diff options
Diffstat (limited to 'src')
31 files changed, 588 insertions, 584 deletions
diff --git a/src/config.c b/src/config.c index c38dc4c..fbddd7f 100644 --- a/src/config.c +++ b/src/config.c @@ -43,55 +43,58 @@ #include <sys/types.h> +fastd_config_t conf = {}; + + extern const fastd_protocol_t fastd_protocol_ec25519_fhmqvc; -static void default_config(fastd_config_t *conf) { - memset(conf, 0, sizeof(fastd_config_t)); +static void default_config(void) { + memset(&conf, 0, sizeof(fastd_config_t)); - conf->log_syslog_ident = strdup("fastd"); + conf.log_syslog_ident = strdup("fastd"); - conf->maintenance_interval = 10; - conf->keepalive_timeout = 15; - conf->peer_stale_time = 90; - conf->eth_addr_stale_time = 300; + conf.maintenance_interval = 10; + conf.keepalive_timeout = 15; + conf.peer_stale_time = 90; + conf.eth_addr_stale_time = 300; - conf->reorder_time = 10; + conf.reorder_time = 10; - conf->min_handshake_interval = 15; - conf->min_resolve_interval = 15; + conf.min_handshake_interval = 15; + conf.min_resolve_interval = 15; - conf->mtu = 1500; - conf->mode = MODE_TAP; + conf.mtu = 1500; + conf.mode = MODE_TAP; - conf->secure_handshakes = true; - conf->drop_caps = DROP_CAPS_ON; + conf.secure_handshakes = true; + conf.drop_caps = DROP_CAPS_ON; - conf->protocol = &fastd_protocol_ec25519_fhmqvc; - conf->key_valid = 3600; /* 60 minutes */ - conf->key_valid_old = 60; /* 1 minute */ - conf->key_refresh = 3300; /* 55 minutes */ - conf->key_refresh_splay = 300; /* 5 minutes */ + conf.protocol = &fastd_protocol_ec25519_fhmqvc; + conf.key_valid = 3600; /* 60 minutes */ + conf.key_valid_old = 60; /* 1 minute */ + conf.key_refresh = 3300; /* 55 minutes */ + conf.key_refresh_splay = 300; /* 5 minutes */ - conf->peer_group = calloc(1, sizeof(fastd_peer_group_config_t)); - conf->peer_group->name = strdup("default"); - conf->peer_group->max_connections = -1; + conf.peer_group = calloc(1, sizeof(fastd_peer_group_config_t)); + conf.peer_group->name = strdup("default"); + conf.peer_group->max_connections = -1; - conf->ciphers = fastd_cipher_config_alloc(); - conf->macs = fastd_mac_config_alloc(); + conf.ciphers = fastd_cipher_config_alloc(); + conf.macs = fastd_mac_config_alloc(); } -void fastd_config_protocol(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *name) { +void fastd_config_protocol(fastd_context_t *ctx UNUSED, const char *name) { if (!strcmp(name, "ec25519-fhmqvc")) - conf->protocol = &fastd_protocol_ec25519_fhmqvc; + conf.protocol = &fastd_protocol_ec25519_fhmqvc; else exit_error(ctx, "config error: protocol `%s' not supported", name); } -void fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char *name) { +void fastd_config_method(fastd_context_t *ctx, const char *name) { fastd_string_stack_t **method; - for (method = &conf->method_list; *method; method = &(*method)->next) { + for (method = &conf.method_list; *method; method = &(*method)->next) { if (!strcmp((*method)->str, name)) { pr_debug(ctx, "duplicate method name `%s', ignoring", name); return; @@ -101,17 +104,17 @@ void fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char *method = fastd_string_stack_dup(name); } -void fastd_config_cipher(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl) { - if (!fastd_cipher_config(conf->ciphers, name, impl)) +void fastd_config_cipher(fastd_context_t *ctx, const char *name, const char *impl) { + if (!fastd_cipher_config(conf.ciphers, name, impl)) exit_error(ctx, "config error: implementation `%s' is not supported for cipher `%s' (or cipher `%s' is not supported)", impl, name, name); } -void fastd_config_mac(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl) { - if (!fastd_mac_config(conf->macs, name, impl)) +void fastd_config_mac(fastd_context_t *ctx, const char *name, const char *impl) { + if (!fastd_mac_config(conf.macs, name, impl)) exit_error(ctx, "config error: implementation `%s' is not supported for MAC `%s' (or MAC `%s' is not supported)", impl, name, name); } -void fastd_config_bind_address(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6) { +void fastd_config_bind_address(fastd_context_t *ctx UNUSED, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6) { #ifndef USE_BINDTODEVICE if (bindtodev && !fastd_peer_address_is_v6_ll(address)) exit_error(ctx, "config error: device bind configuration not supported on this system"); @@ -122,44 +125,44 @@ void fastd_config_bind_address(fastd_context_t *ctx UNUSED, fastd_config_t *conf fastd_peer_address_t addr4 = { .in = { .sin_family = AF_INET, .sin_port = address->in.sin_port } }; fastd_peer_address_t addr6 = { .in6 = { .sin6_family = AF_INET6, .sin6_port = address->in.sin_port } }; - fastd_config_bind_address(ctx, conf, &addr4, bindtodev, default_v4, default_v6); - fastd_config_bind_address(ctx, conf, &addr6, bindtodev, default_v4, default_v6); + fastd_config_bind_address(ctx, &addr4, bindtodev, default_v4, default_v6); + fastd_config_bind_address(ctx, &addr6, bindtodev, default_v4, default_v6); return; } #endif fastd_bind_address_t *addr = malloc(sizeof(fastd_bind_address_t)); - addr->next = conf->bind_addrs; - conf->bind_addrs = addr; - conf->n_bind_addrs++; + addr->next = conf.bind_addrs; + conf.bind_addrs = addr; + conf.n_bind_addrs++; addr->addr = *address; addr->bindtodev = bindtodev ? strdup(bindtodev) : NULL; fastd_peer_address_simplify(&addr->addr); - if (addr->addr.sa.sa_family != AF_INET6 && (default_v4 || !conf->bind_addr_default_v4)) - conf->bind_addr_default_v4 = addr; + if (addr->addr.sa.sa_family != AF_INET6 && (default_v4 || !conf.bind_addr_default_v4)) + conf.bind_addr_default_v4 = addr; - if (addr->addr.sa.sa_family != AF_INET && (default_v6 || !conf->bind_addr_default_v6)) - conf->bind_addr_default_v6 = addr; + if (addr->addr.sa.sa_family != AF_INET && (default_v6 || !conf.bind_addr_default_v6)) + conf.bind_addr_default_v6 = addr; } -void fastd_config_peer_group_push(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *name) { +void fastd_config_peer_group_push(fastd_context_t *ctx UNUSED, const char *name) { fastd_peer_group_config_t *group = calloc(1, sizeof(fastd_peer_group_config_t)); group->name = strdup(name); group->max_connections = -1; - group->parent = conf->peer_group; + group->parent = conf.peer_group; group->next = group->parent->children; group->parent->children = group; - conf->peer_group = group; + conf.peer_group = group; } -void fastd_config_peer_group_pop(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - conf->peer_group = conf->peer_group->parent; +void fastd_config_peer_group_pop(fastd_context_t *ctx UNUSED) { + conf.peer_group = conf.peer_group->parent; } static void free_peer_group(fastd_peer_group_config_t *group) { @@ -187,7 +190,7 @@ static bool has_peer_group_peer_dirs(const fastd_peer_group_config_t *group) { return false; } -void fastd_config_add_log_file(fastd_context_t *ctx, fastd_config_t *conf, const char *name, fastd_loglevel_t level) { +void fastd_config_add_log_file(fastd_context_t *ctx, const char *name, fastd_loglevel_t level) { char *name2 = strdup(name); char *name3 = strdup(name); @@ -208,8 +211,8 @@ void fastd_config_add_log_file(fastd_context_t *ctx, fastd_config_t *conf, const file->level = level; - file->next = conf->log_files; - conf->log_files = file; + file->next = conf.log_files; + conf.log_files = file; if(chdir(oldcwd)) pr_error(ctx, "can't chdir to `%s': %s", oldcwd, strerror(errno)); @@ -225,7 +228,7 @@ void fastd_config_add_log_file(fastd_context_t *ctx, fastd_config_t *conf, const free(name3); } -static void read_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *dir) { +static void read_peer_dir(fastd_context_t *ctx, const char *dir) { DIR *dirh = opendir("."); if (dirh) { @@ -257,13 +260,13 @@ static void read_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char continue; } - fastd_peer_config_new(ctx, conf); - conf->peers->name = strdup(result->d_name); - conf->peers->config_source_dir = dir; + fastd_peer_config_new(ctx); + conf.peers->name = strdup(result->d_name); + conf.peers->config_source_dir = dir; - if (!fastd_read_config(ctx, conf, result->d_name, true, 0)) { + if (!fastd_read_config(ctx, result->d_name, true, 0)) { pr_warn(ctx, "peer config `%s' will be ignored", result->d_name); - fastd_peer_config_delete(ctx, conf); + fastd_peer_config_delete(ctx); } } @@ -276,13 +279,13 @@ static void read_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char } } -static void read_peer_dirs(fastd_context_t *ctx, fastd_config_t *conf) { +static void read_peer_dirs(fastd_context_t *ctx) { char *oldcwd = get_current_dir_name(); fastd_string_stack_t *dir; - for (dir = conf->peer_group->peer_dirs; dir; dir = dir->next) { + for (dir = conf.peer_group->peer_dirs; dir; dir = dir->next) { if (!chdir(dir->str)) - read_peer_dir(ctx, conf, dir->str); + read_peer_dir(ctx, dir->str); else pr_error(ctx, "change from directory `%s' to `%s' failed: %s", oldcwd, dir->str, strerror(errno)); } @@ -293,12 +296,12 @@ static void read_peer_dirs(fastd_context_t *ctx, fastd_config_t *conf) { free(oldcwd); } -void fastd_add_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *dir) { +void fastd_add_peer_dir(fastd_context_t *ctx, const char *dir) { char *oldcwd = get_current_dir_name(); if (!chdir(dir)) { char *newdir = get_current_dir_name(); - conf->peer_group->peer_dirs = fastd_string_stack_push(conf->peer_group->peer_dirs, newdir); + conf.peer_group->peer_dirs = fastd_string_stack_push(conf.peer_group->peer_dirs, newdir); free(newdir); if(chdir(oldcwd)) @@ -311,7 +314,7 @@ void fastd_add_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char * free(oldcwd); } -bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *filename, bool peer_config, int depth) { +bool fastd_read_config(fastd_context_t *ctx, const char *filename, bool peer_config, int depth) { if (depth >= MAX_CONFIG_DEPTH) exit_error(ctx, "maximum config include depth exceeded"); @@ -358,9 +361,9 @@ bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *f if (peer_config) token = START_PEER_CONFIG; else - token = conf->peer_group->parent ? START_PEER_GROUP_CONFIG : START_CONFIG; + token = conf.peer_group->parent ? START_PEER_GROUP_CONFIG : START_CONFIG; - int parse_ret = fastd_config_push_parse(ps, token, &token_val, &loc, ctx, conf, filename, depth+1); + int parse_ret = fastd_config_push_parse(ps, token, &token_val, &loc, ctx, filename, depth+1); while(parse_ret == YYPUSH_MORE) { token = fastd_lex(&token_val, &loc, lex); @@ -376,7 +379,7 @@ bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *f strings = token_val.str; } - parse_ret = fastd_config_push_parse(ps, token, &token_val, &loc, ctx, conf, filename, depth+1); + parse_ret = fastd_config_push_parse(ps, token, &token_val, &loc, ctx, filename, depth+1); } if (parse_ret) @@ -400,13 +403,13 @@ bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *f return ret; } -static void assess_peers(fastd_context_t *ctx, fastd_config_t *conf) { - conf->has_floating = false; +static void assess_peers(fastd_context_t *ctx) { + conf.has_floating = false; fastd_peer_config_t *peer; - for (peer = conf->peers; peer; peer = peer->next) { + for (peer = conf.peers; peer; peer = peer->next) { if (fastd_peer_config_is_floating(peer)) - conf->has_floating = true; + conf.has_floating = true; if (peer->dynamic_float_deprecated) pr_warn(ctx, "peer `%s' uses deprecated float syntax, please update your configuration", peer->name); @@ -414,18 +417,18 @@ static void assess_peers(fastd_context_t *ctx, fastd_config_t *conf) { } -static void configure_user(fastd_context_t *ctx, fastd_config_t *conf) { - conf->uid = getuid(); - conf->gid = getgid(); +static void configure_user(fastd_context_t *ctx) { + conf.uid = getuid(); + conf.gid = getgid(); - if (conf->user) { + if (conf.user) { struct passwd pwd, *pwdr; size_t bufspace = 1024; int error; do { char buf[bufspace]; - error = getpwnam_r(conf->user, &pwd, buf, bufspace, &pwdr); + error = getpwnam_r(conf.user, &pwd, buf, bufspace, &pwdr); bufspace *= 2; } while(error == ERANGE); @@ -433,20 +436,20 @@ static void configure_user(fastd_context_t *ctx, fastd_config_t *conf) { exit_errno(ctx, "getpwnam_r"); if (!pwdr) - exit_error(ctx, "config error: unable to find user `%s'.", conf->user); + exit_error(ctx, "config error: unable to find user `%s'.", conf.user); - conf->uid = pwdr->pw_uid; - conf->gid = pwdr->pw_gid; + conf.uid = pwdr->pw_uid; + conf.gid = pwdr->pw_gid; } - if (conf->group) { + if (conf.group) { struct group grp, *grpr; size_t bufspace = 1024; int error; do { char buf[bufspace]; - error = getgrnam_r(conf->group, &grp, buf, bufspace, &grpr); + error = getgrnam_r(conf.group, &grp, buf, bufspace, &grpr); bufspace *= 2; } while(error == ERANGE); @@ -454,146 +457,146 @@ static void configure_user(fastd_context_t *ctx, fastd_config_t *conf) { exit_errno(ctx, "getgrnam_r"); if (!grpr) - exit_error(ctx, "config error: unable to find group `%s'.", conf->group); + exit_error(ctx, "config error: unable to find group `%s'.", conf.group); - conf->gid = grpr->gr_gid; + conf.gid = grpr->gr_gid; } - if (conf->user) { + if (conf.user) { int ngroups = 0; - if (getgrouplist(conf->user, conf->gid, NULL, &ngroups) < 0) { + if (getgrouplist(conf.user, conf.gid, NULL, &ngroups) < 0) { /* the user has supplementary groups */ - conf->groups = calloc(ngroups, sizeof(gid_t)); - if (getgrouplist(conf->user, conf->gid, conf->groups, &ngroups) < 0) + conf.groups = calloc(ngroups, sizeof(gid_t)); + if (getgrouplist(conf.user, conf.gid, conf.groups, &ngroups) < 0) exit_errno(ctx, "getgrouplist"); - conf->n_groups = ngroups; + conf.n_groups = ngroups; } } } -static void configure_method_parameters(fastd_config_t *conf) { - conf->max_overhead = 0; - conf->min_encrypt_head_space = 0; - conf->min_decrypt_head_space = 0; - conf->min_encrypt_tail_space = 0; - conf->min_decrypt_tail_space = 0; +static void configure_method_parameters(void) { + conf.max_overhead = 0; + conf.min_encrypt_head_space = 0; + conf.min_decrypt_head_space = 0; + conf.min_encrypt_tail_space = 0; + conf.min_decrypt_tail_space = 0; size_t i; - for (i = 0; conf->methods[i].name; i++) { - const fastd_method_provider_t *provider = conf->methods[i].provider; - - conf->max_overhead = max_size_t(conf->max_overhead, provider->max_overhead); - conf->min_encrypt_head_space = max_size_t(conf->min_encrypt_head_space, provider->min_encrypt_head_space); - conf->min_decrypt_head_space = max_size_t(conf->min_decrypt_head_space, provider->min_decrypt_head_space); - conf->min_encrypt_tail_space = max_size_t(conf->min_encrypt_tail_space, provider->min_encrypt_tail_space); - conf->min_decrypt_tail_space = max_size_t(conf->min_decrypt_tail_space, provider->min_decrypt_tail_space); + for (i = 0; conf.methods[i].name; i++) { + const fastd_method_provider_t *provider = conf.methods[i].provider; + + conf.max_overhead = max_size_t(conf.max_overhead, provider->max_overhead); + conf.min_encrypt_head_space = max_size_t(conf.min_encrypt_head_space, provider->min_encrypt_head_space); + conf.min_decrypt_head_space = max_size_t(conf.min_decrypt_head_space, provider->min_decrypt_head_space); + conf.min_encrypt_tail_space = max_size_t(conf.min_encrypt_tail_space, provider->min_encrypt_tail_space); + conf.min_decrypt_tail_space = max_size_t(conf.min_decrypt_tail_space, provider->min_decrypt_tail_space); } - conf->min_encrypt_head_space = alignto(conf->min_encrypt_head_space, 16); + conf.min_encrypt_head_space = alignto(conf.min_encrypt_head_space, 16); /* ugly hack to get alignment right for aes128-gcm, which needs data aligned to 16 and has a 24 byte header */ - conf->min_decrypt_head_space = alignto(conf->min_decrypt_head_space, 16) + 8; + conf.min_decrypt_head_space = alignto(conf.min_decrypt_head_space, 16) + 8; } -static void configure_methods(fastd_context_t *ctx, fastd_config_t *conf) { +static void configure_methods(fastd_context_t *ctx) { size_t n_methods = 0, i; fastd_string_stack_t *method_name; - for (method_name = conf->method_list; method_name; method_name = method_name->next) + for (method_name = conf.method_list; method_name; method_name = method_name->next) n_methods++; - conf->methods = calloc(n_methods+1, sizeof(fastd_method_info_t)); + conf.methods = calloc(n_methods+1, sizeof(fastd_method_info_t)); - for (i = 0, method_name = conf->method_list; method_name; i++, method_name = method_name->next) { - conf->methods[i].name = method_name->str; - if (!fastd_method_create_by_name(method_name->str, &conf->methods[i].provider, &conf->methods[i].method)) + for (i = 0, method_name = conf.method_list; method_name; i++, method_name = method_name->next) { + conf.methods[i].name = method_name->str; + if (!fastd_method_create_by_name(method_name->str, &conf.methods[i].provider, &conf.methods[i].method)) exit_error(ctx, "config error: method `%s' not supported", method_name->str); } - configure_method_parameters(conf); + configure_method_parameters(); } -static void destroy_methods(fastd_config_t *conf) { +static void destroy_methods(void) { size_t i; - for (i = 0; conf->methods[i].name; i++) { - conf->methods[i].provider->destroy(conf->methods[i].method); + for (i = 0; conf.methods[i].name; i++) { + conf.methods[i].provider->destroy(conf.methods[i].method); } - free(conf->methods); + free(conf.methods); } -void fastd_configure(fastd_context_t *ctx, fastd_config_t *conf, int argc, char *const argv[]) { - default_config(conf); +void fastd_configure(fastd_context_t *ctx, int argc, char *const argv[]) { + default_config(); - fastd_config_handle_options(ctx, conf, argc, argv); + fastd_config_handle_options(ctx, argc, argv); - if (!conf->log_stderr_level && !conf->log_syslog_level && !conf->log_files) - conf->log_stderr_level = FASTD_DEFAULT_LOG_LEVEL; + if (!conf.log_stderr_level && !conf.log_syslog_level && !conf.log_files) + conf.log_stderr_level = FASTD_DEFAULT_LOG_LEVEL; } -static void config_check_base(fastd_context_t *ctx, fastd_config_t *conf) { - if (conf->ifname) { - if (strchr(conf->ifname, '/')) +static void config_check_base(fastd_context_t *ctx) { + if (conf.ifname) { + if (strchr(conf.ifname, '/')) exit_error(ctx, "config error: invalid interface name"); } - if (conf->mode == MODE_TUN) { - if (conf->peers->next) + if (conf.mode == MODE_TUN) { + if (conf.peers->next) exit_error(ctx, "config error: in TUN mode exactly one peer must be configured"); - if (conf->peer_group->children) + if (conf.peer_group->children) exit_error(ctx, "config error: in TUN mode peer groups can't be used"); - if (has_peer_group_peer_dirs(conf->peer_group)) + if (has_peer_group_peer_dirs(conf.peer_group)) exit_error(ctx, "config error: in TUN mode peer directories can't be used"); } #ifndef USE_PMTU - if (conf->pmtu.set) + if (conf.pmtu.set) exit_error(ctx, "config error: setting pmtu is not supported on this system"); #endif #ifndef USE_PACKET_MARK - if (conf->packet_mark) + if (conf.packet_mark) exit_error(ctx, "config error: setting a packet mark is not supported on this system"); #endif } -void fastd_config_check(fastd_context_t *ctx, fastd_config_t *conf) { - config_check_base(ctx, conf); +void fastd_config_check(fastd_context_t *ctx) { + config_check_base(ctx); - if (conf->mode == MODE_TUN) { - if (!conf->peers) + if (conf.mode == MODE_TUN) { + if (!conf.peers) exit_error(ctx, "config error: in TUN mode exactly one peer must be configured"); } - if (!conf->peers && !has_peer_group_peer_dirs(conf->peer_group)) + if (!conf.peers && !has_peer_group_peer_dirs(conf.peer_group)) exit_error(ctx, "config error: neither fixed peers nor peer dirs have been configured"); - if (!conf->method_list) { + if (!conf.method_list) { pr_warn(ctx, "no encryption method configured, falling back to method `null' (unencrypted)"); - fastd_config_method(ctx, conf, "null"); + fastd_config_method(ctx, "null"); } - configure_user(ctx, conf); - configure_methods(ctx, conf); + configure_user(ctx); + configure_methods(ctx); } -void fastd_config_verify(fastd_context_t *ctx, fastd_config_t *conf) { - config_check_base(ctx, conf); - configure_methods(ctx, conf); +void fastd_config_verify(fastd_context_t *ctx) { + config_check_base(ctx); + configure_methods(ctx); fastd_peer_config_t *peer; - for (peer = conf->peers; peer; peer = peer->next) - conf->protocol->peer_verify(ctx, peer); + for (peer = conf.peers; peer; peer = peer->next) + conf.protocol->peer_verify(ctx, peer); } -static void peer_dirs_read_peer_group(fastd_context_t *ctx, fastd_config_t *new_conf) { - read_peer_dirs(ctx, new_conf); +static void peer_dirs_read_peer_group(fastd_context_t *ctx) { + read_peer_dirs(ctx); fastd_peer_group_config_t *group; - for (group = new_conf->peer_group->children; group; group = group->next) { - new_conf->peer_group = group; - peer_dirs_read_peer_group(ctx, new_conf); + for (group = conf.peer_group->children; group; group = group->next) { + conf.peer_group = group; + peer_dirs_read_peer_group(ctx); } } @@ -653,58 +656,61 @@ static void peer_dirs_handle_new_peers(fastd_context_t *ctx UNUSED, fastd_peer_c } } -void fastd_config_load_peer_dirs(fastd_context_t *ctx, fastd_config_t *conf) { - fastd_config_t temp_conf; - temp_conf.peer_group = conf->peer_group; - temp_conf.peers = NULL; +void fastd_config_load_peer_dirs(fastd_context_t *ctx) { + fastd_peer_config_t *old_peers = conf.peers; + conf.peers = NULL; + + peer_dirs_read_peer_group(ctx); + + fastd_peer_config_t *new_peers = conf.peers; + conf.peers = old_peers; - peer_dirs_read_peer_group(ctx, &temp_conf); - peer_dirs_handle_old_peers(ctx, &conf->peers, &temp_conf.peers); - peer_dirs_handle_new_peers(ctx, &conf->peers, temp_conf.peers); + peer_dirs_handle_old_peers(ctx, &conf.peers, &new_peers); + peer_dirs_handle_new_peers(ctx, &conf.peers, new_peers); - assess_peers(ctx, conf); + assess_peers(ctx); } -void fastd_config_release(fastd_context_t *ctx, fastd_config_t *conf) { - while (conf->peers) - fastd_peer_config_delete(ctx, conf); +void fastd_config_release(fastd_context_t *ctx) { + while (conf.peers) + fastd_peer_config_delete(ctx); - while (conf->log_files) { - fastd_log_file_t *next = conf->log_files->next; - free(conf->log_files->filename); - free(conf->log_files); - conf->log_files = next; + while (conf.log_files) { + fastd_log_file_t *next = conf.log_files->next; + free(conf.log_files->filename); + free(conf.log_files); + conf.log_files = next; } - while (conf->bind_addrs) { - fastd_bind_address_t *next = conf->bind_addrs->next; - free(conf->bind_addrs->bindtodev); - free(conf->bind_addrs); - conf->bind_addrs = next; + while (conf.bind_addrs) { + fastd_bind_address_t *next = conf.bind_addrs->next; + free(conf.bind_addrs->bindtodev); + free(conf.bind_addrs); + conf.bind_addrs = next; } - free_peer_group(conf->peer_group); - - destroy_methods(conf); - fastd_string_stack_free(conf->method_list); - - fastd_mac_config_free(conf->macs); - fastd_cipher_config_free(conf->ciphers); - - fastd_shell_command_unset(&conf->on_pre_up); - fastd_shell_command_unset(&conf->on_up); - fastd_shell_command_unset(&conf->on_down); - fastd_shell_command_unset(&conf->on_post_down); - fastd_shell_command_unset(&conf->on_connect); - fastd_shell_command_unset(&conf->on_establish); - fastd_shell_command_unset(&conf->on_disestablish); - fastd_shell_command_unset(&conf->on_verify); - - free(conf->user); - free(conf->group); - free(conf->groups); - free(conf->ifname); - free(conf->secret); - free(conf->protocol_config); - free(conf->log_syslog_ident); + free_peer_group(conf.peer_group); + + destroy_methods(); + fastd_string_stack_free(conf.method_list); + + fastd_mac_config_free(conf.macs); + fastd_cipher_config_free(conf.ciphers); + + fastd_shell_command_unset(&conf.on_pre_up); + fastd_shell_command_unset(&conf.on_up); + fastd_shell_command_unset(&conf.on_down); + fastd_shell_command_unset(&conf.on_post_down); + fastd_shell_command_unset(&conf.on_connect); + fastd_shell_command_unset(&conf.on_establish); + fastd_shell_command_unset(&conf.on_disestablish); + fastd_shell_command_unset(&conf.on_verify); + + free(conf.user); + free(conf.group); + free(conf.groups); + free(conf.ifname); + free(conf.secret); + free(conf.protocol_config); + free(conf.log_syslog_ident); } diff --git a/src/config.h b/src/config.h index a13ddc0..60663f4 100644 --- a/src/config.h +++ b/src/config.h @@ -29,20 +29,21 @@ #include "fastd.h" -void fastd_config_protocol(fastd_context_t *ctx, fastd_config_t *conf, const char *name); -void fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char *name); -void fastd_config_cipher(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl); -void fastd_config_mac(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl); -void fastd_config_add_log_file(fastd_context_t *ctx, fastd_config_t *conf, const char *name, fastd_loglevel_t level); -void fastd_config_bind_address(fastd_context_t *ctx, fastd_config_t *conf, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6); -void fastd_config_peer_group_push(fastd_context_t *ctx, fastd_config_t *conf, const char *name); -void fastd_config_peer_group_pop(fastd_context_t *ctx, fastd_config_t *conf); -void fastd_config_release(fastd_context_t *ctx, fastd_config_t *conf); -void fastd_configure(fastd_context_t *ctx, fastd_config_t *conf, int argc, char *const argv[]); -void fastd_config_check(fastd_context_t *ctx, fastd_config_t *conf); -void fastd_config_load_peer_dirs(fastd_context_t *ctx, fastd_config_t *conf); -void fastd_config_handle_options(fastd_context_t *ctx, fastd_config_t *conf, int argc, char *const argv[]); -void fastd_config_verify(fastd_context_t *ctx, fastd_config_t *conf); - -void fastd_add_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *dir); -bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *filename, bool peer_config, int depth); +void fastd_config_protocol(fastd_context_t *ctx, const char *name); +void fastd_config_method(fastd_context_t *ctx, const char *name); +void fastd_config_cipher(fastd_context_t *ctx, const char *name, const char *impl); +void fastd_config_mac(fastd_context_t *ctx, const char *name, const char *impl); +void fastd_config_add_log_file(fastd_context_t *ctx, const char *name, fastd_loglevel_t level); +void fastd_config_bind_address(fastd_context_t *ctx, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6); +void fastd_config_peer_group_push(fastd_context_t *ctx, const char *name); +void fastd_config_peer_group_pop(fastd_context_t *ctx); +void fastd_config_release(fastd_context_t *ctx); +void fastd_config_handle_options(fastd_context_t *ctx, int argc, char *const argv[]); +void fastd_config_verify(fastd_context_t *ctx); + +void fastd_configure(fastd_context_t *ctx, int argc, char *const argv[]); +void fastd_config_check(fastd_context_t *ctx); +void fastd_config_load_peer_dirs(fastd_context_t *ctx); + +void fastd_add_peer_dir(fastd_context_t *ctx, const char *dir); +bool fastd_read_config(fastd_context_t *ctx, const char *filename, bool peer_config, int depth); diff --git a/src/config.y b/src/config.y index b4bd68b..6545288 100644 --- a/src/config.y +++ b/src/config.y @@ -29,7 +29,6 @@ %name-prefix "fastd_config_" %locations %parse-param {fastd_context_t *ctx} -%parse-param {fastd_config_t *conf} %parse-param {const char *filename} %parse-param {int depth} @@ -140,7 +139,7 @@ #include <limits.h> - void fastd_config_error(YYLTYPE *loc, fastd_context_t *ctx, fastd_config_t *conf, const char *filename, int depth, const char *s); + void fastd_config_error(YYLTYPE *loc, fastd_context_t *ctx, const char *filename, int depth, const char *s); } @@ -214,18 +213,18 @@ peer_group_statement: ; user: TOK_STRING { - free(conf->user); - conf->user = strdup($1->str); + free(conf.user); + conf.user = strdup($1->str); } group: TOK_STRING { - free(conf->group); - conf->group = strdup($1->str); + free(conf.group); + conf.group = strdup($1->str); } drop_capabilities: drop_capabilities_enabled { - conf->drop_caps = $1; + conf.drop_caps = $1; } drop_capabilities_enabled: @@ -238,43 +237,43 @@ drop_capabilities_enabled: secure_handshakes: boolean { - conf->secure_handshakes = $1; + conf.secure_handshakes = $1; } ; cipher: TOK_STRING TOK_USE TOK_STRING { - fastd_config_cipher(ctx, conf, $1->str, $3->str); + fastd_config_cipher(ctx, $1->str, $3->str); } mac: TOK_STRING TOK_USE TOK_STRING { - fastd_config_mac(ctx, conf, $1->str, $3->str); + fastd_config_mac(ctx, $1->str, $3->str); } log: TOK_LEVEL log_level { - conf->log_stderr_level = $2; + conf.log_stderr_level = $2; } | TOK_TO TOK_STDERR maybe_log_level { - conf->log_stderr_level = $3; + conf.log_stderr_level = $3; } | TOK_TO TOK_SYSLOG maybe_log_level { - conf->log_syslog_level = $3; + conf.log_syslog_level = $3; } | TOK_TO TOK_SYSLOG TOK_AS TOK_STRING maybe_log_level { - free(conf->log_syslog_ident); - conf->log_syslog_ident = strdup($4->str); + free(conf.log_syslog_ident); + conf.log_syslog_ident = strdup($4->str); - conf->log_syslog_level = $5; + conf.log_syslog_level = $5; } | TOK_TO TOK_STRING maybe_log_level { - fastd_config_add_log_file(ctx, conf, $2->str, $3); + fastd_config_add_log_file(ctx, $2->str, $3); } ; hide: TOK_IP TOK_ADDRESSES boolean { - conf->hide_ip_addresses = $3; + conf.hide_ip_addresses = $3; } | TOK_MAC TOK_ADDRESSES boolean { - conf->hide_mac_addresses = $3; + conf.hide_mac_addresses = $3; } ; @@ -292,15 +291,15 @@ log_level: TOK_FATAL { $$ = LL_FATAL; } | TOK_DEBUG2 { $$ = LL_DEBUG2; } ; -interface: TOK_STRING { free(conf->ifname); conf->ifname = strdup($1->str); } +interface: TOK_STRING { free(conf.ifname); conf.ifname = strdup($1->str); } ; bind: bind_address maybe_bind_interface maybe_bind_default { - fastd_config_bind_address(ctx, conf, &$1, $2 ? $2->str : NULL, $3 == AF_UNSPEC || $3 == AF_INET, $3 == AF_UNSPEC || $3 == AF_INET6); + fastd_config_bind_address(ctx, &$1, $2 ? $2->str : NULL, $3 == AF_UNSPEC || $3 == AF_INET, $3 == AF_UNSPEC || $3 == AF_INET6); } | TOK_ADDR6_SCOPED maybe_port maybe_bind_default { fastd_peer_address_t addr = { .in6 = { .sin6_family = AF_INET6, .sin6_addr = $1.addr, .sin6_port = htons($2) } }; - fastd_config_bind_address(ctx, conf, &addr, $1.ifname, $3 == AF_UNSPEC || $3 == AF_INET, $3 == AF_UNSPEC || $3 == AF_INET6); + fastd_config_bind_address(ctx, &addr, $1.ifname, $3 == AF_UNSPEC || $3 == AF_INET, $3 == AF_UNSPEC || $3 == AF_INET6); } ; @@ -347,82 +346,82 @@ bind_default: ; packet_mark: TOK_UINT { - conf->packet_mark = $1; + conf.packet_mark = $1; } mtu: TOK_UINT { if ($1 < 576 || $1 > 65535) { - fastd_config_error(&@$, ctx, conf, filename, depth, "invalid MTU"); + fastd_config_error(&@$, ctx, filename, depth, "invalid MTU"); YYERROR; } - conf->mtu = $1; + conf.mtu = $1; } ; -pmtu: autobool { conf->pmtu = $1; } +pmtu: autobool { conf.pmtu = $1; } ; -mode: TOK_TAP { conf->mode = MODE_TAP; } - | TOK_TUN { conf->mode = MODE_TUN; } +mode: TOK_TAP { conf.mode = MODE_TAP; } + | TOK_TUN { conf.mode = MODE_TUN; } ; protocol: TOK_STRING { - fastd_config_protocol(ctx, conf, $1->str); + fastd_config_protocol(ctx, $1->str); } ; method: TOK_STRING { - fastd_config_method(ctx, conf, $1->str); + fastd_config_method(ctx, $1->str); } ; -secret: TOK_STRING { free(conf->secret); conf->secret = strdup($1->str); } +secret: TOK_STRING { free(conf.secret); conf.secret = strdup($1->str); } ; on_pre_up: sync_def_sync TOK_STRING { - fastd_shell_command_set(&conf->on_pre_up, $2->str, $1); + fastd_shell_command_set(&conf.on_pre_up, $2->str, $1); } ; on_up: sync_def_sync TOK_STRING { - fastd_shell_command_set(&conf->on_up, $2->str, $1); + fastd_shell_command_set(&conf.on_up, $2->str, $1); } ; on_down: sync_def_sync TOK_STRING { - fastd_shell_command_set(&conf->on_down, $2->str, $1); + fastd_shell_command_set(&conf.on_down, $2->str, $1); } ; on_post_down: sync_def_sync TOK_STRING { - fastd_shell_command_set(&conf->on_post_down, $2->str, $1); + fastd_shell_command_set(&conf.on_post_down, $2->str, $1); } ; on_connect: sync_def_async TOK_STRING { - fastd_shell_command_set(&conf->on_connect, $2->str, $1); + fastd_shell_command_set(&conf.on_connect, $2->str, $1); } ; on_establish: sync_def_async TOK_STRING { - fastd_shell_command_set(&conf->on_establish, $2->str, $1); + fastd_shell_command_set(&conf.on_establish, $2->str, $1); } ; on_disestablish: sync_def_async TOK_STRING { - fastd_shell_command_set(&conf->on_disestablish, $2->str, $1); + fastd_shell_command_set(&conf.on_disestablish, $2->str, $1); } ; on_verify: sync_def_async TOK_STRING { - fastd_shell_command_set(&conf->on_verify, $2->str, $1); + fastd_shell_command_set(&conf.on_verify, $2->str, $1); } ; peer: TOK_STRING { - fastd_peer_config_new(ctx, conf); - conf->peers->name = strdup($1->str); + fastd_peer_config_new(ctx); + conf.peers->name = strdup($1->str); } ; @@ -437,7 +436,7 @@ peer_statement: TOK_REMOTE peer_remote ';' ; peer_remote: TOK_ADDR4 port { - fastd_remote_config_t **remote = &conf->peers->remotes; + fastd_remote_config_t **remote = &conf.peers->remotes; while (*remote) remote = &(*remote)->next; @@ -449,7 +448,7 @@ peer_remote: TOK_ADDR4 port { fastd_peer_address_simplify(&(*remote)->address); } | TOK_ADDR6 port { - fastd_remote_config_t **remote = &conf->peers->remotes; + fastd_remote_config_t **remote = &conf.peers->remotes; while (*remote) remote = &(*remote)->next; @@ -463,7 +462,7 @@ peer_remote: TOK_ADDR4 port { | TOK_ADDR6_SCOPED port { char addrbuf[INET6_ADDRSTRLEN]; size_t addrlen; - fastd_remote_config_t **remote = &conf->peers->remotes; + fastd_remote_config_t **remote = &conf.peers->remotes; while (*remote) remote = &(*remote)->next; @@ -481,7 +480,7 @@ peer_remote: TOK_ADDR4 port { (*remote)->address.in.sin_port = htons($2); } | maybe_af TOK_STRING port maybe_float { - fastd_remote_config_t **remote = &conf->peers->remotes; + fastd_remote_config_t **remote = &conf.peers->remotes; while (*remote) remote = &(*remote)->next; @@ -492,67 +491,67 @@ peer_remote: TOK_ADDR4 port { (*remote)->address.in.sin_port = htons($3); if ($4) { - conf->peers->floating = true; - conf->peers->dynamic_float_deprecated = true; + conf.peers->floating = true; + conf.peers->dynamic_float_deprecated = true; } } ; peer_float: boolean { - conf->peers->floating = $1; + conf.peers->floating = $1; } ; peer_key: TOK_STRING { - free(conf->peers->key); conf->peers->key = strdup($1->str); + free(conf.peers->key); conf.peers->key = strdup($1->str); } ; peer_include: TOK_STRING { - if (!fastd_read_config(ctx, conf, $1->str, true, depth)) + if (!fastd_read_config(ctx, $1->str, true, depth)) YYERROR; } ; peer_group: TOK_STRING { - fastd_config_peer_group_push(ctx, conf, $1->str); + fastd_config_peer_group_push(ctx, $1->str); } ; peer_group_after: { - fastd_config_peer_group_pop(ctx, conf); + fastd_config_peer_group_pop(ctx); } ; peer_limit: TOK_UINT { if ($1 > INT_MAX) { - fastd_config_error(&@$, ctx, conf, filename, depth, "invalid peer limit"); + fastd_config_error(&@$, ctx, filename, depth, "invalid peer limit"); YYERROR; } - conf->peer_group->max_connections = $1; + conf.peer_group->max_connections = $1; } ; -forward: boolean { conf->forward = $1; } +forward: boolean { conf.forward = $1; } ; include: TOK_PEER TOK_STRING maybe_as { - fastd_peer_config_new(ctx, conf); + fastd_peer_config_new(ctx); if ($3) - conf->peers->name = strdup($3->str); + conf.peers->name = strdup($3->str); - if (!fastd_read_config(ctx, conf, $2->str, true, depth)) + if (!fastd_read_config(ctx, $2->str, true, depth)) YYERROR; } | TOK_PEERS TOK_FROM TOK_STRING { - fastd_add_peer_dir(ctx, conf, $3->str); + fastd_add_peer_dir(ctx, $3->str); } | TOK_STRING { - if (!fastd_read_config(ctx, conf, $1->str, false, depth)) + if (!fastd_read_config(ctx, $1->str, false, depth)) YYERROR; } ; @@ -602,7 +601,7 @@ colon_or_port: ':' port: colon_or_port TOK_UINT { if ($2 < 1 || $2 > 65535) { - fastd_config_error(&@$, ctx, conf, filename, depth, "invalid port"); + fastd_config_error(&@$, ctx, filename, depth, "invalid port"); YYERROR; } $$ = $2; @@ -610,6 +609,6 @@ port: colon_or_port TOK_UINT { ; %% -void fastd_config_error(YYLTYPE *loc, fastd_context_t *ctx, fastd_config_t *conf UNUSED, const char *filename, int depth UNUSED, const char *s) { +void fastd_config_error(YYLTYPE *loc, fastd_context_t *ctx, const char *filename, int depth UNUSED, const char *s) { pr_error(ctx, "config error: %s at %s:%i:%i", s, filename, loc->first_line, loc->first_column); } diff --git a/src/crypto.h b/src/crypto.h index 25efb10..de2bddf 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -64,14 +64,14 @@ void fastd_cipher_config_free(const fastd_cipher_t **cipher_conf); bool fastd_cipher_config(const fastd_cipher_t **cipher_conf, const char *name, const char *impl); const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name); -const fastd_cipher_t* fastd_cipher_get(fastd_context_t *ctx, const fastd_cipher_info_t *info); +const fastd_cipher_t* fastd_cipher_get(const fastd_cipher_info_t *info); const fastd_mac_t** fastd_mac_config_alloc(void); void fastd_mac_config_free(const fastd_mac_t **mac_conf); bool fastd_mac_config(const fastd_mac_t **mac_conf, const char *name, const char *impl); const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name); -const fastd_mac_t* fastd_mac_get(fastd_context_t *ctx, const fastd_mac_info_t *info); +const fastd_mac_t* fastd_mac_get(const fastd_mac_info_t *info); static inline void secure_memzero(void *s, size_t n) { diff --git a/src/crypto/cipher/ciphers.c.in b/src/crypto/cipher/ciphers.c.in index 5cef18f..2140731 100644 --- a/src/crypto/cipher/ciphers.c.in +++ b/src/crypto/cipher/ciphers.c.in @@ -106,11 +106,11 @@ const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name) { return NULL; } -const fastd_cipher_t* fastd_cipher_get(fastd_context_t *ctx, const fastd_cipher_info_t *info) { +const fastd_cipher_t* fastd_cipher_get(const fastd_cipher_info_t *info) { size_t i; for (i = 0; i < array_size(ciphers); i++) { if (ciphers[i].info == info) - return ctx->conf->ciphers[i]; + return conf.ciphers[i]; } return NULL; diff --git a/src/crypto/mac/macs.c.in b/src/crypto/mac/macs.c.in index 8114da4..ccf560e 100644 --- a/src/crypto/mac/macs.c.in +++ b/src/crypto/mac/macs.c.in @@ -106,11 +106,11 @@ const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name) { return NULL; } -const fastd_mac_t* fastd_mac_get(fastd_context_t *ctx, const fastd_mac_info_t *info) { +const fastd_mac_t* fastd_mac_get(const fastd_mac_info_t *info) { size_t i; for (i = 0; i < array_size(macs); i++) { if (macs[i].info == info) - return ctx->conf->macs[i]; + return conf.macs[i]; } return NULL; diff --git a/src/fastd.c b/src/fastd.c index 1236e55..47daada 100644 --- a/src/fastd.c +++ b/src/fastd.c @@ -135,18 +135,18 @@ static void init_log(fastd_context_t *ctx) { uid_t uid = geteuid(); gid_t gid = getegid(); - if (ctx->conf->user || ctx->conf->group) { - if (setegid(ctx->conf->gid) < 0) + if (conf.user || conf.group) { + if (setegid(conf.gid) < 0) pr_debug_errno(ctx, "setegid"); - if (seteuid(ctx->conf->uid) < 0) + if (seteuid(conf.uid) < 0) pr_debug_errno(ctx, "seteuid"); } - if (ctx->conf->log_syslog_level > LL_UNSPEC) - openlog(ctx->conf->log_syslog_ident, LOG_PID, LOG_DAEMON); + if (conf.log_syslog_level > LL_UNSPEC) + openlog(conf.log_syslog_ident, LOG_PID, LOG_DAEMON); fastd_log_file_t *config; - for (config = ctx->conf->log_files; config; config = config->next) { + for (config = conf.log_files; config; config = config->next) { fastd_log_fd_t *file = malloc(sizeof(fastd_log_fd_t)); file->config = config; @@ -179,23 +179,23 @@ static void close_log(fastd_context_t *ctx) { static void init_sockets(fastd_context_t *ctx) { - ctx->socks = malloc(ctx->conf->n_bind_addrs * sizeof(fastd_socket_t)); + ctx->socks = malloc(conf.n_bind_addrs * sizeof(fastd_socket_t)); unsigned i; - fastd_bind_address_t *addr = ctx->conf->bind_addrs; - for (i = 0; i < ctx->conf->n_bind_addrs; i++) { + fastd_bind_address_t *addr = conf.bind_addrs; + for (i = 0; i < conf.n_bind_addrs; i++) { ctx->socks[i] = (fastd_socket_t){ .fd = -2, .addr = addr }; - if (addr == ctx->conf->bind_addr_default_v4) + if (addr == conf.bind_addr_default_v4) ctx->sock_default_v4 = &ctx->socks[i]; - if (addr == ctx->conf->bind_addr_default_v6) + if (addr == conf.bind_addr_default_v6) ctx->sock_default_v6 = &ctx->socks[i]; addr = addr->next; } - ctx->n_socks = ctx->conf->n_bind_addrs; + ctx->n_socks = conf.n_bind_addrs; } @@ -233,7 +233,7 @@ static inline void handle_forward(fastd_context_t *ctx, fastd_peer_t *source_pee if (dest_peer) { if (dest_peer != source_peer) - ctx->conf->protocol->send(ctx, dest_peer, buffer); + conf.protocol->send(ctx, dest_peer, buffer); else fastd_buffer_free(buffer); @@ -245,7 +245,7 @@ static inline void handle_forward(fastd_context_t *ctx, fastd_peer_t *source_pee } void fastd_handle_receive(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer_t buffer) { - if (ctx->conf->mode == MODE_TAP) { + if (conf.mode == MODE_TAP) { if (buffer.len < ETH_HLEN) { pr_debug(ctx, "received truncated packet"); fastd_buffer_free(buffer); @@ -263,7 +263,7 @@ void fastd_handle_receive(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer fastd_tuntap_write(ctx, buffer); - if (ctx->conf->mode == MODE_TAP && ctx->conf->forward) { + if (conf.mode == MODE_TAP && conf.forward) { handle_forward(ctx, peer, buffer); return; } @@ -272,19 +272,19 @@ void fastd_handle_receive(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer } static inline void on_pre_up(fastd_context_t *ctx) { - fastd_shell_command_exec(ctx, &ctx->conf->on_pre_up, NULL, NULL, NULL); + fastd_shell_command_exec(ctx, &conf.on_pre_up, NULL, NULL, NULL); } static inline void on_up(fastd_context_t *ctx) { - fastd_shell_command_exec(ctx, &ctx->conf->on_up, NULL, NULL, NULL); + fastd_shell_command_exec(ctx, &conf.on_up, NULL, NULL, NULL); } static inline void on_down(fastd_context_t *ctx) { - fastd_shell_command_exec(ctx, &ctx->conf->on_down, NULL, NULL, NULL); + fastd_shell_command_exec(ctx, &conf.on_down, NULL, NULL, NULL); } static inline void on_post_down(fastd_context_t *ctx) { - fastd_shell_command_exec(ctx, &ctx->conf->on_post_down, NULL, NULL, NULL); + fastd_shell_command_exec(ctx, &conf.on_post_down, NULL, NULL, NULL); } static fastd_peer_group_t* init_peer_group(const fastd_peer_group_config_t *config, fastd_peer_group_t *parent) { @@ -305,7 +305,7 @@ static fastd_peer_group_t* init_peer_group(const fastd_peer_group_config_t *conf } static void init_peer_groups(fastd_context_t *ctx) { - ctx->peer_group = init_peer_group(ctx->conf->peer_group, NULL); + ctx->peer_group = init_peer_group(conf.peer_group, NULL); } static void free_peer_group(fastd_peer_group_t *group) { @@ -325,11 +325,11 @@ static void delete_peer_groups(fastd_context_t *ctx) { static void init_peers(fastd_context_t *ctx) { fastd_peer_config_t *peer_conf; - for (peer_conf = ctx->conf->peers; peer_conf; peer_conf = peer_conf->next) - ctx->conf->protocol->peer_configure(ctx, peer_conf); + for (peer_conf = conf.peers; peer_conf; peer_conf = peer_conf->next) + conf.protocol->peer_configure(ctx, peer_conf); - for (peer_conf = ctx->conf->peers; peer_conf; peer_conf = peer_conf->next) { - bool enable = ctx->conf->protocol->peer_check(ctx, peer_conf); + for (peer_conf = conf.peers; peer_conf; peer_conf = peer_conf->next) { + bool enable = conf.protocol->peer_check(ctx, peer_conf); if (enable && !peer_conf->enabled) fastd_peer_add(ctx, peer_conf); @@ -349,7 +349,7 @@ static void init_peers(fastd_context_t *ctx) { } } else { - if (!ctx->conf->protocol->peer_check_temporary(ctx, peer)) { + if (!conf.protocol->peer_check_temporary(ctx, peer)) { fastd_peer_delete(ctx, peer); continue; } @@ -380,7 +380,7 @@ static void dump_state(fastd_context_t *ctx) { continue; } - if (ctx->conf->mode == MODE_TAP) { + if (conf.mode == MODE_TAP) { unsigned int eth_addresses = 0; size_t i; for (i = 0; i < VECTOR_LEN(ctx->eth_addrs); i++) { @@ -428,9 +428,9 @@ static void send_handshake(fastd_context_t *ctx, fastd_peer_t *peer) { } pr_debug(ctx, "sending handshake to %P[%I]...", peer, &peer->address); - peer->last_handshake_timeout = fastd_in_seconds(ctx, ctx->conf->min_handshake_interval); + peer->last_handshake_timeout = fastd_in_seconds(ctx, conf.min_handshake_interval); peer->last_handshake_address = peer->address; - ctx->conf->protocol->handshake_init(ctx, peer->sock, &peer->local_address, &peer->address, peer); + conf.protocol->handshake_init(ctx, peer->sock, &peer->local_address, &peer->address, peer); } static void handle_handshake_queue(fastd_context_t *ctx) { @@ -503,7 +503,7 @@ static bool maintain_peer(fastd_context_t *ctx, fastd_peer_t *peer) { return true; pr_debug2(ctx, "sending keepalive to %P", peer); - ctx->conf->protocol->send(ctx, peer, fastd_buffer_alloc(ctx, 0, ctx->conf->min_encrypt_head_space, ctx->conf->min_encrypt_tail_space)); + conf.protocol->send(ctx, peer, fastd_buffer_alloc(ctx, 0, conf.min_encrypt_head_space, conf.min_encrypt_tail_space)); } return true; @@ -522,7 +522,7 @@ static void maintenance(fastd_context_t *ctx) { fastd_peer_eth_addr_cleanup(ctx); - ctx->next_maintenance.tv_sec += ctx->conf->maintenance_interval; + ctx->next_maintenance.tv_sec += conf.maintenance_interval; } @@ -549,20 +549,20 @@ static void close_fds(fastd_context_t *ctx) { } static void write_pid(fastd_context_t *ctx, pid_t pid) { - if (!ctx->conf->pid_file) + if (!conf.pid_file) return; uid_t uid = geteuid(); gid_t gid = getegid(); - if (ctx->conf->user || ctx->conf->group) { - if (setegid(ctx->conf->gid) < 0) + if (conf.user || conf.group) { + if (setegid(conf.gid) < 0) pr_debug_errno(ctx, "setegid"); - if (seteuid(ctx->conf->uid) < 0) + if (seteuid(conf.uid) < 0) pr_debug_errno(ctx, "seteuid"); } - int fd = open(ctx->conf->pid_file, O_WRONLY|O_CREAT|O_TRUNC, 0666); + int fd = open(conf.pid_file, O_WRONLY|O_CREAT|O_TRUNC, 0666); if (fd < 0) { pr_error_errno(ctx, "can't write PID file: open"); goto end; @@ -582,26 +582,26 @@ static void write_pid(fastd_context_t *ctx, pid_t pid) { } static void set_user(fastd_context_t *ctx) { - if (ctx->conf->user || ctx->conf->group) { - if (setgid(ctx->conf->gid) < 0) + if (conf.user || conf.group) { + if (setgid(conf.gid) < 0) exit_errno(ctx, "setgid"); - if (setuid(ctx->conf->uid) < 0) + if (setuid(conf.uid) < 0) exit_errno(ctx, "setuid"); - pr_info(ctx, "Changed to UID %i, GID %i.", ctx->conf->uid, ctx->conf->gid); + pr_info(ctx, "Changed to UID %i, GID %i.", conf.uid, conf.gid); } } static void set_groups(fastd_context_t *ctx) { - if (ctx->conf->groups) { - if (setgroups(ctx->conf->n_groups, ctx->conf->groups) < 0) { + if (conf.groups) { + if (setgroups(conf.n_groups, conf.groups) < 0) { if (errno != EPERM) pr_debug_errno(ctx, "setgroups"); } } - else if (ctx->conf->user || ctx->conf->group) { - if (setgroups(1, &ctx->conf->gid) < 0) { + else if (conf.user || conf.group) { + if (setgroups(1, &conf.gid) < 0) { if (errno != EPERM) pr_debug_errno(ctx, "setgroups"); } @@ -753,12 +753,10 @@ int main(int argc, char *argv[]) { fastd_random_bytes(&ctx, &ctx.randseed, sizeof(ctx.randseed), false); - fastd_config_t conf; - fastd_configure(&ctx, &conf, argc, argv); - ctx.conf = &conf; + fastd_configure(&ctx, argc, argv); if (conf.verify_config) { - fastd_config_verify(&ctx, &conf); + fastd_config_verify(&ctx); exit(0); } @@ -770,7 +768,7 @@ int main(int argc, char *argv[]) { conf.protocol_config = conf.protocol->init(&ctx); if (conf.show_key) { - conf.protocol->show_key(&ctx); + conf.protocol->show_key(); exit(0); } @@ -794,7 +792,7 @@ int main(int argc, char *argv[]) { OPENSSL_config(NULL); #endif - fastd_config_check(&ctx, &conf); + fastd_config_check(&ctx); fastd_update_time(&ctx); @@ -849,7 +847,7 @@ int main(int argc, char *argv[]) { else if (conf.drop_caps == DROP_CAPS_OFF) set_user(&ctx); - fastd_config_load_peer_dirs(&ctx, &conf); + fastd_config_load_peer_dirs(&ctx); VECTOR_ALLOC(ctx.eth_addrs, 0); VECTOR_ALLOC(ctx.peers, 0); @@ -881,7 +879,7 @@ int main(int argc, char *argv[]) { close_log(&ctx); init_log(&ctx); - fastd_config_load_peer_dirs(&ctx, &conf); + fastd_config_load_peer_dirs(&ctx); init_peers(&ctx); } @@ -920,7 +918,7 @@ int main(int argc, char *argv[]) { #endif close_log(&ctx); - fastd_config_release(&ctx, &conf); + fastd_config_release(&ctx); return 0; } diff --git a/src/fastd.h b/src/fastd.h index f1ae2d3..5cbd4d7 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -69,8 +69,8 @@ struct fastd_protocol { void (*free_peer_state)(fastd_context_t *ctx, fastd_peer_t *peer); void (*generate_key)(fastd_context_t *ctx); - void (*show_key)(fastd_context_t *ctx); - void (*set_shell_env)(fastd_context_t *ctx, const fastd_peer_t *peer); + void (*show_key)(void); + void (*set_shell_env)(const fastd_peer_t *peer); bool (*describe_peer)(const fastd_context_t *ctx, const fastd_peer_t *peer, char *buf, size_t len); }; @@ -228,9 +228,9 @@ struct fastd_config { bool verify_config; }; -struct fastd_context { - const fastd_config_t *conf; +extern fastd_config_t conf; +struct fastd_context { bool log_initialized; fastd_log_fd_t *log_files; @@ -339,18 +339,18 @@ static inline size_t alignto(size_t l, size_t a) { static inline size_t fastd_max_inner_packet(const fastd_context_t *ctx) { - switch (ctx->conf->mode) { + switch (conf.mode) { case MODE_TAP: - return ctx->conf->mtu+ETH_HLEN; + return conf.mtu+ETH_HLEN; case MODE_TUN: - return ctx->conf->mtu; + return conf.mtu; default: exit_bug(ctx, "invalid mode"); } } static inline size_t fastd_max_outer_packet(const fastd_context_t *ctx) { - return PACKET_TYPE_LEN + fastd_max_inner_packet(ctx) + ctx->conf->max_overhead; + return PACKET_TYPE_LEN + fastd_max_inner_packet(ctx) + conf.max_overhead; } static inline bool fastd_peer_address_is_v6_ll(const fastd_peer_address_t *addr) { diff --git a/src/handshake.c b/src/handshake.c index 441ab5d..f6a256d 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -54,20 +54,20 @@ static const char *const RECORD_TYPES[RECORD_MAX] = { #define AS_UINT16(ptr) ((*(uint8_t*)(ptr).data) + (*((uint8_t*)(ptr).data+1) << 8)) -static uint8_t* create_method_list(fastd_context_t *ctx, size_t *len) { +static uint8_t* create_method_list(size_t *len) { *len = 0; size_t i; - for (i = 0; ctx->conf->methods[i].name; i++) - *len += strlen(ctx->conf->methods[i].name) + 1; + for (i = 0; conf.methods[i].name; i++) + *len += strlen(conf.methods[i].name) + 1; uint8_t *ret = malloc(*len); (*len)--; char *ptr = (char*)ret; - for (i = 0; ctx->conf->methods[i].name; i++) - ptr = stpcpy(ptr, ctx->conf->methods[i].name) + 1; + for (i = 0; conf.methods[i].name; i++) + ptr = stpcpy(ptr, conf.methods[i].name) + 1; return ret; } @@ -99,14 +99,14 @@ static fastd_string_stack_t* parse_string_list(const uint8_t *data, size_t len) static fastd_buffer_t new_handshake(fastd_context_t *ctx, uint8_t type, const fastd_method_info_t *method, bool with_method_list, size_t tail_space) { size_t version_len = strlen(FASTD_VERSION); - size_t protocol_len = strlen(ctx->conf->protocol->name); + size_t protocol_len = strlen(conf.protocol->name); size_t method_len = method ? strlen(method->name) : 0; size_t method_list_len = 0; uint8_t *method_list = NULL; if (with_method_list) - method_list = create_method_list(ctx, &method_list_len); + method_list = create_method_list(&method_list_len); fastd_buffer_t buffer = fastd_buffer_alloc(ctx, sizeof(fastd_handshake_packet_t), 1, 3*5 + /* handshake type, mode, reply code */ @@ -122,13 +122,13 @@ static fastd_buffer_t new_handshake(fastd_context_t *ctx, uint8_t type, const fa packet->tlv_len = 0; fastd_handshake_add_uint8(ctx, &buffer, RECORD_HANDSHAKE_TYPE, type); - fastd_handshake_add_uint8(ctx, &buffer, RECORD_MODE, ctx->conf->mode); - fastd_handshake_add_uint16(ctx, &buffer, RECORD_MTU, ctx->conf->mtu); + fastd_handshake_add_uint8(ctx, &buffer, RECORD_MODE, conf.mode); + fastd_handshake_add_uint16(ctx, &buffer, RECORD_MTU, conf.mtu); fastd_handshake_add(ctx, &buffer, RECORD_VERSION_NAME, version_len, FASTD_VERSION); - fastd_handshake_add(ctx, &buffer, RECORD_PROTOCOL_NAME, protocol_len, ctx->conf->protocol->name); + fastd_handshake_add(ctx, &buffer, RECORD_PROTOCOL_NAME, protocol_len, conf.protocol->name); - if (method && (!with_method_list || !ctx->conf->secure_handshakes)) + if (method && (!with_method_list || !conf.secure_handshakes)) fastd_handshake_add(ctx, &buffer, RECORD_METHOD_NAME, method_len, method->name); if (with_method_list) { @@ -140,7 +140,7 @@ static fastd_buffer_t new_handshake(fastd_context_t *ctx, uint8_t type, const fa } fastd_buffer_t fastd_handshake_new_init(fastd_context_t *ctx, size_t tail_space) { - return new_handshake(ctx, 1, NULL, !ctx->conf->secure_handshakes, tail_space); + return new_handshake(ctx, 1, NULL, !conf.secure_handshakes, tail_space); } fastd_buffer_t fastd_handshake_new_reply(fastd_context_t *ctx, const fastd_handshake_t *handshake, const fastd_method_info_t *method, bool with_method_list, size_t tail_space) { @@ -244,24 +244,24 @@ static inline void print_error_reply(fastd_context_t *ctx, const fastd_peer_addr static inline bool check_records(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, const fastd_handshake_t *handshake) { if (handshake->records[RECORD_PROTOCOL_NAME].data) { - if (!record_equal(ctx->conf->protocol->name, &handshake->records[RECORD_PROTOCOL_NAME])) { + if (!record_equal(conf.protocol->name, &handshake->records[RECORD_PROTOCOL_NAME])) { send_error(ctx, sock, local_addr, remote_addr, peer, handshake, REPLY_UNACCEPTABLE_VALUE, RECORD_PROTOCOL_NAME); return false; } } if (handshake->records[RECORD_MODE].data) { - if (handshake->records[RECORD_MODE].length != 1 || AS_UINT8(handshake->records[RECORD_MODE]) != ctx->conf->mode) { + if (handshake->records[RECORD_MODE].length != 1 || AS_UINT8(handshake->records[RECORD_MODE]) != conf.mode) { send_error(ctx, sock, local_addr, remote_addr, peer, handshake, REPLY_UNACCEPTABLE_VALUE, RECORD_MODE); return false; } } - if (!ctx->conf->secure_handshakes || handshake->type > 1) { + if (!conf.secure_handshakes || handshake->type > 1) { if (handshake->records[RECORD_MTU].length == 2) { - if (AS_UINT16(handshake->records[RECORD_MTU]) != ctx->conf->mtu) { + if (AS_UINT16(handshake->records[RECORD_MTU]) != conf.mtu) { pr_warn(ctx, "MTU configuration differs with peer %I: local MTU is %u, remote MTU is %u", - remote_addr, ctx->conf->mtu, AS_UINT16(handshake->records[RECORD_MTU])); + remote_addr, conf.mtu, AS_UINT16(handshake->records[RECORD_MTU])); } } } @@ -281,15 +281,15 @@ static inline bool check_records(fastd_context_t *ctx, fastd_socket_t *sock, con return true; } -static inline const fastd_method_info_t* get_method_by_name(fastd_context_t *ctx, const char *name, size_t n) { +static inline const fastd_method_info_t* get_method_by_name(const char *name, size_t n) { char name0[n+1]; memcpy(name0, name, n); name0[n] = 0; - return fastd_method_get_by_name(ctx, name0); + return fastd_method_get_by_name(name0); } -static inline const fastd_method_info_t* get_method(fastd_context_t *ctx, const fastd_handshake_t *handshake) { +static inline const fastd_method_info_t* get_method(const fastd_handshake_t *handshake) { if (handshake->records[RECORD_METHOD_LIST].data && handshake->records[RECORD_METHOD_LIST].length) { fastd_string_stack_t *method_list = parse_string_list(handshake->records[RECORD_METHOD_LIST].data, handshake->records[RECORD_METHOD_LIST].length); @@ -297,7 +297,7 @@ static inline const fastd_method_info_t* get_method(fastd_context_t *ctx, const fastd_string_stack_t *method_name; for (method_name = method_list; method_name; method_name = method_name->next) { - const fastd_method_info_t *cur_method = fastd_method_get_by_name(ctx, method_name->str); + const fastd_method_info_t *cur_method = fastd_method_get_by_name(method_name->str); if (cur_method) method = cur_method; @@ -311,7 +311,7 @@ static inline const fastd_method_info_t* get_method(fastd_context_t *ctx, const if (!handshake->records[RECORD_METHOD_NAME].data) return NULL; - return get_method_by_name(ctx, (const char*)handshake->records[RECORD_METHOD_NAME].data, handshake->records[RECORD_METHOD_NAME].length); + return get_method_by_name((const char*)handshake->records[RECORD_METHOD_NAME].data, handshake->records[RECORD_METHOD_NAME].length); } void fastd_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, fastd_buffer_t buffer) { @@ -335,8 +335,8 @@ void fastd_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fa if (!check_records(ctx, sock, local_addr, remote_addr, peer, &handshake)) goto end_free; - if (!ctx->conf->secure_handshakes || handshake.type > 1) { - method = get_method(ctx, &handshake); + if (!conf.secure_handshakes || handshake.type > 1) { + method = get_method(&handshake); if (handshake.records[RECORD_VERSION_NAME].data) handshake.peer_version = peer_version = strndup((const char*)handshake.records[RECORD_VERSION_NAME].data, handshake.records[RECORD_VERSION_NAME].length); @@ -347,7 +347,7 @@ void fastd_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fa goto end_free; } - ctx->conf->protocol->handshake_handle(ctx, sock, local_addr, remote_addr, peer, &handshake, method); + conf.protocol->handshake_handle(ctx, sock, local_addr, remote_addr, peer, &handshake, method); end_free: free(peer_version); @@ -55,7 +55,7 @@ static size_t snprint_peer_address(const fastd_context_t *ctx, char *buffer, siz return snprintf(buffer, size, "any"); case AF_INET: - if (!bind_address && ctx->conf->hide_ip_addresses) + if (!bind_address && conf.hide_ip_addresses) return snprintf_safe(buffer, size, "[hidden]:%u", ntohs(address->in.sin_port)); else if (inet_ntop(AF_INET, &address->in.sin_addr, addr_buf, sizeof(addr_buf))) return snprintf_safe(buffer, size, "%s:%u", addr_buf, ntohs(address->in.sin_port)); @@ -63,7 +63,7 @@ static size_t snprint_peer_address(const fastd_context_t *ctx, char *buffer, siz return 0; case AF_INET6: - if (!bind_address && ctx->conf->hide_ip_addresses) + if (!bind_address && conf.hide_ip_addresses) return snprintf_safe(buffer, size, "[hidden]:%u", ntohs(address->in.sin_port)); if (inet_ntop(AF_INET6, &address->in6.sin6_addr, addr_buf, sizeof(addr_buf))) { char ifname_buf[IF_NAMESIZE]; @@ -89,7 +89,7 @@ static size_t snprint_peer_str(const fastd_context_t *ctx, char *buffer, size_t } else { char buf[65]; - if (ctx->conf->protocol->describe_peer(ctx, peer, buf, sizeof(buf))) + if (conf.protocol->describe_peer(ctx, peer, buf, sizeof(buf))) return snprintf_safe(buffer, size, "{%s}", buf); else return snprintf_safe(buffer, size, "(null)"); @@ -143,7 +143,7 @@ static int fastd_vsnprintf(const fastd_context_t *ctx, char *buffer, size_t size eth_addr = va_arg(ap, const fastd_eth_addr_t*); if (eth_addr) { - if (ctx->conf->hide_mac_addresses) + if (conf.hide_mac_addresses) buffer += snprintf_safe(buffer, buffer_end-buffer, "[hidden]"); else buffer += snprintf_safe(buffer, buffer_end-buffer, "%02x:%02x:%02x:%02x:%02x:%02x", @@ -239,7 +239,7 @@ void fastd_logf(const fastd_context_t *ctx, fastd_loglevel_t level, const char * buffer[sizeof(buffer)-1] = 0; - if (!ctx->log_initialized || level <= ctx->conf->log_stderr_level || ctx->conf->log_files) { + if (!ctx->log_initialized || level <= conf.log_stderr_level || conf.log_files) { time_t t; struct tm tm; @@ -250,11 +250,11 @@ void fastd_logf(const fastd_context_t *ctx, fastd_loglevel_t level, const char * } } - if (!ctx->log_initialized || level <= ctx->conf->log_stderr_level) + if (!ctx->log_initialized || level <= conf.log_stderr_level) fprintf(stderr, "%s%s%s\n", timestr, get_log_prefix(level), buffer); if (ctx->log_initialized) { - if (level <= ctx->conf->log_syslog_level) + if (level <= conf.log_syslog_level) syslog(get_syslog_level(level), "%s", buffer); fastd_log_fd_t *file; diff --git a/src/method.h b/src/method.h index 159d2b8..b5ff2f5 100644 --- a/src/method.h +++ b/src/method.h @@ -63,11 +63,11 @@ struct fastd_method_provider { bool fastd_method_create_by_name(const char *name, const fastd_method_provider_t **provider, fastd_method_t **method); -static inline const fastd_method_info_t* fastd_method_get_by_name(fastd_context_t *ctx, const char *name) { +static inline const fastd_method_info_t* fastd_method_get_by_name(const char *name) { size_t i; - for (i = 0; ctx->conf->methods[i].name; i++) { - if (!strcmp(ctx->conf->methods[i].name, name)) - return &ctx->conf->methods[i]; + for (i = 0; conf.methods[i].name; i++) { + if (!strcmp(conf.methods[i].name, name)) + return &conf.methods[i]; } return NULL; diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c index b33133a..0cec4b0 100644 --- a/src/methods/cipher_test/cipher_test.c +++ b/src/methods/cipher_test/cipher_test.c @@ -79,7 +79,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); session->method = method; - session->cipher = fastd_cipher_get(ctx, method->cipher_info); + session->cipher = fastd_cipher_get(method->cipher_info); session->cipher_state = session->cipher->init(secret); pr_warn(ctx, "using cipher-test method; this method must be used for testing and benchmarks only"); diff --git a/src/methods/common.c b/src/methods/common.c index 26bdf2e..166d3ab 100644 --- a/src/methods/common.c +++ b/src/methods/common.c @@ -30,8 +30,8 @@ void fastd_method_common_init(fastd_context_t *ctx, fastd_method_common_t *session, bool initiator) { memset(session, 0, sizeof(*session)); - session->valid_till = fastd_in_seconds(ctx, ctx->conf->key_valid); - session->refresh_after = fastd_in_seconds(ctx, ctx->conf->key_refresh - fastd_rand(ctx, 0, ctx->conf->key_refresh_splay)); + session->valid_till = fastd_in_seconds(ctx, conf.key_valid); + session->refresh_after = fastd_in_seconds(ctx, conf.key_refresh - fastd_rand(ctx, 0, conf.key_refresh_splay)); if (initiator) { session->send_nonce[COMMON_NONCEBYTES-1] = 3; @@ -79,7 +79,7 @@ bool fastd_method_reorder_check(fastd_context_t *ctx, fastd_peer_t *peer, fastd_ session->receive_reorder_seen |= (1 << (shift-1)); memcpy(session->receive_nonce, nonce, COMMON_NONCEBYTES); - session->reorder_timeout = fastd_in_seconds(ctx, ctx->conf->reorder_time); + session->reorder_timeout = fastd_in_seconds(ctx, conf.reorder_time); return true; } else if (age == 0 || session->receive_reorder_seen & (1 << (age-1))) { diff --git a/src/methods/common.h b/src/methods/common.h index 4d9c4c0..510ad3f 100644 --- a/src/methods/common.h +++ b/src/methods/common.h @@ -73,7 +73,7 @@ static inline bool fastd_method_session_common_want_refresh(fastd_context_t *ctx } static inline void fastd_method_session_common_superseded(fastd_context_t *ctx, fastd_method_common_t *session) { - struct timespec valid_max = fastd_in_seconds(ctx, ctx->conf->key_valid_old); + struct timespec valid_max = fastd_in_seconds(ctx, conf.key_valid_old); if (timespec_after(&session->valid_till, &valid_max)) session->valid_till = valid_max; diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c index d420f31..c848bbf 100644 --- a/src/methods/composed_gmac/composed_gmac.c +++ b/src/methods/composed_gmac/composed_gmac.c @@ -122,10 +122,10 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); session->method = method; - session->cipher = fastd_cipher_get(ctx, method->cipher_info); + session->cipher = fastd_cipher_get(method->cipher_info); session->cipher_state = session->cipher->init(secret); - session->gmac_cipher = fastd_cipher_get(ctx, method->gmac_cipher_info); + session->gmac_cipher = fastd_cipher_get(method->gmac_cipher_info); session->gmac_cipher_state = session->gmac_cipher->init(secret + method->cipher_info->key_length); fastd_block128_t H; @@ -142,7 +142,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c return NULL; } - session->ghash = fastd_mac_get(ctx, method->ghash_info); + session->ghash = fastd_mac_get(method->ghash_info); session->ghash_state = session->ghash->init(H.b); return session; diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c index a15083b..88c1880 100644 --- a/src/methods/generic_gmac/generic_gmac.c +++ b/src/methods/generic_gmac/generic_gmac.c @@ -99,7 +99,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); session->method = method; - session->cipher = fastd_cipher_get(ctx, method->cipher_info); + session->cipher = fastd_cipher_get(method->cipher_info); session->cipher_state = session->cipher->init(secret); static const fastd_block128_t zeroblock = {}; @@ -115,7 +115,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c return NULL; } - session->ghash = fastd_mac_get(ctx, method->ghash_info); + session->ghash = fastd_mac_get(method->ghash_info); session->ghash_state = session->ghash->init(H.b); return session; diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c index d9db73f..a8eb3d1 100644 --- a/src/methods/generic_poly1305/generic_poly1305.c +++ b/src/methods/generic_poly1305/generic_poly1305.c @@ -88,7 +88,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); session->method = method; - session->cipher = fastd_cipher_get(ctx, session->method->cipher_info); + session->cipher = fastd_cipher_get(session->method->cipher_info); session->cipher_state = session->cipher->init(secret); return session; diff --git a/src/options.c b/src/options.c index 0fb3baa..0817ed7 100644 --- a/src/options.c +++ b/src/options.c @@ -48,7 +48,7 @@ static void print_usage(const char *options, const char *message) { puts(message); } -static void usage(fastd_context_t *ctx UNUSED, fastd_config_t *conf UNUSED) { +static void usage(fastd_context_t *ctx UNUSED) { puts("fastd (Fast and Secure Tunnelling Daemon) " FASTD_VERSION " usage:\n"); #define OR ", " @@ -64,51 +64,51 @@ static void usage(fastd_context_t *ctx UNUSED, fastd_config_t *conf UNUSED) { exit(0); } -static void version(fastd_context_t *ctx UNUSED, fastd_config_t *conf UNUSED) { +static void version(fastd_context_t *ctx UNUSED) { puts("fastd " FASTD_VERSION); exit(0); } -static void option_daemon(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - conf->daemon = true; +static void option_daemon(fastd_context_t *ctx UNUSED) { + conf.daemon = true; } -static void option_pid_file(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - free(conf->pid_file); - conf->pid_file = strdup(arg); +static void option_pid_file(fastd_context_t *ctx UNUSED, const char *arg) { + free(conf.pid_file); + conf.pid_file = strdup(arg); } -static void option_config(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { +static void option_config(fastd_context_t *ctx, const char *arg) { if (!strcmp(arg, "-")) arg = NULL; - if (!fastd_read_config(ctx, conf, arg, false, 0)) + if (!fastd_read_config(ctx, arg, false, 0)) exit(1); } -static void option_config_peer(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { - fastd_peer_config_new(ctx, conf); +static void option_config_peer(fastd_context_t *ctx, const char *arg) { + fastd_peer_config_new(ctx); - if(!fastd_read_config(ctx, conf, arg, true, 0)) + if(!fastd_read_config(ctx, arg, true, 0)) exit(1); } -static void option_config_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { - fastd_add_peer_dir(ctx, conf, arg); +static void option_config_peer_dir(fastd_context_t *ctx, const char *arg) { + fastd_add_peer_dir(ctx, arg); } #ifdef WITH_CMDLINE_USER -static void option_user(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - free(conf->user); - conf->user = strdup(arg); +static void option_user(fastd_context_t *ctx UNUSED, const char *arg) { + free(conf.user); + conf.user = strdup(arg); } -static void option_group(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - free(conf->group); - conf->group = strdup(arg); +static void option_group(fastd_context_t *ctx UNUSED, const char *arg) { + free(conf.group); + conf.group = strdup(arg); } #endif @@ -134,56 +134,56 @@ static int parse_log_level(fastd_context_t *ctx, const char *arg) { exit_error(ctx, "invalid log level `%s'", arg); } -static void option_log_level(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { - conf->log_stderr_level = parse_log_level(ctx, arg); +static void option_log_level(fastd_context_t *ctx, const char *arg) { + conf.log_stderr_level = parse_log_level(ctx, arg); } -static void option_syslog_level(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { - conf->log_syslog_level = parse_log_level(ctx, arg); +static void option_syslog_level(fastd_context_t *ctx, const char *arg) { + conf.log_syslog_level = parse_log_level(ctx, arg); } -static void option_syslog_ident(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - free(conf->log_syslog_ident); - conf->log_syslog_ident = strdup(arg); +static void option_syslog_ident(fastd_context_t *ctx UNUSED, const char *arg) { + free(conf.log_syslog_ident); + conf.log_syslog_ident = strdup(arg); } -static void option_hide_ip_addresses(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - conf->hide_ip_addresses = true; +static void option_hide_ip_addresses(fastd_context_t *ctx UNUSED) { + conf.hide_ip_addresses = true; } -static void option_hide_mac_addresses(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - conf->hide_mac_addresses = true; +static void option_hide_mac_addresses(fastd_context_t *ctx UNUSED) { + conf.hide_mac_addresses = true; } #endif #ifdef WITH_CMDLINE_OPERATION -static void option_mode(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { +static void option_mode(fastd_context_t *ctx, const char *arg) { if (!strcmp(arg, "tap")) - conf->mode = MODE_TAP; + conf.mode = MODE_TAP; else if (!strcmp(arg, "tun")) - conf->mode = MODE_TUN; + conf.mode = MODE_TUN; else exit_error(ctx, "invalid mode `%s'", arg); } -static void option_interface(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - free(conf->ifname); - conf->ifname = strdup(arg); +static void option_interface(fastd_context_t *ctx UNUSED, const char *arg) { + free(conf.ifname); + conf.ifname = strdup(arg); } -static void option_mtu(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { +static void option_mtu(fastd_context_t *ctx, const char *arg) { char *endptr; long mtu = strtol(arg, &endptr, 10); if (*endptr || mtu < 576 || mtu > 65535) exit_error(ctx, "invalid mtu `%s'", arg); - conf->mtu = mtu; + conf.mtu = mtu; } -static void option_bind(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { +static void option_bind(fastd_context_t *ctx, const char *arg) { long l; char *charptr; char *endptr; @@ -250,75 +250,75 @@ static void option_bind(fastd_context_t *ctx, fastd_config_t *conf, const char * free(addrstr); - fastd_config_bind_address(ctx, conf, &addr, ifname, false, false); + fastd_config_bind_address(ctx, &addr, ifname, false, false); } -static void option_protocol(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { - fastd_config_protocol(ctx, conf, arg); +static void option_protocol(fastd_context_t *ctx, const char *arg) { + fastd_config_protocol(ctx, arg); } -static void option_method(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { - fastd_config_method(ctx, conf, arg); +static void option_method(fastd_context_t *ctx, const char *arg) { + fastd_config_method(ctx, arg); } -static void option_forward(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - conf->forward = true; +static void option_forward(fastd_context_t *ctx UNUSED) { + conf.forward = true; } #endif #ifdef WITH_CMDLINE_COMMANDS -static void option_on_pre_up(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - fastd_shell_command_set(&conf->on_pre_up, arg, true); +static void option_on_pre_up(fastd_context_t *ctx UNUSED, const char *arg) { + fastd_shell_command_set(&conf.on_pre_up, arg, true); } -static void option_on_up(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - fastd_shell_command_set(&conf->on_up, arg, true); +static void option_on_up(fastd_context_t *ctx UNUSED, const char *arg) { + fastd_shell_command_set(&conf.on_up, arg, true); } -static void option_on_down(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - fastd_shell_command_set(&conf->on_down, arg, true); +static void option_on_down(fastd_context_t *ctx UNUSED, const char *arg) { + fastd_shell_command_set(&conf.on_down, arg, true); } -static void option_on_post_down(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - fastd_shell_command_set(&conf->on_post_down, arg, true); +static void option_on_post_down(fastd_context_t *ctx UNUSED, const char *arg) { + fastd_shell_command_set(&conf.on_post_down, arg, true); } -static void option_on_connect(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - fastd_shell_command_set(&conf->on_connect, arg, false); +static void option_on_connect(fastd_context_t *ctx UNUSED, const char *arg) { + fastd_shell_command_set(&conf.on_connect, arg, false); } -static void option_on_establish(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - fastd_shell_command_set(&conf->on_establish, arg, false); +static void option_on_establish(fastd_context_t *ctx UNUSED, const char *arg) { + fastd_shell_command_set(&conf.on_establish, arg, false); } -static void option_on_disestablish(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - fastd_shell_command_set(&conf->on_disestablish, arg, false); +static void option_on_disestablish(fastd_context_t *ctx UNUSED, const char *arg) { + fastd_shell_command_set(&conf.on_disestablish, arg, false); } -static void option_on_verify(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const char *arg) { - fastd_shell_command_set(&conf->on_verify, arg, false); +static void option_on_verify(fastd_context_t *ctx UNUSED, const char *arg) { + fastd_shell_command_set(&conf.on_verify, arg, false); } #endif -static void option_verify_config(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - conf->verify_config = true; +static void option_verify_config(fastd_context_t *ctx UNUSED) { + conf.verify_config = true; } -static void option_generate_key(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - conf->generate_key = true; - conf->show_key = false; +static void option_generate_key(fastd_context_t *ctx UNUSED) { + conf.generate_key = true; + conf.show_key = false; } -static void option_show_key(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - conf->generate_key = false; - conf->show_key = true; +static void option_show_key(fastd_context_t *ctx UNUSED) { + conf.generate_key = false; + conf.show_key = true; } -static void option_machine_readable(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - conf->machine_readable = true; +static void option_machine_readable(fastd_context_t *ctx UNUSED) { + conf.machine_readable = true; } @@ -341,7 +341,7 @@ static bool config_match(const char *opt, ...) { return match; } -void fastd_config_handle_options(fastd_context_t *ctx, fastd_config_t *conf, int argc, char *const argv[]) { +void fastd_config_handle_options(fastd_context_t *ctx, int argc, char *const argv[]) { int i = 1; while (i < argc) { @@ -351,7 +351,7 @@ void fastd_config_handle_options(fastd_context_t *ctx, fastd_config_t *conf, int ({ \ if(config_match(argv[i], options, NULL)) { \ i++; \ - func(ctx, conf); \ + func(ctx); \ continue; \ } \ }) @@ -361,7 +361,7 @@ void fastd_config_handle_options(fastd_context_t *ctx, fastd_config_t *conf, int i+=2; \ if (i > argc) \ exit_error(ctx, "command line error: option `%s' needs an argument; see --help for usage", argv[i-2]); \ - func(ctx, conf, argv[i-1]); \ + func(ctx, argv[i-1]); \ continue; \ } \ }) @@ -33,11 +33,11 @@ static inline void on_establish(fastd_context_t *ctx, const fastd_peer_t *peer) { - fastd_shell_command_exec(ctx, &ctx->conf->on_establish, peer, &peer->local_address, &peer->address); + fastd_shell_command_exec(ctx, &conf.on_establish, peer, &peer->local_address, &peer->address); } static inline void on_disestablish(fastd_context_t *ctx, const fastd_peer_t *peer) { - fastd_shell_command_exec(ctx, &ctx->conf->on_disestablish, peer, &peer->local_address, &peer->address); + fastd_shell_command_exec(ctx, &conf.on_disestablish, peer, &peer->local_address, &peer->address); } static inline void free_socket(fastd_context_t *ctx, fastd_peer_t *peer) { @@ -175,7 +175,7 @@ static void reset_peer(fastd_context_t *ctx, fastd_peer_t *peer) { memset(&peer->local_address, 0, sizeof(peer->local_address)); - ctx->conf->protocol->reset_peer_state(ctx, peer); + conf.protocol->reset_peer_state(ctx, peer); size_t i, deleted = 0; for (i = 0; i < VECTOR_LEN(ctx->eth_addrs); i++) { @@ -240,7 +240,7 @@ static void setup_peer(fastd_context_t *ctx, fastd_peer_t *peer) { peer->establish_handshake_timeout = ctx->now; if (!peer->protocol_state) - ctx->conf->protocol->init_peer_state(ctx, peer); + conf.protocol->init_peer_state(ctx, peer); if (peer->next_remote) { peer->next_remote->current_address = 0; @@ -278,7 +278,7 @@ static void delete_peer(fastd_context_t *ctx, fastd_peer_t *peer) { fastd_peer_hashtable_remove(ctx, peer); - ctx->conf->protocol->free_peer_state(ctx, peer); + conf.protocol->free_peer_state(ctx, peer); if (!peer->config) free(peer->protocol_config); @@ -294,13 +294,13 @@ static void delete_peer(fastd_context_t *ctx, fastd_peer_t *peer) { } -fastd_peer_config_t* fastd_peer_config_new(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { +fastd_peer_config_t* fastd_peer_config_new(fastd_context_t *ctx UNUSED) { fastd_peer_config_t *peer = calloc(1, sizeof(fastd_peer_config_t)); - peer->group = conf->peer_group; + peer->group = conf.peer_group; - peer->next = conf->peers; - conf->peers = peer; + peer->next = conf.peers; + conf.peers = peer; return peer; } @@ -320,24 +320,24 @@ void fastd_peer_config_free(fastd_peer_config_t *peer) { free(peer); } -void fastd_peer_config_delete(fastd_context_t *ctx UNUSED, fastd_config_t *conf) { - fastd_peer_config_t *peer = conf->peers, *next = peer->next; +void fastd_peer_config_delete(fastd_context_t *ctx UNUSED) { + fastd_peer_config_t *peer = conf.peers, *next = peer->next; fastd_peer_config_free(peer); - conf->peers = next; + conf.peers = next; } -void fastd_peer_config_purge(fastd_context_t *ctx, fastd_peer_config_t *conf) { +void fastd_peer_config_purge(fastd_context_t *ctx, fastd_peer_config_t *config) { size_t i; for (i = 0; i < VECTOR_LEN(ctx->peers); i++) { fastd_peer_t *peer = VECTOR_INDEX(ctx->peers, i); - if (peer->config == conf) { + if (peer->config == config) { fastd_peer_delete(ctx, peer); break; } } - fastd_peer_config_free(conf); + fastd_peer_config_free(config); } bool fastd_peer_address_equal(const fastd_peer_address_t *addr1, const fastd_peer_address_t *addr2) { @@ -590,7 +590,7 @@ fastd_peer_t* fastd_peer_add(fastd_context_t *ctx, fastd_peer_config_t *peer_con } fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx) { - if (!fastd_shell_command_isset(&ctx->conf->on_verify)) + if (!fastd_shell_command_isset(&conf.on_verify)) exit_bug(ctx, "tried to add temporary peer without on-verify command"); fastd_peer_t *peer = calloc(1, sizeof(fastd_peer_t)); @@ -608,13 +608,13 @@ fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx) { } bool fastd_peer_verify_temporary(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr) { - if (!fastd_shell_command_isset(&ctx->conf->on_verify)) + if (!fastd_shell_command_isset(&conf.on_verify)) exit_bug(ctx, "tried to verify temporary peer without on-verify command"); /* TODO: async not supported yet */ int ret; - if (!fastd_shell_command_exec_sync(ctx, &ctx->conf->on_verify, peer, local_addr, peer_addr, &ret)) + if (!fastd_shell_command_exec_sync(ctx, &conf.on_verify, peer, local_addr, peer_addr, &ret)) return false; if (WIFSIGNALED(ret)) { @@ -649,7 +649,7 @@ void fastd_peer_set_established(fastd_context_t *ctx, fastd_peer_t *peer) { fastd_eth_addr_t fastd_get_source_address(const fastd_context_t *ctx, fastd_buffer_t buffer) { fastd_eth_addr_t ret; - switch (ctx->conf->mode) { + switch (conf.mode) { case MODE_TAP: memcpy(&ret, buffer.data+offsetof(struct ethhdr, h_source), ETH_ALEN); return ret; @@ -660,7 +660,7 @@ fastd_eth_addr_t fastd_get_source_address(const fastd_context_t *ctx, fastd_buff fastd_eth_addr_t fastd_get_dest_address(const fastd_context_t *ctx, fastd_buffer_t buffer) { fastd_eth_addr_t ret; - switch (ctx->conf->mode) { + switch (conf.mode) { case MODE_TAP: memcpy(&ret, buffer.data+offsetof(struct ethhdr, h_dest), ETH_ALEN); return ret; @@ -715,7 +715,7 @@ void fastd_peer_eth_addr_add(fastd_context_t *ctx, fastd_peer_t *peer, fastd_eth if (cmp == 0) { VECTOR_INDEX(ctx->eth_addrs, cur).peer = peer; - VECTOR_INDEX(ctx->eth_addrs, cur).timeout = fastd_in_seconds(ctx, ctx->conf->eth_addr_stale_time); + VECTOR_INDEX(ctx->eth_addrs, cur).timeout = fastd_in_seconds(ctx, conf.eth_addr_stale_time); return; /* We're done here. */ } else if (cmp < 0) { @@ -726,7 +726,7 @@ void fastd_peer_eth_addr_add(fastd_context_t *ctx, fastd_peer_t *peer, fastd_eth } } - VECTOR_INSERT(ctx->eth_addrs, ((fastd_peer_eth_addr_t) {addr, peer, fastd_in_seconds(ctx, ctx->conf->eth_addr_stale_time)}), min); + VECTOR_INSERT(ctx->eth_addrs, ((fastd_peer_eth_addr_t) {addr, peer, fastd_in_seconds(ctx, conf.eth_addr_stale_time)}), min); pr_debug(ctx, "learned new MAC address %E on peer %P", &addr, peer); } @@ -738,7 +738,7 @@ void fastd_peer_eth_addr_cleanup(fastd_context_t *ctx) { if (fastd_timed_out(ctx, &VECTOR_INDEX(ctx->eth_addrs, i).timeout)) { deleted++; pr_debug(ctx, "MAC address %E not seen for more than %u seconds, removing", - &VECTOR_INDEX(ctx->eth_addrs, i).addr, ctx->conf->eth_addr_stale_time); + &VECTOR_INDEX(ctx->eth_addrs, i).addr, conf.eth_addr_stale_time); } else if (deleted) { VECTOR_INDEX(ctx->eth_addrs, i-deleted) = VECTOR_INDEX(ctx->eth_addrs, i); @@ -122,15 +122,15 @@ static inline uint16_t fastd_peer_address_get_port(const fastd_peer_address_t *a } } -fastd_peer_config_t* fastd_peer_config_new(fastd_context_t *ctx, fastd_config_t *conf); +fastd_peer_config_t* fastd_peer_config_new(fastd_context_t *ctx); void fastd_peer_config_free(fastd_peer_config_t *peer); -void fastd_peer_config_delete(fastd_context_t *ctx, fastd_config_t *conf); -void fastd_peer_config_purge(fastd_context_t *ctx, fastd_peer_config_t *conf); +void fastd_peer_config_delete(fastd_context_t *ctx); +void fastd_peer_config_purge(fastd_context_t *ctx, fastd_peer_config_t *config); bool fastd_peer_config_equal(const fastd_peer_config_t *peer1, const fastd_peer_config_t *peer2); void fastd_peer_reset(fastd_context_t *ctx, fastd_peer_t *peer); void fastd_peer_delete(fastd_context_t *ctx, fastd_peer_t *peer); -fastd_peer_t* fastd_peer_add(fastd_context_t *ctx, fastd_peer_config_t *conf); +fastd_peer_t* fastd_peer_add(fastd_context_t *ctx, fastd_peer_config_t *peer_conf); fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx); bool fastd_peer_verify_temporary(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr); void fastd_peer_enable_temporary(fastd_context_t *ctx, fastd_peer_t *peer); @@ -198,7 +198,7 @@ static inline bool fastd_remote_is_dynamic(const fastd_remote_t *remote) { } static inline void fastd_peer_seen(fastd_context_t *ctx, fastd_peer_t *peer) { - peer->timeout = fastd_in_seconds(ctx, ctx->conf->peer_stale_time); + peer->timeout = fastd_in_seconds(ctx, conf.peer_stale_time); } static inline bool fastd_peer_is_socket_dynamic(const fastd_peer_t *peer) { @@ -35,8 +35,8 @@ #endif -static inline bool handle_tun_tap(fastd_context_t *ctx, fastd_buffer_t buffer) { - if (ctx->conf->mode != MODE_TAP) +static inline bool handle_tap(fastd_context_t *ctx, fastd_buffer_t buffer) { + if (conf.mode != MODE_TAP) return false; if (buffer.len < ETH_HLEN) { @@ -54,16 +54,16 @@ static inline bool handle_tun_tap(fastd_context_t *ctx, fastd_buffer_t buffer) { if (!peer) return false; - ctx->conf->protocol->send(ctx, peer, buffer); + conf.protocol->send(ctx, peer, buffer); return true; } -static void handle_tun(fastd_context_t *ctx) { +static void handle_tuntap(fastd_context_t *ctx) { fastd_buffer_t buffer = fastd_tuntap_read(ctx); if (!buffer.len) return; - if (handle_tun_tap(ctx, buffer)) + if (handle_tap(ctx, buffer)) return; /* TUN mode or multicast packet */ @@ -173,7 +173,7 @@ void fastd_poll_handle(fastd_context_t *ctx) { for (i = 0; i < (size_t)ret; i++) { if (events[i].data.ptr == &ctx->tunfd) { if (events[i].events & EPOLLIN) - handle_tun(ctx); + handle_tuntap(ctx); } else if (events[i].data.ptr == &ctx->async_rfd) { if (events[i].events & EPOLLIN) @@ -280,7 +280,7 @@ void fastd_poll_handle(fastd_context_t *ctx) { fastd_update_time(ctx); if (VECTOR_INDEX(ctx->pollfds, 0).revents & POLLIN) - handle_tun(ctx); + handle_tuntap(ctx); if (VECTOR_INDEX(ctx->pollfds, 1).revents & POLLIN) fastd_async_handle(ctx); diff --git a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c index 735a0ea..698746b 100644 --- a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c +++ b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c @@ -52,10 +52,10 @@ static inline void check_session_refresh(fastd_context_t *ctx, fastd_peer_t *pee static fastd_protocol_config_t* protocol_init(fastd_context_t *ctx) { fastd_protocol_config_t *protocol_config = malloc(sizeof(fastd_protocol_config_t)); - if (!ctx->conf->secret) + if (!conf.secret) exit_error(ctx, "no secret key configured"); - if (!read_key(protocol_config->key.secret.p, ctx->conf->secret)) + if (!read_key(protocol_config->key.secret.p, conf.secret)) exit_error(ctx, "invalid secret key"); ecc_25519_work_t work; @@ -92,7 +92,7 @@ static void protocol_peer_configure(fastd_context_t *ctx, fastd_peer_config_t *p peer_conf->protocol_config = malloc(sizeof(fastd_protocol_peer_config_t)); peer_conf->protocol_config->public_key = key; - if (memcmp(&peer_conf->protocol_config->public_key, &ctx->conf->protocol_config->key.public, 32) == 0) + if (memcmp(&peer_conf->protocol_config->public_key, &conf.protocol_config->key.public, 32) == 0) pr_debug(ctx, "found own key as `%s', ignoring peer", peer_conf->name); } @@ -169,7 +169,7 @@ static void session_send(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer_ } fastd_send(ctx, peer->sock, &peer->local_address, &peer->address, peer, send_buffer, stat_size); - peer->keepalive_timeout = fastd_in_seconds(ctx, ctx->conf->keepalive_timeout); + peer->keepalive_timeout = fastd_in_seconds(ctx, conf.keepalive_timeout); } static void protocol_send(fastd_context_t *ctx, fastd_peer_t *peer, fastd_buffer_t buffer) { diff --git a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h index 19d2cbf..be316db 100644 --- a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h +++ b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h @@ -90,8 +90,8 @@ void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_ void fastd_protocol_ec25519_fhmqvc_send_empty(fastd_context_t *ctx, fastd_peer_t *peer, protocol_session_t *session); void fastd_protocol_ec25519_fhmqvc_generate_key(fastd_context_t *ctx); -void fastd_protocol_ec25519_fhmqvc_show_key(fastd_context_t *ctx); -void fastd_protocol_ec25519_fhmqvc_set_shell_env(fastd_context_t *ctx, const fastd_peer_t *peer); +void fastd_protocol_ec25519_fhmqvc_show_key(void); +void fastd_protocol_ec25519_fhmqvc_set_shell_env(const fastd_peer_t *peer); bool fastd_protocol_ec25519_fhmqvc_describe_peer(const fastd_context_t *ctx UNUSED, const fastd_peer_t *peer, char *buf, size_t len); diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c index ef601df..dda798b 100644 --- a/src/protocols/ec25519_fhmqvc/handshake.c +++ b/src/protocols/ec25519_fhmqvc/handshake.c @@ -149,7 +149,7 @@ static bool establish(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_meth return false; } - peer->establish_handshake_timeout = fastd_in_seconds(ctx, ctx->conf->min_handshake_interval); + peer->establish_handshake_timeout = fastd_in_seconds(ctx, conf.min_handshake_interval); fastd_peer_seen(ctx, peer); fastd_peer_set_established(ctx, peer); @@ -173,7 +173,7 @@ static inline bool secure_handshake(const fastd_handshake_t *handshake) { } -static bool make_shared_handshake_key(fastd_context_t *ctx, const ecc_int256_t *handshake_key, bool initiator, +static bool make_shared_handshake_key(const ecc_int256_t *handshake_key, bool initiator, const aligned_int256_t *A, const aligned_int256_t *B, const aligned_int256_t *X, const aligned_int256_t *Y, aligned_int256_t *sigma, @@ -206,14 +206,14 @@ static bool make_shared_handshake_key(fastd_context_t *ctx, const ecc_int256_t * if (initiator) { ecc_int256_t da; - ecc_25519_gf_mult(&da, &d, &ctx->conf->protocol_config->key.secret); + ecc_25519_gf_mult(&da, &d, &conf.protocol_config->key.secret); ecc_25519_gf_add(&s, &da, handshake_key); ecc_25519_scalarmult(&work, &e, &work); } else { ecc_int256_t eb; - ecc_25519_gf_mult(&eb, &e, &ctx->conf->protocol_config->key.secret); + ecc_25519_gf_mult(&eb, &e, &conf.protocol_config->key.secret); ecc_25519_gf_add(&s, &eb, handshake_key); ecc_25519_scalarmult(&work, &d, &work); @@ -236,17 +236,17 @@ static bool make_shared_handshake_key(fastd_context_t *ctx, const ecc_int256_t * return true; } -static bool update_shared_handshake_key(fastd_context_t *ctx, const fastd_peer_t *peer, const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key) { +static bool update_shared_handshake_key(const fastd_peer_t *peer, const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key) { if (peer->protocol_state->last_handshake_serial == handshake_key->serial) { if (memcmp(&peer->protocol_state->peer_handshake_key, peer_handshake_key, PUBLICKEYBYTES) == 0) return true; } - bool compat = !ctx->conf->secure_handshakes; + bool compat = !conf.secure_handshakes; - if (!make_shared_handshake_key(ctx, &handshake_key->key.secret, false, + if (!make_shared_handshake_key(&handshake_key->key.secret, false, &peer->protocol_config->public_key, - &ctx->conf->protocol_config->key.public, + &conf.protocol_config->key.public, peer_handshake_key, &handshake_key->key.public, &peer->protocol_state->sigma, @@ -273,20 +273,20 @@ static void respond_handshake(fastd_context_t *ctx, const fastd_socket_t *sock, const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key, const fastd_handshake_t *handshake, const fastd_method_info_t *method) { pr_debug(ctx, "responding handshake with %P[%I]...", peer, remote_addr); - if (!update_shared_handshake_key(ctx, peer, handshake_key, peer_handshake_key)) + if (!update_shared_handshake_key(peer, handshake_key, peer_handshake_key)) return; fastd_buffer_t buffer = fastd_handshake_new_reply(ctx, handshake, method, true, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES)); - fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &ctx->conf->protocol_config->key.public); + fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public); fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key); fastd_sha256_t hmacbuf; - if (!ctx->conf->secure_handshakes) { - fastd_hmacsha256_blocks(&hmacbuf, peer->protocol_state->shared_handshake_key_compat.w, ctx->conf->protocol_config->key.public.u32, handshake_key->key.public.u32, NULL); + if (!conf.secure_handshakes) { + fastd_hmacsha256_blocks(&hmacbuf, peer->protocol_state->shared_handshake_key_compat.w, conf.protocol_config->key.public.u32, handshake_key->key.public.u32, NULL); fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b); } @@ -305,8 +305,8 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f aligned_int256_t sigma; fastd_sha256_t shared_handshake_key, shared_handshake_key_compat; - if (!make_shared_handshake_key(ctx, &handshake_key->key.secret, true, - &ctx->conf->protocol_config->key.public, + if (!make_shared_handshake_key(&handshake_key->key.secret, true, + &conf.protocol_config->key.public, &peer->protocol_config->public_key, &handshake_key->key.public, peer_handshake_key, @@ -332,13 +332,13 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f return; } - if (!establish(ctx, peer, method, sock, local_addr, remote_addr, true, &handshake_key->key.public, peer_handshake_key, &ctx->conf->protocol_config->key.public, + if (!establish(ctx, peer, method, sock, local_addr, remote_addr, true, &handshake_key->key.public, peer_handshake_key, &conf.protocol_config->key.public, &peer->protocol_config->public_key, &sigma, compat ? NULL : shared_handshake_key.w, handshake_key->serial)) return; fastd_buffer_t buffer = fastd_handshake_new_reply(ctx, handshake, method, false, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES)); - fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &ctx->conf->protocol_config->key.public); + fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public); fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key); @@ -351,7 +351,7 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f } else { fastd_sha256_t hmacbuf; - fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key_compat.w, ctx->conf->protocol_config->key.public.u32, handshake_key->key.public.u32, NULL); + fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key_compat.w, conf.protocol_config->key.public.u32, handshake_key->key.public.u32, NULL); fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b); } @@ -365,7 +365,7 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, bool compat = !secure_handshake(handshake); - if (!update_shared_handshake_key(ctx, peer, handshake_key, peer_handshake_key)) + if (!update_shared_handshake_key(peer, handshake_key, peer_handshake_key)) return; bool valid; @@ -386,7 +386,7 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, } establish(ctx, peer, method, sock, local_addr, remote_addr, false, peer_handshake_key, &handshake_key->key.public, &peer->protocol_config->public_key, - &ctx->conf->protocol_config->key.public, &peer->protocol_state->sigma, compat ? NULL : peer->protocol_state->shared_handshake_key.w, handshake_key->serial); + &conf.protocol_config->key.public, &peer->protocol_state->sigma, compat ? NULL : peer->protocol_state->shared_handshake_key.w, handshake_key->serial); clear_shared_handshake_key(ctx, peer); } @@ -441,11 +441,11 @@ static fastd_peer_t* match_sender_key(fastd_context_t *ctx, const fastd_socket_t return find_sender_key(ctx, address, key); } -static size_t key_count(fastd_context_t *ctx, const unsigned char key[32]) { +static size_t key_count(const unsigned char key[32]) { size_t ret = 0; fastd_peer_config_t *p; - for (p = ctx->conf->peers; p; p = p->next) { + for (p = conf.peers; p; p = p->next) { if (!p->protocol_config) continue; @@ -460,10 +460,10 @@ bool fastd_protocol_ec25519_fhmqvc_peer_check(fastd_context_t *ctx, fastd_peer_c if (!peer_conf->protocol_config) return false; - if (memcmp(&peer_conf->protocol_config->public_key, &ctx->conf->protocol_config->key.public, 32) == 0) + if (memcmp(&peer_conf->protocol_config->public_key, &conf.protocol_config->key.public, 32) == 0) return false; - if (key_count(ctx, peer_conf->protocol_config->public_key.u8) > 1) { + if (key_count(peer_conf->protocol_config->public_key.u8) > 1) { char buf[65]; hexdump(buf, peer_conf->protocol_config->public_key.u8); pr_warn(ctx, "more than one peer is configured with key %s, disabling %s", buf, peer_conf->name); @@ -474,7 +474,7 @@ bool fastd_protocol_ec25519_fhmqvc_peer_check(fastd_context_t *ctx, fastd_peer_c } bool fastd_protocol_ec25519_fhmqvc_peer_check_temporary(fastd_context_t *ctx, fastd_peer_t *peer) { - if (key_count(ctx, peer->protocol_config->public_key.u8)) { + if (key_count(peer->protocol_config->public_key.u8)) { char buf[65]; hexdump(buf, peer->protocol_config->public_key.u8); pr_info(ctx, "key %s is configured now, deleting temporary peer.", buf); @@ -484,17 +484,17 @@ bool fastd_protocol_ec25519_fhmqvc_peer_check_temporary(fastd_context_t *ctx, fa return true; } -static inline bool allow_unknown(fastd_context_t *ctx) { - return fastd_shell_command_isset(&ctx->conf->on_verify); +static inline bool allow_unknown(void) { + return fastd_shell_command_isset(&conf.on_verify); } static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, const fastd_peer_address_t *addr, const unsigned char key[32]) { - if (!allow_unknown(ctx)) { + if (!allow_unknown()) { pr_debug(ctx, "ignoring handshake from %I (unknown key)", addr); return NULL; } - if (key_count(ctx, key)) { + if (key_count(key)) { pr_debug(ctx, "ignoring handshake from %I (disabled key)", addr); return NULL; } @@ -516,7 +516,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_init(fastd_context_t *ctx, const fa fastd_buffer_t buffer = fastd_handshake_new_init(ctx, 3*(4+PUBLICKEYBYTES) /* sender key, receipient key, handshake key */); - fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &ctx->conf->protocol_config->key.public); + fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); if (peer) fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); @@ -526,7 +526,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_init(fastd_context_t *ctx, const fa fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &ctx->protocol_state->handshake_key.key.public); if (!peer || !fastd_peer_is_established(peer)) - fastd_shell_command_exec(ctx, &ctx->conf->on_connect, peer, (local_addr && local_addr->sa.sa_family) ? local_addr : sock->bound_addr, remote_addr); + fastd_shell_command_exec(ctx, &conf.on_connect, peer, (local_addr && local_addr->sa.sa_family) ? local_addr : sock->bound_addr, remote_addr); fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer); } @@ -576,7 +576,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_ } if (has_field(handshake, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES)) { - if (memcmp(&ctx->conf->protocol_config->key.public, handshake->records[RECORD_RECEIPIENT_KEY].data, PUBLICKEYBYTES) != 0) { + if (memcmp(&conf.protocol_config->key.public, handshake->records[RECORD_RECEIPIENT_KEY].data, PUBLICKEYBYTES) != 0) { pr_debug(ctx, "received protocol handshake with wrong receipient key from %P[%I]", peer, remote_addr); return; } @@ -599,7 +599,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_ pr_verbose(ctx, "received handshake from %P[%I]%s%s", peer, remote_addr, handshake->peer_version ? " using fastd " : "", handshake->peer_version ?: ""); - peer->last_handshake_response_timeout = fastd_in_seconds(ctx, ctx->conf->min_handshake_interval); + peer->last_handshake_response_timeout = fastd_in_seconds(ctx, conf.min_handshake_interval); peer->last_handshake_response_address = *remote_addr; respond_handshake(ctx, sock, local_addr, remote_addr, peer, &ctx->protocol_state->handshake_key, &peer_handshake_key, handshake, method); return; @@ -616,7 +616,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_ } if (!secure_handshake(handshake)) { - if (ctx->conf->secure_handshakes || !has_field(handshake, RECORD_T, HASHBYTES)) { + if (conf.secure_handshakes || !has_field(handshake, RECORD_T, HASHBYTES)) { pr_debug(ctx, "received handshake reply without HMAC from %P[%I]", peer, remote_addr); return; } diff --git a/src/protocols/ec25519_fhmqvc/util.c b/src/protocols/ec25519_fhmqvc/util.c index 3e1bafd..a72ebbf 100644 --- a/src/protocols/ec25519_fhmqvc/util.c +++ b/src/protocols/ec25519_fhmqvc/util.c @@ -38,7 +38,7 @@ void fastd_protocol_ec25519_fhmqvc_generate_key(fastd_context_t *ctx) { ecc_int256_t secret_key; ecc_int256_t public_key; - if (!ctx->conf->machine_readable) + if (!conf.machine_readable) pr_info(ctx, "Reading 32 bytes from /dev/random..."); fastd_random_bytes(ctx, secret_key.p, 32, true); @@ -48,7 +48,7 @@ void fastd_protocol_ec25519_fhmqvc_generate_key(fastd_context_t *ctx) { ecc_25519_scalarmult_base(&work, &secret_key); ecc_25519_store_packed(&public_key, &work); - if (ctx->conf->machine_readable) { + if (conf.machine_readable) { print_hexdump("", secret_key.p); } else { @@ -57,17 +57,17 @@ void fastd_protocol_ec25519_fhmqvc_generate_key(fastd_context_t *ctx) { } } -void fastd_protocol_ec25519_fhmqvc_show_key(fastd_context_t *ctx) { - if (ctx->conf->machine_readable) - print_hexdump("", ctx->conf->protocol_config->key.public.u8); +void fastd_protocol_ec25519_fhmqvc_show_key(void) { + if (conf.machine_readable) + print_hexdump("", conf.protocol_config->key.public.u8); else - print_hexdump("Public: ", ctx->conf->protocol_config->key.public.u8); + print_hexdump("Public: ", conf.protocol_config->key.public.u8); } -void fastd_protocol_ec25519_fhmqvc_set_shell_env(fastd_context_t *ctx, const fastd_peer_t *peer) { +void fastd_protocol_ec25519_fhmqvc_set_shell_env(const fastd_peer_t *peer) { char buf[65]; - hexdump(buf, ctx->conf->protocol_config->key.public.u8); + hexdump(buf, conf.protocol_config->key.public.u8); setenv("LOCAL_KEY", buf, 1); if (peer && peer->protocol_config) { diff --git a/src/receive.c b/src/receive.c index 32a1c39..49f05fe 100644 --- a/src/receive.c +++ b/src/receive.c @@ -99,7 +99,7 @@ static bool backoff_unknown(fastd_context_t *ctx, const fastd_peer_address_t *ad fastd_handshake_timeout_t *t = &ctx->unknown_handshakes[ctx->unknown_handshake_pos]; t->address = *addr; - t->timeout = fastd_in_seconds(ctx, ctx->conf->min_handshake_interval); + t->timeout = fastd_in_seconds(ctx, conf.min_handshake_interval); return false; } @@ -119,11 +119,11 @@ static inline void handle_socket_receive_known(fastd_context_t *ctx, fastd_socke fastd_buffer_free(buffer); if (!backoff_unknown(ctx, remote_addr)) - ctx->conf->protocol->handshake_init(ctx, sock, local_addr, remote_addr, NULL); + conf.protocol->handshake_init(ctx, sock, local_addr, remote_addr, NULL); return; } - ctx->conf->protocol->handle_recv(ctx, peer, buffer); + conf.protocol->handle_recv(ctx, peer, buffer); break; case PACKET_HANDSHAKE: @@ -131,8 +131,8 @@ static inline void handle_socket_receive_known(fastd_context_t *ctx, fastd_socke } } -static inline bool allow_unknown_peers(fastd_context_t *ctx) { - return ctx->conf->has_floating || fastd_shell_command_isset(&ctx->conf->on_verify); +static inline bool allow_unknown_peers(void) { + return conf.has_floating || fastd_shell_command_isset(&conf.on_verify); } static inline void handle_socket_receive_unknown(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_buffer_t buffer) { @@ -144,7 +144,7 @@ static inline void handle_socket_receive_unknown(fastd_context_t *ctx, fastd_soc fastd_buffer_free(buffer); if (!backoff_unknown(ctx, remote_addr)) - ctx->conf->protocol->handshake_init(ctx, sock, local_addr, remote_addr, NULL); + conf.protocol->handshake_init(ctx, sock, local_addr, remote_addr, NULL); break; case PACKET_HANDSHAKE: @@ -170,7 +170,7 @@ static inline void handle_socket_receive(fastd_context_t *ctx, fastd_socket_t *s if (peer) { handle_socket_receive_known(ctx, sock, local_addr, remote_addr, peer, buffer); } - else if (allow_unknown_peers(ctx)) { + else if (allow_unknown_peers()) { handle_socket_receive_unknown(ctx, sock, local_addr, remote_addr, buffer); } else { @@ -181,7 +181,7 @@ static inline void handle_socket_receive(fastd_context_t *ctx, fastd_socket_t *s void fastd_receive(fastd_context_t *ctx, fastd_socket_t *sock) { size_t max_len = fastd_max_outer_packet(ctx); - fastd_buffer_t buffer = fastd_buffer_alloc(ctx, max_len, ctx->conf->min_decrypt_head_space, ctx->conf->min_decrypt_tail_space); + fastd_buffer_t buffer = fastd_buffer_alloc(ctx, max_len, conf.min_decrypt_head_space, conf.min_decrypt_tail_space); fastd_peer_address_t local_addr; fastd_peer_address_t recvaddr; struct iovec buffer_vec = { .iov_base = buffer.data, .iov_len = buffer.len }; diff --git a/src/resolve.c b/src/resolve.c index ead1985..c67fd53 100644 --- a/src/resolve.c +++ b/src/resolve.c @@ -121,7 +121,7 @@ void fastd_resolve_peer(fastd_context_t *ctx, fastd_peer_t *peer, fastd_remote_t pr_verbose(ctx, "resolving host `%s' for peer %P...", remote->config->hostname, peer); fastd_remote_ref(remote); - remote->last_resolve_timeout = fastd_in_seconds(ctx, ctx->conf->min_resolve_interval); + remote->last_resolve_timeout = fastd_in_seconds(ctx, conf.min_resolve_interval); remote->resolving = true; resolv_arg_t *arg = malloc(sizeof(resolv_arg_t)); @@ -185,11 +185,11 @@ void fastd_send_all(fastd_context_t *ctx, fastd_peer_t *source_peer, fastd_buffe /* optimization, primarily for TUN mode: don't duplicate the buffer for the last (or only) peer */ if (i == VECTOR_LEN(ctx->peers)-1) { - ctx->conf->protocol->send(ctx, dest_peer, buffer); + conf.protocol->send(ctx, dest_peer, buffer); return; } - ctx->conf->protocol->send(ctx, dest_peer, fastd_buffer_dup(ctx, buffer, ctx->conf->min_encrypt_head_space, ctx->conf->min_encrypt_tail_space)); + conf.protocol->send(ctx, dest_peer, fastd_buffer_dup(ctx, buffer, conf.min_encrypt_head_space, conf.min_encrypt_tail_space)); } fastd_buffer_free(buffer); diff --git a/src/shell.c b/src/shell.c index 23381e0..786dd2a 100644 --- a/src/shell.c +++ b/src/shell.c @@ -42,10 +42,10 @@ static void shell_command_setenv(fastd_context_t *ctx, pid_t pid, const fastd_pe if (ctx->ifname) { setenv("INTERFACE", ctx->ifname, 1); } - else if (ctx->conf->ifname) { + else if (conf.ifname) { char ifname[IF_NAMESIZE]; - strncpy(ifname, ctx->conf->ifname, sizeof(ifname)-1); + strncpy(ifname, conf.ifname, sizeof(ifname)-1); ifname[sizeof(ifname)-1] = 0; setenv("INTERFACE", ifname, 1); @@ -54,7 +54,7 @@ static void shell_command_setenv(fastd_context_t *ctx, pid_t pid, const fastd_pe unsetenv("INTERFACE"); } - snprintf(buf, sizeof(buf), "%u", ctx->conf->mtu); + snprintf(buf, sizeof(buf), "%u", conf.mtu); setenv("INTERFACE_MTU", buf, 1); if (peer && peer->config && peer->config->name) @@ -122,7 +122,7 @@ static void shell_command_setenv(fastd_context_t *ctx, pid_t pid, const fastd_pe unsetenv("PEER_PORT"); } - ctx->conf->protocol->set_shell_env(ctx, peer); + conf.protocol->set_shell_env(peer); } static bool shell_command_do_exec(fastd_context_t *ctx, const fastd_shell_command_t *command, const fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr, pid_t *pid_ret) { diff --git a/src/socket.c b/src/socket.c index a1e0d02..70ff17a 100644 --- a/src/socket.c +++ b/src/socket.c @@ -93,8 +93,8 @@ static int bind_socket(fastd_context_t *ctx, const fastd_bind_address_t *addr, b #endif #ifdef USE_PMTU - if (ctx->conf->pmtu.set) { - int pmtu = ctx->conf->pmtu.state ? IP_PMTUDISC_DO : IP_PMTUDISC_DONT; + if (conf.pmtu.set) { + int pmtu = conf.pmtu.state ? IP_PMTUDISC_DO : IP_PMTUDISC_DONT; if (setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER, &pmtu, sizeof(pmtu))) { pr_error_errno(ctx, "setsockopt: unable to set PMTU discovery"); goto error; @@ -103,8 +103,8 @@ static int bind_socket(fastd_context_t *ctx, const fastd_bind_address_t *addr, b #endif #ifdef USE_PACKET_MARK - if (ctx->conf->packet_mark) { - if (setsockopt(fd, SOL_SOCKET, SO_MARK, &ctx->conf->packet_mark, sizeof(ctx->conf->packet_mark))) { + if (conf.packet_mark) { + if (setsockopt(fd, SOL_SOCKET, SO_MARK, &conf.packet_mark, sizeof(conf.packet_mark))) { pr_error_errno(ctx, "setsockopt: unable to set packet mark"); goto error; } diff --git a/src/tuntap.c b/src/tuntap.c index fd81c2a..0fc17a3 100644 --- a/src/tuntap.c +++ b/src/tuntap.c @@ -64,10 +64,10 @@ void fastd_tuntap_open(fastd_context_t *ctx) { if ((ctx->tunfd = open("/dev/net/tun", O_RDWR|O_CLOEXEC|O_NONBLOCK)) < 0) exit_errno(ctx, "could not open tun/tap device file"); - if (ctx->conf->ifname) - strncpy(ifr.ifr_name, ctx->conf->ifname, IFNAMSIZ-1); + if (conf.ifname) + strncpy(ifr.ifr_name, conf.ifname, IFNAMSIZ-1); - switch (ctx->conf->mode) { + switch (conf.mode) { case MODE_TAP: ifr.ifr_flags = IFF_TAP; break; @@ -93,8 +93,8 @@ void fastd_tuntap_open(fastd_context_t *ctx) { if (ioctl(ctl_sock, SIOCGIFMTU, &ifr) < 0) exit_errno(ctx, "SIOCGIFMTU ioctl failed"); - if (ifr.ifr_mtu != ctx->conf->mtu) { - ifr.ifr_mtu = ctx->conf->mtu; + if (ifr.ifr_mtu != conf.mtu) { + ifr.ifr_mtu = conf.mtu; if (ioctl(ctl_sock, SIOCSIFMTU, &ifr) < 0) exit_errno(ctx, "SIOCSIFMTU ioctl failed"); } @@ -115,7 +115,7 @@ static void set_tun_mtu(fastd_context_t *ctx) { if (ioctl(ctx->tunfd, TUNGIFINFO, &tuninfo) < 0) exit_errno(ctx, "TUNGIFINFO ioctl failed"); - tuninfo.mtu = ctx->conf->mtu; + tuninfo.mtu = conf.mtu; if (ioctl(ctx->tunfd, TUNSIFINFO, &tuninfo) < 0) exit_errno(ctx, "TUNSIFINFO ioctl failed"); @@ -130,7 +130,7 @@ static void set_tap_mtu(fastd_context_t *ctx) { if (ioctl(ctx->tunfd, TAPGIFINFO, &tapinfo) < 0) exit_errno(ctx, "TAPGIFINFO ioctl failed"); - tapinfo.mtu = ctx->conf->mtu; + tapinfo.mtu = conf.mtu; if (ioctl(ctx->tunfd, TAPSIFINFO, &tapinfo) < 0) exit_errno(ctx, "TAPSIFINFO ioctl failed"); @@ -162,7 +162,7 @@ void fastd_tuntap_open(fastd_context_t *ctx) { char ifname[5+IFNAMSIZ] = "/dev/"; const char *type; - switch (ctx->conf->mode) { + switch (conf.mode) { case MODE_TAP: type = "tap"; break; @@ -175,11 +175,11 @@ void fastd_tuntap_open(fastd_context_t *ctx) { exit_bug(ctx, "invalid mode"); } - if (ctx->conf->ifname) { - if (strncmp(ctx->conf->ifname, type, 3) != 0) - exit_error(ctx, "`%s' doesn't seem to be a %s device", ctx->conf->ifname, type); + if (conf.ifname) { + if (strncmp(conf.ifname, type, 3) != 0) + exit_error(ctx, "`%s' doesn't seem to be a %s device", conf.ifname, type); - strncat(ifname, ctx->conf->ifname, IFNAMSIZ-1); + strncat(ifname, conf.ifname, IFNAMSIZ-1); } else { strncat(ifname, type, IFNAMSIZ-1); @@ -191,7 +191,7 @@ void fastd_tuntap_open(fastd_context_t *ctx) { if (!(ctx->ifname = fdevname_r(ctx->tunfd, malloc(IFNAMSIZ), IFNAMSIZ))) exit_errno(ctx, "could not get tun/tap interface name"); - switch (ctx->conf->mode) { + switch (conf.mode) { case MODE_TAP: setup_tap(ctx); break; @@ -246,21 +246,21 @@ static void setup_tap(fastd_context_t *ctx) { void fastd_tuntap_open(fastd_context_t *ctx) { char ifname[5+IFNAMSIZ] = "/dev/"; - if (!ctx->conf->ifname) + if (!conf.ifname) exit_error(ctx, "config error: no interface name given."); - else if (strncmp(ctx->conf->ifname, "tun", 3) != 0) - exit_error(ctx, "config error: `%s' doesn't seem to be a tun device", ctx->conf->ifname); + else if (strncmp(conf.ifname, "tun", 3) != 0) + exit_error(ctx, "config error: `%s' doesn't seem to be a tun device", conf.ifname); else - strncat(ifname, ctx->conf->ifname, IFNAMSIZ-1); + strncat(ifname, conf.ifname, IFNAMSIZ-1); pr_debug(ctx, "initializing tun device..."); if ((ctx->tunfd = open(ifname, O_RDWR|O_CLOEXEC|O_NONBLOCK)) < 0) exit_errno(ctx, "could not open tun device file"); - ctx->ifname = strndup(ctx->conf->ifname, IFNAMSIZ-1); + ctx->ifname = strndup(conf.ifname, IFNAMSIZ-1); - switch (ctx->conf->mode) { + switch (conf.mode) { case MODE_TAP: setup_tap(ctx); break; @@ -291,10 +291,10 @@ fastd_buffer_t fastd_tuntap_read(fastd_context_t *ctx) { size_t max_len = fastd_max_inner_packet(ctx); fastd_buffer_t buffer; - if (multiaf_tun && ctx->conf->mode == MODE_TUN) - buffer = fastd_buffer_alloc(ctx, max_len+4, ctx->conf->min_encrypt_head_space+12, ctx->conf->min_encrypt_tail_space); + if (multiaf_tun && conf.mode == MODE_TUN) + buffer = fastd_buffer_alloc(ctx, max_len+4, conf.min_encrypt_head_space+12, conf.min_encrypt_tail_space); else - buffer = fastd_buffer_alloc(ctx, max_len, ctx->conf->min_encrypt_head_space, ctx->conf->min_encrypt_tail_space); + buffer = fastd_buffer_alloc(ctx, max_len, conf.min_encrypt_head_space, conf.min_encrypt_tail_space); ssize_t len = read(ctx->tunfd, buffer.data, max_len); if (len < 0) { @@ -308,14 +308,14 @@ fastd_buffer_t fastd_tuntap_read(fastd_context_t *ctx) { buffer.len = len; - if (multiaf_tun && ctx->conf->mode == MODE_TUN) + if (multiaf_tun && conf.mode == MODE_TUN) fastd_buffer_push_head(ctx, &buffer, 4); return buffer; } void fastd_tuntap_write(fastd_context_t *ctx, fastd_buffer_t buffer) { - if (multiaf_tun && ctx->conf->mode == MODE_TUN) { + if (multiaf_tun && conf.mode == MODE_TUN) { uint8_t version = *((uint8_t*)buffer.data) >> 4; uint32_t af; |