a2f2016ff5c777be76de3cafaa5fb20d7ee14b44
[strongswan.git] / src / libcharon / network / receiver.c
1 /*
2 * Copyright (C) 2008-2012 Tobias Brunner
3 * Copyright (C) 2005-2006 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <stdlib.h>
19 #include <unistd.h>
20
21 #include "receiver.h"
22
23 #include <hydra.h>
24 #include <daemon.h>
25 #include <network/socket.h>
26 #include <processing/jobs/job.h>
27 #include <processing/jobs/process_message_job.h>
28 #include <processing/jobs/callback_job.h>
29 #include <crypto/hashers/hasher.h>
30 #include <threading/mutex.h>
31 #include <networking/packet.h>
32
33 /** lifetime of a cookie, in seconds */
34 #define COOKIE_LIFETIME 10
35 /** time we wait before disabling cookies */
36 #define COOKIE_CALMDOWN_DELAY 10
37 /** how many times to reuse the secret */
38 #define COOKIE_REUSE 10000
39 /** default value for private_receiver_t.cookie_threshold */
40 #define COOKIE_THRESHOLD_DEFAULT 10
41 /** default value for private_receiver_t.block_threshold */
42 #define BLOCK_THRESHOLD_DEFAULT 5
43 /** length of the secret to use for cookie calculation */
44 #define SECRET_LENGTH 16
45 /** Length of a notify payload header */
46 #define NOTIFY_PAYLOAD_HEADER_LENGTH 8
47
48 typedef struct private_receiver_t private_receiver_t;
49
50 /**
51 * Private data of a receiver_t object.
52 */
53 struct private_receiver_t {
54 /**
55 * Public part of a receiver_t object.
56 */
57 receiver_t public;
58
59 /**
60 * Registered callback for ESP packets
61 */
62 struct {
63 receiver_esp_cb_t cb;
64 void *data;
65 } esp_cb;
66
67 /**
68 * Mutex for ESP callback
69 */
70 mutex_t *esp_cb_mutex;
71
72 /**
73 * current secret to use for cookie calculation
74 */
75 char secret[SECRET_LENGTH];
76
77 /**
78 * previous secret used to verify older cookies
79 */
80 char secret_old[SECRET_LENGTH];
81
82 /**
83 * how many times we have used "secret" so far
84 */
85 u_int32_t secret_used;
86
87 /**
88 * time we did the cookie switch
89 */
90 u_int32_t secret_switch;
91
92 /**
93 * time offset to use, hides our system time
94 */
95 u_int32_t secret_offset;
96
97 /**
98 * the RNG to use for secret generation
99 */
100 rng_t *rng;
101
102 /**
103 * hasher to use for cookie calculation
104 */
105 hasher_t *hasher;
106
107 /**
108 * require cookies after this many half open IKE_SAs
109 */
110 u_int32_t cookie_threshold;
111
112 /**
113 * timestamp of last cookie requested
114 */
115 time_t last_cookie;
116
117 /**
118 * how many half open IKE_SAs per peer before blocking
119 */
120 u_int32_t block_threshold;
121
122 /**
123 * Drop IKE_SA_INIT requests if processor job load exceeds this limit
124 */
125 u_int init_limit_job_load;
126
127 /**
128 * Drop IKE_SA_INIT requests if half open IKE_SA count exceeds this limit
129 */
130 u_int init_limit_half_open;
131
132 /**
133 * Delay for receiving incoming packets, to simulate larger RTT
134 */
135 int receive_delay;
136
137 /**
138 * Specific message type to delay, 0 for any
139 */
140 int receive_delay_type;
141
142 /**
143 * Delay request messages?
144 */
145 bool receive_delay_request;
146
147 /**
148 * Delay response messages?
149 */
150 bool receive_delay_response;
151
152 /**
153 * Endpoint is allowed to act as an initiator only
154 */
155 bool initiator_only;
156
157 };
158
159 /**
160 * send a notify back to the sender
161 */
162 static void send_notify(message_t *request, int major, exchange_type_t exchange,
163 notify_type_t type, chunk_t data)
164 {
165 ike_sa_id_t *ike_sa_id;
166 message_t *response;
167 host_t *src, *dst;
168 packet_t *packet;
169
170 response = message_create(major, 0);
171 response->set_exchange_type(response, exchange);
172 response->add_notify(response, FALSE, type, data);
173 dst = request->get_source(request);
174 src = request->get_destination(request);
175 response->set_source(response, src->clone(src));
176 response->set_destination(response, dst->clone(dst));
177 if (major == IKEV2_MAJOR_VERSION)
178 {
179 response->set_request(response, FALSE);
180 }
181 response->set_message_id(response, 0);
182 ike_sa_id = request->get_ike_sa_id(request);
183 ike_sa_id->switch_initiator(ike_sa_id);
184 response->set_ike_sa_id(response, ike_sa_id);
185 if (response->generate(response, NULL, &packet) == SUCCESS)
186 {
187 charon->sender->send(charon->sender, packet);
188 }
189 response->destroy(response);
190 }
191
192 /**
193 * build a cookie
194 */
195 static bool cookie_build(private_receiver_t *this, message_t *message,
196 u_int32_t t, chunk_t secret, chunk_t *cookie)
197 {
198 u_int64_t spi = message->get_initiator_spi(message);
199 host_t *ip = message->get_source(message);
200 chunk_t input, hash;
201
202 /* COOKIE = t | sha1( IPi | SPIi | t | secret ) */
203 input = chunk_cata("cccc", ip->get_address(ip), chunk_from_thing(spi),
204 chunk_from_thing(t), secret);
205 hash = chunk_alloca(this->hasher->get_hash_size(this->hasher));
206 if (!this->hasher->get_hash(this->hasher, input, hash.ptr))
207 {
208 return FALSE;
209 }
210 *cookie = chunk_cat("cc", chunk_from_thing(t), hash);
211 return TRUE;
212 }
213
214 /**
215 * verify a received cookie
216 */
217 static bool cookie_verify(private_receiver_t *this, message_t *message,
218 chunk_t cookie)
219 {
220 u_int32_t t, now;
221 chunk_t reference;
222 chunk_t secret;
223
224 now = time_monotonic(NULL);
225 t = *(u_int32_t*)cookie.ptr;
226
227 if (cookie.len != sizeof(u_int32_t) +
228 this->hasher->get_hash_size(this->hasher) ||
229 t < now - this->secret_offset - COOKIE_LIFETIME)
230 {
231 DBG2(DBG_NET, "received cookie lifetime expired, rejecting");
232 return FALSE;
233 }
234
235 /* check if cookie is derived from old_secret */
236 if (t + this->secret_offset > this->secret_switch)
237 {
238 secret = chunk_from_thing(this->secret);
239 }
240 else
241 {
242 secret = chunk_from_thing(this->secret_old);
243 }
244
245 /* compare own calculation against received */
246 if (!cookie_build(this, message, t, secret, &reference))
247 {
248 return FALSE;
249 }
250 if (chunk_equals_const(reference, cookie))
251 {
252 chunk_free(&reference);
253 return TRUE;
254 }
255 chunk_free(&reference);
256 return FALSE;
257 }
258
259 /**
260 * Check if a valid cookie found
261 */
262 static bool check_cookie(private_receiver_t *this, message_t *message)
263 {
264 chunk_t data;
265
266 /* check for a cookie. We don't use our parser here and do it
267 * quick and dirty for performance reasons.
268 * we assume the cookie is the first payload (which is a MUST), and
269 * the cookie's SPI length is zero. */
270 data = message->get_packet_data(message);
271 if (data.len <
272 IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH +
273 sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) ||
274 *(data.ptr + 16) != PLV2_NOTIFY ||
275 *(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE))
276 {
277 /* no cookie found */
278 return FALSE;
279 }
280 data.ptr += IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH;
281 data.len = sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher);
282 if (!cookie_verify(this, message, data))
283 {
284 DBG2(DBG_NET, "found cookie, but content invalid");
285 return FALSE;
286 }
287 return TRUE;
288 }
289
290 /**
291 * Check if we currently require cookies
292 */
293 static bool cookie_required(private_receiver_t *this,
294 u_int half_open, u_int32_t now)
295 {
296 if (this->cookie_threshold && half_open >= this->cookie_threshold)
297 {
298 this->last_cookie = now;
299 return TRUE;
300 }
301 if (this->last_cookie && now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
302 {
303 /* We don't disable cookies unless we haven't seen IKE_SA_INITs
304 * for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between
305 * cookie on / cookie off states, which is problematic. Consider the
306 * following: A legitimiate initiator sends a IKE_SA_INIT while we
307 * are under a DoS attack. If we toggle our cookie behavior,
308 * multiple retransmits of this IKE_SA_INIT might get answered with
309 * and without cookies. The initiator goes on and retries with
310 * a cookie, but it can't know if the completing IKE_SA_INIT response
311 * is to its IKE_SA_INIT request with or without cookies. This is
312 * problematic, as the cookie is part of AUTH payload data.
313 */
314 this->last_cookie = now;
315 return TRUE;
316 }
317 return FALSE;
318 }
319
320 /**
321 * Check if we should drop IKE_SA_INIT because of cookie/overload checking
322 */
323 static bool drop_ike_sa_init(private_receiver_t *this, message_t *message)
324 {
325 u_int half_open, half_open_r;
326 u_int32_t now;
327
328 now = time_monotonic(NULL);
329 half_open = charon->ike_sa_manager->get_half_open_count(
330 charon->ike_sa_manager, NULL, FALSE);
331 half_open_r = charon->ike_sa_manager->get_half_open_count(
332 charon->ike_sa_manager, NULL, TRUE);
333
334 /* check for cookies in IKEv2 */
335 if (message->get_major_version(message) == IKEV2_MAJOR_VERSION &&
336 cookie_required(this, half_open_r, now) && !check_cookie(this, message))
337 {
338 chunk_t cookie;
339
340 DBG2(DBG_NET, "received packet from: %#H to %#H",
341 message->get_source(message),
342 message->get_destination(message));
343 if (!cookie_build(this, message, now - this->secret_offset,
344 chunk_from_thing(this->secret), &cookie))
345 {
346 return TRUE;
347 }
348 DBG2(DBG_NET, "sending COOKIE notify to %H",
349 message->get_source(message));
350 send_notify(message, IKEV2_MAJOR_VERSION, IKE_SA_INIT, COOKIE, cookie);
351 chunk_free(&cookie);
352 if (++this->secret_used > COOKIE_REUSE)
353 {
354 char secret[SECRET_LENGTH];
355
356 DBG1(DBG_NET, "generating new cookie secret after %d uses",
357 this->secret_used);
358 if (this->rng->get_bytes(this->rng, SECRET_LENGTH, secret))
359 {
360 memcpy(this->secret_old, this->secret, SECRET_LENGTH);
361 memcpy(this->secret, secret, SECRET_LENGTH);
362 memwipe(secret, SECRET_LENGTH);
363 this->secret_switch = now;
364 this->secret_used = 0;
365 }
366 else
367 {
368 DBG1(DBG_NET, "failed to allocated cookie secret, keeping old");
369 }
370 }
371 return TRUE;
372 }
373
374 /* check if peer has too many IKE_SAs half open */
375 if (this->block_threshold &&
376 charon->ike_sa_manager->get_half_open_count(charon->ike_sa_manager,
377 message->get_source(message), TRUE) >= this->block_threshold)
378 {
379 DBG1(DBG_NET, "ignoring IKE_SA setup from %H, "
380 "peer too aggressive", message->get_source(message));
381 return TRUE;
382 }
383
384 /* check if global half open IKE_SA limit reached */
385 if (this->init_limit_half_open &&
386 half_open >= this->init_limit_half_open)
387 {
388 DBG1(DBG_NET, "ignoring IKE_SA setup from %H, half open IKE_SA "
389 "count of %d exceeds limit of %d", message->get_source(message),
390 half_open, this->init_limit_half_open);
391 return TRUE;
392 }
393
394 /* check if job load acceptable */
395 if (this->init_limit_job_load)
396 {
397 u_int jobs = 0, i;
398
399 for (i = 0; i < JOB_PRIO_MAX; i++)
400 {
401 jobs += lib->processor->get_job_load(lib->processor, i);
402 }
403 if (jobs > this->init_limit_job_load)
404 {
405 DBG1(DBG_NET, "ignoring IKE_SA setup from %H, job load of %d "
406 "exceeds limit of %d", message->get_source(message),
407 jobs, this->init_limit_job_load);
408 return TRUE;
409 }
410 }
411 return FALSE;
412 }
413
414 /**
415 * Job callback to receive packets
416 */
417 static job_requeue_t receive_packets(private_receiver_t *this)
418 {
419 ike_sa_id_t *id;
420 packet_t *packet;
421 message_t *message;
422 host_t *src, *dst;
423 status_t status;
424 bool supported = TRUE;
425 chunk_t data, marker = chunk_from_chars(0x00, 0x00, 0x00, 0x00);
426
427 /* read in a packet */
428 status = charon->socket->receive(charon->socket, &packet);
429 if (status == NOT_SUPPORTED)
430 {
431 return JOB_REQUEUE_NONE;
432 }
433 else if (status != SUCCESS)
434 {
435 DBG2(DBG_NET, "receiving from socket failed!");
436 return JOB_REQUEUE_FAIR;
437 }
438
439 data = packet->get_data(packet);
440 if (data.len == 1 && data.ptr[0] == 0xFF)
441 { /* silently drop NAT-T keepalives */
442 packet->destroy(packet);
443 return JOB_REQUEUE_DIRECT;
444 }
445 else if (data.len < marker.len)
446 { /* drop packets that are too small */
447 DBG3(DBG_NET, "received packet is too short (%d bytes)", data.len);
448 packet->destroy(packet);
449 return JOB_REQUEUE_DIRECT;
450 }
451
452 dst = packet->get_destination(packet);
453 src = packet->get_source(packet);
454 if (!hydra->kernel_interface->all_interfaces_usable(hydra->kernel_interface)
455 && !hydra->kernel_interface->get_interface(hydra->kernel_interface,
456 dst, NULL))
457 {
458 DBG3(DBG_NET, "received packet from %#H to %#H on ignored interface",
459 src, dst);
460 packet->destroy(packet);
461 return JOB_REQUEUE_DIRECT;
462 }
463
464 /* if neither source nor destination port is 500 we assume an IKE packet
465 * with Non-ESP marker or an ESP packet */
466 if (dst->get_port(dst) != IKEV2_UDP_PORT &&
467 src->get_port(src) != IKEV2_UDP_PORT)
468 {
469 if (memeq(data.ptr, marker.ptr, marker.len))
470 { /* remove Non-ESP marker */
471 packet->skip_bytes(packet, marker.len);
472 }
473 else
474 { /* this seems to be an ESP packet */
475 this->esp_cb_mutex->lock(this->esp_cb_mutex);
476 if (this->esp_cb.cb)
477 {
478 this->esp_cb.cb(this->esp_cb.data, packet);
479 }
480 else
481 {
482 packet->destroy(packet);
483 }
484 this->esp_cb_mutex->unlock(this->esp_cb_mutex);
485 return JOB_REQUEUE_DIRECT;
486 }
487 }
488
489 /* parse message header */
490 message = message_create_from_packet(packet);
491 if (message->parse_header(message) != SUCCESS)
492 {
493 DBG1(DBG_NET, "received invalid IKE header from %H - ignored",
494 packet->get_source(packet));
495 charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_HEADER, message);
496 message->destroy(message);
497 return JOB_REQUEUE_DIRECT;
498 }
499
500 /* check IKE major version */
501 switch (message->get_major_version(message))
502 {
503 case IKEV2_MAJOR_VERSION:
504 #ifndef USE_IKEV2
505 if (message->get_exchange_type(message) == IKE_SA_INIT &&
506 message->get_request(message))
507 {
508 send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
509 INVALID_MAJOR_VERSION, chunk_empty);
510 supported = FALSE;
511 }
512 #endif /* USE_IKEV2 */
513 break;
514 case IKEV1_MAJOR_VERSION:
515 #ifndef USE_IKEV1
516 if (message->get_exchange_type(message) == ID_PROT ||
517 message->get_exchange_type(message) == AGGRESSIVE)
518 {
519 send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
520 INVALID_MAJOR_VERSION, chunk_empty);
521 supported = FALSE;
522 }
523 #endif /* USE_IKEV1 */
524 break;
525 default:
526 #ifdef USE_IKEV2
527 send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
528 INVALID_MAJOR_VERSION, chunk_empty);
529 #elif defined(USE_IKEV1)
530 send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
531 INVALID_MAJOR_VERSION, chunk_empty);
532 #endif /* USE_IKEV1 */
533 supported = FALSE;
534 break;
535 }
536 if (!supported)
537 {
538 DBG1(DBG_NET, "received unsupported IKE version %d.%d from %H, sending "
539 "INVALID_MAJOR_VERSION", message->get_major_version(message),
540 message->get_minor_version(message), packet->get_source(packet));
541 message->destroy(message);
542 return JOB_REQUEUE_DIRECT;
543 }
544 if (message->get_request(message) &&
545 message->get_exchange_type(message) == IKE_SA_INIT)
546 {
547 id = message->get_ike_sa_id(message);
548 if (this->initiator_only || !id->is_initiator(id) ||
549 drop_ike_sa_init(this, message))
550 {
551 message->destroy(message);
552 return JOB_REQUEUE_DIRECT;
553 }
554 }
555 if (message->get_exchange_type(message) == ID_PROT ||
556 message->get_exchange_type(message) == AGGRESSIVE)
557 {
558 id = message->get_ike_sa_id(message);
559 if (id->get_responder_spi(id) == 0 &&
560 (this->initiator_only || drop_ike_sa_init(this, message)))
561 {
562 message->destroy(message);
563 return JOB_REQUEUE_DIRECT;
564 }
565 }
566
567 if (this->receive_delay)
568 {
569 if (this->receive_delay_type == 0 ||
570 this->receive_delay_type == message->get_exchange_type(message))
571 {
572 if ((message->get_request(message) && this->receive_delay_request) ||
573 (!message->get_request(message) && this->receive_delay_response))
574 {
575 DBG1(DBG_NET, "using receive delay: %dms",
576 this->receive_delay);
577 lib->scheduler->schedule_job_ms(lib->scheduler,
578 (job_t*)process_message_job_create(message),
579 this->receive_delay);
580 return JOB_REQUEUE_DIRECT;
581 }
582 }
583 }
584 lib->processor->queue_job(lib->processor,
585 (job_t*)process_message_job_create(message));
586 return JOB_REQUEUE_DIRECT;
587 }
588
589 METHOD(receiver_t, add_esp_cb, void,
590 private_receiver_t *this, receiver_esp_cb_t callback, void *data)
591 {
592 this->esp_cb_mutex->lock(this->esp_cb_mutex);
593 this->esp_cb.cb = callback;
594 this->esp_cb.data = data;
595 this->esp_cb_mutex->unlock(this->esp_cb_mutex);
596 }
597
598 METHOD(receiver_t, del_esp_cb, void,
599 private_receiver_t *this, receiver_esp_cb_t callback)
600 {
601 this->esp_cb_mutex->lock(this->esp_cb_mutex);
602 if (this->esp_cb.cb == callback)
603 {
604 this->esp_cb.cb = NULL;
605 this->esp_cb.data = NULL;
606 }
607 this->esp_cb_mutex->unlock(this->esp_cb_mutex);
608 }
609
610 METHOD(receiver_t, destroy, void,
611 private_receiver_t *this)
612 {
613 this->rng->destroy(this->rng);
614 this->hasher->destroy(this->hasher);
615 this->esp_cb_mutex->destroy(this->esp_cb_mutex);
616 free(this);
617 }
618
619 /*
620 * Described in header.
621 */
622 receiver_t *receiver_create()
623 {
624 private_receiver_t *this;
625 u_int32_t now = time_monotonic(NULL);
626
627 INIT(this,
628 .public = {
629 .add_esp_cb = _add_esp_cb,
630 .del_esp_cb = _del_esp_cb,
631 .destroy = _destroy,
632 },
633 .esp_cb_mutex = mutex_create(MUTEX_TYPE_DEFAULT),
634 .secret_switch = now,
635 .secret_offset = random() % now,
636 );
637
638 if (lib->settings->get_bool(lib->settings,
639 "%s.dos_protection", TRUE, lib->ns))
640 {
641 this->cookie_threshold = lib->settings->get_int(lib->settings,
642 "%s.cookie_threshold", COOKIE_THRESHOLD_DEFAULT, lib->ns);
643 this->block_threshold = lib->settings->get_int(lib->settings,
644 "%s.block_threshold", BLOCK_THRESHOLD_DEFAULT, lib->ns);
645 }
646 this->init_limit_job_load = lib->settings->get_int(lib->settings,
647 "%s.init_limit_job_load", 0, lib->ns);
648 this->init_limit_half_open = lib->settings->get_int(lib->settings,
649 "%s.init_limit_half_open", 0, lib->ns);
650 this->receive_delay = lib->settings->get_int(lib->settings,
651 "%s.receive_delay", 0, lib->ns);
652 this->receive_delay_type = lib->settings->get_int(lib->settings,
653 "%s.receive_delay_type", 0, lib->ns),
654 this->receive_delay_request = lib->settings->get_bool(lib->settings,
655 "%s.receive_delay_request", TRUE, lib->ns),
656 this->receive_delay_response = lib->settings->get_bool(lib->settings,
657 "%s.receive_delay_response", TRUE, lib->ns),
658 this->initiator_only = lib->settings->get_bool(lib->settings,
659 "%s.initiator_only", FALSE, lib->ns),
660
661 this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
662 if (!this->hasher)
663 {
664 DBG1(DBG_NET, "creating cookie hasher failed, no hashers supported");
665 free(this);
666 return NULL;
667 }
668 this->rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
669 if (!this->rng)
670 {
671 DBG1(DBG_NET, "creating cookie RNG failed, no RNG supported");
672 this->hasher->destroy(this->hasher);
673 free(this);
674 return NULL;
675 }
676 if (!this->rng->get_bytes(this->rng, SECRET_LENGTH, this->secret))
677 {
678 DBG1(DBG_NET, "creating cookie secret failed");
679 destroy(this);
680 return NULL;
681 }
682 memcpy(this->secret_old, this->secret, SECRET_LENGTH);
683
684 lib->processor->queue_job(lib->processor,
685 (job_t*)callback_job_create_with_prio((callback_job_cb_t)receive_packets,
686 this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
687
688 return &this->public;
689 }