2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.24 2000/08/08 17:07:47 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
107 ntohs(rp.len), cl->vpn_hostname, cl->real_hostname);
109 total_socket_out += ntohs(rp.len);
113 if((cl->flags | myself->flags) & TCPONLY)
114 return send_tcppacket(cl, (void*)&rp, ntohs(rp.len));
116 if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
118 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
119 cl->vpn_hostname, cl->real_hostname);
126 int xrecv(conn_list_t *cl, void *packet)
131 do_decrypt((real_packet_t*)packet, &vp, cl->key);
132 add_mac_addresses(&vp);
135 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
136 ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname);
138 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
139 syslog(LOG_ERR, _("Can't write to tap device: %m"));
141 total_tap_out += lenin;
144 cl->last_ping_time = time(NULL);
149 int tcprecv(conn_list_t *cl, real_packet_t *rp)
155 rp->data.len = ntohs(rp->data.len);
156 rp->len = ntohs(rp->len);
157 rp->from = ntohl(rp->from);
159 total_socket_in += rp->len;
163 f = lookup_conn(rp->from);
166 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
167 cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp->from));
171 if(f->status.validkey)
173 do_decrypt(rp, &vp, cl->key);
174 add_mac_addresses(&vp);
177 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
178 rp->len, cl->vpn_hostname, cl->real_hostname);
180 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
181 syslog(LOG_ERR, _("Can't write to tap device: %m"));
183 total_tap_out += lenin;
187 /* Can we add to queue? */
188 if(!cl->status.waitingforkey)
189 send_key_request(rp->from);
192 if(my_key_expiry <= time(NULL))
197 cl->last_ping_time = time(NULL);
203 add the given packet of size s to the
204 queue q, be it the send or receive queue
206 void add_queue(packet_queue_t **q, void *packet, size_t s)
210 e = xmalloc(sizeof(*e));
211 e->packet = xmalloc(s);
212 memcpy(e->packet, packet, s);
216 *q = xmalloc(sizeof(**q));
217 (*q)->head = (*q)->tail = NULL;
220 e->next = NULL; /* We insert at the tail */
222 if((*q)->tail) /* Do we have a tail? */
224 (*q)->tail->next = e;
225 e->prev = (*q)->tail;
227 else /* No tail -> no head too */
237 /* Remove a queue element */
238 void del_queue(packet_queue_t **q, queue_element_t *e)
243 if(e->next) /* There is a successor, so we are not tail */
245 if(e->prev) /* There is a predecessor, so we are not head */
247 e->next->prev = e->prev;
248 e->prev->next = e->next;
250 else /* We are head */
252 e->next->prev = NULL;
253 (*q)->head = e->next;
256 else /* We are tail (or all alone!) */
258 if(e->prev) /* We are not alone :) */
260 e->prev->next = NULL;
261 (*q)->tail = e->prev;
275 flush a queue by calling function for
276 each packet, and removing it when that
277 returned a zero exit code
279 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
280 int (*function)(conn_list_t*,void*))
282 queue_element_t *p, *next = NULL;
284 for(p = (*pq)->head; p != NULL; )
288 if(!function(cl, p->packet))
295 syslog(LOG_DEBUG, _("Queue flushed"));
300 flush the send&recv queues
301 void because nothing goes wrong here, packets
302 remain in the queue if something goes wrong
304 void flush_queues(conn_list_t *cl)
310 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
311 cl->vpn_hostname, cl->real_hostname);
312 flush_queue(cl, &(cl->sq), xsend);
318 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
319 cl->vpn_hostname, cl->real_hostname);
320 flush_queue(cl, &(cl->rq), xrecv);
326 send a packet to the given vpn ip.
328 int send_packet(ip_t to, vpn_packet_t *packet)
332 if((cl = lookup_conn(to)) == NULL)
336 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
340 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
344 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
346 { /* No open outgoing connection has been found. */
348 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
353 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
355 if(myself->flags & EXPORTINDIRECTDATA)
357 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
359 { /* No open outgoing connection has been found. */
361 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
367 /* If indirectdata flag is set for the destination we just looked up,
368 * then real_ip is actually the vpn_ip of the gateway tincd
372 if(cl->flags & INDIRECTDATA)
375 syslog(LOG_NOTICE, _("Indirect packet to %s via %s"),
376 cl->vpn_hostname, cl->real_hostname);
377 if((cl = lookup_conn(cl->real_ip)) == NULL)
380 syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"),
383 /* Gateway tincd dead? Should we kill it? (GS) */
387 if(cl->flags & INDIRECTDATA) /* This should not happen */
390 syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"),
396 if(my_key_expiry <= time(NULL))
399 if(!cl->status.dataopen)
400 if(setup_vpn_connection(cl) < 0)
402 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->vpn_hostname, cl->real_hostname);
406 if(!cl->status.validkey)
409 syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->vpn_hostname, cl->real_hostname);
410 add_queue(&(cl->sq), packet, packet->len + 2);
411 if(!cl->status.waitingforkey)
412 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
416 if(!cl->status.active)
419 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->vpn_hostname, cl->real_hostname);
420 add_queue(&(cl->sq), packet, packet->len + 2);
421 return 0; /* We don't want to mess up, do we? */
424 /* can we send it? can we? can we? huh? */
426 return xsend(cl, packet);
430 open the local ethertap device
432 int setup_tap_fd(void)
435 const char *tapfname;
438 if((cfg = get_config_val(tapdevice)) == NULL)
439 tapfname = "/dev/tap0";
441 tapfname = cfg->data.ptr;
443 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
445 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
455 set up the socket that we listen on for incoming
458 int setup_listen_meta_socket(int port)
461 struct sockaddr_in a;
464 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
466 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
470 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
472 syslog(LOG_ERR, _("setsockopt: %m"));
476 flags = fcntl(nfd, F_GETFL);
477 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
479 syslog(LOG_ERR, _("fcntl: %m"));
483 memset(&a, 0, sizeof(a));
484 a.sin_family = AF_INET;
485 a.sin_port = htons(port);
486 a.sin_addr.s_addr = htonl(INADDR_ANY);
488 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
490 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
496 syslog(LOG_ERR, _("listen: %m"));
504 setup the socket for incoming encrypted
507 int setup_vpn_in_socket(int port)
510 struct sockaddr_in a;
513 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
515 syslog(LOG_ERR, _("Creating socket failed: %m"));
519 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
521 syslog(LOG_ERR, _("setsockopt: %m"));
525 flags = fcntl(nfd, F_GETFL);
526 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
528 syslog(LOG_ERR, _("fcntl: %m"));
532 memset(&a, 0, sizeof(a));
533 a.sin_family = AF_INET;
534 a.sin_port = htons(port);
535 a.sin_addr.s_addr = htonl(INADDR_ANY);
537 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
539 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
547 setup an outgoing meta (tcp) socket
549 int setup_outgoing_meta_socket(conn_list_t *cl)
552 struct sockaddr_in a;
556 syslog(LOG_INFO, _("Trying to connect to %s"), cl->real_hostname);
558 if((cfg = get_config_val(upstreamport)) == NULL)
561 cl->port = cfg->data.val;
563 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
564 if(cl->meta_socket == -1)
566 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
567 cl->real_hostname, cl->port);
571 a.sin_family = AF_INET;
572 a.sin_port = htons(cl->port);
573 a.sin_addr.s_addr = htonl(cl->real_ip);
575 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
577 syslog(LOG_ERR, _("%s port %hd: %m"), cl->real_hostname, cl->port);
581 flags = fcntl(cl->meta_socket, F_GETFL);
582 /* if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
584 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
585 cl->real_hostname, cl->port);
590 syslog(LOG_INFO, _("Connected to %s port %hd"),
591 cl->real_hostname, cl->port);
597 setup an outgoing connection. It's not
598 necessary to also open an udp socket as
599 well, because the other host will initiate
600 an authentication sequence during which
601 we will do just that.
603 int setup_outgoing_connection(char *hostname)
608 if(!(h = gethostbyname(hostname)))
610 syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname);
614 ncn = new_conn_list();
615 ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0])));
616 ncn->real_hostname = hostlookup(htonl(ncn->real_ip));
618 if(setup_outgoing_meta_socket(ncn) < 0)
620 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
622 free_conn_element(ncn);
626 ncn->status.meta = 1;
627 ncn->status.outgoing = 1;
628 ncn->next = conn_list;
635 set up the local sockets (listen only)
637 int setup_myself(void)
641 myself = new_conn_list();
643 if(!(cfg = get_config_val(myvpnip)))
645 syslog(LOG_ERR, _("No value for my VPN IP given"));
649 myself->vpn_ip = cfg->data.ip->ip;
650 myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip));
651 myself->real_hostname = hostlookup(htonl(myself->vpn_ip));
652 myself->vpn_mask = cfg->data.ip->mask;
655 if(!(cfg = get_config_val(listenport)))
658 myself->port = cfg->data.val;
660 if((cfg = get_config_val(indirectdata)))
661 if(cfg->data.val == stupid_true)
662 myself->flags |= EXPORTINDIRECTDATA;
664 if((cfg = get_config_val(tcponly)))
665 if(cfg->data.val == stupid_true)
666 myself->flags |= TCPONLY;
668 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
670 syslog(LOG_ERR, _("Unable to set up a listening socket"));
674 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
676 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
677 close(myself->meta_socket);
681 myself->status.active = 1;
683 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
689 sigalrm_handler(int a)
693 cfg = get_next_config_val(upstreamip, upstreamindex++);
697 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
699 signal(SIGALRM, SIG_IGN);
702 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
705 signal(SIGALRM, sigalrm_handler);
707 seconds_till_retry += 5;
708 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
709 seconds_till_retry = MAXTIMEOUT;
710 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
712 alarm(seconds_till_retry);
717 setup all initial network connections
719 int setup_network_connections(void)
723 if((cfg = get_config_val(pingtimeout)) == NULL)
726 timeout = cfg->data.val;
728 if(setup_tap_fd() < 0)
731 if(setup_myself() < 0)
734 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
735 /* No upstream IP given, we're listen only. */
740 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
742 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
745 signal(SIGALRM, sigalrm_handler);
747 seconds_till_retry = MAXTIMEOUT;
748 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
749 alarm(seconds_till_retry);
755 close all open network connections
757 void close_network_connections(void)
761 for(p = conn_list; p != NULL; p = p->next)
763 if(p->status.dataopen)
765 shutdown(p->socket, 0); /* No more receptions */
771 shutdown(p->meta_socket, 0); /* No more receptions */
772 close(p->meta_socket);
777 if(myself->status.active)
779 close(myself->meta_socket);
780 close(myself->socket);
786 syslog(LOG_NOTICE, _("Terminating"));
792 create a data (udp) socket
794 int setup_vpn_connection(conn_list_t *cl)
797 struct sockaddr_in a;
800 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->real_hostname);
802 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
805 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
809 a.sin_family = AF_INET;
810 a.sin_port = htons(cl->port);
811 a.sin_addr.s_addr = htonl(cl->real_ip);
813 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
815 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
816 cl->real_hostname, cl->port);
820 flags = fcntl(nfd, F_GETFL);
821 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
823 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
824 cl->vpn_hostname, cl->real_hostname);
829 cl->status.dataopen = 1;
835 handle an incoming tcp connect call and open
838 conn_list_t *create_new_connection(int sfd)
841 struct sockaddr_in ci;
842 int len = sizeof(ci);
846 if(getpeername(sfd, &ci, &len) < 0)
848 syslog(LOG_ERR, _("Error: getpeername: %m"));
852 p->real_ip = ntohl(ci.sin_addr.s_addr);
853 p->real_hostname = hostlookup(ci.sin_addr.s_addr);
854 p->meta_socket = sfd;
857 p->last_ping_time = time(NULL);
861 syslog(LOG_NOTICE, _("Connection from %s port %d"),
862 p->real_hostname, htons(ci.sin_port));
864 if(send_basic_info(p) < 0)
866 free_conn_element(p);
874 put all file descriptors in an fd_set array
876 void build_fdset(fd_set *fs)
882 for(p = conn_list; p != NULL; p = p->next)
885 FD_SET(p->meta_socket, fs);
886 if(p->status.dataopen)
887 FD_SET(p->socket, fs);
890 FD_SET(myself->meta_socket, fs);
891 FD_SET(myself->socket, fs);
897 receive incoming data from the listening
898 udp socket and write it to the ethertap
899 device after being decrypted
901 int handle_incoming_vpn_data(conn_list_t *cl)
905 int x, l = sizeof(x);
908 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
910 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket,
911 cl->vpn_hostname, cl->real_hostname);
916 syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"),
917 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
922 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
925 syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->vpn_hostname, cl->real_hostname);
928 total_socket_in += lenin;
930 rp.data.len = ntohs(rp.data.len);
931 rp.len = ntohs(rp.len);
932 rp.from = ntohl(rp.from);
936 f = lookup_conn(rp.from);
939 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
940 cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from));
944 if(f->status.validkey)
948 add_queue(&(f->rq), &rp, rp.len);
949 if(!cl->status.waitingforkey)
950 send_key_request(rp.from);
953 if(my_key_expiry <= time(NULL))
961 terminate a connection and notify the other
962 end before closing the sockets
964 void terminate_connection(conn_list_t *cl)
969 if(cl->status.remove)
973 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
974 cl->vpn_hostname, cl->real_hostname);
976 if(cl->status.timeout)
978 /* else if(!cl->status.termreq)
985 close(cl->meta_socket);
987 cl->status.remove = 1;
989 /* If this cl isn't active, don't send any DEL_HOSTs. */
990 if(cl->status.active)
991 notify_others(cl,NULL,send_del_host);
994 /* Find all connections that were lost because they were behind cl
995 (the connection that was dropped). */
997 for(p = conn_list; p != NULL; p = p->next)
999 if((p->nexthop == cl) && (p != cl))
1001 if(cl->status.active && p->status.active)
1002 notify_others(p,cl,send_del_host);
1005 p->status.active = 0;
1006 p->status.remove = 1;
1010 cl->status.active = 0;
1012 if(cl->status.outgoing)
1014 signal(SIGALRM, sigalrm_handler);
1015 seconds_till_retry = 5;
1016 alarm(seconds_till_retry);
1017 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1023 Check if the other end is active.
1024 If we have sent packets, but didn't receive any,
1025 then possibly the other end is dead. We send a
1026 PING request over the meta connection. If the other
1027 end does not reply in time, we consider them dead
1028 and close the connection.
1030 int check_dead_connections(void)
1036 for(p = conn_list; p != NULL; p = p->next)
1038 if(p->status.remove)
1040 if(p->status.active && p->status.meta)
1042 if(p->last_ping_time + timeout < now)
1044 if(p->status.pinged && !p->status.got_pong)
1047 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1048 p->vpn_hostname, p->real_hostname);
1049 p->status.timeout = 1;
1050 terminate_connection(p);
1052 else if(p->want_ping)
1055 p->last_ping_time = now;
1056 p->status.pinged = 1;
1057 p->status.got_pong = 0;
1067 accept a new tcp connect and create a
1070 int handle_new_meta_connection(conn_list_t *cl)
1073 struct sockaddr client;
1074 int nfd, len = sizeof(client);
1076 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1078 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1082 if(!(ncn = create_new_connection(nfd)))
1086 syslog(LOG_NOTICE, _("Closed attempted connection"));
1090 ncn->status.meta = 1;
1091 ncn->next = conn_list;
1098 dispatch any incoming meta requests
1100 int handle_incoming_meta_data(conn_list_t *cl)
1102 int x, l = sizeof(x);
1103 int request, oldlen, i;
1106 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1108 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket,
1109 cl->vpn_hostname, cl->real_hostname);
1114 syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"),
1115 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
1119 if(cl->buflen >= MAXBUFSIZE)
1121 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1125 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1134 syslog(LOG_NOTICE, _("Connection closed by %s (%s)"),
1135 cl->vpn_hostname, cl->real_hostname);
1138 syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"),
1139 cl->vpn_hostname, cl->real_hostname);
1143 oldlen = cl->buflen;
1144 cl->buflen += lenin;
1150 if(cl->buflen >= cl->tcppacket)
1152 tcprecv(cl, (real_packet_t *)cl->buffer);
1153 cl->buflen -= cl->tcppacket;
1154 memmove(cl->buffer, cl->buffer + cl->tcppacket, cl->buflen);
1167 for(i = oldlen; i < cl->buflen; i++)
1169 if(cl->buffer[i] == '\n')
1171 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1180 syslog(LOG_DEBUG, _("Got request from %s (%s): %s"),
1181 cl->vpn_hostname, cl->real_hostname, cl->buffer);
1182 if(sscanf(cl->buffer, "%d", &request) == 1)
1184 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1186 syslog(LOG_ERR, _("Unknown request from %s (%s)"),
1187 cl->vpn_hostname, cl->real_hostname);
1191 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1193 syslog(LOG_ERR, _("Error while processing request from %s (%s)"),
1194 cl->vpn_hostname, cl->real_hostname);
1200 syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
1201 cl->vpn_hostname, cl->real_hostname);
1205 cl->buflen -= cl->reqlen;
1206 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1216 cl->last_ping_time = time(NULL);
1223 check all connections to see if anything
1224 happened on their sockets
1226 void check_network_activity(fd_set *f)
1229 int x, l = sizeof(x);
1231 for(p = conn_list; p != NULL; p = p->next)
1233 if(p->status.remove)
1236 if(p->status.dataopen)
1237 if(FD_ISSET(p->socket, f))
1240 The only thing that can happen to get us here is apparently an
1241 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1242 something that will not trigger an error directly on send()).
1243 I've once got here when it said `No route to host'.
1245 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1246 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1247 p->vpn_hostname, p->real_hostname, sys_errlist[x]);
1248 terminate_connection(p);
1253 if(FD_ISSET(p->meta_socket, f))
1254 if(handle_incoming_meta_data(p) < 0)
1256 terminate_connection(p);
1261 if(FD_ISSET(myself->socket, f))
1262 handle_incoming_vpn_data(myself);
1264 if(FD_ISSET(myself->meta_socket, f))
1265 handle_new_meta_connection(myself);
1270 read, encrypt and send data that is
1271 available through the ethertap device
1273 void handle_tap_input(void)
1277 int ether_type, lenin;
1279 memset(&vp, 0, sizeof(vp));
1280 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1282 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1286 total_tap_in += lenin;
1288 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1289 if(ether_type != 0x0800)
1292 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1293 ether_type, MAC_ADDR_V(vp.data[6]));
1300 syslog(LOG_INFO, _("Dropping short packet"));
1304 from = ntohl(*((unsigned long*)(&vp.data[26])));
1305 to = ntohl(*((unsigned long*)(&vp.data[30])));
1307 vp.len = (length_t)lenin - 2;
1309 strip_mac_addresses(&vp);
1311 send_packet(to, &vp);
1316 this is where it all happens...
1318 void main_loop(void)
1323 time_t last_ping_check;
1325 last_ping_check = time(NULL);
1329 tv.tv_sec = timeout;
1335 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1337 if(errno != EINTR) /* because of alarm */
1339 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1347 close_network_connections();
1349 if(read_config_file(configfilename))
1351 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1355 setup_network_connections();
1359 if(last_ping_check + timeout < time(NULL))
1360 /* Let's check if everybody is still alive */
1362 check_dead_connections();
1363 last_ping_check = time(NULL);
1368 check_network_activity(&fset);
1370 /* local tap data */
1371 if(FD_ISSET(tap_fd, &fset))