/*
* Send a ping packet to one of the endpoints.
*/
static void sendPing(struct InterfaceController_Peer* ep)
{
struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep);
ep->pingCount++;
struct SwitchPinger_Ping* ping =
SwitchPinger_newPing(ep->switchLabel,
String_CONST(""),
ic->timeoutMilliseconds,
onPingResponse,
ic->allocator,
ic->switchPinger);
#ifdef Log_DEBUG
uint8_t key[56];
Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
#endif
if (!ping) {
Log_debug(ic->logger, "Failed to ping [%s.k], out of ping slots", key);
return;
} else {
Log_debug(ic->logger, "SwitchPing [%s.k]", key);
}
ping->onResponseContext = ep;
}
static inline bool decryptMessage(struct CryptoAuth_Wrapper* wrapper,
uint32_t nonce,
struct Message* content,
uint8_t secret[32])
{
if (wrapper->authenticatePackets) {
// Decrypt with authentication and replay prevention.
int ret = decrypt(nonce, content, secret, wrapper->isInitiator, true);
if (ret) {
Log_debug(wrapper->context->logger,
"Authenticated decryption failed returning %u\n",
ret);
return false;
}
ret = !ReplayProtector_checkNonce(nonce, &wrapper->replayProtector);
if (ret) {
Log_debug(wrapper->context->logger, "Nonce checking failed.\n");
return false;
}
} else {
decrypt(nonce, content, secret, wrapper->isInitiator, false);
}
int ret = callReceivedMessage(wrapper, content);
if (ret) {
Log_debug(wrapper->context->logger,
"Call received message failed returning %u\n",
ret);
return false;
}
return true;
}
static void checkLinkage(void* vTwoNodes)
{
struct TwoNodes* ctx = Identity_check((struct TwoNodes*) vTwoNodes);
if (!ctx->beaconsSent) {
if (Pathfinder_getNodeStore(ctx->nodeA->pathfinder) &&
Pathfinder_getNodeStore(ctx->nodeB->pathfinder))
{
Log_debug(ctx->logger, "Linking A and B");
TestFramework_linkNodes(ctx->nodeB, ctx->nodeA, true);
ctx->beaconsSent = true;
}
return;
}
if (Pathfinder_getNodeStore(ctx->nodeA->pathfinder)->nodeCount < 1) {
notLinkedYet(ctx);
return;
}
Log_debug(ctx->logger, "A seems to be linked with B");
if (Pathfinder_getNodeStore(ctx->nodeB->pathfinder)->nodeCount < 1) {
notLinkedYet(ctx);
return;
}
Log_debug(ctx->logger, "B seems to be linked with A");
Log_debug(ctx->logger, "\n\nSetup Complete\n\n");
Timeout_clearTimeout(ctx->checkLinkageTimeout);
ctx->runTest(ctx);
}
static void ipTunnel(Dict* ifaceConf, struct Allocator* tempAlloc, struct Context* ctx)
{
List* incoming = Dict_getList(ifaceConf, String_CONST("allowedConnections"));
Dict* d;
for (int i = 0; (d = List_getDict(incoming, i)) != NULL; i++) {
String* key = Dict_getString(d, String_CONST("publicKey"));
String* ip4 = Dict_getString(d, String_CONST("ip4Address"));
String* ip6 = Dict_getString(d, String_CONST("ip6Address"));
if (!key) {
Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]"
"'publicKey' required.", i);
exit(1);
}
if (!ip4 && !ip6) {
Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]"
"either ip4Address or ip6Address required.", i);
exit(1);
}
Log_debug(ctx->logger, "Allowing IpTunnel connections from [%s]", key->bytes);
Dict_putString(d, String_CONST("publicKeyOfAuthorizedNode"), key, tempAlloc);
rpcCall0(String_CONST("IpTunnel_allowConnection"), d, ctx, tempAlloc, true);
}
List* outgoing = Dict_getList(ifaceConf, String_CONST("outgoingConnections"));
String* s;
for (int i = 0; (s = List_getString(outgoing, i)) != NULL; i++) {
Log_debug(ctx->logger, "Initiating IpTunnel connection to [%s]", s->bytes);
Dict requestDict =
Dict_CONST(String_CONST("publicKeyOfNodeToConnectTo"), String_OBJ(s), NULL);
rpcCall0(String_CONST("IpTunnel_connectTo"), &requestDict, ctx, tempAlloc, true);
}
}
/**
* If we don't know her key, the handshake has to be done backwards.
* Reverse handshake requests are signaled by sending a non-obfuscated zero nonce.
*/
static uint8_t genReverseHandshake(struct Message* message,
struct Wrapper* wrapper,
union Headers_CryptoAuth* header)
{
wrapper->nextNonce = 0;
Message_shift(message, -Headers_CryptoAuth_SIZE);
// Buffer the packet so it can be sent ASAP
if (wrapper->bufferedMessage == NULL) {
Log_debug(wrapper->context->logger, "Buffered a message.\n");
wrapper->bufferedMessage =
Message_clone(message, wrapper->externalInterface.allocator);
assert(wrapper->nextNonce == 0);
} else {
Log_debug(wrapper->context->logger,
"Expelled a message because a session has not yet been setup.\n");
Message_copyOver(wrapper->bufferedMessage,
message,
wrapper->externalInterface.allocator);
assert(wrapper->nextNonce == 0);
}
wrapper->hasBufferedMessage = true;
Message_shift(message, Headers_CryptoAuth_SIZE);
header = (union Headers_CryptoAuth*) message->bytes;
header->nonce = UINT32_MAX;
message->length = Headers_CryptoAuth_SIZE;
// sessionState must be 0, auth and 24 byte nonce are garbaged and public key is set
// now garbage the authenticator and the encrypted key which are not used.
randombytes((uint8_t*) &header->handshake.authenticator, 48);
return wrapper->wrappedInterface->sendMessage(message, wrapper->wrappedInterface);
}
static void search(uint8_t target[16], struct Janitor* janitor)
{
if (janitor->searches >= MAX_SEARCHES) {
Log_debug(janitor->logger, "Skipping search because 20 are in progress");
return;
}
#ifdef Log_DEBUG
uint8_t targetStr[40];
AddrTools_printIp(targetStr, target);
Log_debug(janitor->logger, "Beginning search for [%s]", targetStr);
#endif
struct Allocator* searchAlloc = Allocator_child(janitor->allocator);
struct RouterModule_Promise* rp =
SearchRunner_search(target, janitor->searchRunner, searchAlloc);
if (!rp) {
Log_debug(janitor->logger, "SearchRunner_search() returned NULL, probably full.");
Allocator_free(searchAlloc);
return;
}
janitor->searches++;
struct Janitor_Search* search = Allocator_clone(rp->alloc, (&(struct Janitor_Search) {
.janitor = janitor,
.alloc = searchAlloc,
}));
/*
* Send a ping packet to one of the endpoints.
*/
static void sendPing(struct Peer* ep)
{
struct InterfaceController_pvt* ic = Identity_check(ep->ici->ic);
ep->pingCount++;
struct SwitchPinger_Ping* ping =
SwitchPinger_newPing(ep->addr.path,
String_CONST(""),
ic->timeoutMilliseconds,
onPingResponse,
ep->alloc,
ic->switchPinger);
if (Defined(Log_DEBUG)) {
uint8_t key[56];
Base32_encode(key, 56, ep->caSession->herPublicKey, 32);
if (!ping) {
Log_debug(ic->logger, "Failed to ping [%s.k], out of ping slots", key);
} else {
Log_debug(ic->logger, "SwitchPing [%s.k]", key);
}
}
if (ping) {
ping->onResponseContext = ep;
}
}
Iface_DEFUN TUNTools_genericIP6Echo(struct Message* msg, struct TUNTools* tt)
{
uint16_t ethertype = TUNMessageType_pop(msg, NULL);
if (ethertype != Ethernet_TYPE_IP6) {
Log_debug(tt->log, "Spurious packet with ethertype [%04x]\n",
Endian_bigEndianToHost16(ethertype));
return 0;
}
struct Headers_IP6Header* header = (struct Headers_IP6Header*) msg->bytes;
if (msg->length != Headers_IP6Header_SIZE + Headers_UDPHeader_SIZE + 12) {
int type = (msg->length >= Headers_IP6Header_SIZE) ? header->nextHeader : -1;
Log_debug(tt->log, "Message of unexpected length [%u] ip6->nextHeader: [%d]\n",
msg->length, type);
return 0;
}
uint8_t* address;
Sockaddr_getAddress(tt->tunDestAddr, &address);
Assert_true(!Bits_memcmp(header->destinationAddr, address, 16));
Sockaddr_getAddress(tt->udpBindTo, &address);
Assert_true(!Bits_memcmp(header->sourceAddr, address, 16));
Sockaddr_getAddress(tt->udpBindTo, &address);
Bits_memcpy(header->destinationAddr, address, 16);
Sockaddr_getAddress(tt->tunDestAddr, &address);
Bits_memcpy(header->sourceAddr, address, 16);
TUNMessageType_push(msg, ethertype, NULL);
return Iface_next(&tt->tunIface, msg);
}
static void sendBeacon(struct InterfaceController_Iface_pvt* ici, struct Allocator* tempAlloc)
{
if (ici->beaconState < InterfaceController_beaconState_newState_SEND) {
Log_debug(ici->ic->logger, "sendBeacon(%s) -> beaconing disabled", ici->name->bytes);
return;
}
Log_debug(ici->ic->logger, "sendBeacon(%s)", ici->name->bytes);
struct Message* msg = Message_new(0, 128, tempAlloc);
Message_push(msg, &ici->ic->beacon, Headers_Beacon_SIZE, NULL);
if (Defined(Log_DEBUG)) {
char* content = Hex_print(msg->bytes, msg->length, tempAlloc);
Log_debug(ici->ic->logger, "SEND BEACON CONTENT[%s]", content);
}
struct Sockaddr sa = {
.addrLen = Sockaddr_OVERHEAD,
.flags = Sockaddr_flags_BCAST
};
Message_push(msg, &sa, Sockaddr_OVERHEAD, NULL);
Iface_send(&ici->pub.addrIf, msg);
}
static void onPingResponse(enum SwitchPinger_Result result,
uint64_t label,
String* data,
uint32_t millisecondsLag,
uint32_t version,
void* onResponseContext)
{
if (SwitchPinger_Result_OK != result) {
return;
}
struct IFCPeer* ep = Identity_cast((struct IFCPeer*) onResponseContext);
struct Context* ic = ifcontrollerForPeer(ep);
struct Address addr;
Bits_memset(&addr, 0, sizeof(struct Address));
Bits_memcpyConst(addr.key, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
addr.path = ep->switchLabel;
Log_debug(ic->logger, "got switch pong from node with version [%d]", version);
RouterModule_addNode(ic->routerModule, &addr, version);
#ifdef Log_DEBUG
// This will be false if it times out.
//Assert_true(label == ep->switchLabel);
uint8_t path[20];
AddrTools_printPath(path, label);
uint8_t sl[20];
AddrTools_printPath(sl, ep->switchLabel);
Log_debug(ic->logger, "Received [%s] from lazy endpoint [%s] [%s]",
SwitchPinger_resultString(result)->bytes, path, sl);
#endif
}
static void onGetPeers(Dict* msg,
struct Address* src,
struct Allocator* tmpAlloc,
struct MsgCore_Handler* handler)
{
struct GetPeersResponder_pvt* gprp =
Identity_check((struct GetPeersResponder_pvt*) handler->userData);
Log_debug(gprp->log, "Received getPeers req from [%s]", Address_toString(src, tmpAlloc)->bytes);
String* txid = Dict_getStringC(msg, "txid");
if (!txid) {
Log_debug(gprp->log, "getPeers missing txid");
return;
}
String* nearLabelStr = Dict_getStringC(msg, "tar");
uint64_t label;
if (!nearLabelStr || nearLabelStr->len != 8) {
Log_debug(gprp->log, "getPeers does not contain proper target");
return;
} else {
uint64_t label_be;
Bits_memcpy(&label_be, nearLabelStr->bytes, 8);
label = Endian_bigEndianToHost64(label_be);
}
struct Address outAddrs[GETPEERS_RESPONSE_NODES] = { { .padding = 0 } };
static void onPingResponse(struct SwitchPinger_Response* resp, void* onResponseContext)
{
if (SwitchPinger_Result_OK != resp->res) {
return;
}
struct InterfaceController_Peer* ep =
Identity_check((struct InterfaceController_Peer*) onResponseContext);
struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep);
struct Address addr;
Bits_memset(&addr, 0, sizeof(struct Address));
Bits_memcpyConst(addr.key, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
addr.path = ep->switchLabel;
addr.protocolVersion = resp->version;
#ifdef Log_DEBUG
uint8_t addrStr[60];
Address_print(addrStr, &addr);
uint8_t key[56];
Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
#endif
if (!Version_isCompatible(Version_CURRENT_PROTOCOL, resp->version)) {
Log_debug(ic->logger, "got switch pong from node [%s] with incompatible version [%d]",
key, resp->version);
} else {
Log_debug(ic->logger, "got switch pong from node [%s] with version [%d]",
key, resp->version);
}
if (!ep->timeOfLastPing) {
// We've never heard from this machine before (or we've since forgotten about it)
// This is here because we want the tests to function without the janitor present.
// Other than that, it just makes a slightly more synchronous/guaranteed setup.
Router_sendGetPeers(ic->router, &addr, 0, 0, ic->allocator);
}
struct Node_Link* link = Router_linkForPath(ic->router, resp->label);
if (!link || !Node_getBestParent(link->child)) {
RumorMill_addNode(ic->rumorMill, &addr);
} else {
Log_debug(ic->logger, "link exists");
}
ep->timeOfLastPing = Time_currentTimeMilliseconds(ic->eventBase);
#ifdef Log_DEBUG
// This will be false if it times out.
//Assert_true(label == ep->switchLabel);
uint8_t path[20];
AddrTools_printPath(path, resp->label);
uint8_t sl[20];
AddrTools_printPath(sl, ep->switchLabel);
Log_debug(ic->logger, "Received [%s] from lazy endpoint [%s] [%s]",
SwitchPinger_resultString(resp->res)->bytes, path, sl);
#endif
}
struct RouterModule_Promise* SearchRunner_search(uint8_t target[16],
int maxRequests,
int maxRequestsIfFound,
struct SearchRunner* searchRunner,
struct Allocator* allocator)
{
struct SearchRunner_pvt* runner = Identity_check((struct SearchRunner_pvt*)searchRunner);
if (runner->searches > runner->maxConcurrentSearches) {
Log_debug(runner->logger, "Skipping search because there are already [%d] searches active",
runner->searches);
return NULL;
}
if (maxRequests < 1) {
maxRequests = SearchRunner_DEFAULT_MAX_REQUESTS;
}
if (maxRequestsIfFound < 1) {
maxRequestsIfFound = SearchRunner_DEFAULT_MAX_REQUESTS_IF_FOUND;
}
struct Allocator* alloc = Allocator_child(allocator);
struct Address targetAddr = { .path = 0 };
Bits_memcpyConst(targetAddr.ip6.bytes, target, Address_SEARCH_TARGET_SIZE);
struct NodeList* nodes =
NodeStore_getClosestNodes(runner->nodeStore,
&targetAddr,
maxRequests,
Version_CURRENT_PROTOCOL,
alloc);
if (nodes->size == 0) {
Log_debug(runner->logger, "No nodes available for beginning search");
Allocator_free(alloc);
return NULL;
}
struct SearchStore_Search* sss = SearchStore_newSearch(target, runner->searchStore, alloc);
for (int i = 0; i < (int)nodes->size; i++) {
SearchStore_addNodeToSearch(&nodes->nodes[i]->address, sss);
}
struct SearchRunner_Search* search = Allocator_clone(alloc, (&(struct SearchRunner_Search) {
.pub = {
.alloc = alloc
},
.runner = runner,
.search = sss,
.maxRequests = maxRequests,
.maxRequestsIfFound = maxRequestsIfFound
}));
static uint8_t receiveMessage(struct Message* received, struct Interface* interface)
{
struct CryptoAuth_Wrapper* wrapper =
Identity_cast((struct CryptoAuth_Wrapper*) interface->receiverContext);
union Headers_CryptoAuth* header = (union Headers_CryptoAuth*) received->bytes;
if (received->length < (wrapper->authenticatePackets ? 20 : 4)) {
Log_debug(wrapper->context->logger, "Dropped runt");
return Error_UNDERSIZE_MESSAGE;
}
Assert_true(received->padding >= 12 || "need at least 12 bytes of padding in incoming message");
#ifdef Log_DEBUG
Assert_true(!((uintptr_t)received->bytes % 4) || !"alignment fault");
#endif
Message_shift(received, -4);
uint32_t nonce = Endian_bigEndianToHost32(header->nonce);
if (wrapper->nextNonce < 5) {
if (nonce > 3 && nonce != UINT32_MAX && knowHerKey(wrapper)) {
Log_debug(wrapper->context->logger,
"@%p Trying final handshake step, nonce=%u\n", (void*) wrapper, nonce);
uint8_t secret[32];
getSharedSecret(secret,
wrapper->secret,
wrapper->tempKey,
NULL,
wrapper->context->logger);
// We'll optimistically advance the nextNonce value because decryptMessage()
// passes the message on to the upper level and if this message causes a
// response, we want the CA to be in ESTABLISHED state.
// if the decryptMessage() call fails, we CryptoAuth_reset() it back.
wrapper->nextNonce += 3;
if (decryptMessage(wrapper, nonce, received, secret)) {
Log_debug(wrapper->context->logger, "Final handshake step succeeded.\n");
Bits_memcpyConst(wrapper->secret, secret, 32);
return Error_NONE;
}
CryptoAuth_reset(&wrapper->externalInterface);
Log_debug(wrapper->context->logger, "Final handshake step failed.\n");
}
} else if (nonce > 2 && decryptMessage(wrapper, nonce, received, wrapper->secret)) {
// If decryptMessage returns false then we will try the packet as a handshake.
return Error_NONE;
} else {
Log_debug(wrapper->context->logger, "Decryption failed, trying message as a handshake.\n");
}
Message_shift(received, 4);
return decryptHandshake(wrapper, nonce, received, header);
}
static uint8_t sendMessage(struct Message* message, struct Interface* interface)
{
struct CryptoAuth_Wrapper* wrapper =
Identity_cast((struct CryptoAuth_Wrapper*) interface->senderContext);
// If there has been no incoming traffic for a while, reset the connection to state 0.
// This will prevent "connection in bad state" situations from lasting forever.
uint64_t nowSecs = Time_currentTimeSeconds(wrapper->context->eventBase);
if (nowSecs - wrapper->timeOfLastPacket > wrapper->context->pub.resetAfterInactivitySeconds) {
Log_debug(wrapper->context->logger, "No traffic in [%d] seconds, resetting connection.",
(int) (nowSecs - wrapper->timeOfLastPacket));
wrapper->timeOfLastPacket = nowSecs;
CryptoAuth_reset(interface);
return encryptHandshake(message, wrapper);
}
#ifdef Log_DEBUG
Assert_true(!((uintptr_t)message->bytes % 4) || !"alignment fault");
#endif
// nextNonce 0: sending hello, we are initiating connection.
// nextNonce 1: sending another hello, nothing received yet.
// nextNonce 2: sending key, hello received.
// nextNonce 3: sending key again, no data packet recieved yet.
// nextNonce >3: handshake complete
//
// if it's a blind handshake, every message will be empty and nextNonce will remain
// zero until the first message is received back.
if (wrapper->nextNonce < 5) {
if (wrapper->nextNonce < 4) {
return encryptHandshake(message, wrapper);
} else {
Log_debug(wrapper->context->logger,
"@%p Doing final step to send message. nonce=4\n", (void*) wrapper);
uint8_t secret[32];
getSharedSecret(secret,
wrapper->secret,
wrapper->tempKey,
NULL,
wrapper->context->logger);
Bits_memcpyConst(wrapper->secret, secret, 32);
}
}
return encryptMessage(message, wrapper);
}
static void supernodes(List* supernodes, struct Allocator* tempAlloc, struct Context* ctx)
{
if (!supernodes) {
return;
}
String* s;
for (int i = 0; (s = List_getString(supernodes, i)) != NULL; i++) {
Log_debug(ctx->logger, "Loading supernode connection to [%s]", s->bytes);
Dict reqDict = Dict_CONST(String_CONST("key"), String_OBJ(s), NULL);
if (!Defined(SUBNODE)) {
Log_debug(ctx->logger, "Skipping because SUBNODE is not enabled");
continue;
}
rpcCall0(String_CONST("SupernodeHunter_addSnode"), &reqDict, ctx, tempAlloc, NULL, true);
}
}
int InterfaceController_beaconState(struct InterfaceController* ifc,
int interfaceNumber,
int newState)
{
struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc);
struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, interfaceNumber);
if (!ici) {
return InterfaceController_beaconState_NO_SUCH_IFACE;
}
char* val = NULL;
switch (newState) {
default: return InterfaceController_beaconState_INVALID_STATE;
case InterfaceController_beaconState_newState_OFF: val = "OFF"; break;
case InterfaceController_beaconState_newState_ACCEPT: val = "ACCEPT"; break;
case InterfaceController_beaconState_newState_SEND: val = "SEND"; break;
}
Log_debug(ic->logger, "InterfaceController_beaconState(%s, %s)", ici->name->bytes, val);
ici->beaconState = newState;
if (newState == InterfaceController_beaconState_newState_SEND) {
// Send out a beacon right away so we don't have to wait.
struct Allocator* alloc = Allocator_child(ici->alloc);
sendBeacon(ici, alloc);
Allocator_free(alloc);
}
return 0;
}
void Core_initTunnel(String* desiredDeviceName,
uint8_t ipAddr[16],
uint8_t addressPrefix,
struct Ducttape* dt,
struct Log* logger,
struct IpTunnel* ipTunnel,
struct EventBase* eventBase,
struct Allocator* alloc,
struct Except* eh)
{
Log_debug(logger, "Initializing TUN device [%s]",
(desiredDeviceName) ? desiredDeviceName->bytes : "<auto>");
char assignedTunName[TUNConfigurator_IFNAMSIZ];
void* tunPtr = TUNConfigurator_initTun(((desiredDeviceName) ? desiredDeviceName->bytes : NULL),
assignedTunName,
logger,
eh);
struct TUNInterface* tun = TUNInterface_new(tunPtr, eventBase, alloc, logger);
// broken
//struct ICMP6Generator* icmp = ICMP6Generator_new(alloc);
//InterfaceConnector_connect(&icmp->external, &tun->iface);
//Ducttape_setUserInterface(dt, &icmp->internal);
Ducttape_setUserInterface(dt, &tun->iface);
TUNConfigurator_addIp6Address(assignedTunName, ipAddr, addressPrefix, logger, eh);
TUNConfigurator_setMTU(assignedTunName, DEFAULT_MTU, logger, eh);
IpTunnel_setTunName(assignedTunName, ipTunnel);
}
static Iface_DEFUN switchErr(struct Message* msg, struct Pathfinder_pvt* pf)
{
struct PFChan_Core_SwitchErr switchErr;
Message_pop(msg, &switchErr, PFChan_Core_SwitchErr_MIN_SIZE, NULL);
uint64_t path = Endian_bigEndianToHost64(switchErr.sh.label_be);
uint64_t pathAtErrorHop = Endian_bigEndianToHost64(switchErr.ctrlErr.cause.label_be);
uint8_t pathStr[20];
AddrTools_printPath(pathStr, path);
int err = Endian_bigEndianToHost32(switchErr.ctrlErr.errorType_be);
Log_debug(pf->log, "switch err from [%s] type [%s][%d]", pathStr, Error_strerror(err), err);
struct Node_Link* link = NodeStore_linkForPath(pf->nodeStore, path);
uint8_t nodeAddr[16];
if (link) {
Bits_memcpy(nodeAddr, link->child->address.ip6.bytes, 16);
}
NodeStore_brokenLink(pf->nodeStore, path, pathAtErrorHop);
if (link) {
// Don't touch the node again, it might be a dangling pointer
SearchRunner_search(nodeAddr, 20, 3, pf->searchRunner, pf->alloc);
}
return NULL;
}
// This is directly called from SwitchCore, message is not encrypted.
static Iface_DEFUN sendFromSwitch(struct Message* msg, struct Iface* switchIf)
{
struct Peer* ep = Identity_check((struct Peer*) switchIf);
ep->bytesOut += msg->length;
int msgs = PeerLink_send(msg, ep->peerLink);
for (int i = 0; i < msgs; i++) {
msg = PeerLink_poll(ep->peerLink);
Assert_true(!CryptoAuth_encrypt(ep->caSession, msg));
Assert_true(!(((uintptr_t)msg->bytes) % 4) && "alignment fault");
// push the lladdr...
Message_push(msg, ep->lladdr, ep->lladdr->addrLen, NULL);
// very noisy
if (Defined(Log_DEBUG) && false) {
char* printedAddr =
Hex_print(&ep->lladdr[1], ep->lladdr->addrLen - Sockaddr_OVERHEAD, msg->alloc);
Log_debug(ep->ici->ic->logger, "Outgoing message to [%s]", printedAddr);
}
Iface_send(&ep->ici->pub.addrIf, msg);
}
return NULL;
}
static void initTunnel2(String* desiredDeviceName,
struct Context* ctx,
uint8_t addressPrefix,
struct Except* eh)
{
Log_debug(ctx->logger, "Initializing TUN device [%s]",
(desiredDeviceName) ? desiredDeviceName->bytes : "<auto>");
char assignedTunName[TUNInterface_IFNAMSIZ];
char* desiredName = (desiredDeviceName) ? desiredDeviceName->bytes : NULL;
struct Iface* tun = TUNInterface_new(
desiredName, assignedTunName, 0, ctx->base, ctx->logger, eh, ctx->alloc);
Iface_plumb(tun, &ctx->nc->tunAdapt->tunIf);
IpTunnel_setTunName(assignedTunName, ctx->ipTunnel);
struct Sockaddr* myAddr =
Sockaddr_fromBytes(ctx->nc->myAddress->ip6.bytes, Sockaddr_AF_INET6, ctx->alloc);
myAddr->prefix = addressPrefix;
myAddr->flags |= Sockaddr_flags_PREFIX;
NetDev_addAddress(assignedTunName, myAddr, ctx->logger, eh);
NetDev_setMTU(assignedTunName, DEFAULT_MTU, ctx->logger, eh);
}
static Iface_DEFUN queryMsg(struct MsgCore_pvt* mcp,
Dict* content,
struct Address* src,
struct Message* msg)
{
String* q = Dict_getStringC(content, "q");
struct QueryHandler* qh = NULL;
for (int i = 0; i < mcp->qh->length; i++) {
struct QueryHandler* qhx = ArrayList_OfQueryHandlers_get(mcp->qh, i);
Identity_check(qhx);
if (String_equals(qhx->queryType, q)) {
qh = qhx;
break;
}
}
if (!qh) {
Log_debug(mcp->log, "Unhandled query type [%s]", q->bytes);
return NULL;
}
if (!qh->pub.cb) {
Log_info(mcp->log, "Query handler for [%s] not setup", q->bytes);
return NULL;
}
qh->pub.cb(content, src, msg->alloc, &qh->pub);
return NULL;
}
void RumorMill__addNode(struct RumorMill* mill, struct Address* addr, const char* file, int line)
{
struct RumorMill_pvt* rm = Identity_check((struct RumorMill_pvt*) mill);
Address_getPrefix(addr);
for (int i = 0; i < rm->pub.count; i++) {
if (rm->pub.addresses[i].path == addr->path &&
!Bits_memcmp(rm->pub.addresses[i].key, addr->key, 32))
{
return;
}
}
if (!Bits_memcmp(addr->key, rm->selfAddr->key, 32)) {
return;
}
struct Address* replace;
if (rm->pub.count < rm->capacity) {
replace = &rm->pub.addresses[rm->pub.count++];
} else {
replace = getWorst(rm);
}
Bits_memcpyConst(replace, addr, sizeof(struct Address));
if (Defined(Log_DEBUG)) {
uint8_t addrStr[60];
Address_print(addrStr, addr);
Log_debug(rm->log, "[%s] addNode(%s) count[%d] from [%s:%d]",
rm->pub.name, addrStr, rm->pub.count, file, line);
}
}
static void runTest(char** prefixes,
char** exceptions4,
char** exceptions6,
char** expectedOut4,
char** expectedOut6,
struct Allocator* allocator,
struct Log* log)
{
// Check that routes are invertible.
struct Allocator* alloc = Allocator_child(allocator);
Log_debug(log, "Forward");
runTest0(prefixes, exceptions4, exceptions6, expectedOut4, expectedOut6, alloc, log);
Log_debug(log, "Reverse");
runTest0(prefixes, expectedOut4, expectedOut6, exceptions4, exceptions6, alloc, log);
Allocator_free(alloc);
}
int main()
{
struct Allocator* alloc = MallocAllocator_new(1<<22);
struct Random* rand = Random_new(alloc, NULL, NULL);
struct Log* log = FileWriterLog_new(stdout, alloc);
uint8_t ip[16];
uint8_t printedIp[40];
uint8_t printedShortIp[40];
uint8_t ipFromFull[16];
uint8_t ipFromShort[16];
for (int i = 0; i < 1024; ++i) {
Random_bytes(rand, ip, 16);
for (int j = 0; j < 16; j++) {
// make the random result have lots of zeros since that's what we're looking for.
ip[j] = (ip[j] % 2) ? 0 : ip[j];
}
AddrTools_printIp(printedIp, ip);
AddrTools_printShortIp(printedShortIp, ip);
//printf("%s\n%s\n\n", printedIp, printedShortIp);
AddrTools_parseIp(ipFromFull, printedIp);
AddrTools_parseIp(ipFromShort, printedShortIp);
Log_debug(log, "print/parse %s", printedIp);
Assert_true(0 == Bits_memcmp(ip, ipFromFull, 16));
Assert_true(0 == Bits_memcmp(ipFromFull, ipFromShort, 16));
}
Allocator_free(alloc);
return 0;
}
void Core_initTunnel(String* desiredDeviceName,
struct Sockaddr* addr,
uint8_t addressPrefix,
struct Ducttape* dt,
struct Log* logger,
struct IpTunnel* ipTunnel,
struct EventBase* eventBase,
struct Allocator* alloc,
struct Except* eh)
{
Log_debug(logger, "Initializing TUN device [%s]",
(desiredDeviceName) ? desiredDeviceName->bytes : "<auto>");
char assignedTunName[TUNInterface_IFNAMSIZ];
char* desiredName = (desiredDeviceName) ? desiredDeviceName->bytes : NULL;
struct Interface* tun =
TUNInterface_new(desiredName, assignedTunName, eventBase, logger, eh, alloc);
IpTunnel_setTunName(assignedTunName, ipTunnel);
Ducttape_setUserInterface(dt, tun);
NetDev_addAddress(assignedTunName, addr, addressPrefix, logger, eh);
NetDev_setMTU(assignedTunName, DEFAULT_MTU, logger, eh);
}
static Iface_DEFUN sendTo(struct Message* msg,
struct Iface* dest,
struct TestFramework* srcTf,
struct TestFramework* destTf)
{
Assert_true(!((uintptr_t)msg->bytes % 4) || !"alignment fault");
Assert_true(!(msg->capacity % 4) || !"length fault");
Assert_true(((int)msg->capacity >= msg->length) || !"length fault0");
Log_debug(srcTf->logger, "Transferring message to [%p] - message length [%d]\n",
(void*)dest, msg->length);
// Store the original message and a copy of the original so they can be compared later.
srcTf->lastMsgBackup = Message_clone(msg, srcTf->alloc);
srcTf->lastMsg = msg;
if (msg->alloc) {
// If it's a message which was buffered inside of CryptoAuth then it will be freed
// so by adopting the allocator we can hold it in memory.
Allocator_adopt(srcTf->alloc, msg->alloc);
}
// Copy the original and send that to the other end.
// Can't use Iface_next() when not sending the original msg.
struct Message* sendMsg = Message_clone(msg, destTf->alloc);
Iface_send(dest, sendMsg);
return 0;
}
/**
* Handle an incoming control message from a switch.
*
* @param context the ducttape context.
* @param message the control message, this should be alligned on the beginning of the content,
* that is to say, after the end of the switch header.
* @param switchHeader the header.
* @param switchIf the interface which leads to the switch.
* @param isFormV8 true if the control message is in the form specified by protocol version 8+
*/
static Iface_DEFUN incomingFromCore(struct Message* msg, struct Iface* coreIf)
{
struct ControlHandler_pvt* ch = Identity_check((struct ControlHandler_pvt*) coreIf);
struct SwitchHeader switchHeader;
Message_pop(msg, &switchHeader, SwitchHeader_SIZE, NULL);
uint8_t labelStr[20];
uint64_t label = Endian_bigEndianToHost64(switchHeader.label_be);
AddrTools_printPath(labelStr, label);
Log_debug(ch->log, "ctrl packet from [%s]", labelStr);
if (msg->length < 4 + Control_Header_SIZE) {
Log_info(ch->log, "DROP runt ctrl packet from [%s]", labelStr);
return NULL;
}
Assert_true(Message_pop32(msg, NULL) == 0xffffffff);
if (Checksum_engine(msg->bytes, msg->length)) {
Log_info(ch->log, "DROP ctrl packet from [%s] with invalid checksum", labelStr);
return NULL;
}
struct Control* ctrl = (struct Control*) msg->bytes;
if (ctrl->header.type_be == Control_ERROR_be) {
return handleError(msg, ch, label, labelStr);
} else if (ctrl->header.type_be == Control_KEYPING_be
|| ctrl->header.type_be == Control_PING_be)
{
return handlePing(msg, ch, label, labelStr, ctrl->header.type_be);
} else if (ctrl->header.type_be == Control_KEYPONG_be
|| ctrl->header.type_be == Control_PONG_be)
{
Log_debug(ch->log, "got switch pong from [%s]", labelStr);
// Shift back over the header
Message_shift(msg, 4 + SwitchHeader_SIZE, NULL);
return Iface_next(&ch->pub.switchPingerIf, msg);
}
Log_info(ch->log, "DROP control packet of unknown type from [%s], type [%d]",
labelStr, Endian_bigEndianToHost16(ctrl->header.type_be));
return NULL;
}
/**
* Incoming message from someone we don't know, maybe someone responding to a beacon?
* expects: [ struct LLAddress ][ content ]
*/
static Iface_DEFUN handleUnexpectedIncoming(struct Message* msg,
struct InterfaceController_Iface_pvt* ici)
{
struct InterfaceController_pvt* ic = ici->ic;
struct Sockaddr* lladdr = (struct Sockaddr*) msg->bytes;
Message_shift(msg, -lladdr->addrLen, NULL);
if (msg->length < CryptoHeader_SIZE) {
return NULL;
}
struct Allocator* epAlloc = Allocator_child(ici->alloc);
lladdr = Sockaddr_clone(lladdr, epAlloc);
Assert_true(!((uintptr_t)msg->bytes % 4) && "alignment fault");
struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
Identity_set(ep);
ep->alloc = epAlloc;
ep->ici = ici;
ep->lladdr = lladdr;
ep->alloc = epAlloc;
ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
struct CryptoHeader* ch = (struct CryptoHeader*) msg->bytes;
ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, ch->publicKey, true, "outer");
if (CryptoAuth_decrypt(ep->caSession, msg)) {
// If the first message is a dud, drop all state for this peer.
// probably some random crap that wandered in the socket.
Allocator_free(epAlloc);
return NULL;
}
Assert_true(!Bits_isZero(ep->caSession->herPublicKey, 32));
Assert_true(Map_EndpointsBySockaddr_indexForKey(&lladdr, &ici->peerMap) == -1);
int index = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
Assert_true(index >= 0);
ep->handle = ici->peerMap.handles[index];
Allocator_onFree(epAlloc, closeInterface, ep);
ep->state = InterfaceController_PeerState_UNAUTHENTICATED;
ep->isIncomingConnection = true;
ep->switchIf.send = sendFromSwitch;
if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
Log_debug(ic->logger, "handleUnexpectedIncoming() SwitchCore out of space");
Allocator_free(epAlloc);
return NULL;
}
// We want the node to immedietly be pinged but we don't want it to appear unresponsive because
// the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
// (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
ep->timeOfLastMessage =
Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
Bits_memcpy(ep->addr.key, ep->caSession->herPublicKey, 32);
Bits_memcpy(ep->addr.ip6.bytes, ep->caSession->herIp6, 16);
Log_info(ic->logger, "Added peer [%s] from incoming message",
Address_toString(&ep->addr, msg->alloc)->bytes);
return receivedPostCryptoAuth(msg, ep, ic);
}
static Iface_DEFUN sessionEnded(struct Message* msg, struct Pathfinder_pvt* pf)
{
struct Address addr;
addressForNode(&addr, msg);
String* str = Address_toString(&addr, msg->alloc);
Log_debug(pf->log, "Session ended [%s]", str->bytes);
return NULL;
}
