along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.45 2000/10/24 15:46:16 guus Exp $
+ $Id: net.c,v 1.35.4.50 2000/10/29 00:02:18 guus Exp $
*/
#include "config.h"
#include <sys/types.h>
#include <syslog.h>
#include <unistd.h>
+#include <sys/ioctl.h>
#ifdef HAVE_TUNTAP
#include LINUX_IF_TUN_H
#include "netutl.h"
#include "protocol.h"
#include "meta.h"
+#include "connlist.h"
+#include "subnet.h"
#include "system.h"
int tap_fd = -1;
-int taptype = 0;
+int taptype = TAP_TYPE_ETHERTAP;
int total_tap_in = 0;
int total_tap_out = 0;
int total_socket_in = 0;
char *unknown = NULL;
+subnet_t mymac;
+
/*
strip off the MAC adresses of an ethernet frame
*/
int outlen, outpad;
cp
outpkt.len = inpkt->len;
+/*
EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
- outlen += outpad;
+ outlen += outpad + 2;
+
+ Do encryption when everything else is fixed...
+*/
+ outlen = outpkt.len + 2;
+ memcpy(&outpkt, inpkt, outlen);
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
cl->want_ping = 1;
- if((send(cl->socket, (char *) &(outpkt.len), outlen + 2, 0)) < 0)
+ if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
{
syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
cl->name, cl->hostname);
int outlen, outpad;
cp
outpkt.len = inpkt->len;
+/*
EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
outlen += outpad;
-
- /* FIXME sometime
- add_mac_addresses(&outpkt);
- */
-
- if(write(tap_fd, outpkt.data, outpkt.len) < 0)
- syslog(LOG_ERR, _("Can't write to tap device: %m"));
- else
- total_tap_out += outpkt.len;
+
+ Do decryption is everything else is fixed...
+*/
+ outlen = outpkt.len+2;
+ memcpy(&outpkt, inpkt, outlen);
+
+ /* Fix mac address */
+
+ memcpy(outpkt.data, mymac.net.mac.address.x, 6);
+
+ if(taptype == TAP_TYPE_TUNTAP)
+ {
+ if(write(tap_fd, outpkt.data, outpkt.len) < 0)
+ syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
+ else
+ total_tap_out += outpkt.len;
+ }
+ else /* ethertap */
+ {
+ if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
+ syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
+ else
+ total_tap_out += outpkt.len + 2;
+ }
cp
return 0;
}
int send_packet(ip_t to, vpn_packet_t *packet)
{
conn_list_t *cl;
+ subnet_t *subnet;
cp
- if((cl = lookup_conn_list_ipv4(to)) == NULL)
+ if((subnet = lookup_subnet_ipv4(to)) == NULL)
{
if(debug_lvl >= DEBUG_TRAFFIC)
{
return -1;
}
+
+ cl = subnet->owner;
/* If we ourselves have indirectdata flag set, we should send only to our uplink! */
if(!cl->status.validkey)
{
+/* Don't queue until everything else is fixed.
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
cl->name, cl->hostname);
add_queue(&(cl->sq), packet, packet->len + 2);
+*/
if(!cl->status.waitingforkey)
send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
return 0;
if(!cl->status.active)
{
+/* Don't queue until everything else is fixed.
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
cl->name, cl->hostname);
add_queue(&(cl->sq), packet, packet->len + 2);
+*/
return 0; /* We don't want to mess up, do we? */
}
cp
tap_fd = nfd;
- taptype = 0;
+ /* Set default MAC address for ethertap devices */
+
+ taptype = TAP_TYPE_ETHERTAP;
+ mymac.type = SUBNET_MAC;
+ mymac.net.mac.address.x[0] = 0xfe;
+ mymac.net.mac.address.x[1] = 0xfd;
+ mymac.net.mac.address.x[2] = 0x00;
+ mymac.net.mac.address.x[3] = 0x00;
+ mymac.net.mac.address.x[4] = 0x00;
+ mymac.net.mac.address.x[5] = 0x00;
#ifdef HAVE_TUNTAP
/* Ok now check if this is an old ethertap or a new tun/tap thingie */
if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
{
syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
- taptype = 1;
-
- if((cfg = get_config_val(config, tapsubnet)) == NULL)
- syslog(LOG_INFO, _("tun/tap device will be left unconfigured"));
- else
- /* Setup inetaddr/netmask etc */;
+ taptype = TAP_TYPE_TUNTAP;
}
#endif
{
config_t const *cfg;
subnet_t *net;
- int i;
cp
myself = new_conn_list();
/* Read in all the subnets specified in the host configuration file */
- for(cfg = myself->config; cfg = get_config_val(cfg, subnet); cfg = cfg->next)
+ for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
{
net = new_subnet();
net->type = SUBNET_IPV4;
cp
cfg = get_config_val(upstreamcfg, connectto);
- if(!cfg && upstreamcfg == myself->config)
+ if(!cfg && upstreamcfg == config)
/* No upstream IP given, we're listen only. */
return;
}
signal(SIGALRM, sigalrm_handler);
- upstreamcfg = myself->config;
+ upstreamcfg = config;
seconds_till_retry += 5;
if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
seconds_till_retry = MAXTIMEOUT;
free(scriptname);
- if(!(cfg = get_config_val(myself->config, connectto)))
+ if(!(cfg = get_config_val(config, connectto)))
/* No upstream IP given, we're listen only. */
return 0;
}
signal(SIGALRM, sigalrm_handler);
- upstreamcfg = myself->config;
+ upstreamcfg = config;
seconds_till_retry = MAXTIMEOUT;
syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
alarm(seconds_till_retry);
}
if(p->status.meta)
{
- send_termreq(p);
shutdown(p->meta_socket, 0); /* No more receptions */
close(p->meta_socket);
}
int handle_incoming_vpn_data()
{
vpn_packet_t pkt;
- int lenin;
int x, l = sizeof(x);
struct sockaddr from;
socklen_t fromlen = sizeof(from);
void terminate_connection(conn_list_t *cl)
{
conn_list_t *p;
-
+ subnet_t *s;
cp
if(cl->status.remove)
- return;
+ {
+ return;
+ }
+
+ cl->status.remove = 1;
if(debug_lvl >= DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
if(cl->status.meta)
close(cl->meta_socket);
- cl->status.remove = 1;
-
- /* If this cl isn't active, don't send any DEL_HOSTs. */
-
-/* FIXME: reprogram this.
- if(cl->status.active)
- notify_others(cl,NULL,send_del_host);
-*/
-
cp
/* Find all connections that were lost because they were behind cl
(the connection that was dropped). */
+
if(cl->status.meta)
for(p = conn_list; p != NULL; p = p->next)
- {
- if((p->nexthop == cl) && (p != cl))
- {
- if(cl->status.active && p->status.active)
-/* FIXME: reprogram this
- notify_others(p,cl,send_del_host);
-*/;
- if(cl->socket)
- close(cl->socket);
- p->status.active = 0;
- p->status.remove = 1;
- }
- }
-
+ if((p->nexthop == cl) && (p != cl))
+ terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
+
+ /* Inform others of termination if it was still active */
+
+ if(cl->status.active)
+ for(p = conn_list; p != NULL; p = p->next)
+ if(p->status.meta && p->status.active && p!=cl)
+ send_del_host(p, cl);
+
+ /* Remove the associated subnets */
+
+ for(s = cl->subnets; s; s = s->next)
+ subnet_del(s);
+
+ /* Inactivate */
+
cl->status.active = 0;
-
+
+ /* Check if this was our outgoing connection */
+
if(cl->status.outgoing)
{
signal(SIGALRM, sigalrm_handler);
now = time(NULL);
for(p = conn_list; p != NULL; p = p->next)
{
- if(p->status.remove)
- continue;
if(p->status.active && p->status.meta)
{
if(p->last_ping_time + timeout < now)
return 0;
}
- ncn->status.meta = 1;
- ncn->next = conn_list;
- conn_list = ncn;
+ conn_list_add(ncn);
cp
return 0;
}
vpn_packet_t vp;
int lenin;
cp
- if(taptype = 1)
+ if(taptype == TAP_TYPE_TUNTAP)
{
if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
{
- syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
+ syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
return;
}
vp.len = lenin;
}
- else
+ else /* ethertap */
{
- if((lenin = read(tap_fd, &vp, MTU)) <= 0)
+ if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
{
- syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
+ syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
return;
}
vp.len = lenin - 2;
syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
}
-// route_packet(&vp);
+ send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
cp
}