2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2006 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
25 #include <network/socket.h>
26 #include <network/packet.h>
27 #include <processing/jobs/job.h>
28 #include <processing/jobs/process_message_job.h>
29 #include <processing/jobs/callback_job.h>
30 #include <crypto/hashers/hasher.h>
32 /** lifetime of a cookie, in seconds */
33 #define COOKIE_LIFETIME 10
34 /** how many times to reuse the secret */
35 #define COOKIE_REUSE 10000
36 /** default value for private_receiver_t.cookie_threshold */
37 #define COOKIE_THRESHOLD_DEFAULT 10
38 /** default value for private_receiver_t.block_threshold */
39 #define BLOCK_THRESHOLD_DEFAULT 5
40 /** length of the secret to use for cookie calculation */
41 #define SECRET_LENGTH 16
43 typedef struct private_receiver_t private_receiver_t
;
46 * Private data of a receiver_t object.
48 struct private_receiver_t
{
50 * Public part of a receiver_t object.
55 * Threads job receiving packets
60 * current secret to use for cookie calculation
62 char secret
[SECRET_LENGTH
];
65 * previous secret used to verify older cookies
67 char secret_old
[SECRET_LENGTH
];
70 * how many times we have used "secret" so far
72 u_int32_t secret_used
;
75 * time we did the cookie switch
77 u_int32_t secret_switch
;
80 * time offset to use, hides our system time
82 u_int32_t secret_offset
;
85 * the RNG to use for secret generation
90 * hasher to use for cookie calculation
95 * require cookies after this many half open IKE_SAs
97 u_int32_t cookie_threshold
;
100 * how many half open IKE_SAs per peer before blocking
102 u_int32_t block_threshold
;
105 * Delay for receiving incoming packets, to simulate larger RTT
110 * Specific message type to delay, 0 for any
112 int receive_delay_type
;
115 * Delay request messages?
117 bool receive_delay_request
;
120 * Delay response messages?
122 bool receive_delay_response
;
126 * send a notify back to the sender
128 static void send_notify(message_t
*request
, notify_type_t type
, chunk_t data
)
130 if (request
->get_request(request
) &&
131 request
->get_exchange_type(request
) == IKE_SA_INIT
)
136 ike_sa_id_t
*ike_sa_id
;
138 response
= message_create();
139 dst
= request
->get_source(request
);
140 src
= request
->get_destination(request
);
141 response
->set_source(response
, src
->clone(src
));
142 response
->set_destination(response
, dst
->clone(dst
));
143 response
->set_exchange_type(response
, request
->get_exchange_type(request
));
144 response
->set_request(response
, FALSE
);
145 response
->set_message_id(response
, 0);
146 ike_sa_id
= request
->get_ike_sa_id(request
);
147 ike_sa_id
->switch_initiator(ike_sa_id
);
148 response
->set_ike_sa_id(response
, ike_sa_id
);
149 response
->add_notify(response
, FALSE
, type
, data
);
150 if (response
->generate(response
, NULL
, &packet
) == SUCCESS
)
152 charon
->sender
->send(charon
->sender
, packet
);
153 response
->destroy(response
);
161 static chunk_t
cookie_build(private_receiver_t
*this, message_t
*message
,
162 u_int32_t t
, chunk_t secret
)
164 u_int64_t spi
= message
->get_initiator_spi(message
);
165 host_t
*ip
= message
->get_source(message
);
168 /* COOKIE = t | sha1( IPi | SPIi | t | secret ) */
169 input
= chunk_cata("cccc", ip
->get_address(ip
), chunk_from_thing(spi
),
170 chunk_from_thing(t
), secret
);
171 hash
= chunk_alloca(this->hasher
->get_hash_size(this->hasher
));
172 this->hasher
->get_hash(this->hasher
, input
, hash
.ptr
);
173 return chunk_cat("cc", chunk_from_thing(t
), hash
);
177 * verify a received cookie
179 static bool cookie_verify(private_receiver_t
*this, message_t
*message
,
186 now
= time_monotonic(NULL
);
187 t
= *(u_int32_t
*)cookie
.ptr
;
189 if (cookie
.len
!= sizeof(u_int32_t
) +
190 this->hasher
->get_hash_size(this->hasher
) ||
191 t
< now
- this->secret_offset
- COOKIE_LIFETIME
)
193 DBG2(DBG_NET
, "received cookie lifetime expired, rejecting");
197 /* check if cookie is derived from old_secret */
198 if (t
+ this->secret_offset
> this->secret_switch
)
200 secret
= chunk_from_thing(this->secret
);
204 secret
= chunk_from_thing(this->secret_old
);
207 /* compare own calculation against received */
208 reference
= cookie_build(this, message
, t
, secret
);
209 if (chunk_equals(reference
, cookie
))
211 chunk_free(&reference
);
214 chunk_free(&reference
);
219 * check if cookies are required, and if so, a valid cookie is included
221 static bool cookie_required(private_receiver_t
*this, message_t
*message
)
225 if (charon
->ike_sa_manager
->get_half_open_count(charon
->ike_sa_manager
,
226 NULL
) >= this->cookie_threshold
)
228 /* check for a cookie. We don't use our parser here and do it
229 * quick and dirty for performance reasons.
230 * we assume the cookie is the first payload (which is a MUST), and
231 * the cookie's SPI length is zero. */
232 packet_t
*packet
= message
->get_packet(message
);
233 chunk_t data
= packet
->get_data(packet
);
235 IKE_HEADER_LENGTH
+ NOTIFY_PAYLOAD_HEADER_LENGTH
+
236 sizeof(u_int32_t
) + this->hasher
->get_hash_size(this->hasher
) ||
237 *(data
.ptr
+ 16) != NOTIFY
||
238 *(u_int16_t
*)(data
.ptr
+ IKE_HEADER_LENGTH
+ 6) != htons(COOKIE
))
240 /* no cookie found */
245 data
.ptr
+= IKE_HEADER_LENGTH
+ NOTIFY_PAYLOAD_HEADER_LENGTH
;
246 data
.len
= sizeof(u_int32_t
) + this->hasher
->get_hash_size(this->hasher
);
247 if (!cookie_verify(this, message
, data
))
249 DBG2(DBG_NET
, "found cookie, but content invalid");
253 packet
->destroy(packet
);
259 * check if peer has to many half open IKE_SAs
261 static bool peer_too_aggressive(private_receiver_t
*this, message_t
*message
)
263 if (charon
->ike_sa_manager
->get_half_open_count(charon
->ike_sa_manager
,
264 message
->get_source(message
)) >= this->block_threshold
)
272 * Job callback to receive packets
274 static job_requeue_t
receive_packets(private_receiver_t
*this)
279 /* read in a packet */
280 if (charon
->socket
->receive(charon
->socket
, &packet
) != SUCCESS
)
282 DBG2(DBG_NET
, "receiving from socket failed!");
283 return JOB_REQUEUE_FAIR
;
286 /* parse message header */
287 message
= message_create_from_packet(packet
);
288 if (message
->parse_header(message
) != SUCCESS
)
290 DBG1(DBG_NET
, "received invalid IKE header from %H - ignored",
291 packet
->get_source(packet
));
292 message
->destroy(message
);
293 return JOB_REQUEUE_DIRECT
;
296 /* check IKE major version */
297 if (message
->get_major_version(message
) != IKE_MAJOR_VERSION
)
299 DBG1(DBG_NET
, "received unsupported IKE version %d.%d from %H, "
300 "sending INVALID_MAJOR_VERSION", message
->get_major_version(message
),
301 message
->get_minor_version(message
), packet
->get_source(packet
));
302 send_notify(message
, INVALID_MAJOR_VERSION
, chunk_empty
);
303 message
->destroy(message
);
304 return JOB_REQUEUE_DIRECT
;
307 if (message
->get_request(message
) &&
308 message
->get_exchange_type(message
) == IKE_SA_INIT
)
310 /* check for cookies */
311 if (this->cookie_threshold
&& cookie_required(this, message
))
313 u_int32_t now
= time_monotonic(NULL
);
314 chunk_t cookie
= cookie_build(this, message
, now
- this->secret_offset
,
315 chunk_from_thing(this->secret
));
317 DBG2(DBG_NET
, "received packet from: %#H to %#H",
318 message
->get_source(message
),
319 message
->get_destination(message
));
320 DBG2(DBG_NET
, "sending COOKIE notify to %H",
321 message
->get_source(message
));
322 send_notify(message
, COOKIE
, cookie
);
324 if (++this->secret_used
> COOKIE_REUSE
)
326 /* create new cookie */
327 DBG1(DBG_NET
, "generating new cookie secret after %d uses",
329 memcpy(this->secret_old
, this->secret
, SECRET_LENGTH
);
330 this->rng
->get_bytes(this->rng
, SECRET_LENGTH
, this->secret
);
331 this->secret_switch
= now
;
332 this->secret_used
= 0;
334 message
->destroy(message
);
335 return JOB_REQUEUE_DIRECT
;
338 /* check if peer has not too many IKE_SAs half open */
339 if (this->block_threshold
&& peer_too_aggressive(this, message
))
341 DBG1(DBG_NET
, "ignoring IKE_SA setup from %H, "
342 "peer too aggressive", message
->get_source(message
));
343 message
->destroy(message
);
344 return JOB_REQUEUE_DIRECT
;
347 if (this->receive_delay
)
349 if (this->receive_delay_type
== 0 ||
350 this->receive_delay_type
== message
->get_exchange_type(message
))
352 if ((message
->get_request(message
) && this->receive_delay_request
) ||
353 (!message
->get_request(message
) && this->receive_delay_response
))
355 DBG1(DBG_NET
, "using receive delay: %dms",
356 this->receive_delay
);
357 charon
->scheduler
->schedule_job_ms(charon
->scheduler
,
358 (job_t
*)process_message_job_create(message
),
359 this->receive_delay
);
360 return JOB_REQUEUE_DIRECT
;
364 hydra
->processor
->queue_job(hydra
->processor
,
365 (job_t
*)process_message_job_create(message
));
366 return JOB_REQUEUE_DIRECT
;
369 METHOD(receiver_t
, destroy
, void,
370 private_receiver_t
*this)
372 this->job
->cancel(this->job
);
373 this->rng
->destroy(this->rng
);
374 this->hasher
->destroy(this->hasher
);
379 * Described in header.
381 receiver_t
*receiver_create()
383 private_receiver_t
*this;
384 u_int32_t now
= time_monotonic(NULL
);
390 .secret_switch
= now
,
391 .secret_offset
= random() % now
,
394 if (lib
->settings
->get_bool(lib
->settings
, "charon.dos_protection", TRUE
))
396 this->cookie_threshold
= lib
->settings
->get_int(lib
->settings
,
397 "charon.cookie_threshold", COOKIE_THRESHOLD_DEFAULT
);
398 this->block_threshold
= lib
->settings
->get_int(lib
->settings
,
399 "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT
);
401 this->receive_delay
= lib
->settings
->get_int(lib
->settings
,
402 "charon.receive_delay", 0);
403 this->receive_delay_type
= lib
->settings
->get_int(lib
->settings
,
404 "charon.receive_delay_type", 0),
405 this->receive_delay_request
= lib
->settings
->get_bool(lib
->settings
,
406 "charon.receive_delay_request", TRUE
),
407 this->receive_delay_response
= lib
->settings
->get_int(lib
->settings
,
408 "charon.receive_delay_response", TRUE
),
410 this->hasher
= lib
->crypto
->create_hasher(lib
->crypto
, HASH_PREFERRED
);
411 if (this->hasher
== NULL
)
413 DBG1(DBG_NET
, "creating cookie hasher failed, no hashers supported");
417 this->rng
= lib
->crypto
->create_rng(lib
->crypto
, RNG_STRONG
);
418 if (this->rng
== NULL
)
420 DBG1(DBG_NET
, "creating cookie RNG failed, no RNG supported");
421 this->hasher
->destroy(this->hasher
);
425 this->rng
->get_bytes(this->rng
, SECRET_LENGTH
, this->secret
);
426 memcpy(this->secret_old
, this->secret
, SECRET_LENGTH
);
428 this->job
= callback_job_create((callback_job_cb_t
)receive_packets
,
430 hydra
->processor
->queue_job(hydra
->processor
, (job_t
*)this->job
);
432 return &this->public;