2 net_socket.c -- Handle various kinds of sockets.
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2018 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2009 Florian Forster <octo@verplant.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "address_cache.h"
27 #include "connection.h"
38 int addressfamily = AF_UNSPEC;
40 int seconds_till_retry = 5;
41 int udp_rcvbuf = 1024 * 1024;
42 int udp_sndbuf = 1024 * 1024;
43 bool udp_rcvbuf_warnings;
44 bool udp_sndbuf_warnings;
45 int max_connection_burst = 10;
48 listen_socket_t listen_socket[MAXSOCKETS];
54 static void free_outgoing(outgoing_t *outgoing) {
55 timeout_del(&outgoing->ev);
59 list_t outgoing_list = {
63 .delete = (list_action_t)free_outgoing,
68 static void configure_tcp(connection_t *c) {
72 int flags = fcntl(c->socket, F_GETFL);
74 if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) {
75 logger(DEBUG_ALWAYS, LOG_ERR, "fcntl for %s fd %d: %s", c->hostname, c->socket, strerror(errno));
79 unsigned long arg = 1;
81 if(ioctlsocket(c->socket, FIONBIO, &arg) != 0) {
82 logger(DEBUG_ALWAYS, LOG_ERR, "ioctlsocket for %s fd %d: %s", c->hostname, c->socket, sockstrerror(sockerrno));
87 #if defined(TCP_NODELAY)
89 setsockopt(c->socket, IPPROTO_TCP, TCP_NODELAY, (void *)&option, sizeof(option));
92 #if defined(IP_TOS) && defined(IPTOS_LOWDELAY)
93 option = IPTOS_LOWDELAY;
94 setsockopt(c->socket, IPPROTO_IP, IP_TOS, (void *)&option, sizeof(option));
97 #if defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
98 option = IPTOS_LOWDELAY;
99 setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
105 setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
111 static bool bind_to_interface(int sd) {
114 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
117 #endif /* defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) */
119 if(!get_config_string(lookup_config(&config_tree, "BindToInterface"), &iface)) {
123 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
124 memset(&ifr, 0, sizeof(ifr));
125 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
126 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
128 status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
131 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
132 sockstrerror(sockerrno));
136 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
138 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
144 static bool bind_to_address(connection_t *c) {
147 for(int i = 0; i < listen_sockets && listen_socket[i].bindto; i++) {
148 if(listen_socket[i].sa.sa.sa_family != c->address.sa.sa_family) {
163 sockaddr_t sa = listen_socket[s].sa;
165 if(sa.sa.sa_family == AF_INET) {
167 } else if(sa.sa.sa_family == AF_INET6) {
168 sa.in6.sin6_port = 0;
171 if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
172 logger(DEBUG_CONNECTIONS, LOG_WARNING, "Can't bind outgoing socket: %s", sockstrerror(sockerrno));
179 static bool try_bind(int nfd, const sockaddr_t *sa, const char *type) {
180 if(!bind(nfd, &sa->sa, SALEN(sa->sa))) {
185 char *addrstr = sockaddr2hostname(sa);
186 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/%s: %s", addrstr, type, sockstrerror(sockerrno));
191 int setup_listen_socket(const sockaddr_t *sa) {
196 nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
199 logger(DEBUG_STATUS, LOG_ERR, "Creating metasocket failed: %s", sockstrerror(sockerrno));
204 fcntl(nfd, F_SETFD, FD_CLOEXEC);
207 /* Optimize TCP settings */
210 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
212 #if defined(IPV6_V6ONLY)
214 if(sa->sa.sa_family == AF_INET6) {
215 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
219 #warning IPV6_V6ONLY not defined
225 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
231 (lookup_config(&config_tree, "BindToInterface"), &iface)) {
232 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
235 memset(&ifr, 0, sizeof(ifr));
236 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
237 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
239 if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
241 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
242 sockstrerror(sockerrno));
247 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
251 if(!try_bind(nfd, sa, "tcp")) {
257 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "listen", sockstrerror(sockerrno));
264 static void set_udp_buffer(int nfd, int type, const char *name, int size, bool warnings) {
269 if(setsockopt(nfd, SOL_SOCKET, type, (void *)&size, sizeof(size))) {
270 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP %s to %i: %s", name, size, sockstrerror(sockerrno));
278 // The system may cap the requested buffer size.
279 // Read back the value and check if it is now as requested.
281 socklen_t optlen = sizeof(actual);
283 if(getsockopt(nfd, SOL_SOCKET, type, (void *)&actual, &optlen)) {
284 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP %s: %s", name, sockstrerror(sockerrno));
285 } else if(optlen != sizeof(actual)) {
286 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP %s: unexpected returned optlen %d", name, (int)optlen);
287 } else if(actual < size) {
288 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP %s to %i, the system set it to %i instead", name, size, actual);
292 int setup_vpn_in_socket(const sockaddr_t *sa) {
296 nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
299 logger(DEBUG_ALWAYS, LOG_ERR, "Creating UDP socket failed: %s", sockstrerror(sockerrno));
304 fcntl(nfd, F_SETFD, FD_CLOEXEC);
309 int flags = fcntl(nfd, F_GETFL);
311 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) {
313 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl",
320 unsigned long arg = 1;
322 if(ioctlsocket(nfd, FIONBIO, &arg) != 0) {
324 logger(DEBUG_ALWAYS, LOG_ERR, "Call to `%s' failed: %s", "ioctlsocket", sockstrerror(sockerrno));
331 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
332 setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof(option));
334 set_udp_buffer(nfd, SO_RCVBUF, "SO_RCVBUF", udp_rcvbuf, udp_rcvbuf_warnings);
335 set_udp_buffer(nfd, SO_SNDBUF, "SO_SNDBUF", udp_sndbuf, udp_sndbuf_warnings);
337 #if defined(IPV6_V6ONLY)
339 if(sa->sa.sa_family == AF_INET6) {
340 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
345 #if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
346 #define IP_DONTFRAGMENT IP_DONTFRAG
349 #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
351 if(myself->options & OPTION_PMTU_DISCOVERY) {
352 option = IP_PMTUDISC_DO;
353 setsockopt(nfd, IPPROTO_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
356 #elif defined(IP_DONTFRAGMENT)
358 if(myself->options & OPTION_PMTU_DISCOVERY) {
360 setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
365 #if defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
367 if(myself->options & OPTION_PMTU_DISCOVERY) {
368 option = IPV6_PMTUDISC_DO;
369 setsockopt(nfd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
372 #elif defined(IPV6_DONTFRAG)
374 if(myself->options & OPTION_PMTU_DISCOVERY) {
376 setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
384 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
389 if(!bind_to_interface(nfd)) {
394 if(!try_bind(nfd, sa, "udp")) {
399 } /* int setup_vpn_in_socket */
401 static void retry_outgoing_handler(void *data) {
402 setup_outgoing_connection(data, true);
405 void retry_outgoing(outgoing_t *outgoing) {
406 outgoing->timeout += 5;
408 if(outgoing->timeout > maxtimeout) {
409 outgoing->timeout = maxtimeout;
412 timeout_add(&outgoing->ev, retry_outgoing_handler, outgoing, &(struct timeval) {
413 outgoing->timeout, jitter()
416 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Trying to re-establish outgoing connection in %d seconds", outgoing->timeout);
419 void finish_connecting(connection_t *c) {
420 logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
422 c->last_ping_time = now.tv_sec;
423 c->status.connecting = false;
428 static void do_outgoing_pipe(connection_t *c, const char *command) {
432 if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
433 logger(DEBUG_ALWAYS, LOG_ERR, "Could not create socketpair: %s", sockstrerror(sockerrno));
440 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Using proxy %s", command);
451 // Other filedescriptors should be closed automatically by CLOEXEC
456 sockaddr2str(&c->address, &host, &port);
457 setenv("REMOTEADDRESS", host, true);
458 setenv("REMOTEPORT", port, true);
459 setenv("NODE", c->name, true);
460 setenv("NAME", myself->name, true);
463 setenv("NETNAME", netname, true);
466 int result = system(command);
469 logger(DEBUG_ALWAYS, LOG_ERR, "Could not execute %s: %s", command, strerror(errno));
471 logger(DEBUG_ALWAYS, LOG_ERR, "%s exited with non-zero status %d", command, result);
478 logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
483 static void handle_meta_write(connection_t *c) {
484 if(c->outbuf.len <= c->outbuf.offset) {
488 ssize_t outlen = send(c->socket, c->outbuf.data + c->outbuf.offset, c->outbuf.len - c->outbuf.offset, 0);
491 if(!sockerrno || sockerrno == EPIPE) {
492 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname);
493 } else if(sockwouldblock(sockerrno)) {
494 logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes to %s (%s) would block", c->outbuf.len - c->outbuf.offset, c->name, c->hostname);
497 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not send %d bytes of data to %s (%s): %s", c->outbuf.len - c->outbuf.offset, c->name, c->hostname, sockstrerror(sockerrno));
500 terminate_connection(c, c->edge);
504 buffer_read(&c->outbuf, outlen);
507 io_set(&c->io, IO_READ);
511 static void handle_meta_io(void *data, int flags) {
512 connection_t *c = data;
514 if(c->status.connecting) {
516 The event loop does not protect against spurious events. Verify that we are actually connected
517 by issuing an empty send() call.
519 Note that the behavior of send() on potentially unconnected sockets differ between platforms:
520 +------------+-----------+-------------+-----------+
521 | Event | POSIX | Linux | Windows |
522 +------------+-----------+-------------+-----------+
523 | Spurious | ENOTCONN | EWOULDBLOCK | ENOTCONN |
524 | Failed | ENOTCONN | (cause) | ENOTCONN |
525 | Successful | (success) | (success) | (success) |
526 +------------+-----------+-------------+-----------+
528 if(send(c->socket, NULL, 0, 0) != 0) {
529 if(sockwouldblock(sockerrno)) {
535 if(!socknotconn(sockerrno)) {
536 socket_error = sockerrno;
538 socklen_t len = sizeof(socket_error);
539 getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&socket_error, &len);
543 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(socket_error));
544 terminate_connection(c, false);
550 c->status.connecting = false;
551 finish_connecting(c);
554 if(flags & IO_WRITE) {
555 handle_meta_write(c);
557 handle_meta_connection_data(c);
561 bool do_outgoing_connection(outgoing_t *outgoing) {
562 const sockaddr_t *sa;
563 struct addrinfo *proxyai = NULL;
567 sa = get_recent_address(outgoing->node->address_cache);
570 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name);
571 retry_outgoing(outgoing);
575 connection_t *c = new_connection();
576 c->outgoing = outgoing;
577 memcpy(&c->address, sa, SALEN(sa->sa));
578 c->hostname = sockaddr2hostname(&c->address);
580 logger(DEBUG_CONNECTIONS, LOG_INFO, "Trying to connect to %s (%s)", outgoing->node->name, c->hostname);
583 c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
585 } else if(proxytype == PROXY_EXEC) {
586 do_outgoing_pipe(c, proxyhost);
588 proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
595 logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
596 c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
600 if(c->socket == -1) {
601 logger(DEBUG_CONNECTIONS, LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno));
607 fcntl(c->socket, F_SETFD, FD_CLOEXEC);
610 if(proxytype != PROXY_EXEC) {
611 #if defined(IPV6_V6ONLY)
614 if(c->address.sa.sa_family == AF_INET6) {
615 setsockopt(c->socket, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
620 bind_to_interface(c->socket);
627 result = connect(c->socket, &c->address.sa, SALEN(c->address.sa));
628 } else if(proxytype == PROXY_EXEC) {
635 result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen);
636 freeaddrinfo(proxyai);
639 if(result == -1 && !sockinprogress(sockerrno)) {
640 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not connect to %s (%s): %s", outgoing->node->name, c->hostname, sockstrerror(sockerrno));
646 /* Now that there is a working socket, fill in the rest and register this connection. */
648 c->last_ping_time = time(NULL);
649 c->status.connecting = true;
650 c->name = xstrdup(outgoing->node->name);
651 #ifndef DISABLE_LEGACY
652 c->outcipher = myself->connection->outcipher;
653 c->outdigest = myself->connection->outdigest;
655 c->outmaclength = myself->connection->outmaclength;
656 c->outcompression = myself->connection->outcompression;
657 c->last_ping_time = now.tv_sec;
661 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ | IO_WRITE);
666 void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
668 timeout_del(&outgoing->ev);
670 node_t *n = outgoing->node;
672 if(!n->address_cache) {
673 n->address_cache = open_address_cache(n);
677 logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name);
679 if(!n->connection->outgoing) {
680 n->connection->outgoing = outgoing;
687 do_outgoing_connection(outgoing);
691 list_delete(&outgoing_list, outgoing);
695 accept a new tcp connect and create a
698 void handle_new_meta_connection(void *data, int flags) {
700 listen_socket_t *l = data;
704 socklen_t len = sizeof(sa);
706 fd = accept(l->tcp.fd, &sa.sa, &len);
709 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
715 // Check if we get many connections from the same host
717 static sockaddr_t prev_sa;
719 if(!sockaddrcmp_noport(&sa, &prev_sa)) {
720 static time_t samehost_burst;
721 static time_t samehost_burst_time;
723 if(now.tv_sec - samehost_burst_time > samehost_burst) {
726 samehost_burst -= now.tv_sec - samehost_burst_time;
729 samehost_burst_time = now.tv_sec;
732 if(samehost_burst > max_connection_burst) {
738 memcpy(&prev_sa, &sa, sizeof(sa));
740 // Check if we get many connections from different hosts
742 static time_t connection_burst;
743 static time_t connection_burst_time;
745 if(now.tv_sec - connection_burst_time > connection_burst) {
746 connection_burst = 0;
748 connection_burst -= now.tv_sec - connection_burst_time;
751 connection_burst_time = now.tv_sec;
754 if(connection_burst >= max_connection_burst) {
755 connection_burst = max_connection_burst;
760 // Accept the new connection
762 c = new_connection();
763 c->name = xstrdup("<unknown>");
764 #ifndef DISABLE_LEGACY
765 c->outcipher = myself->connection->outcipher;
766 c->outdigest = myself->connection->outdigest;
768 c->outmaclength = myself->connection->outmaclength;
769 c->outcompression = myself->connection->outcompression;
772 c->hostname = sockaddr2hostname(&sa);
774 c->last_ping_time = now.tv_sec;
776 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
778 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
784 c->allow_request = ID;
789 accept a new UNIX socket connection
791 void handle_new_unix_connection(void *data, int flags) {
797 socklen_t len = sizeof(sa);
799 fd = accept(io->fd, &sa.sa, &len);
802 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
808 c = new_connection();
809 c->name = xstrdup("<control>");
811 c->hostname = xstrdup("localhost port unix");
813 c->last_ping_time = now.tv_sec;
815 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
817 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
821 c->allow_request = ID;
825 void try_outgoing_connections(void) {
826 /* If there is no outgoing list yet, create one. Otherwise, mark all outgoings as deleted. */
828 for list_each(outgoing_t, outgoing, &outgoing_list) {
829 outgoing->timeout = -1;
832 /* Make sure there is one outgoing_t in the list for each ConnectTo. */
834 for(config_t *cfg = lookup_config(&config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
836 get_config_string(cfg, &name);
838 if(!check_id(name)) {
839 logger(DEBUG_ALWAYS, LOG_ERR,
840 "Invalid name for outgoing connection in %s line %d",
841 cfg->file, cfg->line);
846 if(!strcmp(name, myself->name)) {
853 for list_each(outgoing_t, outgoing, &outgoing_list) {
854 if(!strcmp(outgoing->node->name, name)) {
856 outgoing->timeout = 0;
862 outgoing_t *outgoing = xzalloc(sizeof(*outgoing));
863 node_t *n = lookup_node(name);
867 n->name = xstrdup(name);
874 list_insert_tail(&outgoing_list, outgoing);
875 setup_outgoing_connection(outgoing, true);
879 /* Terminate any connections whose outgoing_t is to be deleted. */
881 for list_each(connection_t, c, &connection_list) {
882 if(c->outgoing && c->outgoing->timeout == -1) {
884 logger(DEBUG_CONNECTIONS, LOG_INFO, "No more outgoing connection to %s", c->name);
885 terminate_connection(c, c->edge);
889 /* Delete outgoing_ts for which there is no ConnectTo. */
891 for list_each(outgoing_t, outgoing, &outgoing_list)
892 if(outgoing->timeout == -1) {
893 list_delete_node(&outgoing_list, node);
projects / tinc / blob