libhydra: Move kernel interface to libcharon
[strongswan.git] / src / libcharon / network / receiver.c
1 /*
2 * Copyright (C) 2008-2012 Tobias Brunner
3 * Copyright (C) 2005-2006 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <stdlib.h>
19 #include <unistd.h>
20
21 #include "receiver.h"
22
23 #include <daemon.h>
24 #include <network/socket.h>
25 #include <processing/jobs/job.h>
26 #include <processing/jobs/process_message_job.h>
27 #include <processing/jobs/callback_job.h>
28 #include <crypto/hashers/hasher.h>
29 #include <threading/mutex.h>
30 #include <networking/packet.h>
31
32 /** lifetime of a cookie, in seconds */
33 #define COOKIE_LIFETIME 10
34 /** time we wait before disabling cookies */
35 #define COOKIE_CALMDOWN_DELAY 10
36 /** how many times to reuse the secret */
37 #define COOKIE_REUSE 10000
38 /** default value for private_receiver_t.cookie_threshold */
39 #define COOKIE_THRESHOLD_DEFAULT 10
40 /** default value for private_receiver_t.block_threshold */
41 #define BLOCK_THRESHOLD_DEFAULT 5
42 /** length of the secret to use for cookie calculation */
43 #define SECRET_LENGTH 16
44 /** Length of a notify payload header */
45 #define NOTIFY_PAYLOAD_HEADER_LENGTH 8
46
47 typedef struct private_receiver_t private_receiver_t;
48
49 /**
50 * Private data of a receiver_t object.
51 */
52 struct private_receiver_t {
53 /**
54 * Public part of a receiver_t object.
55 */
56 receiver_t public;
57
58 /**
59 * Registered callback for ESP packets
60 */
61 struct {
62 receiver_esp_cb_t cb;
63 void *data;
64 } esp_cb;
65
66 /**
67 * Mutex for ESP callback
68 */
69 mutex_t *esp_cb_mutex;
70
71 /**
72 * current secret to use for cookie calculation
73 */
74 char secret[SECRET_LENGTH];
75
76 /**
77 * previous secret used to verify older cookies
78 */
79 char secret_old[SECRET_LENGTH];
80
81 /**
82 * how many times we have used "secret" so far
83 */
84 u_int32_t secret_used;
85
86 /**
87 * time we did the cookie switch
88 */
89 u_int32_t secret_switch;
90
91 /**
92 * time offset to use, hides our system time
93 */
94 u_int32_t secret_offset;
95
96 /**
97 * the RNG to use for secret generation
98 */
99 rng_t *rng;
100
101 /**
102 * hasher to use for cookie calculation
103 */
104 hasher_t *hasher;
105
106 /**
107 * require cookies after this many half open IKE_SAs
108 */
109 u_int32_t cookie_threshold;
110
111 /**
112 * timestamp of last cookie requested
113 */
114 time_t last_cookie;
115
116 /**
117 * how many half open IKE_SAs per peer before blocking
118 */
119 u_int32_t block_threshold;
120
121 /**
122 * Drop IKE_SA_INIT requests if processor job load exceeds this limit
123 */
124 u_int init_limit_job_load;
125
126 /**
127 * Drop IKE_SA_INIT requests if half open IKE_SA count exceeds this limit
128 */
129 u_int init_limit_half_open;
130
131 /**
132 * Delay for receiving incoming packets, to simulate larger RTT
133 */
134 int receive_delay;
135
136 /**
137 * Specific message type to delay, 0 for any
138 */
139 int receive_delay_type;
140
141 /**
142 * Delay request messages?
143 */
144 bool receive_delay_request;
145
146 /**
147 * Delay response messages?
148 */
149 bool receive_delay_response;
150
151 /**
152 * Endpoint is allowed to act as an initiator only
153 */
154 bool initiator_only;
155
156 };
157
158 /**
159 * send a notify back to the sender
160 */
161 static void send_notify(message_t *request, int major, exchange_type_t exchange,
162 notify_type_t type, chunk_t data)
163 {
164 ike_sa_id_t *ike_sa_id;
165 message_t *response;
166 host_t *src, *dst;
167 packet_t *packet;
168
169 response = message_create(major, 0);
170 response->set_exchange_type(response, exchange);
171 response->add_notify(response, FALSE, type, data);
172 dst = request->get_source(request);
173 src = request->get_destination(request);
174 response->set_source(response, src->clone(src));
175 response->set_destination(response, dst->clone(dst));
176 if (major == IKEV2_MAJOR_VERSION)
177 {
178 response->set_request(response, FALSE);
179 }
180 response->set_message_id(response, 0);
181 ike_sa_id = request->get_ike_sa_id(request);
182 ike_sa_id->switch_initiator(ike_sa_id);
183 response->set_ike_sa_id(response, ike_sa_id);
184 if (response->generate(response, NULL, &packet) == SUCCESS)
185 {
186 charon->sender->send(charon->sender, packet);
187 }
188 response->destroy(response);
189 }
190
191 /**
192 * build a cookie
193 */
194 static bool cookie_build(private_receiver_t *this, message_t *message,
195 u_int32_t t, chunk_t secret, chunk_t *cookie)
196 {
197 u_int64_t spi = message->get_initiator_spi(message);
198 host_t *ip = message->get_source(message);
199 chunk_t input, hash;
200
201 /* COOKIE = t | sha1( IPi | SPIi | t | secret ) */
202 input = chunk_cata("cccc", ip->get_address(ip), chunk_from_thing(spi),
203 chunk_from_thing(t), secret);
204 hash = chunk_alloca(this->hasher->get_hash_size(this->hasher));
205 if (!this->hasher->get_hash(this->hasher, input, hash.ptr))
206 {
207 return FALSE;
208 }
209 *cookie = chunk_cat("cc", chunk_from_thing(t), hash);
210 return TRUE;
211 }
212
213 /**
214 * verify a received cookie
215 */
216 static bool cookie_verify(private_receiver_t *this, message_t *message,
217 chunk_t cookie)
218 {
219 u_int32_t t, now;
220 chunk_t reference;
221 chunk_t secret;
222
223 now = time_monotonic(NULL);
224 t = *(u_int32_t*)cookie.ptr;
225
226 if (cookie.len != sizeof(u_int32_t) +
227 this->hasher->get_hash_size(this->hasher) ||
228 t < now - this->secret_offset - COOKIE_LIFETIME)
229 {
230 DBG2(DBG_NET, "received cookie lifetime expired, rejecting");
231 return FALSE;
232 }
233
234 /* check if cookie is derived from old_secret */
235 if (t + this->secret_offset > this->secret_switch)
236 {
237 secret = chunk_from_thing(this->secret);
238 }
239 else
240 {
241 secret = chunk_from_thing(this->secret_old);
242 }
243
244 /* compare own calculation against received */
245 if (!cookie_build(this, message, t, secret, &reference))
246 {
247 return FALSE;
248 }
249 if (chunk_equals_const(reference, cookie))
250 {
251 chunk_free(&reference);
252 return TRUE;
253 }
254 chunk_free(&reference);
255 return FALSE;
256 }
257
258 /**
259 * Check if a valid cookie found
260 */
261 static bool check_cookie(private_receiver_t *this, message_t *message)
262 {
263 chunk_t data;
264
265 /* check for a cookie. We don't use our parser here and do it
266 * quick and dirty for performance reasons.
267 * we assume the cookie is the first payload (which is a MUST), and
268 * the cookie's SPI length is zero. */
269 data = message->get_packet_data(message);
270 if (data.len <
271 IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH +
272 sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) ||
273 *(data.ptr + 16) != PLV2_NOTIFY ||
274 *(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE))
275 {
276 /* no cookie found */
277 return FALSE;
278 }
279 data.ptr += IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH;
280 data.len = sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher);
281 if (!cookie_verify(this, message, data))
282 {
283 DBG2(DBG_NET, "found cookie, but content invalid");
284 return FALSE;
285 }
286 return TRUE;
287 }
288
289 /**
290 * Check if we currently require cookies
291 */
292 static bool cookie_required(private_receiver_t *this,
293 u_int half_open, u_int32_t now)
294 {
295 if (this->cookie_threshold && half_open >= this->cookie_threshold)
296 {
297 this->last_cookie = now;
298 return TRUE;
299 }
300 if (this->last_cookie && now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
301 {
302 /* We don't disable cookies unless we haven't seen IKE_SA_INITs
303 * for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between
304 * cookie on / cookie off states, which is problematic. Consider the
305 * following: A legitimiate initiator sends a IKE_SA_INIT while we
306 * are under a DoS attack. If we toggle our cookie behavior,
307 * multiple retransmits of this IKE_SA_INIT might get answered with
308 * and without cookies. The initiator goes on and retries with
309 * a cookie, but it can't know if the completing IKE_SA_INIT response
310 * is to its IKE_SA_INIT request with or without cookies. This is
311 * problematic, as the cookie is part of AUTH payload data.
312 */
313 this->last_cookie = now;
314 return TRUE;
315 }
316 return FALSE;
317 }
318
319 /**
320 * Check if we should drop IKE_SA_INIT because of cookie/overload checking
321 */
322 static bool drop_ike_sa_init(private_receiver_t *this, message_t *message)
323 {
324 u_int half_open, half_open_r;
325 u_int32_t now;
326
327 now = time_monotonic(NULL);
328 half_open = charon->ike_sa_manager->get_half_open_count(
329 charon->ike_sa_manager, NULL, FALSE);
330 half_open_r = charon->ike_sa_manager->get_half_open_count(
331 charon->ike_sa_manager, NULL, TRUE);
332
333 /* check for cookies in IKEv2 */
334 if (message->get_major_version(message) == IKEV2_MAJOR_VERSION &&
335 cookie_required(this, half_open_r, now) && !check_cookie(this, message))
336 {
337 chunk_t cookie;
338
339 DBG2(DBG_NET, "received packet from: %#H to %#H",
340 message->get_source(message),
341 message->get_destination(message));
342 if (!cookie_build(this, message, now - this->secret_offset,
343 chunk_from_thing(this->secret), &cookie))
344 {
345 return TRUE;
346 }
347 DBG2(DBG_NET, "sending COOKIE notify to %H",
348 message->get_source(message));
349 send_notify(message, IKEV2_MAJOR_VERSION, IKE_SA_INIT, COOKIE, cookie);
350 chunk_free(&cookie);
351 if (++this->secret_used > COOKIE_REUSE)
352 {
353 char secret[SECRET_LENGTH];
354
355 DBG1(DBG_NET, "generating new cookie secret after %d uses",
356 this->secret_used);
357 if (this->rng->get_bytes(this->rng, SECRET_LENGTH, secret))
358 {
359 memcpy(this->secret_old, this->secret, SECRET_LENGTH);
360 memcpy(this->secret, secret, SECRET_LENGTH);
361 memwipe(secret, SECRET_LENGTH);
362 this->secret_switch = now;
363 this->secret_used = 0;
364 }
365 else
366 {
367 DBG1(DBG_NET, "failed to allocated cookie secret, keeping old");
368 }
369 }
370 return TRUE;
371 }
372
373 /* check if peer has too many IKE_SAs half open */
374 if (this->block_threshold &&
375 charon->ike_sa_manager->get_half_open_count(charon->ike_sa_manager,
376 message->get_source(message), TRUE) >= this->block_threshold)
377 {
378 DBG1(DBG_NET, "ignoring IKE_SA setup from %H, "
379 "peer too aggressive", message->get_source(message));
380 return TRUE;
381 }
382
383 /* check if global half open IKE_SA limit reached */
384 if (this->init_limit_half_open &&
385 half_open >= this->init_limit_half_open)
386 {
387 DBG1(DBG_NET, "ignoring IKE_SA setup from %H, half open IKE_SA "
388 "count of %d exceeds limit of %d", message->get_source(message),
389 half_open, this->init_limit_half_open);
390 return TRUE;
391 }
392
393 /* check if job load acceptable */
394 if (this->init_limit_job_load)
395 {
396 u_int jobs = 0, i;
397
398 for (i = 0; i < JOB_PRIO_MAX; i++)
399 {
400 jobs += lib->processor->get_job_load(lib->processor, i);
401 }
402 if (jobs > this->init_limit_job_load)
403 {
404 DBG1(DBG_NET, "ignoring IKE_SA setup from %H, job load of %d "
405 "exceeds limit of %d", message->get_source(message),
406 jobs, this->init_limit_job_load);
407 return TRUE;
408 }
409 }
410 return FALSE;
411 }
412
413 /**
414 * Job callback to receive packets
415 */
416 static job_requeue_t receive_packets(private_receiver_t *this)
417 {
418 ike_sa_id_t *id;
419 packet_t *packet;
420 message_t *message;
421 host_t *src, *dst;
422 status_t status;
423 bool supported = TRUE;
424 chunk_t data, marker = chunk_from_chars(0x00, 0x00, 0x00, 0x00);
425
426 /* read in a packet */
427 status = charon->socket->receive(charon->socket, &packet);
428 if (status == NOT_SUPPORTED)
429 {
430 return JOB_REQUEUE_NONE;
431 }
432 else if (status != SUCCESS)
433 {
434 DBG2(DBG_NET, "receiving from socket failed!");
435 return JOB_REQUEUE_FAIR;
436 }
437
438 data = packet->get_data(packet);
439 if (data.len == 1 && data.ptr[0] == 0xFF)
440 { /* silently drop NAT-T keepalives */
441 packet->destroy(packet);
442 return JOB_REQUEUE_DIRECT;
443 }
444 else if (data.len < marker.len)
445 { /* drop packets that are too small */
446 DBG3(DBG_NET, "received packet is too short (%d bytes)", data.len);
447 packet->destroy(packet);
448 return JOB_REQUEUE_DIRECT;
449 }
450
451 dst = packet->get_destination(packet);
452 src = packet->get_source(packet);
453 if (!charon->kernel->all_interfaces_usable(charon->kernel)
454 && !charon->kernel->get_interface(charon->kernel, dst, NULL))
455 {
456 DBG3(DBG_NET, "received packet from %#H to %#H on ignored interface",
457 src, dst);
458 packet->destroy(packet);
459 return JOB_REQUEUE_DIRECT;
460 }
461
462 /* if neither source nor destination port is 500 we assume an IKE packet
463 * with Non-ESP marker or an ESP packet */
464 if (dst->get_port(dst) != IKEV2_UDP_PORT &&
465 src->get_port(src) != IKEV2_UDP_PORT)
466 {
467 if (memeq(data.ptr, marker.ptr, marker.len))
468 { /* remove Non-ESP marker */
469 packet->skip_bytes(packet, marker.len);
470 }
471 else
472 { /* this seems to be an ESP packet */
473 this->esp_cb_mutex->lock(this->esp_cb_mutex);
474 if (this->esp_cb.cb)
475 {
476 this->esp_cb.cb(this->esp_cb.data, packet);
477 }
478 else
479 {
480 packet->destroy(packet);
481 }
482 this->esp_cb_mutex->unlock(this->esp_cb_mutex);
483 return JOB_REQUEUE_DIRECT;
484 }
485 }
486
487 /* parse message header */
488 message = message_create_from_packet(packet);
489 if (message->parse_header(message) != SUCCESS)
490 {
491 DBG1(DBG_NET, "received invalid IKE header from %H - ignored",
492 packet->get_source(packet));
493 charon->bus->alert(charon->bus, ALERT_PARSE_ERROR_HEADER, message);
494 message->destroy(message);
495 return JOB_REQUEUE_DIRECT;
496 }
497
498 /* check IKE major version */
499 switch (message->get_major_version(message))
500 {
501 case IKEV2_MAJOR_VERSION:
502 #ifndef USE_IKEV2
503 if (message->get_exchange_type(message) == IKE_SA_INIT &&
504 message->get_request(message))
505 {
506 send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
507 INVALID_MAJOR_VERSION, chunk_empty);
508 supported = FALSE;
509 }
510 #endif /* USE_IKEV2 */
511 break;
512 case IKEV1_MAJOR_VERSION:
513 #ifndef USE_IKEV1
514 if (message->get_exchange_type(message) == ID_PROT ||
515 message->get_exchange_type(message) == AGGRESSIVE)
516 {
517 send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
518 INVALID_MAJOR_VERSION, chunk_empty);
519 supported = FALSE;
520 }
521 #endif /* USE_IKEV1 */
522 break;
523 default:
524 #ifdef USE_IKEV2
525 send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
526 INVALID_MAJOR_VERSION, chunk_empty);
527 #elif defined(USE_IKEV1)
528 send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
529 INVALID_MAJOR_VERSION, chunk_empty);
530 #endif /* USE_IKEV1 */
531 supported = FALSE;
532 break;
533 }
534 if (!supported)
535 {
536 DBG1(DBG_NET, "received unsupported IKE version %d.%d from %H, sending "
537 "INVALID_MAJOR_VERSION", message->get_major_version(message),
538 message->get_minor_version(message), packet->get_source(packet));
539 message->destroy(message);
540 return JOB_REQUEUE_DIRECT;
541 }
542 if (message->get_request(message) &&
543 message->get_exchange_type(message) == IKE_SA_INIT)
544 {
545 id = message->get_ike_sa_id(message);
546 if (this->initiator_only || !id->is_initiator(id) ||
547 drop_ike_sa_init(this, message))
548 {
549 message->destroy(message);
550 return JOB_REQUEUE_DIRECT;
551 }
552 }
553 if (message->get_exchange_type(message) == ID_PROT ||
554 message->get_exchange_type(message) == AGGRESSIVE)
555 {
556 id = message->get_ike_sa_id(message);
557 if (id->get_responder_spi(id) == 0 &&
558 (this->initiator_only || drop_ike_sa_init(this, message)))
559 {
560 message->destroy(message);
561 return JOB_REQUEUE_DIRECT;
562 }
563 }
564
565 if (this->receive_delay)
566 {
567 if (this->receive_delay_type == 0 ||
568 this->receive_delay_type == message->get_exchange_type(message))
569 {
570 if ((message->get_request(message) && this->receive_delay_request) ||
571 (!message->get_request(message) && this->receive_delay_response))
572 {
573 DBG1(DBG_NET, "using receive delay: %dms",
574 this->receive_delay);
575 lib->scheduler->schedule_job_ms(lib->scheduler,
576 (job_t*)process_message_job_create(message),
577 this->receive_delay);
578 return JOB_REQUEUE_DIRECT;
579 }
580 }
581 }
582 lib->processor->queue_job(lib->processor,
583 (job_t*)process_message_job_create(message));
584 return JOB_REQUEUE_DIRECT;
585 }
586
587 METHOD(receiver_t, add_esp_cb, void,
588 private_receiver_t *this, receiver_esp_cb_t callback, void *data)
589 {
590 this->esp_cb_mutex->lock(this->esp_cb_mutex);
591 this->esp_cb.cb = callback;
592 this->esp_cb.data = data;
593 this->esp_cb_mutex->unlock(this->esp_cb_mutex);
594 }
595
596 METHOD(receiver_t, del_esp_cb, void,
597 private_receiver_t *this, receiver_esp_cb_t callback)
598 {
599 this->esp_cb_mutex->lock(this->esp_cb_mutex);
600 if (this->esp_cb.cb == callback)
601 {
602 this->esp_cb.cb = NULL;
603 this->esp_cb.data = NULL;
604 }
605 this->esp_cb_mutex->unlock(this->esp_cb_mutex);
606 }
607
608 METHOD(receiver_t, destroy, void,
609 private_receiver_t *this)
610 {
611 this->rng->destroy(this->rng);
612 this->hasher->destroy(this->hasher);
613 this->esp_cb_mutex->destroy(this->esp_cb_mutex);
614 free(this);
615 }
616
617 /*
618 * Described in header.
619 */
620 receiver_t *receiver_create()
621 {
622 private_receiver_t *this;
623 u_int32_t now = time_monotonic(NULL);
624
625 INIT(this,
626 .public = {
627 .add_esp_cb = _add_esp_cb,
628 .del_esp_cb = _del_esp_cb,
629 .destroy = _destroy,
630 },
631 .esp_cb_mutex = mutex_create(MUTEX_TYPE_DEFAULT),
632 .secret_switch = now,
633 .secret_offset = random() % now,
634 );
635
636 if (lib->settings->get_bool(lib->settings,
637 "%s.dos_protection", TRUE, lib->ns))
638 {
639 this->cookie_threshold = lib->settings->get_int(lib->settings,
640 "%s.cookie_threshold", COOKIE_THRESHOLD_DEFAULT, lib->ns);
641 this->block_threshold = lib->settings->get_int(lib->settings,
642 "%s.block_threshold", BLOCK_THRESHOLD_DEFAULT, lib->ns);
643 }
644 this->init_limit_job_load = lib->settings->get_int(lib->settings,
645 "%s.init_limit_job_load", 0, lib->ns);
646 this->init_limit_half_open = lib->settings->get_int(lib->settings,
647 "%s.init_limit_half_open", 0, lib->ns);
648 this->receive_delay = lib->settings->get_int(lib->settings,
649 "%s.receive_delay", 0, lib->ns);
650 this->receive_delay_type = lib->settings->get_int(lib->settings,
651 "%s.receive_delay_type", 0, lib->ns),
652 this->receive_delay_request = lib->settings->get_bool(lib->settings,
653 "%s.receive_delay_request", TRUE, lib->ns),
654 this->receive_delay_response = lib->settings->get_bool(lib->settings,
655 "%s.receive_delay_response", TRUE, lib->ns),
656 this->initiator_only = lib->settings->get_bool(lib->settings,
657 "%s.initiator_only", FALSE, lib->ns),
658
659 this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
660 if (!this->hasher)
661 {
662 DBG1(DBG_NET, "creating cookie hasher failed, no hashers supported");
663 free(this);
664 return NULL;
665 }
666 this->rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
667 if (!this->rng)
668 {
669 DBG1(DBG_NET, "creating cookie RNG failed, no RNG supported");
670 this->hasher->destroy(this->hasher);
671 free(this);
672 return NULL;
673 }
674 if (!this->rng->get_bytes(this->rng, SECRET_LENGTH, this->secret))
675 {
676 DBG1(DBG_NET, "creating cookie secret failed");
677 destroy(this);
678 return NULL;
679 }
680 memcpy(this->secret_old, this->secret, SECRET_LENGTH);
681
682 lib->processor->queue_job(lib->processor,
683 (job_t*)callback_job_create_with_prio((callback_job_cb_t)receive_packets,
684 this, NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
685
686 return &this->public;
687 }