mirror of
https://github.com/servalproject/serval-dna.git
synced 2025-01-03 03:46:47 +00:00
a95ef79139
Remove stowSid() at last Change API of tohex() and strbuf_tohex(), to pass string length instead of binary byte count. This allows odd numbers of hex digits to be produced. Remove alloca_tohex_sid(); replace with alloca_tohex_sid_t() New alloca_tohex_sid_t_trunc() macro
398 lines
12 KiB
C
398 lines
12 KiB
C
#include "serval.h"
|
|
#include "conf.h"
|
|
#include "str.h"
|
|
#include "overlay_address.h"
|
|
#include "overlay_buffer.h"
|
|
#include "overlay_packet.h"
|
|
|
|
#define MIN_BURST_LENGTH 5000
|
|
|
|
struct probe_contents{
|
|
struct sockaddr_in addr;
|
|
unsigned char interface;
|
|
};
|
|
|
|
static void update_limit_state(struct limit_state *state, time_ms_t now){
|
|
if (state->next_interval > now || state->burst_size==0){
|
|
return;
|
|
}
|
|
|
|
if (state->next_interval + state->burst_length>now)
|
|
state->next_interval+=state->burst_length;
|
|
else
|
|
state->next_interval=now + state->burst_length;
|
|
|
|
state->sent = 0;
|
|
}
|
|
|
|
/* When should we next allow this thing to occur? */
|
|
time_ms_t limit_next_allowed(struct limit_state *state){
|
|
time_ms_t now = gettime_ms();
|
|
if (!state->burst_length)
|
|
return now;
|
|
update_limit_state(state, now);
|
|
|
|
if (state->sent < state->burst_size)
|
|
return now;
|
|
return state->next_interval;
|
|
}
|
|
|
|
/* Can we do this now? if so, track it */
|
|
int limit_is_allowed(struct limit_state *state){
|
|
time_ms_t now = gettime_ms();
|
|
if (!state->burst_length)
|
|
return 0;
|
|
update_limit_state(state, now);
|
|
if (state->sent >= state->burst_size){
|
|
return -1;
|
|
}
|
|
state->sent ++;
|
|
return 0;
|
|
}
|
|
|
|
/* Initialise burst size and length based on the number we can do in one MIN_BURST */
|
|
int limit_init(struct limit_state *state, int rate_micro_seconds){
|
|
if (rate_micro_seconds==0){
|
|
state->burst_size=0;
|
|
state->burst_length=1;
|
|
}else{
|
|
state->burst_size = (MIN_BURST_LENGTH / rate_micro_seconds)+1;
|
|
state->burst_length = (state->burst_size * rate_micro_seconds) / 1000.0;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int set_reachable(struct subscriber *subscriber,
|
|
struct network_destination *destination, struct subscriber *next_hop){
|
|
|
|
int reachable = REACHABLE_NONE;
|
|
if (destination)
|
|
reachable = destination->unicast?REACHABLE_UNICAST:REACHABLE_BROADCAST;
|
|
else if(next_hop)
|
|
reachable = REACHABLE_INDIRECT;
|
|
|
|
if (subscriber->reachable==reachable
|
|
&& subscriber->next_hop==next_hop
|
|
&& subscriber->destination == destination)
|
|
return 0;
|
|
|
|
int old_value = subscriber->reachable;
|
|
subscriber->reachable = reachable;
|
|
set_destination_ref(&subscriber->destination, destination);
|
|
subscriber->next_hop = next_hop;
|
|
|
|
// These log messages are for use in tests. Changing them may break test scripts.
|
|
if (config.debug.overlayrouting || config.debug.linkstate) {
|
|
switch (reachable) {
|
|
case REACHABLE_NONE:
|
|
DEBUGF("NOT REACHABLE sid=%s", alloca_tohex_sid_t(subscriber->sid));
|
|
break;
|
|
case REACHABLE_INDIRECT:
|
|
DEBUGF("REACHABLE INDIRECTLY sid=%s, via %s",
|
|
alloca_tohex_sid_t(subscriber->sid), alloca_tohex_sid_t(next_hop->sid));
|
|
break;
|
|
case REACHABLE_UNICAST:
|
|
DEBUGF("REACHABLE VIA UNICAST sid=%s, on %s ", alloca_tohex_sid_t(subscriber->sid), destination->interface->name);
|
|
break;
|
|
case REACHABLE_BROADCAST:
|
|
DEBUGF("REACHABLE VIA BROADCAST sid=%s, on %s ", alloca_tohex_sid_t(subscriber->sid), destination->interface->name);
|
|
break;
|
|
}
|
|
}
|
|
|
|
/* Pre-emptively send a sas request */
|
|
if (!subscriber->sas_valid && reachable&REACHABLE)
|
|
keyring_send_sas_request(subscriber);
|
|
|
|
// Hacky layering violation... send our identity to a directory service
|
|
if (subscriber==directory_service)
|
|
directory_registration();
|
|
|
|
if ((old_value & REACHABLE) && (!(reachable & REACHABLE)))
|
|
monitor_announce_unreachable_peer(&subscriber->sid);
|
|
if ((!(old_value & REACHABLE)) && (reachable & REACHABLE))
|
|
monitor_announce_peer(&subscriber->sid);
|
|
|
|
return 1;
|
|
}
|
|
|
|
int resolve_name(const char *name, struct in_addr *addr){
|
|
// TODO this can block, move to worker thread.
|
|
IN();
|
|
int ret=0;
|
|
struct addrinfo hint={
|
|
.ai_family=AF_INET,
|
|
};
|
|
struct addrinfo *addresses=NULL;
|
|
if (getaddrinfo(name, NULL, &hint, &addresses))
|
|
RETURN(WHYF("Failed to resolve %s",name));
|
|
|
|
if (addresses->ai_addr->sa_family==AF_INET){
|
|
*addr = ((struct sockaddr_in *)addresses->ai_addr)->sin_addr;
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Resolved %s into %s", name, inet_ntoa(*addr));
|
|
|
|
}else
|
|
ret=WHY("Ignoring non IPv4 address");
|
|
|
|
freeaddrinfo(addresses);
|
|
RETURN(ret);
|
|
OUT();
|
|
}
|
|
|
|
// load a unicast address from configuration
|
|
int load_subscriber_address(struct subscriber *subscriber)
|
|
{
|
|
if (!subscriber || subscriber->reachable&REACHABLE)
|
|
return 0;
|
|
int i = config_host_list__get(&config.hosts, &subscriber->sid);
|
|
// No unicast configuration? just return.
|
|
if (i == -1)
|
|
return 1;
|
|
const struct config_host *hostc = &config.hosts.av[i].value;
|
|
overlay_interface *interface = NULL;
|
|
if (*hostc->interface){
|
|
interface = overlay_interface_find_name(hostc->interface);
|
|
if (!interface)
|
|
return WHY("Can't fund configured interface");
|
|
}
|
|
struct sockaddr_in addr;
|
|
bzero(&addr, sizeof(addr));
|
|
addr.sin_family = AF_INET;
|
|
addr.sin_addr = hostc->address;
|
|
addr.sin_port = htons(hostc->port);
|
|
if (addr.sin_addr.s_addr==INADDR_NONE){
|
|
if (interface || overlay_interface_get_default()){
|
|
if (resolve_name(hostc->host, &addr.sin_addr))
|
|
return -1;
|
|
}else{
|
|
// interface isnt up yet
|
|
return 1;
|
|
}
|
|
}
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Loaded address %s:%d for %s", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port), alloca_tohex_sid_t(subscriber->sid));
|
|
struct network_destination *destination = create_unicast_destination(addr, interface);
|
|
if (!destination)
|
|
return -1;
|
|
int ret=overlay_send_probe(subscriber, destination, OQ_MESH_MANAGEMENT);
|
|
release_destination_ref(destination);
|
|
return ret;
|
|
}
|
|
|
|
/* Collection of unicast echo responses to detect working links */
|
|
int
|
|
overlay_mdp_service_probe(struct overlay_frame *frame, overlay_mdp_frame *mdp)
|
|
{
|
|
IN();
|
|
if (mdp->out.src.port!=MDP_PORT_ECHO || mdp->out.payload_length != sizeof(struct probe_contents)){
|
|
WARN("Probe packets should be returned from remote echo port");
|
|
RETURN(-1);
|
|
}
|
|
|
|
if (frame->source->reachable == REACHABLE_SELF)
|
|
RETURN(0);
|
|
|
|
struct probe_contents probe;
|
|
bcopy(&mdp->out.payload, &probe, sizeof(struct probe_contents));
|
|
if (probe.addr.sin_family!=AF_INET)
|
|
RETURN(WHY("Unsupported address family"));
|
|
|
|
RETURN(link_unicast_ack(frame->source, &overlay_interfaces[probe.interface], probe.addr));
|
|
OUT();
|
|
}
|
|
|
|
int overlay_send_probe(struct subscriber *peer, struct network_destination *destination, int queue){
|
|
// never send unicast probes over a stream interface
|
|
if (destination->interface->socket_type==SOCK_STREAM)
|
|
return 0;
|
|
|
|
time_ms_t now = gettime_ms();
|
|
// though unicast probes don't typically use the same network destination,
|
|
// we should still try to throttle when we can
|
|
if (destination->last_tx + destination->tick_ms > now)
|
|
return -1;
|
|
|
|
struct overlay_frame *frame=malloc(sizeof(struct overlay_frame));
|
|
bzero(frame,sizeof(struct overlay_frame));
|
|
frame->type=OF_TYPE_DATA;
|
|
frame->source = my_subscriber;
|
|
frame->next_hop = frame->destination = peer;
|
|
frame->ttl=1;
|
|
frame->queue=queue;
|
|
frame->destinations[frame->destination_count++].destination=add_destination_ref(destination);
|
|
frame->payload = ob_new();
|
|
frame->source_full = 1;
|
|
// TODO call mdp payload encryption / signing without calling overlay_mdp_dispatch...
|
|
|
|
if (overlay_mdp_encode_ports(frame->payload, MDP_PORT_ECHO, MDP_PORT_PROBE)){
|
|
op_free(frame);
|
|
return -1;
|
|
}
|
|
// not worried about byte order here as we are the only node that should be parsing the contents.
|
|
unsigned char *dst=ob_append_space(frame->payload, sizeof(struct probe_contents));
|
|
if (!dst){
|
|
op_free(frame);
|
|
return -1;
|
|
}
|
|
struct probe_contents probe;
|
|
probe.addr=destination->address;
|
|
// get interface number
|
|
probe.interface = destination->interface - overlay_interfaces;
|
|
bcopy(&probe, dst, sizeof(struct probe_contents));
|
|
if (overlay_payload_enqueue(frame)){
|
|
op_free(frame);
|
|
return -1;
|
|
}
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Queued probe packet on interface %s to %s:%d for %s",
|
|
destination->interface->name,
|
|
inet_ntoa(destination->address.sin_addr), ntohs(destination->address.sin_port),
|
|
peer?alloca_tohex_sid_t(peer->sid):"ANY");
|
|
return 0;
|
|
}
|
|
|
|
// append the address of a unicast link into a packet buffer
|
|
static int overlay_append_unicast_address(struct subscriber *subscriber, struct overlay_buffer *buff)
|
|
{
|
|
if (subscriber->destination
|
|
&& subscriber->destination->unicast
|
|
&& subscriber->destination->address.sin_family==AF_INET){
|
|
if (overlay_address_append(NULL, buff, subscriber))
|
|
return -1;
|
|
if (ob_append_ui32(buff, subscriber->destination->address.sin_addr.s_addr))
|
|
return -1;
|
|
if (ob_append_ui16(buff, subscriber->destination->address.sin_port))
|
|
return -1;
|
|
ob_checkpoint(buff);
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Added STUN info for %s", alloca_tohex_sid_t(subscriber->sid));
|
|
}else{
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Unable to give address of %s, %d", alloca_tohex_sid_t(subscriber->sid),subscriber->reachable);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int overlay_mdp_service_stun_req(overlay_mdp_frame *mdp)
|
|
{
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Processing STUN request from %s", alloca_tohex_sid_t(mdp->out.src.sid));
|
|
|
|
struct overlay_buffer *payload = ob_static(mdp->out.payload, mdp->out.payload_length);
|
|
ob_limitsize(payload, mdp->out.payload_length);
|
|
|
|
overlay_mdp_frame reply;
|
|
bzero(&reply, sizeof(reply));
|
|
reply.packetTypeAndFlags=MDP_TX;
|
|
|
|
reply.out.dst.sid = mdp->out.src.sid;
|
|
reply.out.src.sid = mdp->out.dst.sid;
|
|
reply.out.src.port=MDP_PORT_STUNREQ;
|
|
reply.out.dst.port=MDP_PORT_STUN;
|
|
reply.out.queue=OQ_MESH_MANAGEMENT;
|
|
|
|
struct overlay_buffer *replypayload = ob_static(reply.out.payload, sizeof(reply.out.payload));
|
|
|
|
ob_checkpoint(replypayload);
|
|
while(ob_remaining(payload)>0){
|
|
struct subscriber *subscriber=NULL;
|
|
|
|
if (overlay_address_parse(NULL, payload, &subscriber))
|
|
break;
|
|
|
|
if (!subscriber){
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Unknown subscriber");
|
|
continue;
|
|
}
|
|
|
|
if (overlay_append_unicast_address(subscriber, replypayload))
|
|
break;
|
|
}
|
|
|
|
ob_rewind(replypayload);
|
|
reply.out.payload_length=ob_position(replypayload);
|
|
|
|
if (reply.out.payload_length){
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Sending reply");
|
|
overlay_mdp_dispatch(&reply,0 /* system generated */, NULL,0);
|
|
}
|
|
ob_free(replypayload);
|
|
ob_free(payload);
|
|
return 0;
|
|
}
|
|
|
|
int overlay_mdp_service_stun(overlay_mdp_frame *mdp)
|
|
{
|
|
struct overlay_buffer *buff = ob_static(mdp->out.payload, mdp->out.payload_length);
|
|
ob_limitsize(buff, mdp->out.payload_length);
|
|
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Processing STUN info from %s", alloca_tohex_sid_t(mdp->out.src.sid));
|
|
|
|
while(ob_remaining(buff)>0){
|
|
struct subscriber *subscriber=NULL;
|
|
struct sockaddr_in addr;
|
|
|
|
// TODO explain addresses, link expiry time, resolve differences between addresses...
|
|
|
|
if (overlay_address_parse(NULL, buff, &subscriber)){
|
|
break;
|
|
}
|
|
|
|
addr.sin_family = AF_INET;
|
|
addr.sin_addr.s_addr = ob_get_ui32(buff);
|
|
addr.sin_port = ob_get_ui16(buff);
|
|
|
|
if (!subscriber || (subscriber->reachable!=REACHABLE_NONE))
|
|
continue;
|
|
|
|
struct network_destination *destination = create_unicast_destination(addr, NULL);
|
|
if (destination){
|
|
overlay_send_probe(subscriber, destination, OQ_MESH_MANAGEMENT);
|
|
release_destination_ref(destination);
|
|
}
|
|
}
|
|
|
|
ob_free(buff);
|
|
return 0;
|
|
}
|
|
|
|
int overlay_send_stun_request(struct subscriber *server, struct subscriber *request){
|
|
if ((!server) || (!request))
|
|
return -1;
|
|
if (!(server->reachable&REACHABLE))
|
|
return -1;
|
|
// don't bother with a stun request if the peer is already reachable directly
|
|
if (request->reachable&REACHABLE_DIRECT)
|
|
return -1;
|
|
|
|
time_ms_t now = gettime_ms();
|
|
if (request->last_stun_request +1000 > now)
|
|
return -1;
|
|
|
|
request->last_stun_request=now;
|
|
|
|
overlay_mdp_frame mdp;
|
|
bzero(&mdp, sizeof(mdp));
|
|
mdp.packetTypeAndFlags=MDP_TX;
|
|
|
|
mdp.out.src.sid = my_subscriber->sid;
|
|
mdp.out.dst.sid = server->sid;
|
|
mdp.out.src.port=MDP_PORT_STUN;
|
|
mdp.out.dst.port=MDP_PORT_STUNREQ;
|
|
mdp.out.queue=OQ_MESH_MANAGEMENT;
|
|
|
|
struct overlay_buffer *payload = ob_static(mdp.out.payload, sizeof(mdp.out.payload));
|
|
overlay_address_append(NULL, payload, request);
|
|
mdp.out.payload_length=ob_position(payload);
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Sending STUN request to %s", alloca_tohex_sid_t(server->sid));
|
|
overlay_mdp_dispatch(&mdp,0 /* system generated */,
|
|
NULL,0);
|
|
ob_free(payload);
|
|
return 0;
|
|
}
|