2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.48 2000/10/28 21:25:20 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
43 #include LINUX_IF_TUN_H
59 int taptype = TAP_TYPE_ETHERTAP;
61 int total_tap_out = 0;
62 int total_socket_in = 0;
63 int total_socket_out = 0;
65 config_t *upstreamcfg;
66 static int seconds_till_retry;
71 strip off the MAC adresses of an ethernet frame
73 void strip_mac_addresses(vpn_packet_t *p)
76 memmove(p->data, p->data + 12, p->len -= 12);
81 reassemble MAC addresses
83 void add_mac_addresses(vpn_packet_t *p)
86 memcpy(p->data + 12, p->data, p->len);
88 p->data[0] = p->data[6] = 0xfe;
89 p->data[1] = p->data[7] = 0xfd;
90 /* Really evil pointer stuff just below! */
91 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
92 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
96 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
101 outpkt.len = inpkt->len;
103 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
104 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
105 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
106 outlen += outpad + 2;
108 Do encryption when everything else is fixed...
110 outlen = outpkt.len + 2;
111 memcpy(&outpkt, inpkt, outlen);
113 if(debug_lvl >= DEBUG_TRAFFIC)
114 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
115 outlen, cl->name, cl->hostname);
117 total_socket_out += outlen;
121 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
123 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
124 cl->name, cl->hostname);
131 int xrecv(vpn_packet_t *inpkt)
136 outpkt.len = inpkt->len;
138 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
139 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
140 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
143 Do decryption is everything else is fixed...
145 outlen = outpkt.len+2;
146 memcpy(&outpkt, inpkt, outlen);
149 add_mac_addresses(&outpkt);
152 if(taptype == TAP_TYPE_TUNTAP)
154 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
155 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
157 total_tap_out += outpkt.len;
161 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
162 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
164 total_tap_out += outpkt.len + 2;
171 add the given packet of size s to the
172 queue q, be it the send or receive queue
174 void add_queue(packet_queue_t **q, void *packet, size_t s)
178 e = xmalloc(sizeof(*e));
179 e->packet = xmalloc(s);
180 memcpy(e->packet, packet, s);
184 *q = xmalloc(sizeof(**q));
185 (*q)->head = (*q)->tail = NULL;
188 e->next = NULL; /* We insert at the tail */
190 if((*q)->tail) /* Do we have a tail? */
192 (*q)->tail->next = e;
193 e->prev = (*q)->tail;
195 else /* No tail -> no head too */
205 /* Remove a queue element */
206 void del_queue(packet_queue_t **q, queue_element_t *e)
211 if(e->next) /* There is a successor, so we are not tail */
213 if(e->prev) /* There is a predecessor, so we are not head */
215 e->next->prev = e->prev;
216 e->prev->next = e->next;
218 else /* We are head */
220 e->next->prev = NULL;
221 (*q)->head = e->next;
224 else /* We are tail (or all alone!) */
226 if(e->prev) /* We are not alone :) */
228 e->prev->next = NULL;
229 (*q)->tail = e->prev;
243 flush a queue by calling function for
244 each packet, and removing it when that
245 returned a zero exit code
247 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
248 int (*function)(conn_list_t*,void*))
250 queue_element_t *p, *next = NULL;
252 for(p = (*pq)->head; p != NULL; )
256 if(!function(cl, p->packet))
262 if(debug_lvl >= DEBUG_TRAFFIC)
263 syslog(LOG_DEBUG, _("Queue flushed"));
268 flush the send&recv queues
269 void because nothing goes wrong here, packets
270 remain in the queue if something goes wrong
272 void flush_queues(conn_list_t *cl)
277 if(debug_lvl >= DEBUG_TRAFFIC)
278 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
279 cl->name, cl->hostname);
280 flush_queue(cl, &(cl->sq), xsend);
285 if(debug_lvl >= DEBUG_TRAFFIC)
286 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
287 cl->name, cl->hostname);
288 flush_queue(cl, &(cl->rq), xrecv);
294 send a packet to the given vpn ip.
296 int send_packet(ip_t to, vpn_packet_t *packet)
301 if((subnet = lookup_subnet_ipv4(to)) == NULL)
303 if(debug_lvl >= DEBUG_TRAFFIC)
305 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
314 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
316 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
318 if(!cl->status.dataopen)
319 if(setup_vpn_connection(cl) < 0)
321 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
322 cl->name, cl->hostname);
326 if(!cl->status.validkey)
328 /* Don't queue until everything else is fixed.
329 if(debug_lvl >= DEBUG_TRAFFIC)
330 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
331 cl->name, cl->hostname);
332 add_queue(&(cl->sq), packet, packet->len + 2);
334 if(!cl->status.waitingforkey)
335 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
339 if(!cl->status.active)
341 /* Don't queue until everything else is fixed.
342 if(debug_lvl >= DEBUG_TRAFFIC)
343 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
344 cl->name, cl->hostname);
345 add_queue(&(cl->sq), packet, packet->len + 2);
347 return 0; /* We don't want to mess up, do we? */
350 /* can we send it? can we? can we? huh? */
352 return xsend(cl, packet);
356 open the local ethertap device
358 int setup_tap_fd(void)
361 const char *tapfname;
367 if((cfg = get_config_val(config, tapdevice)))
368 tapfname = cfg->data.ptr;
371 tapfname = "/dev/misc/net/tun";
373 tapfname = "/dev/tap0";
376 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
378 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
384 taptype = TAP_TYPE_ETHERTAP;
387 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
388 memset(&ifr, 0, sizeof(ifr));
390 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
392 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
394 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
396 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
397 taptype = TAP_TYPE_TUNTAP;
399 if((cfg = get_config_val(config, tapsubnet)) == NULL)
400 syslog(LOG_INFO, _("tun/tap device will be left unconfigured"));
402 /* Setup inetaddr/netmask etc */;
406 /* Add name of network interface to environment (for scripts) */
408 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
409 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
418 set up the socket that we listen on for incoming
421 int setup_listen_meta_socket(int port)
424 struct sockaddr_in a;
428 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
430 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
434 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
436 syslog(LOG_ERR, _("setsockopt: %m"));
440 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
442 syslog(LOG_ERR, _("setsockopt: %m"));
446 flags = fcntl(nfd, F_GETFL);
447 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
449 syslog(LOG_ERR, _("fcntl: %m"));
453 if((cfg = get_config_val(config, interface)))
455 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
457 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
462 memset(&a, 0, sizeof(a));
463 a.sin_family = AF_INET;
464 a.sin_port = htons(port);
466 if((cfg = get_config_val(config, interfaceip)))
467 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
469 a.sin_addr.s_addr = htonl(INADDR_ANY);
471 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
473 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
479 syslog(LOG_ERR, _("listen: %m"));
487 setup the socket for incoming encrypted
490 int setup_vpn_in_socket(int port)
493 struct sockaddr_in a;
496 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
498 syslog(LOG_ERR, _("Creating socket failed: %m"));
502 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
504 syslog(LOG_ERR, _("setsockopt: %m"));
508 flags = fcntl(nfd, F_GETFL);
509 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
511 syslog(LOG_ERR, _("fcntl: %m"));
515 memset(&a, 0, sizeof(a));
516 a.sin_family = AF_INET;
517 a.sin_port = htons(port);
518 a.sin_addr.s_addr = htonl(INADDR_ANY);
520 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
522 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
530 setup an outgoing meta (tcp) socket
532 int setup_outgoing_meta_socket(conn_list_t *cl)
535 struct sockaddr_in a;
538 if(debug_lvl >= DEBUG_CONNECTIONS)
539 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
541 if((cfg = get_config_val(cl->config, port)) == NULL)
544 cl->port = cfg->data.val;
546 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
547 if(cl->meta_socket == -1)
549 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
550 cl->hostname, cl->port);
554 a.sin_family = AF_INET;
555 a.sin_port = htons(cl->port);
556 a.sin_addr.s_addr = htonl(cl->address);
558 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
560 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
564 flags = fcntl(cl->meta_socket, F_GETFL);
565 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
567 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
568 cl->hostname, cl->port);
572 if(debug_lvl >= DEBUG_CONNECTIONS)
573 syslog(LOG_INFO, _("Connected to %s port %hd"),
574 cl->hostname, cl->port);
582 setup an outgoing connection. It's not
583 necessary to also open an udp socket as
584 well, because the other host will initiate
585 an authentication sequence during which
586 we will do just that.
588 int setup_outgoing_connection(char *name)
596 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
600 ncn = new_conn_list();
601 asprintf(&ncn->name, "%s", name);
603 if(read_host_config(ncn))
605 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
610 if(!(cfg = get_config_val(ncn->config, address)))
612 syslog(LOG_ERR, _("No address specified for %s"));
617 if(!(h = gethostbyname(cfg->data.ptr)))
619 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
624 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
625 ncn->hostname = hostlookup(htonl(ncn->address));
627 if(setup_outgoing_meta_socket(ncn) < 0)
629 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
635 ncn->status.outgoing = 1;
636 ncn->buffer = xmalloc(MAXBUFSIZE);
638 ncn->last_ping_time = time(NULL);
649 Configure conn_list_t myself and set up the local sockets (listen only)
651 int setup_myself(void)
657 myself = new_conn_list();
659 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
661 myself->protocol_version = PROT_CURRENT;
663 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
665 syslog(LOG_ERR, _("Name for tinc daemon required!"));
669 asprintf(&myself->name, "%s", (char*)cfg->data.val);
671 if(check_id(myself->name))
673 syslog(LOG_ERR, _("Invalid name for myself!"));
677 if(!(cfg = get_config_val(config, privatekey)))
679 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
684 myself->rsa_key = RSA_new();
685 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
686 BN_hex2bn(&myself->rsa_key->e, "FFFF");
689 if(read_host_config(myself))
691 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
695 if(!(cfg = get_config_val(myself->config, publickey)))
697 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
702 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
705 if(RSA_check_key(myself->rsa_key) != 1)
707 syslog(LOG_ERR, _("Invalid public/private keypair!"));
711 if(!(cfg = get_config_val(myself->config, port)))
714 myself->port = cfg->data.val;
716 if((cfg = get_config_val(myself->config, indirectdata)))
717 if(cfg->data.val == stupid_true)
718 myself->flags |= EXPORTINDIRECTDATA;
720 if((cfg = get_config_val(myself->config, tcponly)))
721 if(cfg->data.val == stupid_true)
722 myself->flags |= TCPONLY;
724 /* Read in all the subnets specified in the host configuration file */
726 for(cfg = myself->config; cfg = get_config_val(cfg, subnet); cfg = cfg->next)
729 net->type = SUBNET_IPV4;
730 net->net.ipv4.address = cfg->data.ip->address;
731 net->net.ipv4.mask = cfg->data.ip->mask;
733 subnet_add(myself, net);
736 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
738 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
742 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
744 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
745 close(myself->meta_socket);
749 myself->status.active = 1;
751 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
757 sigalrm_handler(int a)
761 cfg = get_config_val(upstreamcfg, connectto);
763 if(!cfg && upstreamcfg == config)
764 /* No upstream IP given, we're listen only. */
769 upstreamcfg = cfg->next;
770 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
772 signal(SIGALRM, SIG_IGN);
775 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
778 signal(SIGALRM, sigalrm_handler);
779 upstreamcfg = config;
780 seconds_till_retry += 5;
781 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
782 seconds_till_retry = MAXTIMEOUT;
783 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
785 alarm(seconds_till_retry);
790 setup all initial network connections
792 int setup_network_connections(void)
797 if((cfg = get_config_val(config, pingtimeout)) == NULL)
800 timeout = cfg->data.val;
802 if(setup_tap_fd() < 0)
805 if(setup_myself() < 0)
808 /* Run tinc-up script to further initialize the tap interface */
810 asprintf(&scriptname, "%s/tinc-up", confbase);
815 execl(scriptname, NULL);
818 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
825 if(!(cfg = get_config_val(config, connectto)))
826 /* No upstream IP given, we're listen only. */
831 upstreamcfg = cfg->next;
832 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
834 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
837 signal(SIGALRM, sigalrm_handler);
838 upstreamcfg = config;
839 seconds_till_retry = MAXTIMEOUT;
840 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
841 alarm(seconds_till_retry);
847 close all open network connections
849 void close_network_connections(void)
854 for(p = conn_list; p != NULL; p = p->next)
856 if(p->status.dataopen)
858 shutdown(p->socket, 0); /* No more receptions */
864 shutdown(p->meta_socket, 0); /* No more receptions */
865 close(p->meta_socket);
870 if(myself->status.active)
872 close(myself->meta_socket);
873 close(myself->socket);
876 /* Execute tinc-down script right before shutting down the interface */
878 asprintf(&scriptname, "%s/tinc-down", confbase);
882 execl(scriptname, NULL);
885 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
895 syslog(LOG_NOTICE, _("Terminating"));
901 create a data (udp) socket
903 int setup_vpn_connection(conn_list_t *cl)
906 struct sockaddr_in a;
908 if(debug_lvl >= DEBUG_TRAFFIC)
909 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
911 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
914 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
918 a.sin_family = AF_INET;
919 a.sin_port = htons(cl->port);
920 a.sin_addr.s_addr = htonl(cl->address);
922 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
924 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
925 cl->hostname, cl->port);
929 flags = fcntl(nfd, F_GETFL);
930 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
932 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
933 cl->name, cl->hostname);
938 cl->status.dataopen = 1;
944 handle an incoming tcp connect call and open
947 conn_list_t *create_new_connection(int sfd)
950 struct sockaddr_in ci;
951 int len = sizeof(ci);
955 if(getpeername(sfd, &ci, &len) < 0)
957 syslog(LOG_ERR, _("Error: getpeername: %m"));
962 p->address = ntohl(ci.sin_addr.s_addr);
963 p->hostname = hostlookup(ci.sin_addr.s_addr);
964 p->meta_socket = sfd;
966 p->buffer = xmalloc(MAXBUFSIZE);
968 p->last_ping_time = time(NULL);
971 if(debug_lvl >= DEBUG_CONNECTIONS)
972 syslog(LOG_NOTICE, _("Connection from %s port %d"),
973 p->hostname, htons(ci.sin_port));
975 p->allow_request = ID;
981 put all file descriptors in an fd_set array
983 void build_fdset(fd_set *fs)
989 for(p = conn_list; p != NULL; p = p->next)
992 FD_SET(p->meta_socket, fs);
993 if(p->status.dataopen)
994 FD_SET(p->socket, fs);
997 FD_SET(myself->meta_socket, fs);
998 FD_SET(myself->socket, fs);
1004 receive incoming data from the listening
1005 udp socket and write it to the ethertap
1006 device after being decrypted
1008 int handle_incoming_vpn_data()
1012 int x, l = sizeof(x);
1013 struct sockaddr from;
1014 socklen_t fromlen = sizeof(from);
1016 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1018 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1019 __FILE__, __LINE__, myself->socket);
1024 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1028 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1030 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1034 if(debug_lvl >= DEBUG_TRAFFIC)
1036 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1037 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1045 terminate a connection and notify the other
1046 end before closing the sockets
1048 void terminate_connection(conn_list_t *cl)
1053 if(cl->status.remove)
1056 if(debug_lvl >= DEBUG_CONNECTIONS)
1057 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1058 cl->name, cl->hostname);
1063 close(cl->meta_socket);
1065 cl->status.remove = 1;
1067 /* If this cl isn't active, don't send any DEL_HOSTs. */
1069 /* FIXME: reprogram this.
1070 if(cl->status.active)
1071 notify_others(cl,NULL,send_del_host);
1075 /* Find all connections that were lost because they were behind cl
1076 (the connection that was dropped). */
1078 for(p = conn_list; p != NULL; p = p->next)
1080 if((p->nexthop == cl) && (p != cl))
1082 if(cl->status.active && p->status.active)
1083 /* FIXME: reprogram this
1084 notify_others(p,cl,send_del_host);
1088 p->status.active = 0;
1089 p->status.remove = 1;
1093 cl->status.active = 0;
1095 if(cl->status.outgoing)
1097 signal(SIGALRM, sigalrm_handler);
1098 seconds_till_retry = 5;
1099 alarm(seconds_till_retry);
1100 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1106 Check if the other end is active.
1107 If we have sent packets, but didn't receive any,
1108 then possibly the other end is dead. We send a
1109 PING request over the meta connection. If the other
1110 end does not reply in time, we consider them dead
1111 and close the connection.
1113 int check_dead_connections(void)
1119 for(p = conn_list; p != NULL; p = p->next)
1121 if(p->status.remove)
1123 if(p->status.active && p->status.meta)
1125 if(p->last_ping_time + timeout < now)
1127 if(p->status.pinged && !p->status.got_pong)
1129 if(debug_lvl >= DEBUG_PROTOCOL)
1130 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1131 p->name, p->hostname);
1132 p->status.timeout = 1;
1133 terminate_connection(p);
1135 else if(p->want_ping)
1138 p->last_ping_time = now;
1139 p->status.pinged = 1;
1140 p->status.got_pong = 0;
1150 accept a new tcp connect and create a
1153 int handle_new_meta_connection()
1156 struct sockaddr client;
1157 int nfd, len = sizeof(client);
1159 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1161 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1165 if(!(ncn = create_new_connection(nfd)))
1169 syslog(LOG_NOTICE, _("Closed attempted connection"));
1173 ncn->status.meta = 1;
1174 ncn->next = conn_list;
1181 check all connections to see if anything
1182 happened on their sockets
1184 void check_network_activity(fd_set *f)
1187 int x, l = sizeof(x);
1189 for(p = conn_list; p != NULL; p = p->next)
1191 if(p->status.remove)
1194 if(p->status.dataopen)
1195 if(FD_ISSET(p->socket, f))
1198 The only thing that can happen to get us here is apparently an
1199 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1200 something that will not trigger an error directly on send()).
1201 I've once got here when it said `No route to host'.
1203 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1204 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1205 p->name, p->hostname, strerror(x));
1206 terminate_connection(p);
1211 if(FD_ISSET(p->meta_socket, f))
1212 if(receive_meta(p) < 0)
1214 terminate_connection(p);
1219 if(FD_ISSET(myself->socket, f))
1220 handle_incoming_vpn_data();
1222 if(FD_ISSET(myself->meta_socket, f))
1223 handle_new_meta_connection();
1228 read, encrypt and send data that is
1229 available through the ethertap device
1231 void handle_tap_input(void)
1238 if(taptype == TAP_TYPE_TUNTAP)
1240 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1242 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1249 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1251 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1257 total_tap_in += lenin;
1261 if(debug_lvl >= DEBUG_TRAFFIC)
1262 syslog(LOG_WARNING, _("Received short packet from tap device"));
1266 if(debug_lvl >= DEBUG_TRAFFIC)
1268 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1271 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1276 this is where it all happens...
1278 void main_loop(void)
1283 time_t last_ping_check;
1285 last_ping_check = time(NULL);
1289 tv.tv_sec = timeout;
1295 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1297 if(errno != EINTR) /* because of alarm */
1299 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1307 /* FIXME: reprogram this.
1309 syslog(LOG_INFO, _("Rereading configuration file"));
1310 close_network_connections();
1312 if(read_config_file(&config, configfilename))
1314 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1318 setup_network_connections();
1323 if(last_ping_check + timeout < time(NULL))
1324 /* Let's check if everybody is still alive */
1326 check_dead_connections();
1327 last_ping_check = time(NULL);
1332 check_network_activity(&fset);
1334 /* local tap data */
1335 if(FD_ISSET(tap_fd, &fset))