e->to->via = indirect ? n->via : e->to;
e->to->options = e->options;
- if(sockaddrcmp(&e->to->address, &e->address)) {
- node = avl_unlink(node_udp_tree, e->to);
- sockaddrfree(&e->to->address);
- sockaddrcpy(&e->to->address, &e->address);
-
- if(e->to->hostname)
- free(e->to->hostname);
-
- e->to->hostname = sockaddr2hostname(&e->to->address);
- avl_insert_node(node_udp_tree, node);
-
- if(e->to->options & OPTION_PMTU_DISCOVERY) {
- e->to->mtuprobes = 0;
- e->to->minmtu = 0;
- e->to->maxmtu = MTU;
- if(e->to->status.validkey)
- send_mtu_probe(e->to);
- }
- }
+ if(sockaddrcmp(&e->to->address, &e->address))
+ update_node_address(e->to, &e->address);
node = avl_alloc_node();
node->data = e->to;
int keylifetime = 0;
int keyexpires = 0;
+bool strictsource = true;
EVP_CIPHER_CTX packet_ctx;
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
route(n, packet);
}
+static bool authenticate_udppacket(node_t *n, vpn_packet_t *inpkt) {
+ char hmac[EVP_MAX_MD_SIZE];
+
+ if(inpkt->len < sizeof(inpkt->seqno) + (myself->digest ? myself->maclength : 0))
+ return false;
+
+ /* Check the message authentication code */
+
+ if(myself->digest && myself->maclength) {
+ HMAC(myself->digest, myself->key, myself->keylength,
+ (char *) &inpkt->seqno, inpkt->len - myself->maclength, hmac, NULL);
+
+ if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - myself->maclength, myself->maclength))
+ return false;
+ }
+
+ return true;
+}
+
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
{
vpn_packet_t pkt1, pkt2;
int nextpkt = 0;
vpn_packet_t *outpkt = pkt[0];
int outlen, outpad;
- char hmac[EVP_MAX_MD_SIZE];
int i;
cp();
- /* Check packet length */
-
- if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) {
- ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"),
- n->name, n->hostname);
+ if(!authenticate_udppacket(n, inpkt)) {
+ ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
+ n->name, n->hostname);
return;
}
- /* Check the message authentication code */
-
- if(myself->digest && myself->maclength) {
- inpkt->len -= myself->maclength;
- HMAC(myself->digest, myself->key, myself->keylength,
- (char *) &inpkt->seqno, inpkt->len, hmac, NULL);
-
- if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) {
- ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
- n->name, n->hostname);
- return;
- }
- }
+ inpkt->len -= myself->digest ? myself->maclength : 0;
/* Decrypt the packet */
sockaddr_t from;
socklen_t fromlen = sizeof(from);
node_t *n;
+ static time_t lasttime = 0;
cp();
n = lookup_node_udp(&from);
+ if(!n && !strictsource && myself->digest && myself->maclength && lasttime != now) {
+ avl_node_t *node;
+
+ lasttime = now;
+
+ for(node = node_tree->head; node; node = node->next) {
+ n = node->data;
+
+ if(authenticate_udppacket(n, &pkt)) {
+ update_node_address(n, &from);
+ logger(LOG_DEBUG, _("Updated address of node %s to %s"), n->name, n->hostname);
+ break;
+ }
+ }
+ }
+
if(!n) {
hostname = sockaddr2hostname(&from);
- logger(LOG_WARNING, _("Received UDP packet from unknown source %s"),
- hostname);
+ logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname);
free(hostname);
return;
}
avl_delete(node_udp_tree, n);
}
+void update_node_address(node_t *n, const sockaddr_t address) {
+ avl_node_t *node;
+
+ node = avl_unlink(node_udp_tree, n);
+ sockaddrfree(&n->address);
+ sockaddrcpy(&n->address, &address);
+
+ if(n->hostname)
+ free(n->hostname);
+
+ n->hostname = sockaddr2hostname(&n->address);
+ avl_insert_node(node_udp_tree, node);
+
+ if(n->options & OPTION_PMTU_DISCOVERY) {
+ n->mtuprobes = 0;
+ n->minmtu = 0;
+ n->maxmtu = MTU;
+ if(n->status.validkey)
+ send_mtu_probe(n);
+ }
+}
+
node_t *lookup_node(char *name)
{
node_t n = {0};
projects / oweals / tinc.git / commitdiff