static void on_underlying_io_bytes_received(void* context, const unsigned char* buffer, size_t size)
{
TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
size_t consumed_bytes;
LOG(tls_io_instance->logger_log, LOG_LINE, "%d received on tls_schannel", size);
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + size) == 0)
{
memcpy(tls_io_instance->received_bytes + tls_io_instance->received_byte_count, buffer, size);
tls_io_instance->received_byte_count += size;
if (size > tls_io_instance->needed_bytes)
{
tls_io_instance->needed_bytes = 0;
}
else
{
tls_io_instance->needed_bytes -= size;
}
/* Drain what we received */
while (tls_io_instance->needed_bytes == 0)
{
if (tls_io_instance->tlsio_state == TLSIO_STATE_HANDSHAKE_CLIENT_HELLO_SENT)
{
SecBuffer input_buffers[2];
SecBuffer output_buffers[2];
ULONG context_attributes;
/* we need to try and perform the second (next) step of the init */
input_buffers[0].cbBuffer = tls_io_instance->received_byte_count;
input_buffers[0].BufferType = SECBUFFER_TOKEN;
input_buffers[0].pvBuffer = (void*)tls_io_instance->received_bytes;
input_buffers[1].cbBuffer = 0;
input_buffers[1].BufferType = SECBUFFER_EMPTY;
input_buffers[1].pvBuffer = 0;
SecBufferDesc input_buffers_desc;
input_buffers_desc.cBuffers = 2;
input_buffers_desc.pBuffers = input_buffers;
input_buffers_desc.ulVersion = SECBUFFER_VERSION;
output_buffers[0].cbBuffer = 0;
output_buffers[0].BufferType = SECBUFFER_TOKEN;
output_buffers[0].pvBuffer = NULL;
output_buffers[1].cbBuffer = 0;
output_buffers[1].BufferType = SECBUFFER_EMPTY;
output_buffers[1].pvBuffer = 0;
SecBufferDesc output_buffers_desc;
output_buffers_desc.cBuffers = 2;
output_buffers_desc.pBuffers = output_buffers;
output_buffers_desc.ulVersion = SECBUFFER_VERSION;
unsigned long flags = ISC_REQ_EXTENDED_ERROR | ISC_REQ_STREAM | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_USE_SUPPLIED_CREDS;
SECURITY_STATUS status = InitializeSecurityContext(&tls_io_instance->credential_handle,
&tls_io_instance->security_context, (SEC_CHAR*)tls_io_instance->host_name, flags, 0, 0, &input_buffers_desc, 0,
&tls_io_instance->security_context, &output_buffers_desc,
&context_attributes, NULL);
switch (status)
{
case SEC_E_INCOMPLETE_MESSAGE:
if (input_buffers[1].BufferType != SECBUFFER_MISSING)
{
//If SECBUFFER_MISSING not sent, try to read byte by byte.
tls_io_instance->needed_bytes = 1;
}
else
{
tls_io_instance->needed_bytes = input_buffers[1].cbBuffer;
}
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + tls_io_instance->needed_bytes) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
break;
case SEC_E_OK:
consumed_bytes = tls_io_instance->received_byte_count;
/* Any extra bytes left over or did we fully consume the receive buffer? */
if (input_buffers[1].BufferType == SECBUFFER_EXTRA)
{
consumed_bytes -= input_buffers[1].cbBuffer;
(void)memmove(tls_io_instance->received_bytes, tls_io_instance->received_bytes + consumed_bytes, tls_io_instance->received_byte_count - consumed_bytes);
}
tls_io_instance->received_byte_count -= consumed_bytes;
/* if nothing more to consume, set the needed bytes to 1, to get on the next byte how many we actually need */
tls_io_instance->needed_bytes = tls_io_instance->received_byte_count == 0 ? 1 : 0;
if (set_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
else
{
tls_io_instance->tlsio_state = TLSIO_STATE_OPEN;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_OK);
}
}
break;
case SEC_I_COMPLETE_NEEDED:
case SEC_I_CONTINUE_NEEDED:
case SEC_I_COMPLETE_AND_CONTINUE:
if ((output_buffers[0].cbBuffer > 0) && xio_send(tls_io_instance->socket_io, output_buffers[0].pvBuffer, output_buffers[0].cbBuffer, NULL, NULL) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
else
{
consumed_bytes = tls_io_instance->received_byte_count;
/* Any extra bytes left over or did we fully consume the receive buffer? */
if (input_buffers[1].BufferType == SECBUFFER_EXTRA)
{
consumed_bytes -= input_buffers[1].cbBuffer;
(void)memmove(tls_io_instance->received_bytes, tls_io_instance->received_bytes + consumed_bytes, tls_io_instance->received_byte_count - consumed_bytes);
}
tls_io_instance->received_byte_count -= consumed_bytes;
/* if nothing more to consume, set the needed bytes to 1, to get on the next byte how many we actually need */
tls_io_instance->needed_bytes = tls_io_instance->received_byte_count == 0 ? 1 : 0;
if (set_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
else
{
tls_io_instance->tlsio_state = TLSIO_STATE_HANDSHAKE_CLIENT_HELLO_SENT;
}
}
break;
case SEC_E_UNTRUSTED_ROOT:
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
break;
default:
{
LPVOID srcText = NULL;
if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL,
status, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)srcText, 0, NULL) > 0)
{
LogError("[%#x] %s", status, (LPTSTR)srcText);
LocalFree(srcText);
}
else
{
LogError("[%#x]", status);
}
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
break;
}
}
else if (tls_io_instance->tlsio_state == TLSIO_STATE_OPEN)
{
SecBuffer security_buffers[4];
SecBufferDesc security_buffers_desc;
security_buffers[0].BufferType = SECBUFFER_DATA;
security_buffers[0].pvBuffer = tls_io_instance->received_bytes;
security_buffers[0].cbBuffer = tls_io_instance->received_byte_count;
security_buffers[1].BufferType = SECBUFFER_EMPTY;
security_buffers[2].BufferType = SECBUFFER_EMPTY;
security_buffers[3].BufferType = SECBUFFER_EMPTY;
security_buffers_desc.cBuffers = sizeof(security_buffers) / sizeof(security_buffers[0]);
security_buffers_desc.pBuffers = security_buffers;
security_buffers_desc.ulVersion = SECBUFFER_VERSION;
SECURITY_STATUS status = DecryptMessage(&tls_io_instance->security_context, &security_buffers_desc, 0, NULL);
switch (status)
{
case SEC_E_INCOMPLETE_MESSAGE:
if (security_buffers[1].BufferType != SECBUFFER_MISSING)
{
//If SECBUFFER_MISSING not sent, try to read byte by byte.
tls_io_instance->needed_bytes = 1;
}
else
{
tls_io_instance->needed_bytes = security_buffers[1].cbBuffer;
}
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + tls_io_instance->needed_bytes) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
break;
case SEC_E_OK:
if (security_buffers[1].BufferType != SECBUFFER_DATA)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
else
{
size_t i;
if (tls_io_instance->logger_log)
{
for (i = 0; i < security_buffers[1].cbBuffer; i++)
{
LOG(tls_io_instance->logger_log, 0, "-> %02x ", ((unsigned char*)security_buffers[1].pvBuffer)[i]);
}
LOG(tls_io_instance->logger_log, LOG_LINE, "");
}
/* notify of the received data */
if (tls_io_instance->on_bytes_received != NULL)
{
tls_io_instance->on_bytes_received(tls_io_instance->on_bytes_received_context, security_buffers[1].pvBuffer, security_buffers[1].cbBuffer);
}
consumed_bytes = tls_io_instance->received_byte_count;
LOG(tls_io_instance->logger_log, LOG_LINE, "%d consumed", tls_io_instance->received_byte_count);
for (i = 0; i < sizeof(security_buffers) / sizeof(security_buffers[0]); i++)
{
/* Any extra bytes left over or did we fully consume the receive buffer? */
if (security_buffers[i].BufferType == SECBUFFER_EXTRA)
{
consumed_bytes -= security_buffers[i].cbBuffer;
(void)memmove(tls_io_instance->received_bytes, tls_io_instance->received_bytes + consumed_bytes, tls_io_instance->received_byte_count - consumed_bytes);
break;
}
}
tls_io_instance->received_byte_count -= consumed_bytes;
/* if nothing more to consume, set the needed bytes to 1, to get on the next byte how many we actually need */
tls_io_instance->needed_bytes = tls_io_instance->received_byte_count == 0 ? 1 : 0;
if (set_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
}
break;
default:
{
LPVOID srcText = NULL;
if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL,
status, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)srcText, 0, NULL) > 0)
{
LogError("[%#x] %s", status, (LPTSTR)srcText);
LocalFree(srcText);
}
else
{
LogError("[%#x]", status);
}
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
break;
}
}
else
{
/* Received data in error or other state */
break;
}
}
}
}
static void on_underlying_io_open_complete(void* context, IO_OPEN_RESULT io_open_result)
{
TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
if (tls_io_instance->tlsio_state != TLSIO_STATE_OPENING_UNDERLYING_IO)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
else
{
SecBuffer init_security_buffers[2];
ULONG context_attributes;
SECURITY_STATUS status;
SCHANNEL_CRED auth_data;
auth_data.dwVersion = SCHANNEL_CRED_VERSION;
auth_data.cCreds = 0;
auth_data.paCred = NULL;
auth_data.hRootStore = NULL;
auth_data.cSupportedAlgs = 0;
auth_data.palgSupportedAlgs = NULL;
auth_data.grbitEnabledProtocols = 0;
auth_data.dwMinimumCipherStrength = 0;
auth_data.dwMaximumCipherStrength = 0;
auth_data.dwSessionLifespan = 0;
auth_data.dwFlags = SCH_USE_STRONG_CRYPTO | SCH_CRED_NO_DEFAULT_CREDS;
auth_data.dwCredFormat = 0;
status = AcquireCredentialsHandle(NULL, UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL,
&auth_data, NULL, NULL, &tls_io_instance->credential_handle, NULL);
if (status != SEC_E_OK)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
else
{
tls_io_instance->credential_handle_allocated = true;
init_security_buffers[0].cbBuffer = 0;
init_security_buffers[0].BufferType = SECBUFFER_TOKEN;
init_security_buffers[0].pvBuffer = NULL;
init_security_buffers[1].cbBuffer = 0;
init_security_buffers[1].BufferType = SECBUFFER_EMPTY;
init_security_buffers[1].pvBuffer = 0;
SecBufferDesc security_buffers_desc;
security_buffers_desc.cBuffers = 2;
security_buffers_desc.pBuffers = init_security_buffers;
security_buffers_desc.ulVersion = SECBUFFER_VERSION;
status = InitializeSecurityContext(&tls_io_instance->credential_handle,
NULL, (SEC_CHAR*)tls_io_instance->host_name, ISC_REQ_EXTENDED_ERROR | ISC_REQ_STREAM | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_USE_SUPPLIED_CREDS, 0, 0, NULL, 0,
&tls_io_instance->security_context, &security_buffers_desc,
&context_attributes, NULL);
if ((status == SEC_I_COMPLETE_NEEDED) || (status == SEC_I_CONTINUE_NEEDED) || (status == SEC_I_COMPLETE_AND_CONTINUE))
{
if (xio_send(tls_io_instance->socket_io, init_security_buffers[0].pvBuffer, init_security_buffers[0].cbBuffer, NULL, NULL) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
else
{
/* set the needed bytes to 1, to get on the next byte how many we actually need */
tls_io_instance->needed_bytes = 1;
if (resize_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
else
{
tls_io_instance->tlsio_state = TLSIO_STATE_HANDSHAKE_CLIENT_HELLO_SENT;
}
}
}
}
}
}
int
main(int argc, char **argv)
{
struct sockaddr_in6 sin6;
int rc, fd, i, opt;
time_t expiry_time, source_expiry_time, kernel_dump_time;
const char **config_files = NULL;
int num_config_files = 0;
void *vrc;
unsigned int seed;
struct interface *ifp;
gettime(&now);
rc = read_random_bytes(&seed, sizeof(seed));
if(rc < 0) {
perror("read(random)");
seed = 42;
}
seed ^= (now.tv_sec ^ now.tv_usec);
srandom(seed);
parse_address("ff02:0:0:0:0:0:1:6", protocol_group, NULL);
protocol_port = 6696;
change_smoothing_half_life(4);
has_ipv6_subtrees = kernel_has_ipv6_subtrees();
while(1) {
opt = getopt(argc, argv,
"m:p:h:H:i:k:A:sruS:d:g:G:lwz:M:t:T:c:C:DL:I:V");
if(opt < 0)
break;
switch(opt) {
case 'm':
rc = parse_address(optarg, protocol_group, NULL);
if(rc < 0)
goto usage;
if(protocol_group[0] != 0xff) {
fprintf(stderr,
"%s is not a multicast address\n", optarg);
goto usage;
}
if(protocol_group[1] != 2) {
fprintf(stderr,
"Warning: %s is not a link-local multicast address\n",
optarg);
}
break;
case 'p':
protocol_port = parse_nat(optarg);
if(protocol_port <= 0 || protocol_port > 0xFFFF)
goto usage;
break;
case 'h':
default_wireless_hello_interval = parse_thousands(optarg);
if(default_wireless_hello_interval <= 0 ||
default_wireless_hello_interval > 0xFFFF * 10)
goto usage;
break;
case 'H':
default_wired_hello_interval = parse_thousands(optarg);
if(default_wired_hello_interval <= 0 ||
default_wired_hello_interval > 0xFFFF * 10)
goto usage;
break;
case 'k':
kernel_metric = parse_nat(optarg);
if(kernel_metric < 0 || kernel_metric > 0xFFFF)
goto usage;
break;
case 'A':
allow_duplicates = parse_nat(optarg);
if(allow_duplicates < 0 || allow_duplicates > 0xFFFF)
goto usage;
break;
case 's':
split_horizon = 0;
break;
case 'r':
random_id = 1;
break;
case 'u':
keep_unfeasible = 1;
break;
case 'S':
state_file = optarg;
break;
case 'd':
debug = parse_nat(optarg);
if(debug < 0)
goto usage;
break;
case 'g':
case 'G':
if(opt == 'g')
local_server_write = 0;
else
local_server_write = 1;
if(optarg[0] == '/') {
local_server_port = -1;
free(local_server_path);
local_server_path = strdup(optarg);
} else {
local_server_port = parse_nat(optarg);
free(local_server_path);
local_server_path = NULL;
if(local_server_port <= 0 || local_server_port > 0xFFFF)
goto usage;
}
break;
case 'l':
link_detect = 1;
break;
case 'w':
all_wireless = 1;
break;
case 'z':
{
char *comma;
diversity_kind = (int)strtol(optarg, &comma, 0);
if(*comma == '\0')
diversity_factor = 128;
else if(*comma == ',')
diversity_factor = parse_nat(comma + 1);
else
goto usage;
if(diversity_factor <= 0 || diversity_factor > 256)
goto usage;
}
break;
case 'M': {
int l = parse_nat(optarg);
if(l < 0 || l > 3600)
goto usage;
change_smoothing_half_life(l);
break;
}
case 't':
export_table = parse_nat(optarg);
if(export_table < 0 || export_table > 0xFFFF)
goto usage;
break;
case 'T':
if(add_import_table(parse_nat(optarg)))
goto usage;
break;
case 'c':
config_files = realloc(config_files,
(num_config_files + 1) * sizeof(char*));
if(config_files == NULL) {
fprintf(stderr, "Couldn't allocate config file.\n");
exit(1);
}
config_files[num_config_files++] = optarg;
break;
case 'C':
rc = parse_config_from_string(optarg, strlen(optarg), NULL);
if(rc != CONFIG_ACTION_DONE) {
fprintf(stderr,
"Couldn't parse configuration from command line.\n");
exit(1);
}
break;
case 'D':
do_daemonise = 1;
break;
case 'L':
logfile = optarg;
break;
case 'I':
pidfile = optarg;
break;
case 'V':
fprintf(stderr, "%s\n", BABELD_VERSION);
exit(0);
break;
default:
goto usage;
}
}
if(num_config_files == 0) {
if(access("/etc/babeld.conf", F_OK) >= 0) {
config_files = malloc(sizeof(char*));
if(config_files == NULL) {
fprintf(stderr, "Couldn't allocate config file.\n");
exit(1);
}
config_files[num_config_files++] = "/etc/babeld.conf";
}
}
for(i = 0; i < num_config_files; i++) {
int line;
rc = parse_config_from_file(config_files[i], &line);
if(rc < 0) {
fprintf(stderr,
"Couldn't parse configuration from file %s "
"(error at line %d).\n",
config_files[i], line);
exit(1);
}
}
free(config_files);
if(default_wireless_hello_interval <= 0)
default_wireless_hello_interval = 4000;
default_wireless_hello_interval = MAX(default_wireless_hello_interval, 5);
if(default_wired_hello_interval <= 0)
default_wired_hello_interval = 4000;
default_wired_hello_interval = MAX(default_wired_hello_interval, 5);
resend_delay = 2000;
resend_delay = MIN(resend_delay, default_wireless_hello_interval / 2);
resend_delay = MIN(resend_delay, default_wired_hello_interval / 2);
resend_delay = MAX(resend_delay, 20);
if(do_daemonise) {
if(logfile == NULL)
logfile = "/var/log/babeld.log";
}
rc = reopen_logfile();
if(rc < 0) {
perror("reopen_logfile()");
exit(1);
}
fd = open("/dev/null", O_RDONLY);
if(fd < 0) {
perror("open(null)");
exit(1);
}
rc = dup2(fd, 0);
if(rc < 0) {
perror("dup2(null, 0)");
exit(1);
}
close(fd);
if(do_daemonise) {
rc = daemonise();
if(rc < 0) {
perror("daemonise");
exit(1);
}
}
if(pidfile && pidfile[0] != '\0') {
int pfd, len;
char buf[100];
len = snprintf(buf, 100, "%lu", (unsigned long)getpid());
if(len < 0 || len >= 100) {
perror("snprintf(getpid)");
exit(1);
}
pfd = open(pidfile, O_WRONLY | O_CREAT | O_EXCL, 0644);
if(pfd < 0) {
char buf[40];
snprintf(buf, 40, "creat(%s)", pidfile);
buf[39] = '\0';
perror(buf);
exit(1);
}
rc = write(pfd, buf, len);
if(rc < len) {
perror("write(pidfile)");
goto fail_pid;
}
close(pfd);
}
rc = kernel_setup(1);
if(rc < 0) {
fprintf(stderr, "kernel_setup failed.\n");
goto fail_pid;
}
rc = kernel_setup_socket(1);
if(rc < 0) {
fprintf(stderr, "kernel_setup_socket failed.\n");
kernel_setup(0);
goto fail_pid;
}
rc = finalise_config();
if(rc < 0) {
fprintf(stderr, "Couldn't finalise configuration.\n");
goto fail;
}
for(i = optind; i < argc; i++) {
vrc = add_interface(argv[i], NULL);
if(vrc == NULL)
goto fail;
}
if(interfaces == NULL) {
fprintf(stderr, "Eek... asked to run on no interfaces!\n");
goto fail;
}
if(!have_id && !random_id) {
/* We use all available interfaces here, since this increases the
chances of getting a stable router-id in case the set of Babel
interfaces changes. */
for(i = 1; i < 256; i++) {
char buf[IF_NAMESIZE], *ifname;
unsigned char eui[8];
ifname = if_indextoname(i, buf);
if(ifname == NULL)
continue;
rc = if_eui64(ifname, i, eui);
if(rc < 0)
continue;
memcpy(myid, eui, 8);
have_id = 1;
break;
}
}
if(!have_id) {
if(!random_id)
fprintf(stderr,
"Warning: couldn't find router id -- "
"using random value.\n");
rc = read_random_bytes(myid, 8);
if(rc < 0) {
perror("read(random)");
goto fail;
}
/* Clear group and global bits */
myid[0] &= ~3;
}
myseqno = (random() & 0xFFFF);
fd = open(state_file, O_RDONLY);
if(fd < 0 && errno != ENOENT)
perror("open(babel-state)");
rc = unlink(state_file);
if(fd >= 0 && rc < 0) {
perror("unlink(babel-state)");
/* If we couldn't unlink it, it's probably stale. */
close(fd);
fd = -1;
}
if(fd >= 0) {
char buf[100];
int s;
rc = read(fd, buf, 99);
if(rc < 0) {
perror("read(babel-state)");
} else {
buf[rc] = '\0';
rc = sscanf(buf, "%d\n", &s);
if(rc == 1 && s >= 0 && s <= 0xFFFF) {
myseqno = seqno_plus(s, 1);
} else {
fprintf(stderr, "Couldn't parse babel-state.\n");
}
}
close(fd);
fd = -1;
}
protocol_socket = babel_socket(protocol_port);
if(protocol_socket < 0) {
perror("Couldn't create link local socket");
goto fail;
}
if(local_server_port >= 0) {
local_server_socket = tcp_server_socket(local_server_port, 1);
if(local_server_socket < 0) {
perror("local_server_socket");
goto fail;
}
} else if(local_server_path) {
local_server_socket = unix_server_socket(local_server_path);
if(local_server_socket < 0) {
perror("local_server_socket");
goto fail;
}
}
init_signals();
rc = resize_receive_buffer(1500);
if(rc < 0)
goto fail;
if(receive_buffer == NULL)
goto fail;
check_interfaces();
rc = check_xroutes(0);
if(rc < 0)
fprintf(stderr, "Warning: couldn't check exported routes.\n");
rc = check_rules();
if(rc < 0)
fprintf(stderr, "Warning: couldn't check rules.\n");
kernel_routes_changed = 0;
kernel_rules_changed = 0;
kernel_link_changed = 0;
kernel_addr_changed = 0;
kernel_dump_time = now.tv_sec + roughly(30);
schedule_neighbours_check(5000, 1);
schedule_interfaces_check(30000, 1);
expiry_time = now.tv_sec + roughly(30);
source_expiry_time = now.tv_sec + roughly(300);
/* Make some noise so that others notice us, and send retractions in
case we were restarted recently */
FOR_ALL_INTERFACES(ifp) {
if(!if_up(ifp))
continue;
/* Apply jitter before we send the first message. */
usleep(roughly(10000));
gettime(&now);
send_hello(ifp);
send_wildcard_retraction(ifp);
}
FOR_ALL_INTERFACES(ifp) {
if(!if_up(ifp))
continue;
usleep(roughly(10000));
gettime(&now);
send_hello(ifp);
send_wildcard_retraction(ifp);
send_self_update(ifp);
send_request(ifp, NULL, 0, NULL, 0);
flushupdates(ifp);
flushbuf(ifp);
}
debugf("Entering main loop.\n");
while(1) {
struct timeval tv;
fd_set readfds;
gettime(&now);
tv = check_neighbours_timeout;
timeval_min(&tv, &check_interfaces_timeout);
timeval_min_sec(&tv, expiry_time);
timeval_min_sec(&tv, source_expiry_time);
timeval_min_sec(&tv, kernel_dump_time);
timeval_min(&tv, &resend_time);
FOR_ALL_INTERFACES(ifp) {
if(!if_up(ifp))
continue;
timeval_min(&tv, &ifp->flush_timeout);
timeval_min(&tv, &ifp->hello_timeout);
timeval_min(&tv, &ifp->update_timeout);
timeval_min(&tv, &ifp->update_flush_timeout);
}
timeval_min(&tv, &unicast_flush_timeout);
FD_ZERO(&readfds);
if(timeval_compare(&tv, &now) > 0) {
int maxfd = 0;
timeval_minus(&tv, &tv, &now);
FD_SET(protocol_socket, &readfds);
maxfd = MAX(maxfd, protocol_socket);
if(kernel_socket < 0) kernel_setup_socket(1);
if(kernel_socket >= 0) {
FD_SET(kernel_socket, &readfds);
maxfd = MAX(maxfd, kernel_socket);
}
if(local_server_socket >= 0 &&
num_local_sockets < MAX_LOCAL_SOCKETS) {
FD_SET(local_server_socket, &readfds);
maxfd = MAX(maxfd, local_server_socket);
}
for(i = 0; i < num_local_sockets; i++) {
FD_SET(local_sockets[i].fd, &readfds);
maxfd = MAX(maxfd, local_sockets[i].fd);
}
rc = select(maxfd + 1, &readfds, NULL, NULL, &tv);
if(rc < 0) {
if(errno != EINTR) {
perror("select");
sleep(1);
}
rc = 0;
FD_ZERO(&readfds);
}
}
gettime(&now);
if(exiting)
break;
if(kernel_socket >= 0 && FD_ISSET(kernel_socket, &readfds)) {
struct kernel_filter filter = {0};
filter.route = kernel_route_notify;
filter.addr = kernel_addr_notify;
filter.link = kernel_link_notify;
filter.rule = kernel_rule_notify;
kernel_callback(&filter);
}
if(FD_ISSET(protocol_socket, &readfds)) {
rc = babel_recv(protocol_socket,
receive_buffer, receive_buffer_size,
(struct sockaddr*)&sin6, sizeof(sin6));
if(rc < 0) {
if(errno != EAGAIN && errno != EINTR) {
perror("recv");
sleep(1);
}
} else {
FOR_ALL_INTERFACES(ifp) {
if(!if_up(ifp))
continue;
if(ifp->ifindex == sin6.sin6_scope_id) {
parse_packet((unsigned char*)&sin6.sin6_addr, ifp,
receive_buffer, rc);
VALGRIND_MAKE_MEM_UNDEFINED(receive_buffer,
receive_buffer_size);
break;
}
}
}
}
if(local_server_socket >= 0 && FD_ISSET(local_server_socket, &readfds))
accept_local_connections();
i = 0;
while(i < num_local_sockets) {
if(FD_ISSET(local_sockets[i].fd, &readfds)) {
rc = local_read(&local_sockets[i]);
if(rc <= 0) {
if(rc < 0) {
if(errno == EINTR || errno == EAGAIN)
continue;
perror("read(local_socket)");
}
local_socket_destroy(i);
}
}
i++;
}
if(reopening) {
kernel_dump_time = now.tv_sec;
check_neighbours_timeout = now;
expiry_time = now.tv_sec;
rc = reopen_logfile();
if(rc < 0) {
perror("reopen_logfile");
break;
}
reopening = 0;
}
if(kernel_link_changed || kernel_addr_changed) {
check_interfaces();
kernel_link_changed = 0;
}
if(kernel_routes_changed || kernel_addr_changed ||
kernel_rules_changed || now.tv_sec >= kernel_dump_time) {
rc = check_xroutes(1);
if(rc < 0)
fprintf(stderr, "Warning: couldn't check exported routes.\n");
rc = check_rules();
if(rc < 0)
fprintf(stderr, "Warning: couldn't check rules.\n");
kernel_routes_changed = kernel_rules_changed =
kernel_addr_changed = 0;
if(kernel_socket >= 0)
kernel_dump_time = now.tv_sec + roughly(300);
else
kernel_dump_time = now.tv_sec + roughly(30);
}
if(timeval_compare(&check_neighbours_timeout, &now) < 0) {
int msecs;
msecs = check_neighbours();
/* Multiply by 3/2 to allow neighbours to expire. */
msecs = MAX(3 * msecs / 2, 10);
schedule_neighbours_check(msecs, 1);
}
if(timeval_compare(&check_interfaces_timeout, &now) < 0) {
check_interfaces();
schedule_interfaces_check(30000, 1);
}
if(now.tv_sec >= expiry_time) {
expire_routes();
expire_resend();
expiry_time = now.tv_sec + roughly(30);
}
if(now.tv_sec >= source_expiry_time) {
expire_sources();
source_expiry_time = now.tv_sec + roughly(300);
}
FOR_ALL_INTERFACES(ifp) {
if(!if_up(ifp))
continue;
if(timeval_compare(&now, &ifp->hello_timeout) >= 0)
send_hello(ifp);
if(timeval_compare(&now, &ifp->update_timeout) >= 0)
send_update(ifp, 0, NULL, 0, NULL, 0);
if(timeval_compare(&now, &ifp->update_flush_timeout) >= 0)
flushupdates(ifp);
}
if(resend_time.tv_sec != 0) {
if(timeval_compare(&now, &resend_time) >= 0)
do_resend();
}
if(unicast_flush_timeout.tv_sec != 0) {
if(timeval_compare(&now, &unicast_flush_timeout) >= 0)
flush_unicast(1);
}
FOR_ALL_INTERFACES(ifp) {
if(!if_up(ifp))
continue;
if(ifp->flush_timeout.tv_sec != 0) {
if(timeval_compare(&now, &ifp->flush_timeout) >= 0)
flushbuf(ifp);
}
}
if(UNLIKELY(debug || dumping)) {
dump_tables(stdout);
dumping = 0;
}
}
static void on_underlying_io_bytes_received(void* context, const unsigned char* buffer, size_t size)
{
TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + size) == 0)
{
memcpy(tls_io_instance->received_bytes + tls_io_instance->received_byte_count, buffer, size);
tls_io_instance->received_byte_count += size;
if (size > tls_io_instance->needed_bytes)
{
tls_io_instance->needed_bytes = 0;
}
else
{
tls_io_instance->needed_bytes -= size;
}
switch (tls_io_instance->tlsio_state)
{
default:
break;
case TLSIO_STATE_ERROR:
break;
case TLSIO_STATE_HANDSHAKE_CLIENT_HELLO_SENT:
{
if (tls_io_instance->needed_bytes == 0)
{
SecBuffer input_buffers[2];
SecBuffer output_buffers[2];
ULONG context_attributes;
/* we need to try and perform the second (next) step of the init */
input_buffers[0].cbBuffer = tls_io_instance->received_byte_count;
input_buffers[0].BufferType = SECBUFFER_TOKEN;
input_buffers[0].pvBuffer = (void*)tls_io_instance->received_bytes;
input_buffers[1].cbBuffer = 0;
input_buffers[1].BufferType = SECBUFFER_EMPTY;
input_buffers[1].pvBuffer = 0;
SecBufferDesc input_buffers_desc;
input_buffers_desc.cBuffers = 2;
input_buffers_desc.pBuffers = input_buffers;
input_buffers_desc.ulVersion = SECBUFFER_VERSION;
output_buffers[0].cbBuffer = 0;
output_buffers[0].BufferType = SECBUFFER_TOKEN;
output_buffers[0].pvBuffer = NULL;
output_buffers[1].cbBuffer = 0;
output_buffers[1].BufferType = SECBUFFER_EMPTY;
output_buffers[1].pvBuffer = 0;
SecBufferDesc output_buffers_desc;
output_buffers_desc.cBuffers = 2;
output_buffers_desc.pBuffers = output_buffers;
output_buffers_desc.ulVersion = SECBUFFER_VERSION;
SECURITY_STATUS status = InitializeSecurityContext(&tls_io_instance->credential_handle,
&tls_io_instance->security_context, (SEC_CHAR*)tls_io_instance->host_name, ISC_REQ_EXTENDED_ERROR | ISC_REQ_STREAM | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_USE_SUPPLIED_CREDS, 0, 0, &input_buffers_desc, 0,
&tls_io_instance->security_context, &output_buffers_desc,
&context_attributes, NULL);
switch (status)
{
case SEC_E_INCOMPLETE_MESSAGE:
if (input_buffers[1].BufferType != SECBUFFER_MISSING)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
}
}
else
{
tls_io_instance->needed_bytes = input_buffers[1].cbBuffer;
tls_io_instance->consumed_bytes += tls_io_instance->needed_bytes;
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + tls_io_instance->needed_bytes) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
}
}
}
break;
case SEC_E_OK:
memmove(tls_io_instance->received_bytes, tls_io_instance->received_bytes + tls_io_instance->consumed_bytes, tls_io_instance->received_byte_count - tls_io_instance->consumed_bytes);
tls_io_instance->received_byte_count -= tls_io_instance->consumed_bytes;
tls_io_instance->needed_bytes = 1;
tls_io_instance->consumed_bytes = tls_io_instance->needed_bytes;
if (set_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
}
}
else
{
tls_io_instance->tlsio_state = TLSIO_STATE_OPEN;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_OK);
}
}
break;
case SEC_I_COMPLETE_NEEDED:
case SEC_I_CONTINUE_NEEDED:
case SEC_I_COMPLETE_AND_CONTINUE:
if ((output_buffers[0].cbBuffer > 0) && xio_send(tls_io_instance->socket_io, output_buffers[0].pvBuffer, output_buffers[0].cbBuffer, NULL, NULL) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
}
}
else
{
(void)memmove(tls_io_instance->received_bytes, tls_io_instance->received_bytes + tls_io_instance->consumed_bytes, tls_io_instance->received_byte_count - tls_io_instance->consumed_bytes);
tls_io_instance->received_byte_count -= tls_io_instance->consumed_bytes;
/* set the needed bytes to 1, to get on the next byte how many we actually need */
tls_io_instance->needed_bytes = 1;
tls_io_instance->consumed_bytes = tls_io_instance->needed_bytes;
if (set_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
FreeCredentialHandle(&tls_io_instance->credential_handle);
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->open_callback_context, IO_OPEN_ERROR);
}
}
else
{
tls_io_instance->tlsio_state = TLSIO_STATE_HANDSHAKE_CLIENT_HELLO_SENT;
}
}
break;
}
}
break;
case TLSIO_STATE_OPEN:
{
if (tls_io_instance->needed_bytes == 0)
{
SecBuffer security_buffers[4];
SecBufferDesc security_buffers_desc;
security_buffers[0].BufferType = SECBUFFER_DATA;
security_buffers[0].pvBuffer = tls_io_instance->received_bytes;
security_buffers[0].cbBuffer = tls_io_instance->received_byte_count;
security_buffers[1].BufferType = SECBUFFER_EMPTY;
security_buffers[2].BufferType = SECBUFFER_EMPTY;
security_buffers[3].BufferType = SECBUFFER_EMPTY;
security_buffers_desc.cBuffers = sizeof(security_buffers) / sizeof(security_buffers[0]);
security_buffers_desc.pBuffers = security_buffers;
security_buffers_desc.ulVersion = SECBUFFER_VERSION;
SECURITY_STATUS status = DecryptMessage(&tls_io_instance->security_context, &security_buffers_desc, 0, NULL);
switch (status)
{
case SEC_E_INCOMPLETE_MESSAGE:
if (security_buffers[1].BufferType != SECBUFFER_MISSING)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
else
{
tls_io_instance->needed_bytes = security_buffers[1].cbBuffer;
tls_io_instance->consumed_bytes += tls_io_instance->needed_bytes;
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + tls_io_instance->needed_bytes) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
}
break;
case SEC_E_OK:
if (security_buffers[1].BufferType != SECBUFFER_DATA)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
else
{
size_t i;
for (i = 0; i < security_buffers[1].cbBuffer; i++)
{
LOG(tls_io_instance->logger_log, 0, "<-%02x ", ((unsigned char*)security_buffers[1].pvBuffer)[i]);
}
/* notify of the received data */
if (tls_io_instance->on_bytes_received != NULL)
{
tls_io_instance->on_bytes_received(tls_io_instance->open_callback_context, security_buffers[1].pvBuffer, security_buffers[1].cbBuffer);
}
(void)memmove(tls_io_instance->received_bytes, tls_io_instance->received_bytes + tls_io_instance->consumed_bytes, tls_io_instance->received_byte_count - tls_io_instance->consumed_bytes);
tls_io_instance->received_byte_count -= tls_io_instance->consumed_bytes;
tls_io_instance->needed_bytes = 1;
tls_io_instance->consumed_bytes = tls_io_instance->needed_bytes;
if (set_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
indicate_error(tls_io_instance);
}
}
break;
}
}
break;
}
}
}
}
}
int
interface_up(struct interface *ifp, int up)
{
int mtu, rc, wired;
struct ipv6_mreq mreq;
if((!!up) == if_up(ifp))
return 0;
if(up)
ifp->flags |= IF_UP;
else
ifp->flags &= ~IF_UP;
if(up) {
if(ifp->ifindex <= 0) {
fprintf(stderr,
"Upping unknown interface %s.\n", ifp->name);
goto fail;
}
rc = kernel_setup_interface(1, ifp->name, ifp->ifindex);
if(rc < 0) {
fprintf(stderr, "kernel_setup_interface(%s, %d) failed.\n",
ifp->name, ifp->ifindex);
goto fail;
}
mtu = kernel_interface_mtu(ifp->name, ifp->ifindex);
if(mtu < 0) {
fprintf(stderr, "Warning: couldn't get MTU of interface %s (%d).\n",
ifp->name, ifp->ifindex);
mtu = 1280;
}
/* We need to be able to fit at least two messages into a packet,
so MTUs below 116 require lower layer fragmentation. */
/* In IPv6, the minimum MTU is 1280, and every host must be able
to reassemble up to 1500 bytes, but I'd rather not rely on this. */
if(mtu < 128) {
fprintf(stderr, "Suspiciously low MTU %d on interface %s (%d).\n",
mtu, ifp->name, ifp->ifindex);
mtu = 128;
}
if(ifp->sendbuf)
free(ifp->sendbuf);
/* 40 for IPv6 header, 8 for UDP header, 12 for good luck. */
ifp->bufsize = mtu - sizeof(packet_header) - 60;
ifp->sendbuf = malloc(ifp->bufsize);
if(ifp->sendbuf == NULL) {
fprintf(stderr, "Couldn't allocate sendbuf.\n");
ifp->bufsize = 0;
goto fail;
}
rc = resize_receive_buffer(mtu);
if(rc < 0)
fprintf(stderr, "Warning: couldn't resize "
"receive buffer for interface %s (%d) (%d bytes).\n",
ifp->name, ifp->ifindex, mtu);
if(IF_CONF(ifp, wired) == CONFIG_NO) {
wired = 0;
} else if(IF_CONF(ifp, wired) == CONFIG_YES) {
wired = 1;
} else if(all_wireless) {
wired = 0;
} else {
rc = kernel_interface_wireless(ifp->name, ifp->ifindex);
if(rc < 0) {
fprintf(stderr,
"Warning: couldn't determine whether %s (%d) "
"is a wireless interface.\n",
ifp->name, ifp->ifindex);
wired = 0;
} else {
wired = !rc;
}
}
if(wired) {
ifp->flags |= IF_WIRED;
ifp->cost = IF_CONF(ifp, cost);
if(ifp->cost <= 0) ifp->cost = 96;
if(IF_CONF(ifp, split_horizon) == CONFIG_NO)
ifp->flags &= ~IF_SPLIT_HORIZON;
else if(IF_CONF(ifp, split_horizon) == CONFIG_YES)
ifp->flags |= IF_SPLIT_HORIZON;
else if(split_horizon)
ifp->flags |= IF_SPLIT_HORIZON;
else
ifp->flags &= ~IF_SPLIT_HORIZON;
if(IF_CONF(ifp, lq) == CONFIG_YES)
ifp->flags |= IF_LQ;
else
ifp->flags &= ~IF_LQ;
} else {
ifp->flags &= ~IF_WIRED;
ifp->cost = IF_CONF(ifp, cost);
if(ifp->cost <= 0) ifp->cost = 256;
if(IF_CONF(ifp, split_horizon) == CONFIG_YES)
ifp->flags |= IF_SPLIT_HORIZON;
else
ifp->flags &= ~IF_SPLIT_HORIZON;
if(IF_CONF(ifp, lq) == CONFIG_NO)
ifp->flags &= ~IF_LQ;
else
ifp->flags |= IF_LQ;
}
if(IF_CONF(ifp, faraway) == CONFIG_YES)
ifp->flags |= IF_FARAWAY;
if(IF_CONF(ifp, hello_interval) > 0)
ifp->hello_interval = IF_CONF(ifp, hello_interval);
else if((ifp->flags & IF_WIRED))
ifp->hello_interval = default_wired_hello_interval;
else
ifp->hello_interval = default_wireless_hello_interval;
ifp->update_interval =
IF_CONF(ifp, update_interval) > 0 ?
IF_CONF(ifp, update_interval) :
ifp->hello_interval * 4;
ifp->rtt_decay =
IF_CONF(ifp, rtt_decay) > 0 ?
IF_CONF(ifp, rtt_decay) : 42;
ifp->rtt_min =
IF_CONF(ifp, rtt_min) > 0 ?
IF_CONF(ifp, rtt_min) : 10000;
ifp->rtt_max =
IF_CONF(ifp, rtt_max) > 0 ?
IF_CONF(ifp, rtt_max) : 120000;
if(ifp->rtt_max <= ifp->rtt_min) {
fprintf(stderr,
"Uh, rtt-max is less than or equal to rtt-min (%d <= %d). "
"Setting it to %d.\n", ifp->rtt_max, ifp->rtt_min,
ifp->rtt_min + 10000);
ifp->rtt_max = ifp->rtt_min + 10000;
}
ifp->max_rtt_penalty = IF_CONF(ifp, max_rtt_penalty);
if(IF_CONF(ifp, enable_timestamps) == CONFIG_YES ||
(IF_CONF(ifp, enable_timestamps) == CONFIG_DEFAULT &&
ifp->max_rtt_penalty > 0))
ifp->flags |= IF_TIMESTAMPS;
rc = check_link_local_addresses(ifp);
if(rc < 0) {
goto fail;
}
memset(&mreq, 0, sizeof(mreq));
memcpy(&mreq.ipv6mr_multiaddr, protocol_group, 16);
mreq.ipv6mr_interface = ifp->ifindex;
rc = setsockopt(protocol_socket, IPPROTO_IPV6, IPV6_JOIN_GROUP,
(char*)&mreq, sizeof(mreq));
if(rc < 0) {
perror("setsockopt(IPV6_JOIN_GROUP)");
goto fail;
}
check_interface_channel(ifp);
update_interface_metric(ifp);
rc = check_interface_ipv4(ifp);
debugf("Upped interface %s (%s, cost=%d, channel=%d%s).\n",
ifp->name,
(ifp->flags & IF_WIRED) ? "wired" : "wireless",
ifp->cost,
ifp->channel,
ifp->ipv4 ? ", IPv4" : "");
set_timeout(&ifp->hello_timeout, ifp->hello_interval);
set_timeout(&ifp->update_timeout, ifp->update_interval);
send_hello(ifp);
if(rc > 0)
send_update(ifp, 0, NULL, 0, NULL, 0);
send_request(ifp, NULL, 0, NULL, 0);
} else {
flush_interface_routes(ifp, 0);
ifp->buffered = 0;
ifp->bufsize = 0;
free(ifp->sendbuf);
ifp->num_buffered_updates = 0;
ifp->update_bufsize = 0;
if(ifp->buffered_updates)
free(ifp->buffered_updates);
ifp->buffered_updates = NULL;
ifp->sendbuf = NULL;
if(ifp->ifindex > 0) {
memset(&mreq, 0, sizeof(mreq));
memcpy(&mreq.ipv6mr_multiaddr, protocol_group, 16);
mreq.ipv6mr_interface = ifp->ifindex;
rc = setsockopt(protocol_socket, IPPROTO_IPV6, IPV6_LEAVE_GROUP,
(char*)&mreq, sizeof(mreq));
if(rc < 0)
perror("setsockopt(IPV6_LEAVE_GROUP)");
kernel_setup_interface(0, ifp->name, ifp->ifindex);
}
if(ifp->ll)
free(ifp->ll);
ifp->ll = NULL;
ifp->numll = 0;
}
local_notify_interface(ifp, LOCAL_CHANGE);
return 1;
fail:
assert(up);
interface_up(ifp, 0);
local_notify_interface(ifp, LOCAL_CHANGE);
return -1;
}
static void on_underlying_io_bytes_received(void* context, const unsigned char* buffer, size_t size)
{
TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
size_t consumed_bytes;
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + size) == 0)
{
(void)memcpy(tls_io_instance->received_bytes + tls_io_instance->received_byte_count, buffer, size);
tls_io_instance->received_byte_count += size;
if (size > tls_io_instance->needed_bytes)
{
tls_io_instance->needed_bytes = 0;
}
else
{
tls_io_instance->needed_bytes -= size;
}
/* Drain what we received */
while (tls_io_instance->needed_bytes == 0)
{
if ((tls_io_instance->tlsio_state == TLS_SERVER_IO_STATE_IN_HANDSHAKE) ||
(tls_io_instance->tlsio_state == TLS_SERVER_IO_STATE_WAITING_FOR_CLIENT_HELLO))
{
SecBuffer input_buffers[2];
SecBuffer output_buffers[2];
ULONG context_attributes;
SECURITY_STATUS status;
SecBufferDesc input_buffers_desc;
SecBufferDesc output_buffers_desc;
input_buffers[0].cbBuffer = (unsigned long)tls_io_instance->received_byte_count;
input_buffers[0].BufferType = SECBUFFER_TOKEN;
input_buffers[0].pvBuffer = (void*)tls_io_instance->received_bytes;
input_buffers[1].cbBuffer = 0;
input_buffers[1].BufferType = SECBUFFER_EMPTY;
input_buffers[1].pvBuffer = 0;
input_buffers_desc.cBuffers = 2;
input_buffers_desc.pBuffers = input_buffers;
input_buffers_desc.ulVersion = SECBUFFER_VERSION;
output_buffers[0].cbBuffer = 0;
output_buffers[0].BufferType = SECBUFFER_TOKEN;
output_buffers[0].pvBuffer = NULL;
output_buffers[1].cbBuffer = 0;
output_buffers[1].BufferType = SECBUFFER_EMPTY;
output_buffers[1].pvBuffer = 0;
output_buffers_desc.cBuffers = 2;
output_buffers_desc.pBuffers = output_buffers;
output_buffers_desc.ulVersion = SECBUFFER_VERSION;
status = AcceptSecurityContext(&tls_io_instance->credential_handle, (tls_io_instance->tlsio_state == TLS_SERVER_IO_STATE_WAITING_FOR_CLIENT_HELLO) ? NULL : &tls_io_instance->security_context, &input_buffers_desc, ASC_REQ_ALLOCATE_MEMORY, SECURITY_NETWORK_DREP, (tls_io_instance->tlsio_state == TLS_SERVER_IO_STATE_WAITING_FOR_CLIENT_HELLO) ? &tls_io_instance->security_context : NULL,
&output_buffers_desc, &context_attributes, NULL);
switch (status)
{
case SEC_E_INCOMPLETE_MESSAGE:
if (input_buffers[1].BufferType != SECBUFFER_MISSING)
{
//If SECBUFFER_MISSING not sent, try to read byte by byte.
tls_io_instance->needed_bytes = 1;
}
else
{
tls_io_instance->needed_bytes = input_buffers[1].cbBuffer;
}
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + tls_io_instance->needed_bytes) != 0)
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
break;
case SEC_E_OK:
if ((output_buffers[0].cbBuffer > 0) && xio_send(tls_io_instance->socket_io, output_buffers[0].pvBuffer, output_buffers[0].cbBuffer, NULL, NULL) != 0)
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
else
{
consumed_bytes = tls_io_instance->received_byte_count;
/* Any extra bytes left over or did we fully consume the receive buffer? */
if (input_buffers[1].BufferType == SECBUFFER_EXTRA)
{
consumed_bytes -= input_buffers[1].cbBuffer;
(void)memmove(tls_io_instance->received_bytes, tls_io_instance->received_bytes + consumed_bytes, tls_io_instance->received_byte_count - consumed_bytes);
}
tls_io_instance->received_byte_count -= consumed_bytes;
/* if nothing more to consume, set the needed bytes to 1, to get on the next byte how many we actually need */
tls_io_instance->needed_bytes = tls_io_instance->received_byte_count == 0 ? 1 : 0;
if (set_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
else
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_OPEN;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_OK);
}
}
}
break;
case SEC_I_COMPLETE_NEEDED:
case SEC_I_CONTINUE_NEEDED:
case SEC_I_COMPLETE_AND_CONTINUE:
if ((output_buffers[0].cbBuffer > 0) && xio_send(tls_io_instance->socket_io, output_buffers[0].pvBuffer, output_buffers[0].cbBuffer, NULL, NULL) != 0)
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
else
{
consumed_bytes = tls_io_instance->received_byte_count;
/* Any extra bytes left over or did we fully consume the receive buffer? */
if (input_buffers[1].BufferType == SECBUFFER_EXTRA)
{
consumed_bytes -= input_buffers[1].cbBuffer;
(void)memmove(tls_io_instance->received_bytes, tls_io_instance->received_bytes + consumed_bytes, tls_io_instance->received_byte_count - consumed_bytes);
}
tls_io_instance->received_byte_count -= consumed_bytes;
/* if nothing more to consume, set the needed bytes to 1, to get on the next byte how many we actually need */
tls_io_instance->needed_bytes = tls_io_instance->received_byte_count == 0 ? 1 : 0;
if (set_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
else
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_IN_HANDSHAKE;
}
}
break;
default:
{
LPVOID srcText = NULL;
if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL,
status, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)srcText, 0, NULL) > 0)
{
LogError("[%#x] %s", status, (LPTSTR)srcText);
LocalFree(srcText);
}
else
{
LogError("[%#x]", status);
}
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
if (tls_io_instance->on_io_open_complete != NULL)
{
tls_io_instance->on_io_open_complete(tls_io_instance->on_io_open_complete_context, IO_OPEN_ERROR);
}
}
break;
}
}
else if (tls_io_instance->tlsio_state == TLS_SERVER_IO_STATE_OPEN)
{
SecBuffer security_buffers[4];
SecBufferDesc security_buffers_desc;
SECURITY_STATUS status;
security_buffers[0].BufferType = SECBUFFER_DATA;
security_buffers[0].pvBuffer = tls_io_instance->received_bytes;
security_buffers[0].cbBuffer = (unsigned long)tls_io_instance->received_byte_count;
security_buffers[1].BufferType = SECBUFFER_EMPTY;
security_buffers[2].BufferType = SECBUFFER_EMPTY;
security_buffers[3].BufferType = SECBUFFER_EMPTY;
security_buffers_desc.cBuffers = sizeof(security_buffers) / sizeof(security_buffers[0]);
security_buffers_desc.pBuffers = security_buffers;
security_buffers_desc.ulVersion = SECBUFFER_VERSION;
status = DecryptMessage(&tls_io_instance->security_context, &security_buffers_desc, 0, NULL);
switch (status)
{
case SEC_E_INCOMPLETE_MESSAGE:
if (security_buffers[1].BufferType != SECBUFFER_MISSING)
{
//If SECBUFFER_MISSING not sent, try to read byte by byte.
tls_io_instance->needed_bytes = 1;
}
else
{
tls_io_instance->needed_bytes = security_buffers[1].cbBuffer;
}
if (resize_receive_buffer(tls_io_instance, tls_io_instance->received_byte_count + tls_io_instance->needed_bytes) != 0)
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
indicate_error(tls_io_instance);
}
break;
case SEC_E_OK:
if (security_buffers[1].BufferType != SECBUFFER_DATA)
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
indicate_error(tls_io_instance);
}
else
{
size_t i;
/* notify of the received data */
if (tls_io_instance->on_bytes_received != NULL)
{
tls_io_instance->on_bytes_received(tls_io_instance->on_bytes_received_context, (const unsigned char *) security_buffers[1].pvBuffer, security_buffers[1].cbBuffer);
}
consumed_bytes = tls_io_instance->received_byte_count;
for (i = 0; i < sizeof(security_buffers) / sizeof(security_buffers[0]); i++)
{
/* Any extra bytes left over or did we fully consume the receive buffer? */
if (security_buffers[i].BufferType == SECBUFFER_EXTRA)
{
consumed_bytes -= security_buffers[i].cbBuffer;
(void)memmove(tls_io_instance->received_bytes, tls_io_instance->received_bytes + consumed_bytes, tls_io_instance->received_byte_count - consumed_bytes);
break;
}
}
tls_io_instance->received_byte_count -= consumed_bytes;
/* if nothing more to consume, set the needed bytes to 1, to get on the next byte how many we actually need */
tls_io_instance->needed_bytes = tls_io_instance->received_byte_count == 0 ? 1 : 0;
if (set_receive_buffer(tls_io_instance, tls_io_instance->needed_bytes + tls_io_instance->received_byte_count) != 0)
{
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
indicate_error(tls_io_instance);
}
}
break;
default:
{
LPVOID srcText = NULL;
if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL,
status, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)srcText, 0, NULL) > 0)
{
LogError("[%#x] %s", status, (LPTSTR)srcText);
LocalFree(srcText);
}
else
{
LogError("[%#x]", status);
}
tls_io_instance->tlsio_state = TLS_SERVER_IO_STATE_ERROR;
indicate_error(tls_io_instance);
}
break;
}
}
else
{
/* Received data in error or other state */
break;
}
}
}
}