mirror of
https://github.com/servalproject/serval-dna.git
synced 2025-01-27 14:49:37 +00:00
491 lines
15 KiB
C
491 lines
15 KiB
C
#include "serval.h"
|
|
#include "conf.h"
|
|
#include "str.h"
|
|
#include "overlay_address.h"
|
|
#include "overlay_buffer.h"
|
|
#include "overlay_packet.h"
|
|
|
|
#define MIN_BURST_LENGTH 5000
|
|
|
|
struct probe_contents{
|
|
struct sockaddr_in addr;
|
|
unsigned char interface;
|
|
};
|
|
|
|
static void update_limit_state(struct limit_state *state, time_ms_t now){
|
|
if (state->next_interval > now || state->burst_size==0){
|
|
return;
|
|
}
|
|
|
|
if (state->next_interval + state->burst_length>now)
|
|
state->next_interval+=state->burst_length;
|
|
else
|
|
state->next_interval=now + state->burst_length;
|
|
|
|
state->sent = 0;
|
|
}
|
|
|
|
/* When should we next allow this thing to occur? */
|
|
time_ms_t limit_next_allowed(struct limit_state *state){
|
|
time_ms_t now = gettime_ms();
|
|
update_limit_state(state, now);
|
|
|
|
if (state->sent < state->burst_size)
|
|
return now;
|
|
return state->next_interval;
|
|
}
|
|
|
|
/* Can we do this now? if so, track it */
|
|
int limit_is_allowed(struct limit_state *state){
|
|
time_ms_t now = gettime_ms();
|
|
update_limit_state(state, now);
|
|
if (state->sent >= state->burst_size){
|
|
return -1;
|
|
}
|
|
state->sent ++;
|
|
return 0;
|
|
}
|
|
|
|
/* Initialise burst size and length based on the number we can do in one MIN_BURST */
|
|
int limit_init(struct limit_state *state, int rate_micro_seconds){
|
|
if (rate_micro_seconds==0){
|
|
state->burst_size=0;
|
|
}else{
|
|
state->burst_size = (MIN_BURST_LENGTH / rate_micro_seconds)+1;
|
|
state->burst_length = (state->burst_size * rate_micro_seconds) / 1000.0;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
// quick test to make sure the specified route is valid.
|
|
int subscriber_is_reachable(struct subscriber *subscriber){
|
|
if (!subscriber)
|
|
return REACHABLE_NONE;
|
|
|
|
int ret = subscriber->reachable;
|
|
|
|
if (ret==REACHABLE_INDIRECT){
|
|
if (!subscriber->next_hop)
|
|
ret = REACHABLE_NONE;
|
|
|
|
// avoid infinite recursion...
|
|
else if (!(subscriber->next_hop->reachable & REACHABLE_DIRECT))
|
|
ret = REACHABLE_NONE;
|
|
else{
|
|
int r = subscriber_is_reachable(subscriber->next_hop);
|
|
if (r&REACHABLE_ASSUMED)
|
|
ret = REACHABLE_NONE;
|
|
else if (!(r & REACHABLE_DIRECT))
|
|
ret = REACHABLE_NONE;
|
|
}
|
|
}
|
|
|
|
if (ret & REACHABLE_DIRECT){
|
|
// make sure the interface is still up
|
|
if (!subscriber->interface)
|
|
ret=REACHABLE_NONE;
|
|
else if (subscriber->interface->state!=INTERFACE_STATE_UP)
|
|
ret=REACHABLE_NONE;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
int set_reachable(struct subscriber *subscriber, int reachable){
|
|
if (subscriber->reachable==reachable)
|
|
return 0;
|
|
int old_value = subscriber->reachable;
|
|
subscriber->reachable=reachable;
|
|
|
|
// These log messages are for use in tests. Changing them may break test scripts.
|
|
if (config.debug.overlayrouting) {
|
|
switch (reachable) {
|
|
case REACHABLE_NONE:
|
|
DEBUGF("NOT REACHABLE sid=%s", alloca_tohex_sid(subscriber->sid));
|
|
break;
|
|
case REACHABLE_SELF:
|
|
break;
|
|
case REACHABLE_INDIRECT:
|
|
DEBUGF("REACHABLE INDIRECTLY sid=%s", alloca_tohex_sid(subscriber->sid));
|
|
DEBUGF("(via %s, %d)",subscriber->next_hop?alloca_tohex_sid(subscriber->next_hop->sid):"NOONE!"
|
|
,subscriber->next_hop?subscriber->next_hop->reachable:0);
|
|
break;
|
|
case REACHABLE_UNICAST:
|
|
DEBUGF("REACHABLE VIA UNICAST sid=%s", alloca_tohex_sid(subscriber->sid));
|
|
break;
|
|
case REACHABLE_BROADCAST:
|
|
DEBUGF("REACHABLE VIA BROADCAST sid=%s", alloca_tohex_sid(subscriber->sid));
|
|
break;
|
|
case REACHABLE_UNICAST|REACHABLE_ASSUMED:
|
|
DEBUGF("ASSUMED REACHABLE VIA UNICAST sid=%s", alloca_tohex_sid(subscriber->sid));
|
|
break;
|
|
case REACHABLE_BROADCAST|REACHABLE_ASSUMED:
|
|
DEBUGF("ASSUMED REACHABLE VIA BROADCAST sid=%s", alloca_tohex_sid(subscriber->sid));
|
|
break;
|
|
}
|
|
}
|
|
|
|
/* Pre-emptively send a sas request */
|
|
if (!subscriber->sas_valid && reachable&REACHABLE)
|
|
keyring_send_sas_request(subscriber);
|
|
|
|
// Hacky layering violation... send our identity to a directory service
|
|
if (subscriber==directory_service)
|
|
directory_registration();
|
|
|
|
if ((old_value & REACHABLE) && (!(reachable & REACHABLE)))
|
|
monitor_announce_unreachable_peer(subscriber->sid);
|
|
if ((!(old_value & REACHABLE)) && (reachable & REACHABLE))
|
|
monitor_announce_peer(subscriber->sid);
|
|
|
|
return 0;
|
|
}
|
|
|
|
// mark the subscriber as reachable via reply unicast packet
|
|
int reachable_unicast(struct subscriber *subscriber, overlay_interface *interface, struct in_addr addr, int port){
|
|
if (subscriber->reachable&REACHABLE)
|
|
return -1;
|
|
|
|
if (subscriber->node)
|
|
return -1;
|
|
|
|
subscriber->interface = interface;
|
|
subscriber->address.sin_family = AF_INET;
|
|
subscriber->address.sin_addr = addr;
|
|
subscriber->address.sin_port = htons(port);
|
|
set_reachable(subscriber, REACHABLE_UNICAST);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int resolve_name(const char *name, struct in_addr *addr){
|
|
// TODO this can block, move to worker thread.
|
|
IN();
|
|
int ret=0;
|
|
struct addrinfo hint={
|
|
.ai_family=AF_INET,
|
|
};
|
|
struct addrinfo *addresses=NULL;
|
|
if (getaddrinfo(name, NULL, &hint, &addresses))
|
|
RETURN(WHYF("Failed to resolve %s",name));
|
|
|
|
if (addresses->ai_addr->sa_family==AF_INET){
|
|
*addr = ((struct sockaddr_in *)addresses->ai_addr)->sin_addr;
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Resolved %s into %s", name, inet_ntoa(*addr));
|
|
|
|
}else
|
|
ret=WHY("Ignoring non IPv4 address");
|
|
|
|
freeaddrinfo(addresses);
|
|
RETURN(ret);
|
|
OUT();
|
|
}
|
|
|
|
// load a unicast address from configuration
|
|
int load_subscriber_address(struct subscriber *subscriber)
|
|
{
|
|
if (subscriber_is_reachable(subscriber)&REACHABLE)
|
|
return 0;
|
|
int i = config_host_list__get(&config.hosts, (const sid_t*)subscriber->sid);
|
|
// No unicast configuration? just return.
|
|
if (i == -1)
|
|
return 1;
|
|
const struct config_host *hostc = &config.hosts.av[i].value;
|
|
overlay_interface *interface = NULL;
|
|
if (*hostc->interface){
|
|
interface = overlay_interface_find_name(hostc->interface);
|
|
if (!interface)
|
|
return WHY("Can't fund configured interface");
|
|
}
|
|
struct sockaddr_in addr;
|
|
bzero(&addr, sizeof(addr));
|
|
addr.sin_family = AF_INET;
|
|
addr.sin_addr = hostc->address;
|
|
addr.sin_port = htons(hostc->port);
|
|
if (addr.sin_addr.s_addr==INADDR_NONE){
|
|
if (interface || overlay_interface_get_default()){
|
|
if (resolve_name(hostc->host, &addr.sin_addr))
|
|
return -1;
|
|
}else{
|
|
// interface isnt up yet
|
|
return 1;
|
|
}
|
|
}
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Loaded address %s:%d for %s", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port), alloca_tohex_sid(subscriber->sid));
|
|
return overlay_send_probe(subscriber, addr, interface, OQ_MESH_MANAGEMENT);
|
|
}
|
|
|
|
/* Collection of unicast echo responses to detect working links */
|
|
int
|
|
overlay_mdp_service_probe(overlay_mdp_frame *mdp)
|
|
{
|
|
IN();
|
|
if (mdp->out.src.port!=MDP_PORT_ECHO || mdp->out.payload_length != sizeof(struct probe_contents)){
|
|
WARN("Probe packets should be returned from remote echo port");
|
|
RETURN(-1);
|
|
}
|
|
|
|
struct subscriber *peer = find_subscriber(mdp->out.src.sid, SID_SIZE, 0);
|
|
if (peer->reachable == REACHABLE_SELF)
|
|
RETURN(0);
|
|
|
|
struct probe_contents probe;
|
|
bcopy(&mdp->out.payload, &probe, sizeof(struct probe_contents));
|
|
if (probe.addr.sin_family!=AF_INET)
|
|
RETURN(WHY("Unsupported address family"));
|
|
|
|
struct overlay_interface *interface = &overlay_interfaces[probe.interface];
|
|
// if a peer is already reachable, and this probe would change the interface, ignore it
|
|
// TODO track unicast links better in route_link.c
|
|
if (peer->reachable & REACHABLE_INDIRECT)
|
|
RETURN(0);
|
|
if (peer->reachable & REACHABLE_DIRECT && peer->interface && peer->interface != interface)
|
|
RETURN(0);
|
|
|
|
peer->last_probe_response = gettime_ms();
|
|
peer->interface = &overlay_interfaces[probe.interface];
|
|
peer->address.sin_family = AF_INET;
|
|
peer->address.sin_addr = probe.addr.sin_addr;
|
|
peer->address.sin_port = probe.addr.sin_port;
|
|
set_reachable(peer, REACHABLE_UNICAST | (peer->reachable & REACHABLE_DIRECT));
|
|
RETURN(0);
|
|
OUT();
|
|
}
|
|
|
|
int overlay_send_probe(struct subscriber *peer, struct sockaddr_in addr, overlay_interface *interface, int queue){
|
|
if (interface==NULL)
|
|
interface = overlay_interface_find(addr.sin_addr, 1);
|
|
|
|
if (!interface)
|
|
return WHY("I don't know which interface to use");
|
|
|
|
if (interface->state!=INTERFACE_STATE_UP)
|
|
return WHY("I can't send a probe if the interface is down.");
|
|
|
|
// don't send a unicast probe unless its on the same interface that is already known to be reachable
|
|
if (peer && peer->reachable & REACHABLE_INDIRECT)
|
|
return -1;
|
|
if (peer && (peer->reachable & REACHABLE_DIRECT) && peer->interface && peer->interface != interface)
|
|
return -1;
|
|
|
|
if (addr.sin_addr.s_addr==0) {
|
|
if (config.debug.overlayinterfaces)
|
|
DEBUG("I can't send a probe to address 0.0.0.0");
|
|
return -1;
|
|
}
|
|
if (addr.sin_port==0) {
|
|
if (config.debug.overlayinterfaces)
|
|
DEBUG("I can't send a probe to port 0");
|
|
return -1;
|
|
}
|
|
|
|
// never send unicast probes over a stream interface
|
|
if (interface->socket_type==SOCK_STREAM)
|
|
return 0;
|
|
|
|
time_ms_t now = gettime_ms();
|
|
|
|
if (peer && peer->last_probe+1000>now)
|
|
return -1;
|
|
|
|
struct overlay_frame *frame=malloc(sizeof(struct overlay_frame));
|
|
bzero(frame,sizeof(struct overlay_frame));
|
|
frame->type=OF_TYPE_DATA;
|
|
frame->source = my_subscriber;
|
|
frame->next_hop = frame->destination = peer;
|
|
frame->ttl=1;
|
|
frame->queue=queue;
|
|
frame->destination_resolved=1;
|
|
frame->recvaddr=addr;
|
|
frame->unicast=1;
|
|
frame->interface=interface;
|
|
frame->payload = ob_new();
|
|
frame->source_full = 1;
|
|
// TODO call mdp payload encryption / signing without calling overlay_mdp_dispatch...
|
|
|
|
if (peer)
|
|
peer->last_probe=gettime_ms();
|
|
|
|
if (overlay_mdp_encode_ports(frame->payload, MDP_PORT_ECHO, MDP_PORT_PROBE)){
|
|
op_free(frame);
|
|
return -1;
|
|
}
|
|
// not worried about byte order here as we are the only node that should be parsing the contents.
|
|
unsigned char *dst=ob_append_space(frame->payload, sizeof(struct probe_contents));
|
|
if (!dst){
|
|
op_free(frame);
|
|
return -1;
|
|
}
|
|
struct probe_contents probe;
|
|
probe.addr=addr;
|
|
// get interface number
|
|
probe.interface = interface - overlay_interfaces;
|
|
bcopy(&probe, dst, sizeof(struct probe_contents));
|
|
if (overlay_payload_enqueue(frame)){
|
|
op_free(frame);
|
|
return -1;
|
|
}
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Queued probe packet on interface %s to %s:%d for %s",
|
|
interface->name, inet_ntoa(addr.sin_addr), ntohs(addr.sin_port), peer?alloca_tohex_sid(peer->sid):"ANY");
|
|
return 0;
|
|
}
|
|
|
|
// append the address of a unicast link into a packet buffer
|
|
static int overlay_append_unicast_address(struct subscriber *subscriber, struct overlay_buffer *buff)
|
|
{
|
|
if (subscriber->reachable & REACHABLE_ASSUMED || !(subscriber->reachable & REACHABLE_UNICAST)){
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Unable to give address of %s, %d", alloca_tohex_sid(subscriber->sid),subscriber->reachable);
|
|
return 0;
|
|
}
|
|
|
|
if (overlay_address_append(NULL, buff, subscriber))
|
|
return -1;
|
|
if (ob_append_ui32(buff, subscriber->address.sin_addr.s_addr))
|
|
return -1;
|
|
if (ob_append_ui16(buff, subscriber->address.sin_port))
|
|
return -1;
|
|
ob_checkpoint(buff);
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Added STUN info for %s", alloca_tohex_sid(subscriber->sid));
|
|
return 0;
|
|
}
|
|
|
|
// append the address of all neighbour unicast links into a packet buffer
|
|
/*
|
|
static int overlay_append_local_unicasts(struct subscriber *subscriber, void *context)
|
|
{
|
|
struct overlay_buffer *buff = context;
|
|
if ((!subscriber->interface) ||
|
|
(!(subscriber->reachable & REACHABLE_UNICAST)) ||
|
|
(subscriber->reachable & REACHABLE_ASSUMED))
|
|
return 0;
|
|
if ((subscriber->address.sin_addr.s_addr & subscriber->interface->netmask.s_addr) !=
|
|
(subscriber->interface->address.sin_addr.s_addr & subscriber->interface->netmask.s_addr))
|
|
return 0;
|
|
return overlay_append_unicast_address(subscriber, buff);
|
|
}
|
|
*/
|
|
|
|
int overlay_mdp_service_stun_req(overlay_mdp_frame *mdp)
|
|
{
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Processing STUN request from %s", alloca_tohex_sid(mdp->out.src.sid));
|
|
|
|
struct overlay_buffer *payload = ob_static(mdp->out.payload, mdp->out.payload_length);
|
|
ob_limitsize(payload, mdp->out.payload_length);
|
|
|
|
overlay_mdp_frame reply;
|
|
bzero(&reply, sizeof(reply));
|
|
reply.packetTypeAndFlags=MDP_TX;
|
|
|
|
bcopy(mdp->out.src.sid, reply.out.dst.sid, SID_SIZE);
|
|
bcopy(mdp->out.dst.sid, reply.out.src.sid, SID_SIZE);
|
|
reply.out.src.port=MDP_PORT_STUNREQ;
|
|
reply.out.dst.port=MDP_PORT_STUN;
|
|
reply.out.queue=OQ_MESH_MANAGEMENT;
|
|
|
|
struct overlay_buffer *replypayload = ob_static(reply.out.payload, sizeof(reply.out.payload));
|
|
|
|
ob_checkpoint(replypayload);
|
|
while(ob_remaining(payload)>0){
|
|
struct subscriber *subscriber=NULL;
|
|
|
|
if (overlay_address_parse(NULL, payload, &subscriber))
|
|
break;
|
|
|
|
if (!subscriber){
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Unknown subscriber");
|
|
continue;
|
|
}
|
|
|
|
if (overlay_append_unicast_address(subscriber, replypayload))
|
|
break;
|
|
}
|
|
|
|
ob_rewind(replypayload);
|
|
reply.out.payload_length=ob_position(replypayload);
|
|
|
|
if (reply.out.payload_length){
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Sending reply");
|
|
overlay_mdp_dispatch(&reply,0 /* system generated */, NULL,0);
|
|
}
|
|
ob_free(replypayload);
|
|
ob_free(payload);
|
|
return 0;
|
|
}
|
|
|
|
int overlay_mdp_service_stun(overlay_mdp_frame *mdp)
|
|
{
|
|
struct overlay_buffer *buff = ob_static(mdp->out.payload, mdp->out.payload_length);
|
|
ob_limitsize(buff, mdp->out.payload_length);
|
|
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Processing STUN info from %s", alloca_tohex_sid(mdp->out.src.sid));
|
|
|
|
while(ob_remaining(buff)>0){
|
|
struct subscriber *subscriber=NULL;
|
|
struct sockaddr_in addr;
|
|
|
|
// TODO explain addresses, link expiry time, resolve differences between addresses...
|
|
|
|
if (overlay_address_parse(NULL, buff, &subscriber)){
|
|
break;
|
|
}
|
|
|
|
addr.sin_family = AF_INET;
|
|
addr.sin_addr.s_addr = ob_get_ui32(buff);
|
|
addr.sin_port = ob_get_ui16(buff);
|
|
|
|
if (!subscriber || (subscriber->reachable!=REACHABLE_NONE))
|
|
continue;
|
|
|
|
overlay_send_probe(subscriber, addr, NULL, OQ_MESH_MANAGEMENT);
|
|
}
|
|
|
|
ob_free(buff);
|
|
return 0;
|
|
}
|
|
|
|
int overlay_send_stun_request(struct subscriber *server, struct subscriber *request){
|
|
if ((!server) || (!request))
|
|
return -1;
|
|
if (!(subscriber_is_reachable(server)&REACHABLE))
|
|
return -1;
|
|
// don't bother with a stun request if the peer is already reachable directly
|
|
// TODO link timeouts
|
|
if (subscriber_is_reachable(request)&REACHABLE_DIRECT)
|
|
return -1;
|
|
|
|
time_ms_t now = gettime_ms();
|
|
if (request->last_stun_request +1000 > now)
|
|
return -1;
|
|
|
|
request->last_stun_request=now;
|
|
|
|
overlay_mdp_frame mdp;
|
|
bzero(&mdp, sizeof(mdp));
|
|
mdp.packetTypeAndFlags=MDP_TX;
|
|
|
|
bcopy(my_subscriber->sid, mdp.out.src.sid, SID_SIZE);
|
|
bcopy(server->sid, mdp.out.dst.sid, SID_SIZE);
|
|
mdp.out.src.port=MDP_PORT_STUN;
|
|
mdp.out.dst.port=MDP_PORT_STUNREQ;
|
|
mdp.out.queue=OQ_MESH_MANAGEMENT;
|
|
|
|
struct overlay_buffer *payload = ob_static(mdp.out.payload, sizeof(mdp.out.payload));
|
|
overlay_address_append(NULL, payload, request);
|
|
mdp.out.payload_length=ob_position(payload);
|
|
if (config.debug.overlayrouting)
|
|
DEBUGF("Sending STUN request to %s", alloca_tohex_sid(server->sid));
|
|
overlay_mdp_dispatch(&mdp,0 /* system generated */,
|
|
NULL,0);
|
|
ob_free(payload);
|
|
return 0;
|
|
}
|