2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.75 2000/11/16 17:54:27 zarq Exp $
28 #include <netinet/in.h>
32 #include <sys/signal.h>
34 #include <sys/types.h>
37 #include <sys/ioctl.h>
38 /* SunOS really wants sys/socket.h BEFORE net/if.h,
39 and FreeBSD wants these lines below the rest. */
40 #include <arpa/inet.h>
41 #include <sys/socket.h>
44 #ifdef HAVE_OPENSSL_RAND_H
45 # include <openssl/rand.h>
50 #ifdef HAVE_OPENSSL_EVP_H
51 # include <openssl/evp.h>
56 #ifdef HAVE_OPENSSL_ERR_H
57 # include <openssl/err.h>
63 #include LINUX_IF_TUN_H
82 int taptype = TAP_TYPE_ETHERTAP;
84 int total_tap_out = 0;
85 int total_socket_in = 0;
86 int total_socket_out = 0;
88 config_t *upstreamcfg;
89 static int seconds_till_retry;
98 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
104 outpkt.len = inpkt->len;
106 /* Encrypt the packet */
108 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
109 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
110 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
111 outlen += outpad + 2;
114 outlen = outpkt.len + 2;
115 memcpy(&outpkt, inpkt, outlen);
118 if(debug_lvl >= DEBUG_TRAFFIC)
119 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
120 outlen, cl->name, cl->hostname);
122 total_socket_out += outlen;
124 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
126 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
127 cl->name, cl->hostname);
134 int xrecv(conn_list_t *cl, vpn_packet_t *inpkt)
140 outpkt.len = inpkt->len;
142 /* Decrypt the packet */
144 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
145 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
146 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
150 outlen = outpkt.len+2;
151 memcpy(&outpkt, inpkt, outlen);
154 if(debug_lvl >= DEBUG_TRAFFIC)
155 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
158 /* Fix mac address */
160 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
162 if(taptype == TAP_TYPE_TUNTAP)
164 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
165 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
167 total_tap_out += outpkt.len;
171 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
172 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
174 total_tap_out += outpkt.len + 2;
181 add the given packet of size s to the
182 queue q, be it the send or receive queue
184 void add_queue(packet_queue_t **q, void *packet, size_t s)
188 e = xmalloc(sizeof(*e));
189 e->packet = xmalloc(s);
190 memcpy(e->packet, packet, s);
194 *q = xmalloc(sizeof(**q));
195 (*q)->head = (*q)->tail = NULL;
198 e->next = NULL; /* We insert at the tail */
200 if((*q)->tail) /* Do we have a tail? */
202 (*q)->tail->next = e;
203 e->prev = (*q)->tail;
205 else /* No tail -> no head too */
215 /* Remove a queue element */
216 void del_queue(packet_queue_t **q, queue_element_t *e)
221 if(e->next) /* There is a successor, so we are not tail */
223 if(e->prev) /* There is a predecessor, so we are not head */
225 e->next->prev = e->prev;
226 e->prev->next = e->next;
228 else /* We are head */
230 e->next->prev = NULL;
231 (*q)->head = e->next;
234 else /* We are tail (or all alone!) */
236 if(e->prev) /* We are not alone :) */
238 e->prev->next = NULL;
239 (*q)->tail = e->prev;
253 flush a queue by calling function for
254 each packet, and removing it when that
255 returned a zero exit code
257 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
258 int (*function)(conn_list_t*,vpn_packet_t*))
260 queue_element_t *p, *next = NULL;
262 for(p = (*pq)->head; p != NULL; )
266 if(!function(cl, p->packet))
272 if(debug_lvl >= DEBUG_TRAFFIC)
273 syslog(LOG_DEBUG, _("Queue flushed"));
278 flush the send&recv queues
279 void because nothing goes wrong here, packets
280 remain in the queue if something goes wrong
282 void flush_queues(conn_list_t *cl)
287 if(debug_lvl >= DEBUG_TRAFFIC)
288 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
289 cl->name, cl->hostname);
290 flush_queue(cl, &(cl->sq), xsend);
295 if(debug_lvl >= DEBUG_TRAFFIC)
296 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
297 cl->name, cl->hostname);
298 flush_queue(cl, &(cl->rq), xrecv);
304 send a packet to the given vpn ip.
306 int send_packet(ip_t to, vpn_packet_t *packet)
311 if((subnet = lookup_subnet_ipv4(to)) == NULL)
313 if(debug_lvl >= DEBUG_TRAFFIC)
315 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
326 if(debug_lvl >= DEBUG_TRAFFIC)
328 syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"),
335 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
337 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
339 /* Connections are now opened beforehand...
341 if(!cl->status.dataopen)
342 if(setup_vpn_connection(cl) < 0)
344 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
345 cl->name, cl->hostname);
350 if(!cl->status.validkey)
352 /* FIXME: Don't queue until everything else is fixed.
353 if(debug_lvl >= DEBUG_TRAFFIC)
354 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
355 cl->name, cl->hostname);
356 add_queue(&(cl->sq), packet, packet->len + 2);
358 if(!cl->status.waitingforkey)
359 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
363 if(!cl->status.active)
365 /* FIXME: Don't queue until everything else is fixed.
366 if(debug_lvl >= DEBUG_TRAFFIC)
367 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
368 cl->name, cl->hostname);
369 add_queue(&(cl->sq), packet, packet->len + 2);
371 return 0; /* We don't want to mess up, do we? */
374 /* can we send it? can we? can we? huh? */
376 return xsend(cl, packet);
380 open the local ethertap device
382 int setup_tap_fd(void)
385 const char *tapfname;
390 if((cfg = get_config_val(config, config_tapdevice)))
391 tapfname = cfg->data.ptr;
394 tapfname = "/dev/misc/net/tun";
396 tapfname = "/dev/tap0";
399 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
401 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
407 /* Set default MAC address for ethertap devices */
409 taptype = TAP_TYPE_ETHERTAP;
410 mymac.type = SUBNET_MAC;
411 mymac.net.mac.address.x[0] = 0xfe;
412 mymac.net.mac.address.x[1] = 0xfd;
413 mymac.net.mac.address.x[2] = 0x00;
414 mymac.net.mac.address.x[3] = 0x00;
415 mymac.net.mac.address.x[4] = 0x00;
416 mymac.net.mac.address.x[5] = 0x00;
419 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
420 memset(&ifr, 0, sizeof(ifr));
422 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
424 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
426 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
428 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
429 taptype = TAP_TYPE_TUNTAP;
437 set up the socket that we listen on for incoming
440 int setup_listen_meta_socket(int port)
443 struct sockaddr_in a;
447 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
449 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
453 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
456 syslog(LOG_ERR, _("System call `%s' failed: %m"),
461 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
464 syslog(LOG_ERR, _("System call `%s' failed: %m"),
469 flags = fcntl(nfd, F_GETFL);
470 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
473 syslog(LOG_ERR, _("System call `%s' failed: %m"),
478 if((cfg = get_config_val(config, config_interface)))
480 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
483 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
488 memset(&a, 0, sizeof(a));
489 a.sin_family = AF_INET;
490 a.sin_port = htons(port);
492 if((cfg = get_config_val(config, config_interfaceip)))
493 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
495 a.sin_addr.s_addr = htonl(INADDR_ANY);
497 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
500 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
507 syslog(LOG_ERR, _("System call `%s' failed: %m"),
516 setup the socket for incoming encrypted
519 int setup_vpn_in_socket(int port)
522 struct sockaddr_in a;
525 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
528 syslog(LOG_ERR, _("Creating socket failed: %m"));
532 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
535 syslog(LOG_ERR, _("System call `%s' failed: %m"),
540 flags = fcntl(nfd, F_GETFL);
541 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
544 syslog(LOG_ERR, _("System call `%s' failed: %m"),
549 memset(&a, 0, sizeof(a));
550 a.sin_family = AF_INET;
551 a.sin_port = htons(port);
552 a.sin_addr.s_addr = htonl(INADDR_ANY);
554 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
557 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
565 setup an outgoing meta (tcp) socket
567 int setup_outgoing_meta_socket(conn_list_t *cl)
570 struct sockaddr_in a;
573 if(debug_lvl >= DEBUG_CONNECTIONS)
574 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
576 if((cfg = get_config_val(cl->config, config_port)) == NULL)
579 cl->port = cfg->data.val;
581 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
582 if(cl->meta_socket == -1)
584 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
585 cl->hostname, cl->port);
589 a.sin_family = AF_INET;
590 a.sin_port = htons(cl->port);
591 a.sin_addr.s_addr = htonl(cl->address);
593 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
595 close(cl->meta_socket);
596 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
600 flags = fcntl(cl->meta_socket, F_GETFL);
601 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
603 close(cl->meta_socket);
604 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
605 cl->hostname, cl->port);
609 if(debug_lvl >= DEBUG_CONNECTIONS)
610 syslog(LOG_INFO, _("Connected to %s port %hd"),
611 cl->hostname, cl->port);
619 setup an outgoing connection. It's not
620 necessary to also open an udp socket as
621 well, because the other host will initiate
622 an authentication sequence during which
623 we will do just that.
625 int setup_outgoing_connection(char *name)
633 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
637 ncn = new_conn_list();
638 asprintf(&ncn->name, "%s", name);
640 if(read_host_config(ncn))
642 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
647 if(!(cfg = get_config_val(ncn->config, config_address)))
649 syslog(LOG_ERR, _("No address specified for %s"));
654 if(!(h = gethostbyname(cfg->data.ptr)))
656 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
661 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
662 ncn->hostname = hostlookup(htonl(ncn->address));
664 if(setup_outgoing_meta_socket(ncn) < 0)
666 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
672 ncn->status.outgoing = 1;
673 ncn->buffer = xmalloc(MAXBUFSIZE);
675 ncn->last_ping_time = time(NULL);
685 Configure conn_list_t myself and set up the local sockets (listen only)
687 int setup_myself(void)
693 myself = new_conn_list();
695 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
697 myself->protocol_version = PROT_CURRENT;
699 if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */
701 syslog(LOG_ERR, _("Name for tinc daemon required!"));
705 asprintf(&myself->name, "%s", (char*)cfg->data.val);
707 if(check_id(myself->name))
709 syslog(LOG_ERR, _("Invalid name for myself!"));
713 if(!(cfg = get_config_val(config, config_privatekey)))
715 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
720 myself->rsa_key = RSA_new();
721 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
722 BN_hex2bn(&myself->rsa_key->e, "FFFF");
725 if(read_host_config(myself))
727 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
731 if(!(cfg = get_config_val(myself->config, config_publickey)))
733 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
738 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
741 if(RSA_check_key(myself->rsa_key) != 1)
743 syslog(LOG_ERR, _("Invalid public/private keypair!"));
747 if(!(cfg = get_config_val(myself->config, config_port)))
750 myself->port = cfg->data.val;
752 if((cfg = get_config_val(myself->config, config_indirectdata)))
753 if(cfg->data.val == stupid_true)
754 myself->flags |= EXPORTINDIRECTDATA;
756 if((cfg = get_config_val(myself->config, config_tcponly)))
757 if(cfg->data.val == stupid_true)
758 myself->flags |= TCPONLY;
760 /* Read in all the subnets specified in the host configuration file */
762 for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next)
765 net->type = SUBNET_IPV4;
766 net->net.ipv4.address = cfg->data.ip->address;
767 net->net.ipv4.mask = cfg->data.ip->mask;
769 /* Teach newbies what subnets are... */
771 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
773 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
777 subnet_add(myself, net);
780 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
782 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
786 /* Generate packet encryption key */
788 myself->cipher_pkttype = EVP_bf_cfb();
790 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
792 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
793 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
795 if(!(cfg = get_config_val(config, config_keyexpire)))
798 keylifetime = cfg->data.val;
800 keyexpires = time(NULL) + keylifetime;
802 /* Activate ourselves */
804 myself->status.active = 1;
806 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
808 child_pids = list_new();
814 sigalrm_handler(int a)
818 cfg = get_config_val(upstreamcfg, config_connectto);
820 if(!cfg && upstreamcfg == config)
821 /* No upstream IP given, we're listen only. */
826 upstreamcfg = cfg->next;
827 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
829 signal(SIGALRM, SIG_IGN);
832 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
835 signal(SIGALRM, sigalrm_handler);
836 upstreamcfg = config;
837 seconds_till_retry += 5;
838 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
839 seconds_till_retry = MAXTIMEOUT;
840 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
842 alarm(seconds_till_retry);
847 setup all initial network connections
849 int setup_network_connections(void)
853 if((cfg = get_config_val(config, config_pingtimeout)) == NULL)
857 timeout = cfg->data.val;
864 if(setup_tap_fd() < 0)
867 if(setup_myself() < 0)
870 /* Run tinc-up script to further initialize the tap interface */
871 execute_script("tinc-up");
873 if(!(cfg = get_config_val(config, config_connectto)))
874 /* No upstream IP given, we're listen only. */
879 upstreamcfg = cfg->next;
880 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
882 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
885 signal(SIGALRM, sigalrm_handler);
886 upstreamcfg = config;
887 seconds_till_retry = MAXTIMEOUT;
888 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
889 alarm(seconds_till_retry);
895 close all open network connections
897 void close_network_connections(void)
901 for(p = conn_list; p != NULL; p = p->next)
903 p->status.active = 0;
904 terminate_connection(p);
908 if(myself->status.active)
910 close(myself->meta_socket);
911 free_conn_list(myself);
917 /* Execute tinc-down script right after shutting down the interface */
918 execute_script("tinc-down");
922 syslog(LOG_NOTICE, _("Terminating"));
928 create a data (udp) socket
930 int setup_vpn_connection(conn_list_t *cl)
933 struct sockaddr_in a;
936 if(debug_lvl >= DEBUG_TRAFFIC)
937 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
939 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
942 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
946 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
949 syslog(LOG_ERR, _("System call `%s' failed: %m"),
954 flags = fcntl(nfd, F_GETFL);
955 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
958 syslog(LOG_ERR, _("System call `%s' failed: %m"),
963 memset(&a, 0, sizeof(a));
964 a.sin_family = AF_INET;
965 a.sin_port = htons(myself->port);
966 a.sin_addr.s_addr = htonl(INADDR_ANY);
968 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
971 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port);
975 a.sin_family = AF_INET;
976 a.sin_port = htons(cl->port);
977 a.sin_addr.s_addr = htonl(cl->address);
979 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
982 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
983 cl->hostname, cl->port);
987 flags = fcntl(nfd, F_GETFL);
988 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
991 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
992 cl->name, cl->hostname);
997 cl->status.dataopen = 1;
1003 handle an incoming tcp connect call and open
1006 conn_list_t *create_new_connection(int sfd)
1009 struct sockaddr_in ci;
1010 int len = sizeof(ci);
1012 p = new_conn_list();
1014 if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0)
1016 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1022 p->address = ntohl(ci.sin_addr.s_addr);
1023 p->hostname = hostlookup(ci.sin_addr.s_addr);
1024 p->meta_socket = sfd;
1026 p->buffer = xmalloc(MAXBUFSIZE);
1028 p->last_ping_time = time(NULL);
1030 if(debug_lvl >= DEBUG_CONNECTIONS)
1031 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1032 p->hostname, htons(ci.sin_port));
1034 p->allow_request = ID;
1040 put all file descriptors in an fd_set array
1042 void build_fdset(fd_set *fs)
1048 for(p = conn_list; p != NULL; p = p->next)
1051 FD_SET(p->meta_socket, fs);
1052 if(p->status.dataopen)
1053 FD_SET(p->socket, fs);
1056 FD_SET(myself->meta_socket, fs);
1062 receive incoming data from the listening
1063 udp socket and write it to the ethertap
1064 device after being decrypted
1066 int handle_incoming_vpn_data(conn_list_t *cl)
1069 int x, l = sizeof(x);
1072 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1074 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1075 __FILE__, __LINE__, cl->socket);
1080 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1084 if((lenin = recv(cl->socket, (char *) &(pkt.len), MTU, 0)) <= 0)
1086 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1090 if(debug_lvl >= DEBUG_TRAFFIC)
1092 syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin,
1093 cl->name, cl->hostname);
1097 return xrecv(cl, &pkt);
1101 terminate a connection and notify the other
1102 end before closing the sockets
1104 void terminate_connection(conn_list_t *cl)
1109 if(cl->status.remove)
1112 cl->status.remove = 1;
1114 if(debug_lvl >= DEBUG_CONNECTIONS)
1115 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1116 cl->name, cl->hostname);
1121 close(cl->meta_socket);
1124 /* Find all connections that were lost because they were behind cl
1125 (the connection that was dropped). */
1128 for(p = conn_list; p != NULL; p = p->next)
1129 if((p->nexthop == cl) && (p != cl))
1130 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1132 /* Inform others of termination if it was still active */
1134 if(cl->status.active)
1135 for(p = conn_list; p != NULL; p = p->next)
1136 if(p->status.meta && p->status.active && p!=cl)
1137 send_del_host(p, cl);
1139 /* Remove the associated subnets */
1141 for(s = cl->subnets; s; s = s->next)
1144 /* Check if this was our outgoing connection */
1146 if(cl->status.outgoing && cl->status.active)
1148 signal(SIGALRM, sigalrm_handler);
1149 seconds_till_retry = 5;
1150 alarm(seconds_till_retry);
1151 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1156 cl->status.active = 0;
1161 Check if the other end is active.
1162 If we have sent packets, but didn't receive any,
1163 then possibly the other end is dead. We send a
1164 PING request over the meta connection. If the other
1165 end does not reply in time, we consider them dead
1166 and close the connection.
1168 int check_dead_connections(void)
1174 for(p = conn_list; p != NULL; p = p->next)
1176 if(p->status.active && p->status.meta)
1178 if(p->last_ping_time + timeout < now)
1180 if(p->status.pinged)
1182 if(debug_lvl >= DEBUG_PROTOCOL)
1183 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1184 p->name, p->hostname);
1185 p->status.timeout = 1;
1186 terminate_connection(p);
1200 accept a new tcp connect and create a
1203 int handle_new_meta_connection()
1206 struct sockaddr client;
1207 int nfd, len = sizeof(client);
1209 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1211 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1215 if(!(ncn = create_new_connection(nfd)))
1219 syslog(LOG_NOTICE, _("Closed attempted connection"));
1229 check all connections to see if anything
1230 happened on their sockets
1232 void check_network_activity(fd_set *f)
1236 for(p = conn_list; p != NULL; p = p->next)
1238 if(p->status.remove)
1241 if(p->status.dataopen)
1242 if(FD_ISSET(p->socket, f))
1244 handle_incoming_vpn_data(p);
1246 /* Old error stuff (FIXME: copy this to handle_incoming_vpn_data()
1248 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1249 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1250 p->name, p->hostname, strerror(x));
1251 terminate_connection(p);
1257 if(FD_ISSET(p->meta_socket, f))
1258 if(receive_meta(p) < 0)
1260 terminate_connection(p);
1265 if(FD_ISSET(myself->meta_socket, f))
1266 handle_new_meta_connection();
1271 read, encrypt and send data that is
1272 available through the ethertap device
1274 void handle_tap_input(void)
1279 if(taptype == TAP_TYPE_TUNTAP)
1281 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1283 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1290 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1292 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1298 total_tap_in += lenin;
1302 if(debug_lvl >= DEBUG_TRAFFIC)
1303 syslog(LOG_WARNING, _("Received short packet from tap device"));
1307 if(debug_lvl >= DEBUG_TRAFFIC)
1309 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1312 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1317 this is where it all happens...
1319 void main_loop(void)
1324 time_t last_ping_check;
1327 last_ping_check = time(NULL);
1331 tv.tv_sec = timeout;
1337 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1339 if(errno != EINTR) /* because of alarm */
1341 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1348 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1350 close_network_connections();
1351 clear_config(&config);
1353 if(read_server_config())
1355 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1361 if(setup_network_connections())
1369 /* Let's check if everybody is still alive */
1371 if(last_ping_check + timeout < t)
1373 check_dead_connections();
1374 last_ping_check = time(NULL);
1376 /* Should we regenerate our key? */
1380 if(debug_lvl >= DEBUG_STATUS)
1381 syslog(LOG_INFO, _("Regenerating symmetric key"));
1383 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1384 send_key_changed(myself, NULL);
1385 keyexpires = time(NULL) + keylifetime;
1391 check_network_activity(&fset);
1393 /* local tap data */
1394 if(FD_ISSET(tap_fd, &fset))