void Worker::onRouterConnect(Connection *router)
{
LOG_INFO("router connected");
nRouterReconnect = 0;
//AUTH
Config *pConfig = Config::getInstance();
char id[10];
net::writeNetInt32(id, pConfig->nServerId);
sendToRouter(ROUTER_MSG_AUTH, 0, NULL, sizeof(int), id);
//sync session
int sidnum = 0;
std::string sidlist;
for(ClientList::const_iterator it = arrClients.begin(); it != arrClients.end(); ++it){
const std::string &sid = it->first;
sidnum++;
sidlist.append(sid);
}
if(sidnum){
sendToRouter(ROUTER_MSG_CONN, sidnum * SID_LENGTH, sidlist.c_str(), 0, NULL);
}
//sync channel
for(ChannelList::const_iterator it = arrChannels.begin(); it != arrChannels.end(); ++it){
const std::string &cname = it->first;
sendToRouter(ROUTER_MSG_CH_SUB, cname.size(), cname.c_str(), 0, NULL);
}
}
void Worker::closeClient(Connection *client)
{
ClientData *pData = (ClientData*)client->getData();
std::string sid = pData->session.getId();
LOG("close client, fd=%d, sid=%s", client->getSocket().getFd(), sid.c_str());
//router通知
sendToRouter(ROUTER_MSG_CLOSE, SID_LENGTH, pData->session.getId(), 0, NULL);
//后端通知
Config *pConfig = Config::getInstance();
if(pConfig->bEventClose){
Backend *backend = new Backend(pEventLoop, NULL, NULL);
backend->copyParam(pData->params);
backend->addParam("EVENT", sizeof("EVENT") - 1, "2", 1);
backend->setCloseHandler(EV_CB(this, Worker::onBackendClose));
backend->setResponseHandler(EV_CB(this, Worker::onBackendResponse));
if(!backend->run()){
delete backend;
}
}
//释放后端请求
for(BackendList::const_iterator it = pData->backends.begin(); it != pData->backends.end(); ++it){
Backend *backend = it->first;
backend->setClient(NULL);
backend->shutdown();
}
//取消频道订阅
for(ChannelSet::const_iterator it2 = pData->channels.begin(); it2 != pData->channels.end(); ++it2){
const std::string &chname = it2->first;
ChannelList::iterator cit = arrChannels.find(chname);
if(cit != arrChannels.end()){
cit->second.erase(client);
if(cit->second.empty()){
sendToRouter(ROUTER_MSG_CH_UNSUB, chname.size(), chname.c_str(), 0, NULL);
arrChannels.erase(cit);
}
}
}
//计数更新
pMaster->delClient(nId);
//客户端列表更新
arrClients.erase(sid);
//lua更新
if(pMaster->pScript && pMaster->pScript->hasCloseProc()){
pMaster->pScript->procClose(client);
}
delete pData;
delete client;
}
void Worker::doChannelDel(RouterMsg *pMsg)
{
//频道名称在data域
int pos = 0;
std::string chname(pMsg->data + pMsg->slen, pMsg->len);
ConnectionSet &clients = arrChannels[chname];
while(pos + SID_LENGTH <= pMsg->slen)
{
std::string sid(pMsg->data + pos, SID_LENGTH);
ClientList::const_iterator it = arrClients.find(sid);
if(it != arrClients.end()){
Connection *pClient = it->second;
ClientData *pClientData = (ClientData*)pClient->getData();
pClientData->channels.erase(chname);
clients.erase(pClient);
if(!clients.size()){
sendToRouter(ROUTER_MSG_CH_UNSUB, chname.size(), chname.c_str(), 0, NULL);
}
LOG("leave channel name=%s, sid=%s", chname.c_str(), sid.c_str());
}
pos+= SID_LENGTH;
}
}
void Worker::createClient(int fd, const char *host, int port)
{
//创建session对像
Session sess(nPid, fd);
LOG("new client, fd=%d, host=%s, port=%d, sid=%s", fd, host, port, sess.getId());
//环镜变量
ClientData *pData = new ClientData();
char szPort[8];
int nPort = sprintf(szPort, "%d", port);
pData->session = sess;
pData->nrequest = 0;
Backend::makeParam(pData->params, "REMOTE_ADDR", sizeof("REMOTE_ADDR") - 1, host, strlen(host));
Backend::makeParam(pData->params, "REMOTE_PORT", sizeof("REMOTE_PORT") - 1, szPort, nPort);
Backend::makeParam(pData->params, "SESSIONID", sizeof("SESSIONID") - 1, sess.getId(), SID_LENGTH);
//创建连接对像
Connection *client = new Connection(pEventLoop, fd);
client->setHostAndPort(host, port);
client->setData(pData);
client->setMessageHandler(EV_CB(this, Worker::onMessage));
client->setCloseHandler(EV_CB(this, Worker::onClose));
//client->setWriteCompleteHandler(EL_CB(this, Worker::onWriteComplete));
arrClients[sess.getId()] = client;
//计数更新
pMaster->addClient(nId);
//Router通知
sendToRouter(ROUTER_MSG_CONN, SID_LENGTH, sess.getId(), 0, NULL);
//backend通知
Config *pConfig = Config::getInstance();
if(pConfig->bEventConnect){
Backend *backend = new Backend(pEventLoop, client, NULL);
backend->copyParam(pData->params);
backend->addParam("EVENT", sizeof("EVENT") - 1, "1", 1);
backend->setCloseHandler(EV_CB(this, Worker::onBackendClose));
backend->setResponseHandler(EV_CB(this, Worker::onBackendResponse));
if(backend->run()){
pData->backends[backend] = 1;
}else{
delete backend;
}
}
//lua通知
if(pMaster->pScript && pMaster->pScript->hasConnectProc()){
pMaster->pScript->procConnect(client);
}
}
// Called by the TUN device.
static inline uint8_t ip6FromTun(struct Message* message,
struct Interface* interface)
{
struct Context* context = (struct Context*) interface->receiverContext;
if (!validIP6(message)) {
Log_debug(context->logger, "dropped message from TUN because it was not valid IPv6.\n");
return Error_INVALID;
}
struct Headers_IP6Header* header = (struct Headers_IP6Header*) message->bytes;
if (memcmp(header->sourceAddr, context->myAddr.ip6.bytes, 16)) {
Log_warn(context->logger, "dropped message because only one address is allowed to be used "
"and the source address was different.\n");
return Error_INVALID;
}
context->switchHeader = NULL;
struct Node* bestNext = RouterModule_getBest(header->destinationAddr, context->routerModule);
if (bestNext) {
context->forwardTo = &bestNext->address;
if (!memcmp(header->destinationAddr, bestNext->address.ip6.bytes, 16)) {
// Direct send, skip the innermost layer of encryption.
header->hopLimit = 0;
#ifdef Log_DEBUG
uint8_t nhAddr[60];
Address_print(nhAddr, &bestNext->address);
Log_debug1(context->logger, "Forwarding data to %s (last hop)\n", nhAddr);
#endif
return sendToRouter(&bestNext->address, message, context);
}
}
// Grab out the header so it doesn't get clobbered.
struct Headers_IP6Header headerStore;
memcpy(&headerStore, header, Headers_IP6Header_SIZE);
context->ip6Header = &headerStore;
// Shift over the content.
Message_shift(message, -Headers_IP6Header_SIZE);
struct Interface* session =
SessionManager_getSession(headerStore.destinationAddr, NULL, context->sm);
// This comes out at outgoingFromMe()
context->layer = INNER_LAYER;
return session->sendMessage(message, session);
}
/**
* Send an arbitrary message to a node.
*
* @param message to be sent, must be prefixed with IpTunnel_PacketInfoHeader.
* @param iface an interface for which receiverContext is the ducttape.
*/
static uint8_t sendToNode(struct Message* message, struct Interface* iface)
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*)iface->receiverContext);
struct Ducttape_MessageHeader* dtHeader = getDtHeader(message, true);
struct IpTunnel_PacketInfoHeader* header = (struct IpTunnel_PacketInfoHeader*) message->bytes;
Message_shift(message, -IpTunnel_PacketInfoHeader_SIZE);
struct Node* n = RouterModule_lookup(header->nodeIp6Addr, context->routerModule);
if (n) {
if (!Bits_memcmp(header->nodeKey, n->address.key, 32)) {
// Found the node.
#ifdef Log_DEBUG
uint8_t nhAddr[60];
Address_print(nhAddr, &n->address);
Log_debug(context->logger, "Sending arbitrary data to [%s]", nhAddr);
#endif
struct SessionManager_Session* session =
SessionManager_getSession(n->address.ip6.bytes, n->address.key, context->sm);
n->version = session->version = (n->version > session->version)
? n->version : session->version;
dtHeader->switchLabel = n->address.path;
return sendToRouter(message, dtHeader, session, context);
}
}
#ifdef Log_DEBUG
uint8_t printedIp6[40];
AddrTools_printIp(printedIp6, header->nodeIp6Addr);
Log_debug(context->logger, "Couldn't find node [%s] for sending to.", printedIp6);
#endif
// Now lets trigger a search for this node.
uint64_t now = Time_currentTimeMilliseconds(context->eventBase);
if (context->timeOfLastSearch + context->timeBetweenSearches < now) {
context->timeOfLastSearch = now;
RouterModule_search(header->nodeIp6Addr, context->routerModule, context->alloc);
}
return 0;
}
/**
* Messages with content encrypted and header decrypted are sent here to be forwarded.
* they may come from us, or from another node and may be to us or to any other node.
* Message is aligned on the beginning of the ipv6 header.
*/
static inline int core(struct Message* message, struct Ducttape* context)
{
context->ip6Header = (struct Headers_IP6Header*) message->bytes;
if (isForMe(message, context)) {
Message_shift(message, -Headers_IP6Header_SIZE);
if (memcmp(context->routerAddress, context->ip6Header->sourceAddr, 16)) {
// triple encrypted
// This call goes to incomingForMe()
context->layer = INNER_LAYER;
context->session =
SessionManager_getSession(context->ip6Header->sourceAddr, NULL, context->sm);
return context->session->receiveMessage(message, context->session);
} else {
// double encrypted, inner layer plaintext.
// The session is still set from the router-to-router traffic and that is the one we use
// to determine the node's id.
return incomingForMe(message, context, CryptoAuth_getHerPublicKey(context->session));
}
}
if (context->ip6Header->hopLimit == 0) {
Log_debug(context->logger, "dropped message because hop limit has been exceeded.\n");
// TODO: send back an error message in response.
return Error_UNDELIVERABLE;
}
context->ip6Header->hopLimit--;
struct Address* ft = context->forwardTo;
context->forwardTo = NULL;
if (!ft) {
struct Node* bestNext =
RouterModule_lookup(context->ip6Header->destinationAddr, context->routerModule);
if (bestNext) {
ft = &bestNext->address;
}
}
if (ft) {
#ifdef Log_DEBUG
uint8_t nhAddr[60];
Address_print(nhAddr, ft);
if (memcmp(context->ip6Header->destinationAddr, ft->ip6.bytes, 16)) {
// Potentially forwarding for ourselves.
struct Address destination;
Bits_memcpyConst(destination.ip6.bytes, context->ip6Header->destinationAddr, 16);
uint8_t ipAddr[40];
Address_printIp(ipAddr, &destination);
Log_debug2(context->logger, "Forwarding data to %s via %s\n", ipAddr, nhAddr);
} else {
// Definitely forwarding on behalf of someone else.
Log_debug1(context->logger, "Forwarding data to %s (last hop)\n", nhAddr);
}
#endif
return sendToRouter(ft, message, context);
}
Log_debug(context->logger, "Dropped message because this node is the closest known "
"node to the destination.\n");
return Error_UNDELIVERABLE;
}
static int handleOutgoing(struct DHTMessage* dmessage,
void* vcontext)
{
struct Ducttape* context = (struct Ducttape*) vcontext;
struct Message message =
{ .length = dmessage->length, .bytes = (uint8_t*) dmessage->bytes, .padding = 512 };
Message_shift(&message, Headers_UDPHeader_SIZE);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message.bytes;
uh->sourceAndDestPorts = 0;
uh->length_be = Endian_hostToBigEndian16(dmessage->length);
uh->checksum_be = 0;
uint16_t payloadLength = message.length;
Message_shift(&message, Headers_IP6Header_SIZE);
struct Headers_IP6Header* header = (struct Headers_IP6Header*) message.bytes;
header->versionClassAndFlowLabel = 0;
header->flowLabelLow_be = 0;
header->nextHeader = 17;
header->hopLimit = 0;
header->payloadLength_be = Endian_hostToBigEndian16(payloadLength);
Bits_memcpyConst(header->sourceAddr,
context->myAddr.ip6.bytes,
Address_SEARCH_TARGET_SIZE);
Bits_memcpyConst(header->destinationAddr,
dmessage->address->ip6.bytes,
Address_SEARCH_TARGET_SIZE);
context->ip6Header = header;
context->switchHeader = NULL;
sendToRouter(dmessage->address, &message, context);
return 0;
}
// Aligned on the beginning of the content.
static inline bool isRouterTraffic(struct Message* message, struct Headers_IP6Header* ip6)
{
if (ip6->nextHeader != 17 || ip6->hopLimit != 0) {
return false;
}
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
return message->length >= Headers_UDPHeader_SIZE
&& uh->sourceAndDestPorts == 0
&& (int) Endian_bigEndianToHost16(uh->length_be) == message->length - Headers_UDPHeader_SIZE;
}
/**
* Message which is for us, message is aligned on the beginning of the content.
* this is called from core() which calls through an interfaceMap.
*/
static inline uint8_t incomingForMe(struct Message* message,
struct Ducttape* context,
uint8_t herPubKey[32])
{
struct Address addr;
AddressCalc_addressForPublicKey(addr.ip6.bytes, herPubKey);
if (memcmp(addr.ip6.bytes, context->ip6Header->sourceAddr, 16)) {
#ifdef Log_DEBUG
uint8_t keyAddr[40];
Address_printIp(keyAddr, &addr);
Bits_memcpyConst(addr.ip6.bytes, context->ip6Header->sourceAddr, 16);
uint8_t srcAddr[40];
Address_printIp(srcAddr, &addr);
Log_debug2(context->logger,
"Dropped packet because source address is not same as key.\n"
" %s source addr\n"
" %s hash of key\n",
srcAddr,
keyAddr);
#endif
return Error_INVALID;
}
if (message->length == 0) {
#ifdef Log_WARN
uint8_t keyAddr[40];
uint8_t ipv6Hex[80];
Address_printIp(keyAddr, &addr);
Hex_encode(ipv6Hex, 80, (uint8_t*) context->ip6Header, 40);
Log_warn2(context->logger,
"Got ipv6 packet from %s which has no content!\nIPv6 Header: [%s]",
keyAddr, ipv6Hex);
#endif
return Error_INVALID;
}
if (isRouterTraffic(message, context->ip6Header)) {
// Shift off the UDP header.
Message_shift(message, -Headers_UDPHeader_SIZE);
addr.path = Endian_bigEndianToHost64(context->switchHeader->label_be);
Bits_memcpyConst(addr.key, herPubKey, 32);
return incomingDHT(message, &addr, context);
}
// RouterModule_addNode(&addr, context->routerModule);
if (!context->routerIf) {
Log_warn(context->logger,
"Dropping message because there is no router interface configured.\n");
return Error_UNDELIVERABLE;
}
// Now write a message to the TUN device.
// Need to move the ipv6 header forward up to the content because there's a crypto header
// between the ipv6 header and the content which just got eaten.
Message_shift(message, Headers_IP6Header_SIZE);
uint16_t sizeDiff = message->bytes - (uint8_t*)context->ip6Header;
if (sizeDiff) {
context->ip6Header->payloadLength_be =
Endian_hostToBigEndian16(
Endian_bigEndianToHost16(context->ip6Header->payloadLength_be) - sizeDiff);
memmove(message->bytes, context->ip6Header, Headers_IP6Header_SIZE);
}
context->routerIf->sendMessage(message, context->routerIf);
return Error_NONE;
}
uint8_t Ducttape_injectIncomingForMe(struct Message* message,
struct Ducttape* context,
uint8_t herPublicKey[32])
{
struct Headers_SwitchHeader sh;
Bits_memcpyConst(&sh, message->bytes, Headers_SwitchHeader_SIZE);
context->switchHeader = &sh;
Message_shift(message, -Headers_SwitchHeader_SIZE);
struct Headers_IP6Header ip6;
Bits_memcpyConst(&ip6, message->bytes, Headers_IP6Header_SIZE);
context->ip6Header = &ip6;
Message_shift(message, -Headers_IP6Header_SIZE);
return incomingForMe(message, context, herPublicKey);
}
/**
* Send a message to another switch.
* Switchheader will precede the message.
*/
static inline uint8_t sendToSwitch(struct Message* message,
struct Headers_SwitchHeader* destinationSwitchHeader,
struct Ducttape* context)
{
Message_shift(message, Headers_SwitchHeader_SIZE);
struct Headers_SwitchHeader* switchHeaderLocation =
(struct Headers_SwitchHeader*) message->bytes;
if (destinationSwitchHeader != switchHeaderLocation) {
memmove(message->bytes, destinationSwitchHeader, Headers_SwitchHeader_SIZE);
}
return context->switchInterface.receiveMessage(message, &context->switchInterface);
}
/**
* Messages with content encrypted and header decrypted are sent here to be forwarded.
* they may come from us, or from another node and may be to us or to any other node.
* Message is aligned on the beginning of the ipv6 header.
*/
static inline int core(struct Message* message,
struct Ducttape_MessageHeader* dtHeader,
struct SessionManager_Session* session,
struct Ducttape_pvt* context)
{
struct Headers_IP6Header* ip6Header = (struct Headers_IP6Header*) message->bytes;
dtHeader->ip6Header = ip6Header;
if (isForMe(message, context)) {
Message_shift(message, -Headers_IP6Header_SIZE);
if (Bits_memcmp(session->ip6, ip6Header->sourceAddr, 16)) {
// triple encrypted
// This call goes to incomingForMe()
struct SessionManager_Session* session =
SessionManager_getSession(ip6Header->sourceAddr, NULL, context->sm);
#ifdef Log_DEBUG
uint8_t addr[40];
AddrTools_printIp(addr, ip6Header->sourceAddr);
Log_debug(context->logger, "Incoming layer3 message, ostensibly from [%s]", addr);
#endif
dtHeader->receiveHandle = Endian_bigEndianToHost32(session->receiveHandle_be);
dtHeader->layer = Ducttape_SessionLayer_INNER;
return session->iface.receiveMessage(message, &session->iface);
} else {
// double encrypted, inner layer plaintext.
// The session is still set from the router-to-router traffic and that is the one we use
// to determine the node's id.
return incomingForMe(message, dtHeader, session, context,
CryptoAuth_getHerPublicKey(&session->iface));
}
}
if (ip6Header->hopLimit == 0) {
Log_debug(context->logger, "dropped message because hop limit has been exceeded.\n");
// TODO: send back an error message in response.
return Error_UNDELIVERABLE;
}
ip6Header->hopLimit--;
struct SessionManager_Session* nextHopSession = NULL;
if (!dtHeader->nextHopReceiveHandle || !dtHeader->switchLabel) {
struct Node* n = RouterModule_lookup(ip6Header->destinationAddr, context->routerModule);
if (n) {
nextHopSession =
SessionManager_getSession(n->address.ip6.bytes, n->address.key, context->sm);
dtHeader->switchLabel = n->address.path;
}
} else {
nextHopSession =
SessionManager_sessionForHandle(dtHeader->nextHopReceiveHandle, context->sm);
}
if (nextHopSession) {
#ifdef Log_DEBUG
struct Address addr;
Bits_memcpyConst(addr.ip6.bytes, nextHopSession->ip6, 16);
addr.path = dtHeader->switchLabel;
uint8_t nhAddr[60];
Address_print(nhAddr, &addr);
if (Bits_memcmp(ip6Header->destinationAddr, addr.ip6.bytes, 16)) {
// Potentially forwarding for ourselves.
struct Address destination;
Bits_memcpyConst(destination.ip6.bytes, ip6Header->destinationAddr, 16);
uint8_t ipAddr[40];
Address_printIp(ipAddr, &destination);
Log_debug(context->logger, "Forwarding data to %s via %s\n", ipAddr, nhAddr);
} else {
// Definitely forwarding on behalf of someone else.
Log_debug(context->logger, "Forwarding data to %s (last hop)\n", nhAddr);
}
#endif
return sendToRouter(message, dtHeader, nextHopSession, context);
}
#ifdef Log_INFO
struct Address destination;
Bits_memcpyConst(destination.ip6.bytes, ip6Header->destinationAddr, 16);
uint8_t ipAddr[40];
Address_printIp(ipAddr, &destination);
Log_info(context->logger, "Dropped message because this node is the closest known "
"node to the destination %s.", ipAddr);
#endif
return Error_UNDELIVERABLE;
}
// Called by the TUN device.
static inline uint8_t incomingFromTun(struct Message* message,
struct Interface* iface)
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*) iface->receiverContext);
uint16_t ethertype = TUNMessageType_pop(message);
struct Headers_IP6Header* header = (struct Headers_IP6Header*) message->bytes;
int version = Headers_getIpVersion(message->bytes);
if ((ethertype == Ethernet_TYPE_IP4 && version != 4)
|| (ethertype == Ethernet_TYPE_IP6 && version != 6))
{
Log_warn(context->logger, "dropped packet because ip version [%d] "
"doesn't match ethertype [%u].", version, Endian_bigEndianToHost16(ethertype));
return Error_INVALID;
}
if (ethertype != Ethernet_TYPE_IP6 || !AddressCalc_validAddress(header->sourceAddr)) {
return context->ipTunnel->tunInterface.sendMessage(message,
&context->ipTunnel->tunInterface);
}
if (Bits_memcmp(header->sourceAddr, context->myAddr.ip6.bytes, 16)) {
uint8_t expectedSource[40];
AddrTools_printIp(expectedSource, context->myAddr.ip6.bytes);
uint8_t packetSource[40];
AddrTools_printIp(packetSource, header->sourceAddr);
Log_warn(context->logger,
"dropped packet from [%s] because all messages must have source address [%s]",
(char*) packetSource, (char*) expectedSource);
return Error_INVALID;
}
if (!Bits_memcmp(header->destinationAddr, context->myAddr.ip6.bytes, 16)) {
// I'm Gonna Sit Right Down and Write Myself a Letter
TUNMessageType_push(message, ethertype);
iface->sendMessage(message, iface);
return Error_NONE;
}
struct Ducttape_MessageHeader* dtHeader = getDtHeader(message, true);
struct Node* bestNext = RouterModule_lookup(header->destinationAddr, context->routerModule);
struct SessionManager_Session* nextHopSession;
if (bestNext) {
nextHopSession = SessionManager_getSession(bestNext->address.ip6.bytes,
bestNext->address.key,
context->sm);
bestNext->version = nextHopSession->version = (bestNext->version > nextHopSession->version)
? bestNext->version : nextHopSession->version;
dtHeader->switchLabel = bestNext->address.path;
dtHeader->nextHopReceiveHandle = Endian_bigEndianToHost32(nextHopSession->receiveHandle_be);
if (!Bits_memcmp(header->destinationAddr, bestNext->address.ip6.bytes, 16)) {
// Direct send, skip the innermost layer of encryption.
#ifdef Log_DEBUG
uint8_t nhAddr[60];
Address_print(nhAddr, &bestNext->address);
Log_debug(context->logger, "Forwarding data to %s (last hop)\n", nhAddr);
#endif
return sendToRouter(message, dtHeader, nextHopSession, context);
}
// else { the message will need to be 3 layer encrypted but since we already did a lookup
// of the best node to forward to, we can skip doing another lookup by storing a pointer
// to that node in the context (bestNext).
} else {
#ifdef Log_WARN
uint8_t thisAddr[40];
uint8_t destAddr[40];
AddrTools_printIp(thisAddr, context->myAddr.ip6.bytes);
AddrTools_printIp(destAddr, header->destinationAddr);
Log_warn(context->logger,
"Dropped message from TUN because this node [%s] is closest to dest [%s]",
thisAddr, destAddr);
#endif
return Error_UNDELIVERABLE;
}
#ifdef Log_DEBUG
uint8_t destAddr[40];
AddrTools_printIp(destAddr, header->destinationAddr);
uint8_t nhAddr[60];
Address_print(nhAddr, &bestNext->address);
Log_debug(context->logger, "Sending to [%s] via [%s]", destAddr, nhAddr);
#endif
struct SessionManager_Session* session =
SessionManager_getSession(header->destinationAddr, NULL, context->sm);
// Copy the IP6 header back from where the CA header will be placed.
// this is a mess.
// We can't just copy the header to a safe place because the CryptoAuth
// might buffer the message and send a connect-to-me packet and when the
// hello packet comes in return, the CA will send the message and the header
// needs to be in the message buffer.
//
// The CryptoAuth may send a 120 byte CA header and it might only send a 4 byte
// nonce and 16 byte authenticator depending on its state.
if (CryptoAuth_getState(&session->iface) < CryptoAuth_HANDSHAKE3) {
// shift, copy, shift because shifting asserts that there is enough buffer space.
Message_shift(message, Headers_CryptoAuth_SIZE + 4);
Bits_memcpyConst(message->bytes, header, Headers_IP6Header_SIZE);
Message_shift(message, -(Headers_IP6Header_SIZE + Headers_CryptoAuth_SIZE + 4));
// now push the receive handle *under* the CA header.
Message_push(message, &session->receiveHandle_be, 4);
debugHandles0(context->logger, session, "layer3 sending start message");
} else {
// shift, copy, shift because shifting asserts that there is enough buffer space.
Message_shift(message, 20);
Bits_memmoveConst(message->bytes, header, Headers_IP6Header_SIZE);
Message_shift(message, -(20 + Headers_IP6Header_SIZE));
debugHandles0(context->logger, session, "layer3 sending run message");
}
// This comes out at outgoingFromCryptoAuth() then outgoingFromMe()
dtHeader->receiveHandle = Endian_bigEndianToHost32(session->receiveHandle_be);
dtHeader->layer = Ducttape_SessionLayer_INNER;
return session->iface.sendMessage(message, &session->iface);
}
static int handleOutgoing(struct DHTMessage* dmessage,
void* vcontext)
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*) vcontext);
struct Message message = {
.length = dmessage->length,
.bytes = (uint8_t*) dmessage->bytes,
.padding = 512,
.capacity = DHTMessage_MAX_SIZE
};
Message_shift(&message, Headers_UDPHeader_SIZE);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message.bytes;
uh->sourceAndDestPorts = 0;
uh->length_be = Endian_hostToBigEndian16(dmessage->length);
uh->checksum_be = 0;
uint16_t payloadLength = message.length;
Message_shift(&message, Headers_IP6Header_SIZE);
struct Headers_IP6Header* header = (struct Headers_IP6Header*) message.bytes;
header->versionClassAndFlowLabel = 0;
header->flowLabelLow_be = 0;
header->nextHeader = 17;
header->hopLimit = 0;
header->payloadLength_be = Endian_hostToBigEndian16(payloadLength);
Bits_memcpyConst(header->sourceAddr,
context->myAddr.ip6.bytes,
Address_SEARCH_TARGET_SIZE);
Bits_memcpyConst(header->destinationAddr,
dmessage->address->ip6.bytes,
Address_SEARCH_TARGET_SIZE);
#ifdef Log_DEBUG
Assert_true(!((uintptr_t)dmessage->bytes % 4) || !"alignment fault");
#endif
uh->checksum_be =
Checksum_udpIp6(header->sourceAddr, (uint8_t*) uh, message.length - Headers_IP6Header_SIZE);
struct Ducttape_MessageHeader* dtHeader = getDtHeader(&message, true);
dtHeader->ip6Header = header;
dtHeader->switchLabel = dmessage->address->path;
struct SessionManager_Session* session =
SessionManager_getSession(dmessage->address->ip6.bytes,
dmessage->address->key,
context->sm);
if (session->version == Version_DEFAULT_ASSUMPTION && dmessage->replyTo) {
int64_t* verPtr = Dict_getInt(dmessage->replyTo->asDict, String_CONST("p"));
session->version = (verPtr) ? *verPtr : Version_DEFAULT_ASSUMPTION;
}
if (session->version == Version_DEFAULT_ASSUMPTION) {
struct Node* n = RouterModule_getNode(dmessage->address->path, context->routerModule);
if (n) {
n->version = session->version =
(n->version > session->version) ? n->version : session->version;
}
}
sendToRouter(&message, dtHeader, session, context);
return 0;
}
// Aligned on the beginning of the content.
static inline bool isRouterTraffic(struct Message* message, struct Headers_IP6Header* ip6)
{
if (ip6->nextHeader != 17 || ip6->hopLimit != 0) {
return false;
}
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
return message->length >= Headers_UDPHeader_SIZE
&& uh->sourceAndDestPorts == 0
&& (int) Endian_bigEndianToHost16(uh->length_be) ==
(message->length - Headers_UDPHeader_SIZE);
}
#define debugHandles(logger, session, message, ...) \
do { \
uint8_t ip[40]; \
AddrTools_printIp(ip, session->ip6); \
Log_debug(logger, "ver[%u] send[%d] recv[%u] ip[%s] " message, \
session->version, \
Endian_hostToBigEndian32(session->sendHandle_be), \
Endian_hostToBigEndian32(session->receiveHandle_be), \
ip, \
__VA_ARGS__); \
} while (0)
//CHECKFILES_IGNORE expecting a ;
#define debugHandles0(logger, session, message) \
debugHandles(logger, session, message "%s", "")
#define debugHandlesAndLabel(logger, session, label, message, ...) \
do { \
uint8_t path[20]; \
AddrTools_printPath(path, label); \
debugHandles(logger, session, "path[%s] " message, path, __VA_ARGS__); \
} while (0)
//CHECKFILES_IGNORE expecting a ;
#define debugHandlesAndLabel0(logger, session, label, message) \
debugHandlesAndLabel(logger, session, label, "%s", message)
/**
* Message which is for us, message is aligned on the beginning of the content.
* this is called from core() which calls through an interfaceMap.
*/
static inline uint8_t incomingForMe(struct Message* message,
struct Ducttape_MessageHeader* dtHeader,
struct SessionManager_Session* session,
struct Ducttape_pvt* context,
uint8_t herPublicKey[32])
{
struct Address addr;
Bits_memcpyConst(addr.ip6.bytes, session->ip6, 16);
//AddressCalc_addressForPublicKey(addr.ip6.bytes, herPubKey);
if (Bits_memcmp(addr.ip6.bytes, dtHeader->ip6Header->sourceAddr, 16)) {
#ifdef Log_DEBUG
uint8_t keyAddr[40];
Address_printIp(keyAddr, &addr);
Bits_memcpyConst(addr.ip6.bytes, dtHeader->ip6Header->sourceAddr, 16);
uint8_t srcAddr[40];
Address_printIp(srcAddr, &addr);
Log_debug(context->logger,
"Dropped packet because source address is not same as key.\n"
" %s source addr\n"
" %s hash of key\n",
srcAddr,
keyAddr);
#endif
return Error_INVALID;
}
if (isRouterTraffic(message, dtHeader->ip6Header)) {
// Check the checksum.
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
if (Checksum_udpIp6(dtHeader->ip6Header->sourceAddr, (uint8_t*)uh, message->length)) {
#ifdef Log_DEBUG
uint8_t keyAddr[40];
Address_printIp(keyAddr, &addr);
Log_debug(context->logger,
"Router packet with incorrect checksum, from [%s]", keyAddr);
#endif
return Error_INVALID;
}
// Shift off the UDP header.
Message_shift(message, -Headers_UDPHeader_SIZE);
addr.path = Endian_bigEndianToHost64(dtHeader->switchHeader->label_be);
Bits_memcpyConst(addr.key, herPublicKey, 32);
return incomingDHT(message, &addr, context);
}
if (!context->userIf) {
Log_warn(context->logger,
"Dropping message because there is no router interface configured.\n");
return Error_UNDELIVERABLE;
}
// prevent router advertizement schenanigans
if (dtHeader->ip6Header->hopLimit == 255) {
dtHeader->ip6Header->hopLimit--;
}
// Now write a message to the TUN device.
// Need to move the ipv6 header forward up to the content because there's a crypto header
// between the ipv6 header and the content which just got eaten.
Message_shift(message, Headers_IP6Header_SIZE);
uint16_t sizeDiff = message->bytes - (uint8_t*)dtHeader->ip6Header;
if (sizeDiff) {
dtHeader->ip6Header->payloadLength_be =
Endian_hostToBigEndian16(
Endian_bigEndianToHost16(dtHeader->ip6Header->payloadLength_be) - sizeDiff);
Bits_memmoveConst(message->bytes, dtHeader->ip6Header, Headers_IP6Header_SIZE);
}
TUNMessageType_push(message, Ethernet_TYPE_IP6);
context->userIf->sendMessage(message, context->userIf);
return Error_NONE;
}
uint8_t Ducttape_injectIncomingForMe(struct Message* message,
struct Ducttape* dt,
uint8_t herPublicKey[32])
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*)dt);
struct Ducttape_MessageHeader* dtHeader = getDtHeader(message, true);
struct Headers_SwitchHeader sh;
Bits_memcpyConst(&sh, message->bytes, Headers_SwitchHeader_SIZE);
dtHeader->switchHeader = &sh;
Message_shift(message, -Headers_SwitchHeader_SIZE);
struct Headers_IP6Header ip6;
Bits_memcpyConst(&ip6, message->bytes, Headers_IP6Header_SIZE);
dtHeader->ip6Header = &ip6;
Message_shift(message, -Headers_IP6Header_SIZE);
struct SessionManager_Session s;
AddressCalc_addressForPublicKey(s.ip6, herPublicKey);
s.version = Version_CURRENT_PROTOCOL;
return incomingForMe(message, dtHeader, &s, context, herPublicKey);
}
/**
* Send a message to another switch.
* Switchheader will precede the message.
*/
static inline uint8_t sendToSwitch(struct Message* message,
struct Ducttape_MessageHeader* dtHeader,
struct SessionManager_Session* session,
struct Ducttape_pvt* context)
{
uint64_t label = dtHeader->switchLabel;
if (CryptoAuth_getState(&session->iface) >= CryptoAuth_HANDSHAKE3) {
debugHandlesAndLabel0(context->logger, session, label, "layer2 sending run message");
uint32_t sendHandle_be = session->sendHandle_be;
#ifdef Version_2_COMPAT
if (session->version < 3) {
sendHandle_be |= HANDLE_FLAG_BIT_be;
}
#endif
Message_push(message, &sendHandle_be, 4);
} else {
debugHandlesAndLabel0(context->logger, session, label, "layer2 sending start message");
#ifdef Version_2_COMPAT
if (session->version < 3) {
Message_push(message, &session->receiveHandle_be, 4);
}
#endif
}
Message_shift(message, Headers_SwitchHeader_SIZE);
Assert_true(message->bytes == (uint8_t*)dtHeader->switchHeader);
return context->switchInterface.receiveMessage(message, &context->switchInterface);
}
/**
* Messages with content encrypted and header decrypted are sent here to be forwarded.
* they may come from us, or from another node and may be to us or to any other node.
* Message is aligned on the beginning of the ipv6 header.
*/
static inline int core(struct Message* message, struct Context* context)
{
context->ip6Header = (struct Headers_IP6Header*) message->bytes;
if (!validIP6(message)) {
Log_debug(context->logger, "Dropping message because of invalid ipv6 header.\n");
return Error_INVALID;
}
// Do this here and check for 1 hop, not 0 because we want to differentiate between single
// hop traffic and routed traffic as single hop traffic doesn't need 2 layers of crypto.
if (context->ip6Header->hopLimit == 1) {
Log_debug(context->logger, "dropped message because hop limit has been exceeded.\n");
// TODO: send back an error message in response.
return Error_UNDELIVERABLE;
}
if (isForMe(message, context)) {
Message_shift(message, -Headers_IP6Header_SIZE);
if (context->ip6Header->hopLimit != 0) {
// triple encrypted
// This call goes to incomingForMe()
context->layer = INNER_LAYER;
context->session =
SessionManager_getSession(context->ip6Header->sourceAddr, NULL, context->sm);
return context->session->receiveMessage(message, context->session);
} else {
// double encrypted, inner layer plaintext.
// The session is still set from the router-to-router traffic and that is the one we use
// to determine the node's id.
return incomingForMe(message, context);
}
}
if (context->ip6Header->hopLimit == 0) {
Log_debug(context->logger, "0 hop message not addressed to us, broken route.\n");
return 0;
}
context->ip6Header->hopLimit--;
struct Address* ft = context->forwardTo;
context->forwardTo = NULL;
if (!ft) {
struct Node* bestNext =
RouterModule_getBest(context->ip6Header->destinationAddr, context->routerModule);
if (bestNext) {
ft = &bestNext->address;
}
}
if (ft) {
#ifdef Log_DEBUG
uint8_t nhAddr[60];
Address_print(nhAddr, ft);
if (memcmp(context->ip6Header->destinationAddr, ft->ip6.bytes, 16)) {
// Potentially forwarding for ourselves.
struct Address destination;
memcpy(destination.ip6.bytes, context->ip6Header->destinationAddr, 16);
uint8_t ipAddr[40];
Address_printIp(ipAddr, &destination);
Log_debug2(context->logger, "Forwarding data to %s via %s\n", ipAddr, nhAddr);
} else {
// Definitely forwarding on behalf of someone else.
Log_debug1(context->logger, "Forwarding data to %s (last hop)\n", nhAddr);
}
#endif
return sendToRouter(ft, message, context);
}
Log_debug(context->logger, "Dropped message because this node is the closest known "
"node to the destination.\n");
return Error_UNDELIVERABLE;
}
