2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 2014-2017 Guus Sliepen <guus@meshlink.io>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include "connection.h"
27 #include "meshlink_internal.h"
37 static void send_udppacket(meshlink_handle_t *mesh, node_t *, vpn_packet_t *);
39 #define MAX_SEQNO 1073741824
41 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
42 mtuprobes == 31: sleep pinginterval seconds
43 mtuprobes == 32: send 1 burst, sleep pingtimeout second
44 mtuprobes == 33: no response from other side, restart PMTU discovery process
46 Probes are sent in batches of at least three, with random sizes between the
47 lower and upper boundaries for the MTU thus far discovered.
49 After the initial discovery, a fourth packet is added to each batch with a
50 size larger than the currently known PMTU, to test if the PMTU has increased.
52 In case local discovery is enabled, another packet is added to each batch,
53 which will be broadcast to the local network.
57 static void send_mtu_probe_handler(event_loop_t *loop, void *data) {
58 meshlink_handle_t *mesh = loop->data;
64 if(!n->status.reachable || !n->status.validkey) {
65 logger(mesh, MESHLINK_INFO, "Trying to send MTU probe to unreachable or rekeying node %s", n->name);
70 if(n->mtuprobes > 32) {
73 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
77 logger(mesh, MESHLINK_INFO, "%s did not respond to UDP ping, restarting PMTU discovery", n->name);
78 n->status.udp_confirmed = false;
83 update_node_pmtu(mesh, n);
86 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
87 logger(mesh, MESHLINK_INFO, "No response to MTU probes from %s", n->name);
91 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
92 if(n->minmtu > n->maxmtu) {
93 n->minmtu = n->maxmtu;
94 update_node_pmtu(mesh, n);
96 n->maxmtu = n->minmtu;
100 logger(mesh, MESHLINK_INFO, "Fixing MTU of %s to %d after %d probes", n->name, n->mtu, n->mtuprobes);
104 if(n->mtuprobes == 31) {
105 if(!n->minmtu && n->status.want_udp) {
106 /* Send a dummy ANS_KEY to try to update the reflexive UDP address */
107 send_request(mesh, n->nexthop->connection, NULL, "%d %s %s . -1 -1 -1 0", ANS_KEY, mesh->self->name, n->name);
108 n->status.want_udp = false;
111 timeout = mesh->dev_class_traits[n->devclass].pinginterval;
113 } else if(n->mtuprobes == 32) {
114 timeout = mesh->dev_class_traits[n->devclass].pingtimeout;
117 for(int i = 0; i < 5; i++) {
121 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU) {
126 } else if(n->maxmtu <= n->minmtu) {
129 len = n->minmtu + 1 + prng(mesh, n->maxmtu - n->minmtu);
138 memset(packet.data, 0, 14);
139 randomize(packet.data + 14, len - 14);
141 n->status.broadcast = i >= 4 && n->mtuprobes <= 10 && n->prevedge;
143 logger(mesh, MESHLINK_DEBUG, "Sending MTU probe length %d to %s", len, n->name);
145 send_udppacket(mesh, n, &packet);
148 n->status.broadcast = false;
151 timeout_set(&mesh->loop, &n->mtutimeout, &(struct timespec) {
152 timeout, prng(mesh, TIMER_FUDGE)
156 void send_mtu_probe(meshlink_handle_t *mesh, node_t *n) {
157 timeout_add(&mesh->loop, &n->mtutimeout, send_mtu_probe_handler, n, &(struct timespec) {
160 send_mtu_probe_handler(&mesh->loop, n);
163 static void mtu_probe_h(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet, uint16_t len) {
165 logger(mesh, MESHLINK_WARNING, "Got too short MTU probe length %d from %s", packet->len, n->name);
169 logger(mesh, MESHLINK_DEBUG, "Got MTU probe length %d from %s", packet->len, n->name);
171 if(!packet->data[0]) {
172 /* It's a probe request, send back a reply */
176 /* Temporarily set udp_confirmed, so that the reply is sent
177 back exactly the way it came in. */
179 bool udp_confirmed = n->status.udp_confirmed;
180 n->status.udp_confirmed = true;
181 send_udppacket(mesh, n, packet);
182 n->status.udp_confirmed = udp_confirmed;
184 /* It's a valid reply: now we know bidirectional communication
185 is possible using the address and socket that the reply
188 if(!n->status.udp_confirmed) {
189 char *address, *port;
190 sockaddr2str(&n->address, &address, &port);
191 send_request(mesh, n->nexthop->connection, NULL, "%d %s %s . -1 -1 -1 0 %s %s", ANS_KEY, n->name, n->name, address, port);
194 n->status.udp_confirmed = true;
197 /* If we haven't established the PMTU yet, restart the discovery process. */
199 if(n->mtuprobes > 30) {
200 if(len == n->maxmtu + 8) {
201 logger(mesh, MESHLINK_INFO, "Increase in PMTU to %s detected, restarting PMTU discovery", n->name);
214 /* If applicable, raise the minimum supported MTU */
216 if(len > n->maxmtu) {
220 if(n->minmtu < len) {
222 update_node_pmtu(mesh, n);
233 struct mmsghdr hdrs[MAX_MMSG];
234 struct iovec iovs[MAX_MMSG];
235 sockaddr_t addrs[MAX_MMSG];
236 vpn_packet_t pkts[MAX_MMSG];
239 static void init_mmsg_array(struct mmsgs *mmsgs) {
240 for(int i = 0; i < MAX_MMSG; i++) {
241 mmsgs->hdrs[i].msg_hdr.msg_name = &mmsgs->addrs[i];
242 mmsgs->hdrs[i].msg_hdr.msg_namelen = sizeof(mmsgs->addrs[i]);
243 mmsgs->hdrs[i].msg_hdr.msg_iov = &mmsgs->iovs[i];
244 mmsgs->hdrs[i].msg_hdr.msg_iovlen = 1;
245 mmsgs->iovs[i].iov_base = mmsgs->pkts[i].data;
246 mmsgs->iovs[i].iov_len = MAXSIZE;
250 void init_mmsg(meshlink_handle_t *mesh) {
251 mesh->in_mmsgs = xzalloc(sizeof(*mesh->in_mmsgs));
252 mesh->out_mmsgs = xzalloc(sizeof(*mesh->out_mmsgs));
254 init_mmsg_array(mesh->in_mmsgs);
255 init_mmsg_array(mesh->out_mmsgs);
259 void exit_mmsg(meshlink_handle_t *mesh) {
260 free(mesh->out_mmsgs);
261 free(mesh->in_mmsgs);
263 mesh->out_mmsgs = NULL;
264 mesh->in_mmsgs = NULL;
268 static void receive_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
269 logger(mesh, MESHLINK_DEBUG, "Received packet of %d bytes from %s", packet->len, n->name);
271 if(n->status.blacklisted) {
272 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
275 n->in_bytes += packet->len;
277 route(mesh, n, packet);
281 static bool try_mac(meshlink_handle_t *mesh, node_t *n, const vpn_packet_t *inpkt) {
283 return sptps_verify_datagram(&n->sptps, inpkt->data, inpkt->len);
286 static void receive_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *inpkt) {
287 if(!n->sptps.state) {
288 if(!n->status.waitingforkey) {
289 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but we haven't exchanged keys yet", n->name);
290 send_req_key(mesh, n);
292 logger(mesh, MESHLINK_DEBUG, "Got packet from %s but he hasn't got our key yet", n->name);
298 if(!sptps_receive_data(&n->sptps, inpkt->data, inpkt->len)) {
299 logger(mesh, MESHLINK_ERROR, "Could not process SPTPS data from %s: %s", n->name, strerror(errno));
303 static void send_sptps_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
304 if(!n->status.validkey) {
305 logger(mesh, MESHLINK_INFO, "No valid key known yet for %s", n->name);
307 if(!n->status.waitingforkey) {
308 send_req_key(mesh, n);
309 } else if(n->last_req_key + 10 < mesh->loop.now.tv_sec) {
310 logger(mesh, MESHLINK_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
311 sptps_stop(&n->sptps);
312 n->status.waitingforkey = false;
313 send_req_key(mesh, n);
321 // If it's a probe, send it immediately without trying to compress it.
323 sptps_send_record(&n->sptps, PKT_PROBE, origpkt->data, origpkt->len);
327 sptps_send_record(&n->sptps, type, origpkt->data, origpkt->len);
331 static void choose_udp_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
336 /* If the UDP address is confirmed, use it. */
337 if(n->status.udp_confirmed) {
341 /* Send every third packet to n->address; that could be set
342 to the node's reflexive UDP address discovered during key
345 if(++mesh->udp_choice >= 3) {
346 mesh->udp_choice = 0;
350 /* If we have learned an address via Catta, try this once every batch */
351 if(mesh->udp_choice == 1 && n->catta_address.sa.sa_family != AF_UNSPEC) {
352 *sa = &n->catta_address;
356 /* Otherwise, address are found in edges to this node.
357 So we pick a random edge and a random socket. */
360 int j = prng(mesh, n->edge_tree->count);
361 edge_t *candidate = NULL;
363 for splay_each(edge_t, e, n->edge_tree) {
365 candidate = e->reverse;
371 *sa = &candidate->address;
372 *sock = prng(mesh, mesh->listen_sockets);
377 /* Make sure we have a suitable socket for the chosen address */
378 if(mesh->listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
379 for(int i = 0; i < mesh->listen_sockets; i++) {
380 if(mesh->listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
388 static void choose_broadcast_address(meshlink_handle_t *mesh, const node_t *n, const sockaddr_t **sa, int *sock) {
389 *sock = prng(mesh, mesh->listen_sockets);
390 sockaddr_t *broadcast_sa = &mesh->listen_socket[*sock].broadcast_sa;
392 if(broadcast_sa->sa.sa_family == AF_INET6) {
393 broadcast_sa->in6.sin6_port = n->prevedge->address.in.sin_port;
395 broadcast_sa->in.sin_port = n->prevedge->address.in.sin_port;
401 static void send_udppacket(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *origpkt) {
402 if(!n->status.reachable) {
403 logger(mesh, MESHLINK_INFO, "Trying to send UDP packet to unreachable node %s", n->name);
407 send_sptps_packet(mesh, n, origpkt);
410 bool send_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
416 meshlink_handle_t *mesh = to->mesh;
418 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
420 if(type >= SPTPS_HANDSHAKE || (type != PKT_PROBE && (len - 21) > to->minmtu)) {
421 char buf[len * 4 / 3 + 5];
422 b64encode(data, buf, len);
424 /* If no valid key is known yet, send the packets using ANS_KEY requests,
425 to ensure we get to learn the reflexive UDP address. */
426 if(!to->status.validkey) {
427 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, mesh->self->name, to->name, buf, 0);
429 return send_request(mesh, to->nexthop->connection, NULL, "%d %s %s %d %s", REQ_KEY, mesh->self->name, to->name, REQ_SPTPS, buf);
433 /* Otherwise, send the packet via UDP */
435 const sockaddr_t *sa;
438 if(to->status.broadcast) {
439 choose_broadcast_address(mesh, to, &sa, &sock);
441 choose_udp_address(mesh, to, &sa, &sock);
444 if(sendto(mesh->listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
445 if(sockmsgsize(sockerrno)) {
446 if(to->maxmtu >= len) {
447 to->maxmtu = len - 1;
454 logger(mesh, MESHLINK_WARNING, "Error sending UDP SPTPS packet to %s: %s", to->name, sockstrerror(sockerrno));
462 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
464 assert(!data || len);
466 node_t *from = handle;
467 meshlink_handle_t *mesh = from->mesh;
469 if(type == SPTPS_HANDSHAKE) {
470 if(!from->status.validkey) {
471 logger(mesh, MESHLINK_INFO, "SPTPS key exchange with %s successful", from->name);
472 from->status.validkey = true;
473 from->status.waitingforkey = false;
476 utcp_reset_timers(from->utcp);
484 logger(mesh, MESHLINK_ERROR, "Packet from %s larger than maximum supported size (%d > %d)", from->name, len, MAXSIZE);
490 if(type == PKT_PROBE) {
493 memcpy(inpkt.data, data, len);
494 mtu_probe_h(mesh, from, &inpkt, len);
500 if(type & ~(PKT_COMPRESSED)) {
501 logger(mesh, MESHLINK_ERROR, "Unexpected SPTPS record type %d len %d from %s", type, len, from->name);
505 if(type & PKT_COMPRESSED) {
506 logger(mesh, MESHLINK_ERROR, "Error while decompressing packet from %s", from->name);
510 memcpy(inpkt.data, data, len); // TODO: get rid of memcpy
513 receive_packet(mesh, from, &inpkt);
518 send a packet to the given vpn ip.
520 void send_packet(meshlink_handle_t *mesh, node_t *n, vpn_packet_t *packet) {
521 if(n == mesh->self) {
523 n->out_bytes += packet->len;
524 // TODO: send to application
528 logger(mesh, MESHLINK_DEBUG, "Sending packet of %d bytes to %s", packet->len, n->name);
530 if(!n->status.reachable) {
531 logger(mesh, MESHLINK_WARNING, "Node %s is not reachable", n->name);
536 n->out_bytes += packet->len;
537 n->status.want_udp = true;
539 send_sptps_packet(mesh, n, packet);
543 static node_t *try_harder(meshlink_handle_t *mesh, const sockaddr_t *from, const vpn_packet_t *pkt) {
547 for splay_each(edge_t, e, mesh->edges) {
548 if(!e->to->status.reachable || e->to == mesh->self) {
552 if(sockaddrcmp_noport(from, &e->address)) {
553 if(mesh->last_hard_try == mesh->loop.now.tv_sec) {
560 if(!try_mac(mesh, e->to, pkt)) {
569 mesh->last_hard_try = mesh->loop.now.tv_sec;
575 static void handle_one_incoming(meshlink_handle_t *mesh, listen_socket_t *ls, vpn_packet_t *pkt, sockaddr_t *from) {
576 sockaddrunmap(from); /* Some braindead IPv6 implementations do stupid things. */
578 node_t *n = lookup_node_udp(mesh, from);
581 n = try_harder(mesh, from, pkt);
584 update_node_udp(mesh, n, from);
585 } else if(mesh->log_level <= MESHLINK_WARNING) {
586 char *hostname = sockaddr2hostname(from);
587 logger(mesh, MESHLINK_WARNING, "Received UDP packet from unknown source %s", hostname);
595 if(n->status.blacklisted) {
596 logger(mesh, MESHLINK_WARNING, "Dropping packet from blacklisted node %s", n->name);
600 n->sock = ls - mesh->listen_socket;
602 receive_udppacket(mesh, n, pkt);
605 void handle_incoming_vpn_data(event_loop_t *loop, void *data, int flags) {
607 meshlink_handle_t *mesh = loop->data;
608 listen_socket_t *ls = data;
611 struct mmsgs *mmsgs = mesh->in_mmsgs;
612 int count = recvmmsg(ls->udp.fd, mmsgs->hdrs, MAX_MMSG, 0, NULL);
614 if(count <= 0 || count > MAX_MMSG) {
615 if(!sockwouldblock(sockerrno)) {
616 logger(mesh, MESHLINK_ERROR, "Receiving packets failed: %s", sockstrerror(sockerrno));
622 for(int i = 0; i < count; i++) {
623 mmsgs->pkts[i].len = mmsgs->hdrs[i].msg_len;
624 handle_one_incoming(mesh, ls, &mmsgs->pkts[i], &mmsgs->addrs[i]);
625 mmsgs->hdrs[i].msg_hdr.msg_namelen = sizeof(mmsgs->addrs[i]);
631 socklen_t fromlen = sizeof(from);
632 memset(&from, 0, sizeof(from));
634 ssize_t len = recvfrom(ls->udp.fd, pkt.data, MAXSIZE, 0, &from.sa, &fromlen);
636 if(len <= 0 || len > MAXSIZE) {
637 if(!sockwouldblock(sockerrno)) {
638 logger(mesh, MESHLINK_ERROR, "Receiving packet failed: %s", sockstrerror(sockerrno));
645 handle_one_incoming(mesh, ls, &pkt, &from);
projects / meshlink / blob