static uint8_t responseWithIpCallback(struct Message* message, struct Interface* iface)
{
struct IpTunnel_PacketInfoHeader* pi = (struct IpTunnel_PacketInfoHeader*) message->bytes;
Assert_true(!Bits_memcmp(nodeCjdnsIp6, pi->nodeIp6Addr, 16));
Assert_true(!Bits_memcmp(fakePubKey, pi->nodeKey, 32));
Message_shift(message, -IpTunnel_PacketInfoHeader_SIZE, NULL);
struct Headers_IP6Header* ip = (struct Headers_IP6Header*) message->bytes;
Assert_true(Headers_getIpVersion(ip) == 6);
uint16_t length = Endian_bigEndianToHost16(ip->payloadLength_be);
Assert_true(length + Headers_IP6Header_SIZE == message->length);
Assert_true(ip->nextHeader == 17);
Assert_true(Bits_isZero(ip->sourceAddr, 32));
Message_shift(message, -Headers_IP6Header_SIZE, NULL);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
Assert_true(!Checksum_udpIp6(ip->sourceAddr, message->bytes, length));
Assert_true(uh->srcPort_be == 0);
Assert_true(uh->destPort_be == 0);
Assert_true(Endian_bigEndianToHost16(uh->length_be) + Headers_UDPHeader_SIZE == length);
Message_shift(message, -Headers_UDPHeader_SIZE, NULL);
char* expectedResponse =
"d"
"9:addresses" "d"
"3:ip6" "16:\xfd\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1"
"e"
"4:txid" "4:abcd"
"e";
Assert_true(message->length == (int32_t) CString_strlen(expectedResponse));
Assert_true(!Bits_memcmp(message->bytes, expectedResponse, message->length));
called = 1;
return 0;
}
static uint8_t messageToTun(struct Message* message, struct Interface* iface)
{
Assert_true(TUNMessageType_pop(message, NULL) == Ethernet_TYPE_IP6);
struct Headers_IP6Header* ip = (struct Headers_IP6Header*) message->bytes;
Assert_true(Headers_getIpVersion(ip) == 6);
uint16_t length = Endian_bigEndianToHost16(ip->payloadLength_be);
Assert_true(length + Headers_IP6Header_SIZE == message->length);
Assert_true(ip->nextHeader == 17);
Assert_true(!Bits_memcmp(ip->sourceAddr, fakeIp6ToGive, 16));
called = 1;
return 0;
}
static Iface_DEFUN messageToTun(struct Message* msg, struct Iface* iface)
{
struct Context* ctx = Identity_check(((struct IfaceContext*)iface)->ctx);
uint16_t type = TUNMessageType_pop(msg, NULL);
if (type == Ethernet_TYPE_IP6) {
struct Headers_IP6Header* ip = (struct Headers_IP6Header*) msg->bytes;
Assert_true(Headers_getIpVersion(ip) == 6);
Assert_true(!Bits_memcmp(ip->sourceAddr, ctx->sendingAddress, 16));
Message_shift(msg, -Headers_IP6Header_SIZE, NULL);
ctx->called |= 4;
} else if (type == Ethernet_TYPE_IP4) {
struct Headers_IP4Header* ip = (struct Headers_IP4Header*) msg->bytes;
Assert_true(Headers_getIpVersion(ip) == 4);
Assert_true(!Bits_memcmp(ip->sourceAddr, ctx->sendingAddress, 4));
Message_shift(msg, -Headers_IP4Header_SIZE, NULL);
ctx->called |= 1;
} else {
Assert_failure("unrecognized message type %u", (unsigned int)type);
}
Assert_true(msg->length == 12 && CString_strcmp(msg->bytes, "hello world") == 0);
return 0;
}
static Iface_DEFUN responseWithIpCallback(struct Message* message, struct Iface* iface)
{
struct Context* ctx = Identity_check(((struct IfaceContext*)iface)->ctx);
struct RouteHeader* rh = (struct RouteHeader*) message->bytes;
Assert_true(!Bits_memcmp(ctx->ipv6, rh->ip6, 16));
Assert_true(!Bits_memcmp(ctx->pubKey, rh->publicKey, 32));
Message_shift(message, -(RouteHeader_SIZE + DataHeader_SIZE), NULL);
struct Headers_IP6Header* ip = (struct Headers_IP6Header*) message->bytes;
Assert_true(Headers_getIpVersion(ip) == 6);
uint16_t length = Endian_bigEndianToHost16(ip->payloadLength_be);
Assert_true(length + Headers_IP6Header_SIZE == message->length);
Assert_true(ip->nextHeader == 17);
Assert_true(Bits_isZero(ip->sourceAddr, 32));
Message_shift(message, -Headers_IP6Header_SIZE, NULL);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
Assert_true(!Checksum_udpIp6(ip->sourceAddr, message->bytes, length));
Assert_true(uh->srcPort_be == 0);
Assert_true(uh->destPort_be == 0);
Assert_true(Endian_bigEndianToHost16(uh->length_be) + Headers_UDPHeader_SIZE == length);
Message_shift(message, -Headers_UDPHeader_SIZE, NULL);
struct Allocator* alloc = Allocator_child(ctx->alloc);
char* messageContent = Escape_getEscaped(message->bytes, message->length, alloc);
char* expectedContent =
Escape_getEscaped(ctx->expectedResponse->bytes, ctx->expectedResponse->len, alloc);
Log_debug(ctx->log, "Response: [%s]", messageContent);
Log_debug(ctx->log, "Expected: [%s]", expectedContent);
Allocator_free(alloc);
// We can't check that the message is an exact match because the padding depends on the
// alignment of the output but we can make sure the right content is there...
// Message should start with "d0000" (with some number of zeros)
Assert_true((int)ctx->expectedResponse->len == message->length);
Assert_true(!Bits_memcmp(message->bytes, ctx->expectedResponse->bytes, message->length));
ctx->called |= 2;
return NULL;
}
static Iface_DEFUN responseWithIpCallback(struct Message* message, struct Iface* iface)
{
struct RouteHeader* rh = (struct RouteHeader*) message->bytes;
Assert_true(!Bits_memcmp(nodeCjdnsIp6, rh->ip6, 16));
Assert_true(!Bits_memcmp(fakePubKey, rh->publicKey, 32));
Message_shift(message, -(RouteHeader_SIZE + DataHeader_SIZE), NULL);
struct Headers_IP6Header* ip = (struct Headers_IP6Header*) message->bytes;
Assert_true(Headers_getIpVersion(ip) == 6);
uint16_t length = Endian_bigEndianToHost16(ip->payloadLength_be);
Assert_true(length + Headers_IP6Header_SIZE == message->length);
Assert_true(ip->nextHeader == 17);
Assert_true(Bits_isZero(ip->sourceAddr, 32));
Message_shift(message, -Headers_IP6Header_SIZE, NULL);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
Assert_true(!Checksum_udpIp6(ip->sourceAddr, message->bytes, length));
Assert_true(uh->srcPort_be == 0);
Assert_true(uh->destPort_be == 0);
Assert_true(Endian_bigEndianToHost16(uh->length_be) + Headers_UDPHeader_SIZE == length);
Message_shift(message, -Headers_UDPHeader_SIZE, NULL);
// We can't check that the message is an exact match because the padding depends on the
// alignment of the output but we can make sure the right content is there...
// Message should start with "d0000" (with some number of zeros)
char* expectedResponse =
"9:addresses" "d"
"3:ip6" "16:\xfd\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1"
"9:ip6Prefix" "i128e"
"e"
"4:txid" "4:abcd"
"e";
Assert_true(message->length >= (int32_t) CString_strlen(expectedResponse));
Assert_true(CString_strstr(message->bytes, expectedResponse));
called |= 2;
return 0;
}
static Iface_DEFUN incomingFromTunIf(struct Message* msg, struct Iface* tunIf)
{
struct TUNAdapter_pvt* ud = Identity_containerOf(tunIf, struct TUNAdapter_pvt, pub.tunIf);
uint16_t ethertype = TUNMessageType_pop(msg, NULL);
int version = Headers_getIpVersion(msg->bytes);
if ((ethertype == Ethernet_TYPE_IP4 && version != 4)
|| (ethertype == Ethernet_TYPE_IP6 && version != 6))
{
Log_debug(ud->log, "DROP packet because ip version [%d] "
"doesn't match ethertype [%u].", version, Endian_bigEndianToHost16(ethertype));
return NULL;
}
if (ethertype == Ethernet_TYPE_IP4) {
return Iface_next(&ud->pub.ipTunnelIf, msg);
}
if (ethertype != Ethernet_TYPE_IP6) {
Log_debug(ud->log, "DROP packet unknown ethertype [%u]",
Endian_bigEndianToHost16(ethertype));
return NULL;
}
if (msg->length < Headers_IP6Header_SIZE) {
Log_debug(ud->log, "DROP runt");
return NULL;
}
struct Headers_IP6Header* header = (struct Headers_IP6Header*) msg->bytes;
if (!AddressCalc_validAddress(header->destinationAddr)) {
return Iface_next(&ud->pub.ipTunnelIf, msg);
}
if (Bits_memcmp(header->sourceAddr, ud->myIp6, 16)) {
if (Defined(Log_DEBUG)) {
uint8_t expectedSource[40];
AddrTools_printIp(expectedSource, ud->myIp6);
uint8_t packetSource[40];
AddrTools_printIp(packetSource, header->sourceAddr);
Log_debug(ud->log,
"DROP packet from [%s] because all messages must have source address [%s]",
packetSource, expectedSource);
}
return NULL;
}
if (!Bits_memcmp(header->destinationAddr, ud->myIp6, 16)) {
// I'm Gonna Sit Right Down and Write Myself a Letter
TUNMessageType_push(msg, ethertype, NULL);
return Iface_next(tunIf, msg);
}
if (!Bits_memcmp(header->destinationAddr, "\xfc\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01", 16)) {
return Iface_next(&ud->pub.magicIf, msg);
}
// first move the dest addr to the right place.
Bits_memmoveConst(&header->destinationAddr[-DataHeader_SIZE], header->destinationAddr, 16);
Message_shift(msg, DataHeader_SIZE + RouteHeader_SIZE - Headers_IP6Header_SIZE, NULL);
struct RouteHeader* rh = (struct RouteHeader*) msg->bytes;
struct DataHeader* dh = (struct DataHeader*) &rh[1];
Bits_memset(dh, 0, DataHeader_SIZE);
DataHeader_setContentType(dh, header->nextHeader);
DataHeader_setVersion(dh, DataHeader_CURRENT_VERSION);
// Other than the ipv6 addr at the end, everything is zeros right down the line.
Bits_memset(rh, 0, RouteHeader_SIZE - 16);
return Iface_next(&ud->pub.upperDistributorIf, msg);
}
// Called by the TUN device.
static inline uint8_t incomingFromTun(struct Message* message,
struct Interface* iface)
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*) iface->receiverContext);
uint16_t ethertype = TUNMessageType_pop(message);
struct Headers_IP6Header* header = (struct Headers_IP6Header*) message->bytes;
int version = Headers_getIpVersion(message->bytes);
if ((ethertype == Ethernet_TYPE_IP4 && version != 4)
|| (ethertype == Ethernet_TYPE_IP6 && version != 6))
{
Log_warn(context->logger, "dropped packet because ip version [%d] "
"doesn't match ethertype [%u].", version, Endian_bigEndianToHost16(ethertype));
return Error_INVALID;
}
if (ethertype != Ethernet_TYPE_IP6 || !AddressCalc_validAddress(header->sourceAddr)) {
return context->ipTunnel->tunInterface.sendMessage(message,
&context->ipTunnel->tunInterface);
}
if (Bits_memcmp(header->sourceAddr, context->myAddr.ip6.bytes, 16)) {
uint8_t expectedSource[40];
AddrTools_printIp(expectedSource, context->myAddr.ip6.bytes);
uint8_t packetSource[40];
AddrTools_printIp(packetSource, header->sourceAddr);
Log_warn(context->logger,
"dropped packet from [%s] because all messages must have source address [%s]",
(char*) packetSource, (char*) expectedSource);
return Error_INVALID;
}
if (!Bits_memcmp(header->destinationAddr, context->myAddr.ip6.bytes, 16)) {
// I'm Gonna Sit Right Down and Write Myself a Letter
TUNMessageType_push(message, ethertype);
iface->sendMessage(message, iface);
return Error_NONE;
}
struct Ducttape_MessageHeader* dtHeader = getDtHeader(message, true);
struct Node* bestNext = RouterModule_lookup(header->destinationAddr, context->routerModule);
struct SessionManager_Session* nextHopSession;
if (bestNext) {
nextHopSession = SessionManager_getSession(bestNext->address.ip6.bytes,
bestNext->address.key,
context->sm);
bestNext->version = nextHopSession->version = (bestNext->version > nextHopSession->version)
? bestNext->version : nextHopSession->version;
dtHeader->switchLabel = bestNext->address.path;
dtHeader->nextHopReceiveHandle = Endian_bigEndianToHost32(nextHopSession->receiveHandle_be);
if (!Bits_memcmp(header->destinationAddr, bestNext->address.ip6.bytes, 16)) {
// Direct send, skip the innermost layer of encryption.
#ifdef Log_DEBUG
uint8_t nhAddr[60];
Address_print(nhAddr, &bestNext->address);
Log_debug(context->logger, "Forwarding data to %s (last hop)\n", nhAddr);
#endif
return sendToRouter(message, dtHeader, nextHopSession, context);
}
// else { the message will need to be 3 layer encrypted but since we already did a lookup
// of the best node to forward to, we can skip doing another lookup by storing a pointer
// to that node in the context (bestNext).
} else {
#ifdef Log_WARN
uint8_t thisAddr[40];
uint8_t destAddr[40];
AddrTools_printIp(thisAddr, context->myAddr.ip6.bytes);
AddrTools_printIp(destAddr, header->destinationAddr);
Log_warn(context->logger,
"Dropped message from TUN because this node [%s] is closest to dest [%s]",
thisAddr, destAddr);
#endif
return Error_UNDELIVERABLE;
}
#ifdef Log_DEBUG
uint8_t destAddr[40];
AddrTools_printIp(destAddr, header->destinationAddr);
uint8_t nhAddr[60];
Address_print(nhAddr, &bestNext->address);
Log_debug(context->logger, "Sending to [%s] via [%s]", destAddr, nhAddr);
#endif
struct SessionManager_Session* session =
SessionManager_getSession(header->destinationAddr, NULL, context->sm);
// Copy the IP6 header back from where the CA header will be placed.
// this is a mess.
// We can't just copy the header to a safe place because the CryptoAuth
// might buffer the message and send a connect-to-me packet and when the
// hello packet comes in return, the CA will send the message and the header
// needs to be in the message buffer.
//
// The CryptoAuth may send a 120 byte CA header and it might only send a 4 byte
// nonce and 16 byte authenticator depending on its state.
if (CryptoAuth_getState(&session->iface) < CryptoAuth_HANDSHAKE3) {
// shift, copy, shift because shifting asserts that there is enough buffer space.
Message_shift(message, Headers_CryptoAuth_SIZE + 4);
Bits_memcpyConst(message->bytes, header, Headers_IP6Header_SIZE);
Message_shift(message, -(Headers_IP6Header_SIZE + Headers_CryptoAuth_SIZE + 4));
// now push the receive handle *under* the CA header.
Message_push(message, &session->receiveHandle_be, 4);
debugHandles0(context->logger, session, "layer3 sending start message");
} else {
// shift, copy, shift because shifting asserts that there is enough buffer space.
Message_shift(message, 20);
Bits_memmoveConst(message->bytes, header, Headers_IP6Header_SIZE);
Message_shift(message, -(20 + Headers_IP6Header_SIZE));
debugHandles0(context->logger, session, "layer3 sending run message");
}
// This comes out at outgoingFromCryptoAuth() then outgoingFromMe()
dtHeader->receiveHandle = Endian_bigEndianToHost32(session->receiveHandle_be);
dtHeader->layer = Ducttape_SessionLayer_INNER;
return session->iface.sendMessage(message, &session->iface);
}
