2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.8 2000/06/26 20:30:20 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 static int seconds_till_retry;
61 /* The global list of existing connections */
62 conn_list_t *conn_list = NULL;
63 conn_list_t *myself = NULL;
66 strip off the MAC adresses of an ethernet frame
68 void strip_mac_addresses(vpn_packet_t *p)
70 unsigned char tmp[MAXSIZE];
72 memcpy(tmp, p->data, p->len);
74 memcpy(p->data, &tmp[12], p->len);
79 reassemble MAC addresses
81 void add_mac_addresses(vpn_packet_t *p)
83 unsigned char tmp[MAXSIZE];
85 memcpy(&tmp[12], p->data, p->len);
87 tmp[0] = tmp[6] = 0xfe;
88 tmp[1] = tmp[7] = 0xfd;
89 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
90 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
91 memcpy(p->data, &tmp[0], p->len);
95 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sending packet of %d bytes to " IP_ADDR_S " (%s)"),
107 ntohs(rp.len), IP_ADDR_V(cl->vpn_ip), cl->hostname);
109 if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
111 syslog(LOG_ERR, _("Error sending packet to " IP_ADDR_S " (%s): %m"),
112 IP_ADDR_V(cl->vpn_ip), cl->hostname);
116 total_socket_out += r;
123 int xrecv(conn_list_t *cl, void *packet)
128 do_decrypt((real_packet_t*)packet, &vp, cl->key);
129 add_mac_addresses(&vp);
132 syslog(LOG_ERR, _("Receiving packet of %d bytes from " IP_ADDR_S " (%s)"),
133 ((real_packet_t*)packet)->len, IP_ADDR_V(cl->vpn_ip), cl->hostname);
135 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
136 syslog(LOG_ERR, _("Can't write to tap device: %m"));
138 total_tap_out += lenin;
141 cl->last_ping_time = time(NULL);
147 add the given packet of size s to the
148 queue q, be it the send or receive queue
150 void add_queue(packet_queue_t **q, void *packet, size_t s)
154 e = xmalloc(sizeof(*e));
155 e->packet = xmalloc(s);
156 memcpy(e->packet, packet, s);
160 *q = xmalloc(sizeof(**q));
161 (*q)->head = (*q)->tail = NULL;
164 e->next = NULL; /* We insert at the tail */
166 if((*q)->tail) /* Do we have a tail? */
168 (*q)->tail->next = e;
169 e->prev = (*q)->tail;
171 else /* No tail -> no head too */
181 /* Remove a queue element */
182 void del_queue(packet_queue_t **q, queue_element_t *e)
187 if(e->next) /* There is a successor, so we are not tail */
189 if(e->prev) /* There is a predecessor, so we are not head */
191 e->next->prev = e->prev;
192 e->prev->next = e->next;
194 else /* We are head */
196 e->next->prev = NULL;
197 (*q)->head = e->next;
200 else /* We are tail (or all alone!) */
202 if(e->prev) /* We are not alone :) */
204 e->prev->next = NULL;
205 (*q)->tail = e->prev;
219 flush a queue by calling function for
220 each packet, and removing it when that
221 returned a zero exit code
223 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
224 int (*function)(conn_list_t*,void*))
226 queue_element_t *p, *next = NULL;
228 for(p = (*pq)->head; p != NULL; )
232 if(!function(cl, p->packet))
239 syslog(LOG_DEBUG, _("Queue flushed"));
244 flush the send&recv queues
245 void because nothing goes wrong here, packets
246 remain in the queue if something goes wrong
248 void flush_queues(conn_list_t *cl)
254 syslog(LOG_DEBUG, _("Flushing send queue for " IP_ADDR_S),
255 IP_ADDR_V(cl->vpn_ip));
256 flush_queue(cl, &(cl->sq), xsend);
262 syslog(LOG_DEBUG, _("Flushing receive queue for " IP_ADDR_S),
263 IP_ADDR_V(cl->vpn_ip));
264 flush_queue(cl, &(cl->rq), xrecv);
270 send a packet to the given vpn ip.
272 int send_packet(ip_t to, vpn_packet_t *packet)
276 if((cl = lookup_conn(to)) == NULL)
280 syslog(LOG_NOTICE, _("Trying to look up " IP_ADDR_S " in connection list failed!"),
284 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
288 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
290 { /* No open outgoing connection has been found. */
292 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
297 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
299 if(myself->flags & EXPORTINDIRECTDATA)
301 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
303 { /* No open outgoing connection has been found. */
305 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
311 /* If indirectdata flag is set for the destination we just looked up,
312 * then real_ip is actually the vpn_ip of the gateway tincd
316 if(cl->flags & INDIRECTDATA)
319 syslog(LOG_NOTICE, _("Indirect packet to " IP_ADDR_S " via " IP_ADDR_S),
320 IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip));
321 if((cl = lookup_conn(cl->real_ip)) == NULL)
324 syslog(LOG_NOTICE, _("Indirect look up " IP_ADDR_S " in connection list failed!"),
327 /* Gateway tincd dead? Should we kill it? (GS) */
331 if(cl->flags & INDIRECTDATA) /* This should not happen */
334 syslog(LOG_NOTICE, _("Double indirection for " IP_ADDR_S),
340 if(my_key_expiry <= time(NULL))
343 if(!cl->status.dataopen)
344 if(setup_vpn_connection(cl) < 0)
346 syslog(LOG_ERR, _("Could not open UDP connection to " IP_ADDR_S " (%s)"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
350 if(!cl->status.validkey)
353 syslog(LOG_INFO, _(IP_ADDR_S " (%s) has no valid key, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
354 add_queue(&(cl->sq), packet, packet->len + 2);
355 if(!cl->status.waitingforkey)
356 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
360 if(!cl->status.active)
363 syslog(LOG_INFO, _(IP_ADDR_S " (%s) is not ready, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
364 add_queue(&(cl->sq), packet, packet->len + 2);
365 return 0; /* We don't want to mess up, do we? */
368 /* can we send it? can we? can we? huh? */
370 return xsend(cl, packet);
374 open the local ethertap device
376 int setup_tap_fd(void)
379 const char *tapfname;
382 if((cfg = get_config_val(tapdevice)) == NULL)
383 tapfname = "/dev/tap0";
385 tapfname = cfg->data.ptr;
387 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
389 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
399 set up the socket that we listen on for incoming
402 int setup_listen_meta_socket(int port)
405 struct sockaddr_in a;
408 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
410 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
414 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
416 syslog(LOG_ERR, _("setsockopt: %m"));
420 flags = fcntl(nfd, F_GETFL);
421 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
423 syslog(LOG_ERR, _("fcntl: %m"));
427 memset(&a, 0, sizeof(a));
428 a.sin_family = AF_INET;
429 a.sin_port = htons(port);
430 a.sin_addr.s_addr = htonl(INADDR_ANY);
432 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
434 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
440 syslog(LOG_ERR, _("listen: %m"));
448 setup the socket for incoming encrypted
451 int setup_vpn_in_socket(int port)
454 struct sockaddr_in a;
457 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
459 syslog(LOG_ERR, _("Creating socket failed: %m"));
463 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
465 syslog(LOG_ERR, _("setsockopt: %m"));
469 flags = fcntl(nfd, F_GETFL);
470 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
472 syslog(LOG_ERR, _("fcntl: %m"));
476 memset(&a, 0, sizeof(a));
477 a.sin_family = AF_INET;
478 a.sin_port = htons(port);
479 a.sin_addr.s_addr = htonl(INADDR_ANY);
481 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
483 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
491 setup an outgoing meta (tcp) socket
493 int setup_outgoing_meta_socket(conn_list_t *cl)
496 struct sockaddr_in a;
499 if((cfg = get_config_val(upstreamport)) == NULL)
502 cl->port = cfg->data.val;
504 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
505 if(cl->meta_socket == -1)
507 syslog(LOG_ERR, _("Creating socket failed: %m"));
511 a.sin_family = AF_INET;
512 a.sin_port = htons(cl->port);
513 a.sin_addr.s_addr = htonl(cl->real_ip);
515 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
517 syslog(LOG_ERR, _(IP_ADDR_S ":%d: %m"), IP_ADDR_V(cl->real_ip), cl->port);
521 flags = fcntl(cl->meta_socket, F_GETFL);
522 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
524 syslog(LOG_ERR, _("fcntl: %m"));
528 syslog(LOG_INFO, _("Connected to " IP_ADDR_S ":%hd"),
529 IP_ADDR_V(cl->real_ip), cl->port);
535 setup an outgoing connection. It's not
536 necessary to also open an udp socket as
537 well, because the other host will initiate
538 an authentication sequence during which
539 we will do just that.
541 int setup_outgoing_connection(ip_t ip)
545 ncn = new_conn_list();
547 ncn->hostname = hostlookup(htonl(ip));
549 if(setup_outgoing_meta_socket(ncn) < 0)
551 syslog(LOG_ERR, _("Could not set up a meta connection!"));
552 free_conn_element(ncn);
556 ncn->status.meta = 1;
557 ncn->status.outgoing = 1;
558 ncn->next = conn_list;
565 set up the local sockets (listen only)
567 int setup_myself(void)
571 myself = new_conn_list();
573 if(!(cfg = get_config_val(myvpnip)))
575 syslog(LOG_ERR, _("No value for my VPN IP given"));
579 myself->vpn_ip = cfg->data.ip->ip;
580 myself->hostname = hostlookup(htonl(myself->vpn_ip));
581 myself->vpn_mask = cfg->data.ip->mask;
584 if(!(cfg = get_config_val(listenport)))
587 myself->port = cfg->data.val;
589 if(cfg = get_config_val(indirectdata))
591 myself->flags |= EXPORTINDIRECTDATA;
593 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
595 syslog(LOG_ERR, _("Unable to set up a listening socket"));
599 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
601 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
602 close(myself->meta_socket);
606 myself->status.active = 1;
608 syslog(LOG_NOTICE, _("Ready: listening on port %d"), myself->port);
614 sigalrm_handler(int a)
618 cfg = get_config_val(upstreamip);
620 if(!setup_outgoing_connection(cfg->data.ip->ip))
622 signal(SIGALRM, SIG_IGN);
626 signal(SIGALRM, sigalrm_handler);
627 seconds_till_retry += 5;
628 if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */
629 seconds_till_retry = 300;
630 alarm(seconds_till_retry);
631 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
638 setup all initial network connections
640 int setup_network_connections(void)
644 if((cfg = get_config_val(pingtimeout)) == NULL)
647 timeout = cfg->data.val;
649 if(setup_tap_fd() < 0)
652 if(setup_myself() < 0)
655 if((cfg = get_config_val(upstreamip)) == NULL)
656 /* No upstream IP given, we're listen only. */
659 if(setup_outgoing_connection(cfg->data.ip->ip))
661 signal(SIGALRM, sigalrm_handler);
662 seconds_till_retry = 300;
663 alarm(seconds_till_retry);
664 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes"));
671 close all open network connections
673 void close_network_connections(void)
677 for(p = conn_list; p != NULL; p = p->next)
679 if(p->status.dataopen)
681 shutdown(p->socket, 0); /* No more receptions */
687 shutdown(p->meta_socket, 0); /* No more receptions */
688 close(p->meta_socket);
693 if(myself->status.active)
695 close(myself->meta_socket);
696 close(myself->socket);
702 syslog(LOG_NOTICE, _("Terminating"));
708 create a data (udp) socket
710 int setup_vpn_connection(conn_list_t *cl)
713 struct sockaddr_in a;
716 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
718 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
721 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
725 a.sin_family = AF_INET;
726 a.sin_port = htons(cl->port);
727 a.sin_addr.s_addr = htonl(cl->real_ip);
729 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
731 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
732 cl->hostname, cl->port);
736 flags = fcntl(nfd, F_GETFL);
737 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
739 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, nfd);
744 cl->status.dataopen = 1;
750 handle an incoming tcp connect call and open
753 conn_list_t *create_new_connection(int sfd)
756 struct sockaddr_in ci;
757 int len = sizeof(ci);
761 if(getpeername(sfd, &ci, &len) < 0)
763 syslog(LOG_ERR, _("Error: getpeername: %m"));
767 p->real_ip = ntohl(ci.sin_addr.s_addr);
768 p->hostname = hostlookup(ci.sin_addr.s_addr);
769 p->meta_socket = sfd;
772 p->last_ping_time = time(NULL);
776 syslog(LOG_NOTICE, _("Connection from %s port %d"),
777 p->hostname, htons(ci.sin_port));
779 if(send_basic_info(p) < 0)
789 put all file descriptors in an fd_set array
791 void build_fdset(fd_set *fs)
797 for(p = conn_list; p != NULL; p = p->next)
800 FD_SET(p->meta_socket, fs);
801 if(p->status.dataopen)
802 FD_SET(p->socket, fs);
805 FD_SET(myself->meta_socket, fs);
806 FD_SET(myself->socket, fs);
812 receive incoming data from the listening
813 udp socket and write it to the ethertap
814 device after being decrypted
816 int handle_incoming_vpn_data(conn_list_t *cl)
820 int x, l = sizeof(x);
823 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
825 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->socket);
830 syslog(LOG_ERR, _("Incoming data socket error: %s"), sys_errlist[x]);
835 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
838 syslog(LOG_ERR, _("Receiving packet from %s failed: %m"), cl->hostname);
841 total_socket_in += lenin;
843 rp.data.len = ntohs(rp.data.len);
844 rp.len = ntohs(rp.len);
845 rp.from = ntohl(rp.from);
849 f = lookup_conn(rp.from);
852 syslog(LOG_ERR, _("Got packet from " IP_ADDR_S " (%s) with unknown origin " IP_ADDR_S "?"),
853 IP_ADDR_V(cl->vpn_ip), cl->hostname, IP_ADDR_V(rp.from));
857 if(f->status.validkey)
861 add_queue(&(f->rq), &rp, rp.len);
862 if(!cl->status.waitingforkey)
863 send_key_request(rp.from);
866 if(my_key_expiry <= time(NULL))
874 terminate a connection and notify the other
875 end before closing the sockets
877 void terminate_connection(conn_list_t *cl)
882 if(cl->status.remove)
886 syslog(LOG_NOTICE, _("Closing connection with " IP_ADDR_S " (%s)"),
887 IP_ADDR_V(cl->vpn_ip), cl->hostname);
889 if(cl->status.timeout)
891 else if(!cl->status.termreq)
896 close(cl->meta_socket);
898 if(cl->status.outgoing)
900 signal(SIGALRM, sigalrm_handler);
901 seconds_till_retry = 5;
902 alarm(seconds_till_retry);
903 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
906 cl->status.remove = 1;
908 /* If this cl isn't active, don't send any DEL_HOSTs and don't bother
909 checking for other lost connections. */
910 if(!cl->status.active)
913 cl->status.active = 0;
916 /* Find all connections that were lost because they were behind cl
917 (the connection that was dropped). */
918 for(p = conn_list; p != NULL; p = p->next)
921 p->status.active = 0;
922 p->status.remove = 1;
926 /* Then send a notification about all these connections to all hosts
927 that are still connected to us. */
928 for(p = conn_list; p != NULL; p = p->next)
929 if(!p->status.remove && p->status.meta)
930 for(q = conn_list; q != NULL; q = q->next)
938 Check if the other end is active.
939 If we have sent packets, but didn't receive any,
940 then possibly the other end is dead. We send a
941 PING request over the meta connection. If the other
942 end does not reply in time, we consider them dead
943 and close the connection.
945 int check_dead_connections(void)
951 for(p = conn_list; p != NULL; p = p->next)
955 if(p->status.active && p->status.meta)
957 if(p->last_ping_time + timeout < now)
959 if(p->status.pinged && !p->status.got_pong)
962 syslog(LOG_INFO, _(IP_ADDR_S " (%s) didn't respond to ping"),
963 IP_ADDR_V(p->vpn_ip), p->hostname);
964 p->status.timeout = 1;
965 terminate_connection(p);
967 else if(p->want_ping)
970 p->last_ping_time = now;
971 p->status.pinged = 1;
972 p->status.got_pong = 0;
982 accept a new tcp connect and create a
985 int handle_new_meta_connection(conn_list_t *cl)
988 struct sockaddr client;
989 int nfd, len = sizeof(client);
991 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
993 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
997 if((ncn = create_new_connection(nfd)) == NULL)
1001 syslog(LOG_NOTICE, _("Closed attempted connection"));
1005 ncn->status.meta = 1;
1006 ncn->next = conn_list;
1013 dispatch any incoming meta requests
1015 int handle_incoming_meta_data(conn_list_t *cl)
1017 int x, l = sizeof(x);
1018 int request, oldlen, i;
1021 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1023 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->meta_socket);
1028 syslog(LOG_ERR, _("Metadata socket error: %s"), sys_errlist[x]);
1032 if(cl->buflen >= MAXBUFSIZE)
1034 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1038 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1042 syslog(LOG_ERR, _("Metadata socket read error: %m"));
1046 oldlen = cl->buflen;
1047 cl->buflen += lenin;
1053 for(i = oldlen; i < cl->buflen; i++)
1055 if(cl->buffer[i] == '\n')
1057 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1066 syslog(LOG_DEBUG, _("Got request from " IP_ADDR_S " (%s): %s"),
1067 IP_ADDR_V(cl->vpn_ip), cl->hostname, cl->buffer);
1068 if(sscanf(cl->buffer, "%d", &request) == 1)
1070 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1072 syslog(LOG_ERR, _("Unknown request from " IP_ADDR_S " (%s)"),
1073 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1077 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1079 syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S " (%s)"),
1080 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1086 syslog(LOG_ERR, _("Bogus data received from " IP_ADDR_S " (%s)"),
1087 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1091 cl->buflen -= cl->reqlen;
1092 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1101 cl->last_ping_time = time(NULL);
1108 check all connections to see if anything
1109 happened on their sockets
1111 void check_network_activity(fd_set *f)
1114 int x, l = sizeof(x);
1116 for(p = conn_list; p != NULL; p = p->next)
1118 if(p->status.remove)
1121 if(p->status.dataopen)
1122 if(FD_ISSET(p->socket, f))
1125 The only thing that can happen to get us here is apparently an
1126 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1127 something that will not trigger an error directly on send()).
1128 I've once got here when it said `No route to host'.
1130 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1131 syslog(LOG_ERR, _("Outgoing data socket error: %s"), sys_errlist[x]);
1132 terminate_connection(p);
1137 if(FD_ISSET(p->meta_socket, f))
1138 if(handle_incoming_meta_data(p) < 0)
1140 terminate_connection(p);
1145 if(FD_ISSET(myself->socket, f))
1146 handle_incoming_vpn_data(myself);
1148 if(FD_ISSET(myself->meta_socket, f))
1149 handle_new_meta_connection(myself);
1154 read, encrypt and send data that is
1155 available through the ethertap device
1157 void handle_tap_input(void)
1161 int ether_type, lenin;
1163 memset(&vp, 0, sizeof(vp));
1164 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1166 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1170 total_tap_in += lenin;
1172 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1173 if(ether_type != 0x0800)
1176 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1177 ether_type, MAC_ADDR_V(vp.data[6]));
1184 syslog(LOG_INFO, _("Dropping short packet"));
1188 from = ntohl(*((unsigned long*)(&vp.data[26])));
1189 to = ntohl(*((unsigned long*)(&vp.data[30])));
1191 vp.len = (length_t)lenin - 2;
1193 strip_mac_addresses(&vp);
1195 send_packet(to, &vp);
1200 this is where it all happens...
1202 void main_loop(void)
1207 time_t last_ping_check;
1209 last_ping_check = time(NULL);
1213 tv.tv_sec = timeout;
1219 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1221 if(errno == EINTR) /* because of alarm */
1223 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1227 if(last_ping_check + timeout < time(NULL))
1228 /* Let's check if everybody is still alive */
1230 check_dead_connections();
1231 last_ping_check = time(NULL);
1235 check_network_activity(&fset);
1237 /* local tap data */
1238 if(FD_ISSET(tap_fd, &fset))