/**
* (C) 2007-18 - ntop.org and contributors
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not see see
*
*/
#include "n2n.h"
#include "lzoconf.h"
#ifdef __ANDROID_NDK__
#include "android/edge_android.h"
#include
#endif /* __ANDROID_NDK__ */
#if defined(DEBUG)
#define SOCKET_TIMEOUT_INTERVAL_SECS 5
#define REGISTER_SUPER_INTERVAL_DFL 20 /* sec */
#else /* #if defined(DEBUG) */
#define SOCKET_TIMEOUT_INTERVAL_SECS 10
#define REGISTER_SUPER_INTERVAL_DFL 60 /* sec */
#endif /* #if defined(DEBUG) */
#define REGISTER_SUPER_INTERVAL_MIN 20 /* sec */
#define REGISTER_SUPER_INTERVAL_MAX 3600 /* sec */
#define IFACE_UPDATE_INTERVAL (30) /* sec. How long it usually takes to get an IP lease. */
#define TRANSOP_TICK_INTERVAL (10) /* sec */
#ifdef __ANDROID_NDK__
#define ARP_PERIOD_INTERVAL (10) /* sec */
#endif
/** Positions in the transop array where various transforms are stored.
*
* Used by transop_enum_to_index(). See also the transform enumerations in
* n2n_transforms.h */
#define N2N_TRANSOP_NULL_IDX 0
#define N2N_TRANSOP_TF_IDX 1
#define N2N_TRANSOP_AESCBC_IDX 2
/* etc. */
#define ETH_FRAMESIZE 14
#define IP4_SRCOFFSET 12
#define IP4_DSTOFFSET 16
/* ************************************** */
/** Initialise an edge to defaults.
*
* This also initialises the NULL transform operation opstruct.
*/
int edge_init(n2n_edge_t * eee) {
#ifdef WIN32
initWin32();
#endif
memset(eee, 0, sizeof(n2n_edge_t));
eee->start_time = time(NULL);
transop_null_init( &(eee->transop[N2N_TRANSOP_NULL_IDX]));
transop_twofish_init(&(eee->transop[N2N_TRANSOP_TF_IDX] ));
transop_aes_init(&(eee->transop[N2N_TRANSOP_AESCBC_IDX] ));
eee->tx_transop_idx = N2N_TRANSOP_NULL_IDX; /* No guarantee the others have been setup */
eee->daemon = 1; /* By default run in daemon mode. */
eee->preferred_aes = 0; /* Disable AES by default (for compatibility) */
eee->re_resolve_supernode_ip = 0;
/* keyschedule set to NULLs by memset */
/* community_name set to NULLs by memset */
eee->null_transop = 0;
eee->udp_sock = -1;
eee->udp_mgmt_sock = -1;
eee->udp_multicast_sock = -1;
eee->dyn_ip_mode = 0;
eee->allow_routing = 0;
eee->drop_multicast = 1;
eee->known_peers = NULL;
eee->pending_peers = NULL;
eee->last_register_req = 0;
eee->register_lifetime = REGISTER_SUPER_INTERVAL_DFL;
eee->last_p2p = 0;
eee->last_sup = 0;
eee->sup_attempts = N2N_EDGE_SUP_ATTEMPTS;
if(lzo_init() != LZO_E_OK) {
traceEvent(TRACE_ERROR, "LZO compression error");
return(-1);
}
return(0);
}
/* ***************************************************** */
/** Resolve the supernode IP address.
*
* REVISIT: This is a really bad idea. The edge will block completely while the
* hostname resolution is performed. This could take 15 seconds.
*/
void supernode2addr(n2n_sock_t * sn, const n2n_sn_name_t addrIn) {
n2n_sn_name_t addr;
const char *supernode_host;
memcpy(addr, addrIn, N2N_EDGE_SN_HOST_SIZE);
supernode_host = strtok(addr, ":");
if(supernode_host)
{
in_addr_t sn_addr;
char *supernode_port = strtok(NULL, ":");
const struct addrinfo aihints = {0, PF_INET, 0, 0, 0, NULL, NULL, NULL};
struct addrinfo * ainfo = NULL;
int nameerr;
if(supernode_port)
sn->port = atoi(supernode_port);
else
traceEvent(TRACE_WARNING, "Bad supernode parameter (-l ) %s %s:%s",
addr, supernode_host, supernode_port);
nameerr = getaddrinfo(supernode_host, NULL, &aihints, &ainfo);
if(0 == nameerr)
{
struct sockaddr_in * saddr;
/* ainfo s the head of a linked list if non-NULL. */
if(ainfo && (PF_INET == ainfo->ai_family))
{
/* It is definitely and IPv4 address -> sockaddr_in */
saddr = (struct sockaddr_in *)ainfo->ai_addr;
memcpy(sn->addr.v4, &(saddr->sin_addr.s_addr), IPV4_SIZE);
sn->family=AF_INET;
}
else
{
/* Should only return IPv4 addresses due to aihints. */
traceEvent(TRACE_WARNING, "Failed to resolve supernode IPv4 address for %s", supernode_host);
}
freeaddrinfo(ainfo); /* free everything allocated by getaddrinfo(). */
ainfo = NULL;
} else {
traceEvent(TRACE_WARNING, "Failed to resolve supernode host %s, assuming numeric", supernode_host);
sn_addr = inet_addr(supernode_host); /* uint32_t */
memcpy(sn->addr.v4, &(sn_addr), IPV4_SIZE);
sn->family=AF_INET;
}
} else
traceEvent(TRACE_WARNING, "Wrong supernode parameter (-l )");
}
/* ************************************** */
/***
*
* Register over multicast in case there is a peer on the same network listening
*/
static void register_with_local_peers(n2n_edge_t * eee) {
/* no send registration to the local multicast group */
traceEvent(TRACE_INFO, "Registering with multicast group %s:%u",
N2N_MULTICAST_GROUP, N2N_MULTICAST_PORT);
send_register(eee, &(eee->multicast_peer));
}
/* ************************************** */
/** Start the registration process.
*
* If the peer is already in pending_peers, ignore the request.
* If not in pending_peers, add it and send a REGISTER.
*
* If hdr is for a direct peer-to-peer packet, try to register back to sender
* even if the MAC is in pending_peers. This is because an incident direct
* packet indicates that peer-to-peer exchange should work so more aggressive
* registration can be permitted (once per incoming packet) as this should only
* last for a small number of packets..
*
* Called from the main loop when Rx a packet for our device mac.
*/
static void try_send_register(n2n_edge_t * eee,
uint8_t from_supernode,
const n2n_mac_t mac,
const n2n_sock_t * peer) {
/* REVISIT: purge of pending_peers not yet done. */
struct peer_info * scan = find_peer_by_mac(eee->pending_peers, mac);
macstr_t mac_buf;
n2n_sock_str_t sockbuf;
if(scan == NULL) {
scan = calloc(1, sizeof(struct peer_info));
memcpy(scan->mac_addr, mac, N2N_MAC_SIZE);
scan->sock = *peer;
scan->last_seen = time(NULL); /* Don't change this it marks the pending peer for removal. */
peer_list_add(&(eee->pending_peers), scan);
traceEvent(TRACE_DEBUG, "=== new pending %s -> %s",
macaddr_str(mac_buf, scan->mac_addr),
sock_to_cstr(sockbuf, &(scan->sock)));
traceEvent(TRACE_INFO, "Pending peers list size=%u",
(unsigned int)peer_list_size(eee->pending_peers));
/* trace Sending REGISTER */
send_register(eee, &(scan->sock));
register_with_local_peers(eee);
}
}
/* ************************************** */
/** Update the last_seen time for this peer, or get registered. */
void check_peer(n2n_edge_t * eee,
uint8_t from_supernode,
const n2n_mac_t mac,
const n2n_sock_t * peer) {
struct peer_info * scan = find_peer_by_mac(eee->known_peers, mac);
if(scan == NULL) {
/* Not in known_peers - start the REGISTER process. */
try_send_register(eee, from_supernode, mac, peer);
} else {
/* Already in known_peers. */
time_t now = time(NULL);
if((now - scan->last_seen) > 0 /* >= 1 sec */) {
/* Don't register too often */
update_peer_address(eee, from_supernode, mac, peer, now);
}
}
}
/* ************************************** */
/* Move the peer from the pending_peers list to the known_peers lists.
*
* peer must be a pointer to an element of the pending_peers list.
*
* Called by main loop when Rx a REGISTER_ACK.
*/
void set_peer_operational(n2n_edge_t * eee,
const n2n_mac_t mac,
const n2n_sock_t * peer) {
struct peer_info * prev = NULL;
struct peer_info * scan;
macstr_t mac_buf;
n2n_sock_str_t sockbuf;
traceEvent(TRACE_INFO, "set_peer_operational: %s -> %s",
macaddr_str(mac_buf, mac),
sock_to_cstr(sockbuf, peer));
scan=eee->pending_peers;
while (NULL != scan)
{
if(0 == memcmp(scan->mac_addr, mac, N2N_MAC_SIZE))
{
break; /* found. */
}
prev = scan;
scan = scan->next;
}
if(scan)
{
/* Remove scan from pending_peers. */
if(prev)
{
prev->next = scan->next;
}
else
{
eee->pending_peers = scan->next;
}
/* Add scan to known_peers. */
scan->next = eee->known_peers;
eee->known_peers = scan;
scan->sock = *peer;
traceEvent(TRACE_DEBUG, "=== new peer %s -> %s",
macaddr_str(mac_buf, scan->mac_addr),
sock_to_cstr(sockbuf, &(scan->sock)));
traceEvent(TRACE_INFO, "Pending peers list size=%u",
(unsigned int)peer_list_size(eee->pending_peers));
traceEvent(TRACE_INFO, "Operational peers list size=%u",
(unsigned int)peer_list_size(eee->known_peers));
scan->last_seen = time(NULL);
}
else
{
traceEvent(TRACE_DEBUG, "Failed to find sender in pending_peers.");
}
}
/* ************************************** */
n2n_mac_t broadcast_mac = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
/* ************************************** */
int is_empty_ip_address(const n2n_sock_t * sock) {
const uint8_t * ptr=NULL;
size_t len=0;
size_t i;
if(AF_INET6 == sock->family)
{
ptr = sock->addr.v6;
len = 16;
}
else
{
ptr = sock->addr.v4;
len = 4;
}
for (i=0; iknown_peers;
struct peer_info *prev = NULL; /* use to remove bad registrations. */
n2n_sock_str_t sockbuf1;
n2n_sock_str_t sockbuf2; /* don't clobber sockbuf1 if writing two addresses to trace */
macstr_t mac_buf;
if(is_empty_ip_address(peer))
{
/* Not to be registered. */
return;
}
if(0 == memcmp(mac, broadcast_mac, N2N_MAC_SIZE))
{
/* Not to be registered. */
return;
}
while(scan != NULL)
{
if(memcmp(mac, scan->mac_addr, N2N_MAC_SIZE) == 0)
{
break;
}
prev = scan;
scan = scan->next;
}
if(NULL == scan)
{
/* Not in known_peers. */
return;
}
if(0 != sock_equal(&(scan->sock), peer))
{
if(0 == from_supernode)
{
traceEvent(TRACE_NORMAL, "Peer changed %s: %s -> %s",
macaddr_str(mac_buf, scan->mac_addr),
sock_to_cstr(sockbuf1, &(scan->sock)),
sock_to_cstr(sockbuf2, peer));
/* The peer has changed public socket. It can no longer be assumed to be reachable. */
/* Remove the peer. */
if(NULL == prev)
{
/* scan was head of list */
eee->known_peers = scan->next;
}
else
{
prev->next = scan->next;
}
free(scan);
try_send_register(eee, from_supernode, mac, peer);
}
else
{
/* Don't worry about what the supernode reports, it could be seeing a different socket. */
}
}
else
{
/* Found and unchanged. */
scan->last_seen = when;
}
}
/* ************************************** */
/** Send a datagram to a socket defined by a n2n_sock_t */
static ssize_t sendto_sock(int fd, const void * buf,
size_t len, const n2n_sock_t * dest) {
struct sockaddr_in peer_addr;
ssize_t sent;
fill_sockaddr((struct sockaddr *) &peer_addr,
sizeof(peer_addr),
dest);
sent = sendto(fd, buf, len, 0/*flags*/,
(struct sockaddr *)&peer_addr, sizeof(struct sockaddr_in));
if(sent < 0)
{
char * c = strerror(errno);
traceEvent(TRACE_ERROR, "sendto failed (%d) %s", errno, c);
}
else
{
traceEvent(TRACE_DEBUG, "sendto sent=%d to ", (signed int)sent);
}
return sent;
}
/* ************************************** */
/** Send a REGISTER_SUPER packet to the current supernode. */
static void send_register_super(n2n_edge_t * eee,
const n2n_sock_t * supernode) {
uint8_t pktbuf[N2N_PKT_BUF_SIZE];
size_t idx;
/* ssize_t sent; */
n2n_common_t cmn;
n2n_REGISTER_SUPER_t reg;
n2n_sock_str_t sockbuf;
memset(&cmn, 0, sizeof(cmn));
memset(®, 0, sizeof(reg));
cmn.ttl=N2N_DEFAULT_TTL;
cmn.pc = n2n_register_super;
cmn.flags = 0;
memcpy(cmn.community, eee->community_name, N2N_COMMUNITY_SIZE);
for(idx=0; idx < N2N_COOKIE_SIZE; ++idx)
eee->last_cookie[idx] = rand() % 0xff;
memcpy(reg.cookie, eee->last_cookie, N2N_COOKIE_SIZE);
reg.auth.scheme=0; /* No auth yet */
idx=0;
encode_mac(reg.edgeMac, &idx, eee->device.mac_addr);
idx=0;
encode_REGISTER_SUPER(pktbuf, &idx, &cmn, ®);
traceEvent(TRACE_INFO, "send REGISTER_SUPER to %s",
sock_to_cstr(sockbuf, supernode));
/* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, supernode);
}
/* ************************************** */
/** Send a REGISTER packet to another edge. */
void send_register(n2n_edge_t * eee,
const n2n_sock_t * remote_peer) {
uint8_t pktbuf[N2N_PKT_BUF_SIZE];
size_t idx;
/* ssize_t sent; */
n2n_common_t cmn;
n2n_REGISTER_t reg;
n2n_sock_str_t sockbuf;
memset(&cmn, 0, sizeof(cmn));
memset(®, 0, sizeof(reg));
cmn.ttl=N2N_DEFAULT_TTL;
cmn.pc = n2n_register;
cmn.flags = 0;
memcpy(cmn.community, eee->community_name, N2N_COMMUNITY_SIZE);
idx=0;
encode_uint32(reg.cookie, &idx, 123456789);
idx=0;
encode_mac(reg.srcMac, &idx, eee->device.mac_addr);
idx=0;
encode_REGISTER(pktbuf, &idx, &cmn, ®);
traceEvent(TRACE_INFO, "send REGISTER %s",
sock_to_cstr(sockbuf, remote_peer));
/* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, remote_peer);
}
/* ************************************** */
/** Send a REGISTER_ACK packet to a peer edge. */
static void send_register_ack(n2n_edge_t * eee,
const n2n_sock_t * remote_peer,
const n2n_REGISTER_t * reg) {
uint8_t pktbuf[N2N_PKT_BUF_SIZE];
size_t idx;
/* ssize_t sent; */
n2n_common_t cmn;
n2n_REGISTER_ACK_t ack;
n2n_sock_str_t sockbuf;
memset(&cmn, 0, sizeof(cmn));
memset(&ack, 0, sizeof(reg));
cmn.ttl=N2N_DEFAULT_TTL;
cmn.pc = n2n_register_ack;
cmn.flags = 0;
memcpy(cmn.community, eee->community_name, N2N_COMMUNITY_SIZE);
memset(&ack, 0, sizeof(ack));
memcpy(ack.cookie, reg->cookie, N2N_COOKIE_SIZE);
memcpy(ack.srcMac, eee->device.mac_addr, N2N_MAC_SIZE);
memcpy(ack.dstMac, reg->srcMac, N2N_MAC_SIZE);
idx=0;
encode_REGISTER_ACK(pktbuf, &idx, &cmn, &ack);
traceEvent(TRACE_INFO, "send REGISTER_ACK %s",
sock_to_cstr(sockbuf, remote_peer));
/* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, remote_peer);
}
/* ************************************** */
/** @brief Check to see if we should re-register with the supernode.
*
* This is frequently called by the main loop.
*/
void update_supernode_reg(n2n_edge_t * eee, time_t nowTime) {
u_int sn_idx;
if(eee->sn_wait && (nowTime > (eee->last_register_req + (eee->register_lifetime/10)))) {
/* fall through */
traceEvent(TRACE_DEBUG, "update_supernode_reg: doing fast retry.");
} else if(nowTime < (eee->last_register_req + eee->register_lifetime))
return; /* Too early */
if(0 == eee->sup_attempts) {
/* Give up on that supernode and try the next one. */
++(eee->sn_idx);
if (eee->sn_idx >= eee->sn_num) {
/* Got to end of list, go back to the start. Also works for list of one entry. */
eee->sn_idx=0;
}
traceEvent(TRACE_WARNING, "Supernode not responding - moving to %u of %u",
(unsigned int)eee->sn_idx, (unsigned int)eee->sn_num);
eee->sup_attempts = N2N_EDGE_SUP_ATTEMPTS;
}
else
--(eee->sup_attempts);
for(sn_idx=0; sn_idxsn_num; sn_idx++) {
supernode2addr(&(eee->supernode), eee->sn_ip_array[sn_idx]);
traceEvent(TRACE_NORMAL, "Registering with supernode [id: %u/%u][%s][attempts left %u]",
sn_idx+1, eee->sn_num,
supernode_ip(eee), (unsigned int)eee->sup_attempts);
send_register_super(eee, &(eee->supernode));
}
register_with_local_peers(eee);
eee->sn_wait=1;
/* REVISIT: turn-on gratuitous ARP with config option. */
/* send_grat_arps(sock_fd, is_udp_sock); */
eee->last_register_req = nowTime;
}
/* ************************************** */
/** NOT IMPLEMENTED
*
* This would send a DEREGISTER packet to a peer edge or supernode to indicate
* the edge is going away.
*/
static void send_deregister(n2n_edge_t * eee,
n2n_sock_t * remote_peer) {
/* Marshall and send message */
}
/* ************************************** */
/** Return the IP address of the current supernode in the ring. */
const char * supernode_ip(const n2n_edge_t * eee) {
return (eee->sn_ip_array)[eee->sn_idx];
}
/* ************************************** */
int edge_init_twofish_psk(n2n_edge_t * eee, uint8_t *encrypt_pwd,
uint32_t encrypt_pwd_len) {
return transop_twofish_setup_psk(&(eee->transop[N2N_TRANSOP_TF_IDX]),
0, encrypt_pwd, encrypt_pwd_len);
}
/* ************************************** */
int edge_init_aes_psk(n2n_edge_t * eee, uint8_t *encrypt_pwd,
uint32_t encrypt_pwd_len) {
return transop_aes_setup_psk(&(eee->transop[N2N_TRANSOP_AESCBC_IDX]),
0, encrypt_pwd, encrypt_pwd_len);
}
/* ************************************** */
static n2n_tostat_t n2n_tick_aes(n2n_edge_t * eee, time_t now, size_t *trop) {
n2n_tostat_t tst = (eee->transop[N2N_TRANSOP_AESCBC_IDX].tick)(&(eee->transop[N2N_TRANSOP_AESCBC_IDX]), now);
if(tst.can_tx)
{
traceEvent(TRACE_DEBUG, "can_tx AESCBC (idx=%u)", (unsigned int)N2N_TRANSOP_AESCBC_IDX);
*trop = N2N_TRANSOP_AESCBC_IDX;
}
return tst;
}
/* ************************************** */
static n2n_tostat_t n2n_tick_twofish(n2n_edge_t * eee, time_t now, size_t *trop) {
n2n_tostat_t tst = (eee->transop[N2N_TRANSOP_TF_IDX].tick)(&(eee->transop[N2N_TRANSOP_TF_IDX]), now);
if(tst.can_tx)
{
traceEvent(TRACE_DEBUG, "can_tx TF (idx=%u)", (unsigned int)N2N_TRANSOP_TF_IDX);
*trop = N2N_TRANSOP_TF_IDX;
}
return tst;
}
/* ************************************** */
/** Called periodically to roll keys and do any periodic maintenance in the
* tranform operations state machines. */
static int n2n_tick_transop(n2n_edge_t * eee, time_t now)
{
size_t trop = eee->tx_transop_idx;
/* Tests are done in order that most preferred transform is last and causes
* tx_transop_idx to be left at most preferred valid transform. */
(eee->transop[N2N_TRANSOP_NULL_IDX].tick)(&(eee->transop[N2N_TRANSOP_NULL_IDX]), now);
if(eee->preferred_aes) {
n2n_tick_twofish(eee, now, &trop);
n2n_tick_aes(eee, now, &trop);
} else {
n2n_tick_aes(eee, now, &trop);
n2n_tick_twofish(eee, now, &trop);
}
if(trop != eee->tx_transop_idx)
{
eee->tx_transop_idx = trop;
traceEvent(TRACE_NORMAL, "Chose new tx_transop_idx=%u", (unsigned int)(eee->tx_transop_idx));
}
return 0;
}
/* ************************************** */
/** Find the transop op-struct for the transform enumeration required.
*
* @return - index into the transop array, or -1 on failure.
*/
int transop_enum_to_index(n2n_transform_t id) {
switch (id)
{
case N2N_TRANSFORM_ID_TWOFISH:
return N2N_TRANSOP_TF_IDX;
break;
case N2N_TRANSFORM_ID_NULL:
return N2N_TRANSOP_NULL_IDX;
break;
case N2N_TRANSFORM_ID_AESCBC:
return N2N_TRANSOP_AESCBC_IDX;
break;
default:
return -1;
}
}
/* ************************************** */
/** A PACKET has arrived containing an encapsulated ethernet datagram - usually
* encrypted. */
static int handle_PACKET(n2n_edge_t * eee,
const n2n_common_t * cmn,
const n2n_PACKET_t * pkt,
const n2n_sock_t * orig_sender,
uint8_t * payload,
size_t psize) {
ssize_t data_sent_len;
uint8_t from_supernode;
uint8_t * eth_payload=NULL;
int retval = -1;
time_t now;
ether_hdr_t * eh;
ipstr_t ip_buf;
now = time(NULL);
traceEvent(TRACE_DEBUG, "handle_PACKET size %u transform %u",
(unsigned int)psize, (unsigned int)pkt->transform);
/* hexdump(payload, psize); */
from_supernode= cmn->flags & N2N_FLAGS_FROM_SUPERNODE;
if(from_supernode)
{
++(eee->rx_sup);
eee->last_sup=now;
}
else
{
++(eee->rx_p2p);
eee->last_p2p=now;
}
/* Update the sender in peer table entry */
check_peer(eee, from_supernode, pkt->srcMac, orig_sender);
/* Handle transform. */
{
uint8_t decodebuf[N2N_PKT_BUF_SIZE];
size_t eth_size;
int rx_transop_idx;
rx_transop_idx = transop_enum_to_index(pkt->transform);
if(rx_transop_idx >=0)
{
eth_payload = decodebuf;
eh = (ether_hdr_t*)eth_payload;
eth_size = eee->transop[rx_transop_idx].rev(&(eee->transop[rx_transop_idx]),
eth_payload, N2N_PKT_BUF_SIZE,
payload, psize);
++(eee->transop[rx_transop_idx].rx_cnt); /* stats */
if(!(eee->allow_routing)) {
if(ntohs(eh->type) == 0x0800) {
uint32_t *dst = (uint32_t*)ð_payload[ETH_FRAMESIZE + IP4_DSTOFFSET];
/* Note: all elements of the_ip are in network order */
if(*dst != eee->device.ip_addr) {
/* This is a packet that needs to be routed */
traceEvent(TRACE_INFO, "Discarding routed packet [%s]",
intoa(ntohl(*dst), ip_buf, sizeof(ip_buf)));
return(-1);
} else {
/* This packet is directed to us */
/* traceEvent(TRACE_INFO, "Sending non-routed packet"); */
}
}
}
/* Write ethernet packet to tap device. */
traceEvent(TRACE_INFO, "sending to TAP %u", (unsigned int)eth_size);
data_sent_len = tuntap_write(&(eee->device), eth_payload, eth_size);
if (data_sent_len == eth_size)
{
retval = 0;
}
}
else
{
traceEvent(TRACE_ERROR, "handle_PACKET dropped unknown transform enum %u",
(unsigned int)pkt->transform);
}
}
return retval;
}
/* ************************************** */
/** Read a datagram from the management UDP socket and take appropriate
* action. */
static void readFromMgmtSocket(n2n_edge_t * eee, int * keep_running) {
uint8_t udp_buf[N2N_PKT_BUF_SIZE]; /* Compete UDP packet */
ssize_t recvlen;
/* ssize_t sendlen; */
struct sockaddr_in sender_sock;
socklen_t i;
size_t msg_len;
time_t now;
now = time(NULL);
i = sizeof(sender_sock);
recvlen = recvfrom(eee->udp_mgmt_sock, udp_buf, N2N_PKT_BUF_SIZE, 0/*flags*/,
(struct sockaddr *)&sender_sock, (socklen_t*)&i);
if(recvlen < 0)
{
traceEvent(TRACE_ERROR, "mgmt recvfrom failed with %s", strerror(errno));
return; /* failed to receive data from UDP */
}
if(recvlen >= 4)
{
if(0 == memcmp(udp_buf, "stop", 4))
{
traceEvent(TRACE_ERROR, "stop command received.");
*keep_running = 0;
return;
}
if(0 == memcmp(udp_buf, "help", 4))
{
msg_len=0;
++traceLevel;
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"Help for edge management console:\n"
" stop Gracefully exit edge\n"
" help This help message\n"
" +verb Increase verbosity of logging\n"
" -verb Decrease verbosity of logging\n"
" reload Re-read the keyschedule\n"
" Display statistics\n\n");
sendto(eee->udp_mgmt_sock, udp_buf, msg_len, 0/*flags*/,
(struct sockaddr *)&sender_sock, sizeof(struct sockaddr_in));
return;
}
}
if(recvlen >= 5)
{
if(0 == memcmp(udp_buf, "+verb", 5))
{
msg_len=0;
++traceLevel;
traceEvent(TRACE_ERROR, "+verb traceLevel=%u", (unsigned int)traceLevel);
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"> +OK traceLevel=%u\n", (unsigned int)traceLevel);
sendto(eee->udp_mgmt_sock, udp_buf, msg_len, 0/*flags*/,
(struct sockaddr *)&sender_sock, sizeof(struct sockaddr_in));
return;
}
if(0 == memcmp(udp_buf, "-verb", 5))
{
msg_len=0;
if(traceLevel > 0)
{
--traceLevel;
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"> -OK traceLevel=%u\n", traceLevel);
}
else
{
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"> -NOK traceLevel=%u\n", traceLevel);
}
traceEvent(TRACE_ERROR, "-verb traceLevel=%u", (unsigned int)traceLevel);
sendto(eee->udp_mgmt_sock, udp_buf, msg_len, 0/*flags*/,
(struct sockaddr *)&sender_sock, sizeof(struct sockaddr_in));
return;
}
}
if(recvlen >= 6)
{
if(0 == memcmp(udp_buf, "reload", 6))
{
if(strlen(eee->keyschedule) > 0)
{
if(edge_init_keyschedule(eee) == 0)
{
msg_len=0;
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"> OK\n");
sendto(eee->udp_mgmt_sock, udp_buf, msg_len, 0/*flags*/,
(struct sockaddr *)&sender_sock, sizeof(struct sockaddr_in));
}
return;
}
}
}
traceEvent(TRACE_DEBUG, "mgmt status rq");
msg_len=0;
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"Statistics for edge\n");
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"uptime %lu\n",
time(NULL) - eee->start_time);
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"paths super:%u,%u p2p:%u,%u\n",
(unsigned int)eee->tx_sup,
(unsigned int)eee->rx_sup,
(unsigned int)eee->tx_p2p,
(unsigned int)eee->rx_p2p);
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"trans:null |%6u|%6u|\n"
"trans:tf |%6u|%6u|\n"
"trans:aes |%6u|%6u|\n",
(unsigned int)eee->transop[N2N_TRANSOP_NULL_IDX].tx_cnt,
(unsigned int)eee->transop[N2N_TRANSOP_NULL_IDX].rx_cnt,
(unsigned int)eee->transop[N2N_TRANSOP_TF_IDX].tx_cnt,
(unsigned int)eee->transop[N2N_TRANSOP_TF_IDX].rx_cnt,
(unsigned int)eee->transop[N2N_TRANSOP_AESCBC_IDX].tx_cnt,
(unsigned int)eee->transop[N2N_TRANSOP_AESCBC_IDX].rx_cnt);
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"peers pend:%u full:%u\n",
(unsigned int)peer_list_size(eee->pending_peers),
(unsigned int)peer_list_size(eee->known_peers));
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"last super:%lu(%ld sec ago) p2p:%lu(%ld sec ago)\n",
eee->last_sup, (now-eee->last_sup), eee->last_p2p,
(now-eee->last_p2p));
traceEvent(TRACE_DEBUG, "mgmt status sending: %s", udp_buf);
/* sendlen = */ sendto(eee->udp_mgmt_sock, udp_buf, msg_len, 0/*flags*/,
(struct sockaddr *)&sender_sock, sizeof(struct sockaddr_in));
}
/* ************************************** */
/** Destination MAC 33:33:0:00:00:00 - 33:33:FF:FF:FF:FF is reserved for IPv6
* neighbour discovery.
*/
static int is_ip6_discovery(const void * buf, size_t bufsize) {
int retval = 0;
if(bufsize >= sizeof(ether_hdr_t)) {
/* copy to aligned memory */
ether_hdr_t eh;
memcpy(&eh, buf, sizeof(ether_hdr_t));
if((0x33 == eh.dhost[0]) && (0x33 == eh.dhost[1]))
retval = 1; /* This is an IPv6 multicast packet [RFC2464]. */
}
return retval;
}
/* ************************************** */
/** Destination 01:00:5E:00:00:00 - 01:00:5E:7F:FF:FF is multicast ethernet.
*/
static int is_ethMulticast(const void * buf, size_t bufsize) {
int retval = 0;
/* Match 01:00:5E:00:00:00 - 01:00:5E:7F:FF:FF */
if(bufsize >= sizeof(ether_hdr_t)) {
/* copy to aligned memory */
ether_hdr_t eh;
memcpy(&eh, buf, sizeof(ether_hdr_t));
if((0x01 == eh.dhost[0]) &&
(0x00 == eh.dhost[1]) &&
(0x5E == eh.dhost[2]) &&
(0 == (0x80 & eh.dhost[3])))
retval = 1; /* This is an ethernet multicast packet [RFC1112]. */
}
return retval;
}
/* ************************************** */
/* Choose the transop for Tx. This should be based on the newest valid
* cipherspec in the key schedule.
*
* Never fall back to NULL tranform unless no key sources were specified. It is
* better to render edge inoperative than to expose user data in the clear. In
* the case where all SAs are expired an arbitrary transform will be chosen for
* Tx. It will fail having no valid SAs but one must be selected.
*/
static size_t edge_choose_tx_transop(const n2n_edge_t * eee) {
if(eee->null_transop)
{
return N2N_TRANSOP_NULL_IDX;
}
return eee->tx_transop_idx;
}
/* ************************************** */
/* @return 1 if destination is a peer, 0 if destination is supernode */
static int find_peer_destination(n2n_edge_t * eee,
n2n_mac_t mac_address,
n2n_sock_t * destination) {
const struct peer_info *scan = eee->known_peers;
macstr_t mac_buf;
n2n_sock_str_t sockbuf;
int retval=0;
traceEvent(TRACE_DEBUG, "Searching destination peer for MAC %02X:%02X:%02X:%02X:%02X:%02X",
mac_address[0] & 0xFF, mac_address[1] & 0xFF, mac_address[2] & 0xFF,
mac_address[3] & 0xFF, mac_address[4] & 0xFF, mac_address[5] & 0xFF);
while(scan != NULL) {
traceEvent(TRACE_DEBUG, "Evaluating peer [MAC=%02X:%02X:%02X:%02X:%02X:%02X]",
scan->mac_addr[0] & 0xFF, scan->mac_addr[1] & 0xFF, scan->mac_addr[2] & 0xFF,
scan->mac_addr[3] & 0xFF, scan->mac_addr[4] & 0xFF, scan->mac_addr[5] & 0xFF
);
if((scan->last_seen > 0) &&
(memcmp(mac_address, scan->mac_addr, N2N_MAC_SIZE) == 0))
{
memcpy(destination, &scan->sock, sizeof(n2n_sock_t));
retval=1;
break;
}
scan = scan->next;
}
if(0 == retval)
{
memcpy(destination, &(eee->supernode), sizeof(struct sockaddr_in));
}
traceEvent(TRACE_DEBUG, "find_peer_address (%s) -> [%s]",
macaddr_str(mac_buf, mac_address),
sock_to_cstr(sockbuf, destination));
return retval;
}
/* ***************************************************** */
/** Send an ecapsulated ethernet PACKET to a destination edge or broadcast MAC
* address. */
static int send_packet(n2n_edge_t * eee,
n2n_mac_t dstMac,
const uint8_t * pktbuf,
size_t pktlen) {
int dest;
/*ssize_t s; */
n2n_sock_str_t sockbuf;
n2n_sock_t destination;
/* hexdump(pktbuf, pktlen); */
dest = find_peer_destination(eee, dstMac, &destination);
if(dest)
++(eee->tx_p2p);
else
++(eee->tx_sup);
traceEvent(TRACE_INFO, "send_packet to %s", sock_to_cstr(sockbuf, &destination));
/* s = */ sendto_sock(eee->udp_sock, pktbuf, pktlen, &destination);
return 0;
}
/* ************************************** */
/** A layer-2 packet was received at the tunnel and needs to be sent via UDP. */
void send_packet2net(n2n_edge_t * eee,
uint8_t *tap_pkt, size_t len) {
ipstr_t ip_buf;
n2n_mac_t destMac;
n2n_common_t cmn;
n2n_PACKET_t pkt;
uint8_t pktbuf[N2N_PKT_BUF_SIZE];
size_t idx=0;
size_t tx_transop_idx=0;
ether_hdr_t eh;
/* tap_pkt is not aligned so we have to copy to aligned memory */
memcpy(&eh, tap_pkt, sizeof(ether_hdr_t));
/* Discard IP packets that are not originated by this hosts */
if(!(eee->allow_routing)) {
if(ntohs(eh.type) == 0x0800) {
/* This is an IP packet from the local source address - not forwarded. */
uint32_t *src = (uint32_t*)&tap_pkt[ETH_FRAMESIZE + IP4_SRCOFFSET];
/* Note: all elements of the_ip are in network order */
if(*src != eee->device.ip_addr) {
/* This is a packet that needs to be routed */
traceEvent(TRACE_INFO, "Discarding routed packet [%s]",
intoa(ntohl(*src), ip_buf, sizeof(ip_buf)));
return;
} else {
/* This packet is originated by us */
/* traceEvent(TRACE_INFO, "Sending non-routed packet"); */
}
}
}
/* Optionally compress then apply transforms, eg encryption. */
/* Once processed, send to destination in PACKET */
memcpy(destMac, tap_pkt, N2N_MAC_SIZE); /* dest MAC is first in ethernet header */
memset(&cmn, 0, sizeof(cmn));
cmn.ttl = N2N_DEFAULT_TTL;
cmn.pc = n2n_packet;
cmn.flags=0; /* no options, not from supernode, no socket */
memcpy(cmn.community, eee->community_name, N2N_COMMUNITY_SIZE);
memset(&pkt, 0, sizeof(pkt));
memcpy(pkt.srcMac, eee->device.mac_addr, N2N_MAC_SIZE);
memcpy(pkt.dstMac, destMac, N2N_MAC_SIZE);
tx_transop_idx = edge_choose_tx_transop(eee);
pkt.sock.family=0; /* do not encode sock */
pkt.transform = eee->transop[tx_transop_idx].transform_id;
idx=0;
encode_PACKET(pktbuf, &idx, &cmn, &pkt);
traceEvent(TRACE_DEBUG, "encoded PACKET header of size=%u transform %u (idx=%u)",
(unsigned int)idx, (unsigned int)pkt.transform, (unsigned int)tx_transop_idx);
idx += eee->transop[tx_transop_idx].fwd(&(eee->transop[tx_transop_idx]),
pktbuf+idx, N2N_PKT_BUF_SIZE-idx,
tap_pkt, len);
++(eee->transop[tx_transop_idx].tx_cnt); /* stats */
send_packet(eee, destMac, pktbuf, idx); /* to peer or supernode */
}
/* ************************************** */
/** Read a single packet from the TAP interface, process it and write out the
* corresponding packet to the cooked socket.
*/
static void readFromTAPSocket(n2n_edge_t * eee) {
/* tun -> remote */
uint8_t eth_pkt[N2N_PKT_BUF_SIZE];
macstr_t mac_buf;
ssize_t len;
#ifdef __ANDROID_NDK__
if (uip_arp_len != 0) {
len = uip_arp_len;
memcpy(eth_pkt, uip_arp_buf, MIN(uip_arp_len, N2N_PKT_BUF_SIZE));
traceEvent(TRACE_DEBUG, "ARP reply packet to send");
}
else
{
#endif /* #ifdef __ANDROID_NDK__ */
len = tuntap_read( &(eee->device), eth_pkt, N2N_PKT_BUF_SIZE );
#ifdef __ANDROID_NDK__
}
#endif /* #ifdef __ANDROID_NDK__ */
if((len <= 0) || (len > N2N_PKT_BUF_SIZE))
{
traceEvent(TRACE_WARNING, "read()=%d [%d/%s]",
(signed int)len, errno, strerror(errno));
}
else
{
const uint8_t * mac = eth_pkt;
traceEvent(TRACE_INFO, "### Rx TAP packet (%4d) for %s",
(signed int)len, macaddr_str(mac_buf, mac));
if(eee->drop_multicast &&
(is_ip6_discovery(eth_pkt, len) ||
is_ethMulticast(eth_pkt, len)
)
)
{
traceEvent(TRACE_DEBUG, "Dropping multicast");
}
else
{
send_packet2net(eee, eth_pkt, len);
}
}
}
/* ************************************** */
#ifdef WIN32
static DWORD tunReadThread(LPVOID lpArg) {
n2n_edge_t *eee = (n2n_edge_t*)lpArg;
while(1)
readFromTAPSocket(eee);
return((DWORD)NULL);
}
/* ************************************** */
/** Start a second thread in Windows because TUNTAP interfaces do not expose
* file descriptors. */
static void startTunReadThread(n2n_edge_t *eee) {
HANDLE hThread;
DWORD dwThreadId;
hThread = CreateThread(NULL, /* security attributes */
0, /* use default stack size */
(LPTHREAD_START_ROUTINE)tunReadThread, /* thread function */
(void*)eee, /* argument to thread function */
0, /* thread creation flags */
&dwThreadId); /* thread id out */
}
#endif
/* ************************************** */
/** Read a datagram from the main UDP socket to the internet. */
static void readFromIPSocket(n2n_edge_t * eee, int in_sock) {
n2n_common_t cmn; /* common fields in the packet header */
n2n_sock_str_t sockbuf1;
n2n_sock_str_t sockbuf2; /* don't clobber sockbuf1 if writing two addresses to trace */
macstr_t mac_buf1;
macstr_t mac_buf2;
uint8_t udp_buf[N2N_PKT_BUF_SIZE]; /* Compete UDP packet */
ssize_t recvlen;
size_t rem;
size_t idx;
size_t msg_type;
uint8_t from_supernode;
struct sockaddr_in sender_sock;
n2n_sock_t sender;
n2n_sock_t * orig_sender=NULL;
time_t now=0;
size_t i;
i = sizeof(sender_sock);
recvlen = recvfrom(in_sock, udp_buf, N2N_PKT_BUF_SIZE, 0/*flags*/,
(struct sockaddr *)&sender_sock, (socklen_t*)&i);
if(recvlen < 0) {
traceEvent(TRACE_ERROR, "recvfrom failed with %s", strerror(errno));
return; /* failed to receive data from UDP */
}
/* REVISIT: when UDP/IPv6 is supported we will need a flag to indicate which
* IP transport version the packet arrived on. May need to UDP sockets. */
sender.family = AF_INET; /* UDP socket was opened PF_INET v4 */
sender.port = ntohs(sender_sock.sin_port);
memcpy(&(sender.addr.v4), &(sender_sock.sin_addr.s_addr), IPV4_SIZE);
/* The packet may not have an orig_sender socket spec. So default to last
* hop as sender. */
orig_sender=&sender;
traceEvent(TRACE_INFO, "### Rx N2N UDP (%d) from %s",
(signed int)recvlen, sock_to_cstr(sockbuf1, &sender));
/* hexdump(udp_buf, recvlen); */
rem = recvlen; /* Counts down bytes of packet to protect against buffer overruns. */
idx = 0; /* marches through packet header as parts are decoded. */
if(decode_common(&cmn, udp_buf, &rem, &idx) < 0)
{
traceEvent(TRACE_ERROR, "Failed to decode common section in N2N_UDP");
return; /* failed to decode packet */
}
now = time(NULL);
msg_type = cmn.pc; /* packet code */
from_supernode= cmn.flags & N2N_FLAGS_FROM_SUPERNODE;
if(0 == memcmp(cmn.community, eee->community_name, N2N_COMMUNITY_SIZE)) {
if(msg_type == MSG_TYPE_PACKET) {
/* process PACKET - most frequent so first in list. */
n2n_PACKET_t pkt;
decode_PACKET(&pkt, &cmn, udp_buf, &rem, &idx);
if(pkt.sock.family)
{
orig_sender = &(pkt.sock);
}
traceEvent(TRACE_INFO, "Rx PACKET from %s (%s)",
sock_to_cstr(sockbuf1, &sender),
sock_to_cstr(sockbuf2, orig_sender));
handle_PACKET(eee, &cmn, &pkt, orig_sender, udp_buf+idx, recvlen-idx);
} else if(msg_type == MSG_TYPE_REGISTER) {
/* Another edge is registering with us */
n2n_REGISTER_t reg;
n2n_mac_t null_mac = { '\0' };
int skip_register = 0;
decode_REGISTER(®, &cmn, udp_buf, &rem, &idx);
if(reg.sock.family)
orig_sender = &(reg.sock);
traceEvent(TRACE_INFO, "Rx REGISTER src=%s dst=%s from peer %s (%s)",
macaddr_str(mac_buf1, reg.srcMac),
macaddr_str(mac_buf2, reg.dstMac),
sock_to_cstr(sockbuf1, &sender),
sock_to_cstr(sockbuf2, orig_sender));
if(!memcmp(reg.dstMac, eee->device.mac_addr, 6))
check_peer(eee, from_supernode, reg.srcMac, orig_sender);
else if(// (sender.port == N2N_MULTICAST_PORT) &&
(!memcmp(reg.dstMac, null_mac, 6))) { /* Announce via a multicast socket */
if(memcmp(reg.srcMac, eee->device.mac_addr, 6)) /* It's not our self-announce */
check_peer(eee, from_supernode, reg.srcMac, orig_sender);
else {
traceEvent(TRACE_INFO, "Skipping REGISTER from self");
skip_register = 1; /* do not register with ourselves */
}
}
if(!skip_register)
send_register_ack(eee, orig_sender, ®);
}
else if(msg_type == MSG_TYPE_REGISTER_ACK)
{
/* Peer edge is acknowledging our register request */
n2n_REGISTER_ACK_t ra;
decode_REGISTER_ACK(&ra, &cmn, udp_buf, &rem, &idx);
if(ra.sock.family)
orig_sender = &(ra.sock);
traceEvent(TRACE_INFO, "Rx REGISTER_ACK src=%s dst=%s from peer %s (%s)",
macaddr_str(mac_buf1, ra.srcMac),
macaddr_str(mac_buf2, ra.dstMac),
sock_to_cstr(sockbuf1, &sender),
sock_to_cstr(sockbuf2, orig_sender));
/* Move from pending_peers to known_peers; ignore if not in pending. */
set_peer_operational(eee, ra.srcMac, &sender);
}
else if(msg_type == MSG_TYPE_REGISTER_SUPER_ACK)
{
n2n_REGISTER_SUPER_ACK_t ra;
if(eee->sn_wait)
{
decode_REGISTER_SUPER_ACK(&ra, &cmn, udp_buf, &rem, &idx);
if(ra.sock.family)
{
orig_sender = &(ra.sock);
}
traceEvent(TRACE_NORMAL, "Rx REGISTER_SUPER_ACK myMAC=%s [%s] (external %s). Attempts %u",
macaddr_str(mac_buf1, ra.edgeMac),
sock_to_cstr(sockbuf1, &sender),
sock_to_cstr(sockbuf2, orig_sender),
(unsigned int)eee->sup_attempts);
if(0 == memcmp(ra.cookie, eee->last_cookie, N2N_COOKIE_SIZE))
{
if(ra.num_sn > 0)
{
traceEvent(TRACE_NORMAL, "Rx REGISTER_SUPER_ACK backup supernode at %s",
sock_to_cstr(sockbuf1, &(ra.sn_bak)));
}
eee->last_sup = now;
eee->sn_wait=0;
eee->sup_attempts = N2N_EDGE_SUP_ATTEMPTS; /* refresh because we got a response */
/* REVISIT: store sn_back */
eee->register_lifetime = ra.lifetime;
eee->register_lifetime = MAX(eee->register_lifetime, REGISTER_SUPER_INTERVAL_MIN);
eee->register_lifetime = MIN(eee->register_lifetime, REGISTER_SUPER_INTERVAL_MAX);
}
else
{
traceEvent(TRACE_WARNING, "Rx REGISTER_SUPER_ACK with wrong or old cookie.");
}
}
else
{
traceEvent(TRACE_WARNING, "Rx REGISTER_SUPER_ACK with no outstanding REGISTER_SUPER.");
}
}
else
{
/* Not a known message type */
traceEvent(TRACE_WARNING, "Unable to handle packet type %d: ignored", (signed int)msg_type);
return;
}
} /* if (community match) */
else
{
traceEvent(TRACE_WARNING, "Received packet with invalid community");
}
}
/* ************************************** */
int run_edge_loop(n2n_edge_t * eee, int *keep_running) {
size_t numPurged;
time_t lastIfaceCheck=0;
time_t lastTransop=0;
#ifdef __ANDROID_NDK__
time_t lastArpPeriod=0;
#endif
#ifdef WIN32
startTunReadThread(eee);
#endif
*keep_running = 1;
/* Main loop
*
* select() is used to wait for input on either the TAP fd or the UDP/TCP
* socket. When input is present the data is read and processed by either
* readFromIPSocket() or readFromTAPSocket()
*/
while(*keep_running) {
int rc, max_sock = 0;
fd_set socket_mask;
struct timeval wait_time;
time_t nowTime;
FD_ZERO(&socket_mask);
FD_SET(eee->udp_sock, &socket_mask);
FD_SET(eee->udp_mgmt_sock, &socket_mask);
max_sock = max(eee->udp_sock, eee->udp_mgmt_sock);
FD_SET(eee->udp_multicast_sock, &socket_mask);
max_sock = max(eee->udp_sock, eee->udp_multicast_sock);
#ifndef WIN32
FD_SET(eee->device.fd, &socket_mask);
max_sock = max(max_sock, eee->device.fd);
#endif
wait_time.tv_sec = SOCKET_TIMEOUT_INTERVAL_SECS; wait_time.tv_usec = 0;
rc = select(max_sock+1, &socket_mask, NULL, NULL, &wait_time);
nowTime=time(NULL);
/* Make sure ciphers are updated before the packet is treated. */
if((nowTime - lastTransop) > TRANSOP_TICK_INTERVAL) {
lastTransop = nowTime;
n2n_tick_transop(eee, nowTime);
}
if(rc > 0) {
/* Any or all of the FDs could have input; check them all. */
if(FD_ISSET(eee->udp_sock, &socket_mask)) {
/* Read a cooked socket from the internet socket (unicast). Writes on the TAP
* socket. */
readFromIPSocket(eee, eee->udp_sock);
}
if(FD_ISSET(eee->udp_multicast_sock, &socket_mask)) {
/* Read a cooked socket from the internet socket (multicast). Writes on the TAP
* socket. */
traceEvent(TRACE_INFO, "Received packet from multicast socket");
readFromIPSocket(eee, eee->udp_multicast_sock);
}
#ifdef __ANDROID_NDK__
if (uip_arp_len != 0) {
readFromTAPSocket(eee);
uip_arp_len = 0;
}
#endif /* #ifdef __ANDROID_NDK__ */
if(FD_ISSET(eee->udp_mgmt_sock, &socket_mask)) {
/* Read a cooked socket from the internet socket. Writes on the TAP
* socket. */
readFromMgmtSocket(eee, keep_running);
}
#ifndef WIN32
if(FD_ISSET(eee->device.fd, &socket_mask)) {
/* Read an ethernet frame from the TAP socket. Write on the IP
* socket. */
readFromTAPSocket(eee);
}
#endif
}
/* Finished processing select data. */
update_supernode_reg(eee, nowTime);
numPurged = purge_expired_registrations(&(eee->known_peers));
numPurged += purge_expired_registrations(&(eee->pending_peers));
if(numPurged > 0) {
traceEvent(TRACE_NORMAL, "Peer removed: pending=%u, operational=%u",
(unsigned int)peer_list_size(eee->pending_peers),
(unsigned int)peer_list_size(eee->known_peers));
}
if(eee->dyn_ip_mode &&
((nowTime - lastIfaceCheck) > IFACE_UPDATE_INTERVAL)) {
traceEvent(TRACE_NORMAL, "Re-checking dynamic IP address.");
tuntap_get_address(&(eee->device));
lastIfaceCheck = nowTime;
}
#ifdef __ANDROID_NDK__
if ((nowTime - lastArpPeriod) > ARP_PERIOD_INTERVAL) {
uip_arp_timer();
lastArpPeriod = nowTime;
}
#endif /* #ifdef __ANDROID_NDK__ */
} /* while */
send_deregister(eee, &(eee->supernode));
closesocket(eee->udp_sock);
tuntap_close(&(eee->device));
edge_term(eee);
return(0);
}
/* ************************************** */
/** Read in a key-schedule file, parse the lines and pass each line to the
* appropriate trans_op for parsing of key-data and adding key-schedule
* entries. The lookup table of time->trans_op is constructed such that
* encoding can be passed to the correct trans_op. The trans_op internal table
* will then determine the best SA for that trans_op from the key schedule to
* use for encoding. */
int edge_init_keyschedule(n2n_edge_t * eee) {
#define N2N_NUM_CIPHERSPECS 32
int retval = -1;
ssize_t numSpecs=0;
n2n_cipherspec_t specs[N2N_NUM_CIPHERSPECS];
size_t i;
time_t now = time(NULL);
numSpecs = n2n_read_keyfile(specs, N2N_NUM_CIPHERSPECS, eee->keyschedule);
if(numSpecs > 0)
{
traceEvent(TRACE_NORMAL, "keyfile = %s read -> %d specs.\n", optarg, (signed int)numSpecs);
for (i=0; i < (size_t)numSpecs; ++i)
{
int idx;
idx = transop_enum_to_index(specs[i].t);
switch (idx)
{
case N2N_TRANSOP_TF_IDX:
case N2N_TRANSOP_AESCBC_IDX:
{
retval = (eee->transop[idx].addspec)(&(eee->transop[idx]),
&(specs[i]));
break;
}
default:
retval = -1;
}
if (0 != retval)
{
traceEvent(TRACE_ERROR, "keyschedule failed to add spec[%u] to transop[%d].\n",
(unsigned int)i, idx);
return retval;
}
}
n2n_tick_transop(eee, now);
}
else
traceEvent(TRACE_ERROR, "Failed to process '%s'", eee->keyschedule);
return retval;
}
/* ************************************** */
/** Deinitialise the edge and deallocate any owned memory. */
void edge_term(n2n_edge_t * eee) {
if(eee->udp_sock >= 0)
closesocket(eee->udp_sock);
if(eee->udp_mgmt_sock >= 0)
closesocket(eee->udp_mgmt_sock);
if(eee->udp_multicast_sock >= 0)
closesocket(eee->udp_multicast_sock);
clear_peer_list(&(eee->pending_peers));
clear_peer_list(&(eee->known_peers));
(eee->transop[N2N_TRANSOP_TF_IDX].deinit)(&eee->transop[N2N_TRANSOP_TF_IDX]);
(eee->transop[N2N_TRANSOP_NULL_IDX].deinit)(&eee->transop[N2N_TRANSOP_NULL_IDX]);
}
/* ************************************** */
const char *random_device_mac(void)
{
const char key[] = "0123456789abcdef";
static char mac[18];
int i;
srand(getpid());
for (i = 0; i < sizeof(mac) - 1; ++i) {
if ((i + 1) % 3 == 0) {
mac[i] = ':';
continue;
}
#ifdef WIN32
#define random() rand()
#endif
mac[i] = key[random() % sizeof(key)];
#ifdef WIN32
#undef random()
#endif
}
mac[sizeof(mac) - 1] = '\0';
return mac;
}
/* ************************************** */
int quick_edge_init(char *device_name, char *community_name,
char *encrypt_key, char *device_mac,
char *local_ip_address,
char *supernode_ip_address_port,
int *keep_on_running) {
n2n_edge_t eee;
edge_init(&eee);
if(tuntap_open(&(eee.device), device_name, "static",
local_ip_address, "255.255.255.0",
device_mac, DEFAULT_MTU) < 0)
return(-1);
if(edge_init_aes_psk(&eee, (uint8_t *)encrypt_key, strlen(encrypt_key)) < 0)
return(-2);
if(edge_init_twofish_psk(&eee, (uint8_t *)encrypt_key, strlen(encrypt_key)) < 0)
return(-2);
snprintf((char*)eee.community_name, sizeof(eee.community_name), "%s", community_name);
supernode2addr(&(eee.supernode), supernode_ip_address_port);
eee.udp_sock = open_socket(0 /* any port */, 1 /* bind ANY */);
if(eee.udp_sock < 0)
return(-3);
eee.udp_mgmt_sock = open_socket(0 /* any port */, 0 /* bind LOOPBACK */);
if(eee.udp_mgmt_sock < 0)
return(-4);
eee.udp_multicast_sock = open_socket(N2N_MULTICAST_PORT, 1 /* bind ANY */);
if(eee.udp_multicast_sock < 0)
return(-5);
else {
/* Bind eee.udp_multicast_sock to multicast group */
struct ip_mreq mreq;
u_int enable_reuse = 1;
/* allow multiple sockets to use the same PORT number */
setsockopt(eee.udp_multicast_sock, SOL_SOCKET, SO_REUSEADDR, &enable_reuse, sizeof(enable_reuse));
setsockopt(eee.udp_multicast_sock, SOL_SOCKET, SO_REUSEPORT, &enable_reuse, sizeof(enable_reuse));
mreq.imr_multiaddr.s_addr = inet_addr(N2N_MULTICAST_GROUP);
mreq.imr_interface.s_addr = htonl(INADDR_ANY);
if (setsockopt(eee.udp_multicast_sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) {
traceEvent(TRACE_ERROR, "Failed to bind to local multicast group %s:%u",
N2N_MULTICAST_GROUP, N2N_MULTICAST_PORT);
return(-6);
}
}
update_supernode_reg(&eee, time(NULL));
return(run_edge_loop(&eee, keep_on_running));
}