static boolean_t sfunc_addr_address(ofmt_arg_t *ofmtarg, char *buf, uint_t bufsize) { ipmpstat_sfunc_arg_t *arg = ofmtarg->ofmt_cbarg; ipmp_addrinfo_t *adinfop = arg->sa_data; sockaddr2str(&adinfop->ad_addr, buf, bufsize); return (B_TRUE); }
static boolean_t sfunc_targ_testaddr(ofmt_arg_t *ofmtarg, char *buf, uint_t bufsize) { ipmpstat_sfunc_arg_t *arg = ofmtarg->ofmt_cbarg; ipmp_targinfo_t *targinfop = arg->sa_data; if (targinfop->it_targmode != IPMP_TARG_DISABLED) sockaddr2str(&targinfop->it_testaddr, buf, bufsize); return (B_TRUE); }
bool send_add_edge(connection_t *c, const edge_t *e) { bool x; char *address, *port; sockaddr2str(&e->address, &address, &port); x = send_request(c, "%d %x %s %s %s %s %x %d", ADD_EDGE, rand(), e->from->name, e->to->name, address, port, e->options, e->weight); free(address); free(port); return x; }
static boolean_t sfunc_probe_target(ofmt_arg_t *ofmtarg, char *buf, uint_t bufsize) { ipmpstat_sfunc_arg_t *arg = ofmtarg->ofmt_cbarg; uint_t nelem; struct sockaddr_storage *target; nvlist_t *nvl = arg->sa_data; if (nvlist_lookup_byte_array(nvl, IPMP_PROBE_TARGET, (uchar_t **)&target, &nelem) != 0) return (sfunc_nvwarn("IPMP_PROBE_TARGET")); sockaddr2str(target, buf, bufsize); return (B_TRUE); }
static void do_outgoing_pipe(connection_t *c, char *command) { #ifndef HAVE_MINGW int fd[2]; if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) { logger(LOG_ERR, "Could not create socketpair: %s\n", strerror(errno)); return; } if(fork()) { c->socket = fd[0]; close(fd[1]); ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Using proxy %s", command); return; } close(0); close(1); close(fd[0]); dup2(fd[1], 0); dup2(fd[1], 1); close(fd[1]); // Other filedescriptors should be closed automatically by CLOEXEC char *host = NULL; char *port = NULL; sockaddr2str(&c->address, &host, &port); setenv("REMOTEADDRESS", host, true); setenv("REMOTEPORT", port, true); setenv("NODE", c->name, true); setenv("NAME", myself->name, true); if(netname) setenv("NETNAME", netname, true); int result = system(command); if(result < 0) logger(LOG_ERR, "Could not execute %s: %s\n", command, strerror(errno)); else if(result) logger(LOG_ERR, "%s exited with non-zero status %d", command, result); exit(result); #else logger(LOG_ERR, "Proxy type exec not supported on this platform!"); return; #endif }
static boolean_t sfunc_targ_targets(ofmt_arg_t *ofmtarg, char *buf, uint_t bufsize) { ipmpstat_sfunc_arg_t *arg = ofmtarg->ofmt_cbarg; uint_t i; char *targname = alloca(bufsize); ipmp_targinfo_t *targinfop = arg->sa_data; ipmp_addrlist_t *targlistp = targinfop->it_targlistp; for (i = 0; i < targlistp->al_naddr; i++) { sockaddr2str(&targlistp->al_addrs[i], targname, bufsize); (void) strlcat(buf, targname, bufsize); if ((i + 1) < targlistp->al_naddr) (void) strlcat(buf, " ", bufsize); } return (B_TRUE); }
static bool finalize_invitation(connection_t *c, const char *data, uint16_t len) { if(strchr(data, '\n')) { logger(DEBUG_ALWAYS, LOG_ERR, "Received invalid key from invited node %s (%s)!\n", c->name, c->hostname); return false; } // Create a new host config file char filename[PATH_MAX]; snprintf(filename, sizeof filename, "%s" SLASH "hosts" SLASH "%s", confbase, c->name); if(!access(filename, F_OK)) { logger(DEBUG_ALWAYS, LOG_ERR, "Host config file for %s (%s) already exists!\n", c->name, c->hostname); return false; } FILE *f = fopen(filename, "w"); if(!f) { logger(DEBUG_ALWAYS, LOG_ERR, "Error trying to create %s: %s\n", filename, strerror(errno)); return false; } fprintf(f, "Ed25519PublicKey = %s\n", data); fclose(f); logger(DEBUG_CONNECTIONS, LOG_INFO, "Key succesfully received from %s (%s)", c->name, c->hostname); // Call invitation-accepted script char *envp[7] = {NULL}; char *address, *port; xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); xasprintf(&envp[3], "NODE=%s", c->name); sockaddr2str(&c->address, &address, &port); xasprintf(&envp[4], "REMOTEADDRESS=%s", address); xasprintf(&envp[5], "NAME=%s", myself->name); execute_script("invitation-accepted", envp); for(int i = 0; envp[i] && i < 7; i++) free(envp[i]); sptps_send_record(&c->sptps, 2, data, 0); return true; }
/* * Nested walker callback function for walk_addr(). */ static void walk_addr_cbfunc(ipmp_handle_t ih, void *infop, void *arg) { int err; uint_t i; ipmp_groupinfo_t *grinfop = infop; ipmp_addrinfo_t *adinfop; ipmp_addrlist_t *adlistp = grinfop->gr_adlistp; ipmpstat_walkdata_t *iwp = arg; char addr[INET6_ADDRSTRLEN]; struct sockaddr_storage *addrp; for (i = 0; i < adlistp->al_naddr; i++) { addrp = &adlistp->al_addrs[i]; err = ipmp_getaddrinfo(ih, grinfop->gr_name, addrp, &adinfop); if (err != IPMP_SUCCESS) { sockaddr2str(addrp, addr, sizeof (addr)); warn_ipmperr(err, "cannot get info for `%s'", addr); continue; } (*iwp->iw_func)(ih, adinfop, iwp->iw_funcarg); ipmp_freeaddrinfo(adinfop); } }
int cmd_join(int argc, char *argv[]) { free(data); data = NULL; datalen = 0; if(argc > 2) { fprintf(stderr, "Too many arguments!\n"); return 1; } // Make sure confbase exists and is accessible. if(!confbase_given && mkdir(confdir, 0755) && errno != EEXIST) { fprintf(stderr, "Could not create directory %s: %s\n", confdir, strerror(errno)); return 1; } if(mkdir(confbase, 0777) && errno != EEXIST) { fprintf(stderr, "Could not create directory %s: %s\n", confbase, strerror(errno)); return 1; } if(access(confbase, R_OK | W_OK | X_OK)) { fprintf(stderr, "No permission to write in directory %s: %s\n", confbase, strerror(errno)); return 1; } // If a netname or explicit configuration directory is specified, check for an existing tinc.conf. if((netname || confbasegiven) && !access(tinc_conf, F_OK)) { fprintf(stderr, "Configuration file %s already exists!\n", tinc_conf); return 1; } // Either read the invitation from the command line or from stdin. char *invitation; if(argc > 1) { invitation = argv[1]; } else { if(tty) fprintf(stderr, "Enter invitation URL: "); errno = EPIPE; if(!fgets(line, sizeof line, stdin)) { fprintf(stderr, "Error while reading stdin: %s\n", strerror(errno)); return false; } invitation = line; } // Parse the invitation URL. rstrip(line); char *slash = strchr(invitation, '/'); if(!slash) goto invalid; *slash++ = 0; if(strlen(slash) != 48) goto invalid; char *address = invitation; char *port = NULL; if(*address == '[') { address++; char *bracket = strchr(address, ']'); if(!bracket) goto invalid; *bracket = 0; if(bracket[1] == ':') port = bracket + 2; } else { port = strchr(address, ':'); if(port) *port++ = 0; } if(!port || !*port) port = "655"; if(!b64decode(slash, hash, 24) || !b64decode(slash + 24, cookie, 24)) goto invalid; // Generate a throw-away key for the invitation. ecdsa_t *key = ecdsa_generate(); if(!key) return 1; char *b64key = ecdsa_get_base64_public_key(key); // Connect to the tinc daemon mentioned in the URL. struct addrinfo *ai = str2addrinfo(address, port, SOCK_STREAM); if(!ai) return 1; struct addrinfo *aip = NULL; next: if(!aip) aip = ai; else { aip = aip->ai_next; if(!aip) return 1; } sock = socket(aip->ai_family, aip->ai_socktype, aip->ai_protocol); if(sock <= 0) { fprintf(stderr, "Could not open socket: %s\n", strerror(errno)); goto next; } if(connect(sock, aip->ai_addr, aip->ai_addrlen)) { char *addrstr, *portstr; sockaddr2str((sockaddr_t *)aip->ai_addr, &addrstr, &portstr); fprintf(stderr, "Could not connect to %s port %s: %s\n", addrstr, portstr, strerror(errno)); free(addrstr); free(portstr); closesocket(sock); goto next; } fprintf(stderr, "Connected to %s port %s...\n", address, port); // Tell him we have an invitation, and give him our throw-away key. int len = snprintf(line, sizeof line, "0 ?%s %d.%d\n", b64key, PROT_MAJOR, PROT_MINOR); if(len <= 0 || len >= sizeof line) abort(); if(!sendline(sock, "0 ?%s %d.%d", b64key, PROT_MAJOR, 1)) { fprintf(stderr, "Error sending request to %s port %s: %s\n", address, port, strerror(errno)); closesocket(sock); goto next; } char hisname[4096] = ""; int code, hismajor, hisminor = 0; if(!recvline(sock, line, sizeof line) || sscanf(line, "%d %s %d.%d", &code, hisname, &hismajor, &hisminor) < 3 || code != 0 || hismajor != PROT_MAJOR || !check_id(hisname) || !recvline(sock, line, sizeof line) || !rstrip(line) || sscanf(line, "%d ", &code) != 1 || code != ACK || strlen(line) < 3) { fprintf(stderr, "Cannot read greeting from peer\n"); closesocket(sock); goto next; } // Check if the hash of the key he gave us matches the hash in the URL. char *fingerprint = line + 2; char hishash[64]; if(sha512(fingerprint, strlen(fingerprint), hishash)) { fprintf(stderr, "Could not create digest\n%s\n", line + 2); return 1; } if(memcmp(hishash, hash, 18)) { fprintf(stderr, "Peer has an invalid key!\n%s\n", line + 2); return 1; } ecdsa_t *hiskey = ecdsa_set_base64_public_key(fingerprint); if(!hiskey) return 1; // Start an SPTPS session if(!sptps_start(&sptps, NULL, true, false, key, hiskey, "tinc invitation", 15, invitation_send, invitation_receive)) return 1; // Feed rest of input buffer to SPTPS if(!sptps_receive_data(&sptps, buffer, blen)) return 1; while((len = recv(sock, line, sizeof line, 0))) { if(len < 0) { if(errno == EINTR) continue; fprintf(stderr, "Error reading data from %s port %s: %s\n", address, port, strerror(errno)); return 1; } char *p = line; while(len) { int done = sptps_receive_data(&sptps, p, len); if(!done) return 1; len -= done; p += done; } } sptps_stop(&sptps); ecdsa_free(hiskey); ecdsa_free(key); closesocket(sock); if(!success) { fprintf(stderr, "Connection closed by peer, invitation cancelled.\n"); return 1; } return 0; invalid: fprintf(stderr, "Invalid invitation URL.\n"); return 1; }
static void sssp_bfs(void) { avl_node_t *node, *next, *to; edge_t *e; node_t *n; list_t *todo_list; list_node_t *from, *todonext; bool indirect; char *name; char *address, *port; char *envp[7]; int i; todo_list = list_alloc(NULL); /* Clear visited status on nodes */ for(node = node_tree->head; node; node = node->next) { n = node->data; n->status.visited = false; n->status.indirect = true; } /* Begin with myself */ myself->status.visited = true; myself->status.indirect = false; myself->nexthop = myself; myself->prevedge = NULL; myself->via = myself; list_insert_head(todo_list, myself); /* Loop while todo_list is filled */ for(from = todo_list->head; from; from = todonext) { /* "from" is the node from which we start */ n = from->data; for(to = n->edge_tree->head; to; to = to->next) { /* "to" is the edge connected to "from" */ e = to->data; if(!e->reverse) continue; /* Situation: / / ----->(n)---e-->(e->to) \ \ Where e is an edge, (n) and (e->to) are nodes. n->address is set to the e->address of the edge left of n to n. We are currently examining the edge e right of n from n: - If edge e provides for better reachability of e->to, update e->to and (re)add it to the todo_list to (re)examine the reachability of nodes behind it. */ indirect = n->status.indirect || e->options & OPTION_INDIRECT; if(e->to->status.visited && (!e->to->status.indirect || indirect)) continue; e->to->status.visited = true; e->to->status.indirect = indirect; e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop; e->to->prevedge = e; e->to->via = indirect ? n->via : e->to; e->to->options = e->options; if(e->to->address.sa.sa_family == AF_UNSPEC && e->address.sa.sa_family != AF_UNKNOWN) update_node_udp(e->to, &e->address); list_insert_tail(todo_list, e->to); } todonext = from->next; list_delete_node(todo_list, from); } list_free(todo_list); /* Check reachability status. */ for(node = node_tree->head; node; node = next) { next = node->next; n = node->data; if(n->status.visited != n->status.reachable) { n->status.reachable = !n->status.reachable; if(n->status.reachable) { ifdebug(TRAFFIC) logger(LOG_DEBUG, "Node %s (%s) became reachable", n->name, n->hostname); } else { ifdebug(TRAFFIC) logger(LOG_DEBUG, "Node %s (%s) became unreachable", n->name, n->hostname); } /* TODO: only clear status.validkey if node is unreachable? */ n->status.validkey = false; n->last_req_key = 0; n->maxmtu = MTU; n->minmtu = 0; n->mtuprobes = 0; if(n->mtuevent) { event_del(n->mtuevent); n->mtuevent = NULL; } xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); xasprintf(&envp[3], "NODE=%s", n->name); sockaddr2str(&n->address, &address, &port); xasprintf(&envp[4], "REMOTEADDRESS=%s", address); xasprintf(&envp[5], "REMOTEPORT=%s", port); envp[6] = NULL; execute_script(n->status.reachable ? "host-up" : "host-down", envp); xasprintf(&name, n->status.reachable ? "hosts/%s-up" : "hosts/%s-down", n->name); execute_script(name, envp); free(name); free(address); free(port); for(i = 0; i < 6; i++) free(envp[i]); subnet_update(n, NULL, n->status.reachable); if(!n->status.reachable) update_node_udp(n, NULL); else if(n->connection) send_ans_key(n); } }
/* Configure node_t myself and set up the local sockets (listen only) */ bool setup_myself(void) { config_t *cfg; subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest; char *fname = NULL; char *address = NULL; char *envp[5]; struct addrinfo *ai, *aip, hint = {0}; bool choice; int i, err; int replaywin_int; myself = new_node(); myself->connection = new_connection(); myself->hostname = xstrdup("MYSELF"); myself->connection->hostname = xstrdup("MYSELF"); myself->connection->options = 0; myself->connection->protocol_version = PROT_CURRENT; if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */ logger(LOG_ERR, "Name for tinc daemon required!"); return false; } if(!check_id(name)) { logger(LOG_ERR, "Invalid name for myself!"); free(name); return false; } myself->name = name; myself->connection->name = xstrdup(name); xasprintf(&fname, "%s/hosts/%s", confbase, name); read_config_options(config_tree, name); read_config_file(config_tree, fname); free(fname); if(!read_rsa_private_key()) return false; if(!get_config_string(lookup_config(config_tree, "Port"), &myport)) myport = xstrdup("655"); if(!atoi(myport)) { struct addrinfo *ai = str2addrinfo("localhost", myport, SOCK_DGRAM); sockaddr_t sa; if(!ai || !ai->ai_addr) return false; free(myport); memcpy(&sa, ai->ai_addr, ai->ai_addrlen); sockaddr2str(&sa, NULL, &myport); } /* Read in all the subnets specified in the host configuration file */ cfg = lookup_config(config_tree, "Subnet"); while(cfg) { if(!get_config_subnet(cfg, &subnet)) return false; subnet_add(myself, subnet); cfg = lookup_config_next(config_tree, cfg); } /* Check some options */ if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice) && choice) myself->options |= OPTION_INDIRECT; if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice) && choice) myself->options |= OPTION_TCPONLY; if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; get_config_bool(lookup_config(config_tree, "DirectOnly"), &directonly); get_config_bool(lookup_config(config_tree, "StrictSubnets"), &strictsubnets); get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver); strictsubnets |= tunnelserver; if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) { if(!strcasecmp(mode, "router")) routing_mode = RMODE_ROUTER; else if(!strcasecmp(mode, "switch")) routing_mode = RMODE_SWITCH; else if(!strcasecmp(mode, "hub")) routing_mode = RMODE_HUB; else { logger(LOG_ERR, "Invalid routing mode!"); return false; } free(mode); } if(get_config_string(lookup_config(config_tree, "Forwarding"), &mode)) { if(!strcasecmp(mode, "off")) forwarding_mode = FMODE_OFF; else if(!strcasecmp(mode, "internal")) forwarding_mode = FMODE_INTERNAL; else if(!strcasecmp(mode, "kernel")) forwarding_mode = FMODE_KERNEL; else { logger(LOG_ERR, "Invalid forwarding mode!"); return false; } free(mode); } choice = true; get_config_bool(lookup_config(config_tree, "PMTUDiscovery"), &choice); if(choice) myself->options |= OPTION_PMTU_DISCOVERY; choice = true; get_config_bool(lookup_config(config_tree, "ClampMSS"), &choice); if(choice) myself->options |= OPTION_CLAMP_MSS; get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); #if !defined(SOL_IP) || !defined(IP_TOS) if(priorityinheritance) logger(LOG_WARNING, "%s not supported on this platform", "PriorityInheritance"); #endif if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) macexpire = 600; if(get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) { logger(LOG_ERR, "Bogus maximum timeout!"); return false; } } else maxtimeout = 900; if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) { if(udp_rcvbuf <= 0) { logger(LOG_ERR, "UDPRcvBuf cannot be negative!"); return false; } } if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) { if(udp_sndbuf <= 0) { logger(LOG_ERR, "UDPSndBuf cannot be negative!"); return false; } } if(get_config_int(lookup_config(config_tree, "ReplayWindow"), &replaywin_int)) { if(replaywin_int < 0) { logger(LOG_ERR, "ReplayWindow cannot be negative!"); return false; } replaywin = (unsigned)replaywin_int; } if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) { if(!strcasecmp(afname, "IPv4")) addressfamily = AF_INET; else if(!strcasecmp(afname, "IPv6")) addressfamily = AF_INET6; else if(!strcasecmp(afname, "any")) addressfamily = AF_UNSPEC; else { logger(LOG_ERR, "Invalid address family!"); return false; } free(afname); } get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); /* Generate packet encryption key */ if(get_config_string (lookup_config(config_tree, "Cipher"), &cipher)) { if(!strcasecmp(cipher, "none")) { myself->incipher = NULL; } else { myself->incipher = EVP_get_cipherbyname(cipher); if(!myself->incipher) { logger(LOG_ERR, "Unrecognized cipher type!"); return false; } } } else myself->incipher = EVP_bf_cbc(); if(myself->incipher) myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len; else myself->inkeylength = 1; myself->connection->outcipher = EVP_bf_ofb(); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; keyexpires = now + keylifetime; /* Check if we want to use message authentication codes... */ if(get_config_string(lookup_config(config_tree, "Digest"), &digest)) { if(!strcasecmp(digest, "none")) { myself->indigest = NULL; } else { myself->indigest = EVP_get_digestbyname(digest); if(!myself->indigest) { logger(LOG_ERR, "Unrecognized digest type!"); return false; } } } else myself->indigest = EVP_sha1(); myself->connection->outdigest = EVP_sha1(); if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) { if(myself->indigest) { if(myself->inmaclength > myself->indigest->md_size) { logger(LOG_ERR, "MAC length exceeds size of digest!"); return false; } else if(myself->inmaclength < 0) { logger(LOG_ERR, "Bogus MAC length!"); return false; } } } else myself->inmaclength = 4; myself->connection->outmaclength = 0; /* Compression */ if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) { if(myself->incompression < 0 || myself->incompression > 11) { logger(LOG_ERR, "Bogus compression level!"); return false; } } else myself->incompression = 0; myself->connection->outcompression = 0; /* Done */ myself->nexthop = myself; myself->via = myself; myself->status.reachable = true; node_add(myself); graph(); if(strictsubnets) load_all_subnets(); /* Open device */ if(!setup_device()) return false; /* Run tinc-up script to further initialize the tap interface */ xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); xasprintf(&envp[3], "NAME=%s", myself->name); envp[4] = NULL; execute_script("tinc-up", envp); for(i = 0; i < 5; i++) free(envp[i]); /* Run subnet-up scripts for our own subnets */ subnet_update(myself, NULL, true); /* Open sockets */ get_config_string(lookup_config(config_tree, "BindToAddress"), &address); hint.ai_family = addressfamily; hint.ai_socktype = SOCK_STREAM; hint.ai_protocol = IPPROTO_TCP; hint.ai_flags = AI_PASSIVE; err = getaddrinfo(address, myport, &hint, &ai); if(err || !ai) { logger(LOG_ERR, "System call `%s' failed: %s", "getaddrinfo", gai_strerror(err)); return false; } listen_sockets = 0; for(aip = ai; aip; aip = aip->ai_next) { listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *) aip->ai_addr); if(listen_socket[listen_sockets].tcp < 0) continue; listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *) aip->ai_addr); if(listen_socket[listen_sockets].udp < 0) continue; ifdebug(CONNECTIONS) { hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr); logger(LOG_NOTICE, "Listening on %s", hostname); free(hostname); } memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen); listen_sockets++; } freeaddrinfo(ai); if(listen_sockets) logger(LOG_NOTICE, "Ready"); else { logger(LOG_ERR, "Unable to create any listening socket!"); return false; } return true; }
/* Configure node_t myself and set up the local sockets (listen only) */ static bool setup_myself(void) { config_t *cfg; subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest, *type; char *fname = NULL; char *address = NULL; char *proxy = NULL; char *space; char *envp[5] = {NULL}; struct addrinfo *ai, *aip, hint = {0}; bool choice; int i, err; int replaywin_int; bool port_specified = false; myself = new_node(); myself->connection = new_connection(); myself->hostname = xstrdup("MYSELF"); myself->connection->hostname = xstrdup("MYSELF"); myself->connection->options = 0; myself->connection->protocol_version = PROT_CURRENT; if(!(name = get_name())) { logger(LOG_ERR, "Name for tinc daemon required!"); return false; } /* Read tinc.conf and our own host config file */ myself->name = name; myself->connection->name = xstrdup(name); xasprintf(&fname, "%s/hosts/%s", confbase, name); read_config_options(config_tree, name); read_config_file(config_tree, fname); free(fname); if(!read_rsa_private_key()) return false; if(!get_config_string(lookup_config(config_tree, "Port"), &myport)) myport = xstrdup("655"); else port_specified = true; /* Ensure myport is numeric */ if(!atoi(myport)) { struct addrinfo *ai = str2addrinfo("localhost", myport, SOCK_DGRAM); sockaddr_t sa; if(!ai || !ai->ai_addr) return false; free(myport); memcpy(&sa, ai->ai_addr, ai->ai_addrlen); sockaddr2str(&sa, NULL, &myport); } get_config_string(lookup_config(config_tree, "Proxy"), &proxy); if(proxy) { if((space = strchr(proxy, ' '))) *space++ = 0; if(!strcasecmp(proxy, "none")) { proxytype = PROXY_NONE; } else if(!strcasecmp(proxy, "socks4")) { proxytype = PROXY_SOCKS4; } else if(!strcasecmp(proxy, "socks4a")) { proxytype = PROXY_SOCKS4A; } else if(!strcasecmp(proxy, "socks5")) { proxytype = PROXY_SOCKS5; } else if(!strcasecmp(proxy, "http")) { proxytype = PROXY_HTTP; } else if(!strcasecmp(proxy, "exec")) { proxytype = PROXY_EXEC; } else { logger(LOG_ERR, "Unknown proxy type %s!", proxy); return false; } switch(proxytype) { case PROXY_NONE: default: break; case PROXY_EXEC: if(!space || !*space) { logger(LOG_ERR, "Argument expected for proxy type exec!"); return false; } proxyhost = xstrdup(space); break; case PROXY_SOCKS4: case PROXY_SOCKS4A: case PROXY_SOCKS5: case PROXY_HTTP: proxyhost = space; if(space && (space = strchr(space, ' '))) *space++ = 0, proxyport = space; if(space && (space = strchr(space, ' '))) *space++ = 0, proxyuser = space; if(space && (space = strchr(space, ' '))) *space++ = 0, proxypass = space; if(!proxyhost || !*proxyhost || !proxyport || !*proxyport) { logger(LOG_ERR, "Host and port argument expected for proxy!"); return false; } proxyhost = xstrdup(proxyhost); proxyport = xstrdup(proxyport); if(proxyuser && *proxyuser) proxyuser = xstrdup(proxyuser); if(proxypass && *proxypass) proxypass = xstrdup(proxypass); break; } free(proxy); } /* Read in all the subnets specified in the host configuration file */ cfg = lookup_config(config_tree, "Subnet"); while(cfg) { if(!get_config_subnet(cfg, &subnet)) return false; subnet_add(myself, subnet); cfg = lookup_config_next(config_tree, cfg); } /* Check some options */ if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice) && choice) myself->options |= OPTION_INDIRECT; if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice) && choice) myself->options |= OPTION_TCPONLY; if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; get_config_bool(lookup_config(config_tree, "DirectOnly"), &directonly); get_config_bool(lookup_config(config_tree, "StrictSubnets"), &strictsubnets); get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver); get_config_bool(lookup_config(config_tree, "LocalDiscovery"), &localdiscovery); strictsubnets |= tunnelserver; if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) { if(!strcasecmp(mode, "router")) routing_mode = RMODE_ROUTER; else if(!strcasecmp(mode, "switch")) routing_mode = RMODE_SWITCH; else if(!strcasecmp(mode, "hub")) routing_mode = RMODE_HUB; else { logger(LOG_ERR, "Invalid routing mode!"); return false; } free(mode); } if(get_config_string(lookup_config(config_tree, "Forwarding"), &mode)) { if(!strcasecmp(mode, "off")) forwarding_mode = FMODE_OFF; else if(!strcasecmp(mode, "internal")) forwarding_mode = FMODE_INTERNAL; else if(!strcasecmp(mode, "kernel")) forwarding_mode = FMODE_KERNEL; else { logger(LOG_ERR, "Invalid forwarding mode!"); return false; } free(mode); } choice = true; get_config_bool(lookup_config(config_tree, "PMTUDiscovery"), &choice); if(choice) myself->options |= OPTION_PMTU_DISCOVERY; choice = true; get_config_bool(lookup_config(config_tree, "ClampMSS"), &choice); if(choice) myself->options |= OPTION_CLAMP_MSS; get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); get_config_bool(lookup_config(config_tree, "DecrementTTL"), &decrement_ttl); if(get_config_string(lookup_config(config_tree, "Broadcast"), &mode)) { if(!strcasecmp(mode, "no")) broadcast_mode = BMODE_NONE; else if(!strcasecmp(mode, "yes") || !strcasecmp(mode, "mst")) broadcast_mode = BMODE_MST; else if(!strcasecmp(mode, "direct")) broadcast_mode = BMODE_DIRECT; else { logger(LOG_ERR, "Invalid broadcast mode!"); return false; } free(mode); } #if !defined(SOL_IP) || !defined(IP_TOS) if(priorityinheritance) logger(LOG_WARNING, "%s not supported on this platform", "PriorityInheritance"); #endif if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) macexpire = 600; if(get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) { logger(LOG_ERR, "Bogus maximum timeout!"); return false; } } else maxtimeout = 900; if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) { if(udp_rcvbuf <= 0) { logger(LOG_ERR, "UDPRcvBuf cannot be negative!"); return false; } } if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) { if(udp_sndbuf <= 0) { logger(LOG_ERR, "UDPSndBuf cannot be negative!"); return false; } } if(get_config_int(lookup_config(config_tree, "ReplayWindow"), &replaywin_int)) { if(replaywin_int < 0) { logger(LOG_ERR, "ReplayWindow cannot be negative!"); return false; } replaywin = (unsigned)replaywin_int; } if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) { if(!strcasecmp(afname, "IPv4")) addressfamily = AF_INET; else if(!strcasecmp(afname, "IPv6")) addressfamily = AF_INET6; else if(!strcasecmp(afname, "any")) addressfamily = AF_UNSPEC; else { logger(LOG_ERR, "Invalid address family!"); return false; } free(afname); } get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); /* Generate packet encryption key */ if(get_config_string (lookup_config(config_tree, "Cipher"), &cipher)) { if(!strcasecmp(cipher, "none")) { myself->incipher = NULL; } else { myself->incipher = EVP_get_cipherbyname(cipher); if(!myself->incipher) { logger(LOG_ERR, "Unrecognized cipher type!"); return false; } } } else myself->incipher = EVP_bf_cbc(); if(myself->incipher) myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len; else myself->inkeylength = 1; myself->connection->outcipher = EVP_bf_ofb(); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; keyexpires = now + keylifetime; /* Check if we want to use message authentication codes... */ if(get_config_string(lookup_config(config_tree, "Digest"), &digest)) { if(!strcasecmp(digest, "none")) { myself->indigest = NULL; } else { myself->indigest = EVP_get_digestbyname(digest); if(!myself->indigest) { logger(LOG_ERR, "Unrecognized digest type!"); return false; } } } else myself->indigest = EVP_sha1(); myself->connection->outdigest = EVP_sha1(); if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) { if(myself->indigest) { if(myself->inmaclength > myself->indigest->md_size) { logger(LOG_ERR, "MAC length exceeds size of digest!"); return false; } else if(myself->inmaclength < 0) { logger(LOG_ERR, "Bogus MAC length!"); return false; } } } else myself->inmaclength = 4; myself->connection->outmaclength = 0; /* Compression */ if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) { if(myself->incompression < 0 || myself->incompression > 11) { logger(LOG_ERR, "Bogus compression level!"); return false; } } else myself->incompression = 0; myself->connection->outcompression = 0; /* Done */ myself->nexthop = myself; myself->via = myself; myself->status.reachable = true; node_add(myself); graph(); if(strictsubnets) load_all_subnets(); /* Open device */ devops = os_devops; if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) { if(!strcasecmp(type, "dummy")) devops = dummy_devops; else if(!strcasecmp(type, "raw_socket")) devops = raw_socket_devops; else if(!strcasecmp(type, "multicast")) devops = multicast_devops; #ifdef ENABLE_UML else if(!strcasecmp(type, "uml")) devops = uml_devops; #endif #ifdef ENABLE_VDE else if(!strcasecmp(type, "vde")) devops = vde_devops; #endif } if(!devops.setup()) return false; /* Run tinc-up script to further initialize the tap interface */ xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); xasprintf(&envp[3], "NAME=%s", myself->name); execute_script("tinc-up", envp); for(i = 0; i < 4; i++) free(envp[i]); /* Run subnet-up scripts for our own subnets */ subnet_update(myself, NULL, true); /* Open sockets */ if(!do_detach && getenv("LISTEN_FDS")) { sockaddr_t sa; socklen_t salen; listen_sockets = atoi(getenv("LISTEN_FDS")); #ifdef HAVE_UNSETENV unsetenv("LISTEN_FDS"); #endif if(listen_sockets > MAXSOCKETS) { logger(LOG_ERR, "Too many listening sockets"); return false; } for(i = 0; i < listen_sockets; i++) { salen = sizeof sa; if(getsockname(i + 3, &sa.sa, &salen) < 0) { logger(LOG_ERR, "Could not get address of listen fd %d: %s", i + 3, sockstrerror(errno)); return false; } listen_socket[i].tcp = i + 3; #ifdef FD_CLOEXEC fcntl(i + 3, F_SETFD, FD_CLOEXEC); #endif listen_socket[i].udp = setup_vpn_in_socket(&sa); if(listen_socket[i].udp < 0) return false; ifdebug(CONNECTIONS) { hostname = sockaddr2hostname(&sa); logger(LOG_NOTICE, "Listening on %s", hostname); free(hostname); } memcpy(&listen_socket[i].sa, &sa, salen); } } else {
/* Configure node_t mesh->self and set up the local sockets (listen only) */ bool setup_myself(meshlink_handle_t *mesh) { char *name; char *address = NULL; if(!(name = get_name(mesh))) { logger(mesh, MESHLINK_ERROR, "Name for MeshLink instance required!"); return false; } mesh->self = new_node(); mesh->self->connection = new_connection(); mesh->self->name = name; mesh->self->devclass = mesh->devclass; mesh->self->connection->name = xstrdup(name); read_host_config(mesh, mesh->config, name); if(!get_config_string(lookup_config(mesh->config, "Port"), &mesh->myport)) { logger(mesh, MESHLINK_ERROR, "Port for MeshLink instance required!"); return false; } mesh->self->connection->options = 0; mesh->self->connection->protocol_major = PROT_MAJOR; mesh->self->connection->protocol_minor = PROT_MINOR; mesh->self->options |= PROT_MINOR << 24; if(!read_ecdsa_private_key(mesh)) return false; /* Ensure mesh->myport is numeric */ if(!atoi(mesh->myport)) { struct addrinfo *ai = str2addrinfo("localhost", mesh->myport, SOCK_DGRAM); sockaddr_t sa; if(!ai || !ai->ai_addr) return false; free(mesh->myport); memcpy(&sa, ai->ai_addr, ai->ai_addrlen); sockaddr2str(&sa, NULL, &mesh->myport); } /* Check some options */ if(!setup_myself_reloadable(mesh)) return false; /* Compression */ // TODO: drop compression in the packet layer? mesh->self->incompression = 0; mesh->self->connection->outcompression = 0; /* Done */ mesh->self->nexthop = mesh->self; mesh->self->via = mesh->self; mesh->self->status.reachable = true; mesh->self->last_state_change = mesh->loop.now.tv_sec; node_write_devclass(mesh, mesh->self); node_add(mesh, mesh->self); graph(mesh); load_all_nodes(mesh); /* Open sockets */ mesh->listen_sockets = 0; if(!add_listen_address(mesh, address, NULL)) return false; if(!mesh->listen_sockets) { logger(mesh, MESHLINK_ERROR, "Unable to create any listening socket!"); return false; } xasprintf(&mesh->self->hostname, "MYSELF port %s", mesh->myport); mesh->self->connection->hostname = xstrdup(mesh->self->hostname); /* Done. */ mesh->last_config_check = mesh->loop.now.tv_sec; return true; }
bool ack_h(connection_t *c, const char *request) { if(c->protocol_minor == 1) return upgrade_h(c, request); char hisport[MAX_STRING_SIZE]; char *hisaddress; int weight, mtu; uint32_t options; node_t *n; bool choice; if(sscanf(request, "%*d " MAX_STRING " %d %x", hisport, &weight, &options) != 3) { logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ACK", c->name, c->hostname); return false; } /* Check if we already have a node_t for him */ n = lookup_node(c->name); if(!n) { n = new_node(); n->name = xstrdup(c->name); node_add(n); } else { if(n->connection) { /* Oh dear, we already have a connection to this node. */ logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Established a second connection with %s (%s), closing old connection", n->connection->name, n->connection->hostname); if(n->connection->outgoing) { if(c->outgoing) logger(DEBUG_ALWAYS, LOG_WARNING, "Two outgoing connections to the same node!"); else c->outgoing = n->connection->outgoing; n->connection->outgoing = NULL; } terminate_connection(n->connection, false); /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */ graph(); } } n->connection = c; c->node = n; if(!(c->options & options & OPTION_PMTU_DISCOVERY)) { c->options &= ~OPTION_PMTU_DISCOVERY; options &= ~OPTION_PMTU_DISCOVERY; } c->options |= options; if(get_config_int(lookup_config(c->config_tree, "PMTU"), &mtu) && mtu < n->mtu) n->mtu = mtu; if(get_config_int(lookup_config(config_tree, "PMTU"), &mtu) && mtu < n->mtu) n->mtu = mtu; if(get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice)) { if(choice) c->options |= OPTION_CLAMP_MSS; else c->options &= ~OPTION_CLAMP_MSS; } /* Activate this connection */ c->allow_request = ALL; logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection with %s (%s) activated", c->name, c->hostname); /* Send him everything we know */ send_everything(c); /* Create an edge_t for this connection */ c->edge = new_edge(); c->edge->from = myself; c->edge->to = n; sockaddr2str(&c->address, &hisaddress, NULL); c->edge->address = str2sockaddr(hisaddress, hisport); free(hisaddress); sockaddr_t local_sa; socklen_t local_salen = sizeof local_sa; if (getsockname(c->socket, &local_sa.sa, &local_salen) < 0) logger(DEBUG_ALWAYS, LOG_WARNING, "Could not get local socket address for connection with %s", c->name); else { char *local_address; sockaddr2str(&local_sa, &local_address, NULL); c->edge->local_address = str2sockaddr(local_address, myport); free(local_address); } c->edge->weight = (weight + c->estimated_weight) / 2; c->edge->connection = c; c->edge->options = c->options; edge_add(c->edge); /* Notify everyone of the new edge */ if(tunnelserver) send_add_edge(c, c->edge); else send_add_edge(everyone, c->edge); /* Run MST and SSSP algorithms */ graph(); return true; }
static bool send_proxyrequest(connection_t *c) { switch(proxytype) { case PROXY_HTTP: { char *host; char *port; sockaddr2str(&c->address, &host, &port); send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port); free(host); free(port); return true; } case PROXY_SOCKS4: { if(c->address.sa.sa_family != AF_INET) { logger(DEBUG_ALWAYS, LOG_ERR, "Cannot connect to an IPv6 host through a SOCKS 4 proxy!"); return false; } char s4req[9 + (proxyuser ? strlen(proxyuser) : 0)]; s4req[0] = 4; s4req[1] = 1; memcpy(s4req + 2, &c->address.in.sin_port, 2); memcpy(s4req + 4, &c->address.in.sin_addr, 4); if(proxyuser) memcpy(s4req + 8, proxyuser, strlen(proxyuser)); s4req[sizeof s4req - 1] = 0; c->tcplen = 8; return send_meta(c, s4req, sizeof s4req); } case PROXY_SOCKS5: { int len = 3 + 6 + (c->address.sa.sa_family == AF_INET ? 4 : 16); c->tcplen = 2; if(proxypass) len += 3 + strlen(proxyuser) + strlen(proxypass); char s5req[len]; int i = 0; s5req[i++] = 5; s5req[i++] = 1; if(proxypass) { s5req[i++] = 2; s5req[i++] = 1; s5req[i++] = strlen(proxyuser); memcpy(s5req + i, proxyuser, strlen(proxyuser)); i += strlen(proxyuser); s5req[i++] = strlen(proxypass); memcpy(s5req + i, proxypass, strlen(proxypass)); i += strlen(proxypass); c->tcplen += 2; } else { s5req[i++] = 0; } s5req[i++] = 5; s5req[i++] = 1; s5req[i++] = 0; if(c->address.sa.sa_family == AF_INET) { s5req[i++] = 1; memcpy(s5req + i, &c->address.in.sin_addr, 4); i += 4; memcpy(s5req + i, &c->address.in.sin_port, 2); i += 2; c->tcplen += 10; } else if(c->address.sa.sa_family == AF_INET6) { s5req[i++] = 3; memcpy(s5req + i, &c->address.in6.sin6_addr, 16); i += 16; memcpy(s5req + i, &c->address.in6.sin6_port, 2); i += 2; c->tcplen += 22; } else { logger(DEBUG_ALWAYS, LOG_ERR, "Address family %hx not supported for SOCKS 5 proxies!", c->address.sa.sa_family); return false; } if(i > len) abort(); return send_meta(c, s5req, sizeof s5req); } case PROXY_SOCKS4A: logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type not implemented yet"); return false; case PROXY_EXEC: return true; default: logger(DEBUG_ALWAYS, LOG_ERR, "Unknown proxy type"); return false; } }
void subnet_update(node_t *owner, subnet_t *subnet, bool up) { avl_node_t *node; int i; char *envp[10] = {NULL}; char netstr[MAXNETSTR]; char *name, *address, *port; char empty[] = ""; // Prepare environment variables to be passed to the script xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); xasprintf(&envp[3], "NODE=%s", owner->name); if(owner != myself) { sockaddr2str(&owner->address, &address, &port); // 4 and 5 are reserved for SUBNET and WEIGHT xasprintf(&envp[6], "REMOTEADDRESS=%s", address); xasprintf(&envp[7], "REMOTEPORT=%s", port); free(port); free(address); } xasprintf(&envp[8], "NAME=%s", myself->name); name = up ? "subnet-up" : "subnet-down"; if(!subnet) { for(node = owner->subnet_tree->head; node; node = node->next) { subnet = node->data; if(!net2str(netstr, sizeof netstr, subnet)) continue; // Strip the weight from the subnet, and put it in its own environment variable char *weight = strchr(netstr, '#'); if(weight) *weight++ = 0; else weight = empty; // Prepare the SUBNET and WEIGHT variables if(envp[4]) free(envp[4]); if(envp[5]) free(envp[5]); xasprintf(&envp[4], "SUBNET=%s", netstr); xasprintf(&envp[5], "WEIGHT=%s", weight); execute_script(name, envp); } } else { if(net2str(netstr, sizeof netstr, subnet)) { // Strip the weight from the subnet, and put it in its own environment variable char *weight = strchr(netstr, '#'); if(weight) *weight++ = 0; else weight = empty; // Prepare the SUBNET and WEIGHT variables xasprintf(&envp[4], "SUBNET=%s", netstr); xasprintf(&envp[5], "WEIGHT=%s", weight); execute_script(name, envp); } } for(i = 0; envp[i] && i < 9; i++) free(envp[i]); }
bool ans_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; char key[MAX_STRING_SIZE]; char address[MAX_STRING_SIZE] = ""; char port[MAX_STRING_SIZE] = ""; int cipher, digest, maclength, compression; node_t *from, *to; if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING, from_name, to_name, key, &cipher, &digest, &maclength, &compression, address, port) < 7) { logger(LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name, c->hostname); return false; } if(!check_id(from_name) || !check_id(to_name)) { logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ANS_KEY", c->name, c->hostname, "invalid name"); return false; } from = lookup_node(from_name); if(!from) { logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list", "ANS_KEY", c->name, c->hostname, from_name); return true; } to = lookup_node(to_name); if(!to) { logger(LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list", "ANS_KEY", c->name, c->hostname, to_name); return true; } /* Forward it if necessary */ if(to != myself) { if(tunnelserver) return true; if(!to->status.reachable) { logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable", "ANS_KEY", c->name, c->hostname, to_name); return true; } if(!*address && from->address.sa.sa_family != AF_UNSPEC) { char *address, *port; ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name); sockaddr2str(&from->address, &address, &port); send_request(to->nexthop->connection, "%s %s %s", c->buffer, address, port); free(address); free(port); return true; } return send_request(to->nexthop->connection, "%s", c->buffer); } /* Update our copy of the origin's packet key */ from->outkey = xrealloc(from->outkey, strlen(key) / 2); from->outkeylength = strlen(key) / 2; hex2bin(key, from->outkey, from->outkeylength); /* Check and lookup cipher and digest algorithms */ if(cipher) { from->outcipher = EVP_get_cipherbynid(cipher); if(!from->outcipher) { logger(LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname); return true; } if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) { logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname); return true; } } else { from->outcipher = NULL; } from->outmaclength = maclength; if(digest) { from->outdigest = EVP_get_digestbynid(digest); if(!from->outdigest) { logger(LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname); return true; } if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) { logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!", from->name, from->hostname); return true; } } else { from->outdigest = NULL; } if(compression < 0 || compression > 11) { logger(LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname); return true; } from->outcompression = compression; if(from->outcipher) if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) { logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s", from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL)); return true; } from->status.validkey = true; from->sent_seqno = 0; if(*address && *port) { ifdebug(PROTOCOL) logger(LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port); sockaddr_t sa = str2sockaddr(address, port); update_node_udp(from, &sa); } if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuevent) send_mtu_probe(from); return true; }
bool send_proxyrequest(connection_t *c) { switch(proxytype) { case PROXY_SOCKS4: if(c->address.sa.sa_family != AF_INET) { logger(LOG_ERR, "Can only connect to numeric IPv4 addresses through a SOCKS 4 proxy!"); return false; } case PROXY_SOCKS4A: { if(c->address.sa.sa_family != AF_INET && c->address.sa.sa_family != AF_UNKNOWN) { logger(LOG_ERR, "Can only connect to IPv4 addresses or hostnames through a SOCKS 4a proxy!"); return false; } int len = 9; if(proxyuser) len += strlen(proxyuser); if(c->address.sa.sa_family == AF_UNKNOWN) len += 1 + strlen(c->address.unknown.address); char s4req[len]; s4req[0] = 4; s4req[1] = 1; if(c->address.sa.sa_family == AF_INET) { memcpy(s4req + 2, &c->address.in.sin_port, 2); memcpy(s4req + 4, &c->address.in.sin_addr, 4); } else { uint16_t port = htons(atoi(c->address.unknown.port)); memcpy(s4req + 2, &port, 2); memcpy(s4req + 4, "\0\0\0\1", 4); strcpy(s4req + (9 + (proxyuser ? strlen(proxyuser) : 0)), c->address.unknown.address); } if(proxyuser) strcpy(s4req + 8, proxyuser); else s4req[8] = 0; s4req[sizeof s4req - 1] = 0; c->allow_request = PROXY; return send_meta(c, s4req, sizeof s4req); } case PROXY_SOCKS5: { int len = 3 + 6; if(c->address.sa.sa_family == AF_INET) { len += 4; } else if(c->address.sa.sa_family == AF_INET6) { len += 16; } else if(c->address.sa.sa_family == AF_UNKNOWN) { len += 1 + strlen(c->address.unknown.address); } else { logger(LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family); return false; } if(proxypass) len += 3 + strlen(proxyuser) + strlen(proxypass); char s5req[len]; int i = 0; s5req[i++] = 5; s5req[i++] = 1; if(proxypass) { s5req[i++] = 2; s5req[i++] = 1; s5req[i++] = strlen(proxyuser); strcpy(s5req + i, proxyuser); i += strlen(proxyuser); s5req[i++] = strlen(proxypass); strcpy(s5req + i, proxypass); i += strlen(proxypass); } else { s5req[i++] = 0; } s5req[i++] = 5; s5req[i++] = 1; s5req[i++] = 0; if(c->address.sa.sa_family == AF_INET) { s5req[i++] = 1; memcpy(s5req + i, &c->address.in.sin_addr, 4); i += 4; memcpy(s5req + i, &c->address.in.sin_port, 2); i += 2; } else if(c->address.sa.sa_family == AF_INET6) { s5req[i++] = 4; memcpy(s5req + i, &c->address.in6.sin6_addr, 16); i += 16; memcpy(s5req + i, &c->address.in6.sin6_port, 2); i += 2; } else if(c->address.sa.sa_family == AF_UNKNOWN) { s5req[i++] = 3; int len = strlen(c->address.unknown.address); s5req[i++] = len; memcpy(s5req + i, c->address.unknown.address, len); i += len; uint16_t port = htons(atoi(c->address.unknown.port)); memcpy(s5req + i, &port, 2); i += 2; } else { logger(LOG_ERR, "Unknown address family while trying to connect to SOCKS5 proxy"); return false; } if(i > len) abort(); c->allow_request = PROXY; return send_meta(c, s5req, sizeof s5req); } case PROXY_HTTP: { char *host; char *port; sockaddr2str(&c->address, &host, &port); send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port); free(host); free(port); c->allow_request = PROXY; return true; } case PROXY_EXEC: return true; default: logger(LOG_ERR, "Unknown proxy type"); return false; } }