3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2021 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include "connection.h"
29 #include "compression.h"
55 static io_t device_io;
57 bool device_standby = false;
59 char *proxyhost = NULL;
60 char *proxyport = NULL;
61 char *proxyuser = NULL;
62 char *proxypass = NULL;
64 proxytype_t proxytype;
66 bool disablebuggypeers;
68 char *scriptinterpreter;
69 char *scriptextension;
71 bool node_read_ecdsa_public_key(node_t *n) {
72 if(ecdsa_active(n->ecdsa)) {
81 init_configuration(&config);
83 if(!read_host_config(&config, n->name, true)) {
87 /* First, check for simple Ed25519PublicKey statement */
89 if(get_config_string(lookup_config(&config, "Ed25519PublicKey"), &p)) {
90 n->ecdsa = ecdsa_set_base64_public_key(p);
95 /* Else, check for Ed25519PublicKeyFile statement and read it */
97 if(!get_config_string(lookup_config(&config, "Ed25519PublicKeyFile"), &pubname)) {
98 xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, n->name);
101 fp = fopen(pubname, "r");
107 n->ecdsa = ecdsa_read_pem_public_key(fp);
111 splay_empty_tree(&config);
116 static bool read_invitation_key(void) {
118 char fname[PATH_MAX];
121 ecdsa_free(invitation_key);
122 invitation_key = NULL;
125 snprintf(fname, sizeof(fname), "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);
127 fp = fopen(fname, "r");
130 invitation_key = ecdsa_read_pem_private_key(fp);
133 if(!invitation_key) {
134 logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname);
138 return invitation_key;
141 #ifndef DISABLE_LEGACY
142 static timeout_t keyexpire_timeout;
144 static void keyexpire_handler(void *data) {
146 timeout_set(data, &(struct timeval) {
147 keylifetime, jitter()
152 void regenerate_key(void) {
153 logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys");
156 for splay_each(node_t, n, &node_tree) {
157 n->status.validkey_in = false;
161 void load_all_nodes(void) {
164 char dname[PATH_MAX];
166 snprintf(dname, sizeof(dname), "%s" SLASH "hosts", confbase);
167 dir = opendir(dname);
170 logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
174 while((ent = readdir(dir))) {
175 if(!check_id(ent->d_name)) {
179 node_t *n = lookup_node(ent->d_name);
182 init_configuration(&config);
183 read_config_options(&config, ent->d_name);
184 read_host_config(&config, ent->d_name, true);
187 n = new_node(ent->d_name);
192 for(config_t *cfg = lookup_config(&config, "Subnet"); cfg; cfg = lookup_config_next(&config, cfg)) {
195 if(!get_config_subnet(cfg, &s)) {
199 if((s2 = lookup_subnet(n, s))) {
208 if(lookup_config(&config, "Address")) {
209 n->status.has_address = true;
212 splay_empty_tree(&config);
218 char *get_name(void) {
222 get_config_string(lookup_config(&config_tree, "Name"), &name);
228 returned_name = replace_name(name);
230 return returned_name;
233 static void read_interpreter(void) {
234 char *interpreter = NULL;
235 get_config_string(lookup_config(&config_tree, "ScriptsInterpreter"), &interpreter);
237 if(!interpreter || (sandbox_can(START_PROCESSES, AFTER_SANDBOX) && sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX))) {
238 free(scriptinterpreter);
239 scriptinterpreter = interpreter;
243 if(!string_eq(interpreter, scriptinterpreter)) {
244 logger(DEBUG_ALWAYS, LOG_NOTICE, "Not changing ScriptsInterpreter because of sandbox.");
250 bool setup_myself_reloadable(void) {
253 free(scriptextension);
255 if(!get_config_string(lookup_config(&config_tree, "ScriptsExtension"), &scriptextension)) {
256 scriptextension = xstrdup("");
261 get_config_string(lookup_config(&config_tree, "Proxy"), &proxy);
266 if((space = strchr(proxy, ' '))) {
270 if(!strcasecmp(proxy, "none")) {
271 proxytype = PROXY_NONE;
272 } else if(!strcasecmp(proxy, "socks4")) {
273 proxytype = PROXY_SOCKS4;
274 } else if(!strcasecmp(proxy, "socks4a")) {
275 proxytype = PROXY_SOCKS4A;
276 } else if(!strcasecmp(proxy, "socks5")) {
277 proxytype = PROXY_SOCKS5;
278 } else if(!strcasecmp(proxy, "http")) {
279 proxytype = PROXY_HTTP;
280 } else if(!strcasecmp(proxy, "exec")) {
281 if(sandbox_can(START_PROCESSES, AFTER_SANDBOX)) {
282 proxytype = PROXY_EXEC;
284 logger(DEBUG_ALWAYS, LOG_ERR, "Cannot use exec proxies with current sandbox level.");
288 logger(DEBUG_ALWAYS, LOG_ERR, "Unknown proxy type %s!", proxy);
299 free_string(proxyuser);
302 free_string(proxypass);
311 if(!space || !*space) {
312 logger(DEBUG_ALWAYS, LOG_ERR, "Argument expected for proxy type exec!");
317 if(!sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX)) {
318 logger(DEBUG_ALWAYS, LOG_NOTICE, "Changed exec proxy may fail to work because of sandbox.");
321 proxyhost = xstrdup(space);
330 if(space && (space = strchr(space, ' '))) {
331 *space++ = 0, proxyport = space;
334 if(!proxyhost || !*proxyhost || !proxyport || !*proxyport) {
335 logger(DEBUG_ALWAYS, LOG_ERR, "Host and port argument expected for proxy!");
342 if(space && (space = strchr(space, ' '))) {
343 *space++ = 0, proxyuser = space;
346 if(space && (space = strchr(space, ' '))) {
347 *space++ = 0, proxypass = space;
350 proxyhost = xstrdup(proxyhost);
351 proxyport = xstrdup(proxyport);
353 if(proxyuser && *proxyuser) {
354 proxyuser = xstrdup(proxyuser);
357 if(proxypass && *proxypass) {
358 proxypass = xstrdup(proxypass);
369 if(get_config_bool(lookup_config(&config_tree, "IndirectData"), &choice) && choice) {
370 myself->options |= OPTION_INDIRECT;
373 if(get_config_bool(lookup_config(&config_tree, "TCPOnly"), &choice) && choice) {
374 myself->options |= OPTION_TCPONLY;
377 if(myself->options & OPTION_TCPONLY) {
378 myself->options |= OPTION_INDIRECT;
381 get_config_bool(lookup_config(&config_tree, "UDPDiscovery"), &udp_discovery);
382 get_config_int(lookup_config(&config_tree, "UDPDiscoveryKeepaliveInterval"), &udp_discovery_keepalive_interval);
383 get_config_int(lookup_config(&config_tree, "UDPDiscoveryInterval"), &udp_discovery_interval);
384 get_config_int(lookup_config(&config_tree, "UDPDiscoveryTimeout"), &udp_discovery_timeout);
386 get_config_int(lookup_config(&config_tree, "MTUInfoInterval"), &mtu_info_interval);
387 get_config_int(lookup_config(&config_tree, "UDPInfoInterval"), &udp_info_interval);
389 get_config_bool(lookup_config(&config_tree, "DirectOnly"), &directonly);
390 get_config_bool(lookup_config(&config_tree, "LocalDiscovery"), &localdiscovery);
394 if(get_config_string(lookup_config(&config_tree, "Mode"), &rmode)) {
395 if(!strcasecmp(rmode, "router")) {
396 routing_mode = RMODE_ROUTER;
397 } else if(!strcasecmp(rmode, "switch")) {
398 routing_mode = RMODE_SWITCH;
399 } else if(!strcasecmp(rmode, "hub")) {
400 routing_mode = RMODE_HUB;
402 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid routing mode!");
412 if(get_config_string(lookup_config(&config_tree, "Forwarding"), &fmode)) {
413 if(!strcasecmp(fmode, "off")) {
414 forwarding_mode = FMODE_OFF;
415 } else if(!strcasecmp(fmode, "internal")) {
416 forwarding_mode = FMODE_INTERNAL;
417 } else if(!strcasecmp(fmode, "kernel")) {
418 forwarding_mode = FMODE_KERNEL;
420 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid forwarding mode!");
428 choice = !(myself->options & OPTION_TCPONLY);
429 get_config_bool(lookup_config(&config_tree, "PMTUDiscovery"), &choice);
432 myself->options |= OPTION_PMTU_DISCOVERY;
436 get_config_bool(lookup_config(&config_tree, "ClampMSS"), &choice);
439 myself->options |= OPTION_CLAMP_MSS;
442 get_config_bool(lookup_config(&config_tree, "PriorityInheritance"), &priorityinheritance);
443 get_config_bool(lookup_config(&config_tree, "DecrementTTL"), &decrement_ttl);
447 if(get_config_string(lookup_config(&config_tree, "Broadcast"), &bmode)) {
448 if(!strcasecmp(bmode, "no")) {
449 broadcast_mode = BMODE_NONE;
450 } else if(!strcasecmp(bmode, "yes") || !strcasecmp(bmode, "mst")) {
451 broadcast_mode = BMODE_MST;
452 } else if(!strcasecmp(bmode, "direct")) {
453 broadcast_mode = BMODE_DIRECT;
455 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid broadcast mode!");
463 /* Delete all broadcast subnets before re-adding them */
465 for splay_each(subnet_t, s, &subnet_tree) {
467 splay_delete_node(&subnet_tree, node);
471 const char *const DEFAULT_BROADCAST_SUBNETS[] = { "ff:ff:ff:ff:ff:ff", "255.255.255.255", "224.0.0.0/4", "ff00::/8" };
473 for(size_t i = 0; i < sizeof(DEFAULT_BROADCAST_SUBNETS) / sizeof(*DEFAULT_BROADCAST_SUBNETS); i++) {
474 subnet_t *s = new_subnet();
476 if(!str2net(s, DEFAULT_BROADCAST_SUBNETS[i])) {
483 for(config_t *cfg = lookup_config(&config_tree, "BroadcastSubnet"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
486 if(!get_config_subnet(cfg, &s)) {
495 if(priorityinheritance) {
496 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv4 connections", "PriorityInheritance");
501 #if !defined(IPV6_TCLASS)
503 if(priorityinheritance) {
504 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv6 connections", "PriorityInheritance");
509 if(!get_config_int(lookup_config(&config_tree, "MACExpire"), &macexpire)) {
513 if(get_config_int(lookup_config(&config_tree, "MaxTimeout"), &maxtimeout)) {
514 if(maxtimeout <= 0) {
515 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus maximum timeout!");
524 if(get_config_string(lookup_config(&config_tree, "AddressFamily"), &afname)) {
525 if(!strcasecmp(afname, "IPv4")) {
526 addressfamily = AF_INET;
527 } else if(!strcasecmp(afname, "IPv6")) {
528 addressfamily = AF_INET6;
529 } else if(!strcasecmp(afname, "any")) {
530 addressfamily = AF_UNSPEC;
532 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid address family!");
540 get_config_bool(lookup_config(&config_tree, "Hostnames"), &hostnames);
542 if(!get_config_int(lookup_config(&config_tree, "KeyExpire"), &keylifetime)) {
546 if(!get_config_bool(lookup_config(&config_tree, "AutoConnect"), &autoconnect)) {
550 get_config_bool(lookup_config(&config_tree, "DisableBuggyPeers"), &disablebuggypeers);
552 if(!get_config_int(lookup_config(&config_tree, "InvitationExpire"), &invitation_lifetime)) {
553 invitation_lifetime = 604800; // 1 week
556 read_invitation_key();
561 // Get the port that `from_fd` is listening on, and assign it to
562 // `sa` if `sa` has a dynamically allocated (zero) port.
563 static bool assign_static_port(sockaddr_t *sa, int from_fd) {
564 // We cannot get a port from a bad FD. Bail out.
569 int port = get_bound_port(from_fd);
575 // If the port is non-zero, don't reassign it as it's already static.
576 switch(sa->sa.sa_family) {
578 if(!sa->in.sin_port) {
579 sa->in.sin_port = htons(port);
585 if(!sa->in6.sin6_port) {
586 sa->in6.sin6_port = htons(port);
592 logger(DEBUG_ALWAYS, LOG_ERR, "Unknown address family 0x%x", sa->sa.sa_family);
597 typedef int (*bind_fn_t)(const sockaddr_t *);
599 static int bind_reusing_port(const sockaddr_t *sa, int from_fd, bind_fn_t setup) {
601 memcpy(&reuse_sa, sa, SALEN(sa->sa));
605 // Check if the address we've been passed here is using port 0.
606 // If it is, try to get an actual port from an already bound socket, and reuse it here.
607 if(assign_static_port(&reuse_sa, from_fd)) {
608 fd = setup(&reuse_sa);
611 // If we're binding to a hardcoded non-zero port, or no socket is listening yet,
612 // or binding failed, try the original address.
621 Add listening sockets.
623 static bool add_listen_address(char *address, bool bindto) {
624 char *port = myport.tcp;
627 char *space = strchr(address, ' ');
634 if(!strcmp(address, "*")) {
639 struct addrinfo *ai, hint = {0};
641 hint.ai_family = addressfamily;
643 hint.ai_socktype = SOCK_STREAM;
645 hint.ai_protocol = IPPROTO_TCP;
647 hint.ai_flags = AI_PASSIVE;
649 #if HAVE_DECL_RES_INIT
653 int err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
658 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "getaddrinfo", err == EAI_SYSTEM ? strerror(err) : gai_strerror(err));
662 for(struct addrinfo *aip = ai; aip; aip = aip->ai_next) {
663 // Ignore duplicate addresses
666 for(int i = 0; i < listen_sockets; i++)
667 if(!memcmp(&listen_socket[i].sa, aip->ai_addr, aip->ai_addrlen)) {
676 if(listen_sockets >= MAXSOCKETS) {
677 logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
682 const sockaddr_t *sa = (sockaddr_t *) aip->ai_addr;
683 int from_fd = listen_socket[0].tcp.fd;
685 // If we're binding to a dynamically allocated (zero) port, try to get the actual
686 // port of the first TCP socket, and use it for this one. If that succeeds, our
687 // tincd instance will use the same port for all addresses it listens on.
688 int tcp_fd = bind_reusing_port(sa, from_fd, setup_listen_socket);
694 // If we just successfully bound the first socket, use it for the UDP procedure below.
695 // Otherwise, keep using the socket we've obtained from listen_socket[0].
700 int udp_fd = bind_reusing_port(sa, from_fd, setup_vpn_in_socket);
707 listen_socket_t *sock = &listen_socket[listen_sockets];
708 io_add(&sock->tcp, handle_new_meta_connection, sock, tcp_fd, IO_READ);
709 io_add(&sock->udp, handle_incoming_vpn_data, sock, udp_fd, IO_READ);
711 if(debug_level >= DEBUG_CONNECTIONS) {
712 int tcp_port = get_bound_port(tcp_fd);
713 char *hostname = NULL;
714 sockaddr2str(sa, &hostname, NULL);
715 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s port %d", hostname, tcp_port);
719 sock->bindto = bindto;
720 memcpy(&sock->sa, aip->ai_addr, aip->ai_addrlen);
728 void device_enable(void) {
733 /* Run tinc-up script to further initialize the tap interface */
736 environment_init(&env);
737 execute_script("tinc-up", &env);
738 environment_exit(&env);
741 void device_disable(void) {
743 environment_init(&env);
744 execute_script("tinc-down", &env);
745 environment_exit(&env);
753 Configure node_t myself and set up the local sockets (listen only)
755 static bool setup_myself(void) {
757 char *address = NULL;
758 bool port_specified = false;
760 if(!(name = get_name())) {
761 logger(DEBUG_ALWAYS, LOG_ERR, "Name for tinc daemon required!");
765 myname = xstrdup(name);
766 myself = new_node(name);
767 myself->connection = new_connection();
768 myself->connection->name = name;
769 read_host_config(&config_tree, name, true);
771 if(!get_config_string(lookup_config(&config_tree, "Port"), &myport.tcp)) {
772 myport.tcp = xstrdup("655");
774 port_specified = true;
777 myport.udp = xstrdup(myport.tcp);
779 myself->connection->options = 0;
780 myself->connection->protocol_major = PROT_MAJOR;
781 myself->connection->protocol_minor = PROT_MINOR;
783 myself->options |= PROT_MINOR << 24;
785 #ifdef DISABLE_LEGACY
786 myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
787 experimental = myself->connection->ecdsa != NULL;
790 logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!");
796 if(!get_config_bool(lookup_config(&config_tree, "ExperimentalProtocol"), &experimental)) {
797 myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
798 experimental = myself->connection->ecdsa != NULL;
801 logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled.");
805 myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
807 if(!myself->connection->ecdsa) {
813 rsa_t *rsa = read_rsa_private_key(&config_tree, NULL);
816 myself->connection->legacy = new_legacy_ctx(rsa);
819 logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled.");
821 logger(DEBUG_ALWAYS, LOG_ERR, "No private keys available, cannot start tinc!");
828 /* Ensure myport is numeric */
829 if(!is_decimal(myport.tcp)) {
830 uint16_t port = service_to_port(myport.tcp);
837 myport.tcp = int_to_str(port);
840 myport.udp = xstrdup(myport.tcp);
843 /* Read in all the subnets specified in the host configuration file */
845 for(config_t *cfg = lookup_config(&config_tree, "Subnet"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
848 if(!get_config_subnet(cfg, &subnet)) {
852 subnet_add(myself, subnet);
855 /* Check some options */
857 if(!setup_myself_reloadable()) {
861 get_config_bool(lookup_config(&config_tree, "StrictSubnets"), &strictsubnets);
862 get_config_bool(lookup_config(&config_tree, "TunnelServer"), &tunnelserver);
863 strictsubnets |= tunnelserver;
865 if(get_config_int(lookup_config(&config_tree, "MaxConnectionBurst"), &max_connection_burst)) {
866 if(max_connection_burst <= 0) {
867 logger(DEBUG_ALWAYS, LOG_ERR, "MaxConnectionBurst cannot be negative!");
872 if(get_config_int(lookup_config(&config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
874 logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!");
878 udp_rcvbuf_warnings = true;
881 if(get_config_int(lookup_config(&config_tree, "UDPSndBuf"), &udp_sndbuf)) {
883 logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!");
887 udp_sndbuf_warnings = true;
890 get_config_int(lookup_config(&config_tree, "FWMark"), &fwmark);
894 logger(DEBUG_ALWAYS, LOG_ERR, "FWMark not supported on this platform!");
902 if(get_config_int(lookup_config(&config_tree, "ReplayWindow"), &replaywin_int)) {
903 if(replaywin_int < 0) {
904 logger(DEBUG_ALWAYS, LOG_ERR, "ReplayWindow cannot be negative!");
908 replaywin = (unsigned)replaywin_int;
909 sptps_replaywin = replaywin;
912 #ifndef DISABLE_LEGACY
913 /* Generate packet encryption key */
917 if(!get_config_string(lookup_config(&config_tree, "Cipher"), &cipher)) {
918 cipher = xstrdup("aes-256-cbc");
921 if(!strcasecmp(cipher, "none")) {
922 myself->incipher = NULL;
924 myself->incipher = cipher_alloc();
926 if(!cipher_open_by_name(myself->incipher, cipher)) {
927 logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
928 cipher_free(myself->incipher);
929 myself->incipher = NULL;
937 timeout_add(&keyexpire_timeout, keyexpire_handler, &keyexpire_timeout, &(struct timeval) {
938 keylifetime, jitter()
941 /* Check if we want to use message authentication codes... */
944 get_config_int(lookup_config(&config_tree, "MACLength"), &maclength);
947 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus MAC length!");
953 if(!get_config_string(lookup_config(&config_tree, "Digest"), &digest)) {
954 digest = xstrdup("sha256");
957 if(!strcasecmp(digest, "none")) {
958 myself->indigest = NULL;
960 myself->indigest = digest_alloc();
962 if(!digest_open_by_name(myself->indigest, digest, maclength)) {
963 logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
964 digest_free(myself->indigest);
965 myself->indigest = NULL;
975 int incompression = 0;
977 if(get_config_int(lookup_config(&config_tree, "Compression"), &incompression)) {
978 myself->incompression = incompression;
980 switch(myself->incompression) {
985 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
986 logger(DEBUG_ALWAYS, LOG_ERR, "LZ4 compression is unavailable on this node.");
990 case COMPRESS_LZO_HI:
991 case COMPRESS_LZO_LO:
995 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
996 logger(DEBUG_ALWAYS, LOG_ERR, "LZO compression is unavailable on this node.");
1000 case COMPRESS_ZLIB_9:
1001 case COMPRESS_ZLIB_8:
1002 case COMPRESS_ZLIB_7:
1003 case COMPRESS_ZLIB_6:
1004 case COMPRESS_ZLIB_5:
1005 case COMPRESS_ZLIB_4:
1006 case COMPRESS_ZLIB_3:
1007 case COMPRESS_ZLIB_2:
1008 case COMPRESS_ZLIB_1:
1012 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
1013 logger(DEBUG_ALWAYS, LOG_ERR, "ZLIB compression is unavailable on this node.");
1021 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
1022 logger(DEBUG_ALWAYS, LOG_ERR, "Compression level %i is unrecognized by this node.", myself->incompression);
1026 myself->incompression = COMPRESS_NONE;
1031 myself->nexthop = myself;
1032 myself->via = myself;
1033 myself->status.reachable = true;
1034 myself->last_state_change = now.tv_sec;
1035 myself->status.sptps = experimental;
1046 if(get_config_string(lookup_config(&config_tree, "DeviceType"), &type)) {
1047 if(!strcasecmp(type, DEVICE_DUMMY)) {
1048 devops = dummy_devops;
1049 } else if(!strcasecmp(type, "raw_socket")) {
1050 devops = raw_socket_devops;
1051 } else if(!strcasecmp(type, "multicast")) {
1052 devops = multicast_devops;
1055 #ifdef HAVE_SYS_UN_H
1056 else if(!strcasecmp(type, "fd")) {
1062 else if(!strcasecmp(type, "uml")) {
1063 devops = uml_devops;
1068 else if(!strcasecmp(type, "vde")) {
1069 devops = vde_devops;
1076 get_config_bool(lookup_config(&config_tree, "DeviceStandby"), &device_standby);
1078 if(!devops.setup()) {
1082 if(device_fd >= 0) {
1083 io_add(&device_io, handle_device_data, NULL, device_fd, IO_READ);
1088 if(!do_detach && getenv("LISTEN_FDS")) {
1092 listen_sockets = atoi(getenv("LISTEN_FDS"));
1093 #ifdef HAVE_UNSETENV
1094 unsetenv("LISTEN_FDS");
1097 if(listen_sockets > MAXSOCKETS) {
1098 logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
1102 for(int i = 0; i < listen_sockets; i++) {
1103 const int tcp_fd = i + 3;
1106 if(getsockname(tcp_fd, &sa.sa, &salen) < 0) {
1107 logger(DEBUG_ALWAYS, LOG_ERR, "Could not get address of listen fd %d: %s", tcp_fd, sockstrerror(sockerrno));
1112 fcntl(tcp_fd, F_SETFD, FD_CLOEXEC);
1115 int udp_fd = setup_vpn_in_socket(&sa);
1121 io_add(&listen_socket[i].tcp, (io_cb_t)handle_new_meta_connection, &listen_socket[i], tcp_fd, IO_READ);
1122 io_add(&listen_socket[i].udp, (io_cb_t)handle_incoming_vpn_data, &listen_socket[i], udp_fd, IO_READ);
1124 if(debug_level >= DEBUG_CONNECTIONS) {
1125 char *hostname = sockaddr2hostname(&sa);
1126 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s", hostname);
1130 memcpy(&listen_socket[i].sa, &sa, salen);
1136 for(config_t *cfg = lookup_config(&config_tree, "BindToAddress"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
1138 get_config_string(cfg, &address);
1140 if(!add_listen_address(address, true)) {
1145 for(config_t *cfg = lookup_config(&config_tree, "ListenAddress"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
1147 get_config_string(cfg, &address);
1149 if(!add_listen_address(address, false)) {
1155 if(!add_listen_address(address, NULL)) {
1160 if(!listen_sockets) {
1161 logger(DEBUG_ALWAYS, LOG_ERR, "Unable to create any listening socket!");
1165 /* If no Port option was specified, set myport to the port used by the first listening socket. */
1167 if(!port_specified || atoi(myport.tcp) == 0) {
1168 listen_socket_t *sock = &listen_socket[0];
1170 uint16_t tcp = get_bound_port(sock->tcp.fd);
1172 myport.tcp = int_to_str(tcp);
1174 uint16_t udp = get_bound_port(sock->udp.fd);
1176 myport.udp = int_to_str(udp);
1179 xasprintf(&myself->hostname, "MYSELF port %s", myport.tcp);
1180 myself->connection->hostname = xstrdup(myself->hostname);
1183 get_config_string(lookup_config(&config_tree, "UPnP"), &upnp);
1184 bool upnp_tcp = false;
1185 bool upnp_udp = false;
1188 if(!strcasecmp(upnp, "yes")) {
1189 upnp_tcp = upnp_udp = true;
1190 } else if(!strcasecmp(upnp, "udponly")) {
1197 if(upnp_tcp || upnp_udp) {
1198 #ifdef HAVE_MINIUPNPC
1199 upnp_init(upnp_tcp, upnp_udp);
1201 logger(DEBUG_ALWAYS, LOG_WARNING, "UPnP was requested, but tinc isn't built with miniupnpc support!");
1207 last_config_check = now.tv_sec;
1215 bool setup_network(void) {
1219 if(get_config_int(lookup_config(&config_tree, "PingInterval"), &pinginterval)) {
1220 if(pinginterval < 1) {
1221 pinginterval = 86400;
1227 if(!get_config_int(lookup_config(&config_tree, "PingTimeout"), &pingtimeout)) {
1231 if(pingtimeout < 1 || pingtimeout > pinginterval) {
1232 pingtimeout = pinginterval;
1235 if(!get_config_int(lookup_config(&config_tree, "MaxOutputBufferSize"), &maxoutbufsize)) {
1236 maxoutbufsize = 10 * MTU;
1239 if(!setup_myself()) {
1243 if(!init_control()) {
1247 if(!device_standby) {
1251 /* Run subnet-up scripts for our own subnets */
1253 subnet_update(myself, NULL, true);
1259 close all open network connections
1261 void close_network_connections(void) {
1262 for(list_node_t *node = connection_list.head, *next; node; node = next) {
1264 connection_t *c = node->data;
1266 /* Keep control connections open until the end, so they know when we really terminated */
1267 if(c->status.control) {
1272 terminate_connection(c, false);
1275 list_empty_list(&outgoing_list);
1277 if(myself && myself->connection) {
1278 subnet_update(myself, NULL, false);
1279 free_connection(myself->connection);
1282 for(int i = 0; i < listen_sockets; i++) {
1283 io_del(&listen_socket[i].tcp);
1284 io_del(&listen_socket[i].udp);
1285 closesocket(listen_socket[i].tcp.fd);
1286 closesocket(listen_socket[i].udp.fd);
1295 if(!device_standby) {
1302 if(device_fd >= 0) {
1312 free(scriptextension);
1313 free(scriptinterpreter);
projects / tinc / blob