/*
* Send a ping packet to one of the endpoints.
*/
static void sendPing(struct InterfaceController_Peer* ep)
{
struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep);
ep->pingCount++;
struct SwitchPinger_Ping* ping =
SwitchPinger_newPing(ep->switchLabel,
String_CONST(""),
ic->timeoutMilliseconds,
onPingResponse,
ic->allocator,
ic->switchPinger);
#ifdef Log_DEBUG
uint8_t key[56];
Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
#endif
if (!ping) {
Log_debug(ic->logger, "Failed to ping [%s.k], out of ping slots", key);
return;
} else {
Log_debug(ic->logger, "SwitchPing [%s.k]", key);
}
ping->onResponseContext = ep;
}
// This is directly called from SwitchCore, message is not encrypted.
static uint8_t sendFromSwitch(struct Message* msg, struct Interface* switchIf)
{
struct InterfaceController_Peer* ep =
Identity_check((struct InterfaceController_Peer*) switchIf);
ep->bytesOut += msg->length;
struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep);
uint8_t ret;
uint64_t now = Time_currentTimeMilliseconds(ic->eventBase);
if (now - ep->timeOfLastMessage > ic->unresponsiveAfterMilliseconds) {
// TODO(cjd): This is a hack because if the time of last message exceeds the
// unresponsive time, we need to send back an error and that means
// mangling the message which would otherwise be in the queue.
struct Allocator* tempAlloc = Allocator_child(ic->allocator);
struct Message* toSend = Message_clone(msg, tempAlloc);
ret = Interface_sendMessage(ep->cryptoAuthIf, toSend);
Allocator_free(tempAlloc);
} else {
ret = Interface_sendMessage(ep->cryptoAuthIf, msg);
}
// If this node is unresponsive then return an error.
if (ret || now - ep->timeOfLastMessage > ic->unresponsiveAfterMilliseconds) {
return ret ? ret : Error_UNDELIVERABLE;
} else {
/* Way way way too much noise
Log_debug(ic->logger, "Sending to neighbor, last message from this node was [%u] ms ago.",
(now - ep->timeOfLastMessage));
*/
}
return Error_NONE;
}
static void onPingResponse(enum SwitchPinger_Result result,
uint64_t label,
String* data,
uint32_t millisecondsLag,
uint32_t version,
void* onResponseContext)
{
if (SwitchPinger_Result_OK != result) {
return;
}
struct IFCPeer* ep = Identity_cast((struct IFCPeer*) onResponseContext);
struct Context* ic = ifcontrollerForPeer(ep);
struct Address addr;
Bits_memset(&addr, 0, sizeof(struct Address));
Bits_memcpyConst(addr.key, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
addr.path = ep->switchLabel;
Log_debug(ic->logger, "got switch pong from node with version [%d]", version);
RouterModule_addNode(ic->routerModule, &addr, version);
#ifdef Log_DEBUG
// This will be false if it times out.
//Assert_true(label == ep->switchLabel);
uint8_t path[20];
AddrTools_printPath(path, label);
uint8_t sl[20];
AddrTools_printPath(sl, ep->switchLabel);
Log_debug(ic->logger, "Received [%s] from lazy endpoint [%s] [%s]",
SwitchPinger_resultString(result)->bytes, path, sl);
#endif
}
// This is directly called from SwitchCore, message is not encrypted.
static uint8_t sendFromSwitch(struct Message* msg, struct Interface* switchIf)
{
struct IFCPeer* ep = Identity_cast((struct IFCPeer*) switchIf);
// This sucks but cryptoauth trashes the content when it encrypts
// and we need to be capable of sending back a coherent error message.
uint8_t top[255];
uint8_t* messageBytes = msg->bytes;
uint16_t padding = msg->padding;
uint16_t len = (msg->length < 255) ? msg->length : 255;
Bits_memcpy(top, msg->bytes, len);
uint8_t ret = ep->cryptoAuthIf->sendMessage(msg, ep->cryptoAuthIf);
// If this node is unresponsive then return an error.
struct Context* ic = ifcontrollerForPeer(ep);
uint64_t now = Time_currentTimeMilliseconds(ic->eventBase);
if (ret || now - ep->timeOfLastMessage > ic->unresponsiveAfterMilliseconds)
{
msg->bytes = messageBytes;
msg->padding = padding;
msg->length = len;
Bits_memcpy(msg->bytes, top, len);
return ret ? ret : Error_UNDELIVERABLE;
} else {
/* Way way way too much noise
Log_debug(ic->logger, "Sending to neighbor, last message from this node was [%u] ms ago.",
(now - ep->timeOfLastMessage));
*/
}
return Error_NONE;
}
static void onPingResponse(struct SwitchPinger_Response* resp, void* onResponseContext)
{
if (SwitchPinger_Result_OK != resp->res) {
return;
}
struct InterfaceController_Peer* ep =
Identity_check((struct InterfaceController_Peer*) onResponseContext);
struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep);
struct Address addr;
Bits_memset(&addr, 0, sizeof(struct Address));
Bits_memcpyConst(addr.key, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
addr.path = ep->switchLabel;
addr.protocolVersion = resp->version;
#ifdef Log_DEBUG
uint8_t addrStr[60];
Address_print(addrStr, &addr);
uint8_t key[56];
Base32_encode(key, 56, CryptoAuth_getHerPublicKey(ep->cryptoAuthIf), 32);
#endif
if (!Version_isCompatible(Version_CURRENT_PROTOCOL, resp->version)) {
Log_debug(ic->logger, "got switch pong from node [%s] with incompatible version [%d]",
key, resp->version);
} else {
Log_debug(ic->logger, "got switch pong from node [%s] with version [%d]",
key, resp->version);
}
if (!ep->timeOfLastPing) {
// We've never heard from this machine before (or we've since forgotten about it)
// This is here because we want the tests to function without the janitor present.
// Other than that, it just makes a slightly more synchronous/guaranteed setup.
Router_sendGetPeers(ic->router, &addr, 0, 0, ic->allocator);
}
struct Node_Link* link = Router_linkForPath(ic->router, resp->label);
if (!link || !Node_getBestParent(link->child)) {
RumorMill_addNode(ic->rumorMill, &addr);
} else {
Log_debug(ic->logger, "link exists");
}
ep->timeOfLastPing = Time_currentTimeMilliseconds(ic->eventBase);
#ifdef Log_DEBUG
// This will be false if it times out.
//Assert_true(label == ep->switchLabel);
uint8_t path[20];
AddrTools_printPath(path, resp->label);
uint8_t sl[20];
AddrTools_printPath(sl, ep->switchLabel);
Log_debug(ic->logger, "Received [%s] from lazy endpoint [%s] [%s]",
SwitchPinger_resultString(resp->res)->bytes, path, sl);
#endif
}
static void closeInterface(void* vendpoint)
{
struct IFCPeer* toClose = Identity_cast((struct IFCPeer*) vendpoint);
struct Context* ic = ifcontrollerForPeer(toClose);
int index = Map_OfIFCPeerByExernalIf_indexForHandle(toClose->handle, &ic->peerMap);
Assert_true(index >= 0);
Map_OfIFCPeerByExernalIf_remove(index, &ic->peerMap);
}
static int closeInterface(struct Allocator_OnFreeJob* job)
{
struct IFCPeer* toClose = Identity_cast((struct IFCPeer*) job->userData);
struct Context* ic = ifcontrollerForPeer(toClose);
int index = Map_OfIFCPeerByExernalIf_indexForHandle(toClose->handle, &ic->peerMap);
Assert_true(index >= 0);
Map_OfIFCPeerByExernalIf_remove(index, &ic->peerMap);
return 0;
}
// Incoming message which has passed through the cryptoauth and needs to be forwarded to the switch.
static uint8_t receivedAfterCryptoAuth(struct Message* msg, struct Interface* cryptoAuthIf)
{
struct InterfaceController_Peer* ep =
Identity_check((struct InterfaceController_Peer*) cryptoAuthIf->receiverContext);
struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep);
// nonce added by the CryptoAuth session.
Message_pop(msg, NULL, 4, NULL);
ep->bytesIn += msg->length;
int caState = CryptoAuth_getState(cryptoAuthIf);
if (ep->state < InterfaceController_PeerState_ESTABLISHED) {
// EP states track CryptoAuth states...
ep->state = caState;
if (caState == CryptoAuth_ESTABLISHED) {
moveEndpointIfNeeded(ep, ic);
} else {
// prevent some kinds of nasty things which could be done with packet replay.
// This is checking the message switch header and will drop it unless the label
// directs it to *this* router.
if (msg->length < 8 || msg->bytes[7] != 1) {
Log_info(ic->logger, "DROP message because CA is not established.");
return Error_NONE;
} else {
// When a "server" gets a new connection from a "client" the router doesn't
// know about that client so if the client sends a packet to the server, the
// server will be unable to handle it until the client has sent inter-router
// communication to the server. Here we will ping the client so when the
// server gets the ping response, it will insert the client into its table
// and know its version.
// prevent DoS by limiting the number of times this can be called per second
// limit it to 7, this will affect innocent packets but it doesn't matter much
// since this is mostly just an optimization and for keeping the tests happy.
if ((ep->pingCount + 1) % 7) {
sendPing(ep);
}
}
}
} else if (ep->state == InterfaceController_PeerState_UNRESPONSIVE
&& caState == CryptoAuth_ESTABLISHED)
{
ep->state = InterfaceController_PeerState_ESTABLISHED;
} else {
ep->timeOfLastMessage = Time_currentTimeMilliseconds(ic->eventBase);
}
Identity_check(ep);
Assert_true(!(msg->capacity % 4));
return Interface_receiveMessage(&ep->switchIf, msg);
}
static int closeInterface(struct Allocator_OnFreeJob* job)
{
struct IFCPeer* toClose = Identity_cast((struct IFCPeer*) job->userData);
struct Context* ic = ifcontrollerForPeer(toClose);
// flush the peer from the table...
RouterModule_brokenPath(toClose->switchLabel, ic->routerModule);
int index = Map_OfIFCPeerByExernalIf_indexForHandle(toClose->handle, &ic->peerMap);
Assert_true(index >= 0);
Map_OfIFCPeerByExernalIf_remove(index, &ic->peerMap);
return 0;
}
static int closeInterface(struct Allocator_OnFreeJob* job)
{
struct InterfaceController_Peer* toClose =
Identity_check((struct InterfaceController_Peer*) job->userData);
struct InterfaceController_pvt* ic = ifcontrollerForPeer(toClose);
// flush the peer from the table...
Router_disconnectedPeer(ic->router, toClose->switchLabel);
int index = Map_OfIFCPeerByExernalIf_indexForHandle(toClose->handle, &ic->peerMap);
Assert_true(index >= 0);
Map_OfIFCPeerByExernalIf_remove(index, &ic->peerMap);
return 0;
}
// This is directly called from SwitchCore, message is not encrypted.
static uint8_t sendFromSwitch(struct Message* msg, struct Interface* switchIf)
{
struct IFCPeer* ep = Identity_cast((struct IFCPeer*) switchIf);
ep->bytesOut += msg->length;
// This sucks but cryptoauth trashes the content when it encrypts
// and we need to be capable of sending back a coherent error message.
uint8_t top[255];
uint8_t* messageBytes = msg->bytes;
uint16_t padding = msg->padding;
uint16_t len = (msg->length < 255) ? msg->length : 255;
Bits_memcpy(top, msg->bytes, len);
struct Context* ic = ifcontrollerForPeer(ep);
uint8_t ret;
uint64_t now = Time_currentTimeMilliseconds(ic->eventBase);
if (now - ep->timeOfLastMessage > ic->unresponsiveAfterMilliseconds) {
// XXX: This is a hack because if the time of last message exceeds the
// unresponsive time, we need to send back an error and that means
// mangling the message which would otherwise be in the queue.
struct Allocator* tempAlloc = Allocator_child(ic->allocator);
struct Message* toSend = Message_clone(msg, tempAlloc);
ret = Interface_sendMessage(ep->cryptoAuthIf, toSend);
Allocator_free(tempAlloc);
} else {
ret = Interface_sendMessage(ep->cryptoAuthIf, msg);
}
// If this node is unresponsive then return an error.
if (ret || now - ep->timeOfLastMessage > ic->unresponsiveAfterMilliseconds)
{
msg->bytes = messageBytes;
msg->padding = padding;
msg->length = len;
Bits_memcpy(msg->bytes, top, len);
return ret ? ret : Error_UNDELIVERABLE;
} else {
/* Way way way too much noise
Log_debug(ic->logger, "Sending to neighbor, last message from this node was [%u] ms ago.",
(now - ep->timeOfLastMessage));
*/
}
return Error_NONE;
}
// Incoming message which has passed through the cryptoauth and needs to be forwarded to the switch.
static uint8_t receivedAfterCryptoAuth(struct Message* msg, struct Interface* cryptoAuthIf)
{
struct IFCPeer* ep = Identity_cast((struct IFCPeer*) cryptoAuthIf->receiverContext);
struct Context* ic = ifcontrollerForPeer(ep);
ep->bytesIn += msg->length;
if (ep->state < InterfaceController_PeerState_ESTABLISHED) {
if (CryptoAuth_getState(cryptoAuthIf) >= CryptoAuth_HANDSHAKE3) {
moveEndpointIfNeeded(ep, ic);
ep->state = InterfaceController_PeerState_ESTABLISHED;
} else {
ep->state = InterfaceController_PeerState_HANDSHAKE;
// prevent some kinds of nasty things which could be done with packet replay.
// This is checking the message switch header and will drop it unless the label
// directs it to *this* router.
if (msg->length < 8 || msg->bytes[7] != 1) {
Log_info(ic->logger, "Dropping message because CA is not established.");
return Error_NONE;
} else {
// When a "server" gets a new connection from a "client" the router doesn't
// know about that client so if the client sends a packet to the server, the
// server will be unable to handle it until the client has sent inter-router
// communication to the server. Here we will ping the client so when the
// server gets the ping response, it will insert the client into its table
// and know its version.
pingCallback(ic);
}
}
} else if (ep->state == InterfaceController_PeerState_UNRESPONSIVE
&& CryptoAuth_getState(cryptoAuthIf) >= CryptoAuth_HANDSHAKE3)
{
ep->state = InterfaceController_PeerState_ESTABLISHED;
} else {
ep->timeOfLastMessage = Time_currentTimeMilliseconds(ic->eventBase);
}
return ep->switchIf.receiveMessage(msg, &ep->switchIf);
}
