2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.25 2000/08/09 09:34:21 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
107 ntohs(rp.len), cl->vpn_hostname, cl->real_hostname);
109 total_socket_out += ntohs(rp.len);
113 if((cl->flags | myself->flags) & TCPONLY)
114 return send_tcppacket(cl, (void*)&rp, ntohs(rp.len));
116 if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
118 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
119 cl->vpn_hostname, cl->real_hostname);
126 int xrecv(conn_list_t *cl, void *packet)
131 do_decrypt((real_packet_t*)packet, &vp, cl->key);
132 add_mac_addresses(&vp);
135 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
136 ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname);
138 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
139 syslog(LOG_ERR, _("Can't write to tap device: %m"));
141 total_tap_out += lenin;
144 cl->last_ping_time = time(NULL);
149 int tcprecv(conn_list_t *cl, real_packet_t *rp)
155 rp->data.len = ntohs(rp->data.len);
156 rp->len = ntohs(rp->len);
157 rp->from = ntohl(rp->from);
159 total_socket_in += rp->len;
163 f = lookup_conn(rp->from);
166 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
167 cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp->from));
171 if(f->status.validkey)
173 do_decrypt(rp, &vp, cl->key);
174 add_mac_addresses(&vp);
177 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
178 rp->len, cl->vpn_hostname, cl->real_hostname);
180 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
181 syslog(LOG_ERR, _("Can't write to tap device: %m"));
183 total_tap_out += lenin;
187 add_queue(&(cl->sq), rp, rp->len + 2);
188 if(!cl->status.waitingforkey)
189 send_key_request(rp->from);
192 if(my_key_expiry <= time(NULL))
197 cl->last_ping_time = time(NULL);
203 add the given packet of size s to the
204 queue q, be it the send or receive queue
206 void add_queue(packet_queue_t **q, void *packet, size_t s)
210 e = xmalloc(sizeof(*e));
211 e->packet = xmalloc(s);
212 memcpy(e->packet, packet, s);
216 *q = xmalloc(sizeof(**q));
217 (*q)->head = (*q)->tail = NULL;
220 e->next = NULL; /* We insert at the tail */
222 if((*q)->tail) /* Do we have a tail? */
224 (*q)->tail->next = e;
225 e->prev = (*q)->tail;
227 else /* No tail -> no head too */
237 /* Remove a queue element */
238 void del_queue(packet_queue_t **q, queue_element_t *e)
243 if(e->next) /* There is a successor, so we are not tail */
245 if(e->prev) /* There is a predecessor, so we are not head */
247 e->next->prev = e->prev;
248 e->prev->next = e->next;
250 else /* We are head */
252 e->next->prev = NULL;
253 (*q)->head = e->next;
256 else /* We are tail (or all alone!) */
258 if(e->prev) /* We are not alone :) */
260 e->prev->next = NULL;
261 (*q)->tail = e->prev;
275 flush a queue by calling function for
276 each packet, and removing it when that
277 returned a zero exit code
279 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
280 int (*function)(conn_list_t*,void*))
282 queue_element_t *p, *next = NULL;
284 for(p = (*pq)->head; p != NULL; )
288 if(!function(cl, p->packet))
295 syslog(LOG_DEBUG, _("Queue flushed"));
300 flush the send&recv queues
301 void because nothing goes wrong here, packets
302 remain in the queue if something goes wrong
304 void flush_queues(conn_list_t *cl)
310 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
311 cl->vpn_hostname, cl->real_hostname);
312 flush_queue(cl, &(cl->sq), xsend);
318 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
319 cl->vpn_hostname, cl->real_hostname);
320 flush_queue(cl, &(cl->rq), xrecv);
326 send a packet to the given vpn ip.
328 int send_packet(ip_t to, vpn_packet_t *packet)
332 if((cl = lookup_conn(to)) == NULL)
336 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
340 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
344 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
346 { /* No open outgoing connection has been found. */
348 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
353 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
355 if(myself->flags & EXPORTINDIRECTDATA)
357 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
359 { /* No open outgoing connection has been found. */
361 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
367 /* If indirectdata flag is set for the destination we just looked up,
368 * then real_ip is actually the vpn_ip of the gateway tincd
372 if(cl->flags & INDIRECTDATA)
375 syslog(LOG_NOTICE, _("Indirect packet to %s via %s"),
376 cl->vpn_hostname, cl->real_hostname);
377 if((cl = lookup_conn(cl->real_ip)) == NULL)
380 syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"),
383 /* Gateway tincd dead? Should we kill it? (GS) */
387 if(cl->flags & INDIRECTDATA) /* This should not happen */
390 syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"),
396 if(my_key_expiry <= time(NULL))
399 if(!cl->status.dataopen)
400 if(setup_vpn_connection(cl) < 0)
402 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->vpn_hostname, cl->real_hostname);
406 if(!cl->status.validkey)
409 syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->vpn_hostname, cl->real_hostname);
410 add_queue(&(cl->sq), packet, packet->len + 2);
411 if(!cl->status.waitingforkey)
412 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
416 if(!cl->status.active)
419 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->vpn_hostname, cl->real_hostname);
420 add_queue(&(cl->sq), packet, packet->len + 2);
421 return 0; /* We don't want to mess up, do we? */
424 /* can we send it? can we? can we? huh? */
426 return xsend(cl, packet);
430 open the local ethertap device
432 int setup_tap_fd(void)
435 const char *tapfname;
438 if((cfg = get_config_val(tapdevice)) == NULL)
439 tapfname = "/dev/tap0";
441 tapfname = cfg->data.ptr;
443 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
445 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
455 set up the socket that we listen on for incoming
458 int setup_listen_meta_socket(int port)
461 struct sockaddr_in a;
464 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
466 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
470 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
472 syslog(LOG_ERR, _("setsockopt: %m"));
476 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
478 syslog(LOG_ERR, _("setsockopt: %m"));
482 flags = fcntl(nfd, F_GETFL);
483 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
485 syslog(LOG_ERR, _("fcntl: %m"));
489 memset(&a, 0, sizeof(a));
490 a.sin_family = AF_INET;
491 a.sin_port = htons(port);
492 a.sin_addr.s_addr = htonl(INADDR_ANY);
494 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
496 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
502 syslog(LOG_ERR, _("listen: %m"));
510 setup the socket for incoming encrypted
513 int setup_vpn_in_socket(int port)
516 struct sockaddr_in a;
519 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
521 syslog(LOG_ERR, _("Creating socket failed: %m"));
525 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
527 syslog(LOG_ERR, _("setsockopt: %m"));
531 flags = fcntl(nfd, F_GETFL);
532 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
534 syslog(LOG_ERR, _("fcntl: %m"));
538 memset(&a, 0, sizeof(a));
539 a.sin_family = AF_INET;
540 a.sin_port = htons(port);
541 a.sin_addr.s_addr = htonl(INADDR_ANY);
543 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
545 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
553 setup an outgoing meta (tcp) socket
555 int setup_outgoing_meta_socket(conn_list_t *cl)
558 struct sockaddr_in a;
562 syslog(LOG_INFO, _("Trying to connect to %s"), cl->real_hostname);
564 if((cfg = get_config_val(upstreamport)) == NULL)
567 cl->port = cfg->data.val;
569 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
570 if(cl->meta_socket == -1)
572 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
573 cl->real_hostname, cl->port);
577 a.sin_family = AF_INET;
578 a.sin_port = htons(cl->port);
579 a.sin_addr.s_addr = htonl(cl->real_ip);
581 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
583 syslog(LOG_ERR, _("%s port %hd: %m"), cl->real_hostname, cl->port);
587 flags = fcntl(cl->meta_socket, F_GETFL);
588 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
590 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
591 cl->real_hostname, cl->port);
596 syslog(LOG_INFO, _("Connected to %s port %hd"),
597 cl->real_hostname, cl->port);
603 setup an outgoing connection. It's not
604 necessary to also open an udp socket as
605 well, because the other host will initiate
606 an authentication sequence during which
607 we will do just that.
609 int setup_outgoing_connection(char *hostname)
614 if(!(h = gethostbyname(hostname)))
616 syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname);
620 ncn = new_conn_list();
621 ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0])));
622 ncn->real_hostname = hostlookup(htonl(ncn->real_ip));
624 if(setup_outgoing_meta_socket(ncn) < 0)
626 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
628 free_conn_element(ncn);
632 ncn->status.meta = 1;
633 ncn->status.outgoing = 1;
634 ncn->next = conn_list;
641 set up the local sockets (listen only)
643 int setup_myself(void)
647 myself = new_conn_list();
649 if(!(cfg = get_config_val(myvpnip)))
651 syslog(LOG_ERR, _("No value for my VPN IP given"));
655 myself->vpn_ip = cfg->data.ip->ip;
656 myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip));
657 myself->real_hostname = hostlookup(htonl(myself->vpn_ip));
658 myself->vpn_mask = cfg->data.ip->mask;
661 if(!(cfg = get_config_val(listenport)))
664 myself->port = cfg->data.val;
666 if((cfg = get_config_val(indirectdata)))
667 if(cfg->data.val == stupid_true)
668 myself->flags |= EXPORTINDIRECTDATA;
670 if((cfg = get_config_val(tcponly)))
671 if(cfg->data.val == stupid_true)
672 myself->flags |= TCPONLY;
674 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
676 syslog(LOG_ERR, _("Unable to set up a listening socket"));
680 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
682 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
683 close(myself->meta_socket);
687 myself->status.active = 1;
689 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
695 sigalrm_handler(int a)
699 cfg = get_next_config_val(upstreamip, upstreamindex++);
703 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
705 signal(SIGALRM, SIG_IGN);
708 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
711 signal(SIGALRM, sigalrm_handler);
713 seconds_till_retry += 5;
714 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
715 seconds_till_retry = MAXTIMEOUT;
716 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
718 alarm(seconds_till_retry);
723 setup all initial network connections
725 int setup_network_connections(void)
729 if((cfg = get_config_val(pingtimeout)) == NULL)
732 timeout = cfg->data.val;
734 if(setup_tap_fd() < 0)
737 if(setup_myself() < 0)
740 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
741 /* No upstream IP given, we're listen only. */
746 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
748 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
751 signal(SIGALRM, sigalrm_handler);
753 seconds_till_retry = MAXTIMEOUT;
754 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
755 alarm(seconds_till_retry);
761 close all open network connections
763 void close_network_connections(void)
767 for(p = conn_list; p != NULL; p = p->next)
769 if(p->status.dataopen)
771 shutdown(p->socket, 0); /* No more receptions */
777 shutdown(p->meta_socket, 0); /* No more receptions */
778 close(p->meta_socket);
783 if(myself->status.active)
785 close(myself->meta_socket);
786 close(myself->socket);
792 syslog(LOG_NOTICE, _("Terminating"));
798 create a data (udp) socket
800 int setup_vpn_connection(conn_list_t *cl)
803 struct sockaddr_in a;
806 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->real_hostname);
808 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
811 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
815 a.sin_family = AF_INET;
816 a.sin_port = htons(cl->port);
817 a.sin_addr.s_addr = htonl(cl->real_ip);
819 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
821 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
822 cl->real_hostname, cl->port);
826 flags = fcntl(nfd, F_GETFL);
827 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
829 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
830 cl->vpn_hostname, cl->real_hostname);
835 cl->status.dataopen = 1;
841 handle an incoming tcp connect call and open
844 conn_list_t *create_new_connection(int sfd)
847 struct sockaddr_in ci;
848 int len = sizeof(ci);
852 if(getpeername(sfd, &ci, &len) < 0)
854 syslog(LOG_ERR, _("Error: getpeername: %m"));
858 p->real_ip = ntohl(ci.sin_addr.s_addr);
859 p->real_hostname = hostlookup(ci.sin_addr.s_addr);
860 p->meta_socket = sfd;
863 p->last_ping_time = time(NULL);
867 syslog(LOG_NOTICE, _("Connection from %s port %d"),
868 p->real_hostname, htons(ci.sin_port));
870 if(send_basic_info(p) < 0)
872 free_conn_element(p);
880 put all file descriptors in an fd_set array
882 void build_fdset(fd_set *fs)
888 for(p = conn_list; p != NULL; p = p->next)
891 FD_SET(p->meta_socket, fs);
892 if(p->status.dataopen)
893 FD_SET(p->socket, fs);
896 FD_SET(myself->meta_socket, fs);
897 FD_SET(myself->socket, fs);
903 receive incoming data from the listening
904 udp socket and write it to the ethertap
905 device after being decrypted
907 int handle_incoming_vpn_data(conn_list_t *cl)
911 int x, l = sizeof(x);
914 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
916 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket,
917 cl->vpn_hostname, cl->real_hostname);
922 syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"),
923 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
928 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
931 syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->vpn_hostname, cl->real_hostname);
934 total_socket_in += lenin;
936 rp.data.len = ntohs(rp.data.len);
937 rp.len = ntohs(rp.len);
938 rp.from = ntohl(rp.from);
942 f = lookup_conn(rp.from);
945 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
946 cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from));
950 if(f->status.validkey)
954 add_queue(&(f->rq), &rp, rp.len);
955 if(!cl->status.waitingforkey)
956 send_key_request(rp.from);
959 if(my_key_expiry <= time(NULL))
967 terminate a connection and notify the other
968 end before closing the sockets
970 void terminate_connection(conn_list_t *cl)
975 if(cl->status.remove)
979 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
980 cl->vpn_hostname, cl->real_hostname);
982 if(cl->status.timeout)
984 /* else if(!cl->status.termreq)
991 close(cl->meta_socket);
993 cl->status.remove = 1;
995 /* If this cl isn't active, don't send any DEL_HOSTs. */
996 if(cl->status.active)
997 notify_others(cl,NULL,send_del_host);
1000 /* Find all connections that were lost because they were behind cl
1001 (the connection that was dropped). */
1003 for(p = conn_list; p != NULL; p = p->next)
1005 if((p->nexthop == cl) && (p != cl))
1007 if(cl->status.active && p->status.active)
1008 notify_others(p,cl,send_del_host);
1011 p->status.active = 0;
1012 p->status.remove = 1;
1016 cl->status.active = 0;
1018 if(cl->status.outgoing)
1020 signal(SIGALRM, sigalrm_handler);
1021 seconds_till_retry = 5;
1022 alarm(seconds_till_retry);
1023 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1029 Check if the other end is active.
1030 If we have sent packets, but didn't receive any,
1031 then possibly the other end is dead. We send a
1032 PING request over the meta connection. If the other
1033 end does not reply in time, we consider them dead
1034 and close the connection.
1036 int check_dead_connections(void)
1042 for(p = conn_list; p != NULL; p = p->next)
1044 if(p->status.remove)
1046 if(p->status.active && p->status.meta)
1048 if(p->last_ping_time + timeout < now)
1050 if(p->status.pinged && !p->status.got_pong)
1053 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1054 p->vpn_hostname, p->real_hostname);
1055 p->status.timeout = 1;
1056 terminate_connection(p);
1058 else if(p->want_ping)
1061 p->last_ping_time = now;
1062 p->status.pinged = 1;
1063 p->status.got_pong = 0;
1073 accept a new tcp connect and create a
1076 int handle_new_meta_connection(conn_list_t *cl)
1079 struct sockaddr client;
1080 int nfd, len = sizeof(client);
1082 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1084 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1088 if(!(ncn = create_new_connection(nfd)))
1092 syslog(LOG_NOTICE, _("Closed attempted connection"));
1096 ncn->status.meta = 1;
1097 ncn->next = conn_list;
1104 dispatch any incoming meta requests
1106 int handle_incoming_meta_data(conn_list_t *cl)
1108 int x, l = sizeof(x);
1109 int request, oldlen, i;
1112 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1114 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket,
1115 cl->vpn_hostname, cl->real_hostname);
1120 syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"),
1121 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
1125 if(cl->buflen >= MAXBUFSIZE)
1127 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1131 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1140 syslog(LOG_NOTICE, _("Connection closed by %s (%s)"),
1141 cl->vpn_hostname, cl->real_hostname);
1144 syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"),
1145 cl->vpn_hostname, cl->real_hostname);
1149 oldlen = cl->buflen;
1150 cl->buflen += lenin;
1156 if(cl->buflen >= cl->tcppacket)
1158 tcprecv(cl, (real_packet_t *)cl->buffer);
1159 cl->buflen -= cl->tcppacket;
1160 memmove(cl->buffer, cl->buffer + cl->tcppacket, cl->buflen);
1173 for(i = oldlen; i < cl->buflen; i++)
1175 if(cl->buffer[i] == '\n')
1177 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1186 syslog(LOG_DEBUG, _("Got request from %s (%s): %s"),
1187 cl->vpn_hostname, cl->real_hostname, cl->buffer);
1188 if(sscanf(cl->buffer, "%d", &request) == 1)
1190 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1192 syslog(LOG_ERR, _("Unknown request from %s (%s)"),
1193 cl->vpn_hostname, cl->real_hostname);
1197 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1199 syslog(LOG_ERR, _("Error while processing request from %s (%s)"),
1200 cl->vpn_hostname, cl->real_hostname);
1206 syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
1207 cl->vpn_hostname, cl->real_hostname);
1211 cl->buflen -= cl->reqlen;
1212 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1222 cl->last_ping_time = time(NULL);
1229 check all connections to see if anything
1230 happened on their sockets
1232 void check_network_activity(fd_set *f)
1235 int x, l = sizeof(x);
1237 for(p = conn_list; p != NULL; p = p->next)
1239 if(p->status.remove)
1242 if(p->status.dataopen)
1243 if(FD_ISSET(p->socket, f))
1246 The only thing that can happen to get us here is apparently an
1247 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1248 something that will not trigger an error directly on send()).
1249 I've once got here when it said `No route to host'.
1251 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1252 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1253 p->vpn_hostname, p->real_hostname, sys_errlist[x]);
1254 terminate_connection(p);
1259 if(FD_ISSET(p->meta_socket, f))
1260 if(handle_incoming_meta_data(p) < 0)
1262 terminate_connection(p);
1267 if(FD_ISSET(myself->socket, f))
1268 handle_incoming_vpn_data(myself);
1270 if(FD_ISSET(myself->meta_socket, f))
1271 handle_new_meta_connection(myself);
1276 read, encrypt and send data that is
1277 available through the ethertap device
1279 void handle_tap_input(void)
1283 int ether_type, lenin;
1285 memset(&vp, 0, sizeof(vp));
1286 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1288 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1292 total_tap_in += lenin;
1294 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1295 if(ether_type != 0x0800)
1298 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1299 ether_type, MAC_ADDR_V(vp.data[6]));
1306 syslog(LOG_INFO, _("Dropping short packet"));
1310 from = ntohl(*((unsigned long*)(&vp.data[26])));
1311 to = ntohl(*((unsigned long*)(&vp.data[30])));
1313 vp.len = (length_t)lenin - 2;
1315 strip_mac_addresses(&vp);
1317 send_packet(to, &vp);
1322 this is where it all happens...
1324 void main_loop(void)
1329 time_t last_ping_check;
1331 last_ping_check = time(NULL);
1335 tv.tv_sec = timeout;
1341 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1343 if(errno != EINTR) /* because of alarm */
1345 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1353 close_network_connections();
1355 if(read_config_file(configfilename))
1357 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1361 setup_network_connections();
1365 if(last_ping_check + timeout < time(NULL))
1366 /* Let's check if everybody is still alive */
1368 check_dead_connections();
1369 last_ping_check = time(NULL);
1374 check_network_activity(&fset);
1376 /* local tap data */
1377 if(FD_ISSET(tap_fd, &fset))