9bebca43f568656cfb0f34a91c64013a420e5dc5
[tinc] / src / net_packet.c
1 /*
2     net_packet.c -- Handles in- and outgoing VPN packets
3     Copyright (C) 1998-2005 Ivo Timmermans,
4                   2000-2014 Guus Sliepen <guus@tinc-vpn.org>
5                   2010      Timothy Redaelli <timothy@redaelli.eu>
6                   2010      Brandon Black <blblack@gmail.com>
7
8     This program is free software; you can redistribute it and/or modify
9     it under the terms of the GNU General Public License as published by
10     the Free Software Foundation; either version 2 of the License, or
11     (at your option) any later version.
12
13     This program is distributed in the hope that it will be useful,
14     but WITHOUT ANY WARRANTY; without even the implied warranty of
15     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16     GNU General Public License for more details.
17
18     You should have received a copy of the GNU General Public License along
19     with this program; if not, write to the Free Software Foundation, Inc.,
20     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
23 #include "system.h"
24
25 #ifdef HAVE_ZLIB
26 #include <zlib.h>
27 #endif
28
29 #ifdef HAVE_LZO
30 #include LZO1X_H
31 #endif
32
33 #include "cipher.h"
34 #include "conf.h"
35 #include "connection.h"
36 #include "crypto.h"
37 #include "digest.h"
38 #include "device.h"
39 #include "ethernet.h"
40 #include "graph.h"
41 #include "logger.h"
42 #include "net.h"
43 #include "netutl.h"
44 #include "protocol.h"
45 #include "route.h"
46 #include "utils.h"
47 #include "xalloc.h"
48
49 #ifndef MAX
50 #define MAX(a, b) ((a) > (b) ? (a) : (b))
51 #endif
52
53 int keylifetime = 0;
54 #ifdef HAVE_LZO
55 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
56 #endif
57
58 static void send_udppacket(node_t *, vpn_packet_t *);
59
60 unsigned replaywin = 16;
61 bool localdiscovery = true;
62 bool udp_discovery = true;
63 int udp_discovery_interval = 9;
64 int udp_discovery_timeout = 30;
65
66 #define MAX_SEQNO 1073741824
67
68 static void try_fix_mtu(node_t *n) {
69         if(n->mtuprobes < 0)
70                 return;
71
72         if(n->mtuprobes == 90 || n->minmtu >= n->maxmtu) {
73                 if(n->minmtu > n->maxmtu)
74                         n->minmtu = n->maxmtu;
75                 else
76                         n->maxmtu = n->minmtu;
77                 n->mtu = n->minmtu;
78                 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
79                 n->mtuprobes = -1;
80         }
81 }
82
83 static void udp_probe_timeout_handler(void *data) {
84         node_t *n = data;
85         if(!n->status.udp_confirmed)
86                 return;
87
88         logger(DEBUG_TRAFFIC, LOG_INFO, "Too much time has elapsed since last UDP ping response from %s (%s), stopping UDP communication", n->name, n->hostname);
89         n->status.udp_confirmed = false;
90         n->mtuprobes = 0;
91         n->minmtu = 0;
92         n->maxmtu = MTU;
93 }
94
95 static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
96         if(!DATA(packet)[0]) {
97                 logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
98
99                 /* It's a probe request, send back a reply */
100
101                 /* Type 2 probe replies were introduced in protocol 17.3 */
102                 if ((n->options >> 24) >= 3) {
103                         uint8_t *data = DATA(packet);
104                         *data++ = 2;
105                         uint16_t len16 = htons(len); memcpy(data, &len16, 2); data += 2;
106                         struct timeval now;
107                         gettimeofday(&now, NULL);
108                         uint32_t sec = htonl(now.tv_sec); memcpy(data, &sec, 4); data += 4;
109                         uint32_t usec = htonl(now.tv_usec); memcpy(data, &usec, 4); data += 4;
110                         packet->len -= 10;
111                 } else {
112                         /* Legacy protocol: n won't understand type 2 probe replies. */
113                         DATA(packet)[0] = 1;
114                 }
115
116                 /* Temporarily set udp_confirmed, so that the reply is sent
117                    back exactly the way it came in. */
118
119                 bool udp_confirmed = n->status.udp_confirmed;
120                 n->status.udp_confirmed = true;
121                 send_udppacket(n, packet);
122                 n->status.udp_confirmed = udp_confirmed;
123         } else {
124                 length_t probelen = len;
125                 if (DATA(packet)[0] == 2) {
126                         if (len < 3)
127                                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received invalid (too short) UDP probe reply from %s (%s)", n->name, n->hostname);
128                         else {
129                                 uint16_t probelen16; memcpy(&probelen16, DATA(packet) + 1, 2); probelen = ntohs(probelen16);
130                         }
131                 }
132                 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s)", DATA(packet)[0], probelen, n->name, n->hostname);
133
134                 /* It's a valid reply: now we know bidirectional communication
135                    is possible using the address and socket that the reply
136                    packet used. */
137                 n->status.udp_confirmed = true;
138
139                 if(udp_discovery) {
140                         timeout_del(&n->udp_ping_timeout);
141                         timeout_add(&n->udp_ping_timeout, &udp_probe_timeout_handler, n, &(struct timeval){udp_discovery_timeout, 0});
142                 }
143
144                 if(probelen >= n->maxmtu + 8) {
145                         logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
146                         n->maxmtu = MTU;
147                         n->mtuprobes = 30;
148                         return;
149                 }
150
151                 /* If applicable, raise the minimum supported MTU */
152
153                 if(probelen > n->maxmtu)
154                         probelen = n->maxmtu;
155                 if(n->minmtu < probelen) {
156                         n->minmtu = probelen;
157                         try_fix_mtu(n);
158                 }
159
160                 /* Calculate RTT and bandwidth.
161                    The RTT is the time between the MTU probe burst was sent and the first
162                    reply is received. The bandwidth is measured using the time between the
163                    arrival of the first and third probe reply (or type 2 probe requests).
164                  */
165
166                 struct timeval now, diff;
167                 gettimeofday(&now, NULL);
168                 timersub(&now, &n->probe_time, &diff);
169
170                 struct timeval probe_timestamp = now;
171                 if (DATA(packet)[0] == 2 && packet->len >= 11) {
172                         uint32_t sec; memcpy(&sec, DATA(packet) + 3, 4);
173                         uint32_t usec; memcpy(&usec, DATA(packet) + 7, 4);
174                         probe_timestamp.tv_sec = ntohl(sec);
175                         probe_timestamp.tv_usec = ntohl(usec);
176                 }
177                 
178                 n->probe_counter++;
179
180                 if(n->probe_counter == 1) {
181                         n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
182                         n->probe_time = probe_timestamp;
183                 } else if(n->probe_counter == 3) {
184                         /* TODO: this will never fire - we're not sending batches of three anymore. */
185                         struct timeval probe_timestamp_diff;
186                         timersub(&probe_timestamp, &n->probe_time, &probe_timestamp_diff);
187                         n->bandwidth = 2.0 * probelen / (probe_timestamp_diff.tv_sec + probe_timestamp_diff.tv_usec * 1e-6);
188                         logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
189                 }
190         }
191 }
192
193 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
194         if(level == 0) {
195                 memcpy(dest, source, len);
196                 return len;
197         } else if(level == 10) {
198 #ifdef HAVE_LZO
199                 lzo_uint lzolen = MAXSIZE;
200                 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
201                 return lzolen;
202 #else
203                 return -1;
204 #endif
205         } else if(level < 10) {
206 #ifdef HAVE_ZLIB
207                 unsigned long destlen = MAXSIZE;
208                 if(compress2(dest, &destlen, source, len, level) == Z_OK)
209                         return destlen;
210                 else
211 #endif
212                         return -1;
213         } else {
214 #ifdef HAVE_LZO
215                 lzo_uint lzolen = MAXSIZE;
216                 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
217                 return lzolen;
218 #else
219                 return -1;
220 #endif
221         }
222
223         return -1;
224 }
225
226 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
227         if(level == 0) {
228                 memcpy(dest, source, len);
229                 return len;
230         } else if(level > 9) {
231 #ifdef HAVE_LZO
232                 lzo_uint lzolen = MAXSIZE;
233                 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
234                         return lzolen;
235                 else
236 #endif
237                         return -1;
238         }
239 #ifdef HAVE_ZLIB
240         else {
241                 unsigned long destlen = MAXSIZE;
242                 if(uncompress(dest, &destlen, source, len) == Z_OK)
243                         return destlen;
244                 else
245                         return -1;
246         }
247 #endif
248
249         return -1;
250 }
251
252 /* VPN packet I/O */
253
254 static void receive_packet(node_t *n, vpn_packet_t *packet) {
255         logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
256                            packet->len, n->name, n->hostname);
257
258         n->in_packets++;
259         n->in_bytes += packet->len;
260
261         route(n, packet);
262 }
263
264 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
265         if(n->status.sptps)
266                 return sptps_verify_datagram(&n->sptps, DATA(inpkt), inpkt->len);
267
268 #ifdef DISABLE_LEGACY
269         return false;
270 #else
271         if(!digest_active(n->indigest) || inpkt->len < sizeof(seqno_t) + digest_length(n->indigest))
272                 return false;
273
274         return digest_verify(n->indigest, SEQNO(inpkt), inpkt->len - digest_length(n->indigest), DATA(inpkt) + inpkt->len - digest_length(n->indigest));
275 #endif
276 }
277
278 static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
279         vpn_packet_t pkt1, pkt2;
280         vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
281         int nextpkt = 0;
282         size_t outlen;
283         pkt1.offset = DEFAULT_PACKET_OFFSET;
284         pkt2.offset = DEFAULT_PACKET_OFFSET;
285
286         if(n->status.sptps) {
287                 if(!n->sptps.state) {
288                         if(!n->status.waitingforkey) {
289                                 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
290                                 send_req_key(n);
291                         } else {
292                                 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
293                         }
294                         return false;
295                 }
296                 inpkt->offset += 2 * sizeof(node_id_t);
297                 if(!sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len - 2 * sizeof(node_id_t))) {
298                         logger(DEBUG_TRAFFIC, LOG_ERR, "Got bad packet from %s (%s)", n->name, n->hostname);
299                         return false;
300                 }
301                 return true;
302         }
303
304 #ifdef DISABLE_LEGACY
305         return false;
306 #else
307         if(!n->status.validkey) {
308                 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
309                 return false;
310         }
311
312         /* Check packet length */
313
314         if(inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
315                 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
316                                         n->name, n->hostname);
317                 return false;
318         }
319
320         /* It's a legacy UDP packet, the data starts after the seqno */
321
322         inpkt->offset += sizeof(seqno_t);
323
324         /* Check the message authentication code */
325
326         if(digest_active(n->indigest)) {
327                 inpkt->len -= digest_length(n->indigest);
328                 if(!digest_verify(n->indigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
329                         logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
330                         return false;
331                 }
332         }
333         /* Decrypt the packet */
334
335         if(cipher_active(n->incipher)) {
336                 vpn_packet_t *outpkt = pkt[nextpkt++];
337                 outlen = MAXSIZE;
338
339                 if(!cipher_decrypt(n->incipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
340                         logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
341                         return false;
342                 }
343
344                 outpkt->len = outlen;
345                 inpkt = outpkt;
346         }
347
348         /* Check the sequence number */
349
350         seqno_t seqno;
351         memcpy(&seqno, SEQNO(inpkt), sizeof seqno);
352         seqno = ntohl(seqno);
353         inpkt->len -= sizeof seqno;
354
355         if(replaywin) {
356                 if(seqno != n->received_seqno + 1) {
357                         if(seqno >= n->received_seqno + replaywin * 8) {
358                                 if(n->farfuture++ < replaywin >> 2) {
359                                         logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
360                                                 n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture);
361                                         return false;
362                                 }
363                                 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
364                                                 seqno - n->received_seqno - 1, n->name, n->hostname);
365                                 memset(n->late, 0, replaywin);
366                         } else if (seqno <= n->received_seqno) {
367                                 if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) {
368                                         logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
369                                                 n->name, n->hostname, seqno, n->received_seqno);
370                                         return false;
371                                 }
372                         } else {
373                                 for(int i = n->received_seqno + 1; i < seqno; i++)
374                                         n->late[(i / 8) % replaywin] |= 1 << i % 8;
375                         }
376                 }
377
378                 n->farfuture = 0;
379                 n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8);
380         }
381
382         if(seqno > n->received_seqno)
383                 n->received_seqno = seqno;
384
385         n->received++;
386
387         if(n->received_seqno > MAX_SEQNO)
388                 regenerate_key();
389
390         /* Decompress the packet */
391
392         length_t origlen = inpkt->len;
393
394         if(n->incompression) {
395                 vpn_packet_t *outpkt = pkt[nextpkt++];
396
397                 if((outpkt->len = uncompress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->incompression)) < 0) {
398                         logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
399                                                  n->name, n->hostname);
400                         return false;
401                 }
402
403                 inpkt = outpkt;
404
405                 origlen -= MTU/64 + 20;
406         }
407
408         inpkt->priority = 0;
409
410         if(!DATA(inpkt)[12] && !DATA(inpkt)[13])
411                 udp_probe_h(n, inpkt, origlen);
412         else
413                 receive_packet(n, inpkt);
414         return true;
415 #endif
416 }
417
418 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
419         vpn_packet_t outpkt;
420         outpkt.offset = DEFAULT_PACKET_OFFSET;
421
422         if(len > sizeof outpkt.data - outpkt.offset)
423                 return;
424
425         outpkt.len = len;
426         if(c->options & OPTION_TCPONLY)
427                 outpkt.priority = 0;
428         else
429                 outpkt.priority = -1;
430         memcpy(DATA(&outpkt), buffer, len);
431
432         receive_packet(c->node, &outpkt);
433 }
434
435 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
436         if(!n->status.validkey && !n->connection)
437                 return;
438
439         uint8_t type = 0;
440         int offset = 0;
441
442         if(!(DATA(origpkt)[12] | DATA(origpkt)[13])) {
443                 sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len);
444                 return;
445         }
446
447         if(routing_mode == RMODE_ROUTER)
448                 offset = 14;
449         else
450                 type = PKT_MAC;
451
452         if(origpkt->len < offset)
453                 return;
454
455         vpn_packet_t outpkt;
456
457         if(n->outcompression) {
458                 outpkt.offset = 0;
459                 int len = compress_packet(DATA(&outpkt) + offset, DATA(origpkt) + offset, origpkt->len - offset, n->outcompression);
460                 if(len < 0) {
461                         logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
462                 } else if(len < origpkt->len - offset) {
463                         outpkt.len = len + offset;
464                         origpkt = &outpkt;
465                         type |= PKT_COMPRESSED;
466                 }
467         }
468
469         /* If we have a direct metaconnection to n, and we can't use UDP, then
470            don't bother with SPTPS and just use a "plaintext" PACKET message.
471            We don't really care about end-to-end security since we're not
472            sending the message through any intermediate nodes. */
473         if(n->connection && origpkt->len > n->minmtu)
474                 send_tcppacket(n->connection, origpkt);
475         else
476                 sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset);
477         return;
478 }
479
480 static void adapt_socket(const sockaddr_t *sa, int *sock) {
481         /* Make sure we have a suitable socket for the chosen address */
482         if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) {
483                 for(int i = 0; i < listen_sockets; i++) {
484                         if(listen_socket[i].sa.sa.sa_family == sa->sa.sa_family) {
485                                 *sock = i;
486                                 break;
487                         }
488                 }
489         }
490 }
491
492 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
493         /* Latest guess */
494         *sa = &n->address;
495         *sock = n->sock;
496
497         /* If the UDP address is confirmed, use it. */
498         if(n->status.udp_confirmed)
499                 return;
500
501         /* Send every third packet to n->address; that could be set
502            to the node's reflexive UDP address discovered during key
503            exchange. */
504
505         static int x = 0;
506         if(++x >= 3) {
507                 x = 0;
508                 return;
509         }
510
511         /* Otherwise, address are found in edges to this node.
512            So we pick a random edge and a random socket. */
513
514         int i = 0;
515         int j = rand() % n->edge_tree->count;
516         edge_t *candidate = NULL;
517
518         for splay_each(edge_t, e, n->edge_tree) {
519                 if(i++ == j) {
520                         candidate = e->reverse;
521                         break;
522                 }
523         }
524
525         if(candidate) {
526                 *sa = &candidate->address;
527                 *sock = rand() % listen_sockets;
528         }
529
530         adapt_socket(*sa, sock);
531 }
532
533 static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) {
534         *sa = NULL;
535
536         /* Pick one of the edges from this node at random, then use its local address. */
537
538         int i = 0;
539         int j = rand() % n->edge_tree->count;
540         edge_t *candidate = NULL;
541
542         for splay_each(edge_t, e, n->edge_tree) {
543                 if(i++ == j) {
544                         candidate = e;
545                         break;
546                 }
547         }
548
549         if (candidate && candidate->local_address.sa.sa_family) {
550                 *sa = &candidate->local_address;
551                 *sock = rand() % listen_sockets;
552                 adapt_socket(*sa, sock);
553         }
554 }
555
556 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
557         vpn_packet_t pkt1, pkt2;
558         vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
559         vpn_packet_t *inpkt = origpkt;
560         int nextpkt = 0;
561         vpn_packet_t *outpkt;
562         int origlen = origpkt->len;
563         size_t outlen;
564 #if defined(SOL_IP) && defined(IP_TOS)
565         static int priority = 0;
566         int origpriority = origpkt->priority;
567 #endif
568
569         pkt1.offset = DEFAULT_PACKET_OFFSET;
570         pkt2.offset = DEFAULT_PACKET_OFFSET;
571
572         if(!n->status.reachable) {
573                 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
574                 return;
575         }
576
577         if(n->status.sptps)
578                 return send_sptps_packet(n, origpkt);
579
580 #ifdef DISABLE_LEGACY
581         return;
582 #else
583         /* Make sure we have a valid key */
584
585         if(!n->status.validkey) {
586                 logger(DEBUG_TRAFFIC, LOG_INFO,
587                                    "No valid key known yet for %s (%s), forwarding via TCP",
588                                    n->name, n->hostname);
589                 send_tcppacket(n->nexthop->connection, origpkt);
590                 return;
591         }
592
593         if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (DATA(inpkt)[12] | DATA(inpkt)[13])) {
594                 logger(DEBUG_TRAFFIC, LOG_INFO,
595                                 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
596                                 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
597
598                 if(n != n->nexthop)
599                         send_packet(n->nexthop, origpkt);
600                 else
601                         send_tcppacket(n->nexthop->connection, origpkt);
602
603                 return;
604         }
605
606         /* Compress the packet */
607
608         if(n->outcompression) {
609                 outpkt = pkt[nextpkt++];
610
611                 if((outpkt->len = compress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->outcompression)) < 0) {
612                         logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
613                                    n->name, n->hostname);
614                         return;
615                 }
616
617                 inpkt = outpkt;
618         }
619
620         /* Add sequence number */
621
622         seqno_t seqno = htonl(++(n->sent_seqno));
623         memcpy(SEQNO(inpkt), &seqno, sizeof seqno);
624         inpkt->len += sizeof seqno;
625
626         /* Encrypt the packet */
627
628         if(cipher_active(n->outcipher)) {
629                 outpkt = pkt[nextpkt++];
630                 outlen = MAXSIZE;
631
632                 if(!cipher_encrypt(n->outcipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
633                         logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
634                         goto end;
635                 }
636
637                 outpkt->len = outlen;
638                 inpkt = outpkt;
639         }
640
641         /* Add the message authentication code */
642
643         if(digest_active(n->outdigest)) {
644                 if(!digest_create(n->outdigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
645                         logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
646                         goto end;
647                 }
648
649                 inpkt->len += digest_length(n->outdigest);
650         }
651
652         /* Send the packet */
653
654         const sockaddr_t *sa = NULL;
655         int sock;
656
657         if(n->status.send_locally)
658                 choose_local_address(n, &sa, &sock);
659         if(!sa)
660                 choose_udp_address(n, &sa, &sock);
661
662 #if defined(SOL_IP) && defined(IP_TOS)
663         if(priorityinheritance && origpriority != priority
664            && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
665                 priority = origpriority;
666                 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
667                 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
668                         logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
669         }
670 #endif
671
672         if(sendto(listen_socket[sock].udp.fd, SEQNO(inpkt), inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
673                 if(sockmsgsize(sockerrno)) {
674                         if(n->maxmtu >= origlen)
675                                 n->maxmtu = origlen - 1;
676                         if(n->mtu >= origlen)
677                                 n->mtu = origlen - 1;
678                         try_fix_mtu(n);
679                 } else
680                         logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
681         }
682
683 end:
684         origpkt->len = origlen;
685 #endif
686 }
687
688 static bool send_sptps_data_priv(node_t *to, node_t *from, int type, const void *data, size_t len) {
689         node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop;
690         bool direct = from == myself && to == relay;
691         bool relay_supported = (relay->options >> 24) >= 4;
692         bool tcponly = (myself->options | relay->options) & OPTION_TCPONLY;
693
694         /* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU.
695            TODO: When relaying, the original sender does not know the end-to-end PMTU (it only knows the PMTU of the first hop).
696                  This can lead to scenarios where large packets are sent over UDP to relay, but then relay has no choice but fall back to TCP. */
697
698         if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
699                 char buf[len * 4 / 3 + 5];
700                 b64encode(data, buf, len);
701                 /* If no valid key is known yet, send the packets using ANS_KEY requests,
702                    to ensure we get to learn the reflexive UDP address. */
703                 if(from == myself && !to->status.validkey) {
704                         to->incompression = myself->incompression;
705                         return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
706                 } else {
707                         return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, REQ_SPTPS, buf);
708                 }
709         }
710
711         size_t overhead = 0;
712         if(relay_supported) overhead += sizeof to->id + sizeof from->id;
713         char buf[len + overhead]; char* buf_ptr = buf;
714         if(relay_supported) {
715                 if(direct) {
716                         /* Inform the recipient that this packet was sent directly. */
717                         node_id_t nullid = {};
718                         memcpy(buf_ptr, &nullid, sizeof nullid); buf_ptr += sizeof nullid;
719                 } else {
720                         memcpy(buf_ptr, &to->id, sizeof to->id); buf_ptr += sizeof to->id;
721                 }
722                 memcpy(buf_ptr, &from->id, sizeof from->id); buf_ptr += sizeof from->id;
723
724         }
725         /* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */
726         memcpy(buf_ptr, data, len); buf_ptr += len;
727
728         const sockaddr_t *sa = NULL;
729         int sock;
730         if(relay->status.send_locally)
731                 choose_local_address(relay, &sa, &sock);
732         if(!sa)
733                 choose_udp_address(relay, &sa, &sock);
734         logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname);
735         if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
736                 if(sockmsgsize(sockerrno)) {
737                         // Compensate for SPTPS overhead
738                         len -= SPTPS_DATAGRAM_OVERHEAD;
739                         if(relay->maxmtu >= len)
740                                 relay->maxmtu = len - 1;
741                         if(relay->mtu >= len)
742                                 relay->mtu = len - 1;
743                         try_fix_mtu(relay);
744                 } else {
745                         logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno));
746                         return false;
747                 }
748         }
749
750         return true;
751 }
752
753 bool send_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
754         return send_sptps_data_priv(handle, myself, type, data, len);
755 }
756
757 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
758         node_t *from = handle;
759
760         if(type == SPTPS_HANDSHAKE) {
761                 if(!from->status.validkey) {
762                         from->status.validkey = true;
763                         from->status.waitingforkey = false;
764                         logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
765                 }
766                 return true;
767         }
768
769         if(len > MTU) {
770                 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
771                 return false;
772         }
773
774         vpn_packet_t inpkt;
775         inpkt.offset = DEFAULT_PACKET_OFFSET;
776
777         if(type == PKT_PROBE) {
778                 inpkt.len = len;
779                 memcpy(DATA(&inpkt), data, len);
780                 udp_probe_h(from, &inpkt, len);
781                 return true;
782         }
783
784         if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
785                 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
786                 return false;
787         }
788
789         /* Check if we have the headers we need */
790         if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
791                 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
792                 return false;
793         } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
794                 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
795         }
796
797         int offset = (type & PKT_MAC) ? 0 : 14;
798         if(type & PKT_COMPRESSED) {
799                 length_t ulen = uncompress_packet(DATA(&inpkt) + offset, (const uint8_t *)data, len, from->incompression);
800                 if(ulen < 0) {
801                         return false;
802                 } else {
803                         inpkt.len = ulen + offset;
804                 }
805                 if(inpkt.len > MAXSIZE)
806                         abort();
807         } else {
808                 memcpy(DATA(&inpkt) + offset, data, len);
809                 inpkt.len = len + offset;
810         }
811
812         /* Generate the Ethernet packet type if necessary */
813         if(offset) {
814                 switch(DATA(&inpkt)[14] >> 4) {
815                         case 4:
816                                 DATA(&inpkt)[12] = 0x08;
817                                 DATA(&inpkt)[13] = 0x00;
818                                 break;
819                         case 6:
820                                 DATA(&inpkt)[12] = 0x86;
821                                 DATA(&inpkt)[13] = 0xDD;
822                                 break;
823                         default:
824                                 logger(DEBUG_TRAFFIC, LOG_ERR,
825                                                    "Unknown IP version %d while reading packet from %s (%s)",
826                                                    DATA(&inpkt)[14] >> 4, from->name, from->hostname);
827                                 return false;
828                 }
829         }
830
831         receive_packet(from, &inpkt);
832         return true;
833 }
834
835 // This function tries to get SPTPS keys, if they aren't already known.
836 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if the keys are available.
837 static void try_sptps(node_t *n) {
838         if(n->status.validkey)
839                 return;
840
841         logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
842
843         if(!n->status.waitingforkey)
844                 send_req_key(n);
845         else if(n->last_req_key + 10 < now.tv_sec) {
846                 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
847                 sptps_stop(&n->sptps);
848                 n->status.waitingforkey = false;
849                 send_req_key(n);
850         }
851
852         return;
853 }
854
855 static void send_udp_probe_packet(node_t *n, int len) {
856         vpn_packet_t packet;
857         packet.offset = DEFAULT_PACKET_OFFSET;
858         memset(DATA(&packet), 0, 14);
859         randomize(DATA(&packet) + 14, len - 14);
860         packet.len = len;
861         packet.priority = 0;
862
863         logger(DEBUG_TRAFFIC, LOG_INFO, "Sending UDP probe length %d to %s (%s)", len, n->name, n->hostname);
864
865         send_udppacket(n, &packet);
866 }
867
868 // This function tries to establish a UDP tunnel to a node so that packets can be sent.
869 // If a tunnel is already established, it makes sure it stays up.
870 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if UDP is usable.
871 static void try_udp(node_t* n) {
872         if(!udp_discovery)
873                 return;
874
875         struct timeval now;
876         gettimeofday(&now, NULL);
877         struct timeval ping_tx_elapsed;
878         timersub(&now, &n->udp_ping_sent, &ping_tx_elapsed);
879
880         if(ping_tx_elapsed.tv_sec >= udp_discovery_interval) {
881                 send_udp_probe_packet(n, MAX(n->minmtu, 16));
882                 n->udp_ping_sent = now;
883
884                 if(localdiscovery && !n->status.udp_confirmed && n->prevedge) {
885                         n->status.send_locally = true;
886                         send_udp_probe_packet(n, 16);
887                         n->status.send_locally = false;
888                 }
889         }
890 }
891
892 // This function tries to determines the MTU of a node.
893 // By calling this function repeatedly, n->minmtu will be progressively increased, and at some point, n->mtu will be fixed to n->minmtu.
894 // If the MTU is already fixed, this function checks if it can be increased.
895 static void try_mtu(node_t *n) {
896         if(!(n->options & OPTION_PMTU_DISCOVERY))
897                 return;
898
899         if(udp_discovery && !n->status.udp_confirmed) {
900                 n->mtuprobes = 0;
901                 n->minmtu = 0;
902                 n->maxmtu = MTU;
903                 return;
904         }
905
906         /* mtuprobes == 0..89: initial discovery, send bursts with 1 second interval, mtuprobes++
907            mtuprobes ==    90: fix MTU, and go to -1
908            mtuprobes ==    -1: send one >maxmtu probe every pingtimeout */
909
910         struct timeval now;
911         gettimeofday(&now, NULL);
912         struct timeval elapsed;
913         timersub(&now, &n->probe_sent_time, &elapsed);
914         if(n->mtuprobes >= 0) {
915                 if(n->mtuprobes != 0 && elapsed.tv_sec == 0 && elapsed.tv_usec < 333333)
916                         return;
917         } else {
918                 if(elapsed.tv_sec < pingtimeout)
919                         return;
920         }
921
922         try_fix_mtu(n);
923
924         int timeout;
925         if(n->mtuprobes < 0) {
926                 /* After the initial discovery, we only send one >maxmtu probe
927                    to detect PMTU increases. */
928                 if(n->maxmtu + 8 < MTU)
929                         send_udp_probe_packet(n, n->maxmtu + 8);
930         } else {
931                 /* Probes are sent with random sizes between the
932                    lower and upper boundaries for the MTU thus far discovered. */
933                 int len = n->maxmtu;
934                 if(n->minmtu < n->maxmtu)
935                         len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
936                 send_udp_probe_packet(n, MAX(len, 64));
937
938                 if(n->mtuprobes >= 0)
939                         n->mtuprobes++;
940         }
941
942         n->probe_counter = 0;
943         n->probe_sent_time = now;
944         n->probe_time = now;
945
946         /* Calculate the packet loss of incoming traffic by comparing the rate of
947            packets received to the rate with which the sequence number has increased.
948            TODO: this is unrelated to PMTU discovery - it should be moved elsewhere.
949          */
950
951         if(n->received > n->prev_received)
952                 n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
953         else
954                 n->packetloss = n->received_seqno <= n->prev_received_seqno;
955
956         n->prev_received_seqno = n->received_seqno;
957         n->prev_received = n->received;
958 }
959
960 // This function tries to establish a tunnel to a node (or its relay) so that packets can be sent (e.g. get SPTPS keys).
961 // If a tunnel is already established, it tries to improve it (e.g. by trying to establish a UDP tunnel instead of TCP).
962 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if TCP and/or UDP is usable.
963 // By calling this function repeatedly, the tunnel is gradually improved until we hit the wall imposed by the underlying network environment.
964 // It is recommended to call this function every time a packet is sent (or intended to be sent) to a node,
965 // so that the tunnel keeps improving as packets flow, and then gracefully downgrades itself as it goes idle.
966 static void try_tx(node_t *n) {
967         /* If n is a TCP-only neighbor, we'll only use "cleartext" PACKET
968            messages anyway, so there's no need for SPTPS at all. Otherwise, get the keys. */
969         if(n->status.sptps && !(n->connection && ((myself->options | n->options) & OPTION_TCPONLY))) {
970                 try_sptps(n);
971                 if (!n->status.validkey)
972                         return;
973         }
974
975         node_t *via = (n->via == myself) ? n->nexthop : n->via;
976         
977         if((myself->options | via->options) & OPTION_TCPONLY)
978                 return;
979
980         if(!n->status.sptps && !via->status.validkey && via->last_req_key + 10 <= now.tv_sec) {
981                 send_req_key(via);
982                 via->last_req_key = now.tv_sec;
983         } else if(via == n || !n->status.sptps || (via->options >> 24) >= 4) {
984                 try_udp(via);
985                 try_mtu(via);
986         }
987
988         /* If we don't know how to reach "via" yet, then try to reach it through a relay. */
989         if(n->status.sptps && !via->status.udp_confirmed && via->nexthop != via && (via->nexthop->options >> 24) >= 4)
990                 try_tx(via->nexthop);
991 }
992
993 /*
994   send a packet to the given vpn ip.
995 */
996 void send_packet(node_t *n, vpn_packet_t *packet) {
997         node_t *via;
998
999         if(n == myself) {
1000                 if(overwrite_mac)
1001                          memcpy(DATA(packet), mymac.x, ETH_ALEN);
1002                 n->out_packets++;
1003                 n->out_bytes += packet->len;
1004                 devops.write(packet);
1005                 return;
1006         }
1007
1008         logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
1009                            packet->len, n->name, n->hostname);
1010
1011         if(!n->status.reachable) {
1012                 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
1013                                    n->name, n->hostname);
1014                 return;
1015         }
1016
1017         n->out_packets++;
1018         n->out_bytes += packet->len;
1019
1020         if(n->status.sptps) {
1021                 send_sptps_packet(n, packet);
1022                 goto end;
1023         }
1024
1025         via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
1026
1027         if(via != n)
1028                 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
1029                            n->name, via->name, n->via->hostname);
1030
1031         if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
1032                 if(!send_tcppacket(via->connection, packet))
1033                         terminate_connection(via->connection, true);
1034         } else
1035                 send_udppacket(via, packet);
1036
1037 end:
1038         /* Try to improve the tunnel.
1039            Note that we do this *after* we send the packet because sending actual packets take priority
1040            with regard to the send buffer space and latency. */
1041         try_tx(n);
1042 }
1043
1044 /* Broadcast a packet using the minimum spanning tree */
1045
1046 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
1047         // Always give ourself a copy of the packet.
1048         if(from != myself)
1049                 send_packet(myself, packet);
1050
1051         // In TunnelServer mode, do not forward broadcast packets.
1052         // The MST might not be valid and create loops.
1053         if(tunnelserver || broadcast_mode == BMODE_NONE)
1054                 return;
1055
1056         logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
1057                            packet->len, from->name, from->hostname);
1058
1059         switch(broadcast_mode) {
1060                 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
1061                 // This guarantees all nodes receive the broadcast packet, and
1062                 // usually distributes the sending of broadcast packets over all nodes.
1063                 case BMODE_MST:
1064                         for list_each(connection_t, c, connection_list)
1065                                 if(c->edge && c->status.mst && c != from->nexthop->connection)
1066                                         send_packet(c->node, packet);
1067                         break;
1068
1069                 // In direct mode, we send copies to each node we know of.
1070                 // However, this only reaches nodes that can be reached in a single hop.
1071                 // We don't have enough information to forward broadcast packets in this case.
1072                 case BMODE_DIRECT:
1073                         if(from != myself)
1074                                 break;
1075
1076                         for splay_each(node_t, n, node_tree)
1077                                 if(n->status.reachable && n != myself && ((n->via == myself && n->nexthop == n) || n->via == n))
1078                                         send_packet(n, packet);
1079                         break;
1080
1081                 default:
1082                         break;
1083         }
1084 }
1085
1086 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
1087         node_t *n = NULL;
1088         bool hard = false;
1089         static time_t last_hard_try = 0;
1090
1091         for splay_each(edge_t, e, edge_weight_tree) {
1092                 if(!e->to->status.reachable || e->to == myself)
1093                         continue;
1094
1095                 if(sockaddrcmp_noport(from, &e->address)) {
1096                         if(last_hard_try == now.tv_sec)
1097                                 continue;
1098                         hard = true;
1099                 }
1100
1101                 if(!try_mac(e->to, pkt))
1102                         continue;
1103
1104                 n = e->to;
1105                 break;
1106         }
1107
1108         if(hard)
1109                 last_hard_try = now.tv_sec;
1110
1111         last_hard_try = now.tv_sec;
1112         return n;
1113 }
1114
1115 void handle_incoming_vpn_data(void *data, int flags) {
1116         listen_socket_t *ls = data;
1117         vpn_packet_t pkt;
1118         char *hostname;
1119         node_id_t nullid = {};
1120         sockaddr_t addr = {};
1121         socklen_t addrlen = sizeof addr;
1122         node_t *from, *to;
1123         bool direct = false;
1124
1125         pkt.offset = 0;
1126         int len = recvfrom(ls->udp.fd, DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen);
1127
1128         if(len <= 0 || len > MAXSIZE) {
1129                 if(!sockwouldblock(sockerrno))
1130                         logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1131                 return;
1132         }
1133
1134         pkt.len = len;
1135
1136         sockaddrunmap(&addr); /* Some braindead IPv6 implementations do stupid things. */
1137
1138         // Try to figure out who sent this packet.
1139
1140         node_t *n = lookup_node_udp(&addr);
1141
1142         if(!n) {
1143                 // It might be from a 1.1 node, which might have a source ID in the packet.
1144                 pkt.offset = 2 * sizeof(node_id_t);
1145                 from = lookup_node_id(SRCID(&pkt));
1146                 if(from && !memcmp(DSTID(&pkt), &nullid, sizeof nullid) && from->status.sptps) {
1147                         if(sptps_verify_datagram(&from->sptps, DATA(&pkt), pkt.len - 2 * sizeof(node_id_t)))
1148                                 n = from;
1149                         else
1150                                 goto skip_harder;
1151                 }
1152         }
1153
1154         if(!n) {
1155                 pkt.offset = 0;
1156                 n = try_harder(&addr, &pkt);
1157         }
1158
1159 skip_harder:
1160         if(!n) {
1161                 if(debug_level >= DEBUG_PROTOCOL) {
1162                         hostname = sockaddr2hostname(&addr);
1163                         logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1164                         free(hostname);
1165                 }
1166                 return;
1167         }
1168
1169         if(n->status.sptps) {
1170                 pkt.offset = 2 * sizeof(node_id_t);
1171
1172                 if(!memcmp(DSTID(&pkt), &nullid, sizeof nullid)) {
1173                         direct = true;
1174                         from = n;
1175                         to = myself;
1176                 } else {
1177                         from = lookup_node_id(SRCID(&pkt));
1178                         to = lookup_node_id(DSTID(&pkt));
1179                 }
1180                 if(!from || !to) {
1181                         logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from %s (%s) with unknown source and/or destination ID", n->name, n->hostname);
1182                         return;
1183                 }
1184
1185                 if(to != myself) {
1186                         send_sptps_data_priv(to, n, 0, DATA(&pkt), pkt.len - 2 * sizeof(node_id_t));
1187                         return;
1188                 }
1189         } else {
1190                 direct = true;
1191                 from = n;
1192         }
1193
1194         pkt.offset = 0;
1195         if(!receive_udppacket(from, &pkt))
1196                 return;
1197
1198         n->sock = ls - listen_socket;
1199         if(direct && sockaddrcmp(&addr, &n->address))
1200                 update_node_udp(n, &addr);
1201 }
1202
1203 void handle_device_data(void *data, int flags) {
1204         vpn_packet_t packet;
1205         packet.offset = DEFAULT_PACKET_OFFSET;
1206         packet.priority = 0;
1207
1208         if(devops.read(&packet)) {
1209                 myself->in_packets++;
1210                 myself->in_bytes += packet.len;
1211                 route(myself, &packet);
1212         }
1213 }