2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.47 2000/10/28 21:05:17 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
43 #include LINUX_IF_TUN_H
61 int total_tap_out = 0;
62 int total_socket_in = 0;
63 int total_socket_out = 0;
65 config_t *upstreamcfg;
66 static int seconds_till_retry;
71 strip off the MAC adresses of an ethernet frame
73 void strip_mac_addresses(vpn_packet_t *p)
76 memmove(p->data, p->data + 12, p->len -= 12);
81 reassemble MAC addresses
83 void add_mac_addresses(vpn_packet_t *p)
86 memcpy(p->data + 12, p->data, p->len);
88 p->data[0] = p->data[6] = 0xfe;
89 p->data[1] = p->data[7] = 0xfd;
90 /* Really evil pointer stuff just below! */
91 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
92 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
96 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
101 outpkt.len = inpkt->len;
103 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
104 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
105 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
106 outlen += outpad + 2;
108 Do encryption when everything else is fixed...
110 outlen = outpkt.len + 2;
111 memcpy(&outpkt, inpkt, outlen);
113 if(debug_lvl >= DEBUG_TRAFFIC)
114 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
115 outlen, cl->name, cl->hostname);
117 total_socket_out += outlen;
121 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
123 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
124 cl->name, cl->hostname);
131 int xrecv(vpn_packet_t *inpkt)
136 outpkt.len = inpkt->len;
138 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
139 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
140 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
143 Do decryption is everything else is fixed...
145 outlen = outpkt.len+2;
146 memcpy(&outpkt, inpkt, outlen);
149 add_mac_addresses(&outpkt);
152 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
153 syslog(LOG_ERR, _("Can't write to tap device: %m"));
155 total_tap_out += outpkt.len;
161 add the given packet of size s to the
162 queue q, be it the send or receive queue
164 void add_queue(packet_queue_t **q, void *packet, size_t s)
168 e = xmalloc(sizeof(*e));
169 e->packet = xmalloc(s);
170 memcpy(e->packet, packet, s);
174 *q = xmalloc(sizeof(**q));
175 (*q)->head = (*q)->tail = NULL;
178 e->next = NULL; /* We insert at the tail */
180 if((*q)->tail) /* Do we have a tail? */
182 (*q)->tail->next = e;
183 e->prev = (*q)->tail;
185 else /* No tail -> no head too */
195 /* Remove a queue element */
196 void del_queue(packet_queue_t **q, queue_element_t *e)
201 if(e->next) /* There is a successor, so we are not tail */
203 if(e->prev) /* There is a predecessor, so we are not head */
205 e->next->prev = e->prev;
206 e->prev->next = e->next;
208 else /* We are head */
210 e->next->prev = NULL;
211 (*q)->head = e->next;
214 else /* We are tail (or all alone!) */
216 if(e->prev) /* We are not alone :) */
218 e->prev->next = NULL;
219 (*q)->tail = e->prev;
233 flush a queue by calling function for
234 each packet, and removing it when that
235 returned a zero exit code
237 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
238 int (*function)(conn_list_t*,void*))
240 queue_element_t *p, *next = NULL;
242 for(p = (*pq)->head; p != NULL; )
246 if(!function(cl, p->packet))
252 if(debug_lvl >= DEBUG_TRAFFIC)
253 syslog(LOG_DEBUG, _("Queue flushed"));
258 flush the send&recv queues
259 void because nothing goes wrong here, packets
260 remain in the queue if something goes wrong
262 void flush_queues(conn_list_t *cl)
267 if(debug_lvl >= DEBUG_TRAFFIC)
268 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
269 cl->name, cl->hostname);
270 flush_queue(cl, &(cl->sq), xsend);
275 if(debug_lvl >= DEBUG_TRAFFIC)
276 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
277 cl->name, cl->hostname);
278 flush_queue(cl, &(cl->rq), xrecv);
284 send a packet to the given vpn ip.
286 int send_packet(ip_t to, vpn_packet_t *packet)
291 if((subnet = lookup_subnet_ipv4(to)) == NULL)
293 if(debug_lvl >= DEBUG_TRAFFIC)
295 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
304 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
306 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
308 if(!cl->status.dataopen)
309 if(setup_vpn_connection(cl) < 0)
311 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
312 cl->name, cl->hostname);
316 if(!cl->status.validkey)
318 /* Don't queue until everything else is fixed.
319 if(debug_lvl >= DEBUG_TRAFFIC)
320 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
321 cl->name, cl->hostname);
322 add_queue(&(cl->sq), packet, packet->len + 2);
324 if(!cl->status.waitingforkey)
325 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
329 if(!cl->status.active)
331 /* Don't queue until everything else is fixed.
332 if(debug_lvl >= DEBUG_TRAFFIC)
333 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
334 cl->name, cl->hostname);
335 add_queue(&(cl->sq), packet, packet->len + 2);
337 return 0; /* We don't want to mess up, do we? */
340 /* can we send it? can we? can we? huh? */
342 return xsend(cl, packet);
346 open the local ethertap device
348 int setup_tap_fd(void)
351 const char *tapfname;
357 if((cfg = get_config_val(config, tapdevice)))
358 tapfname = cfg->data.ptr;
361 tapfname = "/dev/misc/net/tun";
363 tapfname = "/dev/tap0";
366 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
368 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
377 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
378 memset(&ifr, 0, sizeof(ifr));
380 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
382 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
384 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
386 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
389 if((cfg = get_config_val(config, tapsubnet)) == NULL)
390 syslog(LOG_INFO, _("tun/tap device will be left unconfigured"));
392 /* Setup inetaddr/netmask etc */;
396 /* Add name of network interface to environment (for scripts) */
398 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
399 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
408 set up the socket that we listen on for incoming
411 int setup_listen_meta_socket(int port)
414 struct sockaddr_in a;
418 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
420 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
424 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
426 syslog(LOG_ERR, _("setsockopt: %m"));
430 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
432 syslog(LOG_ERR, _("setsockopt: %m"));
436 flags = fcntl(nfd, F_GETFL);
437 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
439 syslog(LOG_ERR, _("fcntl: %m"));
443 if((cfg = get_config_val(config, interface)))
445 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
447 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
452 memset(&a, 0, sizeof(a));
453 a.sin_family = AF_INET;
454 a.sin_port = htons(port);
456 if((cfg = get_config_val(config, interfaceip)))
457 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
459 a.sin_addr.s_addr = htonl(INADDR_ANY);
461 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
463 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
469 syslog(LOG_ERR, _("listen: %m"));
477 setup the socket for incoming encrypted
480 int setup_vpn_in_socket(int port)
483 struct sockaddr_in a;
486 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
488 syslog(LOG_ERR, _("Creating socket failed: %m"));
492 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
494 syslog(LOG_ERR, _("setsockopt: %m"));
498 flags = fcntl(nfd, F_GETFL);
499 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
501 syslog(LOG_ERR, _("fcntl: %m"));
505 memset(&a, 0, sizeof(a));
506 a.sin_family = AF_INET;
507 a.sin_port = htons(port);
508 a.sin_addr.s_addr = htonl(INADDR_ANY);
510 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
512 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
520 setup an outgoing meta (tcp) socket
522 int setup_outgoing_meta_socket(conn_list_t *cl)
525 struct sockaddr_in a;
528 if(debug_lvl >= DEBUG_CONNECTIONS)
529 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
531 if((cfg = get_config_val(cl->config, port)) == NULL)
534 cl->port = cfg->data.val;
536 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
537 if(cl->meta_socket == -1)
539 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
540 cl->hostname, cl->port);
544 a.sin_family = AF_INET;
545 a.sin_port = htons(cl->port);
546 a.sin_addr.s_addr = htonl(cl->address);
548 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
550 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
554 flags = fcntl(cl->meta_socket, F_GETFL);
555 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
557 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
558 cl->hostname, cl->port);
562 if(debug_lvl >= DEBUG_CONNECTIONS)
563 syslog(LOG_INFO, _("Connected to %s port %hd"),
564 cl->hostname, cl->port);
572 setup an outgoing connection. It's not
573 necessary to also open an udp socket as
574 well, because the other host will initiate
575 an authentication sequence during which
576 we will do just that.
578 int setup_outgoing_connection(char *name)
586 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
590 ncn = new_conn_list();
591 asprintf(&ncn->name, "%s", name);
593 if(read_host_config(ncn))
595 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
600 if(!(cfg = get_config_val(ncn->config, address)))
602 syslog(LOG_ERR, _("No address specified for %s"));
607 if(!(h = gethostbyname(cfg->data.ptr)))
609 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
614 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
615 ncn->hostname = hostlookup(htonl(ncn->address));
617 if(setup_outgoing_meta_socket(ncn) < 0)
619 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
625 ncn->status.outgoing = 1;
626 ncn->buffer = xmalloc(MAXBUFSIZE);
628 ncn->last_ping_time = time(NULL);
639 Configure conn_list_t myself and set up the local sockets (listen only)
641 int setup_myself(void)
647 myself = new_conn_list();
649 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
651 myself->protocol_version = PROT_CURRENT;
653 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
655 syslog(LOG_ERR, _("Name for tinc daemon required!"));
659 asprintf(&myself->name, "%s", (char*)cfg->data.val);
661 if(check_id(myself->name))
663 syslog(LOG_ERR, _("Invalid name for myself!"));
667 if(!(cfg = get_config_val(config, privatekey)))
669 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
674 myself->rsa_key = RSA_new();
675 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
676 BN_hex2bn(&myself->rsa_key->e, "FFFF");
679 if(read_host_config(myself))
681 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
685 if(!(cfg = get_config_val(myself->config, publickey)))
687 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
692 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
695 if(RSA_check_key(myself->rsa_key) != 1)
697 syslog(LOG_ERR, _("Invalid public/private keypair!"));
701 if(!(cfg = get_config_val(myself->config, port)))
704 myself->port = cfg->data.val;
706 if((cfg = get_config_val(myself->config, indirectdata)))
707 if(cfg->data.val == stupid_true)
708 myself->flags |= EXPORTINDIRECTDATA;
710 if((cfg = get_config_val(myself->config, tcponly)))
711 if(cfg->data.val == stupid_true)
712 myself->flags |= TCPONLY;
714 /* Read in all the subnets specified in the host configuration file */
716 for(cfg = myself->config; cfg = get_config_val(cfg, subnet); cfg = cfg->next)
719 net->type = SUBNET_IPV4;
720 net->net.ipv4.address = cfg->data.ip->address;
721 net->net.ipv4.mask = cfg->data.ip->mask;
723 subnet_add(myself, net);
726 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
728 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
732 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
734 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
735 close(myself->meta_socket);
739 myself->status.active = 1;
741 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
747 sigalrm_handler(int a)
751 cfg = get_config_val(upstreamcfg, connectto);
753 if(!cfg && upstreamcfg == config)
754 /* No upstream IP given, we're listen only. */
759 upstreamcfg = cfg->next;
760 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
762 signal(SIGALRM, SIG_IGN);
765 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
768 signal(SIGALRM, sigalrm_handler);
769 upstreamcfg = config;
770 seconds_till_retry += 5;
771 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
772 seconds_till_retry = MAXTIMEOUT;
773 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
775 alarm(seconds_till_retry);
780 setup all initial network connections
782 int setup_network_connections(void)
787 if((cfg = get_config_val(config, pingtimeout)) == NULL)
790 timeout = cfg->data.val;
792 if(setup_tap_fd() < 0)
795 if(setup_myself() < 0)
798 /* Run tinc-up script to further initialize the tap interface */
800 asprintf(&scriptname, "%s/tinc-up", confbase);
805 execl(scriptname, NULL);
808 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
815 if(!(cfg = get_config_val(config, connectto)))
816 /* No upstream IP given, we're listen only. */
821 upstreamcfg = cfg->next;
822 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
824 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
827 signal(SIGALRM, sigalrm_handler);
828 upstreamcfg = config;
829 seconds_till_retry = MAXTIMEOUT;
830 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
831 alarm(seconds_till_retry);
837 close all open network connections
839 void close_network_connections(void)
844 for(p = conn_list; p != NULL; p = p->next)
846 if(p->status.dataopen)
848 shutdown(p->socket, 0); /* No more receptions */
854 shutdown(p->meta_socket, 0); /* No more receptions */
855 close(p->meta_socket);
860 if(myself->status.active)
862 close(myself->meta_socket);
863 close(myself->socket);
866 /* Execute tinc-down script right before shutting down the interface */
868 asprintf(&scriptname, "%s/tinc-down", confbase);
872 execl(scriptname, NULL);
875 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
885 syslog(LOG_NOTICE, _("Terminating"));
891 create a data (udp) socket
893 int setup_vpn_connection(conn_list_t *cl)
896 struct sockaddr_in a;
898 if(debug_lvl >= DEBUG_TRAFFIC)
899 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
901 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
904 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
908 a.sin_family = AF_INET;
909 a.sin_port = htons(cl->port);
910 a.sin_addr.s_addr = htonl(cl->address);
912 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
914 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
915 cl->hostname, cl->port);
919 flags = fcntl(nfd, F_GETFL);
920 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
922 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
923 cl->name, cl->hostname);
928 cl->status.dataopen = 1;
934 handle an incoming tcp connect call and open
937 conn_list_t *create_new_connection(int sfd)
940 struct sockaddr_in ci;
941 int len = sizeof(ci);
945 if(getpeername(sfd, &ci, &len) < 0)
947 syslog(LOG_ERR, _("Error: getpeername: %m"));
952 p->address = ntohl(ci.sin_addr.s_addr);
953 p->hostname = hostlookup(ci.sin_addr.s_addr);
954 p->meta_socket = sfd;
956 p->buffer = xmalloc(MAXBUFSIZE);
958 p->last_ping_time = time(NULL);
961 if(debug_lvl >= DEBUG_CONNECTIONS)
962 syslog(LOG_NOTICE, _("Connection from %s port %d"),
963 p->hostname, htons(ci.sin_port));
965 p->allow_request = ID;
971 put all file descriptors in an fd_set array
973 void build_fdset(fd_set *fs)
979 for(p = conn_list; p != NULL; p = p->next)
982 FD_SET(p->meta_socket, fs);
983 if(p->status.dataopen)
984 FD_SET(p->socket, fs);
987 FD_SET(myself->meta_socket, fs);
988 FD_SET(myself->socket, fs);
994 receive incoming data from the listening
995 udp socket and write it to the ethertap
996 device after being decrypted
998 int handle_incoming_vpn_data()
1002 int x, l = sizeof(x);
1003 struct sockaddr from;
1004 socklen_t fromlen = sizeof(from);
1006 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1008 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1009 __FILE__, __LINE__, myself->socket);
1014 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1018 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1020 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1024 if(debug_lvl >= DEBUG_TRAFFIC)
1026 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1027 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1035 terminate a connection and notify the other
1036 end before closing the sockets
1038 void terminate_connection(conn_list_t *cl)
1043 if(cl->status.remove)
1046 if(debug_lvl >= DEBUG_CONNECTIONS)
1047 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1048 cl->name, cl->hostname);
1053 close(cl->meta_socket);
1055 cl->status.remove = 1;
1057 /* If this cl isn't active, don't send any DEL_HOSTs. */
1059 /* FIXME: reprogram this.
1060 if(cl->status.active)
1061 notify_others(cl,NULL,send_del_host);
1065 /* Find all connections that were lost because they were behind cl
1066 (the connection that was dropped). */
1068 for(p = conn_list; p != NULL; p = p->next)
1070 if((p->nexthop == cl) && (p != cl))
1072 if(cl->status.active && p->status.active)
1073 /* FIXME: reprogram this
1074 notify_others(p,cl,send_del_host);
1078 p->status.active = 0;
1079 p->status.remove = 1;
1083 cl->status.active = 0;
1085 if(cl->status.outgoing)
1087 signal(SIGALRM, sigalrm_handler);
1088 seconds_till_retry = 5;
1089 alarm(seconds_till_retry);
1090 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1096 Check if the other end is active.
1097 If we have sent packets, but didn't receive any,
1098 then possibly the other end is dead. We send a
1099 PING request over the meta connection. If the other
1100 end does not reply in time, we consider them dead
1101 and close the connection.
1103 int check_dead_connections(void)
1109 for(p = conn_list; p != NULL; p = p->next)
1111 if(p->status.remove)
1113 if(p->status.active && p->status.meta)
1115 if(p->last_ping_time + timeout < now)
1117 if(p->status.pinged && !p->status.got_pong)
1119 if(debug_lvl >= DEBUG_PROTOCOL)
1120 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1121 p->name, p->hostname);
1122 p->status.timeout = 1;
1123 terminate_connection(p);
1125 else if(p->want_ping)
1128 p->last_ping_time = now;
1129 p->status.pinged = 1;
1130 p->status.got_pong = 0;
1140 accept a new tcp connect and create a
1143 int handle_new_meta_connection()
1146 struct sockaddr client;
1147 int nfd, len = sizeof(client);
1149 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1151 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1155 if(!(ncn = create_new_connection(nfd)))
1159 syslog(LOG_NOTICE, _("Closed attempted connection"));
1163 ncn->status.meta = 1;
1164 ncn->next = conn_list;
1171 check all connections to see if anything
1172 happened on their sockets
1174 void check_network_activity(fd_set *f)
1177 int x, l = sizeof(x);
1179 for(p = conn_list; p != NULL; p = p->next)
1181 if(p->status.remove)
1184 if(p->status.dataopen)
1185 if(FD_ISSET(p->socket, f))
1188 The only thing that can happen to get us here is apparently an
1189 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1190 something that will not trigger an error directly on send()).
1191 I've once got here when it said `No route to host'.
1193 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1194 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1195 p->name, p->hostname, strerror(x));
1196 terminate_connection(p);
1201 if(FD_ISSET(p->meta_socket, f))
1202 if(receive_meta(p) < 0)
1204 terminate_connection(p);
1209 if(FD_ISSET(myself->socket, f))
1210 handle_incoming_vpn_data();
1212 if(FD_ISSET(myself->meta_socket, f))
1213 handle_new_meta_connection();
1218 read, encrypt and send data that is
1219 available through the ethertap device
1221 void handle_tap_input(void)
1230 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1232 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1239 if((lenin = read(tap_fd, &vp.len, MTU)) <= 0)
1241 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1244 // vp.len = lenin - 2;
1247 total_tap_in += lenin;
1251 if(debug_lvl >= DEBUG_TRAFFIC)
1252 syslog(LOG_WARNING, _("Received short packet from tap device"));
1256 if(debug_lvl >= DEBUG_TRAFFIC)
1258 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1261 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1266 this is where it all happens...
1268 void main_loop(void)
1273 time_t last_ping_check;
1275 last_ping_check = time(NULL);
1279 tv.tv_sec = timeout;
1285 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1287 if(errno != EINTR) /* because of alarm */
1289 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1297 /* FIXME: reprogram this.
1299 syslog(LOG_INFO, _("Rereading configuration file"));
1300 close_network_connections();
1302 if(read_config_file(&config, configfilename))
1304 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1308 setup_network_connections();
1313 if(last_ping_check + timeout < time(NULL))
1314 /* Let's check if everybody is still alive */
1316 check_dead_connections();
1317 last_ping_check = time(NULL);
1322 check_network_activity(&fset);
1324 /* local tap data */
1325 if(FD_ISSET(tap_fd, &fset))