2 net.c -- most of the network code
3 Copyright (C) 1998-2001 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000,2001 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.91 2001/01/07 17:08:58 guus Exp $
28 #include <netinet/in.h>
32 #include <sys/signal.h>
34 #include <sys/types.h>
37 #include <sys/ioctl.h>
38 /* SunOS really wants sys/socket.h BEFORE net/if.h,
39 and FreeBSD wants these lines below the rest. */
40 #include <arpa/inet.h>
41 #include <sys/socket.h>
44 #ifdef HAVE_OPENSSL_RAND_H
45 # include <openssl/rand.h>
50 #ifdef HAVE_OPENSSL_EVP_H
51 # include <openssl/evp.h>
56 #ifdef HAVE_OPENSSL_ERR_H
57 # include <openssl/err.h>
62 #ifdef HAVE_OPENSSL_PEM_H
63 # include <openssl/pem.h>
69 #include LINUX_IF_TUN_H
78 #include "connection.h"
89 int taptype = TAP_TYPE_ETHERTAP;
91 int total_tap_out = 0;
92 int total_socket_in = 0;
93 int total_socket_out = 0;
95 config_t *upstreamcfg;
96 static int seconds_till_retry;
101 char *unknown = NULL;
105 int xsend(connection_t *cl, vpn_packet_t *inpkt)
110 struct sockaddr_in to;
111 socklen_t tolen = sizeof(to);
113 outpkt.len = inpkt->len;
115 /* Encrypt the packet */
117 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
118 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
119 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
120 outlen += outpad + 2;
123 outlen = outpkt.len + 2;
124 memcpy(&outpkt, inpkt, outlen);
127 if(debug_lvl >= DEBUG_TRAFFIC)
128 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
129 outlen, cl->name, cl->hostname);
131 total_socket_out += outlen;
133 to.sin_family = AF_INET;
134 to.sin_addr.s_addr = htonl(cl->address);
135 to.sin_port = htons(cl->port);
137 if((sendto(myself->socket, (char *) &(outpkt.len), outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
139 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
140 cl->name, cl->hostname);
147 int xrecv(connection_t *cl, vpn_packet_t *inpkt)
153 outpkt.len = inpkt->len;
155 /* Decrypt the packet */
157 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
158 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
159 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
163 outlen = outpkt.len+2;
164 memcpy(&outpkt, inpkt, outlen);
167 if(debug_lvl >= DEBUG_TRAFFIC)
168 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
171 /* Fix mac address */
173 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
175 if(taptype == TAP_TYPE_TUNTAP)
177 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
178 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
180 total_tap_out += outpkt.len;
184 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
185 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
187 total_tap_out += outpkt.len + 2;
194 send a packet to the given vpn ip.
196 int send_packet(ip_t to, vpn_packet_t *packet)
201 if((subnet = lookup_subnet_ipv4(&to)) == NULL)
203 if(debug_lvl >= DEBUG_TRAFFIC)
205 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
216 if(debug_lvl >= DEBUG_TRAFFIC)
218 syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"),
225 if(!cl->status.active)
227 if(debug_lvl >= DEBUG_TRAFFIC)
228 syslog(LOG_INFO, _("%s (%s) is not active, dropping packet"),
229 cl->name, cl->hostname);
234 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
236 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
238 if(!cl->status.validkey)
240 if(debug_lvl >= DEBUG_TRAFFIC)
241 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
242 cl->name, cl->hostname);
244 list_insert_tail(cl->queue, packet);
246 if(!cl->status.waitingforkey)
247 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
251 /* can we send it? can we? can we? huh? */
253 return xsend(cl, packet);
256 void flush_queue(connection_t *cl)
258 list_node_t *node, *next;
260 if(debug_lvl >= DEBUG_TRAFFIC)
261 syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname);
263 for(node = cl->queue->head; node; node = next)
266 xsend(cl, (vpn_packet_t *)node->data);
267 list_delete_node(cl->queue, node);
272 open the local ethertap device
274 int setup_tap_fd(void)
277 const char *tapfname;
286 if((cfg = get_config_val(config, config_tapdevice)))
287 tapfname = cfg->data.ptr;
292 tapfname = "/dev/misc/net/tun";
294 tapfname = "/dev/tap0";
298 tapfname = "/dev/tap0";
301 tapfname = "/dev/tun";
305 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
307 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
313 taptype = TAP_TYPE_ETHERTAP;
315 /* Set default MAC address for ethertap devices */
317 mymac.type = SUBNET_MAC;
318 mymac.net.mac.address.x[0] = 0xfe;
319 mymac.net.mac.address.x[1] = 0xfd;
320 mymac.net.mac.address.x[2] = 0x00;
321 mymac.net.mac.address.x[3] = 0x00;
322 mymac.net.mac.address.x[4] = 0x00;
323 mymac.net.mac.address.x[5] = 0x00;
327 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
328 memset(&ifr, 0, sizeof(ifr));
330 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
332 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
334 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
336 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
337 taptype = TAP_TYPE_TUNTAP;
342 taptype = TAP_TYPE_TUNTAP;
349 set up the socket that we listen on for incoming
352 int setup_listen_meta_socket(int port)
355 struct sockaddr_in a;
359 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
361 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
365 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
368 syslog(LOG_ERR, _("System call `%s' failed: %m"),
373 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
376 syslog(LOG_ERR, _("System call `%s' failed: %m"),
381 flags = fcntl(nfd, F_GETFL);
382 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
385 syslog(LOG_ERR, _("System call `%s' failed: %m"),
390 if((cfg = get_config_val(config, config_interface)))
392 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
395 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
400 memset(&a, 0, sizeof(a));
401 a.sin_family = AF_INET;
402 a.sin_port = htons(port);
404 if((cfg = get_config_val(config, config_interfaceip)))
405 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
407 a.sin_addr.s_addr = htonl(INADDR_ANY);
409 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
412 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
419 syslog(LOG_ERR, _("System call `%s' failed: %m"),
428 setup the socket for incoming encrypted
431 int setup_vpn_in_socket(int port)
434 struct sockaddr_in a;
437 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
440 syslog(LOG_ERR, _("Creating socket failed: %m"));
444 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
447 syslog(LOG_ERR, _("System call `%s' failed: %m"),
452 flags = fcntl(nfd, F_GETFL);
453 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
456 syslog(LOG_ERR, _("System call `%s' failed: %m"),
461 memset(&a, 0, sizeof(a));
462 a.sin_family = AF_INET;
463 a.sin_port = htons(port);
464 a.sin_addr.s_addr = htonl(INADDR_ANY);
466 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
469 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
477 setup an outgoing meta (tcp) socket
479 int setup_outgoing_meta_socket(connection_t *cl)
482 struct sockaddr_in a;
485 if(debug_lvl >= DEBUG_CONNECTIONS)
486 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
488 if((cfg = get_config_val(cl->config, config_port)) == NULL)
491 cl->port = cfg->data.val;
493 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
494 if(cl->meta_socket == -1)
496 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
497 cl->hostname, cl->port);
501 /* Bind first to get a fix on our source port */
503 a.sin_family = AF_INET;
504 a.sin_port = htons(0);
505 a.sin_addr.s_addr = htonl(INADDR_ANY);
507 if(bind(cl->meta_socket, (struct sockaddr *)&a, sizeof(struct sockaddr)))
509 close(cl->meta_socket);
510 syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind");
514 a.sin_family = AF_INET;
515 a.sin_port = htons(cl->port);
516 a.sin_addr.s_addr = htonl(cl->address);
518 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
520 close(cl->meta_socket);
521 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
525 flags = fcntl(cl->meta_socket, F_GETFL);
526 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
528 close(cl->meta_socket);
529 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
530 cl->hostname, cl->port);
534 if(debug_lvl >= DEBUG_CONNECTIONS)
535 syslog(LOG_INFO, _("Connected to %s port %hd"),
536 cl->hostname, cl->port);
544 Setup an outgoing meta connection.
546 int setup_outgoing_connection(char *name)
554 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
558 ncn = new_connection();
559 asprintf(&ncn->name, "%s", name);
561 if(read_host_config(ncn))
563 syslog(LOG_ERR, _("Error reading host configuration file for %s"), ncn->name);
564 free_connection(ncn);
568 if(!(cfg = get_config_val(ncn->config, config_address)))
570 syslog(LOG_ERR, _("No address specified for %s"), ncn->name);
571 free_connection(ncn);
575 if(!(h = gethostbyname(cfg->data.ptr)))
577 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
578 free_connection(ncn);
582 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
583 ncn->hostname = hostlookup(htonl(ncn->address));
585 if(setup_outgoing_meta_socket(ncn) < 0)
587 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
589 free_connection(ncn);
593 ncn->status.outgoing = 1;
594 ncn->buffer = xmalloc(MAXBUFSIZE);
596 ncn->last_ping_time = time(NULL);
605 int read_rsa_public_key(connection_t *cl)
612 cl->rsa_key = RSA_new();
614 if((cfg = get_config_val(cl->config, config_publickey)))
616 BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
617 BN_hex2bn(&cl->rsa_key->e, "FFFF");
619 else if((cfg = get_config_val(cl->config, config_publickeyfile)))
621 if(is_safe_path(cfg->data.ptr))
623 if((fp = fopen(cfg->data.ptr, "r")) == NULL)
625 syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
629 result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
633 syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"),
643 syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
650 int read_rsa_private_key(void)
657 myself->rsa_key = RSA_new();
659 if((cfg = get_config_val(config, config_privatekey)))
661 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
662 BN_hex2bn(&myself->rsa_key->e, "FFFF");
664 else if((cfg = get_config_val(config, config_privatekeyfile)))
666 if((fp = fopen(cfg->data.ptr, "r")) == NULL)
668 syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
672 result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL);
676 syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
683 syslog(LOG_ERR, _("No private key for tinc daemon specified!"));
691 Configure connection_t myself and set up the local sockets (listen only)
693 int setup_myself(void)
699 myself = new_connection();
701 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
703 myself->protocol_version = PROT_CURRENT;
705 if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */
707 syslog(LOG_ERR, _("Name for tinc daemon required!"));
711 asprintf(&myself->name, "%s", (char*)cfg->data.val);
713 if(check_id(myself->name))
715 syslog(LOG_ERR, _("Invalid name for myself!"));
719 if(read_rsa_private_key())
722 if(read_host_config(myself))
724 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
728 if(read_rsa_public_key(myself))
733 if(RSA_check_key(myself->rsa_key) != 1)
735 syslog(LOG_ERR, _("Invalid public/private keypair!"));
739 if(!(cfg = get_config_val(myself->config, config_port)))
742 myself->port = cfg->data.val;
744 if((cfg = get_config_val(myself->config, config_indirectdata)))
745 if(cfg->data.val == stupid_true)
746 myself->flags |= EXPORTINDIRECTDATA;
748 if((cfg = get_config_val(myself->config, config_tcponly)))
749 if(cfg->data.val == stupid_true)
750 myself->flags |= TCPONLY;
752 /* Read in all the subnets specified in the host configuration file */
754 for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next)
757 net->type = SUBNET_IPV4;
758 net->net.ipv4.address = cfg->data.ip->address;
759 net->net.ipv4.mask = cfg->data.ip->mask;
761 /* Teach newbies what subnets are... */
763 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
765 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
769 subnet_add(myself, net);
772 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
774 syslog(LOG_ERR, _("Unable to set up a listening TCP socket!"));
778 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
780 syslog(LOG_ERR, _("Unable to set up a listening UDP socket!"));
784 /* Generate packet encryption key */
786 myself->cipher_pkttype = EVP_bf_cfb();
788 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
790 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
791 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
793 if(!(cfg = get_config_val(config, config_keyexpire)))
796 keylifetime = cfg->data.val;
798 keyexpires = time(NULL) + keylifetime;
800 /* Activate ourselves */
802 myself->status.active = 1;
804 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
810 sigalrm_handler(int a)
814 cfg = get_config_val(upstreamcfg, config_connectto);
816 if(!cfg && upstreamcfg == config)
817 /* No upstream IP given, we're listen only. */
822 upstreamcfg = cfg->next;
823 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
825 signal(SIGALRM, SIG_IGN);
828 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
831 signal(SIGALRM, sigalrm_handler);
832 upstreamcfg = config;
833 seconds_till_retry += 5;
834 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
835 seconds_till_retry = MAXTIMEOUT;
836 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
838 alarm(seconds_till_retry);
843 setup all initial network connections
845 int setup_network_connections(void)
852 if((cfg = get_config_val(config, config_pingtimeout)) == NULL)
856 timeout = cfg->data.val;
863 if(setup_tap_fd() < 0)
866 /* Run tinc-up script to further initialize the tap interface */
867 execute_script("tinc-up");
869 if(setup_myself() < 0)
872 if(!(cfg = get_config_val(config, config_connectto)))
873 /* No upstream IP given, we're listen only. */
878 upstreamcfg = cfg->next;
879 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
881 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
884 signal(SIGALRM, sigalrm_handler);
885 upstreamcfg = config;
886 seconds_till_retry = MAXTIMEOUT;
887 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
888 alarm(seconds_till_retry);
894 close all open network connections
896 void close_network_connections(void)
901 for(node = connection_tree->head; node; node = node->next)
903 p = (connection_t *)node->data;
904 p->status.active = 0;
905 terminate_connection(p);
909 if(myself->status.active)
911 close(myself->meta_socket);
912 free_connection(myself);
918 /* Execute tinc-down script right after shutting down the interface */
919 execute_script("tinc-down");
921 destroy_connection_tree();
927 create a data (udp) socket
928 OBSOLETED: use only one listening socket for compatibility with non-Linux operating systems
930 int setup_vpn_connection(connection_t *cl)
933 struct sockaddr_in a;
936 if(debug_lvl >= DEBUG_TRAFFIC)
937 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
939 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
942 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
946 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
949 syslog(LOG_ERR, _("System call `%s' failed: %m"),
954 flags = fcntl(nfd, F_GETFL);
955 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
958 syslog(LOG_ERR, _("System call `%s' failed: %m"),
963 memset(&a, 0, sizeof(a));
964 a.sin_family = AF_INET;
965 a.sin_port = htons(myself->port);
966 a.sin_addr.s_addr = htonl(INADDR_ANY);
968 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
971 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port);
975 a.sin_family = AF_INET;
976 a.sin_port = htons(cl->port);
977 a.sin_addr.s_addr = htonl(cl->address);
979 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
982 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
983 cl->hostname, cl->port);
987 flags = fcntl(nfd, F_GETFL);
988 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
991 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
992 cl->name, cl->hostname);
997 cl->status.dataopen = 1;
1003 handle an incoming tcp connect call and open
1006 connection_t *create_new_connection(int sfd)
1009 struct sockaddr_in ci;
1010 int len = sizeof(ci);
1012 p = new_connection();
1014 if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0)
1016 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1022 p->address = ntohl(ci.sin_addr.s_addr);
1023 p->hostname = hostlookup(ci.sin_addr.s_addr);
1024 p->port = htons(ci.sin_port); /* This one will be overwritten later */
1025 p->meta_socket = sfd;
1027 p->buffer = xmalloc(MAXBUFSIZE);
1029 p->last_ping_time = time(NULL);
1031 if(debug_lvl >= DEBUG_CONNECTIONS)
1032 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1033 p->hostname, htons(ci.sin_port));
1035 p->allow_request = ID;
1041 put all file descriptors in an fd_set array
1043 void build_fdset(fd_set *fs)
1050 FD_SET(myself->socket, fs);
1052 for(node = connection_tree->head; node; node = node->next)
1054 p = (connection_t *)node->data;
1056 FD_SET(p->meta_socket, fs);
1059 FD_SET(myself->meta_socket, fs);
1065 receive incoming data from the listening
1066 udp socket and write it to the ethertap
1067 device after being decrypted
1069 int handle_incoming_vpn_data(void)
1072 int x, l = sizeof(x);
1074 struct sockaddr_in from;
1075 socklen_t fromlen = sizeof(from);
1078 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1080 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1081 __FILE__, __LINE__, myself->socket);
1086 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1090 if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0)
1092 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1096 cl = lookup_connection(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
1100 syslog(LOG_WARNING, _("Received UDP packets on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
1104 if(debug_lvl >= DEBUG_TRAFFIC)
1106 syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin,
1107 cl->name, cl->hostname);
1111 return xrecv(cl, &pkt);
1115 terminate a connection and notify the other
1116 end before closing the sockets
1118 void terminate_connection(connection_t *cl)
1122 avl_node_t *node, *next;
1124 if(cl->status.remove)
1127 cl->status.remove = 1;
1129 if(debug_lvl >= DEBUG_CONNECTIONS)
1130 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1131 cl->name, cl->hostname);
1136 close(cl->meta_socket);
1138 /* Find all connections that were lost because they were behind cl
1139 (the connection that was dropped). */
1142 for(node = connection_tree->head; node; node = node->next)
1144 p = (connection_t *)node->data;
1145 if(p->nexthop == cl && p != cl)
1146 terminate_connection(p);
1149 /* Inform others of termination if it was still active */
1151 if(cl->status.active)
1152 for(node = connection_tree->head; node; node = node->next)
1154 p = (connection_t *)node->data;
1155 if(p->status.meta && p->status.active && p!=cl)
1156 send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */
1159 /* Remove the associated subnets */
1161 for(node = cl->subnet_tree->head; node; node = next)
1164 subnet = (subnet_t *)node->data;
1168 /* Check if this was our outgoing connection */
1170 if(cl->status.outgoing && cl->status.active)
1172 signal(SIGALRM, sigalrm_handler);
1173 seconds_till_retry = 5;
1174 alarm(seconds_till_retry);
1175 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1180 cl->status.active = 0;
1185 Check if the other end is active.
1186 If we have sent packets, but didn't receive any,
1187 then possibly the other end is dead. We send a
1188 PING request over the meta connection. If the other
1189 end does not reply in time, we consider them dead
1190 and close the connection.
1192 void check_dead_connections(void)
1200 for(node = connection_tree->head; node; node = node->next)
1202 cl = (connection_t *)node->data;
1203 if(cl->status.active && cl->status.meta)
1205 if(cl->last_ping_time + timeout < now)
1207 if(cl->status.pinged)
1209 if(debug_lvl >= DEBUG_PROTOCOL)
1210 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1211 cl->name, cl->hostname);
1212 cl->status.timeout = 1;
1213 terminate_connection(cl);
1226 accept a new tcp connect and create a
1229 int handle_new_meta_connection()
1232 struct sockaddr client;
1233 int nfd, len = sizeof(client);
1235 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1237 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1241 if(!(ncn = create_new_connection(nfd)))
1245 syslog(LOG_NOTICE, _("Closed attempted connection"));
1249 connection_add(ncn);
1255 check all connections to see if anything
1256 happened on their sockets
1258 void check_network_activity(fd_set *f)
1263 if(FD_ISSET(myself->socket, f))
1264 handle_incoming_vpn_data();
1266 for(node = connection_tree->head; node; node = node->next)
1268 p = (connection_t *)node->data;
1270 if(p->status.remove)
1274 if(FD_ISSET(p->meta_socket, f))
1275 if(receive_meta(p) < 0)
1277 terminate_connection(p);
1282 if(FD_ISSET(myself->meta_socket, f))
1283 handle_new_meta_connection();
1288 read, encrypt and send data that is
1289 available through the ethertap device
1291 void handle_tap_input(void)
1296 if(taptype == TAP_TYPE_TUNTAP)
1298 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1300 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1307 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1309 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1315 total_tap_in += lenin;
1319 if(debug_lvl >= DEBUG_TRAFFIC)
1320 syslog(LOG_WARNING, _("Received short packet from tap device"));
1324 if(debug_lvl >= DEBUG_TRAFFIC)
1326 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1329 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1334 this is where it all happens...
1336 void main_loop(void)
1341 time_t last_ping_check;
1344 last_ping_check = time(NULL);
1348 tv.tv_sec = timeout;
1351 prune_connection_tree();
1354 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1356 if(errno != EINTR) /* because of alarm */
1358 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1365 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1367 close_network_connections();
1368 clear_config(&config);
1370 if(read_server_config())
1372 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1378 if(setup_network_connections())
1386 /* Let's check if everybody is still alive */
1388 if(last_ping_check + timeout < t)
1390 check_dead_connections();
1391 last_ping_check = time(NULL);
1393 /* Should we regenerate our key? */
1397 if(debug_lvl >= DEBUG_STATUS)
1398 syslog(LOG_INFO, _("Regenerating symmetric key"));
1400 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1401 send_key_changed(myself, NULL);
1402 keyexpires = time(NULL) + keylifetime;
1408 check_network_activity(&fset);
1410 /* local tap data */
1411 if(FD_ISSET(tap_fd, &fset))
projects / tinc / blob