2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2006 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
24 #include <network/socket.h>
25 #include <network/packet.h>
26 #include <processing/jobs/job.h>
27 #include <processing/jobs/process_message_job.h>
28 #include <processing/jobs/callback_job.h>
29 #include <crypto/hashers/hasher.h>
31 /** lifetime of a cookie, in seconds */
32 #define COOKIE_LIFETIME 10
33 /** how many times to reuse the secret */
34 #define COOKIE_REUSE 10000
35 /** default value for private_receiver_t.cookie_threshold */
36 #define COOKIE_THRESHOLD_DEFAULT 10
37 /** default value for private_receiver_t.block_threshold */
38 #define BLOCK_THRESHOLD_DEFAULT 5
39 /** length of the secret to use for cookie calculation */
40 #define SECRET_LENGTH 16
42 typedef struct private_receiver_t private_receiver_t
;
45 * Private data of a receiver_t object.
47 struct private_receiver_t
{
49 * Public part of a receiver_t object.
54 * Threads job receiving packets
59 * current secret to use for cookie calculation
61 char secret
[SECRET_LENGTH
];
64 * previous secret used to verify older cookies
66 char secret_old
[SECRET_LENGTH
];
69 * how many times we have used "secret" so far
71 u_int32_t secret_used
;
74 * time we did the cookie switch
76 u_int32_t secret_switch
;
79 * time offset to use, hides our system time
81 u_int32_t secret_offset
;
84 * the RNG to use for secret generation
89 * hasher to use for cookie calculation
94 * require cookies after this many half open IKE_SAs
96 u_int32_t cookie_threshold
;
99 * how many half open IKE_SAs per peer before blocking
101 u_int32_t block_threshold
;
104 * Delay for receiving incoming packets, to simulate larger RTT
109 * Specific message type to delay, 0 for any
111 int receive_delay_type
;
114 * Delay request messages?
116 bool receive_delay_request
;
119 * Delay response messages?
121 bool receive_delay_response
;
125 * send a notify back to the sender
127 static void send_notify(message_t
*request
, notify_type_t type
, chunk_t data
)
129 if (request
->get_request(request
) &&
130 request
->get_exchange_type(request
) == IKE_SA_INIT
)
135 ike_sa_id_t
*ike_sa_id
;
137 response
= message_create();
138 dst
= request
->get_source(request
);
139 src
= request
->get_destination(request
);
140 response
->set_source(response
, src
->clone(src
));
141 response
->set_destination(response
, dst
->clone(dst
));
142 response
->set_exchange_type(response
, request
->get_exchange_type(request
));
143 response
->set_request(response
, FALSE
);
144 response
->set_message_id(response
, 0);
145 ike_sa_id
= request
->get_ike_sa_id(request
);
146 ike_sa_id
->switch_initiator(ike_sa_id
);
147 response
->set_ike_sa_id(response
, ike_sa_id
);
148 response
->add_notify(response
, FALSE
, type
, data
);
149 if (response
->generate(response
, NULL
, &packet
) == SUCCESS
)
151 charon
->sender
->send(charon
->sender
, packet
);
152 response
->destroy(response
);
160 static chunk_t
cookie_build(private_receiver_t
*this, message_t
*message
,
161 u_int32_t t
, chunk_t secret
)
163 u_int64_t spi
= message
->get_initiator_spi(message
);
164 host_t
*ip
= message
->get_source(message
);
167 /* COOKIE = t | sha1( IPi | SPIi | t | secret ) */
168 input
= chunk_cata("cccc", ip
->get_address(ip
), chunk_from_thing(spi
),
169 chunk_from_thing(t
), secret
);
170 hash
= chunk_alloca(this->hasher
->get_hash_size(this->hasher
));
171 this->hasher
->get_hash(this->hasher
, input
, hash
.ptr
);
172 return chunk_cat("cc", chunk_from_thing(t
), hash
);
176 * verify a received cookie
178 static bool cookie_verify(private_receiver_t
*this, message_t
*message
,
185 now
= time_monotonic(NULL
);
186 t
= *(u_int32_t
*)cookie
.ptr
;
188 if (cookie
.len
!= sizeof(u_int32_t
) +
189 this->hasher
->get_hash_size(this->hasher
) ||
190 t
< now
- this->secret_offset
- COOKIE_LIFETIME
)
192 DBG2(DBG_NET
, "received cookie lifetime expired, rejecting");
196 /* check if cookie is derived from old_secret */
197 if (t
+ this->secret_offset
> this->secret_switch
)
199 secret
= chunk_from_thing(this->secret
);
203 secret
= chunk_from_thing(this->secret_old
);
206 /* compare own calculation against received */
207 reference
= cookie_build(this, message
, t
, secret
);
208 if (chunk_equals(reference
, cookie
))
210 chunk_free(&reference
);
213 chunk_free(&reference
);
218 * check if cookies are required, and if so, a valid cookie is included
220 static bool cookie_required(private_receiver_t
*this, message_t
*message
)
224 if (charon
->ike_sa_manager
->get_half_open_count(charon
->ike_sa_manager
,
225 NULL
) >= this->cookie_threshold
)
227 /* check for a cookie. We don't use our parser here and do it
228 * quick and dirty for performance reasons.
229 * we assume the cookie is the first payload (which is a MUST), and
230 * the cookie's SPI length is zero. */
231 packet_t
*packet
= message
->get_packet(message
);
232 chunk_t data
= packet
->get_data(packet
);
234 IKE_HEADER_LENGTH
+ NOTIFY_PAYLOAD_HEADER_LENGTH
+
235 sizeof(u_int32_t
) + this->hasher
->get_hash_size(this->hasher
) ||
236 *(data
.ptr
+ 16) != NOTIFY
||
237 *(u_int16_t
*)(data
.ptr
+ IKE_HEADER_LENGTH
+ 6) != htons(COOKIE
))
239 /* no cookie found */
244 data
.ptr
+= IKE_HEADER_LENGTH
+ NOTIFY_PAYLOAD_HEADER_LENGTH
;
245 data
.len
= sizeof(u_int32_t
) + this->hasher
->get_hash_size(this->hasher
);
246 if (!cookie_verify(this, message
, data
))
248 DBG2(DBG_NET
, "found cookie, but content invalid");
252 packet
->destroy(packet
);
258 * check if peer has to many half open IKE_SAs
260 static bool peer_too_aggressive(private_receiver_t
*this, message_t
*message
)
262 if (charon
->ike_sa_manager
->get_half_open_count(charon
->ike_sa_manager
,
263 message
->get_source(message
)) >= this->block_threshold
)
271 * Job callback to receive packets
273 static job_requeue_t
receive_packets(private_receiver_t
*this)
278 /* read in a packet */
279 if (charon
->socket
->receive(charon
->socket
, &packet
) != SUCCESS
)
281 DBG2(DBG_NET
, "receiving from socket failed!");
282 return JOB_REQUEUE_FAIR
;
285 /* parse message header */
286 message
= message_create_from_packet(packet
);
287 if (message
->parse_header(message
) != SUCCESS
)
289 DBG1(DBG_NET
, "received invalid IKE header from %H - ignored",
290 packet
->get_source(packet
));
291 message
->destroy(message
);
292 return JOB_REQUEUE_DIRECT
;
295 /* check IKE major version */
296 if (message
->get_major_version(message
) != IKE_MAJOR_VERSION
)
298 DBG1(DBG_NET
, "received unsupported IKE version %d.%d from %H, "
299 "sending INVALID_MAJOR_VERSION", message
->get_major_version(message
),
300 message
->get_minor_version(message
), packet
->get_source(packet
));
301 send_notify(message
, INVALID_MAJOR_VERSION
, chunk_empty
);
302 message
->destroy(message
);
303 return JOB_REQUEUE_DIRECT
;
306 if (message
->get_request(message
) &&
307 message
->get_exchange_type(message
) == IKE_SA_INIT
)
309 /* check for cookies */
310 if (this->cookie_threshold
&& cookie_required(this, message
))
312 u_int32_t now
= time_monotonic(NULL
);
313 chunk_t cookie
= cookie_build(this, message
, now
- this->secret_offset
,
314 chunk_from_thing(this->secret
));
316 DBG2(DBG_NET
, "received packet from: %#H to %#H",
317 message
->get_source(message
),
318 message
->get_destination(message
));
319 DBG2(DBG_NET
, "sending COOKIE notify to %H",
320 message
->get_source(message
));
321 send_notify(message
, COOKIE
, cookie
);
323 if (++this->secret_used
> COOKIE_REUSE
)
325 /* create new cookie */
326 DBG1(DBG_NET
, "generating new cookie secret after %d uses",
328 memcpy(this->secret_old
, this->secret
, SECRET_LENGTH
);
329 this->rng
->get_bytes(this->rng
, SECRET_LENGTH
, this->secret
);
330 this->secret_switch
= now
;
331 this->secret_used
= 0;
333 message
->destroy(message
);
334 return JOB_REQUEUE_DIRECT
;
337 /* check if peer has not too many IKE_SAs half open */
338 if (this->block_threshold
&& peer_too_aggressive(this, message
))
340 DBG1(DBG_NET
, "ignoring IKE_SA setup from %H, "
341 "peer too aggressive", message
->get_source(message
));
342 message
->destroy(message
);
343 return JOB_REQUEUE_DIRECT
;
346 if (this->receive_delay
)
348 if (this->receive_delay_type
== 0 ||
349 this->receive_delay_type
== message
->get_exchange_type(message
))
351 if ((message
->get_request(message
) && this->receive_delay_request
) ||
352 (!message
->get_request(message
) && this->receive_delay_response
))
354 DBG1(DBG_NET
, "using receive delay: %dms",
355 this->receive_delay
);
356 charon
->scheduler
->schedule_job_ms(charon
->scheduler
,
357 (job_t
*)process_message_job_create(message
),
358 this->receive_delay
);
359 return JOB_REQUEUE_DIRECT
;
363 charon
->processor
->queue_job(charon
->processor
,
364 (job_t
*)process_message_job_create(message
));
365 return JOB_REQUEUE_DIRECT
;
368 METHOD(receiver_t
, destroy
, void,
369 private_receiver_t
*this)
371 this->job
->cancel(this->job
);
372 this->rng
->destroy(this->rng
);
373 this->hasher
->destroy(this->hasher
);
378 * Described in header.
380 receiver_t
*receiver_create()
382 private_receiver_t
*this;
383 u_int32_t now
= time_monotonic(NULL
);
389 .secret_switch
= now
,
390 .secret_offset
= random() % now
,
393 if (lib
->settings
->get_bool(lib
->settings
, "charon.dos_protection", TRUE
))
395 this->cookie_threshold
= lib
->settings
->get_int(lib
->settings
,
396 "charon.cookie_threshold", COOKIE_THRESHOLD_DEFAULT
);
397 this->block_threshold
= lib
->settings
->get_int(lib
->settings
,
398 "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT
);
400 this->receive_delay
= lib
->settings
->get_int(lib
->settings
,
401 "charon.receive_delay", 0);
402 this->receive_delay_type
= lib
->settings
->get_int(lib
->settings
,
403 "charon.receive_delay_type", 0),
404 this->receive_delay_request
= lib
->settings
->get_bool(lib
->settings
,
405 "charon.receive_delay_request", TRUE
),
406 this->receive_delay_response
= lib
->settings
->get_int(lib
->settings
,
407 "charon.receive_delay_response", TRUE
),
409 this->hasher
= lib
->crypto
->create_hasher(lib
->crypto
, HASH_PREFERRED
);
410 if (this->hasher
== NULL
)
412 DBG1(DBG_NET
, "creating cookie hasher failed, no hashers supported");
416 this->rng
= lib
->crypto
->create_rng(lib
->crypto
, RNG_STRONG
);
417 if (this->rng
== NULL
)
419 DBG1(DBG_NET
, "creating cookie RNG failed, no RNG supported");
420 this->hasher
->destroy(this->hasher
);
424 this->rng
->get_bytes(this->rng
, SECRET_LENGTH
, this->secret
);
425 memcpy(this->secret_old
, this->secret
, SECRET_LENGTH
);
427 this->job
= callback_job_create((callback_job_cb_t
)receive_packets
,
429 charon
->processor
->queue_job(charon
->processor
, (job_t
*)this->job
);
431 return &this->public;