2 net_socket.c -- Handle various kinds of sockets.
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2016 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2009 Florian Forster <octo@verplant.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 #include "connection.h"
27 #include "control_common.h"
38 /* Needed on Mac OS/X */
40 #define SOL_TCP IPPROTO_TCP
43 int addressfamily = AF_UNSPEC;
45 int seconds_till_retry = 5;
46 int udp_rcvbuf = 1024 * 1024;
47 int udp_sndbuf = 1024 * 1024;
48 int max_connection_burst = 100;
50 listen_socket_t listen_socket[MAXSOCKETS];
55 list_t *outgoing_list = NULL;
59 static void configure_tcp(connection_t *c) {
63 int flags = fcntl(c->socket, F_GETFL);
65 if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) {
66 logger(DEBUG_ALWAYS, LOG_ERR, "fcntl for %s: %s", c->hostname, strerror(errno));
69 unsigned long arg = 1;
71 if(ioctlsocket(c->socket, FIONBIO, &arg) != 0) {
72 logger(DEBUG_ALWAYS, LOG_ERR, "ioctlsocket for %s: %s", c->hostname, sockstrerror(sockerrno));
76 #if defined(SOL_TCP) && defined(TCP_NODELAY)
78 setsockopt(c->socket, SOL_TCP, TCP_NODELAY, (void *)&option, sizeof option);
81 #if defined(SOL_IP) && defined(IP_TOS) && defined(IPTOS_LOWDELAY)
82 option = IPTOS_LOWDELAY;
83 setsockopt(c->socket, SOL_IP, IP_TOS, (void *)&option, sizeof option);
86 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
87 option = IPTOS_LOWDELAY;
88 setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof option);
92 static bool bind_to_interface(int sd) {
95 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
98 #endif /* defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) */
100 if(!get_config_string (lookup_config (config_tree, "BindToInterface"), &iface))
103 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
104 memset(&ifr, 0, sizeof(ifr));
105 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
106 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
108 status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
110 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
111 sockstrerror(sockerrno));
114 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
115 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
121 static bool bind_to_address(connection_t *c) {
124 for(int i = 0; i < listen_sockets && listen_socket[i].bindto; i++) {
125 if(listen_socket[i].sa.sa.sa_family != c->address.sa.sa_family)
135 sockaddr_t sa = listen_socket[s].sa;
136 if(sa.sa.sa_family == AF_INET)
138 else if(sa.sa.sa_family == AF_INET6)
139 sa.in6.sin6_port = 0;
141 if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
142 logger(DEBUG_CONNECTIONS, LOG_WARNING, "Can't bind outgoing socket: %s", sockstrerror(sockerrno));
149 int setup_listen_socket(const sockaddr_t *sa) {
155 nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
158 logger(DEBUG_STATUS, LOG_ERR, "Creating metasocket failed: %s", sockstrerror(sockerrno));
163 fcntl(nfd, F_SETFD, FD_CLOEXEC);
166 /* Optimize TCP settings */
169 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof option);
171 #if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
172 if(sa->sa.sa_family == AF_INET6)
173 setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
177 (lookup_config(config_tree, "BindToInterface"), &iface)) {
178 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
181 memset(&ifr, 0, sizeof ifr);
182 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
184 if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof ifr)) {
186 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
187 sockstrerror(sockerrno));
191 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
195 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
197 addrstr = sockaddr2hostname(sa);
198 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
205 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "listen", sockstrerror(sockerrno));
212 int setup_vpn_in_socket(const sockaddr_t *sa) {
217 nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
220 logger(DEBUG_ALWAYS, LOG_ERR, "Creating UDP socket failed: %s", sockstrerror(sockerrno));
225 fcntl(nfd, F_SETFD, FD_CLOEXEC);
230 int flags = fcntl(nfd, F_GETFL);
232 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) {
234 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl",
241 unsigned long arg = 1;
242 if(ioctlsocket(nfd, FIONBIO, &arg) != 0) {
244 logger(DEBUG_ALWAYS, LOG_ERR, "Call to `%s' failed: %s", "ioctlsocket", sockstrerror(sockerrno));
251 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof option);
252 setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof option);
254 if(udp_rcvbuf && setsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf, sizeof(udp_rcvbuf)))
255 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, sockstrerror(sockerrno));
257 if(udp_sndbuf && setsockopt(nfd, SOL_SOCKET, SO_SNDBUF, (void *)&udp_sndbuf, sizeof(udp_sndbuf)))
258 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, sockstrerror(sockerrno));
260 #if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
261 if(sa->sa.sa_family == AF_INET6)
262 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
265 #if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
266 #define IP_DONTFRAGMENT IP_DONTFRAG
269 #if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
270 if(myself->options & OPTION_PMTU_DISCOVERY) {
271 option = IP_PMTUDISC_DO;
272 setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
274 #elif defined(IPPROTO_IP) && defined(IP_DONTFRAGMENT)
275 if(myself->options & OPTION_PMTU_DISCOVERY) {
277 setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
281 #if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
282 if(myself->options & OPTION_PMTU_DISCOVERY) {
283 option = IPV6_PMTUDISC_DO;
284 setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
286 #elif defined(IPPROTO_IPV6) && defined(IPV6_DONTFRAG)
287 if(myself->options & OPTION_PMTU_DISCOVERY) {
289 setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
293 if (!bind_to_interface(nfd)) {
298 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
300 addrstr = sockaddr2hostname(sa);
301 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/udp: %s", addrstr, sockstrerror(sockerrno));
307 } /* int setup_vpn_in_socket */
309 static void retry_outgoing_handler(void *data) {
310 setup_outgoing_connection(data);
313 void retry_outgoing(outgoing_t *outgoing) {
314 outgoing->timeout += 5;
316 if(outgoing->timeout > maxtimeout)
317 outgoing->timeout = maxtimeout;
319 timeout_add(&outgoing->ev, retry_outgoing_handler, outgoing, &(struct timeval){outgoing->timeout, rand() % 100000});
321 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Trying to re-establish outgoing connection in %d seconds", outgoing->timeout);
324 void finish_connecting(connection_t *c) {
325 logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
327 c->last_ping_time = now.tv_sec;
328 c->status.connecting = false;
333 static void do_outgoing_pipe(connection_t *c, char *command) {
337 if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
338 logger(DEBUG_ALWAYS, LOG_ERR, "Could not create socketpair: %s", sockstrerror(sockerrno));
345 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Using proxy %s", command);
356 // Other filedescriptors should be closed automatically by CLOEXEC
361 sockaddr2str(&c->address, &host, &port);
362 setenv("REMOTEADDRESS", host, true);
363 setenv("REMOTEPORT", port, true);
364 setenv("NODE", c->name, true);
365 setenv("NAME", myself->name, true);
367 setenv("NETNAME", netname, true);
369 int result = system(command);
371 logger(DEBUG_ALWAYS, LOG_ERR, "Could not execute %s: %s", command, strerror(errno));
373 logger(DEBUG_ALWAYS, LOG_ERR, "%s exited with non-zero status %d", command, result);
376 logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
381 static void handle_meta_write(connection_t *c) {
382 if(c->outbuf.len <= c->outbuf.offset)
385 ssize_t outlen = send(c->socket, c->outbuf.data + c->outbuf.offset, c->outbuf.len - c->outbuf.offset, 0);
387 if(!sockerrno || sockerrno == EPIPE) {
388 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname);
389 } else if(sockwouldblock(sockerrno)) {
390 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Sending %d bytes to %s (%s) would block", c->outbuf.len - c->outbuf.offset, c->name, c->hostname);
393 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not send %d bytes of data to %s (%s): %s", c->outbuf.len - c->outbuf.offset, c->name, c->hostname, sockstrerror(sockerrno));
396 terminate_connection(c, c->edge);
400 buffer_read(&c->outbuf, outlen);
402 io_set(&c->io, IO_READ);
405 static void handle_meta_io(void *data, int flags) {
406 connection_t *c = data;
408 if(c->status.connecting) {
410 The event loop does not protect against spurious events. Verify that we are actually connected
411 by issuing an empty send() call.
413 Note that the behavior of send() on potentially unconnected sockets differ between platforms:
414 +------------+-----------+-------------+-----------+
415 | Event | POSIX | Linux | Windows |
416 +------------+-----------+-------------+-----------+
417 | Spurious | ENOTCONN | EWOULDBLOCK | ENOTCONN |
418 | Failed | ENOTCONN | (cause) | ENOTCONN |
419 | Successful | (success) | (success) | (success) |
420 +------------+-----------+-------------+-----------+
422 if (send(c->socket, NULL, 0, 0) != 0) {
423 if (sockwouldblock(sockerrno))
426 if (!socknotconn(sockerrno))
427 socket_error = sockerrno;
429 socklen_t len = sizeof socket_error;
430 getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&socket_error, &len);
433 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(socket_error));
434 terminate_connection(c, false);
439 c->status.connecting = false;
440 finish_connecting(c);
444 handle_meta_write(c);
446 handle_meta_connection_data(c);
449 bool do_outgoing_connection(outgoing_t *outgoing) {
450 char *address, *port, *space;
451 struct addrinfo *proxyai = NULL;
457 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->name);
458 retry_outgoing(outgoing);
462 get_config_string(outgoing->cfg, &address);
464 space = strchr(address, ' ');
466 port = xstrdup(space + 1);
469 if(!get_config_string(lookup_config(outgoing->config_tree, "Port"), &port))
470 port = xstrdup("655");
473 outgoing->ai = str2addrinfo(address, port, SOCK_STREAM);
477 outgoing->aip = outgoing->ai;
478 outgoing->cfg = lookup_config_next(outgoing->config_tree, outgoing->cfg);
483 freeaddrinfo(outgoing->ai);
488 connection_t *c = new_connection();
489 c->outgoing = outgoing;
491 memcpy(&c->address, outgoing->aip->ai_addr, outgoing->aip->ai_addrlen);
492 outgoing->aip = outgoing->aip->ai_next;
494 c->hostname = sockaddr2hostname(&c->address);
496 logger(DEBUG_CONNECTIONS, LOG_INFO, "Trying to connect to %s (%s)", outgoing->name, c->hostname);
499 c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
501 } else if(proxytype == PROXY_EXEC) {
502 do_outgoing_pipe(c, proxyhost);
504 proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
509 logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
510 c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
514 if(c->socket == -1) {
515 logger(DEBUG_CONNECTIONS, LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno));
521 fcntl(c->socket, F_SETFD, FD_CLOEXEC);
524 if(proxytype != PROXY_EXEC) {
525 #if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
527 if(c->address.sa.sa_family == AF_INET6)
528 setsockopt(c->socket, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
531 bind_to_interface(c->socket);
538 result = connect(c->socket, &c->address.sa, SALEN(c->address.sa));
539 } else if(proxytype == PROXY_EXEC) {
542 result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen);
543 freeaddrinfo(proxyai);
546 if(result == -1 && !sockinprogress(sockerrno)) {
547 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not connect to %s (%s): %s", outgoing->name, c->hostname, sockstrerror(sockerrno));
553 /* Now that there is a working socket, fill in the rest and register this connection. */
555 c->status.connecting = true;
556 c->name = xstrdup(outgoing->name);
557 #ifndef DISABLE_LEGACY
558 c->outcipher = myself->connection->outcipher;
559 c->outdigest = myself->connection->outdigest;
561 c->outmaclength = myself->connection->outmaclength;
562 c->outcompression = myself->connection->outcompression;
563 c->last_ping_time = now.tv_sec;
567 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ|IO_WRITE);
572 // Find edges pointing to this node, and use them to build a list of unique, known addresses.
573 static struct addrinfo *get_known_addresses(node_t *n) {
574 struct addrinfo *ai = NULL;
576 for splay_each(edge_t, e, n->edge_tree) {
581 for(struct addrinfo *aip = ai; aip; aip = aip->ai_next) {
582 if(!sockaddrcmp(&e->reverse->address, (sockaddr_t *)aip->ai_addr)) {
590 struct addrinfo *nai = xzalloc(sizeof *nai);
594 ai->ai_family = e->reverse->address.sa.sa_family;
595 ai->ai_socktype = SOCK_STREAM;
596 ai->ai_protocol = IPPROTO_TCP;
597 ai->ai_addrlen = SALEN(e->reverse->address.sa);
598 ai->ai_addr = xmalloc(ai->ai_addrlen);
599 memcpy(ai->ai_addr, &e->reverse->address, ai->ai_addrlen);
605 void setup_outgoing_connection(outgoing_t *outgoing) {
606 timeout_del(&outgoing->ev);
608 node_t *n = lookup_node(outgoing->name);
610 if(n && n->connection) {
611 logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", outgoing->name);
612 if(!n->connection->outgoing) {
613 n->connection->outgoing = outgoing;
620 init_configuration(&outgoing->config_tree);
621 read_host_config(outgoing->config_tree, outgoing->name);
622 outgoing->cfg = lookup_config(outgoing->config_tree, "Address");
626 outgoing->aip = outgoing->ai = get_known_addresses(n);
628 logger(DEBUG_ALWAYS, LOG_DEBUG, "No address known for %s", outgoing->name);
633 do_outgoing_connection(outgoing);
637 list_delete(outgoing_list, outgoing);
641 accept a new tcp connect and create a
644 void handle_new_meta_connection(void *data, int flags) {
645 listen_socket_t *l = data;
649 socklen_t len = sizeof sa;
651 fd = accept(l->tcp.fd, &sa.sa, &len);
654 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
660 // Check if we get many connections from the same host
662 static sockaddr_t prev_sa;
663 static int tarpit = -1;
670 if(!sockaddrcmp_noport(&sa, &prev_sa)) {
671 static int samehost_burst;
672 static int samehost_burst_time;
674 if(now.tv_sec - samehost_burst_time > samehost_burst)
677 samehost_burst -= now.tv_sec - samehost_burst_time;
679 samehost_burst_time = now.tv_sec;
682 if(samehost_burst > max_connection_burst) {
688 memcpy(&prev_sa, &sa, sizeof sa);
690 // Check if we get many connections from different hosts
692 static int connection_burst;
693 static int connection_burst_time;
695 if(now.tv_sec - connection_burst_time > connection_burst)
696 connection_burst = 0;
698 connection_burst -= now.tv_sec - connection_burst_time;
700 connection_burst_time = now.tv_sec;
703 if(connection_burst >= max_connection_burst) {
704 connection_burst = max_connection_burst;
709 // Accept the new connection
711 c = new_connection();
712 c->name = xstrdup("<unknown>");
713 #ifndef DISABLE_LEGACY
714 c->outcipher = myself->connection->outcipher;
715 c->outdigest = myself->connection->outdigest;
717 c->outmaclength = myself->connection->outmaclength;
718 c->outcompression = myself->connection->outcompression;
721 c->hostname = sockaddr2hostname(&sa);
723 c->last_ping_time = now.tv_sec;
725 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
727 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
733 c->allow_request = ID;
739 accept a new UNIX socket connection
741 void handle_new_unix_connection(void *data, int flags) {
746 socklen_t len = sizeof sa;
748 fd = accept(io->fd, &sa.sa, &len);
751 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
757 c = new_connection();
758 c->name = xstrdup("<control>");
760 c->hostname = xstrdup("localhost port unix");
762 c->last_ping_time = now.tv_sec;
764 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
766 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
770 c->allow_request = ID;
776 static void free_outgoing(outgoing_t *outgoing) {
777 timeout_del(&outgoing->ev);
780 freeaddrinfo(outgoing->ai);
782 if(outgoing->config_tree)
783 exit_configuration(&outgoing->config_tree);
786 free(outgoing->name);
791 void try_outgoing_connections(void) {
792 /* If there is no outgoing list yet, create one. Otherwise, mark all outgoings as deleted. */
795 outgoing_list = list_alloc((list_action_t)free_outgoing);
797 for list_each(outgoing_t, outgoing, outgoing_list)
798 outgoing->timeout = -1;
801 /* Make sure there is one outgoing_t in the list for each ConnectTo. */
803 for(config_t *cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
805 get_config_string(cfg, &name);
807 if(!check_id(name)) {
808 logger(DEBUG_ALWAYS, LOG_ERR,
809 "Invalid name for outgoing connection in %s line %d",
810 cfg->file, cfg->line);
815 if(!strcmp(name, myself->name)) {
822 for list_each(outgoing_t, outgoing, outgoing_list) {
823 if(!strcmp(outgoing->name, name)) {
825 outgoing->timeout = 0;
831 outgoing_t *outgoing = xzalloc(sizeof *outgoing);
832 outgoing->name = name;
833 list_insert_tail(outgoing_list, outgoing);
834 setup_outgoing_connection(outgoing);
838 /* Terminate any connections whose outgoing_t is to be deleted. */
840 for list_each(connection_t, c, connection_list) {
841 if(c->outgoing && c->outgoing->timeout == -1) {
843 logger(DEBUG_CONNECTIONS, LOG_INFO, "No more outgoing connection to %s", c->name);
844 terminate_connection(c, c->edge);
848 /* Delete outgoing_ts for which there is no ConnectTo. */
850 for list_each(outgoing_t, outgoing, outgoing_list)
851 if(outgoing->timeout == -1)
852 list_delete_node(outgoing_list, node);
projects / tinc / blob