#include <fcntl.h>
#include <libubox/list.h>
#include <libubox/uloop.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+#include <netinet/udp.h>
#include "pex-msg.h"
#include "chacha20.h"
#include "auth-data.h"
static struct uloop_fd pex_fd;
static LIST_HEAD(requests);
static struct uloop_timeout gc_timer;
+static int pex_raw_v4_fd = -1, pex_raw_v6_fd = -1;
static pex_recv_cb_t pex_recv_cb;
uint64_t pex_network_hash(const uint8_t *auth_key, uint64_t req_id)
{
siphash_key_t key = {
- be64_to_cpu(req_id),
- be64_to_cpu(req_id)
+ .key = {
+ be64_to_cpu(req_id),
+ be64_to_cpu(req_id)
+ }
};
uint64_t hash;
hdr->len = sizeof(*ehdr);
- fread(&ehdr->nonce, sizeof(ehdr->nonce), 1, pex_urandom);
+ if (fread(&ehdr->nonce, sizeof(ehdr->nonce), 1, pex_urandom) != 1)
+ return NULL;
hash = pex_network_hash(auth_key, ehdr->nonce);
*(uint64_t *)hdr->id ^= hash;
}
}
-int __pex_msg_send(int fd, const void *addr)
+static inline uint32_t
+csum_tcpudp_nofold(uint32_t saddr, uint32_t daddr, uint32_t len, uint8_t proto)
+{
+ uint64_t sum = 0;
+
+ sum += saddr;
+ sum += daddr;
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ sum += (proto + len) << 8;
+#else
+ sum += proto + len;
+#endif
+
+ sum = (sum & 0xffffffff) + (sum >> 32);
+ sum = (sum & 0xffffffff) + (sum >> 32);
+
+ return (uint32_t)sum;
+}
+
+static inline uint32_t csum_add(uint32_t sum, uint32_t addend)
+{
+ sum += addend;
+ return sum + (sum < addend);
+}
+
+static inline uint16_t csum_fold(uint32_t sum)
+{
+ sum = (sum & 0xffff) + (sum >> 16);
+ sum = (sum & 0xffff) + (sum >> 16);
+
+ return (uint16_t)~sum;
+}
+
+static uint32_t csum_partial(const void *buf, int len)
+{
+ const uint16_t *data = buf;
+ uint32_t sum = 0;
+
+ while (len > 1) {
+ sum += *data++;
+ len -= 2;
+ }
+
+ if (len == 1)
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ sum += *(uint8_t *)data;
+#else
+ sum += *(uint8_t *)data << 8;
+#endif
+
+ sum = (sum & 0xffff) + (sum >> 16);
+ sum = (sum & 0xffff) + (sum >> 16);
+
+ return sum;
+}
+
+static void pex_fixup_udpv4(void *hdr, size_t hdrlen, const void *data, size_t len)
+{
+ struct ip *ip = hdr;
+ struct udphdr *udp = hdr + ip->ip_hl * 4;
+ uint16_t udp_len = sizeof(*udp) + len;
+ uint32_t sum;
+
+ if ((void *)&udp[1] > hdr + hdrlen)
+ return;
+
+ udp->uh_sum = 0;
+ udp->uh_ulen = htons(udp_len);
+ sum = csum_tcpudp_nofold(*(uint32_t *)&ip->ip_src, *(uint32_t *)&ip->ip_dst,
+ ip->ip_p, udp_len);
+ sum = csum_add(sum, csum_partial(udp, sizeof(*udp)));
+ sum = csum_add(sum, csum_partial(data, len));
+ udp->uh_sum = csum_fold(sum);
+
+ ip->ip_len = htons(hdrlen + len);
+ ip->ip_sum = 0;
+ ip->ip_sum = csum_fold(csum_partial(ip, sizeof(*ip)));
+
+#ifdef __APPLE__
+ ip->ip_len = hdrlen + len;
+#endif
+}
+
+static void pex_fixup_udpv6(void *hdr, size_t hdrlen, const void *data, size_t len)
+{
+ struct ip6_hdr *ip = hdr;
+ struct udphdr *udp = hdr + sizeof(*ip);
+ uint16_t udp_len = htons(sizeof(*udp) + len);
+
+ if ((void *)&udp[1] > hdr + hdrlen)
+ return;
+
+ ip->ip6_plen = htons(sizeof(*udp) + len);
+ udp->uh_sum = 0;
+ udp->uh_ulen = udp_len;
+ udp->uh_sum = csum_fold(csum_partial(hdr, sizeof(*ip) + sizeof(*udp)));
+
+#ifdef __APPLE__
+ ip->ip6_plen = sizeof(*udp) + len;
+#endif
+}
+
+static void pex_fixup_header(void *hdr, size_t hdrlen, const void *data, size_t len)
+{
+ if (hdrlen >= sizeof(struct ip6_hdr) + sizeof(struct udphdr))
+ pex_fixup_udpv6(hdr, hdrlen, data, len);
+ else if (hdrlen >= sizeof(struct ip) + sizeof(struct udphdr))
+ pex_fixup_udpv4(hdr, hdrlen, data, len);
+}
+
+int __pex_msg_send(int fd, const void *addr, void *ip_hdr, size_t ip_hdrlen)
{
struct pex_hdr *hdr = (struct pex_hdr *)pex_tx_buf;
const struct sockaddr *sa = addr;
size_t tx_len = sizeof(*hdr) + hdr->len;
uint16_t orig_len = hdr->len;
- size_t addr_len;
int ret;
if (fd < 0) {
hdr->len -= sizeof(struct pex_ext_hdr);
- fd = pex_fd.fd;
+ if (ip_hdrlen)
+ fd = sa->sa_family == AF_INET6 ? pex_raw_v6_fd : pex_raw_v4_fd;
+ else
+ fd = pex_fd.fd;
+
+ if (fd < 0)
+ return -1;
}
hdr->len = htons(hdr->len);
if (addr) {
+ struct iovec iov[2] = {
+ { .iov_base = (void *)ip_hdr, .iov_len = ip_hdrlen },
+ { .iov_base = pex_tx_buf, .iov_len = tx_len }
+ };
+ struct msghdr msg = {
+ .msg_name = (void *)addr,
+ .msg_iov = iov,
+ .msg_iovlen = ARRAY_SIZE(iov),
+ };
+
if (sa->sa_family == AF_INET6)
- addr_len = sizeof(struct sockaddr_in6);
+ msg.msg_namelen = sizeof(struct sockaddr_in6);
else
- addr_len = sizeof(struct sockaddr_in);
- ret = sendto(fd, pex_tx_buf, tx_len, 0, sa, addr_len);
+ msg.msg_namelen = sizeof(struct sockaddr_in);
+
+ if (ip_hdrlen) {
+ pex_fixup_header(ip_hdr, ip_hdrlen, pex_tx_buf, tx_len);
+ } else {
+ msg.msg_iov++;
+ msg.msg_iovlen--;
+ }
+
+ ret = sendmsg(fd, &msg, 0);
} else {
ret = send(fd, pex_tx_buf, tx_len, 0);
}
ctx->ext = ext;
ctx->req_id = req->req_id;
- __pex_msg_init_ext(pubkey, auth_key, PEX_MSG_UPDATE_RESPONSE, ext);
+ if (!__pex_msg_init_ext(pubkey, auth_key, PEX_MSG_UPDATE_RESPONSE, ext))
+ return;
+
res = pex_msg_append(sizeof(*res));
res->req_id = req->req_id;
res->data_len = len;
- fread(e_key_priv, sizeof(e_key_priv), 1, pex_urandom);
+ if (!fread(e_key_priv, sizeof(e_key_priv), 1, pex_urandom))
+ return;
+
curve25519_clamp_secret(e_key_priv);
curve25519_generate_public(res->e_key, e_key_priv);
curve25519(enc_key, e_key_priv, peer_key);
return false;
}
- __pex_msg_init_ext(ctx->pubkey, ctx->auth_key,
- PEX_MSG_UPDATE_RESPONSE_DATA, ctx->ext);
+ if (!__pex_msg_init_ext(ctx->pubkey, ctx->auth_key,
+ PEX_MSG_UPDATE_RESPONSE_DATA, ctx->ext))
+ return false;
+
res_ext = pex_msg_append(sizeof(*res_ext));
res_ext->req_id = ctx->req_id;
res_ext->offset = ctx->cur - ctx->data;
memcpy(&ctx->addr, addr, sizeof(ctx->addr));
memcpy(ctx->auth_key, auth_key, sizeof(ctx->auth_key));
memcpy(ctx->priv_key, priv_key, sizeof(ctx->priv_key));
- fread(&ctx->req_id, sizeof(ctx->req_id), 1, pex_urandom);
+ if (!fread(&ctx->req_id, sizeof(ctx->req_id), 1, pex_urandom))
+ return NULL;
list_add_tail(&ctx->list, &requests);
if (!gc_timer.pending)
uloop_timeout_set(&gc_timer, 1000);
- __pex_msg_init_ext(pubkey, auth_key, PEX_MSG_UPDATE_REQUEST, ext);
+ if (!__pex_msg_init_ext(pubkey, auth_key, PEX_MSG_UPDATE_REQUEST, ext)) {
+ free(ctx);
+ return NULL;
+ }
+
req = pex_msg_append(sizeof(*req));
req->cur_version = cpu_to_be64(cur_version);
req->req_id = ctx->req_id;
pex_recv_cb = cb;
+ if (server) {
+ pex_raw_v4_fd = fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
+ if (fd < 0)
+ return -1;
+
+ setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &yes, sizeof(yes));
+ setsockopt(fd, IPPROTO_IP, IP_HDRINCL, &yes, sizeof(yes));
+
+#ifdef linux
+ pex_raw_v6_fd = fd = socket(PF_INET6, SOCK_RAW, IPPROTO_UDP);
+ if (fd < 0)
+ goto close_raw;
+
+ setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &yes, sizeof(yes));
+ setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &no, sizeof(no));
+ setsockopt(fd, IPPROTO_IPV6, IPV6_HDRINCL, &yes, sizeof(yes));
+#endif
+ }
+
pex_urandom = fopen("/dev/urandom", "r");
if (!pex_urandom)
- return -1;
+ goto close_raw;
fd = socket(sa->sa_family == AF_INET ? PF_INET : PF_INET6, SOCK_DGRAM, IPPROTO_UDP);
if (fd < 0)
close(fd);
close_urandom:
fclose(pex_urandom);
+close_raw:
+ if (pex_raw_v4_fd >= 0)
+ close(pex_raw_v4_fd);
+ if (pex_raw_v6_fd >= 0)
+ close(pex_raw_v6_fd);
+ pex_raw_v4_fd = -1;
+ pex_raw_v6_fd = -1;
return -1;
}
if (!pex_fd.cb)
return;
+ if (pex_raw_v4_fd >= 0)
+ close(pex_raw_v4_fd);
+ if (pex_raw_v6_fd >= 0)
+ close(pex_raw_v6_fd);
+ pex_raw_v4_fd = -1;
+ pex_raw_v6_fd = -1;
+
fclose(pex_urandom);
uloop_fd_delete(&pex_fd);
close(pex_fd.fd);