/* * Send a ping packet to one of the endpoints. */ static void sendPing(struct InterfaceController_Peer* ep) { struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep); ep->pingCount++; struct SwitchPinger_Ping* ping = SwitchPinger_newPing(ep->switchLabel, String_CONST(""), ic->timeoutMilliseconds, onPingResponse, ic->allocator, ic->switchPinger); #ifdef Log_DEBUG uint8_t key[56]; Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32); #endif if (!ping) { Log_debug(ic->logger, "Failed to ping [%s.k], out of ping slots", key); return; } else { Log_debug(ic->logger, "SwitchPing [%s.k]", key); } ping->onResponseContext = ep; }
static inline bool decryptMessage(struct CryptoAuth_Wrapper* wrapper, uint32_t nonce, struct Message* content, uint8_t secret[32]) { if (wrapper->authenticatePackets) { // Decrypt with authentication and replay prevention. int ret = decrypt(nonce, content, secret, wrapper->isInitiator, true); if (ret) { Log_debug(wrapper->context->logger, "Authenticated decryption failed returning %u\n", ret); return false; } ret = !ReplayProtector_checkNonce(nonce, &wrapper->replayProtector); if (ret) { Log_debug(wrapper->context->logger, "Nonce checking failed.\n"); return false; } } else { decrypt(nonce, content, secret, wrapper->isInitiator, false); } int ret = callReceivedMessage(wrapper, content); if (ret) { Log_debug(wrapper->context->logger, "Call received message failed returning %u\n", ret); return false; } return true; }
static void checkLinkage(void* vTwoNodes) { struct TwoNodes* ctx = Identity_check((struct TwoNodes*) vTwoNodes); if (!ctx->beaconsSent) { if (Pathfinder_getNodeStore(ctx->nodeA->pathfinder) && Pathfinder_getNodeStore(ctx->nodeB->pathfinder)) { Log_debug(ctx->logger, "Linking A and B"); TestFramework_linkNodes(ctx->nodeB, ctx->nodeA, true); ctx->beaconsSent = true; } return; } if (Pathfinder_getNodeStore(ctx->nodeA->pathfinder)->nodeCount < 1) { notLinkedYet(ctx); return; } Log_debug(ctx->logger, "A seems to be linked with B"); if (Pathfinder_getNodeStore(ctx->nodeB->pathfinder)->nodeCount < 1) { notLinkedYet(ctx); return; } Log_debug(ctx->logger, "B seems to be linked with A"); Log_debug(ctx->logger, "\n\nSetup Complete\n\n"); Timeout_clearTimeout(ctx->checkLinkageTimeout); ctx->runTest(ctx); }
static void ipTunnel(Dict* ifaceConf, struct Allocator* tempAlloc, struct Context* ctx) { List* incoming = Dict_getList(ifaceConf, String_CONST("allowedConnections")); Dict* d; for (int i = 0; (d = List_getDict(incoming, i)) != NULL; i++) { String* key = Dict_getString(d, String_CONST("publicKey")); String* ip4 = Dict_getString(d, String_CONST("ip4Address")); String* ip6 = Dict_getString(d, String_CONST("ip6Address")); if (!key) { Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]" "'publicKey' required.", i); exit(1); } if (!ip4 && !ip6) { Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]" "either ip4Address or ip6Address required.", i); exit(1); } Log_debug(ctx->logger, "Allowing IpTunnel connections from [%s]", key->bytes); Dict_putString(d, String_CONST("publicKeyOfAuthorizedNode"), key, tempAlloc); rpcCall0(String_CONST("IpTunnel_allowConnection"), d, ctx, tempAlloc, true); } List* outgoing = Dict_getList(ifaceConf, String_CONST("outgoingConnections")); String* s; for (int i = 0; (s = List_getString(outgoing, i)) != NULL; i++) { Log_debug(ctx->logger, "Initiating IpTunnel connection to [%s]", s->bytes); Dict requestDict = Dict_CONST(String_CONST("publicKeyOfNodeToConnectTo"), String_OBJ(s), NULL); rpcCall0(String_CONST("IpTunnel_connectTo"), &requestDict, ctx, tempAlloc, true); } }
/** * If we don't know her key, the handshake has to be done backwards. * Reverse handshake requests are signaled by sending a non-obfuscated zero nonce. */ static uint8_t genReverseHandshake(struct Message* message, struct Wrapper* wrapper, union Headers_CryptoAuth* header) { wrapper->nextNonce = 0; Message_shift(message, -Headers_CryptoAuth_SIZE); // Buffer the packet so it can be sent ASAP if (wrapper->bufferedMessage == NULL) { Log_debug(wrapper->context->logger, "Buffered a message.\n"); wrapper->bufferedMessage = Message_clone(message, wrapper->externalInterface.allocator); assert(wrapper->nextNonce == 0); } else { Log_debug(wrapper->context->logger, "Expelled a message because a session has not yet been setup.\n"); Message_copyOver(wrapper->bufferedMessage, message, wrapper->externalInterface.allocator); assert(wrapper->nextNonce == 0); } wrapper->hasBufferedMessage = true; Message_shift(message, Headers_CryptoAuth_SIZE); header = (union Headers_CryptoAuth*) message->bytes; header->nonce = UINT32_MAX; message->length = Headers_CryptoAuth_SIZE; // sessionState must be 0, auth and 24 byte nonce are garbaged and public key is set // now garbage the authenticator and the encrypted key which are not used. randombytes((uint8_t*) &header->handshake.authenticator, 48); return wrapper->wrappedInterface->sendMessage(message, wrapper->wrappedInterface); }
static void search(uint8_t target[16], struct Janitor* janitor) { if (janitor->searches >= MAX_SEARCHES) { Log_debug(janitor->logger, "Skipping search because 20 are in progress"); return; } #ifdef Log_DEBUG uint8_t targetStr[40]; AddrTools_printIp(targetStr, target); Log_debug(janitor->logger, "Beginning search for [%s]", targetStr); #endif struct Allocator* searchAlloc = Allocator_child(janitor->allocator); struct RouterModule_Promise* rp = SearchRunner_search(target, janitor->searchRunner, searchAlloc); if (!rp) { Log_debug(janitor->logger, "SearchRunner_search() returned NULL, probably full."); Allocator_free(searchAlloc); return; } janitor->searches++; struct Janitor_Search* search = Allocator_clone(rp->alloc, (&(struct Janitor_Search) { .janitor = janitor, .alloc = searchAlloc, }));
/* * Send a ping packet to one of the endpoints. */ static void sendPing(struct Peer* ep) { struct InterfaceController_pvt* ic = Identity_check(ep->ici->ic); ep->pingCount++; struct SwitchPinger_Ping* ping = SwitchPinger_newPing(ep->addr.path, String_CONST(""), ic->timeoutMilliseconds, onPingResponse, ep->alloc, ic->switchPinger); if (Defined(Log_DEBUG)) { uint8_t key[56]; Base32_encode(key, 56, ep->caSession->herPublicKey, 32); if (!ping) { Log_debug(ic->logger, "Failed to ping [%s.k], out of ping slots", key); } else { Log_debug(ic->logger, "SwitchPing [%s.k]", key); } } if (ping) { ping->onResponseContext = ep; } }
Iface_DEFUN TUNTools_genericIP6Echo(struct Message* msg, struct TUNTools* tt) { uint16_t ethertype = TUNMessageType_pop(msg, NULL); if (ethertype != Ethernet_TYPE_IP6) { Log_debug(tt->log, "Spurious packet with ethertype [%04x]\n", Endian_bigEndianToHost16(ethertype)); return 0; } struct Headers_IP6Header* header = (struct Headers_IP6Header*) msg->bytes; if (msg->length != Headers_IP6Header_SIZE + Headers_UDPHeader_SIZE + 12) { int type = (msg->length >= Headers_IP6Header_SIZE) ? header->nextHeader : -1; Log_debug(tt->log, "Message of unexpected length [%u] ip6->nextHeader: [%d]\n", msg->length, type); return 0; } uint8_t* address; Sockaddr_getAddress(tt->tunDestAddr, &address); Assert_true(!Bits_memcmp(header->destinationAddr, address, 16)); Sockaddr_getAddress(tt->udpBindTo, &address); Assert_true(!Bits_memcmp(header->sourceAddr, address, 16)); Sockaddr_getAddress(tt->udpBindTo, &address); Bits_memcpy(header->destinationAddr, address, 16); Sockaddr_getAddress(tt->tunDestAddr, &address); Bits_memcpy(header->sourceAddr, address, 16); TUNMessageType_push(msg, ethertype, NULL); return Iface_next(&tt->tunIface, msg); }
static void sendBeacon(struct InterfaceController_Iface_pvt* ici, struct Allocator* tempAlloc) { if (ici->beaconState < InterfaceController_beaconState_newState_SEND) { Log_debug(ici->ic->logger, "sendBeacon(%s) -> beaconing disabled", ici->name->bytes); return; } Log_debug(ici->ic->logger, "sendBeacon(%s)", ici->name->bytes); struct Message* msg = Message_new(0, 128, tempAlloc); Message_push(msg, &ici->ic->beacon, Headers_Beacon_SIZE, NULL); if (Defined(Log_DEBUG)) { char* content = Hex_print(msg->bytes, msg->length, tempAlloc); Log_debug(ici->ic->logger, "SEND BEACON CONTENT[%s]", content); } struct Sockaddr sa = { .addrLen = Sockaddr_OVERHEAD, .flags = Sockaddr_flags_BCAST }; Message_push(msg, &sa, Sockaddr_OVERHEAD, NULL); Iface_send(&ici->pub.addrIf, msg); }
static void onPingResponse(enum SwitchPinger_Result result, uint64_t label, String* data, uint32_t millisecondsLag, uint32_t version, void* onResponseContext) { if (SwitchPinger_Result_OK != result) { return; } struct IFCPeer* ep = Identity_cast((struct IFCPeer*) onResponseContext); struct Context* ic = ifcontrollerForPeer(ep); struct Address addr; Bits_memset(&addr, 0, sizeof(struct Address)); Bits_memcpyConst(addr.key, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32); addr.path = ep->switchLabel; Log_debug(ic->logger, "got switch pong from node with version [%d]", version); RouterModule_addNode(ic->routerModule, &addr, version); #ifdef Log_DEBUG // This will be false if it times out. //Assert_true(label == ep->switchLabel); uint8_t path[20]; AddrTools_printPath(path, label); uint8_t sl[20]; AddrTools_printPath(sl, ep->switchLabel); Log_debug(ic->logger, "Received [%s] from lazy endpoint [%s] [%s]", SwitchPinger_resultString(result)->bytes, path, sl); #endif }
static void onGetPeers(Dict* msg, struct Address* src, struct Allocator* tmpAlloc, struct MsgCore_Handler* handler) { struct GetPeersResponder_pvt* gprp = Identity_check((struct GetPeersResponder_pvt*) handler->userData); Log_debug(gprp->log, "Received getPeers req from [%s]", Address_toString(src, tmpAlloc)->bytes); String* txid = Dict_getStringC(msg, "txid"); if (!txid) { Log_debug(gprp->log, "getPeers missing txid"); return; } String* nearLabelStr = Dict_getStringC(msg, "tar"); uint64_t label; if (!nearLabelStr || nearLabelStr->len != 8) { Log_debug(gprp->log, "getPeers does not contain proper target"); return; } else { uint64_t label_be; Bits_memcpy(&label_be, nearLabelStr->bytes, 8); label = Endian_bigEndianToHost64(label_be); } struct Address outAddrs[GETPEERS_RESPONSE_NODES] = { { .padding = 0 } };
static void onPingResponse(struct SwitchPinger_Response* resp, void* onResponseContext) { if (SwitchPinger_Result_OK != resp->res) { return; } struct InterfaceController_Peer* ep = Identity_check((struct InterfaceController_Peer*) onResponseContext); struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep); struct Address addr; Bits_memset(&addr, 0, sizeof(struct Address)); Bits_memcpyConst(addr.key, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32); addr.path = ep->switchLabel; addr.protocolVersion = resp->version; #ifdef Log_DEBUG uint8_t addrStr[60]; Address_print(addrStr, &addr); uint8_t key[56]; Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32); #endif if (!Version_isCompatible(Version_CURRENT_PROTOCOL, resp->version)) { Log_debug(ic->logger, "got switch pong from node [%s] with incompatible version [%d]", key, resp->version); } else { Log_debug(ic->logger, "got switch pong from node [%s] with version [%d]", key, resp->version); } if (!ep->timeOfLastPing) { // We've never heard from this machine before (or we've since forgotten about it) // This is here because we want the tests to function without the janitor present. // Other than that, it just makes a slightly more synchronous/guaranteed setup. Router_sendGetPeers(ic->router, &addr, 0, 0, ic->allocator); } struct Node_Link* link = Router_linkForPath(ic->router, resp->label); if (!link || !Node_getBestParent(link->child)) { RumorMill_addNode(ic->rumorMill, &addr); } else { Log_debug(ic->logger, "link exists"); } ep->timeOfLastPing = Time_currentTimeMilliseconds(ic->eventBase); #ifdef Log_DEBUG // This will be false if it times out. //Assert_true(label == ep->switchLabel); uint8_t path[20]; AddrTools_printPath(path, resp->label); uint8_t sl[20]; AddrTools_printPath(sl, ep->switchLabel); Log_debug(ic->logger, "Received [%s] from lazy endpoint [%s] [%s]", SwitchPinger_resultString(resp->res)->bytes, path, sl); #endif }
struct RouterModule_Promise* SearchRunner_search(uint8_t target[16], int maxRequests, int maxRequestsIfFound, struct SearchRunner* searchRunner, struct Allocator* allocator) { struct SearchRunner_pvt* runner = Identity_check((struct SearchRunner_pvt*)searchRunner); if (runner->searches > runner->maxConcurrentSearches) { Log_debug(runner->logger, "Skipping search because there are already [%d] searches active", runner->searches); return NULL; } if (maxRequests < 1) { maxRequests = SearchRunner_DEFAULT_MAX_REQUESTS; } if (maxRequestsIfFound < 1) { maxRequestsIfFound = SearchRunner_DEFAULT_MAX_REQUESTS_IF_FOUND; } struct Allocator* alloc = Allocator_child(allocator); struct Address targetAddr = { .path = 0 }; Bits_memcpyConst(targetAddr.ip6.bytes, target, Address_SEARCH_TARGET_SIZE); struct NodeList* nodes = NodeStore_getClosestNodes(runner->nodeStore, &targetAddr, maxRequests, Version_CURRENT_PROTOCOL, alloc); if (nodes->size == 0) { Log_debug(runner->logger, "No nodes available for beginning search"); Allocator_free(alloc); return NULL; } struct SearchStore_Search* sss = SearchStore_newSearch(target, runner->searchStore, alloc); for (int i = 0; i < (int)nodes->size; i++) { SearchStore_addNodeToSearch(&nodes->nodes[i]->address, sss); } struct SearchRunner_Search* search = Allocator_clone(alloc, (&(struct SearchRunner_Search) { .pub = { .alloc = alloc }, .runner = runner, .search = sss, .maxRequests = maxRequests, .maxRequestsIfFound = maxRequestsIfFound }));
static uint8_t receiveMessage(struct Message* received, struct Interface* interface) { struct CryptoAuth_Wrapper* wrapper = Identity_cast((struct CryptoAuth_Wrapper*) interface->receiverContext); union Headers_CryptoAuth* header = (union Headers_CryptoAuth*) received->bytes; if (received->length < (wrapper->authenticatePackets ? 20 : 4)) { Log_debug(wrapper->context->logger, "Dropped runt"); return Error_UNDERSIZE_MESSAGE; } Assert_true(received->padding >= 12 || "need at least 12 bytes of padding in incoming message"); #ifdef Log_DEBUG Assert_true(!((uintptr_t)received->bytes % 4) || !"alignment fault"); #endif Message_shift(received, -4); uint32_t nonce = Endian_bigEndianToHost32(header->nonce); if (wrapper->nextNonce < 5) { if (nonce > 3 && nonce != UINT32_MAX && knowHerKey(wrapper)) { Log_debug(wrapper->context->logger, "@%p Trying final handshake step, nonce=%u\n", (void*) wrapper, nonce); uint8_t secret[32]; getSharedSecret(secret, wrapper->secret, wrapper->tempKey, NULL, wrapper->context->logger); // We'll optimistically advance the nextNonce value because decryptMessage() // passes the message on to the upper level and if this message causes a // response, we want the CA to be in ESTABLISHED state. // if the decryptMessage() call fails, we CryptoAuth_reset() it back. wrapper->nextNonce += 3; if (decryptMessage(wrapper, nonce, received, secret)) { Log_debug(wrapper->context->logger, "Final handshake step succeeded.\n"); Bits_memcpyConst(wrapper->secret, secret, 32); return Error_NONE; } CryptoAuth_reset(&wrapper->externalInterface); Log_debug(wrapper->context->logger, "Final handshake step failed.\n"); } } else if (nonce > 2 && decryptMessage(wrapper, nonce, received, wrapper->secret)) { // If decryptMessage returns false then we will try the packet as a handshake. return Error_NONE; } else { Log_debug(wrapper->context->logger, "Decryption failed, trying message as a handshake.\n"); } Message_shift(received, 4); return decryptHandshake(wrapper, nonce, received, header); }
static uint8_t sendMessage(struct Message* message, struct Interface* interface) { struct CryptoAuth_Wrapper* wrapper = Identity_cast((struct CryptoAuth_Wrapper*) interface->senderContext); // If there has been no incoming traffic for a while, reset the connection to state 0. // This will prevent "connection in bad state" situations from lasting forever. uint64_t nowSecs = Time_currentTimeSeconds(wrapper->context->eventBase); if (nowSecs - wrapper->timeOfLastPacket > wrapper->context->pub.resetAfterInactivitySeconds) { Log_debug(wrapper->context->logger, "No traffic in [%d] seconds, resetting connection.", (int) (nowSecs - wrapper->timeOfLastPacket)); wrapper->timeOfLastPacket = nowSecs; CryptoAuth_reset(interface); return encryptHandshake(message, wrapper); } #ifdef Log_DEBUG Assert_true(!((uintptr_t)message->bytes % 4) || !"alignment fault"); #endif // nextNonce 0: sending hello, we are initiating connection. // nextNonce 1: sending another hello, nothing received yet. // nextNonce 2: sending key, hello received. // nextNonce 3: sending key again, no data packet recieved yet. // nextNonce >3: handshake complete // // if it's a blind handshake, every message will be empty and nextNonce will remain // zero until the first message is received back. if (wrapper->nextNonce < 5) { if (wrapper->nextNonce < 4) { return encryptHandshake(message, wrapper); } else { Log_debug(wrapper->context->logger, "@%p Doing final step to send message. nonce=4\n", (void*) wrapper); uint8_t secret[32]; getSharedSecret(secret, wrapper->secret, wrapper->tempKey, NULL, wrapper->context->logger); Bits_memcpyConst(wrapper->secret, secret, 32); } } return encryptMessage(message, wrapper); }
static void supernodes(List* supernodes, struct Allocator* tempAlloc, struct Context* ctx) { if (!supernodes) { return; } String* s; for (int i = 0; (s = List_getString(supernodes, i)) != NULL; i++) { Log_debug(ctx->logger, "Loading supernode connection to [%s]", s->bytes); Dict reqDict = Dict_CONST(String_CONST("key"), String_OBJ(s), NULL); if (!Defined(SUBNODE)) { Log_debug(ctx->logger, "Skipping because SUBNODE is not enabled"); continue; } rpcCall0(String_CONST("SupernodeHunter_addSnode"), &reqDict, ctx, tempAlloc, NULL, true); } }
int InterfaceController_beaconState(struct InterfaceController* ifc, int interfaceNumber, int newState) { struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc); struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, interfaceNumber); if (!ici) { return InterfaceController_beaconState_NO_SUCH_IFACE; } char* val = NULL; switch (newState) { default: return InterfaceController_beaconState_INVALID_STATE; case InterfaceController_beaconState_newState_OFF: val = "OFF"; break; case InterfaceController_beaconState_newState_ACCEPT: val = "ACCEPT"; break; case InterfaceController_beaconState_newState_SEND: val = "SEND"; break; } Log_debug(ic->logger, "InterfaceController_beaconState(%s, %s)", ici->name->bytes, val); ici->beaconState = newState; if (newState == InterfaceController_beaconState_newState_SEND) { // Send out a beacon right away so we don't have to wait. struct Allocator* alloc = Allocator_child(ici->alloc); sendBeacon(ici, alloc); Allocator_free(alloc); } return 0; }
void Core_initTunnel(String* desiredDeviceName, uint8_t ipAddr[16], uint8_t addressPrefix, struct Ducttape* dt, struct Log* logger, struct IpTunnel* ipTunnel, struct EventBase* eventBase, struct Allocator* alloc, struct Except* eh) { Log_debug(logger, "Initializing TUN device [%s]", (desiredDeviceName) ? desiredDeviceName->bytes : "<auto>"); char assignedTunName[TUNConfigurator_IFNAMSIZ]; void* tunPtr = TUNConfigurator_initTun(((desiredDeviceName) ? desiredDeviceName->bytes : NULL), assignedTunName, logger, eh); struct TUNInterface* tun = TUNInterface_new(tunPtr, eventBase, alloc, logger); // broken //struct ICMP6Generator* icmp = ICMP6Generator_new(alloc); //InterfaceConnector_connect(&icmp->external, &tun->iface); //Ducttape_setUserInterface(dt, &icmp->internal); Ducttape_setUserInterface(dt, &tun->iface); TUNConfigurator_addIp6Address(assignedTunName, ipAddr, addressPrefix, logger, eh); TUNConfigurator_setMTU(assignedTunName, DEFAULT_MTU, logger, eh); IpTunnel_setTunName(assignedTunName, ipTunnel); }
static Iface_DEFUN switchErr(struct Message* msg, struct Pathfinder_pvt* pf) { struct PFChan_Core_SwitchErr switchErr; Message_pop(msg, &switchErr, PFChan_Core_SwitchErr_MIN_SIZE, NULL); uint64_t path = Endian_bigEndianToHost64(switchErr.sh.label_be); uint64_t pathAtErrorHop = Endian_bigEndianToHost64(switchErr.ctrlErr.cause.label_be); uint8_t pathStr[20]; AddrTools_printPath(pathStr, path); int err = Endian_bigEndianToHost32(switchErr.ctrlErr.errorType_be); Log_debug(pf->log, "switch err from [%s] type [%s][%d]", pathStr, Error_strerror(err), err); struct Node_Link* link = NodeStore_linkForPath(pf->nodeStore, path); uint8_t nodeAddr[16]; if (link) { Bits_memcpy(nodeAddr, link->child->address.ip6.bytes, 16); } NodeStore_brokenLink(pf->nodeStore, path, pathAtErrorHop); if (link) { // Don't touch the node again, it might be a dangling pointer SearchRunner_search(nodeAddr, 20, 3, pf->searchRunner, pf->alloc); } return NULL; }
// This is directly called from SwitchCore, message is not encrypted. static Iface_DEFUN sendFromSwitch(struct Message* msg, struct Iface* switchIf) { struct Peer* ep = Identity_check((struct Peer*) switchIf); ep->bytesOut += msg->length; int msgs = PeerLink_send(msg, ep->peerLink); for (int i = 0; i < msgs; i++) { msg = PeerLink_poll(ep->peerLink); Assert_true(!CryptoAuth_encrypt(ep->caSession, msg)); Assert_true(!(((uintptr_t)msg->bytes) % 4) && "alignment fault"); // push the lladdr... Message_push(msg, ep->lladdr, ep->lladdr->addrLen, NULL); // very noisy if (Defined(Log_DEBUG) && false) { char* printedAddr = Hex_print(&ep->lladdr[1], ep->lladdr->addrLen - Sockaddr_OVERHEAD, msg->alloc); Log_debug(ep->ici->ic->logger, "Outgoing message to [%s]", printedAddr); } Iface_send(&ep->ici->pub.addrIf, msg); } return NULL; }
static void initTunnel2(String* desiredDeviceName, struct Context* ctx, uint8_t addressPrefix, struct Except* eh) { Log_debug(ctx->logger, "Initializing TUN device [%s]", (desiredDeviceName) ? desiredDeviceName->bytes : "<auto>"); char assignedTunName[TUNInterface_IFNAMSIZ]; char* desiredName = (desiredDeviceName) ? desiredDeviceName->bytes : NULL; struct Iface* tun = TUNInterface_new( desiredName, assignedTunName, 0, ctx->base, ctx->logger, eh, ctx->alloc); Iface_plumb(tun, &ctx->nc->tunAdapt->tunIf); IpTunnel_setTunName(assignedTunName, ctx->ipTunnel); struct Sockaddr* myAddr = Sockaddr_fromBytes(ctx->nc->myAddress->ip6.bytes, Sockaddr_AF_INET6, ctx->alloc); myAddr->prefix = addressPrefix; myAddr->flags |= Sockaddr_flags_PREFIX; NetDev_addAddress(assignedTunName, myAddr, ctx->logger, eh); NetDev_setMTU(assignedTunName, DEFAULT_MTU, ctx->logger, eh); }
static Iface_DEFUN queryMsg(struct MsgCore_pvt* mcp, Dict* content, struct Address* src, struct Message* msg) { String* q = Dict_getStringC(content, "q"); struct QueryHandler* qh = NULL; for (int i = 0; i < mcp->qh->length; i++) { struct QueryHandler* qhx = ArrayList_OfQueryHandlers_get(mcp->qh, i); Identity_check(qhx); if (String_equals(qhx->queryType, q)) { qh = qhx; break; } } if (!qh) { Log_debug(mcp->log, "Unhandled query type [%s]", q->bytes); return NULL; } if (!qh->pub.cb) { Log_info(mcp->log, "Query handler for [%s] not setup", q->bytes); return NULL; } qh->pub.cb(content, src, msg->alloc, &qh->pub); return NULL; }
void RumorMill__addNode(struct RumorMill* mill, struct Address* addr, const char* file, int line) { struct RumorMill_pvt* rm = Identity_check((struct RumorMill_pvt*) mill); Address_getPrefix(addr); for (int i = 0; i < rm->pub.count; i++) { if (rm->pub.addresses[i].path == addr->path && !Bits_memcmp(rm->pub.addresses[i].key, addr->key, 32)) { return; } } if (!Bits_memcmp(addr->key, rm->selfAddr->key, 32)) { return; } struct Address* replace; if (rm->pub.count < rm->capacity) { replace = &rm->pub.addresses[rm->pub.count++]; } else { replace = getWorst(rm); } Bits_memcpyConst(replace, addr, sizeof(struct Address)); if (Defined(Log_DEBUG)) { uint8_t addrStr[60]; Address_print(addrStr, addr); Log_debug(rm->log, "[%s] addNode(%s) count[%d] from [%s:%d]", rm->pub.name, addrStr, rm->pub.count, file, line); } }
static void runTest(char** prefixes, char** exceptions4, char** exceptions6, char** expectedOut4, char** expectedOut6, struct Allocator* allocator, struct Log* log) { // Check that routes are invertible. struct Allocator* alloc = Allocator_child(allocator); Log_debug(log, "Forward"); runTest0(prefixes, exceptions4, exceptions6, expectedOut4, expectedOut6, alloc, log); Log_debug(log, "Reverse"); runTest0(prefixes, expectedOut4, expectedOut6, exceptions4, exceptions6, alloc, log); Allocator_free(alloc); }
int main() { struct Allocator* alloc = MallocAllocator_new(1<<22); struct Random* rand = Random_new(alloc, NULL, NULL); struct Log* log = FileWriterLog_new(stdout, alloc); uint8_t ip[16]; uint8_t printedIp[40]; uint8_t printedShortIp[40]; uint8_t ipFromFull[16]; uint8_t ipFromShort[16]; for (int i = 0; i < 1024; ++i) { Random_bytes(rand, ip, 16); for (int j = 0; j < 16; j++) { // make the random result have lots of zeros since that's what we're looking for. ip[j] = (ip[j] % 2) ? 0 : ip[j]; } AddrTools_printIp(printedIp, ip); AddrTools_printShortIp(printedShortIp, ip); //printf("%s\n%s\n\n", printedIp, printedShortIp); AddrTools_parseIp(ipFromFull, printedIp); AddrTools_parseIp(ipFromShort, printedShortIp); Log_debug(log, "print/parse %s", printedIp); Assert_true(0 == Bits_memcmp(ip, ipFromFull, 16)); Assert_true(0 == Bits_memcmp(ipFromFull, ipFromShort, 16)); } Allocator_free(alloc); return 0; }
void Core_initTunnel(String* desiredDeviceName, struct Sockaddr* addr, uint8_t addressPrefix, struct Ducttape* dt, struct Log* logger, struct IpTunnel* ipTunnel, struct EventBase* eventBase, struct Allocator* alloc, struct Except* eh) { Log_debug(logger, "Initializing TUN device [%s]", (desiredDeviceName) ? desiredDeviceName->bytes : "<auto>"); char assignedTunName[TUNInterface_IFNAMSIZ]; char* desiredName = (desiredDeviceName) ? desiredDeviceName->bytes : NULL; struct Interface* tun = TUNInterface_new(desiredName, assignedTunName, eventBase, logger, eh, alloc); IpTunnel_setTunName(assignedTunName, ipTunnel); Ducttape_setUserInterface(dt, tun); NetDev_addAddress(assignedTunName, addr, addressPrefix, logger, eh); NetDev_setMTU(assignedTunName, DEFAULT_MTU, logger, eh); }
static Iface_DEFUN sendTo(struct Message* msg, struct Iface* dest, struct TestFramework* srcTf, struct TestFramework* destTf) { Assert_true(!((uintptr_t)msg->bytes % 4) || !"alignment fault"); Assert_true(!(msg->capacity % 4) || !"length fault"); Assert_true(((int)msg->capacity >= msg->length) || !"length fault0"); Log_debug(srcTf->logger, "Transferring message to [%p] - message length [%d]\n", (void*)dest, msg->length); // Store the original message and a copy of the original so they can be compared later. srcTf->lastMsgBackup = Message_clone(msg, srcTf->alloc); srcTf->lastMsg = msg; if (msg->alloc) { // If it's a message which was buffered inside of CryptoAuth then it will be freed // so by adopting the allocator we can hold it in memory. Allocator_adopt(srcTf->alloc, msg->alloc); } // Copy the original and send that to the other end. // Can't use Iface_next() when not sending the original msg. struct Message* sendMsg = Message_clone(msg, destTf->alloc); Iface_send(dest, sendMsg); return 0; }
/** * Handle an incoming control message from a switch. * * @param context the ducttape context. * @param message the control message, this should be alligned on the beginning of the content, * that is to say, after the end of the switch header. * @param switchHeader the header. * @param switchIf the interface which leads to the switch. * @param isFormV8 true if the control message is in the form specified by protocol version 8+ */ static Iface_DEFUN incomingFromCore(struct Message* msg, struct Iface* coreIf) { struct ControlHandler_pvt* ch = Identity_check((struct ControlHandler_pvt*) coreIf); struct SwitchHeader switchHeader; Message_pop(msg, &switchHeader, SwitchHeader_SIZE, NULL); uint8_t labelStr[20]; uint64_t label = Endian_bigEndianToHost64(switchHeader.label_be); AddrTools_printPath(labelStr, label); Log_debug(ch->log, "ctrl packet from [%s]", labelStr); if (msg->length < 4 + Control_Header_SIZE) { Log_info(ch->log, "DROP runt ctrl packet from [%s]", labelStr); return NULL; } Assert_true(Message_pop32(msg, NULL) == 0xffffffff); if (Checksum_engine(msg->bytes, msg->length)) { Log_info(ch->log, "DROP ctrl packet from [%s] with invalid checksum", labelStr); return NULL; } struct Control* ctrl = (struct Control*) msg->bytes; if (ctrl->header.type_be == Control_ERROR_be) { return handleError(msg, ch, label, labelStr); } else if (ctrl->header.type_be == Control_KEYPING_be || ctrl->header.type_be == Control_PING_be) { return handlePing(msg, ch, label, labelStr, ctrl->header.type_be); } else if (ctrl->header.type_be == Control_KEYPONG_be || ctrl->header.type_be == Control_PONG_be) { Log_debug(ch->log, "got switch pong from [%s]", labelStr); // Shift back over the header Message_shift(msg, 4 + SwitchHeader_SIZE, NULL); return Iface_next(&ch->pub.switchPingerIf, msg); } Log_info(ch->log, "DROP control packet of unknown type from [%s], type [%d]", labelStr, Endian_bigEndianToHost16(ctrl->header.type_be)); return NULL; }
/** * Incoming message from someone we don't know, maybe someone responding to a beacon? * expects: [ struct LLAddress ][ content ] */ static Iface_DEFUN handleUnexpectedIncoming(struct Message* msg, struct InterfaceController_Iface_pvt* ici) { struct InterfaceController_pvt* ic = ici->ic; struct Sockaddr* lladdr = (struct Sockaddr*) msg->bytes; Message_shift(msg, -lladdr->addrLen, NULL); if (msg->length < CryptoHeader_SIZE) { return NULL; } struct Allocator* epAlloc = Allocator_child(ici->alloc); lladdr = Sockaddr_clone(lladdr, epAlloc); Assert_true(!((uintptr_t)msg->bytes % 4) && "alignment fault"); struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1); Identity_set(ep); ep->alloc = epAlloc; ep->ici = ici; ep->lladdr = lladdr; ep->alloc = epAlloc; ep->peerLink = PeerLink_new(ic->eventBase, epAlloc); struct CryptoHeader* ch = (struct CryptoHeader*) msg->bytes; ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, ch->publicKey, true, "outer"); if (CryptoAuth_decrypt(ep->caSession, msg)) { // If the first message is a dud, drop all state for this peer. // probably some random crap that wandered in the socket. Allocator_free(epAlloc); return NULL; } Assert_true(!Bits_isZero(ep->caSession->herPublicKey, 32)); Assert_true(Map_EndpointsBySockaddr_indexForKey(&lladdr, &ici->peerMap) == -1); int index = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap); Assert_true(index >= 0); ep->handle = ici->peerMap.handles[index]; Allocator_onFree(epAlloc, closeInterface, ep); ep->state = InterfaceController_PeerState_UNAUTHENTICATED; ep->isIncomingConnection = true; ep->switchIf.send = sendFromSwitch; if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) { Log_debug(ic->logger, "handleUnexpectedIncoming() SwitchCore out of space"); Allocator_free(epAlloc); return NULL; } // We want the node to immedietly be pinged but we don't want it to appear unresponsive because // the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to // (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node". ep->timeOfLastMessage = Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1; Bits_memcpy(ep->addr.key, ep->caSession->herPublicKey, 32); Bits_memcpy(ep->addr.ip6.bytes, ep->caSession->herIp6, 16); Log_info(ic->logger, "Added peer [%s] from incoming message", Address_toString(&ep->addr, msg->alloc)->bytes); return receivedPostCryptoAuth(msg, ep, ic); }
static Iface_DEFUN sessionEnded(struct Message* msg, struct Pathfinder_pvt* pf) { struct Address addr; addressForNode(&addr, msg); String* str = Address_toString(&addr, msg->alloc); Log_debug(pf->log, "Session ended [%s]", str->bytes); return NULL; }