2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include "connection.h"
52 #define MAX(a, b) ((a) > (b) ? (a) : (b))
55 /* The minimum size of a probe is 14 bytes, but since we normally use CBC mode
56 encryption, we can add a few extra random bytes without increasing the
57 resulting packet size. */
58 #define MIN_PROBE_SIZE 18
62 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
65 static void send_udppacket(node_t *, vpn_packet_t *);
67 unsigned replaywin = 32;
68 bool localdiscovery = true;
69 bool udp_discovery = true;
70 int udp_discovery_keepalive_interval = 10;
71 int udp_discovery_interval = 2;
72 int udp_discovery_timeout = 30;
74 #define MAX_SEQNO 1073741824
76 static void try_fix_mtu(node_t *n) {
80 if(n->mtuprobes == 20 || n->minmtu >= n->maxmtu) {
81 if(n->minmtu > n->maxmtu)
82 n->minmtu = n->maxmtu;
84 n->maxmtu = n->minmtu;
86 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
91 static void udp_probe_timeout_handler(void *data) {
93 if(!n->status.udp_confirmed)
96 logger(DEBUG_TRAFFIC, LOG_INFO, "Too much time has elapsed since last UDP ping response from %s (%s), stopping UDP communication", n->name, n->hostname);
97 n->status.udp_confirmed = false;
104 static void send_udp_probe_reply(node_t *n, vpn_packet_t *packet, length_t len) {
105 if(!n->status.sptps && !n->status.validkey) {
106 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP probe reply to %s (%s) but we don't have his key yet", n->name, n->hostname);
110 /* Type 2 probe replies were introduced in protocol 17.3 */
111 if ((n->options >> 24) >= 3) {
113 uint16_t len16 = htons(len);
114 memcpy(DATA(packet) + 1, &len16, 2);
115 packet->len = MIN_PROBE_SIZE;
116 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 2 probe reply length %u to %s (%s)", len, n->name, n->hostname);
119 /* Legacy protocol: n won't understand type 2 probe replies. */
121 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 1 probe reply length %u to %s (%s)", len, n->name, n->hostname);
124 /* Temporarily set udp_confirmed, so that the reply is sent
125 back exactly the way it came in. */
127 bool udp_confirmed = n->status.udp_confirmed;
128 n->status.udp_confirmed = true;
129 send_udppacket(n, packet);
130 n->status.udp_confirmed = udp_confirmed;
133 static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
134 if(!DATA(packet)[0]) {
135 logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
136 return send_udp_probe_reply(n, packet, len);
139 if (DATA(packet)[0] == 2) {
140 // It's a type 2 probe reply, use the length field inside the packet
142 memcpy(&len16, DATA(packet) + 1, 2);
146 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s)", DATA(packet)[0], len, n->name, n->hostname);
148 /* It's a valid reply: now we know bidirectional communication
149 is possible using the address and socket that the reply
151 n->status.udp_confirmed = true;
153 // Reset the UDP ping timer.
154 n->udp_ping_sent = now;
157 timeout_del(&n->udp_ping_timeout);
158 timeout_add(&n->udp_ping_timeout, &udp_probe_timeout_handler, n, &(struct timeval){udp_discovery_timeout, 0});
161 if(len > n->maxmtu) {
162 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
165 /* Set mtuprobes to 1 so that try_mtu() doesn't reset maxmtu */
168 } else if(n->mtuprobes < 0 && len == n->maxmtu) {
169 /* We got a maxmtu sized packet, confirming the PMTU is still valid. */
171 n->mtu_ping_sent = now;
174 /* If applicable, raise the minimum supported MTU */
176 if(n->minmtu < len) {
182 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
184 memcpy(dest, source, len);
186 } else if(level == 10) {
188 lzo_uint lzolen = MAXSIZE;
189 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
194 } else if(level < 10) {
196 unsigned long destlen = MAXSIZE;
197 if(compress2(dest, &destlen, source, len, level) == Z_OK)
204 lzo_uint lzolen = MAXSIZE;
205 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
215 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
217 memcpy(dest, source, len);
219 } else if(level > 9) {
221 lzo_uint lzolen = MAXSIZE;
222 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
230 unsigned long destlen = MAXSIZE;
231 if(uncompress(dest, &destlen, source, len) == Z_OK)
243 static void receive_packet(node_t *n, vpn_packet_t *packet) {
244 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
245 packet->len, n->name, n->hostname);
248 n->in_bytes += packet->len;
253 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
255 return sptps_verify_datagram(&n->sptps, DATA(inpkt), inpkt->len);
257 #ifdef DISABLE_LEGACY
260 if(!n->status.validkey_in || !digest_active(n->indigest) || inpkt->len < sizeof(seqno_t) + digest_length(n->indigest))
263 return digest_verify(n->indigest, inpkt->data, inpkt->len - digest_length(n->indigest), inpkt->data + inpkt->len - digest_length(n->indigest));
267 static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
268 vpn_packet_t pkt1, pkt2;
269 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
272 pkt1.offset = DEFAULT_PACKET_OFFSET;
273 pkt2.offset = DEFAULT_PACKET_OFFSET;
275 if(n->status.sptps) {
276 if(!n->sptps.state) {
277 if(!n->status.waitingforkey) {
278 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
281 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
285 n->status.udppacket = true;
286 bool result = sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len);
287 n->status.udppacket = false;
290 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
291 so let's restart SPTPS in case that helps. But don't do that too often
292 to prevent storms, and because that would make life a little too easy
293 for external attackers trying to DoS us. */
294 if(n->last_req_key < now.tv_sec - 10) {
295 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", n->name, n->hostname);
303 #ifdef DISABLE_LEGACY
306 if(!n->status.validkey_in) {
307 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
311 /* Check packet length */
313 if(inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
314 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
315 n->name, n->hostname);
319 /* It's a legacy UDP packet, the data starts after the seqno */
321 inpkt->offset += sizeof(seqno_t);
323 /* Check the message authentication code */
325 if(digest_active(n->indigest)) {
326 inpkt->len -= digest_length(n->indigest);
327 if(!digest_verify(n->indigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
328 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
332 /* Decrypt the packet */
334 if(cipher_active(n->incipher)) {
335 vpn_packet_t *outpkt = pkt[nextpkt++];
338 if(!cipher_decrypt(n->incipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
339 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
343 outpkt->len = outlen;
347 /* Check the sequence number */
350 memcpy(&seqno, SEQNO(inpkt), sizeof(seqno));
351 seqno = ntohl(seqno);
352 inpkt->len -= sizeof(seqno);
355 if(seqno != n->received_seqno + 1) {
356 if(seqno >= n->received_seqno + replaywin * 8) {
357 if(n->farfuture++ < replaywin >> 2) {
358 logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
359 n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture);
362 logger(DEBUG_TRAFFIC, LOG_WARNING, "Lost %d packets from %s (%s)",
363 seqno - n->received_seqno - 1, n->name, n->hostname);
364 memset(n->late, 0, replaywin);
365 } else if (seqno <= n->received_seqno) {
366 if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) {
367 logger(DEBUG_TRAFFIC, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
368 n->name, n->hostname, seqno, n->received_seqno);
372 for(int i = n->received_seqno + 1; i < seqno; i++)
373 n->late[(i / 8) % replaywin] |= 1 << i % 8;
378 n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8);
381 if(seqno > n->received_seqno)
382 n->received_seqno = seqno;
386 if(n->received_seqno > MAX_SEQNO)
389 /* Decompress the packet */
391 length_t origlen = inpkt->len;
393 if(n->incompression) {
394 vpn_packet_t *outpkt = pkt[nextpkt++];
396 if((outpkt->len = uncompress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->incompression)) < 0) {
397 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
398 n->name, n->hostname);
404 origlen -= MTU/64 + 20;
407 if(inpkt->len > n->maxrecentlen)
408 n->maxrecentlen = inpkt->len;
412 if(!DATA(inpkt)[12] && !DATA(inpkt)[13])
413 udp_probe_h(n, inpkt, origlen);
415 receive_packet(n, inpkt);
420 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
422 outpkt.offset = DEFAULT_PACKET_OFFSET;
424 if(len > sizeof(outpkt.data) - outpkt.offset)
428 if(c->options & OPTION_TCPONLY)
431 outpkt.priority = -1;
432 memcpy(DATA(&outpkt), buffer, len);
434 receive_packet(c->node, &outpkt);
437 bool receive_tcppacket_sptps(connection_t *c, const char *data, int len) {
438 if (len < sizeof(node_id_t) + sizeof(node_id_t)) {
439 logger(DEBUG_PROTOCOL, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname);
443 node_t *to = lookup_node_id((node_id_t *)data);
444 data += sizeof(node_id_t); len -= sizeof(node_id_t);
446 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown destination ID", c->name, c->hostname);
450 node_t *from = lookup_node_id((node_id_t *)data);
451 data += sizeof(node_id_t); len -= sizeof(node_id_t);
453 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown source ID", c->name, c->hostname);
457 if(!to->status.reachable) {
458 /* This can happen in the form of a race condition
459 if the node just became unreachable. */
460 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay TCP packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
464 /* Help the sender reach us over UDP.
465 Note that we only do this if we're the destination or the static relay;
466 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
467 if(to->via == myself)
468 send_udp_info(myself, from);
470 /* If we're not the final recipient, relay the packet. */
473 send_sptps_data(to, from, 0, data, len);
478 /* The packet is for us */
480 if(!sptps_receive_data(&from->sptps, data, len)) {
481 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
482 so let's restart SPTPS in case that helps. But don't do that too often
483 to prevent storms. */
484 if(from->last_req_key < now.tv_sec - 10) {
485 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
491 send_mtu_info(myself, from, MTU);
495 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
496 if(!n->status.validkey && !n->connection)
502 if((!(DATA(origpkt)[12] | DATA(origpkt)[13])) && (n->sptps.outstate)) {
503 sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len);
507 if(routing_mode == RMODE_ROUTER)
512 if(origpkt->len < offset)
517 if(n->outcompression) {
519 int len = compress_packet(DATA(&outpkt) + offset, DATA(origpkt) + offset, origpkt->len - offset, n->outcompression);
521 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
522 } else if(len < origpkt->len - offset) {
523 outpkt.len = len + offset;
525 type |= PKT_COMPRESSED;
529 /* If we have a direct metaconnection to n, and we can't use UDP, then
530 don't bother with SPTPS and just use a "plaintext" PACKET message.
531 We don't really care about end-to-end security since we're not
532 sending the message through any intermediate nodes. */
533 if(n->connection && origpkt->len > n->minmtu)
534 send_tcppacket(n->connection, origpkt);
536 sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset);
540 static void adapt_socket(const sockaddr_t *sa, int *sock) {
541 /* Make sure we have a suitable socket for the chosen address */
542 if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) {
543 for(int i = 0; i < listen_sockets; i++) {
544 if(listen_socket[i].sa.sa.sa_family == sa->sa.sa_family) {
552 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
557 /* If the UDP address is confirmed, use it. */
558 if(n->status.udp_confirmed)
561 /* Send every third packet to n->address; that could be set
562 to the node's reflexive UDP address discovered during key
571 /* Otherwise, address are found in edges to this node.
572 So we pick a random edge and a random socket. */
575 int j = rand() % n->edge_tree->count;
576 edge_t *candidate = NULL;
578 for splay_each(edge_t, e, n->edge_tree) {
580 candidate = e->reverse;
586 *sa = &candidate->address;
587 *sock = rand() % listen_sockets;
590 adapt_socket(*sa, sock);
593 static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) {
596 /* Pick one of the edges from this node at random, then use its local address. */
599 int j = rand() % n->edge_tree->count;
600 edge_t *candidate = NULL;
602 for splay_each(edge_t, e, n->edge_tree) {
609 if (candidate && candidate->local_address.sa.sa_family) {
610 *sa = &candidate->local_address;
611 *sock = rand() % listen_sockets;
612 adapt_socket(*sa, sock);
616 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
617 vpn_packet_t pkt1, pkt2;
618 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
619 vpn_packet_t *inpkt = origpkt;
621 vpn_packet_t *outpkt;
622 int origlen = origpkt->len;
624 int origpriority = origpkt->priority;
626 pkt1.offset = DEFAULT_PACKET_OFFSET;
627 pkt2.offset = DEFAULT_PACKET_OFFSET;
629 if(!n->status.reachable) {
630 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
635 return send_sptps_packet(n, origpkt);
637 #ifdef DISABLE_LEGACY
640 /* Make sure we have a valid key */
642 if(!n->status.validkey) {
643 logger(DEBUG_TRAFFIC, LOG_INFO,
644 "No valid key known yet for %s (%s), forwarding via TCP",
645 n->name, n->hostname);
646 send_tcppacket(n->nexthop->connection, origpkt);
650 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (DATA(inpkt)[12] | DATA(inpkt)[13])) {
651 logger(DEBUG_TRAFFIC, LOG_INFO,
652 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
653 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
656 send_packet(n->nexthop, origpkt);
658 send_tcppacket(n->nexthop->connection, origpkt);
663 /* Compress the packet */
665 if(n->outcompression) {
666 outpkt = pkt[nextpkt++];
668 if((outpkt->len = compress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->outcompression)) < 0) {
669 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
670 n->name, n->hostname);
677 /* Add sequence number */
679 seqno_t seqno = htonl(++(n->sent_seqno));
680 memcpy(SEQNO(inpkt), &seqno, sizeof(seqno));
681 inpkt->len += sizeof(seqno);
683 /* Encrypt the packet */
685 if(cipher_active(n->outcipher)) {
686 outpkt = pkt[nextpkt++];
689 if(!cipher_encrypt(n->outcipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
690 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
694 outpkt->len = outlen;
698 /* Add the message authentication code */
700 if(digest_active(n->outdigest)) {
701 if(!digest_create(n->outdigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
702 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
706 inpkt->len += digest_length(n->outdigest);
709 /* Send the packet */
711 const sockaddr_t *sa = NULL;
714 if(n->status.send_locally)
715 choose_local_address(n, &sa, &sock);
717 choose_udp_address(n, &sa, &sock);
719 if(priorityinheritance && origpriority != listen_socket[sock].priority) {
720 listen_socket[sock].priority = origpriority;
721 switch(sa->sa.sa_family) {
722 #if defined(IPPROTO_IP) && defined(IP_TOS)
724 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", origpriority);
725 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IP, IP_TOS, (void *)&origpriority, sizeof(origpriority))) /* SO_PRIORITY doesn't seem to work */
726 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
729 #if defined(IPPROTO_IPV6) & defined(IPV6_TCLASS)
731 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", origpriority);
732 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&origpriority, sizeof(origpriority))) /* SO_PRIORITY doesn't seem to work */
733 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
741 if(sendto(listen_socket[sock].udp.fd, (void *)SEQNO(inpkt), inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
742 if(sockmsgsize(sockerrno)) {
743 if(n->maxmtu >= origlen)
744 n->maxmtu = origlen - 1;
745 if(n->mtu >= origlen)
746 n->mtu = origlen - 1;
749 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
753 origpkt->len = origlen;
757 bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_t len) {
758 node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop;
759 bool direct = from == myself && to == relay;
760 bool relay_supported = (relay->options >> 24) >= 4;
761 bool tcponly = (myself->options | relay->options) & OPTION_TCPONLY;
763 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU. */
765 if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
766 if(type != SPTPS_HANDSHAKE && (to->nexthop->connection->options >> 24) >= 7) {
767 char buf[len + sizeof(to->id) + sizeof from->id]; char* buf_ptr = buf;
768 memcpy(buf_ptr, &to->id, sizeof(to->id)); buf_ptr += sizeof to->id;
769 memcpy(buf_ptr, &from->id, sizeof(from->id)); buf_ptr += sizeof from->id;
770 memcpy(buf_ptr, data, len);
771 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (TCP)", from->name, from->hostname, to->name, to->hostname, to->nexthop->name, to->nexthop->hostname);
772 return send_sptps_tcppacket(to->nexthop->connection, buf, sizeof(buf));
775 char buf[len * 4 / 3 + 5];
776 b64encode(data, buf, len);
777 /* If this is a handshake packet, use ANS_KEY instead of REQ_KEY, for two reasons:
778 - We don't want intermediate nodes to switch to UDP to relay these packets;
779 - ANS_KEY allows us to learn the reflexive UDP address. */
780 if(type == SPTPS_HANDSHAKE) {
781 to->incompression = myself->incompression;
782 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
784 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, SPTPS_PACKET, buf);
789 if(relay_supported) overhead += sizeof(to->id) + sizeof from->id;
790 char buf[len + overhead]; char* buf_ptr = buf;
791 if(relay_supported) {
793 /* Inform the recipient that this packet was sent directly. */
794 node_id_t nullid = {};
795 memcpy(buf_ptr, &nullid, sizeof(nullid)); buf_ptr += sizeof nullid;
797 memcpy(buf_ptr, &to->id, sizeof(to->id)); buf_ptr += sizeof to->id;
799 memcpy(buf_ptr, &from->id, sizeof(from->id)); buf_ptr += sizeof from->id;
802 /* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */
803 memcpy(buf_ptr, data, len); buf_ptr += len;
805 const sockaddr_t *sa = NULL;
807 if(relay->status.send_locally)
808 choose_local_address(relay, &sa, &sock);
810 choose_udp_address(relay, &sa, &sock);
811 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (UDP)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname);
812 if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
813 if(sockmsgsize(sockerrno)) {
814 // Compensate for SPTPS overhead
815 len -= SPTPS_DATAGRAM_OVERHEAD;
816 if(relay->maxmtu >= len)
817 relay->maxmtu = len - 1;
818 if(relay->mtu >= len)
819 relay->mtu = len - 1;
822 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno));
830 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
831 node_t *from = handle;
833 if(type == SPTPS_HANDSHAKE) {
834 if(!from->status.validkey) {
835 from->status.validkey = true;
836 from->status.waitingforkey = false;
837 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
843 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
848 inpkt.offset = DEFAULT_PACKET_OFFSET;
851 if(type == PKT_PROBE) {
852 if(!from->status.udppacket) {
853 logger(DEBUG_ALWAYS, LOG_ERR, "Got SPTPS PROBE packet from %s (%s) via TCP", from->name, from->hostname);
857 memcpy(DATA(&inpkt), data, len);
858 if(inpkt.len > from->maxrecentlen)
859 from->maxrecentlen = inpkt.len;
860 udp_probe_h(from, &inpkt, len);
864 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
865 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
869 /* Check if we have the headers we need */
870 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
871 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
873 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
874 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
877 int offset = (type & PKT_MAC) ? 0 : 14;
878 if(type & PKT_COMPRESSED) {
879 length_t ulen = uncompress_packet(DATA(&inpkt) + offset, (const uint8_t *)data, len, from->incompression);
883 inpkt.len = ulen + offset;
885 if(inpkt.len > MAXSIZE)
888 memcpy(DATA(&inpkt) + offset, data, len);
889 inpkt.len = len + offset;
892 /* Generate the Ethernet packet type if necessary */
894 switch(DATA(&inpkt)[14] >> 4) {
896 DATA(&inpkt)[12] = 0x08;
897 DATA(&inpkt)[13] = 0x00;
900 DATA(&inpkt)[12] = 0x86;
901 DATA(&inpkt)[13] = 0xDD;
904 logger(DEBUG_TRAFFIC, LOG_ERR,
905 "Unknown IP version %d while reading packet from %s (%s)",
906 DATA(&inpkt)[14] >> 4, from->name, from->hostname);
911 if(from->status.udppacket && inpkt.len > from->maxrecentlen)
912 from->maxrecentlen = inpkt.len;
914 receive_packet(from, &inpkt);
918 // This function tries to get SPTPS keys, if they aren't already known.
919 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if the keys are available.
920 static void try_sptps(node_t *n) {
921 if(n->status.validkey)
924 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
926 if(!n->status.waitingforkey)
928 else if(n->last_req_key + 10 < now.tv_sec) {
929 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
930 sptps_stop(&n->sptps);
931 n->status.waitingforkey = false;
938 static void send_udp_probe_packet(node_t *n, int len) {
940 packet.offset = DEFAULT_PACKET_OFFSET;
941 memset(DATA(&packet), 0, 14);
942 randomize(DATA(&packet) + 14, len - 14);
946 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending UDP probe length %d to %s (%s)", len, n->name, n->hostname);
948 send_udppacket(n, &packet);
951 // This function tries to establish a UDP tunnel to a node so that packets can be sent.
952 // If a tunnel is already established, it makes sure it stays up.
953 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if UDP is usable.
954 static void try_udp(node_t* n) {
958 /* Send gratuitous probe replies to 1.1 nodes. */
960 if((n->options >> 24) >= 3 && n->status.udp_confirmed) {
961 struct timeval ping_tx_elapsed;
962 timersub(&now, &n->udp_reply_sent, &ping_tx_elapsed);
964 if(ping_tx_elapsed.tv_sec >= udp_discovery_keepalive_interval - 1) {
965 n->udp_reply_sent = now;
966 if(n->maxrecentlen) {
968 pkt.len = n->maxrecentlen;
969 pkt.offset = DEFAULT_PACKET_OFFSET;
970 memset(DATA(&pkt), 0, 14);
971 randomize(DATA(&pkt) + 14, MIN_PROBE_SIZE - 14);
972 send_udp_probe_reply(n, &pkt, pkt.len);
980 struct timeval ping_tx_elapsed;
981 timersub(&now, &n->udp_ping_sent, &ping_tx_elapsed);
983 int interval = n->status.udp_confirmed ? udp_discovery_keepalive_interval : udp_discovery_interval;
985 if(ping_tx_elapsed.tv_sec >= interval) {
986 send_udp_probe_packet(n, MIN_PROBE_SIZE);
987 n->udp_ping_sent = now;
989 if(localdiscovery && !n->status.udp_confirmed && n->prevedge) {
990 n->status.send_locally = true;
991 send_udp_probe_packet(n, MIN_PROBE_SIZE);
992 n->status.send_locally = false;
997 static length_t choose_initial_maxmtu(node_t *n) {
1002 const sockaddr_t *sa = NULL;
1004 choose_udp_address(n, &sa, &sockindex);
1008 sock = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
1010 logger(DEBUG_TRAFFIC, LOG_ERR, "Creating MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1014 if(connect(sock, &sa->sa, SALEN(sa->sa))) {
1015 logger(DEBUG_TRAFFIC, LOG_ERR, "Connecting MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1021 socklen_t ip_mtu_len = sizeof(ip_mtu);
1022 if(getsockopt(sock, IPPROTO_IP, IP_MTU, &ip_mtu, &ip_mtu_len)) {
1023 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1030 /* getsockopt(IP_MTU) returns the MTU of the physical interface.
1031 We need to remove various overheads to get to the tinc MTU. */
1032 length_t mtu = ip_mtu;
1033 mtu -= (sa->sa.sa_family == AF_INET6) ? sizeof(struct ip6_hdr) : sizeof(struct ip);
1035 if(n->status.sptps) {
1036 mtu -= SPTPS_DATAGRAM_OVERHEAD;
1037 if((n->options >> 24) >= 4)
1038 mtu -= sizeof(node_id_t) + sizeof(node_id_t);
1039 #ifndef DISABLE_LEGACY
1041 mtu -= digest_length(n->outdigest);
1043 /* Now it's tricky. We use CBC mode, so the length of the
1044 encrypted payload must be a multiple of the blocksize. The
1045 sequence number is also part of the encrypted payload, so we
1046 must account for it after correcting for the blocksize.
1047 Furthermore, the padding in the last block must be at least
1050 length_t blocksize = cipher_blocksize(n->outcipher);
1063 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) returned absurdly small value: %d", n->name, n->hostname, ip_mtu);
1069 logger(DEBUG_TRAFFIC, LOG_INFO, "Using system-provided maximum tinc MTU for %s (%s): %hd", n->name, n->hostname, mtu);
1079 /* This function tries to determines the MTU of a node.
1080 By calling this function repeatedly, n->minmtu will be progressively
1081 increased, and at some point, n->mtu will be fixed to n->minmtu. If the MTU
1082 is already fixed, this function checks if it can be increased.
1085 static void try_mtu(node_t *n) {
1086 if(!(n->options & OPTION_PMTU_DISCOVERY))
1089 if(udp_discovery && !n->status.udp_confirmed) {
1090 n->maxrecentlen = 0;
1097 /* mtuprobes == 0..19: initial discovery, send bursts with 1 second interval, mtuprobes++
1098 mtuprobes == 20: fix MTU, and go to -1
1099 mtuprobes == -1: send one maxmtu and one maxmtu+1 probe every pinginterval
1100 mtuprobes ==-2..-3: send one maxmtu probe every second
1101 mtuprobes == -4: maxmtu no longer valid, reset minmtu and maxmtu and go to 0 */
1103 struct timeval elapsed;
1104 timersub(&now, &n->mtu_ping_sent, &elapsed);
1105 if(n->mtuprobes >= 0) {
1106 if(n->mtuprobes != 0 && elapsed.tv_sec == 0 && elapsed.tv_usec < 333333)
1109 if(n->mtuprobes < -1) {
1110 if(elapsed.tv_sec < 1)
1113 if(elapsed.tv_sec < pinginterval)
1118 n->mtu_ping_sent = now;
1122 if(n->mtuprobes < -3) {
1123 /* We lost three MTU probes, restart discovery */
1124 logger(DEBUG_TRAFFIC, LOG_INFO, "Decrease in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
1129 if(n->mtuprobes < 0) {
1130 /* After the initial discovery, we only send one maxmtu and one
1131 maxmtu+1 probe to detect PMTU increases. */
1132 send_udp_probe_packet(n, n->maxmtu);
1133 if(n->mtuprobes == -1 && n->maxmtu + 1 < MTU)
1134 send_udp_probe_packet(n, n->maxmtu + 1);
1137 /* Before initial discovery begins, set maxmtu to the most likely value.
1138 If it's underestimated, we will correct it after initial discovery. */
1139 if(n->mtuprobes == 0)
1140 n->maxmtu = choose_initial_maxmtu(n);
1143 /* Decreasing the number of probes per cycle might make the algorithm react faster to lost packets,
1144 but it will typically increase convergence time in the no-loss case. */
1145 const length_t probes_per_cycle = 8;
1147 /* This magic value was determined using math simulations.
1148 It will result in a 1329-byte first probe, followed (if there was a reply) by a 1407-byte probe.
1149 Since 1407 is just below the range of tinc MTUs over typical networks,
1150 this fine-tuning allows tinc to cover a lot of ground very quickly.
1151 This fine-tuning is only valid for maxmtu = MTU; if maxmtu is smaller,
1152 then it's better to use a multiplier of 1. Indeed, this leads to an interesting scenario
1153 if choose_initial_maxmtu() returns the actual MTU value - it will get confirmed with one single probe. */
1154 const float multiplier = (n->maxmtu == MTU) ? 0.97 : 1;
1156 const float cycle_position = probes_per_cycle - (n->mtuprobes % probes_per_cycle) - 1;
1157 const length_t minmtu = MAX(n->minmtu, 512);
1158 const float interval = n->maxmtu - minmtu;
1160 /* The core of the discovery algorithm is this exponential.
1161 It produces very large probes early in the cycle, and then it very quickly decreases the probe size.
1162 This reflects the fact that in the most difficult cases, we don't get any feedback for probes that
1163 are too large, and therefore we need to concentrate on small offsets so that we can quickly converge
1164 on the precise MTU as we are approaching it.
1165 The last probe of the cycle is always 1 byte in size - this is to make sure we'll get at least one
1166 reply per cycle so that we can make progress. */
1167 const length_t offset = powf(interval, multiplier * cycle_position / (probes_per_cycle - 1));
1169 length_t maxmtu = n->maxmtu;
1170 send_udp_probe_packet(n, minmtu + offset);
1171 /* If maxmtu changed, it means the probe was rejected by the system because it was too large.
1172 In that case, we recalculate with the new maxmtu and try again. */
1173 if(n->mtuprobes < 0 || maxmtu == n->maxmtu)
1177 if(n->mtuprobes >= 0)
1182 /* These functions try to establish a tunnel to a node (or its relay) so that
1183 packets can be sent (e.g. exchange keys).
1184 If a tunnel is already established, it tries to improve it (e.g. by trying
1185 to establish a UDP tunnel instead of TCP). This function makes no
1186 guarantees - it is up to the caller to check the node's state to figure out
1187 if TCP and/or UDP is usable. By calling this function repeatedly, the
1188 tunnel is gradually improved until we hit the wall imposed by the underlying
1189 network environment. It is recommended to call this function every time a
1190 packet is sent (or intended to be sent) to a node, so that the tunnel keeps
1191 improving as packets flow, and then gracefully downgrades itself as it goes
1195 static void try_tx_sptps(node_t *n, bool mtu) {
1196 /* If n is a TCP-only neighbor, we'll only use "cleartext" PACKET
1197 messages anyway, so there's no need for SPTPS at all. */
1199 if(n->connection && ((myself->options | n->options) & OPTION_TCPONLY))
1202 /* Otherwise, try to do SPTPS authentication with n if necessary. */
1206 /* Do we need to statically relay packets? */
1208 node_t *via = (n->via == myself) ? n->nexthop : n->via;
1210 /* If we do have a static relay, try everything with that one instead, if it supports relaying. */
1213 if((via->options >> 24) < 4)
1215 return try_tx(via, mtu);
1218 /* Otherwise, try to establish UDP connectivity. */
1224 /* If we don't have UDP connectivity (yet), we need to use a dynamic relay (nexthop)
1225 while we try to establish direct connectivity. */
1227 if(!n->status.udp_confirmed && n != n->nexthop && (n->nexthop->options >> 24) >= 4)
1228 try_tx(n->nexthop, mtu);
1231 static void try_tx_legacy(node_t *n, bool mtu) {
1232 /* Does he have our key? If not, send one. */
1234 if(!n->status.validkey_in)
1237 /* Check if we already have a key, or request one. */
1239 if(!n->status.validkey) {
1240 if(n->last_req_key + 10 <= now.tv_sec) {
1242 n->last_req_key = now.tv_sec;
1252 void try_tx(node_t *n, bool mtu) {
1253 if(!n->status.reachable)
1256 try_tx_sptps(n, mtu);
1258 try_tx_legacy(n, mtu);
1261 void send_packet(node_t *n, vpn_packet_t *packet) {
1262 // If it's for myself, write it to the tun/tap device.
1266 memcpy(DATA(packet), mymac.x, ETH_ALEN);
1267 // Use an arbitrary fake source address.
1268 memcpy(DATA(packet) + ETH_ALEN, DATA(packet), ETH_ALEN);
1269 DATA(packet)[ETH_ALEN * 2 - 1] ^= 0xFF;
1272 n->out_bytes += packet->len;
1273 devops.write(packet);
1277 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)", packet->len, n->name, n->hostname);
1279 // If the node is not reachable, drop it.
1281 if(!n->status.reachable) {
1282 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable", n->name, n->hostname);
1286 // Keep track of packet statistics.
1289 n->out_bytes += packet->len;
1291 // Check if it should be sent as an SPTPS packet.
1293 if(n->status.sptps) {
1294 send_sptps_packet(n, packet);
1299 // Determine which node to actually send it to.
1301 node_t *via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
1304 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)", n->name, via->name, n->via->hostname);
1306 // Try to send via UDP, unless TCP is forced.
1308 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
1309 if(!send_tcppacket(via->connection, packet))
1310 terminate_connection(via->connection, true);
1314 send_udppacket(via, packet);
1318 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
1319 // Always give ourself a copy of the packet.
1321 send_packet(myself, packet);
1323 // In TunnelServer mode, do not forward broadcast packets.
1324 // The MST might not be valid and create loops.
1325 if(tunnelserver || broadcast_mode == BMODE_NONE)
1328 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
1329 packet->len, from->name, from->hostname);
1331 switch(broadcast_mode) {
1332 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
1333 // This guarantees all nodes receive the broadcast packet, and
1334 // usually distributes the sending of broadcast packets over all nodes.
1336 for list_each(connection_t, c, connection_list)
1337 if(c->edge && c->status.mst && c != from->nexthop->connection)
1338 send_packet(c->node, packet);
1341 // In direct mode, we send copies to each node we know of.
1342 // However, this only reaches nodes that can be reached in a single hop.
1343 // We don't have enough information to forward broadcast packets in this case.
1348 for splay_each(node_t, n, node_tree)
1349 if(n->status.reachable && n != myself && ((n->via == myself && n->nexthop == n) || n->via == n))
1350 send_packet(n, packet);
1358 /* We got a packet from some IP address, but we don't know who sent it. Try to
1359 verify the message authentication code against all active session keys.
1360 Since this is actually an expensive operation, we only do a full check once
1361 a minute, the rest of the time we only check against nodes for which we know
1362 an IP address that matches the one from the packet. */
1364 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
1365 node_t *match = NULL;
1367 static time_t last_hard_try = 0;
1369 for splay_each(node_t, n, node_tree) {
1370 if(!n->status.reachable || n == myself)
1373 if(!n->status.validkey_in && !(n->status.sptps && n->sptps.instate))
1378 for splay_each(edge_t, e, n->edge_tree) {
1381 if(!sockaddrcmp_noport(from, &e->reverse->address)) {
1388 if(last_hard_try == now.tv_sec)
1393 if(!try_mac(n, pkt))
1401 last_hard_try = now.tv_sec;
1406 static void handle_incoming_vpn_packet(listen_socket_t *ls, vpn_packet_t *pkt, sockaddr_t *addr) {
1408 node_id_t nullid = {};
1410 bool direct = false;
1412 sockaddrunmap(addr); /* Some braindead IPv6 implementations do stupid things. */
1414 // Try to figure out who sent this packet.
1416 node_t *n = lookup_node_udp(addr);
1418 if(n && !n->status.udp_confirmed)
1419 n = NULL; // Don't believe it if we don't have confirmation yet.
1422 // It might be from a 1.1 node, which might have a source ID in the packet.
1423 pkt->offset = 2 * sizeof(node_id_t);
1424 from = lookup_node_id(SRCID(pkt));
1425 if(from && !memcmp(DSTID(pkt), &nullid, sizeof(nullid)) && from->status.sptps) {
1426 if(sptps_verify_datagram(&from->sptps, DATA(pkt), pkt->len - 2 * sizeof(node_id_t)))
1435 n = try_harder(addr, pkt);
1440 if(debug_level >= DEBUG_PROTOCOL) {
1441 hostname = sockaddr2hostname(addr);
1442 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1450 if(n->status.sptps) {
1451 bool relay_enabled = (n->options >> 24) >= 4;
1452 if (relay_enabled) {
1453 pkt->offset = 2 * sizeof(node_id_t);
1454 pkt->len -= pkt->offset;
1457 if(!memcmp(DSTID(pkt), &nullid, sizeof(nullid)) || !relay_enabled) {
1462 from = lookup_node_id(SRCID(pkt));
1463 to = lookup_node_id(DSTID(pkt));
1466 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from %s (%s) with unknown source and/or destination ID", n->name, n->hostname);
1470 if(!to->status.reachable) {
1471 /* This can happen in the form of a race condition
1472 if the node just became unreachable. */
1473 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
1477 /* The packet is supposed to come from the originator or its static relay
1478 (i.e. with no dynamic relays in between).
1479 If it did not, "help" the static relay by sending it UDP info.
1480 Note that we only do this if we're the destination or the static relay;
1481 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
1483 if(n != from->via && to->via == myself)
1484 send_udp_info(myself, from);
1486 /* If we're not the final recipient, relay the packet. */
1489 send_sptps_data(to, from, 0, DATA(pkt), pkt->len);
1498 if(!receive_udppacket(from, pkt))
1501 n->sock = ls - listen_socket;
1502 if(direct && sockaddrcmp(addr, &n->address))
1503 update_node_udp(n, addr);
1505 /* If the packet went through a relay, help the sender find the appropriate MTU
1506 through the relay path. */
1509 send_mtu_info(myself, n, MTU);
1512 void handle_incoming_vpn_data(void *data, int flags) {
1513 listen_socket_t *ls = data;
1515 #ifdef HAVE_RECVMMSG
1517 static int num = MAX_MSG;
1518 static vpn_packet_t pkt[MAX_MSG];
1519 static sockaddr_t addr[MAX_MSG];
1520 static struct mmsghdr msg[MAX_MSG];
1521 static struct iovec iov[MAX_MSG];
1523 for(int i = 0; i < num; i++) {
1526 iov[i] = (struct iovec){
1527 .iov_base = DATA(&pkt[i]),
1531 msg[i].msg_hdr = (struct msghdr){
1532 .msg_name = &addr[i].sa,
1533 .msg_namelen = sizeof(addr)[i],
1539 num = recvmmsg(ls->udp.fd, msg, MAX_MSG, MSG_DONTWAIT, NULL);
1542 if(!sockwouldblock(sockerrno))
1543 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1547 for(int i = 0; i < num; i++) {
1548 pkt[i].len = msg[i].msg_len;
1549 if(pkt[i].len <= 0 || pkt[i].len > MAXSIZE)
1551 handle_incoming_vpn_packet(ls, &pkt[i], &addr[i]);
1555 sockaddr_t addr = {};
1556 socklen_t addrlen = sizeof(addr);
1559 int len = recvfrom(ls->udp.fd, (void *)DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen);
1561 if(len <= 0 || len > MAXSIZE) {
1562 if(!sockwouldblock(sockerrno))
1563 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1569 handle_incoming_vpn_packet(ls, &pkt, &addr);
1573 void handle_device_data(void *data, int flags) {
1574 vpn_packet_t packet;
1575 packet.offset = DEFAULT_PACKET_OFFSET;
1576 packet.priority = 0;
1577 static int errors = 0;
1579 if(devops.read(&packet)) {
1581 myself->in_packets++;
1582 myself->in_bytes += packet.len;
1583 route(myself, &packet);
1585 usleep(errors * 50000);
1588 logger(DEBUG_ALWAYS, LOG_ERR, "Too many errors from %s, exiting!", device);
projects / tinc / blob