SLPD rewrite for IPv6 - IPv4 has been dropped

After first tests it came out, that RoadWarriors with multiple
active Interfaces hat problems with receiving on/ and sending SLPD
packets to specific interfaces.

Here the solution:
- Define SLPDInterface in your tinc.conf (multiple definitions are allowed)
  On those interfaces tincd will send and receive SLPD packetes
- You have to have IPv6 support on - link-local addresses configured
- tincd must listen on IPv6 on your SLPDInterfaces
- Define SLPDGroup to something like ff02::42:1
- Define SLPDPort for your group
- Define SLPDInterval to some sane number of seconds (0 is default,
meaning SLPD is disabled, 30 seconds should be enough for average
users)

SLPDGroup and SLPDPort should be unique for your network.

Fingerprinting, message signing is yet to be implemented.
Discovered address should also expire periodically.
This commit is contained in:
thorkill 2016-05-16 20:11:08 +02:00
parent 057ccb8da6
commit 43ed440176
5 changed files with 119 additions and 61 deletions

View file

@ -25,7 +25,7 @@
#include "splay_tree.h" #include "splay_tree.h"
#include "subnet.h" #include "subnet.h"
#define DEFAULT_SLPD_GROUP "224.0.42.23" #define DEFAULT_SLPD_GROUP "ff02::42:1"
#define DEFAULT_SLPD_PORT "1655" #define DEFAULT_SLPD_PORT "1655"
typedef struct config_t { typedef struct config_t {

View file

@ -217,10 +217,10 @@ extern bool read_ecdsa_public_key(struct connection_t *);
extern bool read_rsa_public_key(struct connection_t *); extern bool read_rsa_public_key(struct connection_t *);
extern void handle_device_data(void *, int); extern void handle_device_data(void *, int);
extern void handle_meta_connection_data(struct connection_t *); extern void handle_meta_connection_data(struct connection_t *);
extern void send_slpd_broadcast(void); extern void send_slpd_broadcast(char *);
extern void regenerate_key(void); extern void regenerate_key(void);
extern void update_edge_weight(void); extern void update_edge_weight(void);
extern int setup_slpd_in_socket(void); extern int setup_slpd_in_socket();
extern void purge(void); extern void purge(void);
extern void retry(void); extern void retry(void);
extern int reload_configuration(void); extern int reload_configuration(void);

View file

@ -1515,20 +1515,23 @@ skip_harder:
send_mtu_info(myself, n, MTU); send_mtu_info(myself, n, MTU);
} }
static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, sockaddr_t *addr) { static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, struct sockaddr_in6 *addr) {
int mav, miv, port; int mav, miv, port;
char nodename[MAXSIZE], fng[MAXSIZE]; char nodename[MAXSIZE], fng[MAXSIZE];
char addrstr[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, &addr->sin6_addr, addrstr, sizeof(addrstr));
int i = sscanf(pkt, "sLPD %d %d %s %d %s", &mav, &miv, &nodename[0], &port, &fng[0]); int i = sscanf(pkt, "sLPD %d %d %s %d %s", &mav, &miv, &nodename[0], &port, &fng[0]);
if (i != 5) { if (i != 5) {
logger(DEBUG_ALWAYS, LOG_ERR, "cant not parse packet... %d",i); logger(DEBUG_ALWAYS, LOG_ERR, "cant not parse packet... %d from %s", i, addrstr);
return; return;
} }
if (mav == 0 && miv == 1) { if (mav == 0 && miv == 1) {
logger(DEBUG_TRAFFIC, LOG_ERR, "Got SLPD packet node:%s port:%d %d.%d <%s> from %s", nodename, port, mav, miv, fng, inet_ntoa(addr->in.sin_addr)); logger(DEBUG_TRAFFIC, LOG_ERR, "Got SLPD packet node:%s port:%d %d.%d <%s> from %s", nodename, port, mav, miv, fng, addrstr);
node_t *n = lookup_node(nodename); node_t *n = lookup_node(nodename);
if (!n) { if (!n) {
@ -1543,14 +1546,19 @@ static void handle_incoming_slpd_packet(listen_socket_t *ls, void *pkt, sockaddr
config_t *cfg = NULL; config_t *cfg = NULL;
if (!n->slpd_address) { if (!n->slpd_address) {
char iface_name[255];
char fullhost[255];
if_indextoname(addr->sin6_scope_id, &iface_name);
cfg = new_config(); cfg = new_config();
cfg->variable = xstrdup("Address"); cfg->variable = xstrdup("Address");
cfg->value = xstrdup(inet_ntoa(addr->in.sin_addr)); snprintf(&fullhost, 254, "%s%%%s", addrstr, iface_name);
cfg->value = xstrdup(fullhost);
cfg->file = NULL; cfg->file = NULL;
cfg->line = -1; cfg->line = -1;
logger(DEBUG_ALWAYS, LOG_ERR, "Discovered %s on %s", nodename, inet_ntoa(addr->in.sin_addr)); logger(DEBUG_ALWAYS, LOG_ERR, "Discovered %s on %s", nodename , fullhost);
n->slpd_address = cfg; n->slpd_address = cfg;
n->status.has_address = true; n->status.has_address = true;
} }
@ -1625,12 +1633,10 @@ void handle_incoming_slpd_data(void *data, int flags) {
listen_socket_t *ls = data; listen_socket_t *ls = data;
char pkt[MAXSIZE]; char pkt[MAXSIZE];
sockaddr_t addr = {}; struct sockaddr_in6 addr;
socklen_t addrlen = sizeof addr; socklen_t addrlen = sizeof(addr);
logger(DEBUG_SCARY_THINGS, LOG_INFO, "Receiving SLPD packet"); size_t len = recvfrom(ls->udp.fd, pkt, MAXSIZE, 0, (struct sockaddr *)&addr, &addrlen);
size_t len = recvfrom(ls->udp.fd, (void *)&pkt, MAXSIZE, 0, &addr.sa, &addrlen);
if(len <= 0 || len > MAXSIZE) { if(len <= 0 || len > MAXSIZE) {
if(!sockwouldblock(sockerrno)) if(!sockwouldblock(sockerrno))

View file

@ -319,7 +319,15 @@ static timeout_t edgeupdate_timeout;
static timeout_t slpdupdate_timeout; static timeout_t slpdupdate_timeout;
static void slpdupdate_handler(void *data) { static void slpdupdate_handler(void *data) {
send_slpd_broadcast(); config_t *c_iface;
c_iface = lookup_config(config_tree, "SLPDInterface");
while(c_iface) {
logger(DEBUG_STATUS, LOG_NOTICE, "Sending SLPD out on %s", c_iface->value);
send_slpd_broadcast(c_iface->value);
c_iface = lookup_config_next(config_tree, c_iface);
}
timeout_set(data, &(struct timeval){slpdinterval + (rand() % 10), rand() % 100000}); timeout_set(data, &(struct timeval){slpdinterval + (rand() % 10), rand() % 100000});
} }
@ -333,50 +341,72 @@ static void edgeupdate_handler(void *data) {
timeout_set(data, &(struct timeval){edgeupdateinterval + (rand() % 10), rand() % 100000}); timeout_set(data, &(struct timeval){edgeupdateinterval + (rand() % 10), rand() % 100000});
} }
void send_slpd_broadcast(void) { void send_slpd_broadcast(char *iface) {
int sd; int sd;
struct sockaddr_in address; struct addrinfo *mcast_addr;
char slpd_msg[MAXSIZE] = ""; struct addrinfo hints;
char *iface; sockaddr_t r;
struct in_addr lif;
struct ifreq ifr;
int fd;
sd = socket (AF_INET, SOCK_DGRAM, IPPROTO_UDP); char slpd_msg[MAXSIZE] = "";
if (sd < 0) {
/* Check if interface is up */
struct ifreq ifr;
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
memset(&ifr, 0, sizeof(ifr));
strcpy(ifr.ifr_name, iface);
if (ioctl(sd, SIOCGIFFLAGS, &ifr) < 0) {
logger(DEBUG_ALWAYS, LOG_INFO, "ioctl() on %s error: [%s:%d]", iface, strerror(errno), errno);
}
close(sd);
// Requested interface is down
if (!(ifr.ifr_flags & IFF_UP) || !(ifr.ifr_flags & IFF_RUNNING))
return;
bzero(&hints, sizeof(hints));
hints.ai_family = AF_INET6;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = AI_ADDRCONFIG | AI_CANONNAME;
int status;
if ((status = getaddrinfo(my_slpd_group, my_slpd_port, &hints, &mcast_addr)) != 0 ) {
logger(DEBUG_ALWAYS, LOG_INFO, "getaddrinfo() error: [%s:%d]", strerror(errno), errno);
return;
}
if ((sd = socket(mcast_addr->ai_family, mcast_addr->ai_socktype, 0)) < 0 ) {
logger(DEBUG_ALWAYS, LOG_INFO, "socket() error: [%s:%d]", strerror(errno), errno); logger(DEBUG_ALWAYS, LOG_INFO, "socket() error: [%s:%d]", strerror(errno), errno);
freeaddrinfo(&mcast_addr);
return;
}
int on = 1;
if (setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&on, sizeof(on)) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "setsockopt() IPV6_V6ONLY failed [%s:%d]", strerror(errno), errno);
return; return;
} }
/* Send SLPD only on this Interface */ /* Send SLPD only on this Interface */
if(get_config_string (lookup_config (config_tree, "SLPDInterface"), &iface)) {
fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
ifr.ifr_addr.sa_family = AF_INET;
strncpy(ifr.ifr_name, iface, IFNAMSIZ-1);
ioctl(fd, SIOCGIFADDR, &ifr);
close(fd);
/* display result */ unsigned int ifindex;
logger(DEBUG_SCARY_THINGS, LOG_ERR, "%s has the ip: %s\n", iface, ifindex = if_nametoindex(iface);
inet_ntoa(((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr)); if(setsockopt (sd, IPPROTO_IPV6, IPV6_MULTICAST_IF, &ifindex, sizeof(ifindex)) != 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "setsockopt() IPV6_MULTICAST_IF failed [%s:%d]", strerror(errno), errno);
lif.s_addr = inet_addr(inet_ntoa(((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr)); freeaddrinfo(&mcast_addr);
if(setsockopt(sd, IPPROTO_IP, IP_MULTICAST_IF, (char *)&lif, sizeof(lif)) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "can not bind multicast to %s\n", iface);
return; return;
} }
}
memset (&address, 0, sizeof (address)); unsigned int reuse = 1;
address.sin_family = AF_INET; if(setsockopt (sd, IPPROTO_IPV6, SO_REUSEADDR, (char*)&reuse, sizeof(reuse)) != 0) {
address.sin_addr.s_addr = inet_addr (DEFAULT_SLPD_GROUP); logger(DEBUG_ALWAYS, LOG_ERR, "setsockopt() SO_REUSEADDR failed: [%s:%d]", strerror(errno), errno);
address.sin_port = htons(atoi(my_slpd_port)); freeaddrinfo(&mcast_addr);
return;
}
snprintf(slpd_msg, MAXSIZE, "sLPD 0 1 %s %d none ", myname, atoi(myport)); snprintf(slpd_msg, MAXSIZE, "sLPD 0 1 %s %d none ", myname, atoi(myport));
slpd_msg[MAXSIZE-1] = '\00'; slpd_msg[MAXSIZE-1] = '\00';
//ecdsa_sign(myself->sptps.mykey, msg, strlen(msg), sig); //ecdsa_sign(myself->sptps.mykey, msg, strlen(msg), sig);
if (sendto( sd, slpd_msg, strlen(slpd_msg), 0, (struct sockaddr *) &address, sizeof (address)) < 0) { if (sendto(sd, slpd_msg, strlen(slpd_msg), 0, mcast_addr->ai_addr, mcast_addr->ai_addrlen) != strlen(slpd_msg) ) {
logger(DEBUG_ALWAYS, LOG_ERR, "SLPD send() error: [%s:%d]", strerror(errno), errno); logger(DEBUG_ALWAYS, LOG_ERR, "SLPD send() error: [%s:%d]", strerror(errno), errno);
} }
close(sd); close(sd);
@ -1136,6 +1166,7 @@ static bool setup_myself(void) {
int slpd_fd = setup_slpd_in_socket(); int slpd_fd = setup_slpd_in_socket();
if (slpd_fd < 0) { if (slpd_fd < 0) {
close(slpd_fd); close(slpd_fd);
logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on multicast group failed");
} else { } else {
logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on multicast group"); logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on multicast group");
io_add(&listen_socket[listen_sockets].udp, handle_incoming_slpd_data, &listen_socket[listen_sockets], slpd_fd, IO_READ); io_add(&listen_socket[listen_sockets].udp, handle_incoming_slpd_data, &listen_socket[listen_sockets], slpd_fd, IO_READ);

View file

@ -302,13 +302,17 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
} /* int setup_vpn_in_socket */ } /* int setup_vpn_in_socket */
int setup_slpd_in_socket(void) { int setup_slpd_in_socket() {
int nfd; int nfd;
char *my_slpd_port; char *my_slpd_port;
char *my_slpd_group; char *my_slpd_group;
struct sockaddr_in lsock;
struct ip_mreq group; struct addrinfo *res;
struct ip_mreq mreq; struct addrinfo hints;
struct ipv6_mreq group;
logger(DEBUG_ALWAYS, LOG_ERR, "Prepare SLPD mutlicast socket");
if(!get_config_string(lookup_config(config_tree, "SLPDPort"), &my_slpd_port)) if(!get_config_string(lookup_config(config_tree, "SLPDPort"), &my_slpd_port))
my_slpd_port = xstrdup(DEFAULT_SLPD_PORT); my_slpd_port = xstrdup(DEFAULT_SLPD_PORT);
@ -316,7 +320,19 @@ int setup_slpd_in_socket(void) {
if(!get_config_string(lookup_config(config_tree, "SLPDGroup"), &my_slpd_group)) if(!get_config_string(lookup_config(config_tree, "SLPDGroup"), &my_slpd_group))
my_slpd_group = xstrdup(DEFAULT_SLPD_GROUP); my_slpd_group = xstrdup(DEFAULT_SLPD_GROUP);
nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); bzero(&hints, sizeof(hints));
hints.ai_family = AF_INET6;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
//hints.ai_flags = AI_PASSIVE;
int status;
if ((status = getaddrinfo(NULL, my_slpd_port, &hints, &res)) != 0 ) {
logger(DEBUG_ALWAYS, LOG_INFO, "getaddrinfo() error: [%s:%d]", strerror(errno), errno);
return -1;
}
nfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if(nfd < 0) { if(nfd < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can not create socket for SLPD %s", sockstrerror(sockerrno)); logger(DEBUG_ALWAYS, LOG_ERR, "Can not create socket for SLPD %s", sockstrerror(sockerrno));
@ -347,25 +363,30 @@ int setup_slpd_in_socket(void) {
return -1; return -1;
} }
memset((char *) &lsock, 0, sizeof(lsock)); if (bind(nfd, res->ai_addr, res->ai_addrlen) < 0) {
lsock.sin_family = AF_INET;
lsock.sin_port = htons(atoi(my_slpd_port));
lsock.sin_addr.s_addr = htonl(INADDR_ANY);
if(bind(nfd, (struct sockaddr*)&lsock, sizeof(lsock)) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can not bind() socket for SLPD %s", sockstrerror(sockerrno)); logger(DEBUG_ALWAYS, LOG_ERR, "Can not bind() socket for SLPD %s", sockstrerror(sockerrno));
closesocket(nfd); closesocket(nfd);
return -1; return -1;
} }
group.imr_multiaddr.s_addr = inet_addr(my_slpd_group); config_t *c_iface;
group.imr_interface.s_addr = htonl(INADDR_ANY); c_iface = lookup_config(config_tree, "SLPDInterface");
if(setsockopt(nfd, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&group, sizeof(group)) < 0) { while(c_iface) {
struct sockaddr_in6 group_addr;
inet_pton(AF_INET6, my_slpd_group, &group_addr.sin6_addr);
group.ipv6mr_multiaddr = group_addr.sin6_addr;
group.ipv6mr_interface = if_nametoindex(c_iface->value);
if (setsockopt(nfd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &group, sizeof(group)) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can not join group for SLPD %s", sockstrerror(sockerrno)); logger(DEBUG_ALWAYS, LOG_ERR, "Can not join group for SLPD %s", sockstrerror(sockerrno));
closesocket(nfd); closesocket(nfd);
return -1; return -1;
} }
logger(DEBUG_STATUS, LOG_INFO, "SLPD multicast group joined on %s ready (%d)", c_iface->value);
c_iface = lookup_config_next(config_tree, c_iface);
}
logger(DEBUG_STATUS, LOG_INFO, "SLPD socket ready (%d)", nfd); logger(DEBUG_STATUS, LOG_INFO, "SLPD socket ready (%d)", nfd);