Change vpn_packet_t::seqno from uint32_t to uint8_t[4].

This is to make sure on-wire vpn_packet_t fields are always 1-byte
aligned, otherwise padding could get in the way.
This commit is contained in:
Etienne Dechamps 2014-09-27 13:34:56 +01:00
parent 55a78da4e0
commit 092d620dbb
2 changed files with 21 additions and 18 deletions

View file

@ -87,7 +87,7 @@ typedef union sockaddr_t {
typedef struct vpn_packet_t { typedef struct vpn_packet_t {
length_t len; /* the actual number of bytes in the `data' field */ length_t len; /* the actual number of bytes in the `data' field */
int priority; /* priority or TOS */ int priority; /* priority or TOS */
uint32_t seqno; /* 32 bits sequence number (network byte order of course) */ uint8_t seqno[4]; /* 32 bits sequence number (network byte order of course) */
uint8_t data[MAXSIZE]; uint8_t data[MAXSIZE];
} vpn_packet_t; } vpn_packet_t;

View file

@ -416,37 +416,39 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
/* Check the sequence number */ /* Check the sequence number */
inpkt->len -= sizeof inpkt->seqno; inpkt->len -= sizeof inpkt->seqno;
inpkt->seqno = ntohl(inpkt->seqno); uint32_t seqno;
memcpy(&seqno, inpkt->seqno, sizeof seqno);
seqno = ntohl(seqno);
if(replaywin) { if(replaywin) {
if(inpkt->seqno != n->received_seqno + 1) { if(seqno != n->received_seqno + 1) {
if(inpkt->seqno >= n->received_seqno + replaywin * 8) { if(seqno >= n->received_seqno + replaywin * 8) {
if(n->farfuture++ < replaywin >> 2) { if(n->farfuture++ < replaywin >> 2) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)", logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture); n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture);
return; return;
} }
logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)", logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
inpkt->seqno - n->received_seqno - 1, n->name, n->hostname); seqno - n->received_seqno - 1, n->name, n->hostname);
memset(n->late, 0, replaywin); memset(n->late, 0, replaywin);
} else if (inpkt->seqno <= n->received_seqno) { } else if (seqno <= n->received_seqno) {
if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) { if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d", logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
n->name, n->hostname, inpkt->seqno, n->received_seqno); n->name, n->hostname, seqno, n->received_seqno);
return; return;
} }
} else { } else {
for(int i = n->received_seqno + 1; i < inpkt->seqno; i++) for(int i = n->received_seqno + 1; i < seqno; i++)
n->late[(i / 8) % replaywin] |= 1 << i % 8; n->late[(i / 8) % replaywin] |= 1 << i % 8;
} }
} }
n->farfuture = 0; n->farfuture = 0;
n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8); n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8);
} }
if(inpkt->seqno > n->received_seqno) if(seqno > n->received_seqno)
n->received_seqno = inpkt->seqno; n->received_seqno = seqno;
n->received++; n->received++;
@ -685,7 +687,8 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
/* Add sequence number */ /* Add sequence number */
inpkt->seqno = htonl(++(n->sent_seqno)); uint32_t seqno = htonl(++(n->sent_seqno));
memcpy(inpkt->seqno, &seqno, sizeof inpkt->seqno);
inpkt->len += sizeof inpkt->seqno; inpkt->len += sizeof inpkt->seqno;
/* Encrypt the packet */ /* Encrypt the packet */
@ -694,7 +697,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
outpkt = pkt[nextpkt++]; outpkt = pkt[nextpkt++];
outlen = MAXSIZE; outlen = MAXSIZE;
if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) { if(!cipher_encrypt(n->outcipher, inpkt->seqno, inpkt->len, outpkt->seqno, &outlen, true)) {
logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname); logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
goto end; goto end;
} }
@ -706,7 +709,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
/* Add the message authentication code */ /* Add the message authentication code */
if(digest_active(n->outdigest)) { if(digest_active(n->outdigest)) {
if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) { if(!digest_create(n->outdigest, inpkt->seqno, inpkt->len, inpkt->seqno + inpkt->len)) {
logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname); logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
goto end; goto end;
} }
@ -734,7 +737,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
} }
#endif #endif
if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) { if(sendto(listen_socket[sock].udp.fd, inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
if(sockmsgsize(sockerrno)) { if(sockmsgsize(sockerrno)) {
if(n->maxmtu >= origlen) if(n->maxmtu >= origlen)
n->maxmtu = origlen - 1; n->maxmtu = origlen - 1;
@ -995,7 +998,7 @@ void handle_incoming_vpn_data(void *data, int flags) {
node_t *n; node_t *n;
int len; int len;
len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); len = recvfrom(ls->udp.fd, pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
if(len <= 0 || len > MAXSIZE) { if(len <= 0 || len > MAXSIZE) {
if(!sockwouldblock(sockerrno)) if(!sockwouldblock(sockerrno))