static void onPingResponse(struct SwitchPinger_Response* resp, void* onResponseContext)
{
if (SwitchPinger_Result_OK != resp->res) {
return;
}
struct InterfaceController_Peer* ep =
Identity_check((struct InterfaceController_Peer*) onResponseContext);
struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep);
struct Address addr;
Bits_memset(&addr, 0, sizeof(struct Address));
Bits_memcpyConst(addr.key, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
addr.path = ep->switchLabel;
addr.protocolVersion = resp->version;
#ifdef Log_DEBUG
uint8_t addrStr[60];
Address_print(addrStr, &addr);
uint8_t key[56];
Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
#endif
if (!Version_isCompatible(Version_CURRENT_PROTOCOL, resp->version)) {
Log_debug(ic->logger, "got switch pong from node [%s] with incompatible version [%d]",
key, resp->version);
} else {
Log_debug(ic->logger, "got switch pong from node [%s] with version [%d]",
key, resp->version);
}
if (!ep->timeOfLastPing) {
// We've never heard from this machine before (or we've since forgotten about it)
// This is here because we want the tests to function without the janitor present.
// Other than that, it just makes a slightly more synchronous/guaranteed setup.
Router_sendGetPeers(ic->router, &addr, 0, 0, ic->allocator);
}
struct Node_Link* link = Router_linkForPath(ic->router, resp->label);
if (!link || !Node_getBestParent(link->child)) {
RumorMill_addNode(ic->rumorMill, &addr);
} else {
Log_debug(ic->logger, "link exists");
}
ep->timeOfLastPing = Time_currentTimeMilliseconds(ic->eventBase);
#ifdef Log_DEBUG
// This will be false if it times out.
//Assert_true(label == ep->switchLabel);
uint8_t path[20];
AddrTools_printPath(path, resp->label);
uint8_t sl[20];
AddrTools_printPath(sl, ep->switchLabel);
Log_debug(ic->logger, "Received [%s] from lazy endpoint [%s] [%s]",
SwitchPinger_resultString(resp->res)->bytes, path, sl);
#endif
}
static uint8_t serverFirstIncoming(struct Message* msg, struct Interface* iface)
{
struct UDPInterfaceContext* uictx = (struct UDPInterfaceContext*) iface->receiverContext;
struct Interface* udpDefault = UDPInterface_getDefaultInterface(uictx->udpContext);
assert(udpDefault);
UDPInterface_bindToCurrentEndpoint(udpDefault);
struct User* u = CryptoAuth_getUser(iface);
assert(u);
// Add it to the switch, this will change the receiveMessage for this interface.
struct Address addr;
memset(&addr, 0, sizeof(struct Address));
SwitchCore_addInterface(iface, u->trust, &addr.networkAddress_be, uictx->context->switchCore);
uint8_t* herKey = CryptoAuth_getHerPublicKey(iface);
memcpy(addr.key, herKey, 32);
uint8_t printedAddr[60];
Address_print(printedAddr, &addr);
Log_info1(uictx->context->logger,
"Node %s has connected to us.\n",
printedAddr);
// Prepare for the next connection.
struct Interface* newUdpDefault = UDPInterface_getDefaultInterface(uictx->udpContext);
struct Interface* newAuthedUdpDefault =
CryptoAuth_wrapInterface(newUdpDefault, NULL, true, true, uictx->context->ca);
newAuthedUdpDefault->receiveMessage = serverFirstIncoming;
newAuthedUdpDefault->receiverContext = uictx;
// Send the message on to the switch so the first message isn't lost.
return iface->receiveMessage(msg, iface);
}
/*
* Send a ping packet to one of the endpoints.
*/
static void sendPing(struct InterfaceController_Peer* ep)
{
struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep);
ep->pingCount++;
struct SwitchPinger_Ping* ping =
SwitchPinger_newPing(ep->switchLabel,
String_CONST(""),
ic->timeoutMilliseconds,
onPingResponse,
ic->allocator,
ic->switchPinger);
#ifdef Log_DEBUG
uint8_t key[56];
Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
#endif
if (!ping) {
Log_debug(ic->logger, "Failed to ping [%s.k], out of ping slots", key);
return;
} else {
Log_debug(ic->logger, "SwitchPing [%s.k]", key);
}
ping->onResponseContext = ep;
}
static void onPingResponse(enum SwitchPinger_Result result,
uint64_t label,
String* data,
uint32_t millisecondsLag,
uint32_t version,
void* onResponseContext)
{
if (SwitchPinger_Result_OK != result) {
return;
}
struct IFCPeer* ep = Identity_cast((struct IFCPeer*) onResponseContext);
struct Context* ic = ifcontrollerForPeer(ep);
struct Address addr;
Bits_memset(&addr, 0, sizeof(struct Address));
Bits_memcpyConst(addr.key, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
addr.path = ep->switchLabel;
Log_debug(ic->logger, "got switch pong from node with version [%d]", version);
RouterModule_addNode(ic->routerModule, &addr, version);
#ifdef Log_DEBUG
// This will be false if it times out.
//Assert_true(label == ep->switchLabel);
uint8_t path[20];
AddrTools_printPath(path, label);
uint8_t sl[20];
AddrTools_printPath(sl, ep->switchLabel);
Log_debug(ic->logger, "Received [%s] from lazy endpoint [%s] [%s]",
SwitchPinger_resultString(result)->bytes, path, sl);
#endif
}
/** If there's already an endpoint with the same public key, merge the new one with the old one. */
static void moveEndpointIfNeeded(struct IFCPeer* ep, struct Context* ic)
{
Log_debug(ic->logger, "Checking for old sessions to merge with.");
uint8_t* key = CryptoAuth_getHerPublicKey(ep->cryptoAuthIf);
for (uint32_t i = 0; i < ic->peerMap.count; i++) {
struct IFCPeer* thisEp = ic->peerMap.values[i];
uint8_t* thisKey = CryptoAuth_getHerPublicKey(thisEp->cryptoAuthIf);
if (thisEp != ep && !Bits_memcmp(thisKey, key, 32)) {
Log_info(ic->logger, "Moving endpoint to merge new session with old.");
ep->switchLabel = thisEp->switchLabel;
SwitchCore_swapInterfaces(&thisEp->switchIf, &ep->switchIf);
Allocator_free(thisEp->external->allocator);
return;
}
}
}
static void check(struct SessionManager* sm, int mapIndex)
{
Assert_true(sm->ifaceMap.keys[mapIndex].bytes[0] == 0xfc);
uint8_t* herPubKey = CryptoAuth_getHerPublicKey(sm->ifaceMap.values[mapIndex]->pub.internal);
if (!Bits_isZero(herPubKey, 32)) {
uint8_t ip6[16];
AddressCalc_addressForPublicKey(ip6, herPubKey);
Assert_true(!Bits_memcmp(&sm->ifaceMap.keys[mapIndex], ip6, 16));
}
}
static uint8_t incomingFromCryptoAuth(struct Message* message, struct Interface* iface)
{
struct Ducttape* context = iface->receiverContext;
int layer = context->layer;
context->layer = INVALID_LAYER;
if (layer == INNER_LAYER) {
return incomingForMe(message, context, CryptoAuth_getHerPublicKey(context->session));
} else if (layer == OUTER_LAYER) {
return incomingFromRouter(message, context);
}
Assert_true(false);
return 0;
}
static void sessionStats(Dict* args,
void* vcontext,
String* txid,
struct Allocator* alloc)
{
struct Context* context = vcontext;
int64_t* handleP = Dict_getInt(args, String_CONST("handle"));
uint32_t handle = *handleP;
struct SessionManager_Session* session = SessionManager_sessionForHandle(handle, context->sm);
uint8_t* ip6 = SessionManager_getIp6(handle, context->sm);
Dict* r = Dict_new(alloc);
if (!session) {
Dict_putString(r, String_CONST("error"), String_CONST("no such session"), alloc);
Admin_sendMessage(r, txid, context->admin);
return;
}
// both or neither
Assert_true(ip6);
uint8_t printedAddr[40];
AddrTools_printIp(printedAddr, ip6);
Dict_putString(r, String_CONST("ip6"), String_new(printedAddr, alloc), alloc);
Dict_putString(r,
String_CONST("state"),
String_new(CryptoAuth_stateString(session->cryptoAuthState), alloc),
alloc);
struct ReplayProtector* rp = CryptoAuth_getReplayProtector(session->internal);
Dict_putInt(r, String_CONST("duplicates"), rp->duplicates, alloc);
Dict_putInt(r, String_CONST("lostPackets"), rp->lostPackets, alloc);
Dict_putInt(r, String_CONST("receivedOutOfRange"), rp->receivedOutOfRange, alloc);
uint8_t* key = CryptoAuth_getHerPublicKey(session->internal);
Dict_putString(r, String_CONST("publicKey"), Key_stringify(key, alloc), alloc);
Dict_putInt(r, String_CONST("version"), session->version, alloc);
Dict_putInt(r, String_CONST("handle"),
Endian_bigEndianToHost32(session->receiveHandle_be), alloc);
Dict_putInt(r, String_CONST("sendHandle"),
Endian_bigEndianToHost32(session->sendHandle_be), alloc);
Dict_putInt(r, String_CONST("timeOfLastIn"), session->timeOfLastIn, alloc);
Dict_putInt(r, String_CONST("timeOfLastOut"), session->timeOfLastOut, alloc);
Admin_sendMessage(r, txid, context->admin);
return;
}
// Called from the pingInteral timeout.
static void pingCallback(void* vic)
{
struct Context* ic = Identity_cast((struct Context*) vic);
uint64_t now = Time_currentTimeMilliseconds(ic->eventBase);
ic->pingCount++;
// scan for endpoints have not sent anything recently.
for (uint32_t i = 0; i < ic->peerMap.count; i++) {
struct IFCPeer* ep = ic->peerMap.values[i];
if (now > ep->timeOfLastMessage + ic->pingAfterMilliseconds) {
#ifdef Log_DEBUG
uint8_t key[56];
Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
#endif
if (ep->transient && now > ep->timeOfLastMessage + ic->forgetAfterMilliseconds) {
Log_debug(ic->logger, "Unresponsive peer [%s.k] has not responded in [%u] "
"seconds, dropping connection",
key, ic->forgetAfterMilliseconds / 1024);
Allocator_free(ep->external->allocator);
} else if (now > ep->timeOfLastMessage + ic->unresponsiveAfterMilliseconds) {
// Lets skip 87% of pings when they're really down.
if (ic->pingCount % 8) {
continue;
}
ep->state = InterfaceController_PeerState_UNRESPONSIVE;
uint32_t lag = ((now - ep->timeOfLastMessage) / 1024);
Log_debug(ic->logger, "Pinging unresponsive peer [%s.k] lag [%u]", key, lag);
} else {
uint32_t lag = ((now - ep->timeOfLastMessage) / 1024);
Log_debug(ic->logger, "Pinging lazy peer [%s] lag [%u]", key, lag);
}
struct SwitchPinger_Ping* ping =
SwitchPinger_newPing(ep->switchLabel,
String_CONST(""),
ic->timeoutMilliseconds,
onPingResponse,
ic->switchPinger);
ping->onResponseContext = ep;
SwitchPinger_sendPing(ping);
}
}
}
/**
* Check the table for nodes which might need to be pinged, ping a node if necessary.
* If a node has not responded in unresponsiveAfterMilliseconds then mark them as unresponsive
* and if the connection is incoming and the node has not responded in forgetAfterMilliseconds
* then drop them entirely.
* This is called every PING_INTERVAL_MILLISECONDS but pingCallback is a misleading name.
*/
static void pingCallback(void* vic)
{
struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) vic);
if (!ic->peerMap.count) { return; }
uint64_t now = Time_currentTimeMilliseconds(ic->eventBase);
// scan for endpoints have not sent anything recently.
uint32_t startAt = Random_uint32(ic->rand) % ic->peerMap.count;
for (uint32_t i = startAt, count = 0; (!count || i != startAt) && count <= ic->peerMap.count;) {
i = (i + 1) % ic->peerMap.count;
count++;
struct InterfaceController_Peer* ep = ic->peerMap.values[i];
if (now < ep->timeOfLastMessage + ic->pingAfterMilliseconds) {
if (now < ep->timeOfLastPing + ic->pingAfterMilliseconds) {
// Possibly an out-of-date node which is mangling packets, don't ping too often
// because it causes the RumorMill to be filled with this node over and over.
continue;
}
struct Node_Link* link = Router_linkForPath(ic->router, ep->switchLabel);
// It exists, it's parent is the self-node, and it's label is equal to the switchLabel.
if (link
&& Node_getBestParent(link->child)
&& Node_getBestParent(link->child)->parent->address.path == 1
&& Node_getBestParent(link->child)->cannonicalLabel == ep->switchLabel)
{
continue;
}
}
#ifdef Log_DEBUG
uint8_t key[56];
Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
#endif
if (ep->isIncomingConnection
&& now > ep->timeOfLastMessage + ic->forgetAfterMilliseconds)
{
Log_debug(ic->logger, "Unresponsive peer [%s.k] has not responded in [%u] "
"seconds, dropping connection",
key, ic->forgetAfterMilliseconds / 1024);
Allocator_free(ep->external->allocator);
continue;
}
bool unresponsive = (now > ep->timeOfLastMessage + ic->unresponsiveAfterMilliseconds);
if (unresponsive) {
// our link to the peer is broken...
Router_disconnectedPeer(ic->router, ep->switchLabel);
// Lets skip 87% of pings when they're really down.
if (ep->pingCount % 8) {
ep->pingCount++;
continue;
}
ep->state = InterfaceController_PeerState_UNRESPONSIVE;
}
#ifdef Log_DEBUG
uint32_t lag = (now - ep->timeOfLastMessage) / 1024;
Log_debug(ic->logger,
"Pinging %s peer [%s.k] lag [%u]",
(unresponsive ? "unresponsive" : "lazy"), key, lag);
#endif
sendPing(ep);
// we only ping one node
return;
}
}
/**
* Messages with content encrypted and header decrypted are sent here to be forwarded.
* they may come from us, or from another node and may be to us or to any other node.
* Message is aligned on the beginning of the ipv6 header.
*/
static inline int core(struct Message* message, struct Ducttape* context)
{
context->ip6Header = (struct Headers_IP6Header*) message->bytes;
if (isForMe(message, context)) {
Message_shift(message, -Headers_IP6Header_SIZE);
if (memcmp(context->routerAddress, context->ip6Header->sourceAddr, 16)) {
// triple encrypted
// This call goes to incomingForMe()
context->layer = INNER_LAYER;
context->session =
SessionManager_getSession(context->ip6Header->sourceAddr, NULL, context->sm);
return context->session->receiveMessage(message, context->session);
} else {
// double encrypted, inner layer plaintext.
// The session is still set from the router-to-router traffic and that is the one we use
// to determine the node's id.
return incomingForMe(message, context, CryptoAuth_getHerPublicKey(context->session));
}
}
if (context->ip6Header->hopLimit == 0) {
Log_debug(context->logger, "dropped message because hop limit has been exceeded.\n");
// TODO: send back an error message in response.
return Error_UNDELIVERABLE;
}
context->ip6Header->hopLimit--;
struct Address* ft = context->forwardTo;
context->forwardTo = NULL;
if (!ft) {
struct Node* bestNext =
RouterModule_lookup(context->ip6Header->destinationAddr, context->routerModule);
if (bestNext) {
ft = &bestNext->address;
}
}
if (ft) {
#ifdef Log_DEBUG
uint8_t nhAddr[60];
Address_print(nhAddr, ft);
if (memcmp(context->ip6Header->destinationAddr, ft->ip6.bytes, 16)) {
// Potentially forwarding for ourselves.
struct Address destination;
Bits_memcpyConst(destination.ip6.bytes, context->ip6Header->destinationAddr, 16);
uint8_t ipAddr[40];
Address_printIp(ipAddr, &destination);
Log_debug2(context->logger, "Forwarding data to %s via %s\n", ipAddr, nhAddr);
} else {
// Definitely forwarding on behalf of someone else.
Log_debug1(context->logger, "Forwarding data to %s (last hop)\n", nhAddr);
}
#endif
return sendToRouter(ft, message, context);
}
Log_debug(context->logger, "Dropped message because this node is the closest known "
"node to the destination.\n");
return Error_UNDELIVERABLE;
}
static inline int incomingFromRouter(struct Message* message,
struct Ducttape_MessageHeader* dtHeader,
struct SessionManager_Session* session,
struct Ducttape_pvt* context)
{
uint8_t* pubKey = CryptoAuth_getHerPublicKey(&session->iface);
if (!validEncryptedIP6(message)) {
// Not valid cjdns IPv6, we'll try it as an IPv4 or ICANN-IPv6 packet
// and check if we have an agreement with the node who sent it.
Message_shift(message, IpTunnel_PacketInfoHeader_SIZE);
struct IpTunnel_PacketInfoHeader* header =
(struct IpTunnel_PacketInfoHeader*) message->bytes;
uint8_t* addr = session->ip6;
Bits_memcpyConst(header->nodeIp6Addr, addr, 16);
Bits_memcpyConst(header->nodeKey, pubKey, 32);
struct Interface* ipTun = &context->ipTunnel->nodeInterface;
return ipTun->sendMessage(message, ipTun);
}
struct Address srcAddr = {
.path = Endian_bigEndianToHost64(dtHeader->switchHeader->label_be)
};
Bits_memcpyConst(srcAddr.key, pubKey, 32);
//Log_debug(context->logger, "Got message from router.\n");
int ret = core(message, dtHeader, session, context);
struct Node* n = RouterModule_getNode(srcAddr.path, context->routerModule);
if (!n) {
Address_getPrefix(&srcAddr);
RouterModule_addNode(context->routerModule, &srcAddr, session->version);
} else {
n->reach += 1;
RouterModule_updateReach(n, context->routerModule);
}
return ret;
}
static uint8_t incomingFromCryptoAuth(struct Message* message, struct Interface* iface)
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*) iface->receiverContext);
struct Ducttape_MessageHeader* dtHeader = getDtHeader(message, false);
enum Ducttape_SessionLayer layer = dtHeader->layer;
dtHeader->layer = Ducttape_SessionLayer_INVALID;
struct SessionManager_Session* session =
SessionManager_sessionForHandle(dtHeader->receiveHandle, context->sm);
if (!session) {
// This should never happen but there's no strong preventitive.
Log_info(context->logger, "SESSION DISAPPEARED!");
return 0;
}
// If the packet came from a new session, put the send handle in the session.
if (CryptoAuth_getState(iface) < CryptoAuth_ESTABLISHED) {
// If this is true then the incoming message is definitely a handshake.
if (message->length < 4) {
debugHandles0(context->logger, session, "runt");
return Error_INVALID;
}
if (layer == Ducttape_SessionLayer_OUTER) {
#ifdef Version_2_COMPAT
if (dtHeader->currentSessionVersion >= 3) {
session->version = dtHeader->currentSessionVersion;
#endif
Message_pop(message, &session->sendHandle_be, 4);
#ifdef Version_2_COMPAT
} else {
session->sendHandle_be = dtHeader->currentSessionSendHandle_be;
}
#endif
} else {
// inner layer, always grab the handle
Message_pop(message, &session->sendHandle_be, 4);
debugHandles0(context->logger, session, "New session, incoming layer3");
}
}
switch (layer) {
case Ducttape_SessionLayer_OUTER:
return incomingFromRouter(message, dtHeader, session, context);
case Ducttape_SessionLayer_INNER:
return incomingForMe(message, dtHeader, session, context,
CryptoAuth_getHerPublicKey(iface));
default:
Assert_always(false);
}
// never reached.
return 0;
}
static uint8_t outgoingFromCryptoAuth(struct Message* message, struct Interface* iface)
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*) iface->senderContext);
struct Ducttape_MessageHeader* dtHeader = getDtHeader(message, false);
struct SessionManager_Session* session =
SessionManager_sessionForHandle(dtHeader->receiveHandle, context->sm);
enum Ducttape_SessionLayer layer = dtHeader->layer;
dtHeader->layer = Ducttape_SessionLayer_INVALID;
if (!session) {
// This should never happen but there's no strong preventitive.
Log_info(context->logger, "SESSION DISAPPEARED!");
return 0;
}
if (layer == Ducttape_SessionLayer_OUTER) {
return sendToSwitch(message, dtHeader, session, context);
} else if (layer == Ducttape_SessionLayer_INNER) {
Log_debug(context->logger, "Sending layer3 message");
return outgoingFromMe(message, dtHeader, session, context);
} else {
Assert_true(0);
}
}
/**
* Handle an incoming control message from a switch.
*
* @param context the ducttape context.
* @param message the control message, this should be alligned on the beginning of the content,
* that is to say, after the end of the switch header.
* @param switchHeader the header.
* @param switchIf the interface which leads to the switch.
*/
static uint8_t handleControlMessage(struct Ducttape_pvt* context,
struct Message* message,
struct Headers_SwitchHeader* switchHeader,
struct Interface* switchIf)
{
uint8_t labelStr[20];
uint64_t label = Endian_bigEndianToHost64(switchHeader->label_be);
AddrTools_printPath(labelStr, label);
if (message->length < Control_HEADER_SIZE) {
Log_info(context->logger, "dropped runt ctrl packet from [%s]", labelStr);
return Error_NONE;
}
struct Control* ctrl = (struct Control*) message->bytes;
if (Checksum_engine(message->bytes, message->length)) {
Log_info(context->logger, "ctrl packet from [%s] with invalid checksum.", labelStr);
return Error_NONE;
}
bool pong = false;
if (ctrl->type_be == Control_ERROR_be) {
if (message->length < Control_Error_MIN_SIZE) {
Log_info(context->logger, "dropped runt error packet from [%s]", labelStr);
return Error_NONE;
}
uint64_t path = Endian_bigEndianToHost64(switchHeader->label_be);
RouterModule_brokenPath(path, context->routerModule);
uint8_t causeType = Headers_getMessageType(&ctrl->content.error.cause);
if (causeType == Headers_SwitchHeader_TYPE_CONTROL) {
if (message->length < Control_Error_MIN_SIZE + Control_HEADER_SIZE) {
Log_info(context->logger,
"error packet from [%s] containing runt cause packet",
labelStr);
return Error_NONE;
}
struct Control* causeCtrl = (struct Control*) &(&ctrl->content.error.cause)[1];
if (causeCtrl->type_be != Control_PING_be) {
Log_info(context->logger,
"error packet from [%s] caused by [%s] packet ([%u])",
labelStr,
Control_typeString(causeCtrl->type_be),
Endian_bigEndianToHost16(causeCtrl->type_be));
} else {
if (LabelSplicer_isOneHop(label)
&& ctrl->content.error.errorType_be
== Endian_hostToBigEndian32(Error_UNDELIVERABLE))
{
// this is our own InterfaceController complaining
// because the node isn't responding to pings.
return Error_NONE;
}
Log_debug(context->logger,
"error packet from [%s] in response to ping, err [%u], length: [%u].",
labelStr,
Endian_bigEndianToHost32(ctrl->content.error.errorType_be),
message->length);
// errors resulting from pings are forwarded back to the pinger.
pong = true;
}
} else if (causeType != Headers_SwitchHeader_TYPE_DATA) {
Log_info(context->logger,
"error packet from [%s] containing cause of unknown type [%u]",
labelStr, causeType);
} else {
Log_info(context->logger,
"error packet from [%s], error type [%u]",
labelStr,
Endian_bigEndianToHost32(ctrl->content.error.errorType_be));
}
} else if (ctrl->type_be == Control_PONG_be) {
pong = true;
} else if (ctrl->type_be == Control_PING_be) {
Message_shift(message, -Control_HEADER_SIZE);
if (message->length < Control_Ping_MIN_SIZE) {
Log_info(context->logger, "dropped runt ping");
return Error_INVALID;
}
struct Control_Ping* ping = (struct Control_Ping*) message->bytes;
ping->magic = Control_Pong_MAGIC;
ping->version_be = Endian_hostToBigEndian32(Version_CURRENT_PROTOCOL);
Message_shift(message, Control_HEADER_SIZE);
ctrl->type_be = Control_PONG_be;
ctrl->checksum_be = 0;
ctrl->checksum_be = Checksum_engine(message->bytes, message->length);
Message_shift(message, Headers_SwitchHeader_SIZE);
Log_info(context->logger, "got switch ping from [%s]", labelStr);
switchIf->receiveMessage(message, switchIf);
} else {
Log_info(context->logger,
"control packet of unknown type from [%s], type [%d]",
labelStr, Endian_bigEndianToHost16(ctrl->type_be));
}
if (pong && context->pub.switchPingerIf.receiveMessage) {
// Shift back over the header
Message_shift(message, Headers_SwitchHeader_SIZE);
context->pub.switchPingerIf.receiveMessage(
message, &context->pub.switchPingerIf);
}
return Error_NONE;
}
/**
* Messages with content encrypted and header decrypted are sent here to be forwarded.
* they may come from us, or from another node and may be to us or to any other node.
* Message is aligned on the beginning of the ipv6 header.
*/
static inline int core(struct Message* message,
struct Ducttape_MessageHeader* dtHeader,
struct SessionManager_Session* session,
struct Ducttape_pvt* context)
{
struct Headers_IP6Header* ip6Header = (struct Headers_IP6Header*) message->bytes;
dtHeader->ip6Header = ip6Header;
if (isForMe(message, context)) {
Message_shift(message, -Headers_IP6Header_SIZE);
if (Bits_memcmp(session->ip6, ip6Header->sourceAddr, 16)) {
// triple encrypted
// This call goes to incomingForMe()
struct SessionManager_Session* session =
SessionManager_getSession(ip6Header->sourceAddr, NULL, context->sm);
#ifdef Log_DEBUG
uint8_t addr[40];
AddrTools_printIp(addr, ip6Header->sourceAddr);
Log_debug(context->logger, "Incoming layer3 message, ostensibly from [%s]", addr);
#endif
dtHeader->receiveHandle = Endian_bigEndianToHost32(session->receiveHandle_be);
dtHeader->layer = Ducttape_SessionLayer_INNER;
return session->iface.receiveMessage(message, &session->iface);
} else {
// double encrypted, inner layer plaintext.
// The session is still set from the router-to-router traffic and that is the one we use
// to determine the node's id.
return incomingForMe(message, dtHeader, session, context,
CryptoAuth_getHerPublicKey(&session->iface));
}
}
if (ip6Header->hopLimit == 0) {
Log_debug(context->logger, "dropped message because hop limit has been exceeded.\n");
// TODO: send back an error message in response.
return Error_UNDELIVERABLE;
}
ip6Header->hopLimit--;
struct SessionManager_Session* nextHopSession = NULL;
if (!dtHeader->nextHopReceiveHandle || !dtHeader->switchLabel) {
struct Node* n = RouterModule_lookup(ip6Header->destinationAddr, context->routerModule);
if (n) {
nextHopSession =
SessionManager_getSession(n->address.ip6.bytes, n->address.key, context->sm);
dtHeader->switchLabel = n->address.path;
}
} else {
nextHopSession =
SessionManager_sessionForHandle(dtHeader->nextHopReceiveHandle, context->sm);
}
if (nextHopSession) {
#ifdef Log_DEBUG
struct Address addr;
Bits_memcpyConst(addr.ip6.bytes, nextHopSession->ip6, 16);
addr.path = dtHeader->switchLabel;
uint8_t nhAddr[60];
Address_print(nhAddr, &addr);
if (Bits_memcmp(ip6Header->destinationAddr, addr.ip6.bytes, 16)) {
// Potentially forwarding for ourselves.
struct Address destination;
Bits_memcpyConst(destination.ip6.bytes, ip6Header->destinationAddr, 16);
uint8_t ipAddr[40];
Address_printIp(ipAddr, &destination);
Log_debug(context->logger, "Forwarding data to %s via %s\n", ipAddr, nhAddr);
} else {
// Definitely forwarding on behalf of someone else.
Log_debug(context->logger, "Forwarding data to %s (last hop)\n", nhAddr);
}
#endif
return sendToRouter(message, dtHeader, nextHopSession, context);
}
#ifdef Log_INFO
struct Address destination;
Bits_memcpyConst(destination.ip6.bytes, ip6Header->destinationAddr, 16);
uint8_t ipAddr[40];
Address_printIp(ipAddr, &destination);
Log_info(context->logger, "Dropped message because this node is the closest known "
"node to the destination %s.", ipAddr);
#endif
return Error_UNDELIVERABLE;
}
static int handleOutgoing(struct DHTMessage* dmessage,
void* vcontext)
{
struct Context* context = (struct Context*) vcontext;
struct Message message =
{ .length = dmessage->length, .bytes = (uint8_t*) dmessage->bytes, .padding = 512 };
Message_shift(&message, Headers_UDPHeader_SIZE);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message.bytes;
uh->sourceAndDestPorts = 0;
uh->length_be = Endian_hostToBigEndian16(dmessage->length);
uh->checksum_be = 0;
uint16_t payloadLength = message.length;
Message_shift(&message, Headers_IP6Header_SIZE);
struct Headers_IP6Header* header = (struct Headers_IP6Header*) message.bytes;
header->versionClassAndFlowLabel = 0;
header->flowLabelLow_be = 0;
header->nextHeader = 17;
header->hopLimit = 0;
header->payloadLength_be = Endian_hostToBigEndian16(payloadLength);
memcpy(header->sourceAddr,
context->myAddr.ip6.bytes,
Address_SEARCH_TARGET_SIZE);
memcpy(header->destinationAddr,
dmessage->address->ip6.bytes,
Address_SEARCH_TARGET_SIZE);
context->ip6Header = header;
context->switchHeader = NULL;
sendToRouter(dmessage->address, &message, context);
return 0;
}
// Aligned on the beginning of the content.
static inline bool isRouterTraffic(struct Message* message, struct Headers_IP6Header* ip6)
{
if (ip6->nextHeader != 17 || ip6->hopLimit != 0) {
return false;
}
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
return uh->sourceAndDestPorts == 0
&& Endian_bigEndianToHost16(uh->length_be) == message->length - Headers_UDPHeader_SIZE;
}
/**
* Message which is for us, message is aligned on the beginning of the content.
* this is called from core() which calls through an interfaceMap.
*/
static inline uint8_t incomingForMe(struct Message* message, struct Context* context)
{
struct Address addr;
uint8_t* key = CryptoAuth_getHerPublicKey(context->session);
AddressCalc_addressForPublicKey(addr.ip6.bytes, key);
if (memcmp(addr.ip6.bytes, context->ip6Header->sourceAddr, 16)) {
#ifdef Log_DEBUG
uint8_t keyAddr[40];
Address_printIp(keyAddr, &addr);
memcpy(addr.ip6.bytes, context->ip6Header->sourceAddr, 16);
uint8_t srcAddr[40];
Address_printIp(srcAddr, &addr);
Log_debug2(context->logger,
"Dropped packet because source address is not same as key.\n"
" %s source addr\n"
" %s hash of key\n",
srcAddr,
keyAddr);
#endif
return Error_INVALID;
}
if (isRouterTraffic(message, context->ip6Header)) {
// Shift off the UDP header.
Message_shift(message, -Headers_UDPHeader_SIZE);
addr.networkAddress_be = context->switchHeader->label_be;
memcpy(addr.key, key, 32);
return incomingDHT(message, &addr, context);
}
// RouterModule_addNode(&addr, context->routerModule);
if (!context->routerIf) {
Log_warn(context->logger,
"Dropping message because there is no router interface configured.\n");
return Error_UNDELIVERABLE;
}
// Now write a message to the TUN device.
// Need to move the ipv6 header forward up to the content because there's a crypto header
// between the ipv6 header and the content which just got eaten.
Message_shift(message, Headers_IP6Header_SIZE);
uint16_t sizeDiff = message->bytes - (uint8_t*)context->ip6Header;
if (sizeDiff) {
context->ip6Header->payloadLength_be =
Endian_hostToBigEndian16(
Endian_bigEndianToHost16(context->ip6Header->payloadLength_be) - sizeDiff);
memmove(message->bytes, context->ip6Header, Headers_IP6Header_SIZE);
}
context->routerIf->sendMessage(message, context->routerIf);
return Error_NONE;
}
/**
* Send a message to another switch.
* Switchheader will precede the message.
*/
static inline uint8_t sendToSwitch(struct Message* message,
struct Headers_SwitchHeader* destinationSwitchHeader,
struct Context* context)
{
Message_shift(message, Headers_SwitchHeader_SIZE);
struct Headers_SwitchHeader* switchHeaderLocation =
(struct Headers_SwitchHeader*) message->bytes;
if (destinationSwitchHeader != switchHeaderLocation) {
memmove(message->bytes, destinationSwitchHeader, Headers_SwitchHeader_SIZE);
}
// This is a test to trap a bug.
assert(Headers_getPriority(destinationSwitchHeader) == 0);
return context->switchInterface.receiveMessage(message, &context->switchInterface);
}
// Called from the pingInteral timeout.
static void pingCallback(void* vic)
{
struct Context* ic = Identity_cast((struct Context*) vic);
uint64_t now = Time_currentTimeMilliseconds(ic->eventBase);
ic->pingCount++;
// scan for endpoints have not sent anything recently.
for (uint32_t i = 0; i < ic->peerMap.count; i++) {
struct IFCPeer* ep = ic->peerMap.values[i];
// This is here because of a pathological state where the connection is in ESTABLISHED
// state but the *direct peer* has somehow been dropped from the routing table.
// TODO: understand the cause of this issue rather than checking for it once per second.
struct Node* peerNode = RouterModule_getNode(ep->switchLabel, ic->routerModule);
if (now > ep->timeOfLastMessage + ic->pingAfterMilliseconds || !peerNode) {
#ifdef Log_DEBUG
uint8_t key[56];
Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
#endif
if (ep->isIncomingConnection
&& now > ep->timeOfLastMessage + ic->forgetAfterMilliseconds)
{
Log_debug(ic->logger, "Unresponsive peer [%s.k] has not responded in [%u] "
"seconds, dropping connection",
key, ic->forgetAfterMilliseconds / 1024);
Allocator_free(ep->external->allocator);
return;
}
bool unresponsive = (now > ep->timeOfLastMessage + ic->unresponsiveAfterMilliseconds);
uint32_t lag = ~0u;
if (unresponsive) {
// flush the peer from the table...
RouterModule_brokenPath(ep->switchLabel, ic->routerModule);
// Lets skip 87% of pings when they're really down.
if (ic->pingCount % 8) {
continue;
}
ep->state = InterfaceController_PeerState_UNRESPONSIVE;
lag = ((now - ep->timeOfLastMessage) / 1024);
} else {
lag = ((now - ep->timeOfLastMessage) / 1024);
}
struct SwitchPinger_Ping* ping =
SwitchPinger_newPing(ep->switchLabel,
String_CONST(""),
ic->timeoutMilliseconds,
onPingResponse,
ic->allocator,
ic->switchPinger);
if (!ping) {
Log_debug(ic->logger,
"Failed to ping %s peer [%s.k] lag [%u], out of ping slots.",
(unresponsive ? "unresponsive" : "lazy"), key, lag);
return;
}
ping->onResponseContext = ep;
SwitchPinger_sendPing(ping);
Log_debug(ic->logger,
"Pinging %s peer [%s.k] lag [%u]",
(unresponsive ? "unresponsive" : "lazy"), key, lag);
}
}
}