2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.31 2000/05/29 22:20:04 zarq Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 static int seconds_till_retry;
61 /* The global list of existing connections */
62 conn_list_t *conn_list = NULL;
63 conn_list_t *myself = NULL;
66 strip off the MAC adresses of an ethernet frame
68 void strip_mac_addresses(vpn_packet_t *p)
70 unsigned char tmp[MAXSIZE];
72 memcpy(tmp, p->data, p->len);
74 memcpy(p->data, &tmp[12], p->len);
79 reassemble MAC addresses
81 void add_mac_addresses(vpn_packet_t *p)
83 unsigned char tmp[MAXSIZE];
85 memcpy(&tmp[12], p->data, p->len);
87 tmp[0] = tmp[6] = 0xfe;
88 tmp[1] = tmp[7] = 0xfd;
89 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
90 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
91 memcpy(p->data, &tmp[0], p->len);
95 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sent %d bytes to %lx"), ntohs(rp.len), cl->vpn_ip);
108 if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
110 syslog(LOG_ERR, _("Error sending data: %m"));
114 total_socket_out += r;
121 int xrecv(conn_list_t *cl, void *packet)
126 do_decrypt((real_packet_t*)packet, &vp, cl->key);
127 add_mac_addresses(&vp);
129 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
130 syslog(LOG_ERR, _("Can't write to tap device: %m"));
132 total_tap_out += lenin;
135 cl->last_ping_time = time(NULL);
141 add the given packet of size s to the
142 queue q, be it the send or receive queue
144 void add_queue(packet_queue_t **q, void *packet, size_t s)
149 syslog(LOG_DEBUG, _("packet to queue: %d"), s);
151 e = xmalloc(sizeof(*e));
152 e->packet = xmalloc(s);
153 memcpy(e->packet, packet, s);
157 *q = xmalloc(sizeof(**q));
158 (*q)->head = (*q)->tail = NULL;
161 e->next = NULL; /* We insert at the tail */
163 if((*q)->tail) /* Do we have a tail? */
165 (*q)->tail->next = e;
166 e->prev = (*q)->tail;
168 else /* No tail -> no head too */
178 /* Remove a queue element */
179 void del_queue(packet_queue_t **q, queue_element_t *e)
184 if(e->next) /* There is a successor, so we are not tail */
186 if(e->prev) /* There is a predecessor, so we are not head */
188 e->next->prev = e->prev;
189 e->prev->next = e->next;
191 else /* We are head */
193 e->next->prev = NULL;
194 (*q)->head = e->next;
197 else /* We are tail (or all alone!) */
199 if(e->prev) /* We are not alone :) */
201 e->prev->next = NULL;
202 (*q)->tail = e->prev;
216 flush a queue by calling function for
217 each packet, and removing it when that
218 returned a zero exit code
220 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
221 int (*function)(conn_list_t*,void*))
223 queue_element_t *p, *next = NULL;
225 for(p = (*pq)->head; p != NULL; )
229 if(!function(cl, p->packet))
236 syslog(LOG_DEBUG, _("queue flushed"));
241 flush the send&recv queues
242 void because nothing goes wrong here, packets
243 remain in the queue if something goes wrong
245 void flush_queues(conn_list_t *cl)
251 syslog(LOG_DEBUG, _("Flushing send queue for " IP_ADDR_S),
252 IP_ADDR_V(cl->vpn_ip));
253 flush_queue(cl, &(cl->sq), xsend);
259 syslog(LOG_DEBUG, _("Flushing receive queue for " IP_ADDR_S),
260 IP_ADDR_V(cl->vpn_ip));
261 flush_queue(cl, &(cl->rq), xrecv);
267 send a packet to the given vpn ip.
269 int send_packet(ip_t to, vpn_packet_t *packet)
273 if((cl = lookup_conn(to)) == NULL)
277 syslog(LOG_NOTICE, _("trying to look up " IP_ADDR_S " in connection list failed."),
280 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
282 { /* No open outgoing connection has been found. */
284 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to."));
289 if(my_key_expiry <= time(NULL))
292 if(!cl->status.dataopen)
293 if(setup_vpn_connection(cl) < 0)
296 if(!cl->status.validkey)
298 add_queue(&(cl->sq), packet, packet->len + 2);
299 if(!cl->status.waitingforkey)
300 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
304 if(!cl->status.active)
306 add_queue(&(cl->sq), packet, packet->len + 2);
308 syslog(LOG_INFO, _(IP_ADDR_S " is not ready, queueing packet."), IP_ADDR_V(cl->vpn_ip));
309 return 0; /* We don't want to mess up, do we? */
312 /* can we send it? can we? can we? huh? */
314 return xsend(cl, packet);
318 open the local ethertap device
320 int setup_tap_fd(void)
323 const char *tapfname;
326 if((cfg = get_config_val(tapdevice)) == NULL)
327 tapfname = "/dev/tap0";
329 tapfname = cfg->data.ptr;
331 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
333 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
343 set up the socket that we listen on for incoming
346 int setup_listen_meta_socket(int port)
349 struct sockaddr_in a;
352 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
354 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
358 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
360 syslog(LOG_ERR, _("setsockopt: %m"));
364 flags = fcntl(nfd, F_GETFL);
365 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
367 syslog(LOG_ERR, _("fcntl: %m"));
371 memset(&a, 0, sizeof(a));
372 a.sin_family = AF_INET;
373 a.sin_port = htons(port);
374 a.sin_addr.s_addr = htonl(INADDR_ANY);
376 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
378 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
384 syslog(LOG_ERR, _("listen: %m"));
392 setup the socket for incoming encrypted
395 int setup_vpn_in_socket(int port)
398 struct sockaddr_in a;
401 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
403 syslog(LOG_ERR, _("Creating socket failed: %m"));
407 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
409 syslog(LOG_ERR, _("setsockopt: %m"));
413 flags = fcntl(nfd, F_GETFL);
414 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
416 syslog(LOG_ERR, _("fcntl: %m"));
420 memset(&a, 0, sizeof(a));
421 a.sin_family = AF_INET;
422 a.sin_port = htons(port);
423 a.sin_addr.s_addr = htonl(INADDR_ANY);
425 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
427 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
435 setup an outgoing meta (tcp) socket
437 int setup_outgoing_meta_socket(conn_list_t *cl)
440 struct sockaddr_in a;
443 if((cfg = get_config_val(upstreamport)) == NULL)
446 cl->port = cfg->data.val;
448 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
449 if(cl->meta_socket == -1)
451 syslog(LOG_ERR, _("Creating socket failed: %m"));
455 a.sin_family = AF_INET;
456 a.sin_port = htons(cl->port);
457 a.sin_addr.s_addr = htonl(cl->real_ip);
459 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
461 syslog(LOG_ERR, _(IP_ADDR_S ":%d: %m"), IP_ADDR_V(cl->real_ip), cl->port);
465 flags = fcntl(cl->meta_socket, F_GETFL);
466 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
468 syslog(LOG_ERR, _("fcntl: %m"));
472 cl->hostname = hostlookup(htonl(cl->real_ip));
474 syslog(LOG_INFO, _("Connected to %s:%hd"), cl->hostname, cl->port);
480 setup an outgoing connection. It's not
481 necessary to also open an udp socket as
482 well, because the other host will initiate
483 an authentication sequence during which
484 we will do just that.
486 int setup_outgoing_connection(ip_t ip)
490 ncn = new_conn_list();
493 if(setup_outgoing_meta_socket(ncn) < 0)
495 syslog(LOG_ERR, _("Could not set up a meta connection."));
496 free_conn_element(ncn);
500 ncn->status.meta = 1;
501 ncn->status.outgoing = 1;
502 ncn->next = conn_list;
509 set up the local sockets (listen only)
511 int setup_myself(void)
515 myself = new_conn_list();
517 if(!(cfg = get_config_val(myvpnip)))
519 syslog(LOG_ERR, _("No value for my VPN IP given"));
523 myself->vpn_ip = cfg->data.ip->ip;
524 myself->vpn_mask = cfg->data.ip->mask;
526 if(!(cfg = get_config_val(listenport)))
529 myself->port = cfg->data.val;
531 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
533 syslog(LOG_ERR, _("Unable to set up a listening socket"));
537 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
539 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
540 close(myself->meta_socket);
544 myself->status.active = 1;
546 syslog(LOG_NOTICE, _("Ready: listening on port %d."), myself->port);
552 sigalrm_handler(int a)
556 cfg = get_config_val(upstreamip);
558 if(!setup_outgoing_connection(cfg->data.ip->ip))
560 signal(SIGALRM, SIG_IGN);
564 signal(SIGALRM, sigalrm_handler);
565 seconds_till_retry += 5;
566 if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */
567 seconds_till_retry = 300;
568 alarm(seconds_till_retry);
569 syslog(LOG_ERR, _("Still failed to connect to other. Will retry in %d seconds."),
576 setup all initial network connections
578 int setup_network_connections(void)
582 if((cfg = get_config_val(pingtimeout)) == NULL)
585 timeout = cfg->data.val;
587 if(setup_tap_fd() < 0)
590 if(setup_myself() < 0)
593 if((cfg = get_config_val(upstreamip)) == NULL)
594 /* No upstream IP given, we're listen only. */
597 if(setup_outgoing_connection(cfg->data.ip->ip))
599 signal(SIGALRM, sigalrm_handler);
600 seconds_till_retry = 300;
601 alarm(seconds_till_retry);
602 syslog(LOG_NOTICE, _("Try to re-establish outgoing connection in 5 minutes."));
609 close all open network connections
611 void close_network_connections(void)
615 for(p = conn_list; p != NULL; p = p->next)
617 if(p->status.dataopen)
619 shutdown(p->socket, 0); /* No more receptions */
625 shutdown(p->meta_socket, 0); /* No more receptions */
626 close(p->meta_socket);
631 if(myself->status.active)
633 close(myself->meta_socket);
634 close(myself->socket);
640 syslog(LOG_NOTICE, _("Terminating."));
646 create a data (udp) socket
648 int setup_vpn_connection(conn_list_t *cl)
651 struct sockaddr_in a;
654 syslog(LOG_DEBUG, _("Opening UDP socket to " IP_ADDR_S), IP_ADDR_V(cl->real_ip));
656 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
659 syslog(LOG_ERR, _("Creating data socket failed: %m"));
663 a.sin_family = AF_INET;
664 a.sin_port = htons(cl->port);
665 a.sin_addr.s_addr = htonl(cl->real_ip);
667 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
669 syslog(LOG_ERR, _("Connecting to " IP_ADDR_S ":%d failed: %m"),
670 IP_ADDR_V(cl->real_ip), cl->port);
674 flags = fcntl(nfd, F_GETFL);
675 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
677 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, nfd);
682 cl->status.dataopen = 1;
688 handle an incoming tcp connect call and open
691 conn_list_t *create_new_connection(int sfd)
694 struct sockaddr_in ci;
695 int len = sizeof(ci);
699 if(getpeername(sfd, &ci, &len) < 0)
701 syslog(LOG_ERR, _("Error: getpeername: %m"));
705 p->hostname = hostlookup(ci.sin_addr.s_addr);
706 p->real_ip = ntohl(ci.sin_addr.s_addr);
707 p->meta_socket = sfd;
710 p->last_ping_time = time(NULL);
713 syslog(LOG_NOTICE, _("Connection from %s:%d"), p->hostname, htons(ci.sin_port));
715 if(send_basic_info(p) < 0)
725 put all file descriptors in an fd_set array
727 void build_fdset(fd_set *fs)
733 for(p = conn_list; p != NULL; p = p->next)
736 FD_SET(p->meta_socket, fs);
737 if(p->status.dataopen)
738 FD_SET(p->socket, fs);
741 FD_SET(myself->meta_socket, fs);
742 FD_SET(myself->socket, fs);
748 receive incoming data from the listening
749 udp socket and write it to the ethertap
750 device after being decrypted
752 int handle_incoming_vpn_data(conn_list_t *cl)
756 int x, l = sizeof(x);
759 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
761 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->socket);
766 syslog(LOG_ERR, _("Incoming data socket error: %s"), sys_errlist[x]);
771 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
774 syslog(LOG_ERR, _("Receiving data failed: %m"));
777 total_socket_in += lenin;
779 rp.data.len = ntohs(rp.data.len);
780 rp.len = ntohs(rp.len);
781 rp.from = ntohl(rp.from);
785 f = lookup_conn(rp.from);
787 syslog(LOG_DEBUG, _("packet from " IP_ADDR_S " (len %d)"),
788 IP_ADDR_V(rp.from), rp.len);
791 syslog(LOG_ERR, _("Got packet from unknown source " IP_ADDR_S),
796 if(f->status.validkey)
800 add_queue(&(f->rq), &rp, rp.len);
801 if(!cl->status.waitingforkey)
802 send_key_request(rp.from);
805 if(my_key_expiry <= time(NULL))
813 terminate a connection and notify the other
814 end before closing the sockets
816 void terminate_connection(conn_list_t *cl)
819 if(cl->status.remove)
823 syslog(LOG_NOTICE, _("Closing connection with %s."), cl->hostname);
825 if(cl->status.timeout)
827 else if(!cl->status.termreq)
832 close(cl->meta_socket);
834 if(cl->status.outgoing)
836 signal(SIGALRM, sigalrm_handler);
837 seconds_till_retry = 5;
838 alarm(seconds_till_retry);
839 syslog(LOG_NOTICE, _("Try to re-establish outgoing connection in 5 seconds."));
842 cl->status.active = 0;
843 cl->status.remove = 1;
848 Check if the other end is active.
849 If we have sent packets, but didn't receive any,
850 then possibly the other end is dead. We send a
851 PING request over the meta connection. If the other
852 end does not reply in time, we consider them dead
853 and close the connection.
855 int check_dead_connections(void)
861 for(p = conn_list; p != NULL; p = p->next)
865 if(p->status.active && p->status.meta)
867 if(p->last_ping_time + timeout < now)
869 if(p->status.pinged && !p->status.got_pong)
871 syslog(LOG_INFO, _("%s (" IP_ADDR_S ") didn't respond to ping"),
872 p->hostname, IP_ADDR_V(p->vpn_ip));
873 p->status.timeout = 1;
874 terminate_connection(p);
876 else if(p->want_ping)
879 p->last_ping_time = now;
880 p->status.pinged = 1;
881 p->status.got_pong = 0;
891 accept a new tcp connect and create a
894 int handle_new_meta_connection(conn_list_t *cl)
897 struct sockaddr client;
898 int nfd, len = sizeof(client);
900 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
902 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
906 if((ncn = create_new_connection(nfd)) == NULL)
910 syslog(LOG_NOTICE, _("Closed attempted connection."));
914 ncn->status.meta = 1;
915 ncn->next = conn_list;
922 dispatch any incoming meta requests
924 int handle_incoming_meta_data(conn_list_t *cl)
926 int x, l = sizeof(x);
927 int request, oldlen, i;
930 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
932 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->meta_socket);
937 syslog(LOG_ERR, _("Metadata socket error: %s"), sys_errlist[x]);
941 if(cl->buflen >= MAXBUFSIZE)
943 syslog(LOG_ERR, _("Metadata read buffer overflow."));
947 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
951 syslog(LOG_ERR, _("Metadata socket read error: %m"));
962 for(i = oldlen; i < cl->buflen; i++)
964 if(cl->buffer[i] == '\n')
966 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
974 if(sscanf(cl->buffer, "%d", &request) == 1)
976 if((request < 0 || request > 255) || request_handlers[request] == NULL)
978 syslog(LOG_ERR, _("Unknown request: %s"), cl->buffer);
983 syslog(LOG_DEBUG, _("Got request: %s"), cl->buffer);
985 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
987 syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S), IP_ADDR_V(cl->real_ip));
993 syslog(LOG_ERR, _("Bogus data received."));
997 cl->buflen -= cl->reqlen;
998 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1007 cl->last_ping_time = time(NULL);
1014 check all connections to see if anything
1015 happened on their sockets
1017 void check_network_activity(fd_set *f)
1020 int x, l = sizeof(x);
1022 for(p = conn_list; p != NULL; p = p->next)
1024 if(p->status.remove)
1027 if(p->status.dataopen)
1028 if(FD_ISSET(p->socket, f))
1031 The only thing that can happen to get us here is apparently an
1032 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1033 something that will not trigger an error directly on send()).
1034 I've once got here when it said `No route to host'.
1036 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1037 syslog(LOG_ERR, _("Outgoing data socket error: %s"), sys_errlist[x]);
1038 terminate_connection(p);
1043 if(FD_ISSET(p->meta_socket, f))
1044 if(handle_incoming_meta_data(p) < 0)
1046 terminate_connection(p);
1051 if(FD_ISSET(myself->socket, f))
1052 handle_incoming_vpn_data(myself);
1054 if(FD_ISSET(myself->meta_socket, f))
1055 handle_new_meta_connection(myself);
1060 read, encrypt and send data that is
1061 available through the ethertap device
1063 void handle_tap_input(void)
1067 int ether_type, lenin;
1069 memset(&vp, 0, sizeof(vp));
1070 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1072 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1076 total_tap_in += lenin;
1078 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1079 if(ether_type != 0x0800)
1082 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1083 ether_type, MAC_ADDR_V(vp.data[6]));
1090 syslog(LOG_INFO, _("Dropping short packet"));
1094 from = ntohl(*((unsigned long*)(&vp.data[26])));
1095 to = ntohl(*((unsigned long*)(&vp.data[30])));
1098 syslog(LOG_DEBUG, _("An IP packet (%04x) for " IP_ADDR_S " from " IP_ADDR_S),
1099 ether_type, IP_ADDR_V(to), IP_ADDR_V(from));
1101 syslog(LOG_DEBUG, _(MAC_ADDR_S " to " MAC_ADDR_S),
1102 MAC_ADDR_V(vp.data[0]), MAC_ADDR_V(vp.data[6]));
1104 vp.len = (length_t)lenin - 2;
1106 strip_mac_addresses(&vp);
1108 send_packet(to, &vp);
1113 this is where it all happens...
1115 void main_loop(void)
1120 time_t last_ping_check;
1122 last_ping_check = time(NULL);
1126 tv.tv_sec = timeout;
1132 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1134 if(errno == EINTR) /* because of alarm */
1136 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1140 if(last_ping_check + timeout < time(NULL))
1141 /* Let's check if everybody is still alive */
1143 check_dead_connections();
1144 last_ping_check = time(NULL);
1148 check_network_activity(&fset);
1150 /* local tap data */
1151 if(FD_ISSET(tap_fd, &fset))
projects / tinc / blob