3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2021 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include "connection.h"
29 #include "compression.h"
55 static io_t device_io;
57 bool device_standby = false;
59 char *proxyhost = NULL;
60 char *proxyport = NULL;
61 char *proxyuser = NULL;
62 char *proxypass = NULL;
64 proxytype_t proxytype;
66 bool disablebuggypeers;
68 char *scriptinterpreter;
69 char *scriptextension;
71 bool node_read_ecdsa_public_key(node_t *n) {
72 if(ecdsa_active(n->ecdsa)) {
81 init_configuration(&config);
83 if(!read_host_config(&config, n->name, true)) {
87 /* First, check for simple Ed25519PublicKey statement */
89 if(get_config_string(lookup_config(&config, "Ed25519PublicKey"), &p)) {
90 n->ecdsa = ecdsa_set_base64_public_key(p);
95 /* Else, check for Ed25519PublicKeyFile statement and read it */
97 if(!get_config_string(lookup_config(&config, "Ed25519PublicKeyFile"), &pubname)) {
98 xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, n->name);
101 fp = fopen(pubname, "r");
107 n->ecdsa = ecdsa_read_pem_public_key(fp);
111 splay_empty_tree(&config);
116 static bool read_invitation_key(void) {
118 char fname[PATH_MAX];
121 ecdsa_free(invitation_key);
122 invitation_key = NULL;
125 snprintf(fname, sizeof(fname), "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);
127 fp = fopen(fname, "r");
130 invitation_key = ecdsa_read_pem_private_key(fp);
133 if(!invitation_key) {
134 logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname);
138 return invitation_key;
141 #ifndef DISABLE_LEGACY
142 static timeout_t keyexpire_timeout;
144 static void keyexpire_handler(void *data) {
146 timeout_set(data, &(struct timeval) {
147 keylifetime, jitter()
152 void regenerate_key(void) {
153 logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys");
156 for splay_each(node_t, n, &node_tree) {
157 n->status.validkey_in = false;
161 void load_all_nodes(void) {
164 char dname[PATH_MAX];
166 snprintf(dname, sizeof(dname), "%s" SLASH "hosts", confbase);
167 dir = opendir(dname);
170 logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
174 while((ent = readdir(dir))) {
175 if(!check_id(ent->d_name)) {
179 node_t *n = lookup_node(ent->d_name);
182 init_configuration(&config);
183 read_config_options(&config, ent->d_name);
184 read_host_config(&config, ent->d_name, true);
188 n->name = xstrdup(ent->d_name);
193 for(config_t *cfg = lookup_config(&config, "Subnet"); cfg; cfg = lookup_config_next(&config, cfg)) {
196 if(!get_config_subnet(cfg, &s)) {
200 if((s2 = lookup_subnet(n, s))) {
209 if(lookup_config(&config, "Address")) {
210 n->status.has_address = true;
213 splay_empty_tree(&config);
219 char *get_name(void) {
223 get_config_string(lookup_config(&config_tree, "Name"), &name);
229 returned_name = replace_name(name);
231 return returned_name;
234 static void read_interpreter(void) {
235 char *interpreter = NULL;
236 get_config_string(lookup_config(&config_tree, "ScriptsInterpreter"), &interpreter);
238 if(!interpreter || (sandbox_can(START_PROCESSES, AFTER_SANDBOX) && sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX))) {
239 free(scriptinterpreter);
240 scriptinterpreter = interpreter;
244 if(!string_eq(interpreter, scriptinterpreter)) {
245 logger(DEBUG_ALWAYS, LOG_NOTICE, "Not changing ScriptsInterpreter because of sandbox.");
251 bool setup_myself_reloadable(void) {
254 free(scriptextension);
256 if(!get_config_string(lookup_config(&config_tree, "ScriptsExtension"), &scriptextension)) {
257 scriptextension = xstrdup("");
262 get_config_string(lookup_config(&config_tree, "Proxy"), &proxy);
267 if((space = strchr(proxy, ' '))) {
271 if(!strcasecmp(proxy, "none")) {
272 proxytype = PROXY_NONE;
273 } else if(!strcasecmp(proxy, "socks4")) {
274 proxytype = PROXY_SOCKS4;
275 } else if(!strcasecmp(proxy, "socks4a")) {
276 proxytype = PROXY_SOCKS4A;
277 } else if(!strcasecmp(proxy, "socks5")) {
278 proxytype = PROXY_SOCKS5;
279 } else if(!strcasecmp(proxy, "http")) {
280 proxytype = PROXY_HTTP;
281 } else if(!strcasecmp(proxy, "exec")) {
282 if(sandbox_can(START_PROCESSES, AFTER_SANDBOX)) {
283 proxytype = PROXY_EXEC;
285 logger(DEBUG_ALWAYS, LOG_ERR, "Cannot use exec proxies with current sandbox level.");
289 logger(DEBUG_ALWAYS, LOG_ERR, "Unknown proxy type %s!", proxy);
300 free_string(proxyuser);
303 free_string(proxypass);
312 if(!space || !*space) {
313 logger(DEBUG_ALWAYS, LOG_ERR, "Argument expected for proxy type exec!");
318 if(!sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX)) {
319 logger(DEBUG_ALWAYS, LOG_NOTICE, "Changed exec proxy may fail to work because of sandbox.");
322 proxyhost = xstrdup(space);
331 if(space && (space = strchr(space, ' '))) {
332 *space++ = 0, proxyport = space;
335 if(!proxyhost || !*proxyhost || !proxyport || !*proxyport) {
336 logger(DEBUG_ALWAYS, LOG_ERR, "Host and port argument expected for proxy!");
343 if(space && (space = strchr(space, ' '))) {
344 *space++ = 0, proxyuser = space;
347 if(space && (space = strchr(space, ' '))) {
348 *space++ = 0, proxypass = space;
351 proxyhost = xstrdup(proxyhost);
352 proxyport = xstrdup(proxyport);
354 if(proxyuser && *proxyuser) {
355 proxyuser = xstrdup(proxyuser);
358 if(proxypass && *proxypass) {
359 proxypass = xstrdup(proxypass);
370 if(get_config_bool(lookup_config(&config_tree, "IndirectData"), &choice) && choice) {
371 myself->options |= OPTION_INDIRECT;
374 if(get_config_bool(lookup_config(&config_tree, "TCPOnly"), &choice) && choice) {
375 myself->options |= OPTION_TCPONLY;
378 if(myself->options & OPTION_TCPONLY) {
379 myself->options |= OPTION_INDIRECT;
382 get_config_bool(lookup_config(&config_tree, "UDPDiscovery"), &udp_discovery);
383 get_config_int(lookup_config(&config_tree, "UDPDiscoveryKeepaliveInterval"), &udp_discovery_keepalive_interval);
384 get_config_int(lookup_config(&config_tree, "UDPDiscoveryInterval"), &udp_discovery_interval);
385 get_config_int(lookup_config(&config_tree, "UDPDiscoveryTimeout"), &udp_discovery_timeout);
387 get_config_int(lookup_config(&config_tree, "MTUInfoInterval"), &mtu_info_interval);
388 get_config_int(lookup_config(&config_tree, "UDPInfoInterval"), &udp_info_interval);
390 get_config_bool(lookup_config(&config_tree, "DirectOnly"), &directonly);
391 get_config_bool(lookup_config(&config_tree, "LocalDiscovery"), &localdiscovery);
395 if(get_config_string(lookup_config(&config_tree, "Mode"), &rmode)) {
396 if(!strcasecmp(rmode, "router")) {
397 routing_mode = RMODE_ROUTER;
398 } else if(!strcasecmp(rmode, "switch")) {
399 routing_mode = RMODE_SWITCH;
400 } else if(!strcasecmp(rmode, "hub")) {
401 routing_mode = RMODE_HUB;
403 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid routing mode!");
413 if(get_config_string(lookup_config(&config_tree, "Forwarding"), &fmode)) {
414 if(!strcasecmp(fmode, "off")) {
415 forwarding_mode = FMODE_OFF;
416 } else if(!strcasecmp(fmode, "internal")) {
417 forwarding_mode = FMODE_INTERNAL;
418 } else if(!strcasecmp(fmode, "kernel")) {
419 forwarding_mode = FMODE_KERNEL;
421 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid forwarding mode!");
429 choice = !(myself->options & OPTION_TCPONLY);
430 get_config_bool(lookup_config(&config_tree, "PMTUDiscovery"), &choice);
433 myself->options |= OPTION_PMTU_DISCOVERY;
437 get_config_bool(lookup_config(&config_tree, "ClampMSS"), &choice);
440 myself->options |= OPTION_CLAMP_MSS;
443 get_config_bool(lookup_config(&config_tree, "PriorityInheritance"), &priorityinheritance);
444 get_config_bool(lookup_config(&config_tree, "DecrementTTL"), &decrement_ttl);
448 if(get_config_string(lookup_config(&config_tree, "Broadcast"), &bmode)) {
449 if(!strcasecmp(bmode, "no")) {
450 broadcast_mode = BMODE_NONE;
451 } else if(!strcasecmp(bmode, "yes") || !strcasecmp(bmode, "mst")) {
452 broadcast_mode = BMODE_MST;
453 } else if(!strcasecmp(bmode, "direct")) {
454 broadcast_mode = BMODE_DIRECT;
456 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid broadcast mode!");
464 /* Delete all broadcast subnets before re-adding them */
466 for splay_each(subnet_t, s, &subnet_tree) {
468 splay_delete_node(&subnet_tree, node);
472 const char *const DEFAULT_BROADCAST_SUBNETS[] = { "ff:ff:ff:ff:ff:ff", "255.255.255.255", "224.0.0.0/4", "ff00::/8" };
474 for(size_t i = 0; i < sizeof(DEFAULT_BROADCAST_SUBNETS) / sizeof(*DEFAULT_BROADCAST_SUBNETS); i++) {
475 subnet_t *s = new_subnet();
477 if(!str2net(s, DEFAULT_BROADCAST_SUBNETS[i])) {
484 for(config_t *cfg = lookup_config(&config_tree, "BroadcastSubnet"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
487 if(!get_config_subnet(cfg, &s)) {
496 if(priorityinheritance) {
497 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv4 connections", "PriorityInheritance");
502 #if !defined(IPV6_TCLASS)
504 if(priorityinheritance) {
505 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv6 connections", "PriorityInheritance");
510 if(!get_config_int(lookup_config(&config_tree, "MACExpire"), &macexpire)) {
514 if(get_config_int(lookup_config(&config_tree, "MaxTimeout"), &maxtimeout)) {
515 if(maxtimeout <= 0) {
516 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus maximum timeout!");
525 if(get_config_string(lookup_config(&config_tree, "AddressFamily"), &afname)) {
526 if(!strcasecmp(afname, "IPv4")) {
527 addressfamily = AF_INET;
528 } else if(!strcasecmp(afname, "IPv6")) {
529 addressfamily = AF_INET6;
530 } else if(!strcasecmp(afname, "any")) {
531 addressfamily = AF_UNSPEC;
533 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid address family!");
541 get_config_bool(lookup_config(&config_tree, "Hostnames"), &hostnames);
543 if(!get_config_int(lookup_config(&config_tree, "KeyExpire"), &keylifetime)) {
547 if(!get_config_bool(lookup_config(&config_tree, "AutoConnect"), &autoconnect)) {
551 get_config_bool(lookup_config(&config_tree, "DisableBuggyPeers"), &disablebuggypeers);
553 if(!get_config_int(lookup_config(&config_tree, "InvitationExpire"), &invitation_lifetime)) {
554 invitation_lifetime = 604800; // 1 week
557 read_invitation_key();
562 // Get the port that `from_fd` is listening on, and assign it to
563 // `sa` if `sa` has a dynamically allocated (zero) port.
564 static bool assign_static_port(sockaddr_t *sa, int from_fd) {
565 // We cannot get a port from a bad FD. Bail out.
570 int port = get_bound_port(from_fd);
576 // If the port is non-zero, don't reassign it as it's already static.
577 switch(sa->sa.sa_family) {
579 if(!sa->in.sin_port) {
580 sa->in.sin_port = htons(port);
586 if(!sa->in6.sin6_port) {
587 sa->in6.sin6_port = htons(port);
593 logger(DEBUG_ALWAYS, LOG_ERR, "Unknown address family 0x%x", sa->sa.sa_family);
598 typedef int (*bind_fn_t)(const sockaddr_t *);
600 static int bind_reusing_port(const sockaddr_t *sa, int from_fd, bind_fn_t setup) {
602 memcpy(&reuse_sa, sa, SALEN(sa->sa));
606 // Check if the address we've been passed here is using port 0.
607 // If it is, try to get an actual port from an already bound socket, and reuse it here.
608 if(assign_static_port(&reuse_sa, from_fd)) {
609 fd = setup(&reuse_sa);
612 // If we're binding to a hardcoded non-zero port, or no socket is listening yet,
613 // or binding failed, try the original address.
622 Add listening sockets.
624 static bool add_listen_address(char *address, bool bindto) {
625 char *port = myport.tcp;
628 char *space = strchr(address, ' ');
635 if(!strcmp(address, "*")) {
640 struct addrinfo *ai, hint = {0};
642 hint.ai_family = addressfamily;
644 hint.ai_socktype = SOCK_STREAM;
646 hint.ai_protocol = IPPROTO_TCP;
648 hint.ai_flags = AI_PASSIVE;
650 #if HAVE_DECL_RES_INIT
654 int err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
659 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "getaddrinfo", err == EAI_SYSTEM ? strerror(err) : gai_strerror(err));
663 for(struct addrinfo *aip = ai; aip; aip = aip->ai_next) {
664 // Ignore duplicate addresses
667 for(int i = 0; i < listen_sockets; i++)
668 if(!memcmp(&listen_socket[i].sa, aip->ai_addr, aip->ai_addrlen)) {
677 if(listen_sockets >= MAXSOCKETS) {
678 logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
683 const sockaddr_t *sa = (sockaddr_t *) aip->ai_addr;
684 int from_fd = listen_socket[0].tcp.fd;
686 // If we're binding to a dynamically allocated (zero) port, try to get the actual
687 // port of the first TCP socket, and use it for this one. If that succeeds, our
688 // tincd instance will use the same port for all addresses it listens on.
689 int tcp_fd = bind_reusing_port(sa, from_fd, setup_listen_socket);
695 // If we just successfully bound the first socket, use it for the UDP procedure below.
696 // Otherwise, keep using the socket we've obtained from listen_socket[0].
701 int udp_fd = bind_reusing_port(sa, from_fd, setup_vpn_in_socket);
708 listen_socket_t *sock = &listen_socket[listen_sockets];
709 io_add(&sock->tcp, handle_new_meta_connection, sock, tcp_fd, IO_READ);
710 io_add(&sock->udp, handle_incoming_vpn_data, sock, udp_fd, IO_READ);
712 if(debug_level >= DEBUG_CONNECTIONS) {
713 int tcp_port = get_bound_port(tcp_fd);
714 char *hostname = NULL;
715 sockaddr2str(sa, &hostname, NULL);
716 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s port %d", hostname, tcp_port);
720 sock->bindto = bindto;
721 memcpy(&sock->sa, aip->ai_addr, aip->ai_addrlen);
729 void device_enable(void) {
734 /* Run tinc-up script to further initialize the tap interface */
737 environment_init(&env);
738 execute_script("tinc-up", &env);
739 environment_exit(&env);
742 void device_disable(void) {
744 environment_init(&env);
745 execute_script("tinc-down", &env);
746 environment_exit(&env);
754 Configure node_t myself and set up the local sockets (listen only)
756 static bool setup_myself(void) {
758 char *address = NULL;
759 bool port_specified = false;
761 if(!(name = get_name())) {
762 logger(DEBUG_ALWAYS, LOG_ERR, "Name for tinc daemon required!");
766 myname = xstrdup(name);
768 myself->connection = new_connection();
770 myself->connection->name = xstrdup(name);
771 read_host_config(&config_tree, name, true);
773 if(!get_config_string(lookup_config(&config_tree, "Port"), &myport.tcp)) {
774 myport.tcp = xstrdup("655");
776 port_specified = true;
779 myport.udp = xstrdup(myport.tcp);
781 myself->connection->options = 0;
782 myself->connection->protocol_major = PROT_MAJOR;
783 myself->connection->protocol_minor = PROT_MINOR;
785 myself->options |= PROT_MINOR << 24;
787 #ifdef DISABLE_LEGACY
788 myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
789 experimental = myself->connection->ecdsa != NULL;
792 logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!");
798 if(!get_config_bool(lookup_config(&config_tree, "ExperimentalProtocol"), &experimental)) {
799 myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
800 experimental = myself->connection->ecdsa != NULL;
803 logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled.");
807 myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
809 if(!myself->connection->ecdsa) {
815 rsa_t *rsa = read_rsa_private_key(&config_tree, NULL);
818 myself->connection->legacy = new_legacy_ctx(rsa);
821 logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled.");
823 logger(DEBUG_ALWAYS, LOG_ERR, "No private keys available, cannot start tinc!");
830 /* Ensure myport is numeric */
831 if(!is_decimal(myport.tcp)) {
832 uint16_t port = service_to_port(myport.tcp);
839 myport.tcp = int_to_str(port);
842 myport.udp = xstrdup(myport.tcp);
845 /* Read in all the subnets specified in the host configuration file */
847 for(config_t *cfg = lookup_config(&config_tree, "Subnet"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
850 if(!get_config_subnet(cfg, &subnet)) {
854 subnet_add(myself, subnet);
857 /* Check some options */
859 if(!setup_myself_reloadable()) {
863 get_config_bool(lookup_config(&config_tree, "StrictSubnets"), &strictsubnets);
864 get_config_bool(lookup_config(&config_tree, "TunnelServer"), &tunnelserver);
865 strictsubnets |= tunnelserver;
867 if(get_config_int(lookup_config(&config_tree, "MaxConnectionBurst"), &max_connection_burst)) {
868 if(max_connection_burst <= 0) {
869 logger(DEBUG_ALWAYS, LOG_ERR, "MaxConnectionBurst cannot be negative!");
874 if(get_config_int(lookup_config(&config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
876 logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!");
880 udp_rcvbuf_warnings = true;
883 if(get_config_int(lookup_config(&config_tree, "UDPSndBuf"), &udp_sndbuf)) {
885 logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!");
889 udp_sndbuf_warnings = true;
892 get_config_int(lookup_config(&config_tree, "FWMark"), &fwmark);
896 logger(DEBUG_ALWAYS, LOG_ERR, "FWMark not supported on this platform!");
904 if(get_config_int(lookup_config(&config_tree, "ReplayWindow"), &replaywin_int)) {
905 if(replaywin_int < 0) {
906 logger(DEBUG_ALWAYS, LOG_ERR, "ReplayWindow cannot be negative!");
910 replaywin = (unsigned)replaywin_int;
911 sptps_replaywin = replaywin;
914 #ifndef DISABLE_LEGACY
915 /* Generate packet encryption key */
919 if(!get_config_string(lookup_config(&config_tree, "Cipher"), &cipher)) {
920 cipher = xstrdup("aes-256-cbc");
923 if(!strcasecmp(cipher, "none")) {
924 myself->incipher = NULL;
926 myself->incipher = cipher_alloc();
928 if(!cipher_open_by_name(myself->incipher, cipher)) {
929 logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
930 cipher_free(myself->incipher);
931 myself->incipher = NULL;
939 timeout_add(&keyexpire_timeout, keyexpire_handler, &keyexpire_timeout, &(struct timeval) {
940 keylifetime, jitter()
943 /* Check if we want to use message authentication codes... */
946 get_config_int(lookup_config(&config_tree, "MACLength"), &maclength);
949 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus MAC length!");
955 if(!get_config_string(lookup_config(&config_tree, "Digest"), &digest)) {
956 digest = xstrdup("sha256");
959 if(!strcasecmp(digest, "none")) {
960 myself->indigest = NULL;
962 myself->indigest = digest_alloc();
964 if(!digest_open_by_name(myself->indigest, digest, maclength)) {
965 logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
966 digest_free(myself->indigest);
967 myself->indigest = NULL;
977 int incompression = 0;
979 if(get_config_int(lookup_config(&config_tree, "Compression"), &incompression)) {
980 myself->incompression = incompression;
982 switch(myself->incompression) {
987 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
988 logger(DEBUG_ALWAYS, LOG_ERR, "LZ4 compression is unavailable on this node.");
992 case COMPRESS_LZO_HI:
993 case COMPRESS_LZO_LO:
997 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
998 logger(DEBUG_ALWAYS, LOG_ERR, "LZO compression is unavailable on this node.");
1002 case COMPRESS_ZLIB_9:
1003 case COMPRESS_ZLIB_8:
1004 case COMPRESS_ZLIB_7:
1005 case COMPRESS_ZLIB_6:
1006 case COMPRESS_ZLIB_5:
1007 case COMPRESS_ZLIB_4:
1008 case COMPRESS_ZLIB_3:
1009 case COMPRESS_ZLIB_2:
1010 case COMPRESS_ZLIB_1:
1014 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
1015 logger(DEBUG_ALWAYS, LOG_ERR, "ZLIB compression is unavailable on this node.");
1023 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
1024 logger(DEBUG_ALWAYS, LOG_ERR, "Compression level %i is unrecognized by this node.", myself->incompression);
1028 myself->incompression = COMPRESS_NONE;
1033 myself->nexthop = myself;
1034 myself->via = myself;
1035 myself->status.reachable = true;
1036 myself->last_state_change = now.tv_sec;
1037 myself->status.sptps = experimental;
1048 if(get_config_string(lookup_config(&config_tree, "DeviceType"), &type)) {
1049 if(!strcasecmp(type, DEVICE_DUMMY)) {
1050 devops = dummy_devops;
1051 } else if(!strcasecmp(type, "raw_socket")) {
1052 devops = raw_socket_devops;
1053 } else if(!strcasecmp(type, "multicast")) {
1054 devops = multicast_devops;
1057 #ifdef HAVE_SYS_UN_H
1058 else if(!strcasecmp(type, "fd")) {
1064 else if(!strcasecmp(type, "uml")) {
1065 devops = uml_devops;
1070 else if(!strcasecmp(type, "vde")) {
1071 devops = vde_devops;
1078 get_config_bool(lookup_config(&config_tree, "DeviceStandby"), &device_standby);
1080 if(!devops.setup()) {
1084 if(device_fd >= 0) {
1085 io_add(&device_io, handle_device_data, NULL, device_fd, IO_READ);
1090 if(!do_detach && getenv("LISTEN_FDS")) {
1094 listen_sockets = atoi(getenv("LISTEN_FDS"));
1095 #ifdef HAVE_UNSETENV
1096 unsetenv("LISTEN_FDS");
1099 if(listen_sockets > MAXSOCKETS) {
1100 logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
1104 for(int i = 0; i < listen_sockets; i++) {
1105 const int tcp_fd = i + 3;
1108 if(getsockname(tcp_fd, &sa.sa, &salen) < 0) {
1109 logger(DEBUG_ALWAYS, LOG_ERR, "Could not get address of listen fd %d: %s", tcp_fd, sockstrerror(sockerrno));
1114 fcntl(tcp_fd, F_SETFD, FD_CLOEXEC);
1117 int udp_fd = setup_vpn_in_socket(&sa);
1123 io_add(&listen_socket[i].tcp, (io_cb_t)handle_new_meta_connection, &listen_socket[i], tcp_fd, IO_READ);
1124 io_add(&listen_socket[i].udp, (io_cb_t)handle_incoming_vpn_data, &listen_socket[i], udp_fd, IO_READ);
1126 if(debug_level >= DEBUG_CONNECTIONS) {
1127 char *hostname = sockaddr2hostname(&sa);
1128 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s", hostname);
1132 memcpy(&listen_socket[i].sa, &sa, salen);
1138 for(config_t *cfg = lookup_config(&config_tree, "BindToAddress"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
1140 get_config_string(cfg, &address);
1142 if(!add_listen_address(address, true)) {
1147 for(config_t *cfg = lookup_config(&config_tree, "ListenAddress"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
1149 get_config_string(cfg, &address);
1151 if(!add_listen_address(address, false)) {
1157 if(!add_listen_address(address, NULL)) {
1162 if(!listen_sockets) {
1163 logger(DEBUG_ALWAYS, LOG_ERR, "Unable to create any listening socket!");
1167 /* If no Port option was specified, set myport to the port used by the first listening socket. */
1169 if(!port_specified || atoi(myport.tcp) == 0) {
1170 listen_socket_t *sock = &listen_socket[0];
1172 uint16_t tcp = get_bound_port(sock->tcp.fd);
1174 myport.tcp = int_to_str(tcp);
1176 uint16_t udp = get_bound_port(sock->udp.fd);
1178 myport.udp = int_to_str(udp);
1181 xasprintf(&myself->hostname, "MYSELF port %s", myport.tcp);
1182 myself->connection->hostname = xstrdup(myself->hostname);
1185 get_config_string(lookup_config(&config_tree, "UPnP"), &upnp);
1186 bool upnp_tcp = false;
1187 bool upnp_udp = false;
1190 if(!strcasecmp(upnp, "yes")) {
1191 upnp_tcp = upnp_udp = true;
1192 } else if(!strcasecmp(upnp, "udponly")) {
1199 if(upnp_tcp || upnp_udp) {
1200 #ifdef HAVE_MINIUPNPC
1201 upnp_init(upnp_tcp, upnp_udp);
1203 logger(DEBUG_ALWAYS, LOG_WARNING, "UPnP was requested, but tinc isn't built with miniupnpc support!");
1209 last_config_check = now.tv_sec;
1217 bool setup_network(void) {
1221 if(get_config_int(lookup_config(&config_tree, "PingInterval"), &pinginterval)) {
1222 if(pinginterval < 1) {
1223 pinginterval = 86400;
1229 if(!get_config_int(lookup_config(&config_tree, "PingTimeout"), &pingtimeout)) {
1233 if(pingtimeout < 1 || pingtimeout > pinginterval) {
1234 pingtimeout = pinginterval;
1237 if(!get_config_int(lookup_config(&config_tree, "MaxOutputBufferSize"), &maxoutbufsize)) {
1238 maxoutbufsize = 10 * MTU;
1241 if(!setup_myself()) {
1245 if(!init_control()) {
1249 if(!device_standby) {
1253 /* Run subnet-up scripts for our own subnets */
1255 subnet_update(myself, NULL, true);
1261 close all open network connections
1263 void close_network_connections(void) {
1264 for(list_node_t *node = connection_list.head, *next; node; node = next) {
1266 connection_t *c = node->data;
1268 /* Keep control connections open until the end, so they know when we really terminated */
1269 if(c->status.control) {
1274 terminate_connection(c, false);
1277 list_empty_list(&outgoing_list);
1279 if(myself && myself->connection) {
1280 subnet_update(myself, NULL, false);
1281 free_connection(myself->connection);
1284 for(int i = 0; i < listen_sockets; i++) {
1285 io_del(&listen_socket[i].tcp);
1286 io_del(&listen_socket[i].udp);
1287 closesocket(listen_socket[i].tcp.fd);
1288 closesocket(listen_socket[i].udp.fd);
1297 if(!device_standby) {
1304 if(device_fd >= 0) {
1314 free(scriptextension);
1315 free(scriptinterpreter);
projects / tinc / blob