2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2006 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
24 #include <network/socket.h>
25 #include <network/packet.h>
26 #include <processing/jobs/job.h>
27 #include <processing/jobs/process_message_job.h>
28 #include <processing/jobs/callback_job.h>
29 #include <crypto/hashers/hasher.h>
31 /** lifetime of a cookie, in seconds */
32 #define COOKIE_LIFETIME 10
33 /** how many times to reuse the secret */
34 #define COOKIE_REUSE 10000
35 /** default value for private_receiver_t.cookie_threshold */
36 #define COOKIE_THRESHOLD_DEFAULT 10
37 /** default value for private_receiver_t.block_threshold */
38 #define BLOCK_THRESHOLD_DEFAULT 5
39 /** length of the secret to use for cookie calculation */
40 #define SECRET_LENGTH 16
42 typedef struct private_receiver_t private_receiver_t
;
45 * Private data of a receiver_t object.
47 struct private_receiver_t
{
49 * Public part of a receiver_t object.
54 * Threads job receiving packets
59 * current secret to use for cookie calculation
61 char secret
[SECRET_LENGTH
];
64 * previous secret used to verify older cookies
66 char secret_old
[SECRET_LENGTH
];
69 * how many times we have used "secret" so far
71 u_int32_t secret_used
;
74 * time we did the cookie switch
76 u_int32_t secret_switch
;
79 * time offset to use, hides our system time
81 u_int32_t secret_offset
;
84 * the RNG to use for secret generation
89 * hasher to use for cookie calculation
94 * require cookies after this many half open IKE_SAs
96 u_int32_t cookie_threshold
;
99 * how many half open IKE_SAs per peer before blocking
101 u_int32_t block_threshold
;
104 * Delay for receiving incoming packets, to simulate larger RTT
110 * send a notify back to the sender
112 static void send_notify(message_t
*request
, notify_type_t type
, chunk_t data
)
114 if (request
->get_request(request
) &&
115 request
->get_exchange_type(request
) == IKE_SA_INIT
)
120 ike_sa_id_t
*ike_sa_id
;
122 response
= message_create();
123 dst
= request
->get_source(request
);
124 src
= request
->get_destination(request
);
125 response
->set_source(response
, src
->clone(src
));
126 response
->set_destination(response
, dst
->clone(dst
));
127 response
->set_exchange_type(response
, request
->get_exchange_type(request
));
128 response
->set_request(response
, FALSE
);
129 response
->set_message_id(response
, 0);
130 ike_sa_id
= request
->get_ike_sa_id(request
);
131 ike_sa_id
->switch_initiator(ike_sa_id
);
132 response
->set_ike_sa_id(response
, ike_sa_id
);
133 response
->add_notify(response
, FALSE
, type
, data
);
134 if (response
->generate(response
, NULL
, NULL
, &packet
) == SUCCESS
)
136 charon
->sender
->send(charon
->sender
, packet
);
137 response
->destroy(response
);
145 static chunk_t
cookie_build(private_receiver_t
*this, message_t
*message
,
146 u_int32_t t
, chunk_t secret
)
148 u_int64_t spi
= message
->get_initiator_spi(message
);
149 host_t
*ip
= message
->get_source(message
);
152 /* COOKIE = t | sha1( IPi | SPIi | t | secret ) */
153 input
= chunk_cata("cccc", ip
->get_address(ip
), chunk_from_thing(spi
),
154 chunk_from_thing(t
), secret
);
155 hash
= chunk_alloca(this->hasher
->get_hash_size(this->hasher
));
156 this->hasher
->get_hash(this->hasher
, input
, hash
.ptr
);
157 return chunk_cat("cc", chunk_from_thing(t
), hash
);
161 * verify a received cookie
163 static bool cookie_verify(private_receiver_t
*this, message_t
*message
,
170 now
= time_monotonic(NULL
);
171 t
= *(u_int32_t
*)cookie
.ptr
;
173 if (cookie
.len
!= sizeof(u_int32_t
) +
174 this->hasher
->get_hash_size(this->hasher
) ||
175 t
< now
- this->secret_offset
- COOKIE_LIFETIME
)
177 DBG2(DBG_NET
, "received cookie lifetime expired, rejecting");
181 /* check if cookie is derived from old_secret */
182 if (t
+ this->secret_offset
> this->secret_switch
)
184 secret
= chunk_from_thing(this->secret
);
188 secret
= chunk_from_thing(this->secret_old
);
191 /* compare own calculation against received */
192 reference
= cookie_build(this, message
, t
, secret
);
193 if (chunk_equals(reference
, cookie
))
195 chunk_free(&reference
);
198 chunk_free(&reference
);
203 * check if cookies are required, and if so, a valid cookie is included
205 static bool cookie_required(private_receiver_t
*this, message_t
*message
)
209 if (charon
->ike_sa_manager
->get_half_open_count(charon
->ike_sa_manager
,
210 NULL
) >= this->cookie_threshold
)
212 /* check for a cookie. We don't use our parser here and do it
213 * quick and dirty for performance reasons.
214 * we assume the cookie is the first payload (which is a MUST), and
215 * the cookie's SPI length is zero. */
216 packet_t
*packet
= message
->get_packet(message
);
217 chunk_t data
= packet
->get_data(packet
);
219 IKE_HEADER_LENGTH
+ NOTIFY_PAYLOAD_HEADER_LENGTH
+
220 sizeof(u_int32_t
) + this->hasher
->get_hash_size(this->hasher
) ||
221 *(data
.ptr
+ 16) != NOTIFY
||
222 *(u_int16_t
*)(data
.ptr
+ IKE_HEADER_LENGTH
+ 6) != htons(COOKIE
))
224 /* no cookie found */
229 data
.ptr
+= IKE_HEADER_LENGTH
+ NOTIFY_PAYLOAD_HEADER_LENGTH
;
230 data
.len
= sizeof(u_int32_t
) + this->hasher
->get_hash_size(this->hasher
);
231 if (!cookie_verify(this, message
, data
))
233 DBG2(DBG_NET
, "found cookie, but content invalid");
237 packet
->destroy(packet
);
243 * check if peer has to many half open IKE_SAs
245 static bool peer_to_aggressive(private_receiver_t
*this, message_t
*message
)
247 if (charon
->ike_sa_manager
->get_half_open_count(charon
->ike_sa_manager
,
248 message
->get_source(message
)) >= this->block_threshold
)
256 * Job callback to receive packets
258 static job_requeue_t
receive_packets(private_receiver_t
*this)
264 /* read in a packet */
265 if (charon
->socket
->receive(charon
->socket
, &packet
) != SUCCESS
)
267 DBG2(DBG_NET
, "receiving from socket failed!");
268 return JOB_REQUEUE_FAIR
;
271 /* parse message header */
272 message
= message_create_from_packet(packet
);
273 if (message
->parse_header(message
) != SUCCESS
)
275 DBG1(DBG_NET
, "received invalid IKE header from %H - ignored",
276 packet
->get_source(packet
));
277 message
->destroy(message
);
278 return JOB_REQUEUE_DIRECT
;
281 /* check IKE major version */
282 if (message
->get_major_version(message
) != IKE_MAJOR_VERSION
)
284 DBG1(DBG_NET
, "received unsupported IKE version %d.%d from %H, "
285 "sending INVALID_MAJOR_VERSION", message
->get_major_version(message
),
286 message
->get_minor_version(message
), packet
->get_source(packet
));
287 send_notify(message
, INVALID_MAJOR_VERSION
, chunk_empty
);
288 message
->destroy(message
);
289 return JOB_REQUEUE_DIRECT
;
292 if (message
->get_request(message
) &&
293 message
->get_exchange_type(message
) == IKE_SA_INIT
)
295 /* check for cookies */
296 if (this->cookie_threshold
&& cookie_required(this, message
))
298 u_int32_t now
= time_monotonic(NULL
);
299 chunk_t cookie
= cookie_build(this, message
, now
- this->secret_offset
,
300 chunk_from_thing(this->secret
));
302 DBG2(DBG_NET
, "received packet from: %#H to %#H",
303 message
->get_source(message
),
304 message
->get_destination(message
));
305 DBG2(DBG_NET
, "sending COOKIE notify to %H",
306 message
->get_source(message
));
307 send_notify(message
, COOKIE
, cookie
);
309 if (++this->secret_used
> COOKIE_REUSE
)
311 /* create new cookie */
312 DBG1(DBG_NET
, "generating new cookie secret after %d uses",
314 memcpy(this->secret_old
, this->secret
, SECRET_LENGTH
);
315 this->rng
->get_bytes(this->rng
, SECRET_LENGTH
, this->secret
);
316 this->secret_switch
= now
;
317 this->secret_used
= 0;
319 message
->destroy(message
);
320 return JOB_REQUEUE_DIRECT
;
323 /* check if peer has not too many IKE_SAs half open */
324 if (this->block_threshold
&& peer_to_aggressive(this, message
))
326 DBG1(DBG_NET
, "ignoring IKE_SA setup from %H, "
327 "peer too aggressive", message
->get_source(message
));
328 message
->destroy(message
);
329 return JOB_REQUEUE_DIRECT
;
332 job
= (job_t
*)process_message_job_create(message
);
333 if (this->receive_delay
)
335 charon
->scheduler
->schedule_job_ms(charon
->scheduler
,
336 job
, this->receive_delay
);
340 charon
->processor
->queue_job(charon
->processor
, job
);
342 return JOB_REQUEUE_DIRECT
;
345 METHOD(receiver_t
, destroy
, void,
346 private_receiver_t
*this)
348 this->job
->cancel(this->job
);
349 this->rng
->destroy(this->rng
);
350 this->hasher
->destroy(this->hasher
);
355 * Described in header.
357 receiver_t
*receiver_create()
359 private_receiver_t
*this;
360 u_int32_t now
= time_monotonic(NULL
);
363 .public.destroy
= _destroy
,
364 .secret_switch
= now
,
365 .secret_offset
= random() % now
,
368 if (lib
->settings
->get_bool(lib
->settings
, "charon.dos_protection", TRUE
))
370 this->cookie_threshold
= lib
->settings
->get_int(lib
->settings
,
371 "charon.cookie_threshold", COOKIE_THRESHOLD_DEFAULT
);
372 this->block_threshold
= lib
->settings
->get_int(lib
->settings
,
373 "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT
);
375 this->receive_delay
= lib
->settings
->get_int(lib
->settings
,
376 "charon.receive_delay", 0);
378 this->hasher
= lib
->crypto
->create_hasher(lib
->crypto
, HASH_PREFERRED
);
379 if (this->hasher
== NULL
)
381 DBG1(DBG_NET
, "creating cookie hasher failed, no hashers supported");
385 this->rng
= lib
->crypto
->create_rng(lib
->crypto
, RNG_STRONG
);
386 if (this->rng
== NULL
)
388 DBG1(DBG_NET
, "creating cookie RNG failed, no RNG supported");
389 this->hasher
->destroy(this->hasher
);
393 this->rng
->get_bytes(this->rng
, SECRET_LENGTH
, this->secret
);
394 memcpy(this->secret_old
, this->secret
, SECRET_LENGTH
);
396 this->job
= callback_job_create((callback_job_cb_t
)receive_packets
,
398 charon
->processor
->queue_job(charon
->processor
, (job_t
*)this->job
);
400 return &this->public;