search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cosmetics
[tomato.git] / release / src / router / openvpn / reliable.c
bloba41f2bf120c20085588a67df29149fd5594aca46
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25 /*
26 * These routines implement a reliability layer on top of UDP,
27 * so that SSL/TLS can be run over UDP.
28 */
29
30 #include "syshead.h"
31
32 #if defined(USE_CRYPTO) && defined(USE_SSL)
33
34 #include "buffer.h"
35 #include "error.h"
36 #include "common.h"
37 #include "reliable.h"
38
39 #include "memdbg.h"
40
41 /*
42 * verify that test - base < extent while allowing for base or test wraparound
43 */
44 static inline bool
45 reliable_pid_in_range1 (const packet_id_type test,
46 const packet_id_type base,
47 const unsigned int extent)
48 {
49 if (test >= base)
50 {
51 if (test - base < extent)
52 return true;
53 }
54 else
55 {
56 if ((test+0x80000000u) - (base+0x80000000u) < extent)
57 return true;
58 }
59
60 return false;
61 }
62
63 /*
64 * verify that test < base + extent while allowing for base or test wraparound
65 */
66 static inline bool
67 reliable_pid_in_range2 (const packet_id_type test,
68 const packet_id_type base,
69 const unsigned int extent)
70 {
71 if (base + extent >= base)
72 {
73 if (test < base + extent)
74 return true;
75 }
76 else
77 {
78 if ((test+0x80000000u) < (base+0x80000000u) + extent)
79 return true;
80 }
81
82 return false;
83 }
84
85 /*
86 * verify that p1 < p2 while allowing for p1 or p2 wraparound
87 */
88 static inline bool
89 reliable_pid_min (const packet_id_type p1,
90 const packet_id_type p2)
91 {
92 return !reliable_pid_in_range1 (p1, p2, 0x80000000u);
93 }
94
95 /* check if a particular packet_id is present in ack */
96 static inline bool
97 reliable_ack_packet_id_present (struct reliable_ack *ack, packet_id_type pid)
98 {
99 int i;
100 for (i = 0; i < ack->len; ++i)
101 if (ack->packet_id[i] == pid)
102 return true;
103 return false;
104 }
105
106 /* get a packet_id from buf */
107 bool
108 reliable_ack_read_packet_id (struct buffer *buf, packet_id_type *pid)
109 {
110 packet_id_type net_pid;
111
112 if (buf_read (buf, &net_pid, sizeof (net_pid)))
113 {
114 *pid = ntohpid (net_pid);
115 dmsg (D_REL_DEBUG, "ACK read ID " packet_id_format " (buf->len=%d)",
116 (packet_id_print_type)*pid, buf->len);
117 return true;
118 }
119
120 dmsg (D_REL_LOW, "ACK read ID FAILED (buf->len=%d)", buf->len);
121 return false;
122 }
123
124 /* acknowledge a packet_id by adding it to a struct reliable_ack */
125 bool
126 reliable_ack_acknowledge_packet_id (struct reliable_ack *ack, packet_id_type pid)
127 {
128 if (!reliable_ack_packet_id_present (ack, pid) && ack->len < RELIABLE_ACK_SIZE)
129 {
130 ack->packet_id[ack->len++] = pid;
131 dmsg (D_REL_DEBUG, "ACK acknowledge ID " packet_id_format " (ack->len=%d)",
132 (packet_id_print_type)pid, ack->len);
133 return true;
134 }
135
136 dmsg (D_REL_LOW, "ACK acknowledge ID " packet_id_format " FAILED (ack->len=%d)",
137 (packet_id_print_type)pid, ack->len);
138 return false;
139 }
140
141 /* read a packet ID acknowledgement record from buf into ack */
142 bool
143 reliable_ack_read (struct reliable_ack * ack,
144 struct buffer * buf, const struct session_id * sid)
145 {
146 struct gc_arena gc = gc_new ();
147 int i;
148 uint8_t count;
149 packet_id_type net_pid;
150 packet_id_type pid;
151 struct session_id session_id_remote;
152
153 if (!buf_read (buf, &count, sizeof (count)))
154 goto error;
155 for (i = 0; i < count; ++i)
156 {
157 if (!buf_read (buf, &net_pid, sizeof (net_pid)))
158 goto error;
159 if (ack->len >= RELIABLE_ACK_SIZE)
160 goto error;
161 pid = ntohpid (net_pid);
162 ack->packet_id[ack->len++] = pid;
163 }
164 if (count)
165 {
166 if (!session_id_read (&session_id_remote, buf))
167 goto error;
168 if (!session_id_defined (&session_id_remote) ||
169 !session_id_equal (&session_id_remote, sid))
170 {
171 dmsg (D_REL_LOW,
172 "ACK read BAD SESSION-ID FROM REMOTE, local=%s, remote=%s",
173 session_id_print (sid, &gc), session_id_print (&session_id_remote, &gc));
174 goto error;
175 }
176 }
177 gc_free (&gc);
178 return true;
179
180 error:
181 gc_free (&gc);
182 return false;
183 }
184
185 #define ACK_SIZE(n) (sizeof (uint8_t) + ((n) ? SID_SIZE : 0) + sizeof (packet_id_type) * (n))
186
187 /* write a packet ID acknowledgement record to buf, */
188 /* removing all acknowledged entries from ack */
189 bool
190 reliable_ack_write (struct reliable_ack * ack,
191 struct buffer * buf,
192 const struct session_id * sid, int max, bool prepend)
193 {
194 int i, j;
195 uint8_t n;
196 struct buffer sub;
197
198 n = ack->len;
199 if (n > max)
200 n = max;
201 sub = buf_sub (buf, ACK_SIZE(n), prepend);
202 if (!BDEF (&sub))
203 goto error;
204 ASSERT (buf_write (&sub, &n, sizeof (n)));
205 for (i = 0; i < n; ++i)
206 {
207 packet_id_type pid = ack->packet_id[i];
208 packet_id_type net_pid = htonpid (pid);
209 ASSERT (buf_write (&sub, &net_pid, sizeof (net_pid)));
210 dmsg (D_REL_DEBUG, "ACK write ID " packet_id_format " (ack->len=%d, n=%d)", (packet_id_print_type)pid, ack->len, n);
211 }
212 if (n)
213 {
214 ASSERT (session_id_defined (sid));
215 ASSERT (session_id_write (sid, &sub));
216 for (i = 0, j = n; j < ack->len;)
217 ack->packet_id[i++] = ack->packet_id[j++];
218 ack->len = i;
219 }
220
221 return true;
222
223 error:
224 return false;
225 }
226
227 /* add to extra_frame the maximum number of bytes we will need for reliable_ack_write */
228 void
229 reliable_ack_adjust_frame_parameters (struct frame* frame, int max)
230 {
231 frame_add_to_extra_frame (frame, ACK_SIZE (max));
232 }
233
234 /* print a reliable ACK record coming off the wire */
235 const char *
236 reliable_ack_print (struct buffer *buf, bool verbose, struct gc_arena *gc)
237 {
238 int i;
239 uint8_t n_ack;
240 struct session_id sid_ack;
241 packet_id_type pid;
242 struct buffer out = alloc_buf_gc (256, gc);
243
244 buf_printf (&out, "[");
245 if (!buf_read (buf, &n_ack, sizeof (n_ack)))
246 goto done;
247 for (i = 0; i < n_ack; ++i)
248 {
249 if (!buf_read (buf, &pid, sizeof (pid)))
250 goto done;
251 pid = ntohpid (pid);
252 buf_printf (&out, " " packet_id_format, (packet_id_print_type)pid);
253 }
254 if (n_ack)
255 {
256 if (!session_id_read (&sid_ack, buf))
257 goto done;
258 if (verbose)
259 buf_printf (&out, " sid=%s", session_id_print (&sid_ack, gc));
260 }
261
262 done:
263 buf_printf (&out, " ]");
264 return BSTR (&out);
265 }
266
267 /*
268 * struct reliable member functions.
269 */
270
271 void
272 reliable_init (struct reliable *rel, int buf_size, int offset, int array_size, bool hold)
273 {
274 int i;
275
276 CLEAR (*rel);
277 ASSERT (array_size > 0 && array_size <= RELIABLE_CAPACITY);
278 rel->hold = hold;
279 rel->size = array_size;
280 rel->offset = offset;
281 for (i = 0; i < rel->size; ++i)
282 {
283 struct reliable_entry *e = &rel->array[i];
284 e->buf = alloc_buf (buf_size);
285 ASSERT (buf_init (&e->buf, offset));
286 }
287 }
288
289 void
290 reliable_free (struct reliable *rel)
291 {
292 int i;
293 for (i = 0; i < rel->size; ++i)
294 {
295 struct reliable_entry *e = &rel->array[i];
296 free_buf (&e->buf);
297 }
298 }
299
300 /* no active buffers? */
301 bool
302 reliable_empty (const struct reliable *rel)
303 {
304 int i;
305 for (i = 0; i < rel->size; ++i)
306 {
307 const struct reliable_entry *e = &rel->array[i];
308 if (e->active)
309 return false;
310 }
311 return true;
312 }
313
314 /* del acknowledged items from send buf */
315 void
316 reliable_send_purge (struct reliable *rel, struct reliable_ack *ack)
317 {
318 int i, j;
319 for (i = 0; i < ack->len; ++i)
320 {
321 packet_id_type pid = ack->packet_id[i];
322 for (j = 0; j < rel->size; ++j)
323 {
324 struct reliable_entry *e = &rel->array[j];
325 if (e->active && e->packet_id == pid)
326 {
327 dmsg (D_REL_DEBUG,
328 "ACK received for pid " packet_id_format ", deleting from send buffer",
329 (packet_id_print_type)pid);
330 #if 0
331 /* DEBUGGING -- how close were we timing out on ACK failure and resending? */
332 {
333 if (e->next_try)
334 {
335 const interval_t wake = e->next_try - now;
336 msg (M_INFO, "ACK " packet_id_format ", wake=%d", pid, wake);
337 }
338 }
339 #endif
340 e->active = false;
341 break;
342 }
343 }
344 }
345 }
346
347 /* print the current sequence of active packet IDs */
348 static const char *
349 reliable_print_ids (const struct reliable *rel, struct gc_arena *gc)
350 {
351 struct buffer out = alloc_buf_gc (256, gc);
352 int i;
353
354 buf_printf (&out, "[" packet_id_format "]", (packet_id_print_type)rel->packet_id);
355 for (i = 0; i < rel->size; ++i)
356 {
357 const struct reliable_entry *e = &rel->array[i];
358 if (e->active)
359 buf_printf (&out, " " packet_id_format, (packet_id_print_type)e->packet_id);
360 }
361 return BSTR (&out);
362 }
363
364 /* true if at least one free buffer available */
365 bool
366 reliable_can_get (const struct reliable *rel)
367 {
368 struct gc_arena gc = gc_new ();
369 int i;
370 for (i = 0; i < rel->size; ++i)
371 {
372 const struct reliable_entry *e = &rel->array[i];
373 if (!e->active)
374 return true;
375 }
376 dmsg (D_REL_LOW, "ACK no free receive buffer available: %s", reliable_print_ids (rel, &gc));
377 gc_free (&gc);
378 return false;
379 }
380
381 /* make sure that incoming packet ID isn't a replay */
382 bool
383 reliable_not_replay (const struct reliable *rel, packet_id_type id)
384 {
385 struct gc_arena gc = gc_new ();
386 int i;
387 if (reliable_pid_min (id, rel->packet_id))
388 goto bad;
389 for (i = 0; i < rel->size; ++i)
390 {
391 const struct reliable_entry *e = &rel->array[i];
392 if (e->active && e->packet_id == id)
393 goto bad;
394 }
395 gc_free (&gc);
396 return true;
397
398 bad:
399 dmsg (D_REL_DEBUG, "ACK " packet_id_format " is a replay: %s", (packet_id_print_type)id, reliable_print_ids (rel, &gc));
400 gc_free (&gc);
401 return false;
402 }
403
404 /* make sure that incoming packet ID won't deadlock the receive buffer */
405 bool
406 reliable_wont_break_sequentiality (const struct reliable *rel, packet_id_type id)
407 {
408 struct gc_arena gc = gc_new ();
409
410 const int ret = reliable_pid_in_range2 (id, rel->packet_id, rel->size);
411
412 if (!ret)
413 {
414 dmsg (D_REL_LOW, "ACK " packet_id_format " breaks sequentiality: %s",
415 (packet_id_print_type)id, reliable_print_ids (rel, &gc));
416 }
417
418 dmsg (D_REL_DEBUG, "ACK RWBS rel->size=%d rel->packet_id=%08x id=%08x ret=%d\n", rel->size, rel->packet_id, id, ret);
419
420 gc_free (&gc);
421 return ret;
422 }
423
424 /* grab a free buffer */
425 struct buffer *
426 reliable_get_buf (struct reliable *rel)
427 {
428 int i;
429 for (i = 0; i < rel->size; ++i)
430 {
431 struct reliable_entry *e = &rel->array[i];
432 if (!e->active)
433 {
434 ASSERT (buf_init (&e->buf, rel->offset));
435 return &e->buf;
436 }
437 }
438 return NULL;
439 }
440
441 /* grab a free buffer, fail if buffer clogged by unacknowledged low packet IDs */
442 struct buffer *
443 reliable_get_buf_output_sequenced (struct reliable *rel)
444 {
445 struct gc_arena gc = gc_new ();
446 int i;
447 packet_id_type min_id = 0;
448 bool min_id_defined = false;
449 struct buffer *ret = NULL;
450
451 /* find minimum active packet_id */
452 for (i = 0; i < rel->size; ++i)
453 {
454 const struct reliable_entry *e = &rel->array[i];
455 if (e->active)
456 {
457 if (!min_id_defined || reliable_pid_min (e->packet_id, min_id))
458 {
459 min_id_defined = true;
460 min_id = e->packet_id;
461 }
462 }
463 }
464
465 if (!min_id_defined || reliable_pid_in_range1 (rel->packet_id, min_id, rel->size))
466 {
467 ret = reliable_get_buf (rel);
468 }
469 else
470 {
471 dmsg (D_REL_LOW, "ACK output sequence broken: %s", reliable_print_ids (rel, &gc));
472 }
473 gc_free (&gc);
474 return ret;
475 }
476
477 /* get active buffer for next sequentially increasing key ID */
478 struct buffer *
479 reliable_get_buf_sequenced (struct reliable *rel)
480 {
481 int i;
482 for (i = 0; i < rel->size; ++i)
483 {
484 struct reliable_entry *e = &rel->array[i];
485 if (e->active && e->packet_id == rel->packet_id)
486 {
487 return &e->buf;
488 }
489 }
490 return NULL;
491 }
492
493 /* return true if reliable_send would return a non-NULL result */
494 bool
495 reliable_can_send (const struct reliable *rel)
496 {
497 struct gc_arena gc = gc_new ();
498 int i;
499 int n_active = 0, n_current = 0;
500 for (i = 0; i < rel->size; ++i)
501 {
502 const struct reliable_entry *e = &rel->array[i];
503 if (e->active)
504 {
505 ++n_active;
506 if (now >= e->next_try)
507 ++n_current;
508 }
509 }
510 dmsg (D_REL_DEBUG, "ACK reliable_can_send active=%d current=%d : %s",
511 n_active,
512 n_current,
513 reliable_print_ids (rel, &gc));
514
515 gc_free (&gc);
516 return n_current > 0 && !rel->hold;
517 }
518
519 /* return a unique point-in-time to trigger retry */
520 static time_t
521 reliable_unique_retry (struct reliable *rel, time_t retry)
522 {
523 int i;
524 while (true)
525 {
526 for (i = 0; i < rel->size; ++i)
527 {
528 struct reliable_entry *e = &rel->array[i];
529 if (e->active && e->next_try == retry)
530 goto again;
531 }
532 break;
533 again:
534 ++retry;
535 }
536 return retry;
537 }
538
539 /* return next buffer to send to remote */
540 struct buffer *
541 reliable_send (struct reliable *rel, int *opcode)
542 {
543 int i;
544 struct reliable_entry *best = NULL;
545 const time_t local_now = now;
546
547 for (i = 0; i < rel->size; ++i)
548 {
549 struct reliable_entry *e = &rel->array[i];
550 if (e->active && local_now >= e->next_try)
551 {
552 if (!best || reliable_pid_min (e->packet_id, best->packet_id))
553 best = e;
554 }
555 }
556 if (best)
557 {
558 #ifdef EXPONENTIAL_BACKOFF
559 /* exponential backoff */
560 best->next_try = reliable_unique_retry (rel, local_now + best->timeout);
561 best->timeout *= 2;
562 #else
563 /* constant timeout, no backoff */
564 best->next_try = local_now + best->timeout;
565 #endif
566 *opcode = best->opcode;
567 dmsg (D_REL_DEBUG, "ACK reliable_send ID " packet_id_format " (size=%d to=%d)",
568 (packet_id_print_type)best->packet_id, best->buf.len,
569 (int)(best->next_try - local_now));
570 return &best->buf;
571 }
572 return NULL;
573 }
574
575 /* schedule all pending packets for immediate retransmit */
576 void
577 reliable_schedule_now (struct reliable *rel)
578 {
579 int i;
580 dmsg (D_REL_DEBUG, "ACK reliable_schedule_now");
581 rel->hold = false;
582 for (i = 0; i < rel->size; ++i)
583 {
584 struct reliable_entry *e = &rel->array[i];
585 if (e->active)
586 {
587 e->next_try = now;
588 e->timeout = rel->initial_timeout;
589 }
590 }
591 }
592
593 /* in how many seconds should we wake up to check for timeout */
594 /* if we return BIG_TIMEOUT, nothing to wait for */
595 interval_t
596 reliable_send_timeout (const struct reliable *rel)
597 {
598 struct gc_arena gc = gc_new ();
599 interval_t ret = BIG_TIMEOUT;
600 int i;
601 const time_t local_now = now;
602
603 for (i = 0; i < rel->size; ++i)
604 {
605 const struct reliable_entry *e = &rel->array[i];
606 if (e->active)
607 {
608 if (e->next_try <= local_now)
609 {
610 ret = 0;
611 break;
612 }
613 else
614 {
615 ret = min_int (ret, e->next_try - local_now);
616 }
617 }
618 }
619
620 dmsg (D_REL_DEBUG, "ACK reliable_send_timeout %d %s",
621 (int) ret,
622 reliable_print_ids (rel, &gc));
623
624 gc_free (&gc);
625 return ret;
626 }
627
628 /*
629 * Enable an incoming buffer previously returned by a get function as active.
630 */
631
632 void
633 reliable_mark_active_incoming (struct reliable *rel, struct buffer *buf,
634 packet_id_type pid, int opcode)
635 {
636 int i;
637 for (i = 0; i < rel->size; ++i)
638 {
639 struct reliable_entry *e = &rel->array[i];
640 if (buf == &e->buf)
641 {
642 e->active = true;
643
644 /* packets may not arrive in sequential order */
645 e->packet_id = pid;
646
647 /* check for replay */
648 ASSERT (!reliable_pid_min (pid, rel->packet_id));
649
650 e->opcode = opcode;
651 e->next_try = 0;
652 e->timeout = 0;
653 dmsg (D_REL_DEBUG, "ACK mark active incoming ID " packet_id_format, (packet_id_print_type)e->packet_id);
654 return;
655 }
656 }
657 ASSERT (0); /* buf not found in rel */
658 }
659
660 /*
661 * Enable an outgoing buffer previously returned by a get function as active.
662 */
663
664 void
665 reliable_mark_active_outgoing (struct reliable *rel, struct buffer *buf, int opcode)
666 {
667 int i;
668 for (i = 0; i < rel->size; ++i)
669 {
670 struct reliable_entry *e = &rel->array[i];
671 if (buf == &e->buf)
672 {
673 /* Write mode, increment packet_id (i.e. sequence number)
674 linearly and prepend id to packet */
675 packet_id_type net_pid;
676 e->packet_id = rel->packet_id++;
677 net_pid = htonpid (e->packet_id);
678 ASSERT (buf_write_prepend (buf, &net_pid, sizeof (net_pid)));
679 e->active = true;
680 e->opcode = opcode;
681 e->next_try = 0;
682 e->timeout = rel->initial_timeout;
683 dmsg (D_REL_DEBUG, "ACK mark active outgoing ID " packet_id_format, (packet_id_print_type)e->packet_id);
684 return;
685 }
686 }
687 ASSERT (0); /* buf not found in rel */
688 }
689
690 /* delete a buffer previously activated by reliable_mark_active() */
691 void
692 reliable_mark_deleted (struct reliable *rel, struct buffer *buf, bool inc_pid)
693 {
694 int i;
695 for (i = 0; i < rel->size; ++i)
696 {
697 struct reliable_entry *e = &rel->array[i];
698 if (buf == &e->buf)
699 {
700 e->active = false;
701 if (inc_pid)
702 rel->packet_id = e->packet_id + 1;
703 return;
704 }
705 }
706 ASSERT (0);
707 }
708
709 #if 0
710
711 void
712 reliable_ack_debug_print (const struct reliable_ack *ack, char *desc)
713 {
714 int i;
715
716 printf ("********* struct reliable_ack %s\n", desc);
717 for (i = 0; i < ack->len; ++i)
718 {
719 printf (" %d: " packet_id_format "\n", i, (packet_id_print_type) ack->packet_id[i]);
720 }
721 }
722
723 void
724 reliable_debug_print (const struct reliable *rel, char *desc)
725 {
726 int i;
727 update_time ();
728
729 printf ("********* struct reliable %s\n", desc);
730 printf (" initial_timeout=%d\n", (int)rel->initial_timeout);
731 printf (" packet_id=" packet_id_format "\n", rel->packet_id);
732 printf (" now=" time_format "\n", now);
733 for (i = 0; i < rel->size; ++i)
734 {
735 const struct reliable_entry *e = &rel->array[i];
736 if (e->active)
737 {
738 printf (" %d: packet_id=" packet_id_format " len=%d", i, e->packet_id, e->buf.len);
739 printf (" next_try=" time_format, e->next_try);
740 printf ("\n");
741 }
742 }
743 }
744
745 #endif
746
747 #else
748 static void dummy(void) {}
749 #endif /* USE_CRYPTO && USE_SSL*/
Tomato firmware and modifications.