peervpn-0-042.tar.gz

config.ic

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2013 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *
@@ -39,6 +39,7 @@ struct s_initconfig {
 	int enablevirtserv;
 	int enableipv4;
 	int enableipv6;
+	int enablenat64clat;
 	int enableprivdrop;
 	int enableseccomp;
 	int forceseccomp;
@@ -288,6 +289,15 @@ static int parseConfigLine(char *line, int len, struct s_initconfig *cs) {
 			return 1;
 		}
 	}
+	else if(parseConfigLineCheckCommand(line,len,"enablenat64clat",&vpos)) {
+		if((a = parseConfigBoolean(&line[vpos])) < 0) {
+			return -1;
+		}
+		else {
+			cs->enablenat64clat = a;
+			return 1;
+		}
+	}
 	else if(parseConfigLineCheckCommand(line,len,"sockmark",&vpos)) {
 		if((a = parseConfigInt(&line[vpos])) < 0) {
 			return -1;

console.ic

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2014 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *

globals.ic

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2014 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *
@@ -19,7 +19,7 @@
 
 // version information
 #define PEERVPN_VERSION_MAJOR 0
-#define PEERVPN_VERSION_MINOR 41
+#define PEERVPN_VERSION_MINOR 42
 
 
 // compile time options & timing parameters

init.ic

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2013 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *
@@ -119,6 +119,7 @@ void init(struct s_initconfig *initconfig) {
 	// open udp sockets
 	printf("opening sockets...\n");
 	i = 0;
+	ioSetNat64Clat(&iostate, initconfig->enablenat64clat);
 	ioSetSockmark(&iostate, initconfig->sockmark);
 	if(initconfig->enableipv4) {
 		if(!((j = (ioOpenSocketV4(&iostate, initconfig->sourceip, initconfig->sourceport))) < 0)) {

libp2psec/console_test.c

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2014 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *
@@ -500,11 +500,27 @@ void consoleTestsuiteUnset(struct s_console_args *args) {
 
 
 void consoleTestsuiteIdspNext(struct s_console_args *args) {
+	char s[1024];
 	struct s_console *console = args->arg[0];
 	struct s_map *map = args->arg[1];
 	struct s_idsp *idsp = &map->idsp;
-	int n = idspNext(idsp);
+	int n;
+	n = idspNext(idsp);
+	snprintf(s, 1024, "%d", n);
+	consoleMsg(console, s);
+	consoleNL(console);
+}
+
+
+void consoleTestsuiteIdspNextN(struct s_console_args *args) {
 	char s[1024];
+	struct s_console *console = args->arg[0];
+	struct s_map *map = args->arg[1];
+	char *value = args->arg[2];
+	struct s_idsp *idsp = &map->idsp;
+	int n,m;
+	sscanf(value, "%d", &m);
+	n = idspNextN(idsp, m);
 	snprintf(s, 1024, "%d", n);
 	consoleMsg(console, s);
 	consoleNL(console);
@@ -911,6 +927,7 @@ int consoleTestsuite() {
 	consoleRegisterCommand(&console, "set", &consoleTestsuiteSet, consoleArgs4(&console, &testmap, NULL, NULL));
 	consoleRegisterCommand(&console, "unset", &consoleTestsuiteUnset, consoleArgs3(&console, &testmap, NULL));
 	consoleRegisterCommand(&console, "idspnext", &consoleTestsuiteIdspNext, consoleArgs2(&console, &testmap));
+	consoleRegisterCommand(&console, "idspnextn", &consoleTestsuiteIdspNextN, consoleArgs3(&console, &testmap, NULL));
 	consoleRegisterCommand(&console, "keygen", &consoleTestsuiteKeygen, consoleArgs1(&console));
 	consoleRegisterCommand(&console, "masskeygen", &consoleTestsuiteMassKeygen, consoleArgs2(&console, NULL));
 	consoleRegisterCommand(&console, "authtest", &consoleTestsuiteAuthtest, consoleArgs1(&console));

libp2psec/crypto.c

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2012 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *
@@ -36,8 +36,9 @@
 #define crypto_SHA256 1
 
 
-// maximum iv size
+// maximum iv & hmac size
 #define crypto_MAXIVSIZE EVP_MAX_IV_LENGTH
+#define crypto_MAXHMACSIZE EVP_MAX_MD_SIZE
 
 
 // cipher context storage
@@ -257,43 +258,44 @@ static int cryptoSetSessionKeys(struct s_crypto *session_ctx, struct s_crypto *c
 
 // encrypt buffer
 static int cryptoEnc(struct s_crypto *ctx, unsigned char *enc_buf, const int enc_len, const unsigned char *dec_buf, const int dec_len, const int hmac_len, const int iv_len) {
+	if(!((enc_len > 0) && (dec_len > 0) && (dec_len < enc_len) && (hmac_len > 0) && (hmac_len <= crypto_MAXHMACSIZE) && (iv_len > 0) && (iv_len <= crypto_MAXIVSIZE))) { return 0; }
+
 	unsigned char iv[crypto_MAXIVSIZE];
 	unsigned char hmac[hmac_len];
 	const int hdr_len = (hmac_len + iv_len);
 	int cr_len;
 	int len;
-	
+
 	if(enc_len < (hdr_len + crypto_MAXIVSIZE + dec_len)) { return 0; }
-	if(iv_len > crypto_MAXIVSIZE) { return 0; }
-
+
 	memset(iv, 0, crypto_MAXIVSIZE);
 	cryptoRand(iv, iv_len);
 	memcpy(&enc_buf[hmac_len], iv, iv_len);
-	
+
 	if(!EVP_EncryptInit_ex(&ctx->enc_ctx, NULL, NULL, NULL, iv)) { return 0; }
 	if(!EVP_EncryptUpdate(&ctx->enc_ctx, &enc_buf[(hdr_len)], &len, dec_buf, dec_len)) { return 0; }
 	cr_len = len;
 	if(!EVP_EncryptFinal(&ctx->enc_ctx, &enc_buf[(hdr_len + cr_len)], &len)) { return 0; }
 	cr_len += len;
-	
+
 	if(!cryptoHMAC(ctx, hmac, hmac_len, &enc_buf[hmac_len], (iv_len + cr_len))) { return 0; }
 	memcpy(enc_buf, hmac, hmac_len);
-	
+
 	return (hdr_len + cr_len);
 }
 
 
 // decrypt buffer
 static int cryptoDec(struct s_crypto *ctx, unsigned char *dec_buf, const int dec_len, const unsigned char *enc_buf, const int enc_len, const int hmac_len, const int iv_len) {
+	if(!((enc_len > 0) && (dec_len > 0) && (enc_len < dec_len) && (hmac_len > 0) && (hmac_len <= crypto_MAXHMACSIZE) && (iv_len > 0) && (iv_len <= crypto_MAXIVSIZE))) { return 0; }
+
 	unsigned char iv[crypto_MAXIVSIZE];
 	unsigned char hmac[hmac_len];
 	const int hdr_len = (hmac_len + iv_len);
 	int cr_len;
 	int len;
 
-	if(iv_len > crypto_MAXIVSIZE) { return 0; }
 	if(enc_len < hdr_len) { return 0; }
-	if(dec_len < enc_len) { return 0; }
 
 	if(!cryptoHMAC(ctx, hmac, hmac_len, &enc_buf[hmac_len], (enc_len - hmac_len))) { return 0; }
 	if(memcmp(hmac, enc_buf, hmac_len) != 0) { return 0; }

libp2psec/idsp.c

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2014 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *
@@ -101,20 +101,61 @@ static int idspCreate(struct s_idsp *idsp, const int size) {
 }
 
 
+static int idspNextN(struct s_idsp *idsp, const int start) {
+	int nextid;
+	int iter;
+	int used;
+	int pos;
+	used = idsp->used;
+	if(used > 0) {
+		if(!(start < 0) && (start < idsp->count)) {
+			pos = start;
+		}
+		else {
+			pos = 0;
+		}
+		iter = idsp->idfwd[pos];
+		if(iter < 0) {
+			iter = 0;
+		}
+		nextid = idsp->idlist[((iter + 1) % used)];
+		return nextid;
+	}
+	return -1;
+}
+
+
+static int idspNext(struct s_idsp *idsp) {
+	int iter;
+	int used;
+	iter = idsp->iter;
+	used = idsp->used;
+	if(used > 0) {
+		if(!(iter < used)) { iter = 0; }
+		idsp->iter = (iter + 1);
+		return idsp->idlist[iter];
+	}
+	return -1;
+}
+
+
+
+/*
 static int idspNext(struct s_idsp *idsp) {
 	int iter;
 	int used;
 	iter = idsp->iter;
 	used = idsp->used;
 	if(used > 0) {
-		if(!(iter < used)) iter = 0;
+		if(!(iter < used)) { iter = 0; }
 		idsp->iter = (iter + 1);
 		return idsp->idlist[iter];
 	}
 	else {
 		return -1;
 	}
 }
+*/
 
 
 static int idspNew(struct s_idsp *idsp) {

libp2psec/map.c

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2014 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *
@@ -187,6 +187,12 @@ static int mapGetNextKeyID(struct s_map *map) {
 }
 
 
+// Return the next ID of a valid key, starting from specified ID.
+static int mapGetNextKeyIDN(struct s_map *map, const int start) {
+	return idspNextN(&map->idsp, start);
+}
+
+
 // Get the ID of a key that starts with the specified prefix. Returns the ID or -1 if no key is found.
 static int mapGetPrefixID(struct s_map *map, const void *prefix, const int prefixlen) {
 	if(mapSplayPrefix(map, prefix, prefixlen)) {

libp2psec/packet.c

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2012 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *
@@ -98,7 +98,7 @@ static int packetEncode(unsigned char *pbuf, const int pbuf_size, const struct s
 	int len;
 
 	// check if enough space is available for the operation
-	if(data->pl_length > data->pl_buf_size) return 0;
+	if(data->pl_length > data->pl_buf_size) { return 0; }
 
 	// prepare buffer
 	utilWriteInt64(&dec_buf[packet_CRHDR_SEQ_START], data->seq);
@@ -109,7 +109,7 @@ static int packetEncode(unsigned char *pbuf, const int pbuf_size, const struct s
 
 	// encrypt buffer
 	len = cryptoEnc(ctx, &pbuf[packet_PEERID_SIZE], (pbuf_size - packet_PEERID_SIZE), dec_buf, (packet_CRHDR_SIZE + data->pl_length), packet_HMAC_SIZE, packet_IV_SIZE);
-	if(len < (packet_HMAC_SIZE + packet_IV_SIZE + packet_CRHDR_SIZE)) return 0;
+	if(len < (packet_HMAC_SIZE + packet_IV_SIZE + packet_CRHDR_SIZE)) { return 0; }
 
 	// write the scrambled peer ID
 	utilWriteInt32((unsigned char *)&ne_peerid, data->peerid);
@@ -126,6 +126,7 @@ static int packetDecode(struct s_packet_data *data, const unsigned char *pbuf, c
 	int len;
 
 	// decrypt packet
+	if(pbuf_size < (packet_PEERID_SIZE + packet_HMAC_SIZE + packet_IV_SIZE)) { return 0; }
 	len = cryptoDec(ctx, dec_buf, pbuf_size, &pbuf[packet_PEERID_SIZE], (pbuf_size - packet_PEERID_SIZE), packet_HMAC_SIZE, packet_IV_SIZE);
 	if(len < packet_CRHDR_SIZE) { return 0; };
 

libp2psec/peermgt.c

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2014 by Tobias Volk                                     *
+ *   Copyright (C) 2015 by Tobias Volk                                     *
  *   [email protected]                                                    *
  *                                                                         *
  *   This program is free software: you can redistribute it and/or modify  *
@@ -101,6 +101,7 @@ struct s_peermgt_data {
 	int lastrecv;
 	int lastsend;
 	int lastpeerinfo;
+	int lastpeerinfosendpeerid;
 	struct s_peeraddr remoteaddr;
 	int remoteflags;
 	int remoteid;
@@ -231,6 +232,12 @@ static int peermgtGetNextID(struct s_peermgt *mgt) {
 }
 
 
+// Return the next valid PeerID, starting from specified ID.
+static int peermgtGetNextIDN(struct s_peermgt *mgt, const int start) {
+	return mapGetNextKeyIDN(&mgt->map, start);
+}
+
+
 // Get PeerID of NodeID. Returns -1 if it is not found.
 static int peermgtGetID(struct s_peermgt *mgt, const struct s_nodeid *nodeid) {
 	return mapGetKeyID(&mgt->map, nodeid->id);
@@ -296,6 +303,7 @@ static int peermgtNew(struct s_peermgt *mgt, const struct s_nodeid *nodeid, cons
 		mgt->data[peerid].lastrecv = tnow;
 		mgt->data[peerid].lastsend = tnow;
 		mgt->data[peerid].lastpeerinfo = tnow;
+		mgt->data[peerid].lastpeerinfosendpeerid = peermgtGetNextID(mgt);
 		seqInit(&mgt->data[peerid].seq, cryptoRand64());
 		mgt->data[peerid].remoteflags = 0;
 		return peerid;
@@ -402,7 +410,7 @@ static int peermgtGetRemoteFlag(struct s_peermgt *mgt, const int peerid, const i
 
 
 // Generate peerinfo packet.
-static void peermgtGenPacketPeerinfo(struct s_packet_data *data, struct s_peermgt *mgt) {
+static void peermgtGenPacketPeerinfo(struct s_packet_data *data, struct s_peermgt *mgt, const int peerid) {
 	const int peerinfo_size = (packet_PEERID_SIZE + nodeid_SIZE + peeraddr_SIZE);
 	int peerinfo_max = mapGetKeyCount(&mgt->map);
 	int peerinfo_count;
@@ -419,7 +427,8 @@ static void peermgtGenPacketPeerinfo(struct s_packet_data *data, struct s_peermg
 	// generate peerinfo entries
 	peerinfo_count = 0;
 	while((i < peerinfo_max) && (peerinfo_count < peerinfo_limit) && (pos + peerinfo_size < data->pl_buf_size)) {
-		infoid = peermgtGetNextID(mgt);
+		infoid = peermgtGetNextIDN(mgt, mgt->data[peerid].lastpeerinfosendpeerid);
+		mgt->data[peerid].lastpeerinfosendpeerid = infoid;
 		if((infoid > 0) && (mgt->data[infoid].state == peermgt_STATE_COMPLETE) && (!peeraddrIsInternal(&mgt->data[infoid].remoteaddr))) {
 			utilWriteInt32(infocid, infoid);
 			memcpy(&data->pl_buf[pos], infocid, packet_PEERID_SIZE);
@@ -611,7 +620,7 @@ static int peermgtGetNextPacketGen(struct s_peermgt *mgt, unsigned char *pbuf, c
 						data.pl_buf_size = plbuf_size;
 						data.peerid = mgt->data[peerid].remoteid;
 						data.seq = ++mgt->data[peerid].remoteseq;
-						peermgtGenPacketPeerinfo(&data, mgt);
+						peermgtGenPacketPeerinfo(&data, mgt, peerid);
 						len = packetEncode(pbuf, pbuf_size, &data, &mgt->ctx[peerid]);
 						if(len > 0) {
 							mgt->data[peerid].lastsend = tnow;