2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
33 #include "address_cache.h"
36 #include "connection.h"
53 #define MAX(a, b) ((a) > (b) ? (a) : (b))
56 /* The minimum size of a probe is 14 bytes, but since we normally use CBC mode
57 encryption, we can add a few extra random bytes without increasing the
58 resulting packet size. */
59 #define MIN_PROBE_SIZE 18
63 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
66 static void send_udppacket(node_t *, vpn_packet_t *);
68 unsigned replaywin = 32;
69 bool localdiscovery = true;
70 bool udp_discovery = true;
71 int udp_discovery_keepalive_interval = 10;
72 int udp_discovery_interval = 2;
73 int udp_discovery_timeout = 30;
75 #define MAX_SEQNO 1073741824
77 static void try_fix_mtu(node_t *n) {
78 if(n->mtuprobes < 0) {
82 if(n->mtuprobes == 20 || n->minmtu >= n->maxmtu) {
83 if(n->minmtu > n->maxmtu) {
84 n->minmtu = n->maxmtu;
86 n->maxmtu = n->minmtu;
90 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
95 static void udp_probe_timeout_handler(void *data) {
98 if(!n->status.udp_confirmed) {
102 logger(DEBUG_TRAFFIC, LOG_INFO, "Too much time has elapsed since last UDP ping response from %s (%s), stopping UDP communication", n->name, n->hostname);
103 n->status.udp_confirmed = false;
110 static void send_udp_probe_reply(node_t *n, vpn_packet_t *packet, length_t len) {
111 if(!n->status.sptps && !n->status.validkey) {
112 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP probe reply to %s (%s) but we don't have his key yet", n->name, n->hostname);
116 /* Type 2 probe replies were introduced in protocol 17.3 */
117 if((n->options >> 24) >= 3) {
119 uint16_t len16 = htons(len);
120 memcpy(DATA(packet) + 1, &len16, 2);
121 packet->len = MIN_PROBE_SIZE;
122 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 2 probe reply length %u to %s (%s)", len, n->name, n->hostname);
125 /* Legacy protocol: n won't understand type 2 probe replies. */
127 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 1 probe reply length %u to %s (%s)", len, n->name, n->hostname);
130 /* Temporarily set udp_confirmed, so that the reply is sent
131 back exactly the way it came in. */
133 bool udp_confirmed = n->status.udp_confirmed;
134 n->status.udp_confirmed = true;
135 send_udppacket(n, packet);
136 n->status.udp_confirmed = udp_confirmed;
139 static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
140 if(!DATA(packet)[0]) {
141 logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
142 send_udp_probe_reply(n, packet, len);
146 if(DATA(packet)[0] == 2) {
147 // It's a type 2 probe reply, use the length field inside the packet
149 memcpy(&len16, DATA(packet) + 1, 2);
153 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s)", DATA(packet)[0], len, n->name, n->hostname);
155 /* It's a valid reply: now we know bidirectional communication
156 is possible using the address and socket that the reply
158 if(!n->status.udp_confirmed) {
159 n->status.udp_confirmed = true;
160 fprintf(stderr, "Updating address cache...\n");
162 if(!n->address_cache) {
163 n->address_cache = open_address_cache(n);
166 reset_address_cache(n->address_cache, &n->address);
169 // Reset the UDP ping timer.
170 n->udp_ping_sent = now;
173 timeout_del(&n->udp_ping_timeout);
174 timeout_add(&n->udp_ping_timeout, &udp_probe_timeout_handler, n, &(struct timeval) {
175 udp_discovery_timeout, 0
179 if(len > n->maxmtu) {
180 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
183 /* Set mtuprobes to 1 so that try_mtu() doesn't reset maxmtu */
186 } else if(n->mtuprobes < 0 && len == n->maxmtu) {
187 /* We got a maxmtu sized packet, confirming the PMTU is still valid. */
189 n->mtu_ping_sent = now;
192 /* If applicable, raise the minimum supported MTU */
194 if(n->minmtu < len) {
200 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
202 memcpy(dest, source, len);
204 } else if(level == 10) {
206 lzo_uint lzolen = MAXSIZE;
207 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
212 } else if(level < 10) {
214 unsigned long destlen = MAXSIZE;
216 if(compress2(dest, &destlen, source, len, level) == Z_OK) {
223 lzo_uint lzolen = MAXSIZE;
224 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
234 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
236 memcpy(dest, source, len);
238 } else if(level > 9) {
240 lzo_uint lzolen = MAXSIZE;
242 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) {
251 unsigned long destlen = MAXSIZE;
253 if(uncompress(dest, &destlen, source, len) == Z_OK) {
267 static void receive_packet(node_t *n, vpn_packet_t *packet) {
268 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
269 packet->len, n->name, n->hostname);
272 n->in_bytes += packet->len;
277 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
278 if(n->status.sptps) {
279 return sptps_verify_datagram(&n->sptps, DATA(inpkt), inpkt->len);
282 #ifdef DISABLE_LEGACY
286 if(!n->status.validkey_in || !digest_active(n->indigest) || inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
290 return digest_verify(n->indigest, inpkt->data, inpkt->len - digest_length(n->indigest), inpkt->data + inpkt->len - digest_length(n->indigest));
294 static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
295 vpn_packet_t pkt1, pkt2;
296 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
299 pkt1.offset = DEFAULT_PACKET_OFFSET;
300 pkt2.offset = DEFAULT_PACKET_OFFSET;
302 if(n->status.sptps) {
303 if(!n->sptps.state) {
304 if(!n->status.waitingforkey) {
305 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
308 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
314 n->status.udppacket = true;
315 bool result = sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len);
316 n->status.udppacket = false;
319 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
320 so let's restart SPTPS in case that helps. But don't do that too often
321 to prevent storms, and because that would make life a little too easy
322 for external attackers trying to DoS us. */
323 if(n->last_req_key < now.tv_sec - 10) {
324 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", n->name, n->hostname);
334 #ifdef DISABLE_LEGACY
338 if(!n->status.validkey_in) {
339 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
343 /* Check packet length */
345 if(inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
346 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
347 n->name, n->hostname);
351 /* It's a legacy UDP packet, the data starts after the seqno */
353 inpkt->offset += sizeof(seqno_t);
355 /* Check the message authentication code */
357 if(digest_active(n->indigest)) {
358 inpkt->len -= digest_length(n->indigest);
360 if(!digest_verify(n->indigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
361 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
366 /* Decrypt the packet */
368 if(cipher_active(n->incipher)) {
369 vpn_packet_t *outpkt = pkt[nextpkt++];
372 if(!cipher_decrypt(n->incipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
373 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
377 outpkt->len = outlen;
381 /* Check the sequence number */
384 memcpy(&seqno, SEQNO(inpkt), sizeof(seqno));
385 seqno = ntohl(seqno);
386 inpkt->len -= sizeof(seqno);
389 if(seqno != n->received_seqno + 1) {
390 if(seqno >= n->received_seqno + replaywin * 8) {
391 if(n->farfuture++ < replaywin >> 2) {
392 logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
393 n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture);
397 logger(DEBUG_TRAFFIC, LOG_WARNING, "Lost %d packets from %s (%s)",
398 seqno - n->received_seqno - 1, n->name, n->hostname);
399 memset(n->late, 0, replaywin);
400 } else if(seqno <= n->received_seqno) {
401 if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) {
402 logger(DEBUG_TRAFFIC, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
403 n->name, n->hostname, seqno, n->received_seqno);
407 for(int i = n->received_seqno + 1; i < seqno; i++) {
408 n->late[(i / 8) % replaywin] |= 1 << i % 8;
414 n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8);
417 if(seqno > n->received_seqno) {
418 n->received_seqno = seqno;
423 if(n->received_seqno > MAX_SEQNO) {
427 /* Decompress the packet */
429 length_t origlen = inpkt->len;
431 if(n->incompression) {
432 vpn_packet_t *outpkt = pkt[nextpkt++];
434 if((outpkt->len = uncompress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->incompression)) < 0) {
435 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
436 n->name, n->hostname);
442 origlen -= MTU / 64 + 20;
445 if(inpkt->len > n->maxrecentlen) {
446 n->maxrecentlen = inpkt->len;
451 if(!DATA(inpkt)[12] && !DATA(inpkt)[13]) {
452 udp_probe_h(n, inpkt, origlen);
454 receive_packet(n, inpkt);
461 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
463 outpkt.offset = DEFAULT_PACKET_OFFSET;
465 if(len > sizeof(outpkt.data) - outpkt.offset) {
471 if(c->options & OPTION_TCPONLY) {
474 outpkt.priority = -1;
477 memcpy(DATA(&outpkt), buffer, len);
479 receive_packet(c->node, &outpkt);
482 bool receive_tcppacket_sptps(connection_t *c, const char *data, int len) {
483 if(len < sizeof(node_id_t) + sizeof(node_id_t)) {
484 logger(DEBUG_PROTOCOL, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname);
488 node_t *to = lookup_node_id((node_id_t *)data);
489 data += sizeof(node_id_t);
490 len -= sizeof(node_id_t);
493 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown destination ID", c->name, c->hostname);
497 node_t *from = lookup_node_id((node_id_t *)data);
498 data += sizeof(node_id_t);
499 len -= sizeof(node_id_t);
502 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown source ID", c->name, c->hostname);
506 if(!to->status.reachable) {
507 /* This can happen in the form of a race condition
508 if the node just became unreachable. */
509 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay TCP packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
513 /* Help the sender reach us over UDP.
514 Note that we only do this if we're the destination or the static relay;
515 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
516 if(to->via == myself) {
517 send_udp_info(myself, from);
520 /* If we're not the final recipient, relay the packet. */
523 send_sptps_data(to, from, 0, data, len);
528 /* The packet is for us */
530 if(!sptps_receive_data(&from->sptps, data, len)) {
531 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
532 so let's restart SPTPS in case that helps. But don't do that too often
533 to prevent storms. */
534 if(from->last_req_key < now.tv_sec - 10) {
535 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
542 send_mtu_info(myself, from, MTU);
546 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
547 if(!n->status.validkey && !n->connection) {
554 if((!(DATA(origpkt)[12] | DATA(origpkt)[13])) && (n->sptps.outstate)) {
555 sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len);
559 if(routing_mode == RMODE_ROUTER) {
565 if(origpkt->len < offset) {
571 if(n->outcompression) {
573 int len = compress_packet(DATA(&outpkt) + offset, DATA(origpkt) + offset, origpkt->len - offset, n->outcompression);
576 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
577 } else if(len < origpkt->len - offset) {
578 outpkt.len = len + offset;
580 type |= PKT_COMPRESSED;
584 /* If we have a direct metaconnection to n, and we can't use UDP, then
585 don't bother with SPTPS and just use a "plaintext" PACKET message.
586 We don't really care about end-to-end security since we're not
587 sending the message through any intermediate nodes. */
588 if(n->connection && origpkt->len > n->minmtu) {
589 send_tcppacket(n->connection, origpkt);
591 sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset);
597 static void adapt_socket(const sockaddr_t *sa, int *sock) {
598 /* Make sure we have a suitable socket for the chosen address */
599 if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) {
600 for(int i = 0; i < listen_sockets; i++) {
601 if(listen_socket[i].sa.sa.sa_family == sa->sa.sa_family) {
609 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
614 /* If the UDP address is confirmed, use it. */
615 if(n->status.udp_confirmed) {
619 /* Send every third packet to n->address; that could be set
620 to the node's reflexive UDP address discovered during key
630 /* Otherwise, address are found in edges to this node.
631 So we pick a random edge and a random socket. */
634 int j = rand() % n->edge_tree->count;
635 edge_t *candidate = NULL;
637 for splay_each(edge_t, e, n->edge_tree) {
639 candidate = e->reverse;
645 *sa = &candidate->address;
646 *sock = rand() % listen_sockets;
649 adapt_socket(*sa, sock);
652 static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) {
655 /* Pick one of the edges from this node at random, then use its local address. */
658 int j = rand() % n->edge_tree->count;
659 edge_t *candidate = NULL;
661 for splay_each(edge_t, e, n->edge_tree) {
668 if(candidate && candidate->local_address.sa.sa_family) {
669 *sa = &candidate->local_address;
670 *sock = rand() % listen_sockets;
671 adapt_socket(*sa, sock);
675 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
676 vpn_packet_t pkt1, pkt2;
677 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
678 vpn_packet_t *inpkt = origpkt;
680 vpn_packet_t *outpkt;
681 int origlen = origpkt->len;
683 int origpriority = origpkt->priority;
685 pkt1.offset = DEFAULT_PACKET_OFFSET;
686 pkt2.offset = DEFAULT_PACKET_OFFSET;
688 if(!n->status.reachable) {
689 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
693 if(n->status.sptps) {
694 send_sptps_packet(n, origpkt);
698 #ifdef DISABLE_LEGACY
701 /* Make sure we have a valid key */
703 if(!n->status.validkey) {
704 logger(DEBUG_TRAFFIC, LOG_INFO,
705 "No valid key known yet for %s (%s), forwarding via TCP",
706 n->name, n->hostname);
707 send_tcppacket(n->nexthop->connection, origpkt);
711 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (DATA(inpkt)[12] | DATA(inpkt)[13])) {
712 logger(DEBUG_TRAFFIC, LOG_INFO,
713 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
714 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
716 if(n != n->nexthop) {
717 send_packet(n->nexthop, origpkt);
719 send_tcppacket(n->nexthop->connection, origpkt);
725 /* Compress the packet */
727 if(n->outcompression) {
728 outpkt = pkt[nextpkt++];
730 if((outpkt->len = compress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->outcompression)) < 0) {
731 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
732 n->name, n->hostname);
739 /* Add sequence number */
741 seqno_t seqno = htonl(++(n->sent_seqno));
742 memcpy(SEQNO(inpkt), &seqno, sizeof(seqno));
743 inpkt->len += sizeof(seqno);
745 /* Encrypt the packet */
747 if(cipher_active(n->outcipher)) {
748 outpkt = pkt[nextpkt++];
751 if(!cipher_encrypt(n->outcipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
752 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
756 outpkt->len = outlen;
760 /* Add the message authentication code */
762 if(digest_active(n->outdigest)) {
763 if(!digest_create(n->outdigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
764 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
768 inpkt->len += digest_length(n->outdigest);
771 /* Send the packet */
773 const sockaddr_t *sa = NULL;
776 if(n->status.send_locally) {
777 choose_local_address(n, &sa, &sock);
781 choose_udp_address(n, &sa, &sock);
784 if(priorityinheritance && origpriority != listen_socket[sock].priority) {
785 listen_socket[sock].priority = origpriority;
787 switch(sa->sa.sa_family) {
791 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", origpriority);
793 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IP, IP_TOS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
794 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
799 #if defined(IPV6_TCLASS)
802 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", origpriority);
804 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
805 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
816 if(sendto(listen_socket[sock].udp.fd, (void *)SEQNO(inpkt), inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
817 if(sockmsgsize(sockerrno)) {
818 if(n->maxmtu >= origlen) {
819 n->maxmtu = origlen - 1;
822 if(n->mtu >= origlen) {
823 n->mtu = origlen - 1;
828 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
833 origpkt->len = origlen;
837 bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_t len) {
838 node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop;
839 bool direct = from == myself && to == relay;
840 bool relay_supported = (relay->options >> 24) >= 4;
841 bool tcponly = (myself->options | relay->options) & OPTION_TCPONLY;
843 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU. */
845 if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
846 if(type != SPTPS_HANDSHAKE && (to->nexthop->connection->options >> 24) >= 7) {
847 char buf[len + sizeof(to->id) + sizeof(from->id)];
849 memcpy(buf_ptr, &to->id, sizeof(to->id));
850 buf_ptr += sizeof(to->id);
851 memcpy(buf_ptr, &from->id, sizeof(from->id));
852 buf_ptr += sizeof(from->id);
853 memcpy(buf_ptr, data, len);
854 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (TCP)", from->name, from->hostname, to->name, to->hostname, to->nexthop->name, to->nexthop->hostname);
855 return send_sptps_tcppacket(to->nexthop->connection, buf, sizeof(buf));
858 char buf[len * 4 / 3 + 5];
859 b64encode(data, buf, len);
861 /* If this is a handshake packet, use ANS_KEY instead of REQ_KEY, for two reasons:
862 - We don't want intermediate nodes to switch to UDP to relay these packets;
863 - ANS_KEY allows us to learn the reflexive UDP address. */
864 if(type == SPTPS_HANDSHAKE) {
865 to->incompression = myself->incompression;
866 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
868 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, SPTPS_PACKET, buf);
874 if(relay_supported) {
875 overhead += sizeof(to->id) + sizeof(from->id);
878 char buf[len + overhead];
881 if(relay_supported) {
883 /* Inform the recipient that this packet was sent directly. */
884 node_id_t nullid = {{0}};
885 memcpy(buf_ptr, &nullid, sizeof(nullid));
886 buf_ptr += sizeof(nullid);
888 memcpy(buf_ptr, &to->id, sizeof(to->id));
889 buf_ptr += sizeof(to->id);
892 memcpy(buf_ptr, &from->id, sizeof(from->id));
893 buf_ptr += sizeof(from->id);
897 /* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */
898 memcpy(buf_ptr, data, len);
901 const sockaddr_t *sa = NULL;
904 if(relay->status.send_locally) {
905 choose_local_address(relay, &sa, &sock);
909 choose_udp_address(relay, &sa, &sock);
912 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (UDP)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname);
914 if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
915 if(sockmsgsize(sockerrno)) {
916 // Compensate for SPTPS overhead
917 len -= SPTPS_DATAGRAM_OVERHEAD;
919 if(relay->maxmtu >= len) {
920 relay->maxmtu = len - 1;
923 if(relay->mtu >= len) {
924 relay->mtu = len - 1;
929 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno));
937 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
938 node_t *from = handle;
940 if(type == SPTPS_HANDSHAKE) {
941 if(!from->status.validkey) {
942 from->status.validkey = true;
943 from->status.waitingforkey = false;
944 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) successful", from->name, from->hostname);
951 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
956 inpkt.offset = DEFAULT_PACKET_OFFSET;
959 if(type == PKT_PROBE) {
960 if(!from->status.udppacket) {
961 logger(DEBUG_ALWAYS, LOG_ERR, "Got SPTPS PROBE packet from %s (%s) via TCP", from->name, from->hostname);
966 memcpy(DATA(&inpkt), data, len);
968 if(inpkt.len > from->maxrecentlen) {
969 from->maxrecentlen = inpkt.len;
972 udp_probe_h(from, &inpkt, len);
976 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
977 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
981 /* Check if we have the headers we need */
982 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
983 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
985 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
986 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
989 int offset = (type & PKT_MAC) ? 0 : 14;
991 if(type & PKT_COMPRESSED) {
992 length_t ulen = uncompress_packet(DATA(&inpkt) + offset, (const uint8_t *)data, len, from->incompression);
997 inpkt.len = ulen + offset;
1000 if(inpkt.len > MAXSIZE) {
1004 memcpy(DATA(&inpkt) + offset, data, len);
1005 inpkt.len = len + offset;
1008 /* Generate the Ethernet packet type if necessary */
1010 switch(DATA(&inpkt)[14] >> 4) {
1012 DATA(&inpkt)[12] = 0x08;
1013 DATA(&inpkt)[13] = 0x00;
1017 DATA(&inpkt)[12] = 0x86;
1018 DATA(&inpkt)[13] = 0xDD;
1022 logger(DEBUG_TRAFFIC, LOG_ERR,
1023 "Unknown IP version %d while reading packet from %s (%s)",
1024 DATA(&inpkt)[14] >> 4, from->name, from->hostname);
1029 if(from->status.udppacket && inpkt.len > from->maxrecentlen) {
1030 from->maxrecentlen = inpkt.len;
1033 receive_packet(from, &inpkt);
1037 // This function tries to get SPTPS keys, if they aren't already known.
1038 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if the keys are available.
1039 static void try_sptps(node_t *n) {
1040 if(n->status.validkey) {
1044 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
1046 if(!n->status.waitingforkey) {
1048 } else if(n->last_req_key + 10 < now.tv_sec) {
1049 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
1050 sptps_stop(&n->sptps);
1051 n->status.waitingforkey = false;
1058 static void send_udp_probe_packet(node_t *n, int len) {
1059 vpn_packet_t packet;
1060 packet.offset = DEFAULT_PACKET_OFFSET;
1061 memset(DATA(&packet), 0, 14);
1062 randomize(DATA(&packet) + 14, len - 14);
1064 packet.priority = 0;
1066 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending UDP probe length %d to %s (%s)", len, n->name, n->hostname);
1068 send_udppacket(n, &packet);
1071 // This function tries to establish a UDP tunnel to a node so that packets can be sent.
1072 // If a tunnel is already established, it makes sure it stays up.
1073 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if UDP is usable.
1074 static void try_udp(node_t *n) {
1075 if(!udp_discovery) {
1079 /* Send gratuitous probe replies to 1.1 nodes. */
1081 if((n->options >> 24) >= 3 && n->status.udp_confirmed) {
1082 struct timeval ping_tx_elapsed;
1083 timersub(&now, &n->udp_reply_sent, &ping_tx_elapsed);
1085 if(ping_tx_elapsed.tv_sec >= udp_discovery_keepalive_interval - 1) {
1086 n->udp_reply_sent = now;
1088 if(n->maxrecentlen) {
1090 pkt.len = n->maxrecentlen;
1091 pkt.offset = DEFAULT_PACKET_OFFSET;
1092 memset(DATA(&pkt), 0, 14);
1093 randomize(DATA(&pkt) + 14, MIN_PROBE_SIZE - 14);
1094 send_udp_probe_reply(n, &pkt, pkt.len);
1095 n->maxrecentlen = 0;
1102 struct timeval ping_tx_elapsed;
1103 timersub(&now, &n->udp_ping_sent, &ping_tx_elapsed);
1105 int interval = n->status.udp_confirmed ? udp_discovery_keepalive_interval : udp_discovery_interval;
1107 if(ping_tx_elapsed.tv_sec >= interval) {
1108 send_udp_probe_packet(n, MIN_PROBE_SIZE);
1109 n->udp_ping_sent = now;
1111 if(localdiscovery && !n->status.udp_confirmed && n->prevedge) {
1112 n->status.send_locally = true;
1113 send_udp_probe_packet(n, MIN_PROBE_SIZE);
1114 n->status.send_locally = false;
1119 static length_t choose_initial_maxmtu(node_t *n) {
1124 const sockaddr_t *sa = NULL;
1126 choose_udp_address(n, &sa, &sockindex);
1132 sock = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
1135 logger(DEBUG_TRAFFIC, LOG_ERR, "Creating MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1139 if(connect(sock, &sa->sa, SALEN(sa->sa))) {
1140 logger(DEBUG_TRAFFIC, LOG_ERR, "Connecting MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1146 socklen_t ip_mtu_len = sizeof(ip_mtu);
1148 if(getsockopt(sock, IPPROTO_IP, IP_MTU, &ip_mtu, &ip_mtu_len)) {
1149 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1156 /* getsockopt(IP_MTU) returns the MTU of the physical interface.
1157 We need to remove various overheads to get to the tinc MTU. */
1158 length_t mtu = ip_mtu;
1159 mtu -= (sa->sa.sa_family == AF_INET6) ? sizeof(struct ip6_hdr) : sizeof(struct ip);
1162 if(n->status.sptps) {
1163 mtu -= SPTPS_DATAGRAM_OVERHEAD;
1165 if((n->options >> 24) >= 4) {
1166 mtu -= sizeof(node_id_t) + sizeof(node_id_t);
1169 #ifndef DISABLE_LEGACY
1171 mtu -= digest_length(n->outdigest);
1173 /* Now it's tricky. We use CBC mode, so the length of the
1174 encrypted payload must be a multiple of the blocksize. The
1175 sequence number is also part of the encrypted payload, so we
1176 must account for it after correcting for the blocksize.
1177 Furthermore, the padding in the last block must be at least
1180 length_t blocksize = cipher_blocksize(n->outcipher);
1193 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) returned absurdly small value: %d", n->name, n->hostname, ip_mtu);
1201 logger(DEBUG_TRAFFIC, LOG_INFO, "Using system-provided maximum tinc MTU for %s (%s): %hd", n->name, n->hostname, mtu);
1211 /* This function tries to determines the MTU of a node.
1212 By calling this function repeatedly, n->minmtu will be progressively
1213 increased, and at some point, n->mtu will be fixed to n->minmtu. If the MTU
1214 is already fixed, this function checks if it can be increased.
1217 static void try_mtu(node_t *n) {
1218 if(!(n->options & OPTION_PMTU_DISCOVERY)) {
1222 if(udp_discovery && !n->status.udp_confirmed) {
1223 n->maxrecentlen = 0;
1230 /* mtuprobes == 0..19: initial discovery, send bursts with 1 second interval, mtuprobes++
1231 mtuprobes == 20: fix MTU, and go to -1
1232 mtuprobes == -1: send one maxmtu and one maxmtu+1 probe every pinginterval
1233 mtuprobes ==-2..-3: send one maxmtu probe every second
1234 mtuprobes == -4: maxmtu no longer valid, reset minmtu and maxmtu and go to 0 */
1236 struct timeval elapsed;
1237 timersub(&now, &n->mtu_ping_sent, &elapsed);
1239 if(n->mtuprobes >= 0) {
1240 if(n->mtuprobes != 0 && elapsed.tv_sec == 0 && elapsed.tv_usec < 333333) {
1244 if(n->mtuprobes < -1) {
1245 if(elapsed.tv_sec < 1) {
1249 if(elapsed.tv_sec < pinginterval) {
1255 n->mtu_ping_sent = now;
1259 if(n->mtuprobes < -3) {
1260 /* We lost three MTU probes, restart discovery */
1261 logger(DEBUG_TRAFFIC, LOG_INFO, "Decrease in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
1266 if(n->mtuprobes < 0) {
1267 /* After the initial discovery, we only send one maxmtu and one
1268 maxmtu+1 probe to detect PMTU increases. */
1269 send_udp_probe_packet(n, n->maxmtu);
1271 if(n->mtuprobes == -1 && n->maxmtu + 1 < MTU) {
1272 send_udp_probe_packet(n, n->maxmtu + 1);
1277 /* Before initial discovery begins, set maxmtu to the most likely value.
1278 If it's underestimated, we will correct it after initial discovery. */
1279 if(n->mtuprobes == 0) {
1280 n->maxmtu = choose_initial_maxmtu(n);
1284 /* Decreasing the number of probes per cycle might make the algorithm react faster to lost packets,
1285 but it will typically increase convergence time in the no-loss case. */
1286 const length_t probes_per_cycle = 8;
1288 /* This magic value was determined using math simulations.
1289 It will result in a 1329-byte first probe, followed (if there was a reply) by a 1407-byte probe.
1290 Since 1407 is just below the range of tinc MTUs over typical networks,
1291 this fine-tuning allows tinc to cover a lot of ground very quickly.
1292 This fine-tuning is only valid for maxmtu = MTU; if maxmtu is smaller,
1293 then it's better to use a multiplier of 1. Indeed, this leads to an interesting scenario
1294 if choose_initial_maxmtu() returns the actual MTU value - it will get confirmed with one single probe. */
1295 const float multiplier = (n->maxmtu == MTU) ? 0.97 : 1;
1297 const float cycle_position = probes_per_cycle - (n->mtuprobes % probes_per_cycle) - 1;
1298 const length_t minmtu = MAX(n->minmtu, 512);
1299 const float interval = n->maxmtu - minmtu;
1301 /* The core of the discovery algorithm is this exponential.
1302 It produces very large probes early in the cycle, and then it very quickly decreases the probe size.
1303 This reflects the fact that in the most difficult cases, we don't get any feedback for probes that
1304 are too large, and therefore we need to concentrate on small offsets so that we can quickly converge
1305 on the precise MTU as we are approaching it.
1306 The last probe of the cycle is always 1 byte in size - this is to make sure we'll get at least one
1307 reply per cycle so that we can make progress. */
1308 const length_t offset = powf(interval, multiplier * cycle_position / (probes_per_cycle - 1));
1310 length_t maxmtu = n->maxmtu;
1311 send_udp_probe_packet(n, minmtu + offset);
1313 /* If maxmtu changed, it means the probe was rejected by the system because it was too large.
1314 In that case, we recalculate with the new maxmtu and try again. */
1315 if(n->mtuprobes < 0 || maxmtu == n->maxmtu) {
1320 if(n->mtuprobes >= 0) {
1326 /* These functions try to establish a tunnel to a node (or its relay) so that
1327 packets can be sent (e.g. exchange keys).
1328 If a tunnel is already established, it tries to improve it (e.g. by trying
1329 to establish a UDP tunnel instead of TCP). This function makes no
1330 guarantees - it is up to the caller to check the node's state to figure out
1331 if TCP and/or UDP is usable. By calling this function repeatedly, the
1332 tunnel is gradually improved until we hit the wall imposed by the underlying
1333 network environment. It is recommended to call this function every time a
1334 packet is sent (or intended to be sent) to a node, so that the tunnel keeps
1335 improving as packets flow, and then gracefully downgrades itself as it goes
1339 static void try_tx_sptps(node_t *n, bool mtu) {
1340 /* If n is a TCP-only neighbor, we'll only use "cleartext" PACKET
1341 messages anyway, so there's no need for SPTPS at all. */
1343 if(n->connection && ((myself->options | n->options) & OPTION_TCPONLY)) {
1347 /* Otherwise, try to do SPTPS authentication with n if necessary. */
1351 /* Do we need to statically relay packets? */
1353 node_t *via = (n->via == myself) ? n->nexthop : n->via;
1355 /* If we do have a static relay, try everything with that one instead, if it supports relaying. */
1358 if((via->options >> 24) < 4) {
1366 /* Otherwise, try to establish UDP connectivity. */
1374 /* If we don't have UDP connectivity (yet), we need to use a dynamic relay (nexthop)
1375 while we try to establish direct connectivity. */
1377 if(!n->status.udp_confirmed && n != n->nexthop && (n->nexthop->options >> 24) >= 4) {
1378 try_tx(n->nexthop, mtu);
1382 static void try_tx_legacy(node_t *n, bool mtu) {
1383 /* Does he have our key? If not, send one. */
1385 if(!n->status.validkey_in) {
1389 /* Check if we already have a key, or request one. */
1391 if(!n->status.validkey) {
1392 if(n->last_req_key + 10 <= now.tv_sec) {
1394 n->last_req_key = now.tv_sec;
1407 void try_tx(node_t *n, bool mtu) {
1408 if(!n->status.reachable) {
1412 if(n->status.sptps) {
1413 try_tx_sptps(n, mtu);
1415 try_tx_legacy(n, mtu);
1419 void send_packet(node_t *n, vpn_packet_t *packet) {
1420 // If it's for myself, write it to the tun/tap device.
1424 memcpy(DATA(packet), mymac.x, ETH_ALEN);
1425 // Use an arbitrary fake source address.
1426 memcpy(DATA(packet) + ETH_ALEN, DATA(packet), ETH_ALEN);
1427 DATA(packet)[ETH_ALEN * 2 - 1] ^= 0xFF;
1431 n->out_bytes += packet->len;
1432 devops.write(packet);
1436 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)", packet->len, n->name, n->hostname);
1438 // If the node is not reachable, drop it.
1440 if(!n->status.reachable) {
1441 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable", n->name, n->hostname);
1445 // Keep track of packet statistics.
1448 n->out_bytes += packet->len;
1450 // Check if it should be sent as an SPTPS packet.
1452 if(n->status.sptps) {
1453 send_sptps_packet(n, packet);
1458 // Determine which node to actually send it to.
1460 node_t *via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
1463 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)", n->name, via->name, n->via->hostname);
1466 // Try to send via UDP, unless TCP is forced.
1468 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
1469 if(!send_tcppacket(via->connection, packet)) {
1470 terminate_connection(via->connection, true);
1476 send_udppacket(via, packet);
1480 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
1481 // Always give ourself a copy of the packet.
1482 if(from != myself) {
1483 send_packet(myself, packet);
1486 // In TunnelServer mode, do not forward broadcast packets.
1487 // The MST might not be valid and create loops.
1488 if(tunnelserver || broadcast_mode == BMODE_NONE) {
1492 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
1493 packet->len, from->name, from->hostname);
1495 switch(broadcast_mode) {
1496 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
1497 // This guarantees all nodes receive the broadcast packet, and
1498 // usually distributes the sending of broadcast packets over all nodes.
1500 for list_each(connection_t, c, connection_list)
1501 if(c->edge && c->status.mst && c != from->nexthop->connection) {
1502 send_packet(c->node, packet);
1507 // In direct mode, we send copies to each node we know of.
1508 // However, this only reaches nodes that can be reached in a single hop.
1509 // We don't have enough information to forward broadcast packets in this case.
1511 if(from != myself) {
1515 for splay_each(node_t, n, node_tree)
1516 if(n->status.reachable && n != myself && ((n->via == myself && n->nexthop == n) || n->via == n)) {
1517 send_packet(n, packet);
1527 /* We got a packet from some IP address, but we don't know who sent it. Try to
1528 verify the message authentication code against all active session keys.
1529 Since this is actually an expensive operation, we only do a full check once
1530 a minute, the rest of the time we only check against nodes for which we know
1531 an IP address that matches the one from the packet. */
1533 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
1534 node_t *match = NULL;
1536 static time_t last_hard_try = 0;
1538 for splay_each(node_t, n, node_tree) {
1539 if(!n->status.reachable || n == myself) {
1543 if(!n->status.validkey_in && !(n->status.sptps && n->sptps.instate)) {
1549 for splay_each(edge_t, e, n->edge_tree) {
1554 if(!sockaddrcmp_noport(from, &e->reverse->address)) {
1561 if(last_hard_try == now.tv_sec) {
1568 if(!try_mac(n, pkt)) {
1577 last_hard_try = now.tv_sec;
1583 static void handle_incoming_vpn_packet(listen_socket_t *ls, vpn_packet_t *pkt, sockaddr_t *addr) {
1585 node_id_t nullid = {{0}};
1587 bool direct = false;
1589 sockaddrunmap(addr); /* Some braindead IPv6 implementations do stupid things. */
1591 // Try to figure out who sent this packet.
1593 node_t *n = lookup_node_udp(addr);
1595 if(n && !n->status.udp_confirmed) {
1596 n = NULL; // Don't believe it if we don't have confirmation yet.
1600 // It might be from a 1.1 node, which might have a source ID in the packet.
1601 pkt->offset = 2 * sizeof(node_id_t);
1602 from = lookup_node_id(SRCID(pkt));
1604 if(from && !memcmp(DSTID(pkt), &nullid, sizeof(nullid)) && from->status.sptps) {
1605 if(sptps_verify_datagram(&from->sptps, DATA(pkt), pkt->len - 2 * sizeof(node_id_t))) {
1615 n = try_harder(addr, pkt);
1621 if(debug_level >= DEBUG_PROTOCOL) {
1622 hostname = sockaddr2hostname(addr);
1623 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1632 if(n->status.sptps) {
1633 bool relay_enabled = (n->options >> 24) >= 4;
1636 pkt->offset = 2 * sizeof(node_id_t);
1637 pkt->len -= pkt->offset;
1640 if(!memcmp(DSTID(pkt), &nullid, sizeof(nullid)) || !relay_enabled) {
1645 from = lookup_node_id(SRCID(pkt));
1646 to = lookup_node_id(DSTID(pkt));
1650 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from %s (%s) with unknown source and/or destination ID", n->name, n->hostname);
1654 if(!to->status.reachable) {
1655 /* This can happen in the form of a race condition
1656 if the node just became unreachable. */
1657 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
1661 /* The packet is supposed to come from the originator or its static relay
1662 (i.e. with no dynamic relays in between).
1663 If it did not, "help" the static relay by sending it UDP info.
1664 Note that we only do this if we're the destination or the static relay;
1665 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
1667 if(n != from->via && to->via == myself) {
1668 send_udp_info(myself, from);
1671 /* If we're not the final recipient, relay the packet. */
1674 send_sptps_data(to, from, 0, DATA(pkt), pkt->len);
1683 if(!receive_udppacket(from, pkt)) {
1687 n->sock = ls - listen_socket;
1689 if(direct && sockaddrcmp(addr, &n->address)) {
1690 update_node_udp(n, addr);
1693 /* If the packet went through a relay, help the sender find the appropriate MTU
1694 through the relay path. */
1697 send_mtu_info(myself, n, MTU);
1701 void handle_incoming_vpn_data(void *data, int flags) {
1702 listen_socket_t *ls = data;
1704 #ifdef HAVE_RECVMMSG
1706 static int num = MAX_MSG;
1707 static vpn_packet_t pkt[MAX_MSG];
1708 static sockaddr_t addr[MAX_MSG];
1709 static struct mmsghdr msg[MAX_MSG];
1710 static struct iovec iov[MAX_MSG];
1712 for(int i = 0; i < num; i++) {
1715 iov[i] = (struct iovec) {
1716 .iov_base = DATA(&pkt[i]),
1720 msg[i].msg_hdr = (struct msghdr) {
1721 .msg_name = &addr[i].sa,
1722 .msg_namelen = sizeof(addr)[i],
1728 num = recvmmsg(ls->udp.fd, msg, MAX_MSG, MSG_DONTWAIT, NULL);
1731 if(!sockwouldblock(sockerrno)) {
1732 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1738 for(int i = 0; i < num; i++) {
1739 pkt[i].len = msg[i].msg_len;
1741 if(pkt[i].len <= 0 || pkt[i].len > MAXSIZE) {
1745 handle_incoming_vpn_packet(ls, &pkt[i], &addr[i]);
1750 sockaddr_t addr = {};
1751 socklen_t addrlen = sizeof(addr);
1754 int len = recvfrom(ls->udp.fd, (void *)DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen);
1756 if(len <= 0 || len > MAXSIZE) {
1757 if(!sockwouldblock(sockerrno)) {
1758 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1766 handle_incoming_vpn_packet(ls, &pkt, &addr);
1770 void handle_device_data(void *data, int flags) {
1771 vpn_packet_t packet;
1772 packet.offset = DEFAULT_PACKET_OFFSET;
1773 packet.priority = 0;
1774 static int errors = 0;
1776 if(devops.read(&packet)) {
1778 myself->in_packets++;
1779 myself->in_bytes += packet.len;
1780 route(myself, &packet);
1782 usleep(errors * 50000);
1786 logger(DEBUG_ALWAYS, LOG_ERR, "Too many errors from %s, exiting!", device);
projects / tinc / blob