2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.54 2000/10/29 10:39:06 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 #include <openssl/rand.h>
43 #include <openssl/evp.h>
44 #include <openssl/err.h>
47 #include LINUX_IF_TUN_H
64 int taptype = TAP_TYPE_ETHERTAP;
66 int total_tap_out = 0;
67 int total_socket_in = 0;
68 int total_socket_out = 0;
70 config_t *upstreamcfg;
71 static int seconds_till_retry;
81 strip off the MAC adresses of an ethernet frame
83 void strip_mac_addresses(vpn_packet_t *p)
86 memmove(p->data, p->data + 12, p->len -= 12);
91 reassemble MAC addresses
93 void add_mac_addresses(vpn_packet_t *p)
96 memcpy(p->data + 12, p->data, p->len);
98 p->data[0] = p->data[6] = 0xfe;
99 p->data[1] = p->data[7] = 0xfd;
100 /* Really evil pointer stuff just below! */
101 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
102 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
106 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
112 outpkt.len = inpkt->len;
114 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey);
115 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
116 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
117 outlen += outpad + 2;
120 outlen = outpkt.len + 2;
121 memcpy(&outpkt, inpkt, outlen);
124 if(debug_lvl >= DEBUG_TRAFFIC)
125 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
126 outlen, cl->name, cl->hostname);
128 total_socket_out += outlen;
132 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
134 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
135 cl->name, cl->hostname);
142 int xrecv(vpn_packet_t *inpkt)
148 outpkt.len = inpkt->len;
149 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
150 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
151 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
155 outlen = outpkt.len+2;
156 memcpy(&outpkt, inpkt, outlen);
159 /* Fix mac address */
161 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
163 if(taptype == TAP_TYPE_TUNTAP)
165 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
166 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
168 total_tap_out += outpkt.len;
172 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
173 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
175 total_tap_out += outpkt.len + 2;
182 add the given packet of size s to the
183 queue q, be it the send or receive queue
185 void add_queue(packet_queue_t **q, void *packet, size_t s)
189 e = xmalloc(sizeof(*e));
190 e->packet = xmalloc(s);
191 memcpy(e->packet, packet, s);
195 *q = xmalloc(sizeof(**q));
196 (*q)->head = (*q)->tail = NULL;
199 e->next = NULL; /* We insert at the tail */
201 if((*q)->tail) /* Do we have a tail? */
203 (*q)->tail->next = e;
204 e->prev = (*q)->tail;
206 else /* No tail -> no head too */
216 /* Remove a queue element */
217 void del_queue(packet_queue_t **q, queue_element_t *e)
222 if(e->next) /* There is a successor, so we are not tail */
224 if(e->prev) /* There is a predecessor, so we are not head */
226 e->next->prev = e->prev;
227 e->prev->next = e->next;
229 else /* We are head */
231 e->next->prev = NULL;
232 (*q)->head = e->next;
235 else /* We are tail (or all alone!) */
237 if(e->prev) /* We are not alone :) */
239 e->prev->next = NULL;
240 (*q)->tail = e->prev;
254 flush a queue by calling function for
255 each packet, and removing it when that
256 returned a zero exit code
258 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
259 int (*function)(conn_list_t*,void*))
261 queue_element_t *p, *next = NULL;
263 for(p = (*pq)->head; p != NULL; )
267 if(!function(cl, p->packet))
273 if(debug_lvl >= DEBUG_TRAFFIC)
274 syslog(LOG_DEBUG, _("Queue flushed"));
279 flush the send&recv queues
280 void because nothing goes wrong here, packets
281 remain in the queue if something goes wrong
283 void flush_queues(conn_list_t *cl)
288 if(debug_lvl >= DEBUG_TRAFFIC)
289 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
290 cl->name, cl->hostname);
291 flush_queue(cl, &(cl->sq), xsend);
296 if(debug_lvl >= DEBUG_TRAFFIC)
297 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
298 cl->name, cl->hostname);
299 flush_queue(cl, &(cl->rq), xrecv);
305 send a packet to the given vpn ip.
307 int send_packet(ip_t to, vpn_packet_t *packet)
312 if((subnet = lookup_subnet_ipv4(to)) == NULL)
314 if(debug_lvl >= DEBUG_TRAFFIC)
316 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
325 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
327 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
329 if(!cl->status.dataopen)
330 if(setup_vpn_connection(cl) < 0)
332 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
333 cl->name, cl->hostname);
337 if(!cl->status.validkey)
339 /* FIXME: Don't queue until everything else is fixed.
340 if(debug_lvl >= DEBUG_TRAFFIC)
341 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
342 cl->name, cl->hostname);
343 add_queue(&(cl->sq), packet, packet->len + 2);
345 if(!cl->status.waitingforkey)
346 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
350 if(!cl->status.active)
352 /* FIXME: Don't queue until everything else is fixed.
353 if(debug_lvl >= DEBUG_TRAFFIC)
354 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
355 cl->name, cl->hostname);
356 add_queue(&(cl->sq), packet, packet->len + 2);
358 return 0; /* We don't want to mess up, do we? */
361 /* can we send it? can we? can we? huh? */
363 return xsend(cl, packet);
367 open the local ethertap device
369 int setup_tap_fd(void)
372 const char *tapfname;
378 if((cfg = get_config_val(config, tapdevice)))
379 tapfname = cfg->data.ptr;
382 tapfname = "/dev/misc/net/tun";
384 tapfname = "/dev/tap0";
387 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
389 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
395 /* Set default MAC address for ethertap devices */
397 taptype = TAP_TYPE_ETHERTAP;
398 mymac.type = SUBNET_MAC;
399 mymac.net.mac.address.x[0] = 0xfe;
400 mymac.net.mac.address.x[1] = 0xfd;
401 mymac.net.mac.address.x[2] = 0x00;
402 mymac.net.mac.address.x[3] = 0x00;
403 mymac.net.mac.address.x[4] = 0x00;
404 mymac.net.mac.address.x[5] = 0x00;
407 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
408 memset(&ifr, 0, sizeof(ifr));
410 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
412 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
414 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
416 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
417 taptype = TAP_TYPE_TUNTAP;
421 /* Add name of network interface to environment (for scripts) */
423 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
424 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
433 set up the socket that we listen on for incoming
436 int setup_listen_meta_socket(int port)
439 struct sockaddr_in a;
443 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
445 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
449 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
451 syslog(LOG_ERR, _("setsockopt: %m"));
455 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
457 syslog(LOG_ERR, _("setsockopt: %m"));
461 flags = fcntl(nfd, F_GETFL);
462 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
464 syslog(LOG_ERR, _("fcntl: %m"));
468 if((cfg = get_config_val(config, interface)))
470 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
472 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
477 memset(&a, 0, sizeof(a));
478 a.sin_family = AF_INET;
479 a.sin_port = htons(port);
481 if((cfg = get_config_val(config, interfaceip)))
482 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
484 a.sin_addr.s_addr = htonl(INADDR_ANY);
486 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
488 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
494 syslog(LOG_ERR, _("listen: %m"));
502 setup the socket for incoming encrypted
505 int setup_vpn_in_socket(int port)
508 struct sockaddr_in a;
511 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
513 syslog(LOG_ERR, _("Creating socket failed: %m"));
517 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
519 syslog(LOG_ERR, _("setsockopt: %m"));
523 flags = fcntl(nfd, F_GETFL);
524 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
526 syslog(LOG_ERR, _("fcntl: %m"));
530 memset(&a, 0, sizeof(a));
531 a.sin_family = AF_INET;
532 a.sin_port = htons(port);
533 a.sin_addr.s_addr = htonl(INADDR_ANY);
535 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
537 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
545 setup an outgoing meta (tcp) socket
547 int setup_outgoing_meta_socket(conn_list_t *cl)
550 struct sockaddr_in a;
553 if(debug_lvl >= DEBUG_CONNECTIONS)
554 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
556 if((cfg = get_config_val(cl->config, port)) == NULL)
559 cl->port = cfg->data.val;
561 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
562 if(cl->meta_socket == -1)
564 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
565 cl->hostname, cl->port);
569 a.sin_family = AF_INET;
570 a.sin_port = htons(cl->port);
571 a.sin_addr.s_addr = htonl(cl->address);
573 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
575 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
579 flags = fcntl(cl->meta_socket, F_GETFL);
580 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
582 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
583 cl->hostname, cl->port);
587 if(debug_lvl >= DEBUG_CONNECTIONS)
588 syslog(LOG_INFO, _("Connected to %s port %hd"),
589 cl->hostname, cl->port);
597 setup an outgoing connection. It's not
598 necessary to also open an udp socket as
599 well, because the other host will initiate
600 an authentication sequence during which
601 we will do just that.
603 int setup_outgoing_connection(char *name)
611 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
615 ncn = new_conn_list();
616 asprintf(&ncn->name, "%s", name);
618 if(read_host_config(ncn))
620 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
625 if(!(cfg = get_config_val(ncn->config, address)))
627 syslog(LOG_ERR, _("No address specified for %s"));
632 if(!(h = gethostbyname(cfg->data.ptr)))
634 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
639 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
640 ncn->hostname = hostlookup(htonl(ncn->address));
642 if(setup_outgoing_meta_socket(ncn) < 0)
644 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
650 ncn->status.outgoing = 1;
651 ncn->buffer = xmalloc(MAXBUFSIZE);
653 ncn->last_ping_time = time(NULL);
664 Configure conn_list_t myself and set up the local sockets (listen only)
666 int setup_myself(void)
671 myself = new_conn_list();
673 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
675 myself->protocol_version = PROT_CURRENT;
677 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
679 syslog(LOG_ERR, _("Name for tinc daemon required!"));
683 asprintf(&myself->name, "%s", (char*)cfg->data.val);
685 if(check_id(myself->name))
687 syslog(LOG_ERR, _("Invalid name for myself!"));
691 if(!(cfg = get_config_val(config, privatekey)))
693 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
698 myself->rsa_key = RSA_new();
699 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
700 BN_hex2bn(&myself->rsa_key->e, "FFFF");
703 if(read_host_config(myself))
705 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
709 if(!(cfg = get_config_val(myself->config, publickey)))
711 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
716 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
719 if(RSA_check_key(myself->rsa_key) != 1)
721 syslog(LOG_ERR, _("Invalid public/private keypair!"));
725 if(!(cfg = get_config_val(myself->config, port)))
728 myself->port = cfg->data.val;
730 if((cfg = get_config_val(myself->config, indirectdata)))
731 if(cfg->data.val == stupid_true)
732 myself->flags |= EXPORTINDIRECTDATA;
734 if((cfg = get_config_val(myself->config, tcponly)))
735 if(cfg->data.val == stupid_true)
736 myself->flags |= TCPONLY;
738 /* Read in all the subnets specified in the host configuration file */
740 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
743 net->type = SUBNET_IPV4;
744 net->net.ipv4.address = cfg->data.ip->address;
745 net->net.ipv4.mask = cfg->data.ip->mask;
747 /* Teach newbies what subnets are... */
749 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
751 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
755 subnet_add(myself, net);
758 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
760 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
764 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
766 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
767 close(myself->meta_socket);
771 /* Generate packet encryption key */
773 myself->cipher_pkttype = EVP_bf_cbc();
775 myself->cipher_pktkey = (char *)xmalloc(64);
776 RAND_bytes(myself->cipher_pktkey, 64);
778 if(!(cfg = get_config_val(config, keyexpire)))
781 keylifetime = cfg->data.val;
783 keyexpires = time(NULL) + keylifetime;
785 /* Activate ourselves */
787 myself->status.active = 1;
789 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
795 sigalrm_handler(int a)
799 cfg = get_config_val(upstreamcfg, connectto);
801 if(!cfg && upstreamcfg == config)
802 /* No upstream IP given, we're listen only. */
807 upstreamcfg = cfg->next;
808 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
810 signal(SIGALRM, SIG_IGN);
813 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
816 signal(SIGALRM, sigalrm_handler);
817 upstreamcfg = config;
818 seconds_till_retry += 5;
819 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
820 seconds_till_retry = MAXTIMEOUT;
821 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
823 alarm(seconds_till_retry);
828 setup all initial network connections
830 int setup_network_connections(void)
835 if((cfg = get_config_val(config, pingtimeout)) == NULL)
838 timeout = cfg->data.val;
840 if(setup_tap_fd() < 0)
843 if(setup_myself() < 0)
846 /* Run tinc-up script to further initialize the tap interface */
848 asprintf(&scriptname, "%s/tinc-up", confbase);
853 execl(scriptname, NULL);
856 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
863 if(!(cfg = get_config_val(config, connectto)))
864 /* No upstream IP given, we're listen only. */
869 upstreamcfg = cfg->next;
870 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
872 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
875 signal(SIGALRM, sigalrm_handler);
876 upstreamcfg = config;
877 seconds_till_retry = MAXTIMEOUT;
878 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
879 alarm(seconds_till_retry);
885 close all open network connections
887 void close_network_connections(void)
892 for(p = conn_list; p != NULL; p = p->next)
894 p->status.active = 0;
895 terminate_connection(p);
899 if(myself->status.active)
901 close(myself->meta_socket);
902 close(myself->socket);
903 free_conn_list(myself);
907 /* Execute tinc-down script right before shutting down the interface */
909 asprintf(&scriptname, "%s/tinc-down", confbase);
913 execl(scriptname, NULL);
916 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
926 syslog(LOG_NOTICE, _("Terminating"));
932 create a data (udp) socket
934 int setup_vpn_connection(conn_list_t *cl)
937 struct sockaddr_in a;
939 if(debug_lvl >= DEBUG_TRAFFIC)
940 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
942 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
945 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
949 a.sin_family = AF_INET;
950 a.sin_port = htons(cl->port);
951 a.sin_addr.s_addr = htonl(cl->address);
953 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
955 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
956 cl->hostname, cl->port);
960 flags = fcntl(nfd, F_GETFL);
961 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
963 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
964 cl->name, cl->hostname);
969 cl->status.dataopen = 1;
975 handle an incoming tcp connect call and open
978 conn_list_t *create_new_connection(int sfd)
981 struct sockaddr_in ci;
982 int len = sizeof(ci);
986 if(getpeername(sfd, &ci, &len) < 0)
988 syslog(LOG_ERR, _("Error: getpeername: %m"));
993 p->address = ntohl(ci.sin_addr.s_addr);
994 p->hostname = hostlookup(ci.sin_addr.s_addr);
995 p->meta_socket = sfd;
997 p->buffer = xmalloc(MAXBUFSIZE);
999 p->last_ping_time = time(NULL);
1002 if(debug_lvl >= DEBUG_CONNECTIONS)
1003 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1004 p->hostname, htons(ci.sin_port));
1006 p->allow_request = ID;
1012 put all file descriptors in an fd_set array
1014 void build_fdset(fd_set *fs)
1020 for(p = conn_list; p != NULL; p = p->next)
1023 FD_SET(p->meta_socket, fs);
1024 if(p->status.dataopen)
1025 FD_SET(p->socket, fs);
1028 FD_SET(myself->meta_socket, fs);
1029 FD_SET(myself->socket, fs);
1035 receive incoming data from the listening
1036 udp socket and write it to the ethertap
1037 device after being decrypted
1039 int handle_incoming_vpn_data()
1042 int x, l = sizeof(x);
1043 struct sockaddr from;
1044 socklen_t fromlen = sizeof(from);
1046 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1048 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1049 __FILE__, __LINE__, myself->socket);
1054 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1058 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1060 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1064 if(debug_lvl >= DEBUG_TRAFFIC)
1066 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1067 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1075 terminate a connection and notify the other
1076 end before closing the sockets
1078 void terminate_connection(conn_list_t *cl)
1083 if(cl->status.remove)
1086 cl->status.remove = 1;
1088 if(debug_lvl >= DEBUG_CONNECTIONS)
1089 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1090 cl->name, cl->hostname);
1095 close(cl->meta_socket);
1098 /* Find all connections that were lost because they were behind cl
1099 (the connection that was dropped). */
1102 for(p = conn_list; p != NULL; p = p->next)
1103 if((p->nexthop == cl) && (p != cl))
1104 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1106 /* Inform others of termination if it was still active */
1108 if(cl->status.active)
1109 for(p = conn_list; p != NULL; p = p->next)
1110 if(p->status.meta && p->status.active && p!=cl)
1111 send_del_host(p, cl);
1113 /* Remove the associated subnets */
1115 for(s = cl->subnets; s; s = s->next)
1118 /* Check if this was our outgoing connection */
1120 if(cl->status.outgoing && cl->status.active)
1122 signal(SIGALRM, sigalrm_handler);
1123 seconds_till_retry = 5;
1124 alarm(seconds_till_retry);
1125 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1130 cl->status.active = 0;
1135 Check if the other end is active.
1136 If we have sent packets, but didn't receive any,
1137 then possibly the other end is dead. We send a
1138 PING request over the meta connection. If the other
1139 end does not reply in time, we consider them dead
1140 and close the connection.
1142 int check_dead_connections(void)
1148 for(p = conn_list; p != NULL; p = p->next)
1150 if(p->status.active && p->status.meta)
1152 if(p->last_ping_time + timeout < now)
1154 if(p->status.pinged && !p->status.got_pong)
1156 if(debug_lvl >= DEBUG_PROTOCOL)
1157 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1158 p->name, p->hostname);
1159 p->status.timeout = 1;
1160 terminate_connection(p);
1162 else if(p->want_ping)
1165 p->last_ping_time = now;
1166 p->status.pinged = 1;
1167 p->status.got_pong = 0;
1177 accept a new tcp connect and create a
1180 int handle_new_meta_connection()
1183 struct sockaddr client;
1184 int nfd, len = sizeof(client);
1186 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1188 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1192 if(!(ncn = create_new_connection(nfd)))
1196 syslog(LOG_NOTICE, _("Closed attempted connection"));
1206 check all connections to see if anything
1207 happened on their sockets
1209 void check_network_activity(fd_set *f)
1212 int x, l = sizeof(x);
1214 for(p = conn_list; p != NULL; p = p->next)
1216 if(p->status.remove)
1219 if(p->status.dataopen)
1220 if(FD_ISSET(p->socket, f))
1223 The only thing that can happen to get us here is apparently an
1224 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1225 something that will not trigger an error directly on send()).
1226 I've once got here when it said `No route to host'.
1228 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1229 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1230 p->name, p->hostname, strerror(x));
1231 terminate_connection(p);
1236 if(FD_ISSET(p->meta_socket, f))
1237 if(receive_meta(p) < 0)
1239 terminate_connection(p);
1244 if(FD_ISSET(myself->socket, f))
1245 handle_incoming_vpn_data();
1247 if(FD_ISSET(myself->meta_socket, f))
1248 handle_new_meta_connection();
1253 read, encrypt and send data that is
1254 available through the ethertap device
1256 void handle_tap_input(void)
1261 if(taptype == TAP_TYPE_TUNTAP)
1263 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1265 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1272 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1274 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1280 total_tap_in += lenin;
1284 if(debug_lvl >= DEBUG_TRAFFIC)
1285 syslog(LOG_WARNING, _("Received short packet from tap device"));
1289 if(debug_lvl >= DEBUG_TRAFFIC)
1291 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1294 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1299 this is where it all happens...
1301 void main_loop(void)
1306 time_t last_ping_check;
1309 last_ping_check = time(NULL);
1313 tv.tv_sec = timeout;
1319 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1321 if(errno != EINTR) /* because of alarm */
1323 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1330 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1332 close_network_connections();
1333 clear_config(&config);
1335 if(read_server_config())
1337 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1343 if(setup_network_connections())
1351 /* Let's check if everybody is still alive */
1353 if(last_ping_check + timeout < t)
1355 check_dead_connections();
1356 last_ping_check = time(NULL);
1358 /* Should we regenerate our key? */
1362 if(debug_lvl >= DEBUG_STATUS)
1363 syslog(LOG_INFO, _("Regenerating symmetric key"));
1365 RAND_bytes(myself->cipher_pktkey, 64);
1366 send_key_changed(myself, NULL);
1367 keyexpires = time(NULL) + keylifetime;
1373 check_network_activity(&fset);
1375 /* local tap data */
1376 if(FD_ISSET(tap_fd, &fset))