2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.23 2000/08/08 13:47:56 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
107 ntohs(rp.len), cl->vpn_hostname, cl->real_hostname);
109 total_socket_out += ntohs(rp.len);
113 if((cl->flags | myself->flags) & TCPONLY)
114 return send_tcppacket(cl, (void*)&rp, ntohs(rp.len));
116 if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
118 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
119 cl->vpn_hostname, cl->real_hostname);
126 int xrecv(conn_list_t *cl, void *packet)
131 do_decrypt((real_packet_t*)packet, &vp, cl->key);
132 add_mac_addresses(&vp);
135 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
136 ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname);
138 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
139 syslog(LOG_ERR, _("Can't write to tap device: %m"));
141 total_tap_out += lenin;
144 cl->last_ping_time = time(NULL);
150 add the given packet of size s to the
151 queue q, be it the send or receive queue
153 void add_queue(packet_queue_t **q, void *packet, size_t s)
157 e = xmalloc(sizeof(*e));
158 e->packet = xmalloc(s);
159 memcpy(e->packet, packet, s);
163 *q = xmalloc(sizeof(**q));
164 (*q)->head = (*q)->tail = NULL;
167 e->next = NULL; /* We insert at the tail */
169 if((*q)->tail) /* Do we have a tail? */
171 (*q)->tail->next = e;
172 e->prev = (*q)->tail;
174 else /* No tail -> no head too */
184 /* Remove a queue element */
185 void del_queue(packet_queue_t **q, queue_element_t *e)
190 if(e->next) /* There is a successor, so we are not tail */
192 if(e->prev) /* There is a predecessor, so we are not head */
194 e->next->prev = e->prev;
195 e->prev->next = e->next;
197 else /* We are head */
199 e->next->prev = NULL;
200 (*q)->head = e->next;
203 else /* We are tail (or all alone!) */
205 if(e->prev) /* We are not alone :) */
207 e->prev->next = NULL;
208 (*q)->tail = e->prev;
222 flush a queue by calling function for
223 each packet, and removing it when that
224 returned a zero exit code
226 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
227 int (*function)(conn_list_t*,void*))
229 queue_element_t *p, *next = NULL;
231 for(p = (*pq)->head; p != NULL; )
235 if(!function(cl, p->packet))
242 syslog(LOG_DEBUG, _("Queue flushed"));
247 flush the send&recv queues
248 void because nothing goes wrong here, packets
249 remain in the queue if something goes wrong
251 void flush_queues(conn_list_t *cl)
257 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
258 cl->vpn_hostname, cl->real_hostname);
259 flush_queue(cl, &(cl->sq), xsend);
265 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
266 cl->vpn_hostname, cl->real_hostname);
267 flush_queue(cl, &(cl->rq), xrecv);
273 send a packet to the given vpn ip.
275 int send_packet(ip_t to, vpn_packet_t *packet)
279 if((cl = lookup_conn(to)) == NULL)
283 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
287 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
291 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
293 { /* No open outgoing connection has been found. */
295 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
300 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
302 if(myself->flags & EXPORTINDIRECTDATA)
304 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
306 { /* No open outgoing connection has been found. */
308 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
314 /* If indirectdata flag is set for the destination we just looked up,
315 * then real_ip is actually the vpn_ip of the gateway tincd
319 if(cl->flags & INDIRECTDATA)
322 syslog(LOG_NOTICE, _("Indirect packet to %s via %s"),
323 cl->vpn_hostname, cl->real_hostname);
324 if((cl = lookup_conn(cl->real_ip)) == NULL)
327 syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"),
330 /* Gateway tincd dead? Should we kill it? (GS) */
334 if(cl->flags & INDIRECTDATA) /* This should not happen */
337 syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"),
343 if(my_key_expiry <= time(NULL))
346 if(!cl->status.dataopen)
347 if(setup_vpn_connection(cl) < 0)
349 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->vpn_hostname, cl->real_hostname);
353 if(!cl->status.validkey)
356 syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->vpn_hostname, cl->real_hostname);
357 add_queue(&(cl->sq), packet, packet->len + 2);
358 if(!cl->status.waitingforkey)
359 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
363 if(!cl->status.active)
366 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->vpn_hostname, cl->real_hostname);
367 add_queue(&(cl->sq), packet, packet->len + 2);
368 return 0; /* We don't want to mess up, do we? */
371 /* can we send it? can we? can we? huh? */
373 return xsend(cl, packet);
377 open the local ethertap device
379 int setup_tap_fd(void)
382 const char *tapfname;
385 if((cfg = get_config_val(tapdevice)) == NULL)
386 tapfname = "/dev/tap0";
388 tapfname = cfg->data.ptr;
390 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
392 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
402 set up the socket that we listen on for incoming
405 int setup_listen_meta_socket(int port)
408 struct sockaddr_in a;
411 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
413 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
417 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
419 syslog(LOG_ERR, _("setsockopt: %m"));
423 flags = fcntl(nfd, F_GETFL);
424 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
426 syslog(LOG_ERR, _("fcntl: %m"));
430 memset(&a, 0, sizeof(a));
431 a.sin_family = AF_INET;
432 a.sin_port = htons(port);
433 a.sin_addr.s_addr = htonl(INADDR_ANY);
435 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
437 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
443 syslog(LOG_ERR, _("listen: %m"));
451 setup the socket for incoming encrypted
454 int setup_vpn_in_socket(int port)
457 struct sockaddr_in a;
460 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
462 syslog(LOG_ERR, _("Creating socket failed: %m"));
466 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
468 syslog(LOG_ERR, _("setsockopt: %m"));
472 flags = fcntl(nfd, F_GETFL);
473 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
475 syslog(LOG_ERR, _("fcntl: %m"));
479 memset(&a, 0, sizeof(a));
480 a.sin_family = AF_INET;
481 a.sin_port = htons(port);
482 a.sin_addr.s_addr = htonl(INADDR_ANY);
484 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
486 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
494 setup an outgoing meta (tcp) socket
496 int setup_outgoing_meta_socket(conn_list_t *cl)
499 struct sockaddr_in a;
503 syslog(LOG_INFO, _("Trying to connect to %s"), cl->real_hostname);
505 if((cfg = get_config_val(upstreamport)) == NULL)
508 cl->port = cfg->data.val;
510 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
511 if(cl->meta_socket == -1)
513 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
514 cl->real_hostname, cl->port);
518 a.sin_family = AF_INET;
519 a.sin_port = htons(cl->port);
520 a.sin_addr.s_addr = htonl(cl->real_ip);
522 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
524 syslog(LOG_ERR, _("%s port %hd: %m"), cl->real_hostname, cl->port);
528 flags = fcntl(cl->meta_socket, F_GETFL);
529 /* if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
531 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
532 cl->real_hostname, cl->port);
537 syslog(LOG_INFO, _("Connected to %s port %hd"),
538 cl->real_hostname, cl->port);
544 setup an outgoing connection. It's not
545 necessary to also open an udp socket as
546 well, because the other host will initiate
547 an authentication sequence during which
548 we will do just that.
550 int setup_outgoing_connection(char *hostname)
555 if(!(h = gethostbyname(hostname)))
557 syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname);
561 ncn = new_conn_list();
562 ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0])));
563 ncn->real_hostname = hostlookup(htonl(ncn->real_ip));
565 if(setup_outgoing_meta_socket(ncn) < 0)
567 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
569 free_conn_element(ncn);
573 ncn->status.meta = 1;
574 ncn->status.outgoing = 1;
575 ncn->next = conn_list;
582 set up the local sockets (listen only)
584 int setup_myself(void)
588 myself = new_conn_list();
590 if(!(cfg = get_config_val(myvpnip)))
592 syslog(LOG_ERR, _("No value for my VPN IP given"));
596 myself->vpn_ip = cfg->data.ip->ip;
597 myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip));
598 myself->real_hostname = hostlookup(htonl(myself->vpn_ip));
599 myself->vpn_mask = cfg->data.ip->mask;
602 if(!(cfg = get_config_val(listenport)))
605 myself->port = cfg->data.val;
607 if((cfg = get_config_val(indirectdata)))
608 if(cfg->data.val == stupid_true)
609 myself->flags |= EXPORTINDIRECTDATA;
611 if((cfg = get_config_val(tcponly)))
612 if(cfg->data.val == stupid_true)
613 myself->flags |= TCPONLY;
615 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
617 syslog(LOG_ERR, _("Unable to set up a listening socket"));
621 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
623 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
624 close(myself->meta_socket);
628 myself->status.active = 1;
630 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
636 sigalrm_handler(int a)
640 cfg = get_next_config_val(upstreamip, upstreamindex++);
644 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
646 signal(SIGALRM, SIG_IGN);
649 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
652 signal(SIGALRM, sigalrm_handler);
654 seconds_till_retry += 5;
655 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
656 seconds_till_retry = MAXTIMEOUT;
657 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
659 alarm(seconds_till_retry);
664 setup all initial network connections
666 int setup_network_connections(void)
670 if((cfg = get_config_val(pingtimeout)) == NULL)
673 timeout = cfg->data.val;
675 if(setup_tap_fd() < 0)
678 if(setup_myself() < 0)
681 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
682 /* No upstream IP given, we're listen only. */
687 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
689 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
692 signal(SIGALRM, sigalrm_handler);
694 seconds_till_retry = MAXTIMEOUT;
695 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
696 alarm(seconds_till_retry);
702 close all open network connections
704 void close_network_connections(void)
708 for(p = conn_list; p != NULL; p = p->next)
710 if(p->status.dataopen)
712 shutdown(p->socket, 0); /* No more receptions */
718 shutdown(p->meta_socket, 0); /* No more receptions */
719 close(p->meta_socket);
724 if(myself->status.active)
726 close(myself->meta_socket);
727 close(myself->socket);
733 syslog(LOG_NOTICE, _("Terminating"));
739 create a data (udp) socket
741 int setup_vpn_connection(conn_list_t *cl)
744 struct sockaddr_in a;
747 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->real_hostname);
749 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
752 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
756 a.sin_family = AF_INET;
757 a.sin_port = htons(cl->port);
758 a.sin_addr.s_addr = htonl(cl->real_ip);
760 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
762 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
763 cl->real_hostname, cl->port);
767 flags = fcntl(nfd, F_GETFL);
768 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
770 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
771 cl->vpn_hostname, cl->real_hostname);
776 cl->status.dataopen = 1;
782 handle an incoming tcp connect call and open
785 conn_list_t *create_new_connection(int sfd)
788 struct sockaddr_in ci;
789 int len = sizeof(ci);
793 if(getpeername(sfd, &ci, &len) < 0)
795 syslog(LOG_ERR, _("Error: getpeername: %m"));
799 p->real_ip = ntohl(ci.sin_addr.s_addr);
800 p->real_hostname = hostlookup(ci.sin_addr.s_addr);
801 p->meta_socket = sfd;
804 p->last_ping_time = time(NULL);
808 syslog(LOG_NOTICE, _("Connection from %s port %d"),
809 p->real_hostname, htons(ci.sin_port));
811 if(send_basic_info(p) < 0)
813 free_conn_element(p);
821 put all file descriptors in an fd_set array
823 void build_fdset(fd_set *fs)
829 for(p = conn_list; p != NULL; p = p->next)
832 FD_SET(p->meta_socket, fs);
833 if(p->status.dataopen)
834 FD_SET(p->socket, fs);
837 FD_SET(myself->meta_socket, fs);
838 FD_SET(myself->socket, fs);
844 receive incoming data from the listening
845 udp socket and write it to the ethertap
846 device after being decrypted
848 int handle_incoming_vpn_data(conn_list_t *cl)
852 int x, l = sizeof(x);
855 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
857 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket,
858 cl->vpn_hostname, cl->real_hostname);
863 syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"),
864 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
869 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
872 syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->vpn_hostname, cl->real_hostname);
875 total_socket_in += lenin;
877 rp.data.len = ntohs(rp.data.len);
878 rp.len = ntohs(rp.len);
879 rp.from = ntohl(rp.from);
883 f = lookup_conn(rp.from);
886 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
887 cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from));
891 if(f->status.validkey)
895 add_queue(&(f->rq), &rp, rp.len);
896 if(!cl->status.waitingforkey)
897 send_key_request(rp.from);
900 if(my_key_expiry <= time(NULL))
908 terminate a connection and notify the other
909 end before closing the sockets
911 void terminate_connection(conn_list_t *cl)
916 if(cl->status.remove)
920 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
921 cl->vpn_hostname, cl->real_hostname);
923 if(cl->status.timeout)
925 /* else if(!cl->status.termreq)
932 close(cl->meta_socket);
934 cl->status.remove = 1;
936 /* If this cl isn't active, don't send any DEL_HOSTs. */
937 if(cl->status.active)
938 notify_others(cl,NULL,send_del_host);
941 /* Find all connections that were lost because they were behind cl
942 (the connection that was dropped). */
944 for(p = conn_list; p != NULL; p = p->next)
946 if((p->nexthop == cl) && (p != cl))
948 if(cl->status.active && p->status.active)
949 notify_others(p,cl,send_del_host);
952 p->status.active = 0;
953 p->status.remove = 1;
957 cl->status.active = 0;
959 if(cl->status.outgoing)
961 signal(SIGALRM, sigalrm_handler);
962 seconds_till_retry = 5;
963 alarm(seconds_till_retry);
964 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
970 Check if the other end is active.
971 If we have sent packets, but didn't receive any,
972 then possibly the other end is dead. We send a
973 PING request over the meta connection. If the other
974 end does not reply in time, we consider them dead
975 and close the connection.
977 int check_dead_connections(void)
983 for(p = conn_list; p != NULL; p = p->next)
987 if(p->status.active && p->status.meta)
989 if(p->last_ping_time + timeout < now)
991 if(p->status.pinged && !p->status.got_pong)
994 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
995 p->vpn_hostname, p->real_hostname);
996 p->status.timeout = 1;
997 terminate_connection(p);
999 else if(p->want_ping)
1002 p->last_ping_time = now;
1003 p->status.pinged = 1;
1004 p->status.got_pong = 0;
1014 accept a new tcp connect and create a
1017 int handle_new_meta_connection(conn_list_t *cl)
1020 struct sockaddr client;
1021 int nfd, len = sizeof(client);
1023 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1025 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1029 if(!(ncn = create_new_connection(nfd)))
1033 syslog(LOG_NOTICE, _("Closed attempted connection"));
1037 ncn->status.meta = 1;
1038 ncn->next = conn_list;
1045 dispatch any incoming meta requests
1047 int handle_incoming_meta_data(conn_list_t *cl)
1049 int x, l = sizeof(x);
1050 int request, oldlen, i;
1053 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1055 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket,
1056 cl->vpn_hostname, cl->real_hostname);
1061 syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"),
1062 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
1066 if(cl->buflen >= MAXBUFSIZE)
1068 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1072 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1081 syslog(LOG_NOTICE, _("Connection closed by %s (%s)"),
1082 cl->vpn_hostname, cl->real_hostname);
1085 syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"),
1086 cl->vpn_hostname, cl->real_hostname);
1090 oldlen = cl->buflen;
1091 cl->buflen += lenin;
1097 for(i = oldlen; i < cl->buflen; i++)
1099 if(cl->buffer[i] == '\n')
1101 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1110 syslog(LOG_DEBUG, _("Got request from %s (%s): %s"),
1111 cl->vpn_hostname, cl->real_hostname, cl->buffer);
1112 if(sscanf(cl->buffer, "%d", &request) == 1)
1114 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1116 syslog(LOG_ERR, _("Unknown request from %s (%s)"),
1117 cl->vpn_hostname, cl->real_hostname);
1121 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1123 syslog(LOG_ERR, _("Error while processing request from %s (%s)"),
1124 cl->vpn_hostname, cl->real_hostname);
1130 syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
1131 cl->vpn_hostname, cl->real_hostname);
1135 cl->buflen -= cl->reqlen;
1136 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1145 cl->last_ping_time = time(NULL);
1152 check all connections to see if anything
1153 happened on their sockets
1155 void check_network_activity(fd_set *f)
1158 int x, l = sizeof(x);
1160 for(p = conn_list; p != NULL; p = p->next)
1162 if(p->status.remove)
1165 if(p->status.dataopen)
1166 if(FD_ISSET(p->socket, f))
1169 The only thing that can happen to get us here is apparently an
1170 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1171 something that will not trigger an error directly on send()).
1172 I've once got here when it said `No route to host'.
1174 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1175 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1176 p->vpn_hostname, p->real_hostname, sys_errlist[x]);
1177 terminate_connection(p);
1182 if(FD_ISSET(p->meta_socket, f))
1183 if(handle_incoming_meta_data(p) < 0)
1185 terminate_connection(p);
1190 if(FD_ISSET(myself->socket, f))
1191 handle_incoming_vpn_data(myself);
1193 if(FD_ISSET(myself->meta_socket, f))
1194 handle_new_meta_connection(myself);
1199 read, encrypt and send data that is
1200 available through the ethertap device
1202 void handle_tap_input(void)
1206 int ether_type, lenin;
1208 memset(&vp, 0, sizeof(vp));
1209 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1211 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1215 total_tap_in += lenin;
1217 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1218 if(ether_type != 0x0800)
1221 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1222 ether_type, MAC_ADDR_V(vp.data[6]));
1229 syslog(LOG_INFO, _("Dropping short packet"));
1233 from = ntohl(*((unsigned long*)(&vp.data[26])));
1234 to = ntohl(*((unsigned long*)(&vp.data[30])));
1236 vp.len = (length_t)lenin - 2;
1238 strip_mac_addresses(&vp);
1240 send_packet(to, &vp);
1245 this is where it all happens...
1247 void main_loop(void)
1252 time_t last_ping_check;
1254 last_ping_check = time(NULL);
1258 tv.tv_sec = timeout;
1264 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1266 if(errno != EINTR) /* because of alarm */
1268 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1276 close_network_connections();
1278 if(read_config_file(configfilename))
1280 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1284 setup_network_connections();
1288 if(last_ping_check + timeout < time(NULL))
1289 /* Let's check if everybody is still alive */
1291 check_dead_connections();
1292 last_ping_check = time(NULL);
1297 check_network_activity(&fset);
1299 /* local tap data */
1300 if(FD_ISSET(tap_fd, &fset))