1 /* vim: set expandtab ts=4 sw=4: */
2 /*
3 * You may redistribute this program and/or modify it under the terms of
4 * the GNU General Public License as published by the Free Software Foundation,
5 * either version 3 of the License, or (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program. If not, see <https://www.gnu.org/licenses/>.
14 */
15 #include "crypto/AddressCalc.h"
16 #include "crypto/CryptoAuth_pvt.h"
17 #include "interface/Iface.h"
18 #include "net/InterfaceController.h"
19 #include "net/PeerLink.h"
20 #include "memory/Allocator.h"
21 #include "net/SwitchPinger.h"
22 #include "wire/PFChan.h"
23 #include "net/EventEmitter.h"
24 #include "util/Base32.h"
25 #include "util/Bits.h"
26 #include "util/events/Time.h"
27 #include "util/events/Timeout.h"
28 #include "util/Identity.h"
29 #include "util/version/Version.h"
30 #include "util/AddrTools.h"
31 #include "util/Defined.h"
32 #include "util/Checksum.h"
33 #include "util/Hex.h"
34 #include "wire/Error.h"
35 #include "wire/Message.h"
36 #include "wire/Headers.h"
37 #include "wire/Metric.h"
38
39 /** After this number of milliseconds, a node will be regarded as unresponsive. */
40 #define UNRESPONSIVE_AFTER_MILLISECONDS (20*1024)
41
42 /**
43 * After this number of milliseconds without a valid incoming message,
44 * a peer is "lazy" and should be pinged.
45 */
46 #define PING_AFTER_MILLISECONDS (3*1024)
47
48 /** How often to ping "lazy" peers, "unresponsive" peers are only pinged 20% of the time. */
49 #define PING_INTERVAL_MILLISECONDS 1024
50
51 /** The number of milliseconds to wait for a ping response. */
52 #define TIMEOUT_MILLISECONDS (2*1024)
53
54 /**
55 * The number of seconds to wait before an unresponsive peer
56 * making an incoming connection is forgotten.
57 */
58 #define FORGET_AFTER_MILLISECONDS (256*1024)
59
60 /** Wait 32 seconds between sending beacon messages. */
61 #define BEACON_INTERVAL 32768
62
63 /** Every 3 seconds inform the pathfinder of the current link states. */
64 #define LINKSTATE_UPDATE_INTERVAL 3000
65
66
67 // ---------------- Map ----------------
68 #define Map_NAME EndpointsBySockaddr
69 #define Map_ENABLE_HANDLES
70 #define Map_KEY_TYPE struct Sockaddr*
71 #define Map_VALUE_TYPE struct Peer*
72 #define Map_USE_HASH
73 #define Map_USE_COMPARATOR
74 #include "util/Map.h"
Map_EndpointsBySockaddr_hash(struct Sockaddr ** key)75 static inline uint32_t Map_EndpointsBySockaddr_hash(struct Sockaddr** key)
76 {
77 return Sockaddr_hash(*key);
78 }
Map_EndpointsBySockaddr_compare(struct Sockaddr ** keyA,struct Sockaddr ** keyB)79 static inline int Map_EndpointsBySockaddr_compare(struct Sockaddr** keyA, struct Sockaddr** keyB)
80 {
81 return Sockaddr_compare(*keyA, *keyB);
82 }
83 // ---------------- EndMap ----------------
84
85 #define ArrayList_TYPE struct InterfaceController_Iface_pvt
86 #define ArrayList_NAME OfIfaces
87 #include "util/ArrayList.h"
88
89 struct InterfaceController_pvt;
90
91 struct InterfaceController_Iface_pvt
92 {
93 struct InterfaceController_Iface pub;
94 struct Map_EndpointsBySockaddr peerMap;
95 /** The number of the next peer to try pinging, this iterates through the list of peers. */
96 uint32_t lastPeerPinged;
97 struct InterfaceController_pvt* ic;
98 struct Allocator* alloc;
99 Identity
100 };
101
102 struct Peer
103 {
104 /** The interface which is registered with the switch. */
105 struct Iface switchIf;
106
107 struct Allocator* alloc;
108
109 struct CryptoAuth_Session* caSession;
110
111 struct PeerLink* peerLink;
112
113 /** The interface which this peer belongs to. */
114 struct InterfaceController_Iface_pvt* ici;
115
116 /** The address within the interface of this peer. */
117 struct Sockaddr* lladdr;
118
119 struct Address addr;
120
121 /** Milliseconds since the epoch when the last *valid* message was received. */
122 uint64_t timeOfLastMessage;
123
124 /** Time when the last switch ping response was received from this node. */
125 uint64_t timeOfLastPing;
126
127 /** A counter to allow for 3/4 of all pings to be skipped when a node is definitely down. */
128 uint32_t pingCount;
129
130 /** The handle which can be used to look up this endpoint in the endpoint set. */
131 uint32_t handle;
132
133 /** True if we should forget about the peer if they do not respond. */
134 bool isIncomingConnection;
135
136 /**
137 * If InterfaceController_PeerState_UNAUTHENTICATED, no permanent state will be kept.
138 * During transition from HANDSHAKE to ESTABLISHED, a check is done for a registeration of a
139 * node which is already registered in a different switch slot, if there is one and the
140 * handshake completes, it will be moved.
141 */
142 enum InterfaceController_PeerState state;
143
144 /**
145 * The number of lost packets last time we checked.
146 * _lastDrops and _lastPackets are the direct readings off of the ReplayProtector
147 * so they will be reset to zero when the session resets. lastDrops and lastPackets
148 * are monotonic and so probably what you want.
149 */
150 uint32_t _lastDrops;
151 uint32_t _lastPackets;
152 uint64_t lastDrops;
153 uint64_t lastPackets;
154
155 // traffic counters
156 uint64_t bytesOut;
157 uint64_t bytesIn;
158
159 Identity
160 };
161
162 struct InterfaceController_pvt
163 {
164 /** Public functions and fields for this ifcontroller. */
165 struct InterfaceController pub;
166
167 struct Allocator* const alloc;
168
169 struct CryptoAuth* const ca;
170
171 /** Switch for adding nodes when they are discovered. */
172 struct SwitchCore* const switchCore;
173
174 struct Random* const rand;
175
176 struct Log* const logger;
177
178 struct EventBase* const eventBase;
179
180 /** For communicating with the Pathfinder. */
181 struct Iface eventEmitterIf;
182
183 /** After this number of milliseconds, a neoghbor will be regarded as unresponsive. */
184 uint32_t unresponsiveAfterMilliseconds;
185
186 /** The number of milliseconds to wait before pinging. */
187 uint32_t pingAfterMilliseconds;
188
189 /** The number of milliseconds to let a ping go before timing it out. */
190 uint32_t timeoutMilliseconds;
191
192 /** After this number of milliseconds, an incoming connection is forgotten entirely. */
193 uint32_t forgetAfterMilliseconds;
194
195 /** How often to send beacon messages (milliseconds). */
196 uint32_t beaconInterval;
197
198 /** The timeout event to use for pinging potentially unresponsive neighbors. */
199 struct Timeout* const pingInterval;
200
201 /** The timeout event for updating the link state to the pathfinders. */
202 struct Timeout* const linkStateInterval;
203
204 /** For pinging lazy/unresponsive nodes. */
205 struct SwitchPinger* const switchPinger;
206
207 struct ArrayList_OfIfaces* icis;
208
209 /* For timestamping packets to get a picture of possible bandwidth. */
210 struct Peer* lastPeer;
211 uint64_t lastRecvTime;
212 uint32_t lastNonce;
213 uint32_t lastLength;
214 uint32_t seq;
215
216 /** Temporary allocator for allocating timeouts for sending beacon messages. */
217 struct Allocator* beaconTimeoutAlloc;
218
219 /** A password which is generated per-startup and sent out in beacon messages. */
220 uint8_t beaconPassword[Headers_Beacon_PASSWORD_LEN];
221
222 struct Headers_Beacon beacon;
223
224 Identity
225 };
226
sendPeer(uint32_t pathfinderId,enum PFChan_Core ev,struct Peer * peer,uint16_t latency)227 static void sendPeer(uint32_t pathfinderId,
228 enum PFChan_Core ev,
229 struct Peer* peer,
230 uint16_t latency)
231 {
232 if (!peer->addr.protocolVersion) {
233 // Don't know the protocol version, never add them
234 return;
235 } else if (Defined(SUBNODE) && peer->addr.protocolVersion < 21) {
236 // Subnode doesn't talk to peers with less than v21
237 return;
238 } else if (!Version_isCompatible(peer->addr.protocolVersion, Version_CURRENT_PROTOCOL)) {
239 return;
240 }
241 struct InterfaceController_pvt* ic = Identity_check(peer->ici->ic);
242 struct Allocator* alloc = Allocator_child(ic->alloc);
243 struct Message* msg = Message_new(PFChan_Node_SIZE, 512, alloc);
244 struct PFChan_Node* node = (struct PFChan_Node*) msg->bytes;
245 Bits_memcpy(node->ip6, peer->addr.ip6.bytes, 16);
246 Bits_memcpy(node->publicKey, peer->addr.key, 32);
247 node->path_be = Endian_hostToBigEndian64(peer->addr.path);
248 node->version_be = Endian_hostToBigEndian32(peer->addr.protocolVersion);
249 if (ev != PFChan_Core_PEER_GONE) {
250 Assert_true(peer->addr.protocolVersion);
251 node->metric_be =
252 Endian_hostToBigEndian32(Metric_IC_PEER | (latency & Metric_IC_PEER_MASK));
253 } else {
254 node->metric_be = Endian_hostToBigEndian32(Metric_DEAD_LINK);
255 }
256 Er_assert(Message_epush32be(msg, pathfinderId));
257 Er_assert(Message_epush32be(msg, ev));
258 Iface_send(&ic->eventEmitterIf, msg);
259 Allocator_free(alloc);
260 }
261
onPingResponse(struct SwitchPinger_Response * resp,void * onResponseContext)262 static void onPingResponse(struct SwitchPinger_Response* resp, void* onResponseContext)
263 {
264 if (SwitchPinger_Result_OK != resp->res) {
265 return;
266 }
267 struct Peer* ep = Identity_check((struct Peer*) onResponseContext);
268 struct InterfaceController_pvt* ic = Identity_check(ep->ici->ic);
269
270 ep->addr.protocolVersion = resp->version;
271
272 if (Defined(Log_DEBUG)) {
273 String* addr = Address_toString(&ep->addr, resp->ping->pingAlloc);
274 if (!Version_isCompatible(Version_CURRENT_PROTOCOL, resp->version)) {
275 Log_debug(ic->logger, "got switch pong from node [%s] with incompatible version",
276 addr->bytes);
277 } else if (ep->addr.path != resp->label) {
278 uint8_t sl[20];
279 AddrTools_printPath(sl, resp->label);
280 Log_debug(ic->logger, "got switch pong from node [%s] mismatch label [%s]",
281 addr->bytes, sl);
282 } else {
283 Log_debug(ic->logger, "got switch pong from node [%s]", addr->bytes);
284 }
285 }
286
287 if (!Version_isCompatible(Version_CURRENT_PROTOCOL, resp->version)) {
288 return;
289 }
290
291 if (ep->state == InterfaceController_PeerState_ESTABLISHED) {
292 sendPeer(0xffffffff, PFChan_Core_PEER, ep, resp->milliseconds);
293 }
294
295 ep->timeOfLastPing = Time_currentTimeMilliseconds(ic->eventBase);
296
297 if (Defined(Log_DEBUG)) {
298 String* addr = Address_toString(&ep->addr, resp->ping->pingAlloc);
299 Log_debug(ic->logger, "Received [%s] from lazy endpoint [%s]",
300 SwitchPinger_resultString(resp->res)->bytes, addr->bytes);
301 }
302 }
303
304 /*
305 * Send a ping packet to one of the endpoints.
306 */
sendPing(struct Peer * ep)307 static void sendPing(struct Peer* ep)
308 {
309 struct InterfaceController_pvt* ic = Identity_check(ep->ici->ic);
310
311 ep->pingCount++;
312
313 struct SwitchPinger_Ping* ping =
314 SwitchPinger_newPing(ep->addr.path,
315 String_CONST(""),
316 ic->timeoutMilliseconds,
317 onPingResponse,
318 ep->alloc,
319 ic->switchPinger);
320
321 if (!ping) {
322 struct Allocator* alloc = Allocator_child(ep->alloc);
323 Log_debug(ic->logger, "Sending switch ping to [%s] failed, out of ping slots",
324 Address_toString(&ep->addr, alloc)->bytes);
325 Allocator_free(alloc);
326 } else {
327 Log_debug(ic->logger, "Sending switch ping to [%s]",
328 Address_toString(&ep->addr, ping->pingAlloc)->bytes);
329 }
330
331 if (ping) {
332 ping->onResponseContext = ep;
333 }
334 }
335
linkState(void * vic)336 static void linkState(void* vic)
337 {
338 struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) vic);
339 uint32_t msgLen = 64;
340 for (int i = 0; i < ic->icis->length; i++) {
341 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, i);
342 msgLen += PFChan_LinkState_Entry_SIZE * ici->peerMap.count;
343 }
344 struct Allocator* alloc = Allocator_child(ic->alloc);
345 struct Message* msg = Message_new(0, msgLen, alloc);
346
347 for (int i = 0; i < ic->icis->length; i++) {
348 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, i);
349 for (uint32_t i = 0; i < ici->peerMap.count; i++) {
350 struct Peer* ep = ici->peerMap.values[i];
351
352 uint32_t drops = ep->caSession->replayProtector.lostPackets;
353 uint64_t newDrops = 0;
354 // We're checking uint32 rollover here
355 if (drops > ep->_lastDrops) { newDrops = drops - ep->_lastDrops; }
356 ep->_lastDrops = drops;
357 ep->lastDrops += newDrops;
358
359 uint32_t packets = ep->caSession->replayProtector.baseOffset;
360 uint64_t newPackets = 0;
361 if (packets > ep->_lastPackets) { newPackets = packets - ep->_lastPackets; }
362 ep->_lastPackets = packets;
363 ep->lastPackets += newPackets;
364
365 struct PFChan_LinkState_Entry e = {
366 .peerLabel = ep->addr.path,
367 .sumOfPackets = ep->lastPackets,
368 .sumOfDrops = ep->lastDrops,
369 .sumOfKb = (ep->bytesIn >> 10),
370 };
371 Er_assert(Message_epush(msg, &e, PFChan_LinkState_Entry_SIZE));
372 }
373 }
374
375 if (msg->length) {
376 Er_assert(Message_epush32be(msg, 0xffffffff));
377 Er_assert(Message_epush32be(msg, PFChan_Core_LINK_STATE));
378 Iface_send(&ic->eventEmitterIf, msg);
379 }
380 Allocator_free(alloc);
381 }
382
iciPing(struct InterfaceController_Iface_pvt * ici,struct InterfaceController_pvt * ic)383 static void iciPing(struct InterfaceController_Iface_pvt* ici, struct InterfaceController_pvt* ic)
384 {
385 if (!ici->peerMap.count) { return; }
386 uint64_t now = Time_currentTimeMilliseconds(ic->eventBase);
387
388 // scan for endpoints have not sent anything recently.
389 uint32_t startAt = ici->lastPeerPinged = (ici->lastPeerPinged + 1) % ici->peerMap.count;
390 for (uint32_t i = startAt, count = 0; count < ici->peerMap.count;) {
391 i = (i + 1) % ici->peerMap.count;
392 count++;
393
394 struct Peer* ep = ici->peerMap.values[i];
395
396 if (!ep->addr.protocolVersion) {
397 } else if (!Version_isCompatible(ep->addr.protocolVersion, Version_CURRENT_PROTOCOL) ||
398 (Defined(SUBNODE) && ep->addr.protocolVersion < 21))
399 {
400 // This is a version mismatch, we have nothing to do with this node
401 // but we keep the UNRESPONSIVE session alive to keep track of the
402 // fact that we don't want to talk to it.
403 ep->state = InterfaceController_PeerState_INCOMPATIBLE;
404 continue;
405 }
406
407 uint8_t ipIfDebug[40];
408 if (Defined(Log_DEBUG)) {
409 Address_printIp(ipIfDebug, &ep->addr);
410 }
411
412 if (ep->addr.protocolVersion && now < ep->timeOfLastMessage + ic->pingAfterMilliseconds) {
413 // It's sending traffic so leave it alone.
414
415 // wait just a minute here !
416 // There is a risk that the NodeStore somehow forgets about our peers while the peers
417 // are still happily sending traffic. To break this bad cycle lets just send a PEER
418 // message once per second for whichever peer is the first that we address.
419 if (count == 1 && ep->state == InterfaceController_PeerState_ESTABLISHED) {
420 // noisy
421 //Log_debug(ic->logger, "Notifying about peer number [%d/%d] [%s]",
422 // i, ici->peerMap.count, ipIfDebug);
423 sendPeer(0xffffffff, PFChan_Core_PEER, ep, 0xffff);
424 }
425
426 continue;
427 }
428 if (now < ep->timeOfLastPing + ic->pingAfterMilliseconds) {
429 // Possibly an out-of-date node which is mangling packets, don't ping too often
430 // because it causes the RumorMill to be filled with this node over and over.
431 continue;
432 }
433
434 if (ep->isIncomingConnection && now > ep->timeOfLastMessage + ic->forgetAfterMilliseconds) {
435 Log_debug(ic->logger, "Unresponsive peer [%s] has not responded in [%u] "
436 "seconds, dropping connection",
437 ipIfDebug, ic->forgetAfterMilliseconds / 1024);
438 sendPeer(0xffffffff, PFChan_Core_PEER_GONE, ep, 0xffff);
439 Allocator_free(ep->alloc);
440 continue;
441 }
442
443 bool unresponsive = (now > ep->timeOfLastMessage + ic->unresponsiveAfterMilliseconds);
444 if (unresponsive) {
445 // our link to the peer is broken...
446
447 // Lets skip 87% of pings when they're really down.
448 if (ep->pingCount % 8) {
449 ep->pingCount++;
450 continue;
451 }
452
453 sendPeer(0xffffffff, PFChan_Core_PEER_GONE, ep, 0xffff);
454 ep->state = InterfaceController_PeerState_UNRESPONSIVE;
455 SwitchCore_setInterfaceState(&ep->switchIf,
456 SwitchCore_setInterfaceState_ifaceState_DOWN);
457 }
458
459 Log_debug(ic->logger,
460 "Pinging %s peer [%s] lag [%u]",
461 (unresponsive ? "unresponsive" : "lazy"),
462 ipIfDebug,
463 (uint32_t)((now - ep->timeOfLastMessage) / 1024));
464
465 sendPing(ep);
466
467 // we only ping one node
468 return;
469 }
470 }
471
472 /**
473 * Check the table for nodes which might need to be pinged, ping a node if necessary.
474 * If a node has not responded in unresponsiveAfterMilliseconds then mark them as unresponsive
475 * and if the connection is incoming and the node has not responded in forgetAfterMilliseconds
476 * then drop them entirely.
477 * This is called every PING_INTERVAL_MILLISECONDS but pingCallback is a misleading name.
478 */
pingCallback(void * vic)479 static void pingCallback(void* vic)
480 {
481 struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) vic);
482 for (int i = 0; i < ic->icis->length; i++) {
483 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, i);
484 iciPing(ici, ic);
485 }
486 }
487
488 // Incoming message which has passed through the cryptoauth and needs to be forwarded to the switch.
receivedPostCryptoAuth(struct Message * msg,struct Peer * ep,struct InterfaceController_pvt * ic)489 static Iface_DEFUN receivedPostCryptoAuth(struct Message* msg,
490 struct Peer* ep,
491 struct InterfaceController_pvt* ic)
492 {
493 ep->bytesIn += msg->length;
494
495 int caState = CryptoAuth_getState(ep->caSession);
496 if (ep->state < InterfaceController_PeerState_ESTABLISHED) {
497 // EP states track CryptoAuth states...
498 ep->state = caState;
499 SwitchCore_setInterfaceState(&ep->switchIf, SwitchCore_setInterfaceState_ifaceState_UP);
500
501 Bits_memcpy(ep->addr.key, ep->caSession->herPublicKey, 32);
502 Address_getPrefix(&ep->addr);
503
504 if (caState != CryptoAuth_State_ESTABLISHED) {
505 // prevent some kinds of nasty things which could be done with packet replay.
506 // This is checking the message switch header and will drop it unless the label
507 // directs it to *this* router.
508 if (msg->length < 8 || msg->bytes[7] != 1) {
509 Log_info(ic->logger, "DROP message because CA is not established.");
510 return 0;
511 } else {
512 // When a "server" gets a new connection from a "client" the router doesn't
513 // know about that client so if the client sends a packet to the server, the
514 // server will be unable to handle it until the client has sent inter-router
515 // communication to the server. Here we will ping the client so when the
516 // server gets the ping response, it will insert the client into its table
517 // and know its version.
518
519 // prevent DoS by limiting the number of times this can be called per second
520 // limit it to 7, this will affect innocent packets but it doesn't matter much
521 // since this is mostly just an optimization and for keeping the tests happy.
522 if ((ep->pingCount + 1) % 7) {
523 sendPing(ep);
524 }
525 }
526 }
527 } else if (ep->state == InterfaceController_PeerState_UNRESPONSIVE
528 && caState == CryptoAuth_State_ESTABLISHED)
529 {
530 ep->state = InterfaceController_PeerState_ESTABLISHED;
531 SwitchCore_setInterfaceState(&ep->switchIf, SwitchCore_setInterfaceState_ifaceState_UP);
532 } else {
533 ep->timeOfLastMessage = Time_currentTimeMilliseconds(ic->eventBase);
534 }
535
536 Identity_check(ep);
537 Assert_true(!(msg->capacity % 4));
538 return Iface_next(&ep->switchIf, msg);
539 }
540
541 // This is directly called from SwitchCore, message is not encrypted.
sendFromSwitch(struct Message * msg,struct Iface * switchIf)542 static Iface_DEFUN sendFromSwitch(struct Message* msg, struct Iface* switchIf)
543 {
544 struct Peer* ep = Identity_check((struct Peer*) switchIf);
545
546 // Once we know it to be an incompetible version, we quarentine it
547 if (!ep->addr.protocolVersion) {
548 // unknown version yet
549 } else if (!Version_isCompatible(ep->addr.protocolVersion, Version_CURRENT_PROTOCOL) ||
550 (Defined(SUBNODE) && ep->addr.protocolVersion < 21))
551 {
552 if (Defined(Log_DEBUG)) {
553 Log_debug(ep->ici->ic->logger, "[%s] DROP msg to node with incompat version [%d] ",
554 Address_toString(&ep->addr, msg->alloc)->bytes, ep->addr.protocolVersion);
555 }
556 return NULL;
557 }
558
559 ep->bytesOut += msg->length;
560
561 int msgs = PeerLink_send(msg, ep->peerLink);
562
563 for (int i = 0; i < msgs; i++) {
564 msg = PeerLink_poll(ep->peerLink);
565 Assert_true(!CryptoAuth_encrypt(ep->caSession, msg));
566
567 Assert_true(!(((uintptr_t)msg->bytes) % 4) && "alignment fault");
568
569 // push the lladdr...
570 Er_assert(Message_epush(msg, ep->lladdr, ep->lladdr->addrLen));
571
572 // very noisy
573 if (Defined(Log_DEBUG) && false) {
574 char* printedAddr =
575 Hex_print(&ep->lladdr[1], ep->lladdr->addrLen - Sockaddr_OVERHEAD, msg->alloc);
576 Log_debug(ep->ici->ic->logger, "Outgoing message to [%s]", printedAddr);
577 }
578
579 Iface_send(&ep->ici->pub.addrIf, msg);
580 }
581 return NULL;
582 }
583
closeInterface(struct Allocator_OnFreeJob * job)584 static int closeInterface(struct Allocator_OnFreeJob* job)
585 {
586 struct Peer* toClose = Identity_check((struct Peer*) job->userData);
587
588 sendPeer(0xffffffff, PFChan_Core_PEER_GONE, toClose, 0xffff);
589
590 int index = Map_EndpointsBySockaddr_indexForHandle(toClose->handle, &toClose->ici->peerMap);
591 Log_debug(toClose->ici->ic->logger,
592 "Closing interface [%d] with handle [%u]", index, toClose->handle);
593 Assert_true(index >= 0);
594 Assert_true(toClose->ici->peerMap.values[index] == toClose);
595 Map_EndpointsBySockaddr_remove(index, &toClose->ici->peerMap);
596 return 0;
597 }
598
599 /**
600 * Expects [ struct LLAddress ][ beacon ]
601 */
handleBeacon(struct Message * msg,struct InterfaceController_Iface_pvt * ici)602 static Iface_DEFUN handleBeacon(struct Message* msg, struct InterfaceController_Iface_pvt* ici)
603 {
604 struct InterfaceController_pvt* ic = ici->ic;
605 if (!ici->pub.beaconState) {
606 // accepting beacons disabled.
607 Log_debug(ic->logger, "[%s] Dropping beacon because beaconing is disabled",
608 ici->pub.name->bytes);
609 return NULL;
610 }
611
612 if (msg->length < Sockaddr_OVERHEAD) {
613 Log_debug(ic->logger, "[%s] Dropping runt beacon", ici->pub.name->bytes);
614 return NULL;
615 }
616
617 struct Sockaddr* lladdrInmsg = (struct Sockaddr*) msg->bytes;
618
619 if (msg->length < lladdrInmsg->addrLen + Headers_Beacon_SIZE) {
620 Log_debug(ic->logger, "[%s] Dropping runt beacon", ici->pub.name->bytes);
621 return NULL;
622 }
623
624 // clear the bcast flag
625 lladdrInmsg->flags = 0;
626
627 Er_assert(Message_eshift(msg, -lladdrInmsg->addrLen));
628
629 struct Headers_Beacon beacon;
630 Er_assert(Message_epop(msg, &beacon, Headers_Beacon_SIZE));
631
632 if (Defined(Log_DEBUG)) {
633 char* content = Hex_print(&beacon, Headers_Beacon_SIZE, msg->alloc);
634 Log_debug(ici->ic->logger, "RECV BEACON CONTENT[%s]", content);
635 }
636
637 struct Address addr;
638 Bits_memset(&addr, 0, sizeof(struct Address));
639 Bits_memcpy(addr.key, beacon.publicKey, 32);
640 addr.protocolVersion = Endian_bigEndianToHost32(beacon.version_be);
641 Address_getPrefix(&addr);
642
643 String* printedAddr = NULL;
644 if (Defined(Log_DEBUG)) {
645 printedAddr = Address_toString(&addr, msg->alloc);
646 }
647
648 if (!AddressCalc_validAddress(addr.ip6.bytes)) {
649 Log_debug(ic->logger, "handleBeacon invalid key [%s]", printedAddr->bytes);
650 return NULL;
651 } else if (!Bits_memcmp(ic->ca->publicKey, addr.key, 32)) {
652 // receive beacon from self, drop silent
653 return NULL;
654 }
655
656 if (!Version_isCompatible(addr.protocolVersion, Version_CURRENT_PROTOCOL)) {
657 if (Defined(Log_DEBUG)) {
658 Log_debug(ic->logger, "[%s] DROP beacon from [%s] which was version [%d] "
659 "our version is [%d] making them incompatable", ici->pub.name->bytes,
660 printedAddr->bytes, addr.protocolVersion, Version_CURRENT_PROTOCOL);
661 }
662 return NULL;
663 } else if (Defined(SUBNODE) && addr.protocolVersion < 21) {
664 if (Defined(Log_DEBUG)) {
665 Log_debug(ic->logger, "[%s] DROP beacon from [%s] which was version [%d] "
666 "which is incompatible with SUBNODE", ici->pub.name->bytes,
667 printedAddr->bytes, addr.protocolVersion);
668 }
669 return NULL;
670 }
671
672 String* beaconPass = String_newBinary(beacon.password, Headers_Beacon_PASSWORD_LEN, msg->alloc);
673 int epIndex = Map_EndpointsBySockaddr_indexForKey(&lladdrInmsg, &ici->peerMap);
674 if (epIndex > -1) {
675 // The password might have changed!
676 struct Peer* ep = ici->peerMap.values[epIndex];
677 CryptoAuth_setAuth(beaconPass, NULL, ep->caSession);
678 return NULL;
679 }
680
681 struct Allocator* epAlloc = Allocator_child(ici->alloc);
682 struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
683 struct Sockaddr* lladdr = Sockaddr_clone(lladdrInmsg, epAlloc);
684 ep->alloc = epAlloc;
685 ep->ici = ici;
686 ep->lladdr = lladdr;
687 int setIndex = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
688 ep->handle = ici->peerMap.handles[setIndex];
689 ep->isIncomingConnection = true;
690 Bits_memcpy(&ep->addr, &addr, sizeof(struct Address));
691 Identity_set(ep);
692 Allocator_onFree(epAlloc, closeInterface, ep);
693
694 ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
695 ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, beacon.publicKey, false, "outer");
696 CryptoAuth_setAuth(beaconPass, NULL, ep->caSession);
697
698 ep->switchIf.send = sendFromSwitch;
699
700 if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
701 Log_debug(ic->logger, "handleBeacon() SwitchCore out of space");
702 Allocator_free(epAlloc);
703 return NULL;
704 }
705
706 // We want the node to immedietly be pinged but we don't want it to appear unresponsive because
707 // the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
708 // (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
709 ep->timeOfLastMessage =
710 Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
711
712 Log_info(ic->logger, "Added peer [%s] from beacon",
713 Address_toString(&ep->addr, msg->alloc)->bytes);
714
715 sendPeer(0xffffffff, PFChan_Core_PEER, ep, 0xffff);
716 return NULL;
717 }
718
719 /**
720 * Incoming message from someone we don't know, maybe someone responding to a beacon?
721 * expects: [ struct LLAddress ][ content ]
722 */
handleUnexpectedIncoming(struct Message * msg,struct InterfaceController_Iface_pvt * ici)723 static Iface_DEFUN handleUnexpectedIncoming(struct Message* msg,
724 struct InterfaceController_Iface_pvt* ici)
725 {
726 struct InterfaceController_pvt* ic = ici->ic;
727
728 struct Sockaddr* lladdr = (struct Sockaddr*) msg->bytes;
729 Er_assert(Message_eshift(msg, -lladdr->addrLen));
730 if (msg->length < CryptoHeader_SIZE) {
731 return NULL;
732 }
733
734 Assert_true(!((uintptr_t)msg->bytes % 4) && "alignment fault");
735
736 struct CryptoHeader* ch = (struct CryptoHeader*) msg->bytes;
737 if (ch->nonce & Endian_bigEndianToHost32(~1)) {
738 // This cuts down on processing and logger noise because any packet
739 // which is not a setup packet will be summarily dropped.
740 return NULL;
741 }
742
743 struct Allocator* epAlloc = Allocator_child(ici->alloc);
744 lladdr = Sockaddr_clone(lladdr, epAlloc);
745
746 struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
747 Identity_set(ep);
748 ep->alloc = epAlloc;
749 ep->ici = ici;
750 ep->lladdr = lladdr;
751 ep->alloc = epAlloc;
752 ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
753 ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, ch->publicKey, true, "outer");
754 if (CryptoAuth_decrypt(ep->caSession, msg)) {
755 // If the first message is a dud, drop all state for this peer.
756 // probably some random crap that wandered in the socket.
757 Allocator_free(epAlloc);
758 return NULL;
759 }
760 Assert_true(!Bits_isZero(ep->caSession->herPublicKey, 32));
761 Assert_true(Map_EndpointsBySockaddr_indexForKey(&lladdr, &ici->peerMap) == -1);
762 int index = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
763 Assert_true(index >= 0);
764 ep->handle = ici->peerMap.handles[index];
765 Allocator_onFree(epAlloc, closeInterface, ep);
766 ep->state = InterfaceController_PeerState_UNAUTHENTICATED;
767 ep->isIncomingConnection = true;
768 ep->switchIf.send = sendFromSwitch;
769
770 if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
771 Log_debug(ic->logger, "handleUnexpectedIncoming() SwitchCore out of space");
772 Allocator_free(epAlloc);
773 return NULL;
774 }
775
776 // We want the node to immedietly be pinged but we don't want it to appear unresponsive because
777 // the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
778 // (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
779 ep->timeOfLastMessage =
780 Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
781
782 Bits_memcpy(ep->addr.key, ep->caSession->herPublicKey, 32);
783 Bits_memcpy(ep->addr.ip6.bytes, ep->caSession->herIp6, 16);
784 Log_info(ic->logger, "Added peer [%s] from incoming message",
785 Address_toString(&ep->addr, msg->alloc)->bytes);
786
787 return receivedPostCryptoAuth(msg, ep, ic);
788 }
789
handleIncomingFromWire(struct Message * msg,struct Iface * addrIf)790 static Iface_DEFUN handleIncomingFromWire(struct Message* msg, struct Iface* addrIf)
791 {
792 struct InterfaceController_Iface_pvt* ici =
793 Identity_containerOf(addrIf, struct InterfaceController_Iface_pvt, pub.addrIf);
794
795 struct Sockaddr* lladdr = (struct Sockaddr*) msg->bytes;
796 if (msg->length < Sockaddr_OVERHEAD || msg->length < lladdr->addrLen) {
797 Log_debug(ici->ic->logger, "DROP runt");
798 return NULL;
799 }
800
801 Assert_true(!((uintptr_t)msg->bytes % 4) && "alignment fault");
802 Assert_true(!((uintptr_t)lladdr->addrLen % 4) && "alignment fault");
803
804 // noisy
805 if (Defined(Log_DEBUG) && false) {
806 char* printedAddr = Hex_print(&lladdr[1], lladdr->addrLen - Sockaddr_OVERHEAD, msg->alloc);
807 Log_debug(ici->ic->logger, "Incoming message from [%s]", printedAddr);
808 }
809
810 if (lladdr->flags & Sockaddr_flags_BCAST) {
811 return handleBeacon(msg, ici);
812 }
813
814 int epIndex = Map_EndpointsBySockaddr_indexForKey(&lladdr, &ici->peerMap);
815 if (epIndex == -1) {
816 return handleUnexpectedIncoming(msg, ici);
817 }
818
819 struct Peer* ep = Identity_check((struct Peer*) ici->peerMap.values[epIndex]);
820 Er_assert(Message_eshift(msg, -lladdr->addrLen));
821
822 // Once we know it to be an incompetible version, we quarentine it
823 if (!ep->addr.protocolVersion) {
824 // unknown version yet
825 } else if (!Version_isCompatible(ep->addr.protocolVersion, Version_CURRENT_PROTOCOL) ||
826 (Defined(SUBNODE) && ep->addr.protocolVersion < 21))
827 {
828 if (Defined(Log_DEBUG)) {
829 Log_debug(ici->ic->logger, "[%s] DROP msg from node with incompat version [%d] ",
830 Address_toString(&ep->addr, msg->alloc)->bytes, ep->addr.protocolVersion);
831 }
832 return NULL;
833 }
834
835 CryptoAuth_resetIfTimeout(ep->caSession);
836 uint32_t nonce = Endian_bigEndianToHost32( ((uint32_t*)msg->bytes)[0] );
837 if (CryptoAuth_decrypt(ep->caSession, msg)) {
838 return NULL;
839 }
840
841 if (ici->ic->pub.timestampPackets) {
842 uint64_t now = Time_hrtime();
843 if (ici->ic->lastPeer == ep
844 && ici->ic->lastNonce + 1 == nonce
845 && ((ici->ic->lastLength - msg->length) & 0xffff) < 100
846 ) {
847 ici->ic->seq++;
848 Log_debug(ici->ic->logger, "RECV TIME %u %llu %u",
849 msg->length, (long long)(now - ici->ic->lastRecvTime), ici->ic->seq);
850 } else {
851 ici->ic->seq = 0;
852 }
853 ici->ic->lastPeer = ep;
854 ici->ic->lastNonce = nonce;
855 ici->ic->lastRecvTime = now;
856 ici->ic->lastLength = msg->length;
857 }
858
859 PeerLink_recv(msg, ep->peerLink);
860 if (ep->state == InterfaceController_PeerState_ESTABLISHED &&
861 CryptoAuth_getState(ep->caSession) != CryptoAuth_State_ESTABLISHED) {
862 sendPeer(0xffffffff, PFChan_Core_PEER_GONE, ep, 0xffff);
863 }
864 return receivedPostCryptoAuth(msg, ep, ici->ic);
865 }
866
InterfaceController_ifaceCount(struct InterfaceController * ifc)867 int InterfaceController_ifaceCount(struct InterfaceController* ifc)
868 {
869 struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc);
870 return ic->icis->length;
871 }
872
InterfaceController_getIface(struct InterfaceController * ifc,int ifNum)873 struct InterfaceController_Iface* InterfaceController_getIface(struct InterfaceController* ifc,
874 int ifNum)
875 {
876 struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc);
877 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, ifNum);
878 return (ici) ? &ici->pub : NULL;
879 }
880
InterfaceController_newIface(struct InterfaceController * ifc,String * name,struct Allocator * alloc)881 struct InterfaceController_Iface* InterfaceController_newIface(struct InterfaceController* ifc,
882 String* name,
883 struct Allocator* alloc)
884 {
885 struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc);
886
887 struct InterfaceController_Iface_pvt* ici =
888 Allocator_calloc(alloc, sizeof(struct InterfaceController_Iface_pvt), 1);
889 ici->pub.name = String_clone(name, alloc);
890 ici->peerMap.allocator = alloc;
891 ici->ic = ic;
892 ici->alloc = alloc;
893 ici->pub.addrIf.send = handleIncomingFromWire;
894 ici->pub.ifNum = ArrayList_OfIfaces_add(ic->icis, ici);
895
896 Identity_set(ici);
897
898 return &ici->pub;
899 }
900
freeAlloc(struct Allocator_OnFreeJob * job)901 static int freeAlloc(struct Allocator_OnFreeJob* job)
902 {
903 struct Allocator* alloc = (struct Allocator*) job->userData;
904 Allocator_free(alloc);
905 return 0;
906 }
907
sendBeacon(struct InterfaceController_Iface_pvt * ici,struct Allocator * tempAlloc)908 static void sendBeacon(struct InterfaceController_Iface_pvt* ici, struct Allocator* tempAlloc)
909 {
910 if (ici->pub.beaconState < InterfaceController_beaconState_newState_SEND) {
911 Log_debug(ici->ic->logger, "sendBeacon(%s) -> beaconing disabled", ici->pub.name->bytes);
912 return;
913 }
914
915 Log_debug(ici->ic->logger, "sendBeacon(%s)", ici->pub.name->bytes);
916
917 struct Message* msg = Message_new(0, 128, tempAlloc);
918 Er_assert(Message_epush(msg, &ici->ic->beacon, Headers_Beacon_SIZE));
919
920 if (Defined(Log_DEBUG)) {
921 char* content = Hex_print(msg->bytes, msg->length, tempAlloc);
922 Log_debug(ici->ic->logger, "SEND BEACON CONTENT[%s]", content);
923 }
924
925 struct Sockaddr sa = {
926 .addrLen = Sockaddr_OVERHEAD,
927 .flags = Sockaddr_flags_BCAST
928 };
929 Er_assert(Message_epush(msg, &sa, Sockaddr_OVERHEAD));
930
931 Iface_send(&ici->pub.addrIf, msg);
932 }
933
beaconInterval(void * vInterfaceController)934 static void beaconInterval(void* vInterfaceController)
935 {
936 struct InterfaceController_pvt* ic =
937 Identity_check((struct InterfaceController_pvt*) vInterfaceController);
938
939 struct Allocator* alloc = Allocator_child(ic->alloc);
940 for (int i = 0; i < ic->icis->length; i++) {
941 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, i);
942 sendBeacon(ici, alloc);
943 }
944 Allocator_free(alloc);
945
946 if (ic->beaconTimeoutAlloc) {
947 Allocator_free(ic->beaconTimeoutAlloc);
948 }
949 ic->beaconTimeoutAlloc = Allocator_child(ic->alloc);
950 Timeout_setTimeout(
951 beaconInterval, ic, ic->beaconInterval, ic->eventBase, ic->beaconTimeoutAlloc);
952 }
953
InterfaceController_beaconState(struct InterfaceController * ifc,int interfaceNumber,int newState)954 int InterfaceController_beaconState(struct InterfaceController* ifc,
955 int interfaceNumber,
956 int newState)
957 {
958 struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc);
959 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, interfaceNumber);
960 if (!ici) {
961 return InterfaceController_beaconState_NO_SUCH_IFACE;
962 }
963 char* val = NULL;
964 switch (newState) {
965 default: return InterfaceController_beaconState_INVALID_STATE;
966 case InterfaceController_beaconState_newState_OFF: val = "OFF"; break;
967 case InterfaceController_beaconState_newState_ACCEPT: val = "ACCEPT"; break;
968 case InterfaceController_beaconState_newState_SEND: val = "SEND"; break;
969 }
970 Log_debug(ic->logger, "InterfaceController_beaconState(%s, %s)", ici->pub.name->bytes, val);
971 ici->pub.beaconState = newState;
972 if (newState == InterfaceController_beaconState_newState_SEND) {
973 // Send out a beacon right away so we don't have to wait.
974 struct Allocator* alloc = Allocator_child(ici->alloc);
975 sendBeacon(ici, alloc);
976 Allocator_free(alloc);
977 }
978 return 0;
979 }
980
InterfaceController_bootstrapPeer(struct InterfaceController * ifc,int interfaceNumber,uint8_t * herPublicKey,const struct Sockaddr * lladdrParm,String * password,String * login,String * user,struct Allocator * alloc)981 int InterfaceController_bootstrapPeer(struct InterfaceController* ifc,
982 int interfaceNumber,
983 uint8_t* herPublicKey,
984 const struct Sockaddr* lladdrParm,
985 String* password,
986 String* login,
987 String* user,
988 struct Allocator* alloc)
989 {
990 struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc);
991
992 Assert_true(herPublicKey);
993 Assert_true(password);
994
995 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, interfaceNumber);
996
997 if (!ici) {
998 return InterfaceController_bootstrapPeer_BAD_IFNUM;
999 }
1000
1001 Log_debug(ic->logger, "bootstrapPeer total [%u]", ici->peerMap.count);
1002
1003 uint8_t ip6[16];
1004 AddressCalc_addressForPublicKey(ip6, herPublicKey);
1005 if (!AddressCalc_validAddress(ip6) || !Bits_memcmp(ic->ca->publicKey, herPublicKey, 32)) {
1006 return InterfaceController_bootstrapPeer_BAD_KEY;
1007 }
1008
1009 struct Allocator* epAlloc = Allocator_child(ici->alloc);
1010
1011 struct Sockaddr* lladdr = Sockaddr_clone(lladdrParm, epAlloc);
1012
1013 // TODO(cjd): eps are created in 3 places, there should be a factory function.
1014 struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
1015 int index = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
1016 Assert_true(index >= 0);
1017 ep->alloc = epAlloc;
1018 ep->handle = ici->peerMap.handles[index];
1019 ep->lladdr = lladdr;
1020 ep->ici = ici;
1021 ep->isIncomingConnection = false;
1022 Bits_memcpy(ep->addr.key, herPublicKey, 32);
1023 Address_getPrefix(&ep->addr);
1024 Identity_set(ep);
1025 Allocator_onFree(epAlloc, closeInterface, ep);
1026 Allocator_onFree(alloc, freeAlloc, epAlloc);
1027
1028 ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
1029 ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, herPublicKey, false, "outer");
1030 CryptoAuth_setAuth(password, login, ep->caSession);
1031 if (user) {
1032 ep->caSession->displayName = String_clone(user, epAlloc);
1033 }
1034
1035 ep->switchIf.send = sendFromSwitch;
1036
1037 if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
1038 Log_debug(ic->logger, "bootstrapPeer() SwitchCore out of space");
1039 Allocator_free(epAlloc);
1040 return InterfaceController_bootstrapPeer_OUT_OF_SPACE;
1041 }
1042
1043 // We want the node to immedietly be pinged but we don't want it to appear unresponsive because
1044 // the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
1045 // (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
1046 ep->timeOfLastMessage =
1047 Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
1048
1049 if (Defined(Log_INFO)) {
1050 struct Allocator* tempAlloc = Allocator_child(alloc);
1051 String* addrStr = Address_toString(&ep->addr, tempAlloc);
1052 Log_info(ic->logger, "Adding peer [%s] from bootstrapPeer()", addrStr->bytes);
1053 Allocator_free(tempAlloc);
1054 }
1055
1056 // We can't just add the node directly to the routing table because we do not know
1057 // the version. We'll send it a switch ping and when it responds, we will know it's
1058 // key (if we don't already) and version number.
1059 sendPing(ep);
1060
1061 return 0;
1062 }
1063
InterfaceController_getPeerStats(struct InterfaceController * ifController,struct Allocator * alloc,struct InterfaceController_PeerStats ** statsOut)1064 int InterfaceController_getPeerStats(struct InterfaceController* ifController,
1065 struct Allocator* alloc,
1066 struct InterfaceController_PeerStats** statsOut)
1067 {
1068 struct InterfaceController_pvt* ic =
1069 Identity_check((struct InterfaceController_pvt*) ifController);
1070
1071 int count = 0;
1072 for (int i = 0; i < ic->icis->length; i++) {
1073 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, i);
1074 count += ici->peerMap.count;
1075 }
1076
1077 struct InterfaceController_PeerStats* stats =
1078 Allocator_calloc(alloc, sizeof(struct InterfaceController_PeerStats), count);
1079
1080 int xcount = 0;
1081 for (int j = 0; j < ic->icis->length; j++) {
1082 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, j);
1083 for (int i = 0; i < (int)ici->peerMap.count; i++) {
1084 struct Peer* peer = Identity_check((struct Peer*) ici->peerMap.values[i]);
1085 struct InterfaceController_PeerStats* s = &stats[xcount];
1086 xcount++;
1087 s->ifNum = ici->pub.ifNum;
1088 s->lladdr = Sockaddr_clone(peer->lladdr, alloc);
1089 Bits_memcpy(&s->addr, &peer->addr, sizeof(struct Address));
1090 s->bytesOut = peer->bytesOut;
1091 s->bytesIn = peer->bytesIn;
1092 s->timeOfLastMessage = peer->timeOfLastMessage;
1093 s->state = peer->state;
1094 s->isIncomingConnection = peer->isIncomingConnection;
1095 if (peer->caSession->displayName) {
1096 s->user = String_clone(peer->caSession->displayName, alloc);
1097 }
1098 struct ReplayProtector* rp = &peer->caSession->replayProtector;
1099 s->duplicates = rp->duplicates;
1100 s->receivedOutOfRange = rp->receivedOutOfRange;
1101
1102 struct PeerLink_Kbps kbps;
1103 PeerLink_kbps(peer->peerLink, &kbps);
1104 s->sendKbps = kbps.sendKbps;
1105 s->recvKbps = kbps.recvKbps;
1106
1107 s->receivedPackets = peer->lastPackets;
1108 s->lostPackets = peer->lastDrops;
1109 }
1110 }
1111
1112 Assert_true(xcount == count);
1113
1114 *statsOut = stats;
1115 return count;
1116 }
1117
InterfaceController_resetPeering(struct InterfaceController * ifController,uint8_t herPublicKey[32])1118 void InterfaceController_resetPeering(struct InterfaceController* ifController,
1119 uint8_t herPublicKey[32])
1120 {
1121 struct InterfaceController_pvt* ic =
1122 Identity_check((struct InterfaceController_pvt*) ifController);
1123
1124 for (int j = 0; j < ic->icis->length; j++) {
1125 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, j);
1126 for (int i = 0; i < (int)ici->peerMap.count; i++) {
1127 struct Peer* peer = ici->peerMap.values[i];
1128 if (!herPublicKey || !Bits_memcmp(herPublicKey, peer->caSession->herPublicKey, 32)) {
1129 CryptoAuth_reset(peer->caSession);
1130 }
1131 }
1132 }
1133 }
1134
InterfaceController_disconnectPeer(struct InterfaceController * ifController,uint8_t herPublicKey[32])1135 int InterfaceController_disconnectPeer(struct InterfaceController* ifController,
1136 uint8_t herPublicKey[32])
1137 {
1138 struct InterfaceController_pvt* ic =
1139 Identity_check((struct InterfaceController_pvt*) ifController);
1140
1141 for (int j = 0; j < ic->icis->length; j++) {
1142 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, j);
1143 for (int i = 0; i < (int)ici->peerMap.count; i++) {
1144 struct Peer* peer = ici->peerMap.values[i];
1145 if (!Bits_memcmp(herPublicKey, peer->caSession->herPublicKey, 32)) {
1146 Allocator_free(peer->alloc);
1147 return 0;
1148 }
1149 }
1150 }
1151 return InterfaceController_disconnectPeer_NOTFOUND;
1152 }
1153
incomingFromEventEmitterIf(struct Message * msg,struct Iface * eventEmitterIf)1154 static Iface_DEFUN incomingFromEventEmitterIf(struct Message* msg, struct Iface* eventEmitterIf)
1155 {
1156 struct InterfaceController_pvt* ic =
1157 Identity_containerOf(eventEmitterIf, struct InterfaceController_pvt, eventEmitterIf);
1158 uint32_t peers = Er_assert(Message_epop32be(msg));
1159 Assert_true(peers == PFChan_Pathfinder_PEERS);
1160 uint32_t pathfinderId = Er_assert(Message_epop32be(msg));
1161 Assert_true(!msg->length);
1162
1163 for (int j = 0; j < ic->icis->length; j++) {
1164 struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, j);
1165 for (int i = 0; i < (int)ici->peerMap.count; i++) {
1166 struct Peer* peer = Identity_check((struct Peer*) ici->peerMap.values[i]);
1167 if (peer->state != InterfaceController_PeerState_ESTABLISHED) { continue; }
1168 sendPeer(pathfinderId, PFChan_Core_PEER, peer, 0xffff);
1169 }
1170 }
1171 return NULL;
1172 }
1173
InterfaceController_new(struct CryptoAuth * ca,struct SwitchCore * switchCore,struct Log * logger,struct EventBase * eventBase,struct SwitchPinger * switchPinger,struct Random * rand,struct Allocator * allocator,struct EventEmitter * ee)1174 struct InterfaceController* InterfaceController_new(struct CryptoAuth* ca,
1175 struct SwitchCore* switchCore,
1176 struct Log* logger,
1177 struct EventBase* eventBase,
1178 struct SwitchPinger* switchPinger,
1179 struct Random* rand,
1180 struct Allocator* allocator,
1181 struct EventEmitter* ee)
1182 {
1183 struct Allocator* alloc = Allocator_child(allocator);
1184 struct InterfaceController_pvt* out =
1185 Allocator_malloc(alloc, sizeof(struct InterfaceController_pvt));
1186 Bits_memcpy(out, (&(struct InterfaceController_pvt) {
1187 .alloc = alloc,
1188 .ca = ca,
1189 .rand = rand,
1190 .switchCore = switchCore,
1191 .logger = logger,
1192 .eventBase = eventBase,
1193 .switchPinger = switchPinger,
1194 .unresponsiveAfterMilliseconds = UNRESPONSIVE_AFTER_MILLISECONDS,
1195 .pingAfterMilliseconds = PING_AFTER_MILLISECONDS,
1196 .timeoutMilliseconds = TIMEOUT_MILLISECONDS,
1197 .forgetAfterMilliseconds = FORGET_AFTER_MILLISECONDS,
1198 .beaconInterval = BEACON_INTERVAL,
1199
1200 .linkStateInterval = Timeout_setInterval(
1201 linkState,
1202 out,
1203 LINKSTATE_UPDATE_INTERVAL,
1204 eventBase,
1205 alloc),
1206
1207 .pingInterval = (switchPinger)
1208 ? Timeout_setInterval(pingCallback,
1209 out,
1210 PING_INTERVAL_MILLISECONDS,
1211 eventBase,
1212 alloc)
1213 : NULL
1214
1215 }), sizeof(struct InterfaceController_pvt));
1216 Identity_set(out);
1217
1218 out->icis = ArrayList_OfIfaces_new(alloc);
1219
1220 out->eventEmitterIf.send = incomingFromEventEmitterIf;
1221 EventEmitter_regCore(ee, &out->eventEmitterIf, PFChan_Pathfinder_PEERS);
1222
1223 // Add the beaconing password.
1224 Random_bytes(rand, out->beacon.password, Headers_Beacon_PASSWORD_LEN);
1225 String strPass = { .bytes=(char*)out->beacon.password, .len=Headers_Beacon_PASSWORD_LEN };
1226 int ret = CryptoAuth_addUser(&strPass, String_CONST("Local Peers"), ca);
1227 if (ret) {
1228 Log_warn(logger, "CryptoAuth_addUser() returned [%d]", ret);
1229 }
1230 Bits_memcpy(out->beacon.publicKey, ca->publicKey, 32);
1231 out->beacon.version_be = Endian_hostToBigEndian32(Version_CURRENT_PROTOCOL);
1232
1233 Timeout_setTimeout(beaconInterval, out, BEACON_INTERVAL, eventBase, alloc);
1234
1235 return &out->pub;
1236 }
1237