2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.46 2000/10/28 16:41:38 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
43 #include LINUX_IF_TUN_H
61 int total_tap_out = 0;
62 int total_socket_in = 0;
63 int total_socket_out = 0;
65 config_t *upstreamcfg;
66 static int seconds_till_retry;
71 strip off the MAC adresses of an ethernet frame
73 void strip_mac_addresses(vpn_packet_t *p)
76 memmove(p->data, p->data + 12, p->len -= 12);
81 reassemble MAC addresses
83 void add_mac_addresses(vpn_packet_t *p)
86 memcpy(p->data + 12, p->data, p->len);
88 p->data[0] = p->data[6] = 0xfe;
89 p->data[1] = p->data[7] = 0xfd;
90 /* Really evil pointer stuff just below! */
91 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
92 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
96 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
101 outpkt.len = inpkt->len;
102 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
103 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
104 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
107 if(debug_lvl >= DEBUG_TRAFFIC)
108 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
109 outlen, cl->name, cl->hostname);
111 total_socket_out += outlen;
115 if((send(cl->socket, (char *) &(outpkt.len), outlen + 2, 0)) < 0)
117 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
118 cl->name, cl->hostname);
125 int xrecv(vpn_packet_t *inpkt)
130 outpkt.len = inpkt->len;
131 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
132 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
133 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
137 add_mac_addresses(&outpkt);
140 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
141 syslog(LOG_ERR, _("Can't write to tap device: %m"));
143 total_tap_out += outpkt.len;
149 add the given packet of size s to the
150 queue q, be it the send or receive queue
152 void add_queue(packet_queue_t **q, void *packet, size_t s)
156 e = xmalloc(sizeof(*e));
157 e->packet = xmalloc(s);
158 memcpy(e->packet, packet, s);
162 *q = xmalloc(sizeof(**q));
163 (*q)->head = (*q)->tail = NULL;
166 e->next = NULL; /* We insert at the tail */
168 if((*q)->tail) /* Do we have a tail? */
170 (*q)->tail->next = e;
171 e->prev = (*q)->tail;
173 else /* No tail -> no head too */
183 /* Remove a queue element */
184 void del_queue(packet_queue_t **q, queue_element_t *e)
189 if(e->next) /* There is a successor, so we are not tail */
191 if(e->prev) /* There is a predecessor, so we are not head */
193 e->next->prev = e->prev;
194 e->prev->next = e->next;
196 else /* We are head */
198 e->next->prev = NULL;
199 (*q)->head = e->next;
202 else /* We are tail (or all alone!) */
204 if(e->prev) /* We are not alone :) */
206 e->prev->next = NULL;
207 (*q)->tail = e->prev;
221 flush a queue by calling function for
222 each packet, and removing it when that
223 returned a zero exit code
225 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
226 int (*function)(conn_list_t*,void*))
228 queue_element_t *p, *next = NULL;
230 for(p = (*pq)->head; p != NULL; )
234 if(!function(cl, p->packet))
240 if(debug_lvl >= DEBUG_TRAFFIC)
241 syslog(LOG_DEBUG, _("Queue flushed"));
246 flush the send&recv queues
247 void because nothing goes wrong here, packets
248 remain in the queue if something goes wrong
250 void flush_queues(conn_list_t *cl)
255 if(debug_lvl >= DEBUG_TRAFFIC)
256 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
257 cl->name, cl->hostname);
258 flush_queue(cl, &(cl->sq), xsend);
263 if(debug_lvl >= DEBUG_TRAFFIC)
264 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
265 cl->name, cl->hostname);
266 flush_queue(cl, &(cl->rq), xrecv);
272 send a packet to the given vpn ip.
274 int send_packet(ip_t to, vpn_packet_t *packet)
279 if((subnet = lookup_subnet_ipv4(to)) == NULL)
281 if(debug_lvl >= DEBUG_TRAFFIC)
283 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
292 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
294 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
296 if(!cl->status.dataopen)
297 if(setup_vpn_connection(cl) < 0)
299 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
300 cl->name, cl->hostname);
304 if(!cl->status.validkey)
306 if(debug_lvl >= DEBUG_TRAFFIC)
307 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
308 cl->name, cl->hostname);
309 add_queue(&(cl->sq), packet, packet->len + 2);
310 if(!cl->status.waitingforkey)
311 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
315 if(!cl->status.active)
317 if(debug_lvl >= DEBUG_TRAFFIC)
318 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
319 cl->name, cl->hostname);
320 add_queue(&(cl->sq), packet, packet->len + 2);
321 return 0; /* We don't want to mess up, do we? */
324 /* can we send it? can we? can we? huh? */
326 return xsend(cl, packet);
330 open the local ethertap device
332 int setup_tap_fd(void)
335 const char *tapfname;
341 if((cfg = get_config_val(config, tapdevice)))
342 tapfname = cfg->data.ptr;
345 tapfname = "/dev/misc/net/tun";
347 tapfname = "/dev/tap0";
350 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
352 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
361 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
362 memset(&ifr, 0, sizeof(ifr));
364 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
366 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
368 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
370 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
373 if((cfg = get_config_val(config, tapsubnet)) == NULL)
374 syslog(LOG_INFO, _("tun/tap device will be left unconfigured"));
376 /* Setup inetaddr/netmask etc */;
380 /* Add name of network interface to environment (for scripts) */
382 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
383 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
392 set up the socket that we listen on for incoming
395 int setup_listen_meta_socket(int port)
398 struct sockaddr_in a;
402 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
404 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
408 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
410 syslog(LOG_ERR, _("setsockopt: %m"));
414 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
416 syslog(LOG_ERR, _("setsockopt: %m"));
420 flags = fcntl(nfd, F_GETFL);
421 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
423 syslog(LOG_ERR, _("fcntl: %m"));
427 if((cfg = get_config_val(config, interface)))
429 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
431 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
436 memset(&a, 0, sizeof(a));
437 a.sin_family = AF_INET;
438 a.sin_port = htons(port);
440 if((cfg = get_config_val(config, interfaceip)))
441 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
443 a.sin_addr.s_addr = htonl(INADDR_ANY);
445 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
447 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
453 syslog(LOG_ERR, _("listen: %m"));
461 setup the socket for incoming encrypted
464 int setup_vpn_in_socket(int port)
467 struct sockaddr_in a;
470 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
472 syslog(LOG_ERR, _("Creating socket failed: %m"));
476 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
478 syslog(LOG_ERR, _("setsockopt: %m"));
482 flags = fcntl(nfd, F_GETFL);
483 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
485 syslog(LOG_ERR, _("fcntl: %m"));
489 memset(&a, 0, sizeof(a));
490 a.sin_family = AF_INET;
491 a.sin_port = htons(port);
492 a.sin_addr.s_addr = htonl(INADDR_ANY);
494 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
496 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
504 setup an outgoing meta (tcp) socket
506 int setup_outgoing_meta_socket(conn_list_t *cl)
509 struct sockaddr_in a;
512 if(debug_lvl >= DEBUG_CONNECTIONS)
513 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
515 if((cfg = get_config_val(cl->config, port)) == NULL)
518 cl->port = cfg->data.val;
520 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
521 if(cl->meta_socket == -1)
523 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
524 cl->hostname, cl->port);
528 a.sin_family = AF_INET;
529 a.sin_port = htons(cl->port);
530 a.sin_addr.s_addr = htonl(cl->address);
532 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
534 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
538 flags = fcntl(cl->meta_socket, F_GETFL);
539 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
541 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
542 cl->hostname, cl->port);
546 if(debug_lvl >= DEBUG_CONNECTIONS)
547 syslog(LOG_INFO, _("Connected to %s port %hd"),
548 cl->hostname, cl->port);
556 setup an outgoing connection. It's not
557 necessary to also open an udp socket as
558 well, because the other host will initiate
559 an authentication sequence during which
560 we will do just that.
562 int setup_outgoing_connection(char *name)
570 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
574 ncn = new_conn_list();
575 asprintf(&ncn->name, "%s", name);
577 if(read_host_config(ncn))
579 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
584 if(!(cfg = get_config_val(ncn->config, address)))
586 syslog(LOG_ERR, _("No address specified for %s"));
591 if(!(h = gethostbyname(cfg->data.ptr)))
593 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
598 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
599 ncn->hostname = hostlookup(htonl(ncn->address));
601 if(setup_outgoing_meta_socket(ncn) < 0)
603 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
609 ncn->status.outgoing = 1;
610 ncn->buffer = xmalloc(MAXBUFSIZE);
612 ncn->last_ping_time = time(NULL);
623 Configure conn_list_t myself and set up the local sockets (listen only)
625 int setup_myself(void)
631 myself = new_conn_list();
633 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
635 myself->protocol_version = PROT_CURRENT;
637 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
639 syslog(LOG_ERR, _("Name for tinc daemon required!"));
643 asprintf(&myself->name, "%s", (char*)cfg->data.val);
645 if(check_id(myself->name))
647 syslog(LOG_ERR, _("Invalid name for myself!"));
651 if(!(cfg = get_config_val(config, privatekey)))
653 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
658 myself->rsa_key = RSA_new();
659 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
660 BN_hex2bn(&myself->rsa_key->e, "FFFF");
663 if(read_host_config(myself))
665 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
669 if(!(cfg = get_config_val(myself->config, publickey)))
671 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
676 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
679 if(RSA_check_key(myself->rsa_key) != 1)
681 syslog(LOG_ERR, _("Invalid public/private keypair!"));
685 if(!(cfg = get_config_val(myself->config, port)))
688 myself->port = cfg->data.val;
690 if((cfg = get_config_val(myself->config, indirectdata)))
691 if(cfg->data.val == stupid_true)
692 myself->flags |= EXPORTINDIRECTDATA;
694 if((cfg = get_config_val(myself->config, tcponly)))
695 if(cfg->data.val == stupid_true)
696 myself->flags |= TCPONLY;
698 /* Read in all the subnets specified in the host configuration file */
700 for(cfg = myself->config; cfg = get_config_val(cfg, subnet); cfg = cfg->next)
703 net->type = SUBNET_IPV4;
704 net->net.ipv4.address = cfg->data.ip->address;
705 net->net.ipv4.mask = cfg->data.ip->mask;
707 subnet_add(myself, net);
710 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
712 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
716 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
718 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
719 close(myself->meta_socket);
723 myself->status.active = 1;
725 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
731 sigalrm_handler(int a)
735 cfg = get_config_val(upstreamcfg, connectto);
737 if(!cfg && upstreamcfg == myself->config)
738 /* No upstream IP given, we're listen only. */
743 upstreamcfg = cfg->next;
744 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
746 signal(SIGALRM, SIG_IGN);
749 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
752 signal(SIGALRM, sigalrm_handler);
753 upstreamcfg = myself->config;
754 seconds_till_retry += 5;
755 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
756 seconds_till_retry = MAXTIMEOUT;
757 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
759 alarm(seconds_till_retry);
764 setup all initial network connections
766 int setup_network_connections(void)
771 if((cfg = get_config_val(config, pingtimeout)) == NULL)
774 timeout = cfg->data.val;
776 if(setup_tap_fd() < 0)
779 if(setup_myself() < 0)
782 /* Run tinc-up script to further initialize the tap interface */
784 asprintf(&scriptname, "%s/tinc-up", confbase);
789 execl(scriptname, NULL);
792 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
799 if(!(cfg = get_config_val(myself->config, connectto)))
800 /* No upstream IP given, we're listen only. */
805 upstreamcfg = cfg->next;
806 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
808 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
811 signal(SIGALRM, sigalrm_handler);
812 upstreamcfg = myself->config;
813 seconds_till_retry = MAXTIMEOUT;
814 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
815 alarm(seconds_till_retry);
821 close all open network connections
823 void close_network_connections(void)
828 for(p = conn_list; p != NULL; p = p->next)
830 if(p->status.dataopen)
832 shutdown(p->socket, 0); /* No more receptions */
838 shutdown(p->meta_socket, 0); /* No more receptions */
839 close(p->meta_socket);
844 if(myself->status.active)
846 close(myself->meta_socket);
847 close(myself->socket);
850 /* Execute tinc-down script right before shutting down the interface */
852 asprintf(&scriptname, "%s/tinc-down", confbase);
856 execl(scriptname, NULL);
859 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
869 syslog(LOG_NOTICE, _("Terminating"));
875 create a data (udp) socket
877 int setup_vpn_connection(conn_list_t *cl)
880 struct sockaddr_in a;
882 if(debug_lvl >= DEBUG_TRAFFIC)
883 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
885 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
888 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
892 a.sin_family = AF_INET;
893 a.sin_port = htons(cl->port);
894 a.sin_addr.s_addr = htonl(cl->address);
896 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
898 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
899 cl->hostname, cl->port);
903 flags = fcntl(nfd, F_GETFL);
904 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
906 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
907 cl->name, cl->hostname);
912 cl->status.dataopen = 1;
918 handle an incoming tcp connect call and open
921 conn_list_t *create_new_connection(int sfd)
924 struct sockaddr_in ci;
925 int len = sizeof(ci);
929 if(getpeername(sfd, &ci, &len) < 0)
931 syslog(LOG_ERR, _("Error: getpeername: %m"));
936 p->address = ntohl(ci.sin_addr.s_addr);
937 p->hostname = hostlookup(ci.sin_addr.s_addr);
938 p->meta_socket = sfd;
940 p->buffer = xmalloc(MAXBUFSIZE);
942 p->last_ping_time = time(NULL);
945 if(debug_lvl >= DEBUG_CONNECTIONS)
946 syslog(LOG_NOTICE, _("Connection from %s port %d"),
947 p->hostname, htons(ci.sin_port));
949 p->allow_request = ID;
955 put all file descriptors in an fd_set array
957 void build_fdset(fd_set *fs)
963 for(p = conn_list; p != NULL; p = p->next)
966 FD_SET(p->meta_socket, fs);
967 if(p->status.dataopen)
968 FD_SET(p->socket, fs);
971 FD_SET(myself->meta_socket, fs);
972 FD_SET(myself->socket, fs);
978 receive incoming data from the listening
979 udp socket and write it to the ethertap
980 device after being decrypted
982 int handle_incoming_vpn_data()
986 int x, l = sizeof(x);
987 struct sockaddr from;
988 socklen_t fromlen = sizeof(from);
990 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
992 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
993 __FILE__, __LINE__, myself->socket);
998 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1002 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1004 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1008 if(debug_lvl >= DEBUG_TRAFFIC)
1010 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1011 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1019 terminate a connection and notify the other
1020 end before closing the sockets
1022 void terminate_connection(conn_list_t *cl)
1027 if(cl->status.remove)
1030 if(debug_lvl >= DEBUG_CONNECTIONS)
1031 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1032 cl->name, cl->hostname);
1037 close(cl->meta_socket);
1039 cl->status.remove = 1;
1041 /* If this cl isn't active, don't send any DEL_HOSTs. */
1043 /* FIXME: reprogram this.
1044 if(cl->status.active)
1045 notify_others(cl,NULL,send_del_host);
1049 /* Find all connections that were lost because they were behind cl
1050 (the connection that was dropped). */
1052 for(p = conn_list; p != NULL; p = p->next)
1054 if((p->nexthop == cl) && (p != cl))
1056 if(cl->status.active && p->status.active)
1057 /* FIXME: reprogram this
1058 notify_others(p,cl,send_del_host);
1062 p->status.active = 0;
1063 p->status.remove = 1;
1067 cl->status.active = 0;
1069 if(cl->status.outgoing)
1071 signal(SIGALRM, sigalrm_handler);
1072 seconds_till_retry = 5;
1073 alarm(seconds_till_retry);
1074 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1080 Check if the other end is active.
1081 If we have sent packets, but didn't receive any,
1082 then possibly the other end is dead. We send a
1083 PING request over the meta connection. If the other
1084 end does not reply in time, we consider them dead
1085 and close the connection.
1087 int check_dead_connections(void)
1093 for(p = conn_list; p != NULL; p = p->next)
1095 if(p->status.remove)
1097 if(p->status.active && p->status.meta)
1099 if(p->last_ping_time + timeout < now)
1101 if(p->status.pinged && !p->status.got_pong)
1103 if(debug_lvl >= DEBUG_PROTOCOL)
1104 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1105 p->name, p->hostname);
1106 p->status.timeout = 1;
1107 terminate_connection(p);
1109 else if(p->want_ping)
1112 p->last_ping_time = now;
1113 p->status.pinged = 1;
1114 p->status.got_pong = 0;
1124 accept a new tcp connect and create a
1127 int handle_new_meta_connection()
1130 struct sockaddr client;
1131 int nfd, len = sizeof(client);
1133 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1135 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1139 if(!(ncn = create_new_connection(nfd)))
1143 syslog(LOG_NOTICE, _("Closed attempted connection"));
1147 ncn->status.meta = 1;
1148 ncn->next = conn_list;
1155 check all connections to see if anything
1156 happened on their sockets
1158 void check_network_activity(fd_set *f)
1161 int x, l = sizeof(x);
1163 for(p = conn_list; p != NULL; p = p->next)
1165 if(p->status.remove)
1168 if(p->status.dataopen)
1169 if(FD_ISSET(p->socket, f))
1172 The only thing that can happen to get us here is apparently an
1173 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1174 something that will not trigger an error directly on send()).
1175 I've once got here when it said `No route to host'.
1177 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1178 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1179 p->name, p->hostname, strerror(x));
1180 terminate_connection(p);
1185 if(FD_ISSET(p->meta_socket, f))
1186 if(receive_meta(p) < 0)
1188 terminate_connection(p);
1193 if(FD_ISSET(myself->socket, f))
1194 handle_incoming_vpn_data();
1196 if(FD_ISSET(myself->meta_socket, f))
1197 handle_new_meta_connection();
1202 read, encrypt and send data that is
1203 available through the ethertap device
1205 void handle_tap_input(void)
1212 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1214 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1221 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1223 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1229 total_tap_in += lenin;
1233 if(debug_lvl >= DEBUG_TRAFFIC)
1234 syslog(LOG_WARNING, _("Received short packet from tap device"));
1238 if(debug_lvl >= DEBUG_TRAFFIC)
1240 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1243 // route_packet(&vp);
1248 this is where it all happens...
1250 void main_loop(void)
1255 time_t last_ping_check;
1257 last_ping_check = time(NULL);
1261 tv.tv_sec = timeout;
1267 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1269 if(errno != EINTR) /* because of alarm */
1271 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1279 /* FIXME: reprogram this.
1281 syslog(LOG_INFO, _("Rereading configuration file"));
1282 close_network_connections();
1284 if(read_config_file(&config, configfilename))
1286 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1290 setup_network_connections();
1295 if(last_ping_check + timeout < time(NULL))
1296 /* Let's check if everybody is still alive */
1298 check_dead_connections();
1299 last_ping_check = time(NULL);
1304 check_network_activity(&fset);
1306 /* local tap data */
1307 if(FD_ISSET(tap_fd, &fset))