIZE, 0, &from.sa, &fromlen);
534 if(len <= 0 || len > MAXSIZE) {
535 if(!sockwouldblock(sockerrno)) {
536 logger(mesh, MESHLINK_ERROR, "Receiving packet failed: %s", sockstrerror(sockerrno));
544 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
546 n = lookup_node_udp(mesh, &from);
549 n = try_harder(mesh, &from, &pkt);
552 update_node_udp(mesh, n, &from);
553 } else if(mesh->log_level >= MESHLINK_WARNING) {
554 hostname = sockaddr2hostname(&from);
555 logger(mesh, MESHLINK_WARNING, "Received UDP packet from unknown source %s", hostname);
563 if(n->status.blacklisted) {
564 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
568 n->sock = ls - mesh->listen_socket;
570 receive_udppacket(mesh, n, &pkt);
projects / meshlink / blob