X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=31acd38900a0939d45e73e5f02326314b19f5407;hp=ec28d6a9f967e0d98400f3fc67e207d1386db312;hb=783c8298610d5670f6e118f49bd3d1fdfa61ae1d;hpb=b50523dc44bbb32f03d24573e195c071cbff3fc4 diff --git a/src/net.c b/src/net.c index ec28d6a9..31acd389 100644 --- a/src/net.c +++ b/src/net.c @@ -1,6 +1,7 @@ /* net.c -- most of the network code - Copyright (C) 1998,99 Ivo Timmermans + Copyright (C) 1998,1999,2000 Ivo Timmermans , + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,6 +16,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: net.c,v 1.35.4.7 2000/06/26 19:39:34 guus Exp $ */ #include "config.h" @@ -44,6 +47,8 @@ #include "netutl.h" #include "protocol.h" +#include "system.h" + int tap_fd = -1; int total_tap_in = 0; @@ -51,7 +56,7 @@ int total_tap_out = 0; int total_socket_in = 0; int total_socket_out = 0; -time_t last_ping_time = 0; +static int seconds_till_retry; /* The global list of existing connections */ conn_list_t *conn_list = NULL; @@ -63,10 +68,11 @@ conn_list_t *myself = NULL; void strip_mac_addresses(vpn_packet_t *p) { unsigned char tmp[MAXSIZE]; - +cp memcpy(tmp, p->data, p->len); p->len -= 12; memcpy(p->data, &tmp[12], p->len); +cp } /* @@ -75,7 +81,7 @@ void strip_mac_addresses(vpn_packet_t *p) void add_mac_addresses(vpn_packet_t *p) { unsigned char tmp[MAXSIZE]; - +cp memcpy(&tmp[12], p->data, p->len); p->len += 12; tmp[0] = tmp[6] = 0xfe; @@ -83,63 +89,57 @@ void add_mac_addresses(vpn_packet_t *p) *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip)); *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26])); memcpy(p->data, &tmp[0], p->len); +cp } int xsend(conn_list_t *cl, void *packet) { int r; real_packet_t rp; - +cp do_encrypt((vpn_packet_t*)packet, &rp, cl->key); - rp.from = myself->vpn_ip; + rp.from = htonl(myself->vpn_ip); + rp.data.len = htons(rp.data.len); + rp.len = htons(rp.len); if(debug_lvl > 3) - syslog(LOG_ERR, "Sent %d bytes to %lx", rp.len, cl->vpn_ip); + syslog(LOG_ERR, _("Sending packet of %d bytes to " IP_ADDR_S " (%s)"), + ntohs(rp.len), IP_ADDR_V(cl->vpn_ip), cl->hostname); - if((r = send(cl->socket, (char*)&rp, rp.len, 0)) < 0) + if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) { - syslog(LOG_ERR, "Error sending data: %m"); + syslog(LOG_ERR, _("Error sending packet to " IP_ADDR_S " (%s): %m"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } total_socket_out += r; + cl->want_ping = 1; +cp return 0; } -/* - write as many bytes as possible to the tap - device, possibly in multiple turns. -*/ -int write_n(int fd, void *buf, size_t len) -{ - int r, done = 0; - - do - { - if((r = write(fd, buf, len)) < 0) - return -1; - len -= r; - buf += r; - done += r; - } while(len > 0); - - return done; -} - int xrecv(conn_list_t *cl, void *packet) { vpn_packet_t vp; int lenin; - +cp do_decrypt((real_packet_t*)packet, &vp, cl->key); add_mac_addresses(&vp); - if((lenin = write_n(tap_fd, &vp, vp.len + 2)) < 0) - syslog(LOG_ERR, "Can't write to tap device: %m"); + if(debug_lvl > 3) + syslog(LOG_ERR, _("Receiving packet of %d bytes from " IP_ADDR_S " (%s)"), + ((real_packet_t*)packet)->len, IP_ADDR_V(cl->vpn_ip), cl->hostname); + + if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) + syslog(LOG_ERR, _("Can't write to tap device: %m")); else total_tap_out += lenin; + cl->want_ping = 0; + cl->last_ping_time = time(NULL); +cp return 0; } @@ -149,29 +149,70 @@ int xrecv(conn_list_t *cl, void *packet) */ void add_queue(packet_queue_t **q, void *packet, size_t s) { - queue_element_t *e, *p; - - if(debug_lvl > 3) - syslog(LOG_DEBUG, "packet to queue: %d", s); - - e = xmalloc(sizeof(queue_element_t)); + queue_element_t *e; +cp + e = xmalloc(sizeof(*e)); e->packet = xmalloc(s); memcpy(e->packet, packet, s); + if(!*q) { - *q = xmalloc(sizeof(packet_queue_t)); + *q = xmalloc(sizeof(**q)); (*q)->head = (*q)->tail = NULL; } - e->next = NULL; + e->next = NULL; /* We insert at the tail */ - if((*q)->tail != NULL) - (*q)->tail->next = e; + if((*q)->tail) /* Do we have a tail? */ + { + (*q)->tail->next = e; + e->prev = (*q)->tail; + } + else /* No tail -> no head too */ + { + (*q)->head = e; + e->prev = NULL; + } (*q)->tail = e; +cp +} - if((*q)->head == NULL) - (*q)->head = e; +/* Remove a queue element */ +void del_queue(packet_queue_t **q, queue_element_t *e) +{ +cp + free(e->packet); + + if(e->next) /* There is a successor, so we are not tail */ + { + if(e->prev) /* There is a predecessor, so we are not head */ + { + e->next->prev = e->prev; + e->prev->next = e->next; + } + else /* We are head */ + { + e->next->prev = NULL; + (*q)->head = e->next; + } + } + else /* We are tail (or all alone!) */ + { + if(e->prev) /* We are not alone :) */ + { + e->prev->next = NULL; + (*q)->tail = e->prev; + } + else /* Adieu */ + { + free(*q); + *q = NULL; + } + } + + free(e); +cp } /* @@ -179,38 +220,24 @@ void add_queue(packet_queue_t **q, void *packet, size_t s) each packet, and removing it when that returned a zero exit code */ -void flush_queue(conn_list_t *cl, packet_queue_t *pq, +void flush_queue(conn_list_t *cl, packet_queue_t **pq, int (*function)(conn_list_t*,void*)) { - queue_element_t *p, *prev = NULL, *next = NULL; - - for(p = pq->head; p != NULL; ) + queue_element_t *p, *next = NULL; +cp + for(p = (*pq)->head; p != NULL; ) { next = p->next; -cp if(!function(cl, p->packet)) - { - if(prev) - prev->next = next; - else - pq->head = next; - -cp - free(p->packet); -cp - free(p); -cp - } - else - prev = p; -cp - + del_queue(pq, p); + p = next; } if(debug_lvl > 3) - syslog(LOG_DEBUG, "queue flushed"); + syslog(LOG_DEBUG, _("Queue flushed")); +cp } /* @@ -223,19 +250,18 @@ void flush_queues(conn_list_t *cl) cp if(cl->sq) { - if(debug_lvl > 1) - syslog(LOG_DEBUG, "Flushing send queue for " IP_ADDR_S, + if(debug_lvl > 3) + syslog(LOG_DEBUG, _("Flushing send queue for " IP_ADDR_S), IP_ADDR_V(cl->vpn_ip)); - flush_queue(cl, cl->sq, xsend); + flush_queue(cl, &(cl->sq), xsend); } -cp if(cl->rq) { - if(debug_lvl > 1) - syslog(LOG_DEBUG, "Flushing receive queue for " IP_ADDR_S, + if(debug_lvl > 3) + syslog(LOG_DEBUG, _("Flushing receive queue for " IP_ADDR_S), IP_ADDR_V(cl->vpn_ip)); - flush_queue(cl, cl->rq, xrecv); + flush_queue(cl, &(cl->rq), xrecv); } cp } @@ -246,47 +272,96 @@ cp int send_packet(ip_t to, vpn_packet_t *packet) { conn_list_t *cl; - +cp if((cl = lookup_conn(to)) == NULL) { - if(debug_lvl > 2) + if(debug_lvl > 3) { - syslog(LOG_NOTICE, "trying to look up " IP_ADDR_S " in connection list failed.", + syslog(LOG_NOTICE, _("Trying to look up " IP_ADDR_S " in connection list failed!"), IP_ADDR_V(to)); } + + /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */ + + return -1; + + for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next); + if(!cl) + { /* No open outgoing connection has been found. */ + if(debug_lvl > 3) + syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!")); + return -1; + } + } + + /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ + + if(myself->flags & EXPORTINDIRECTDATA) + { for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next); if(!cl) { /* No open outgoing connection has been found. */ - if(debug_lvl > 2) - syslog(LOG_NOTICE, "There is no remote host I can send this packet to."); + if(debug_lvl > 3) + syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!")); return -1; } } + else + + /* If indirectdata flag is set for the destination we just looked up, + * then real_ip is actually the vpn_ip of the gateway tincd + * it is behind. + */ + + if(cl->flags & INDIRECTDATA) + { + if(debug_lvl > 3) + syslog(LOG_NOTICE, _("Indirect packet to " IP_ADDR_S " via " IP_ADDR_S), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + if((cl = lookup_conn(cl->real_ip)) == NULL) + { + if(debug_lvl > 3) + syslog(LOG_NOTICE, _("Indirect look up " IP_ADDR_S " in connection list failed!"), + IP_ADDR_V(to)); + + /* Gateway tincd dead? Should we kill it? (GS) */ + + return -1; + } + if(cl->flags & INDIRECTDATA) /* This should not happen */ + { + if(debug_lvl > 3) + syslog(LOG_NOTICE, _("Double indirection for " IP_ADDR_S), + IP_ADDR_V(to)); + return -1; + } + } -cp if(my_key_expiry <= time(NULL)) regenerate_keys(); -cp if(!cl->status.dataopen) if(setup_vpn_connection(cl) < 0) - return -1; -cp - + { + syslog(LOG_ERR, _("Could not open UDP connection to " IP_ADDR_S " (%s)"), IP_ADDR_V(cl->vpn_ip), cl->hostname); + return -1; + } + if(!cl->status.validkey) { + if(debug_lvl > 3) + syslog(LOG_INFO, _(IP_ADDR_S " (%s) has no valid key, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); if(!cl->status.waitingforkey) - send_key_request(to); + send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */ return 0; } -cp if(!cl->status.active) { + if(debug_lvl > 3) + syslog(LOG_INFO, _(IP_ADDR_S " (%s) is not ready, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); - if(debug_lvl > 1) - syslog(LOG_INFO, IP_ADDR_S " is not ready, queueing packet.", IP_ADDR_V(cl->vpn_ip)); return 0; /* We don't want to mess up, do we? */ } @@ -295,21 +370,6 @@ cp return xsend(cl, packet); } -int send_broadcast(conn_list_t *cl, vpn_packet_t *packet) -{ - conn_list_t *p; - - for(p = cl; p != NULL; p = p->next) - if(send_packet(p->real_ip, packet) < 0) - { - syslog(LOG_ERR, "Could not send a broadcast packet to %08lx (%08lx): %m", - p->vpn_ip, p->real_ip); - break; /* FIXME: should retry later, and send a ping over the metaconnection. */ - } - - return 0; -} - /* open the local ethertap device */ @@ -318,7 +378,7 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; - +cp if((cfg = get_config_val(tapdevice)) == NULL) tapfname = "/dev/tap0"; else @@ -326,11 +386,12 @@ int setup_tap_fd(void) if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, "Could not open %s: %m", tapfname); + syslog(LOG_ERR, _("Could not open %s: %m"), tapfname); return -1; } tap_fd = nfd; +cp return 0; } @@ -343,23 +404,23 @@ int setup_listen_meta_socket(int port) int nfd, flags; struct sockaddr_in a; const int one = 1; - +cp if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { - syslog(LOG_ERR, "Creating metasocket failed: %m"); + syslog(LOG_ERR, _("Creating metasocket failed: %m")); return -1; } if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { - syslog(LOG_ERR, "setsockopt: %m"); + syslog(LOG_ERR, _("setsockopt: %m")); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, "fcntl: %m"); + syslog(LOG_ERR, _("fcntl: %m")); return -1; } @@ -370,16 +431,16 @@ int setup_listen_meta_socket(int port) if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { - syslog(LOG_ERR, "Can't bind to port %hd/tcp: %m", port); + syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port); return -1; } if(listen(nfd, 3)) { - syslog(LOG_ERR, "listen: %m"); + syslog(LOG_ERR, _("listen: %m")); return -1; } - +cp return nfd; } @@ -392,23 +453,23 @@ int setup_vpn_in_socket(int port) int nfd, flags; struct sockaddr_in a; const int one = 1; - +cp if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { - syslog(LOG_ERR, "Creating socket failed: %m"); + syslog(LOG_ERR, _("Creating socket failed: %m")); return -1; } if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { - syslog(LOG_ERR, "setsockopt: %m"); + syslog(LOG_ERR, _("setsockopt: %m")); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, "fcntl: %m"); + syslog(LOG_ERR, _("fcntl: %m")); return -1; } @@ -419,10 +480,10 @@ int setup_vpn_in_socket(int port) if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { - syslog(LOG_ERR, "Can't bind to port %hd/udp: %m", port); + syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port); return -1; } - +cp return nfd; } @@ -434,7 +495,7 @@ int setup_outgoing_meta_socket(conn_list_t *cl) int flags; struct sockaddr_in a; config_t const *cfg; - +cp if((cfg = get_config_val(upstreamport)) == NULL) cl->port = 655; else @@ -443,7 +504,7 @@ int setup_outgoing_meta_socket(conn_list_t *cl) cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(cl->meta_socket == -1) { - syslog(LOG_ERR, "Creating socket failed: %m"); + syslog(LOG_ERR, _("Creating socket failed: %m")); return -1; } @@ -453,21 +514,20 @@ int setup_outgoing_meta_socket(conn_list_t *cl) if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1) { - syslog(LOG_ERR, IP_ADDR_S ":%d: %m", IP_ADDR_V(cl->real_ip), cl->port); + syslog(LOG_ERR, _(IP_ADDR_S ":%d: %m"), IP_ADDR_V(cl->real_ip), cl->port); return -1; } flags = fcntl(cl->meta_socket, F_GETFL); if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, "fcntl: %m"); + syslog(LOG_ERR, _("fcntl: %m")); return -1; } - cl->hostname = hostlookup(htonl(cl->real_ip)); - - syslog(LOG_INFO, "Connected to %s:%hd" , cl->hostname, cl->port); - + syslog(LOG_INFO, _("Connected to " IP_ADDR_S ":%hd"), + IP_ADDR_V(cl->real_ip), cl->port); +cp return 0; } @@ -481,13 +541,14 @@ int setup_outgoing_meta_socket(conn_list_t *cl) int setup_outgoing_connection(ip_t ip) { conn_list_t *ncn; - +cp ncn = new_conn_list(); ncn->real_ip = ip; - + ncn->hostname = hostlookup(htonl(ip)); + if(setup_outgoing_meta_socket(ncn) < 0) { - syslog(LOG_ERR, "Could not set up a meta connection."); + syslog(LOG_ERR, _("Could not set up a meta connection!")); free_conn_element(ncn); return -1; } @@ -496,7 +557,7 @@ int setup_outgoing_connection(ip_t ip) ncn->status.outgoing = 1; ncn->next = conn_list; conn_list = ncn; - +cp return 0; } @@ -506,52 +567,82 @@ int setup_outgoing_connection(ip_t ip) int setup_myself(void) { config_t const *cfg; - +cp myself = new_conn_list(); if(!(cfg = get_config_val(myvpnip))) { - syslog(LOG_ERR, "No value for my VPN IP given"); + syslog(LOG_ERR, _("No value for my VPN IP given")); return -1; } myself->vpn_ip = cfg->data.ip->ip; + myself->hostname = hostlookup(htonl(myself->vpn_ip)); myself->vpn_mask = cfg->data.ip->mask; + myself->flags = 0; if(!(cfg = get_config_val(listenport))) myself->port = 655; else myself->port = cfg->data.val; + if(cfg = get_config_val(indirectdata)) + if(cfg->data.val) + myself->flags |= EXPORTINDIRECTDATA; + if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { - syslog(LOG_ERR, "Unable to set up a listening socket"); + syslog(LOG_ERR, _("Unable to set up a listening socket")); return -1; } if((myself->socket = setup_vpn_in_socket(myself->port)) < 0) { - syslog(LOG_ERR, "Unable to set up an incoming vpn data socket"); + syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket")); close(myself->meta_socket); return -1; } myself->status.active = 1; - syslog(LOG_NOTICE, "Ready: listening on port %d.", myself->port); - + syslog(LOG_NOTICE, _("Ready: listening on port %d"), myself->port); +cp return 0; } +RETSIGTYPE +sigalrm_handler(int a) +{ + config_t const *cfg; +cp + cfg = get_config_val(upstreamip); + + if(!setup_outgoing_connection(cfg->data.ip->ip)) + { + signal(SIGALRM, SIG_IGN); + } + else + { + signal(SIGALRM, sigalrm_handler); + seconds_till_retry += 5; + if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */ + seconds_till_retry = 300; + alarm(seconds_till_retry); + syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"), + seconds_till_retry); + } +cp +} + /* setup all initial network connections */ int setup_network_connections(void) { config_t const *cfg; - +cp if((cfg = get_config_val(pingtimeout)) == NULL) - timeout = 10; + timeout = 5; else timeout = cfg->data.val; @@ -566,32 +657,14 @@ int setup_network_connections(void) return 0; if(setup_outgoing_connection(cfg->data.ip->ip)) - return -1; - - return 0; -} - -RETSIGTYPE -sigalrm_handler(int a) -{ - config_t const *cfg; - static int seconds_till_retry; - - cfg = get_config_val(upstreamip); - - if(!setup_outgoing_connection(cfg->data.ip->ip)) - { - signal(SIGALRM, SIG_IGN); - seconds_till_retry = 5; - } - else { signal(SIGALRM, sigalrm_handler); - seconds_till_retry += 5; + seconds_till_retry = 300; alarm(seconds_till_retry); - syslog(LOG_ERR, "Still failed to connect to other. Will retry in %d seconds.", - seconds_till_retry); + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes")); } +cp + return 0; } /* @@ -600,7 +673,7 @@ sigalrm_handler(int a) void close_network_connections(void) { conn_list_t *p; - +cp for(p = conn_list; p != NULL; p = p->next) { if(p->status.dataopen) @@ -626,7 +699,8 @@ void close_network_connections(void) close(tap_fd); destroy_conn_list(); - syslog(LOG_NOTICE, "Terminating."); + syslog(LOG_NOTICE, _("Terminating")); +cp return; } @@ -637,14 +711,14 @@ int setup_vpn_connection(conn_list_t *cl) { int nfd, flags; struct sockaddr_in a; - - if(debug_lvl > 1) - syslog(LOG_DEBUG, "Opening UDP socket to " IP_ADDR_S, IP_ADDR_V(cl->real_ip)); +cp + if(debug_lvl > 0) + syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname); nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if(nfd == -1) { - syslog(LOG_ERR, "Creating data socket failed: %m"); + syslog(LOG_ERR, _("Creating UDP socket failed: %m")); return -1; } @@ -654,21 +728,21 @@ int setup_vpn_connection(conn_list_t *cl) if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1) { - syslog(LOG_ERR, "Create connection to %08lx:%d failed: %m", ntohs(cl->real_ip), - cl->port); + syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"), + cl->hostname, cl->port); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, "This is a bug: %s:%d: %d:%m", __FILE__, __LINE__, nfd); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, nfd); return -1; } cl->socket = nfd; cl->status.dataopen = 1; - +cp return 0; } @@ -681,28 +755,32 @@ conn_list_t *create_new_connection(int sfd) conn_list_t *p; struct sockaddr_in ci; int len = sizeof(ci); - +cp p = new_conn_list(); if(getpeername(sfd, &ci, &len) < 0) { - syslog(LOG_ERR, "Error: getpeername: %m"); + syslog(LOG_ERR, _("Error: getpeername: %m")); return NULL; } - p->hostname = hostlookup(ci.sin_addr.s_addr); p->real_ip = ntohl(ci.sin_addr.s_addr); + p->hostname = hostlookup(ci.sin_addr.s_addr); p->meta_socket = sfd; p->status.meta = 1; - - syslog(LOG_NOTICE, "Connection from %s:%d", p->hostname, htons(ci.sin_port)); + p->buflen = 0; + p->last_ping_time = time(NULL); + p->want_ping = 0; + + syslog(LOG_NOTICE, _("Connection from %s port %d"), + p->hostname, htons(ci.sin_port)); if(send_basic_info(p) < 0) { free(p); return NULL; } - +cp return p; } @@ -712,7 +790,7 @@ conn_list_t *create_new_connection(int sfd) void build_fdset(fd_set *fs) { conn_list_t *p; - +cp FD_ZERO(fs); for(p = conn_list; p != NULL; p = p->next) @@ -726,6 +804,7 @@ void build_fdset(fd_set *fs) FD_SET(myself->meta_socket, fs); FD_SET(myself->socket, fs); FD_SET(tap_fd, fs); +cp } /* @@ -739,15 +818,15 @@ int handle_incoming_vpn_data(conn_list_t *cl) int lenin; int x, l = sizeof(x); conn_list_t *f; - +cp if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, "This is a bug: %s:%d: %d:%m", __FILE__, __LINE__, cl->socket); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->socket); return -1; } if(x) { - syslog(LOG_ERR, "Incoming data socket error: %s", sys_errlist[x]); + syslog(LOG_ERR, _("Incoming data socket error: %s"), sys_errlist[x]); return -1; } @@ -755,20 +834,22 @@ int handle_incoming_vpn_data(conn_list_t *cl) lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL); if(lenin <= 0) { - syslog(LOG_ERR, "Receiving data failed: %m"); + syslog(LOG_ERR, _("Receiving packet from %s failed: %m"), cl->hostname); return -1; } total_socket_in += lenin; + + rp.data.len = ntohs(rp.data.len); + rp.len = ntohs(rp.len); + rp.from = ntohl(rp.from); + if(rp.len >= 0) { f = lookup_conn(rp.from); - if(debug_lvl > 2) - syslog(LOG_DEBUG, "packet from " IP_ADDR_S " (len %d)", - IP_ADDR_V(rp.from), rp.len); if(!f) { - syslog(LOG_ERR, "Got packet from unknown source " IP_ADDR_S, - IP_ADDR_V(rp.from)); + syslog(LOG_ERR, _("Got packet from " IP_ADDR_S " (%s) with unknown origin " IP_ADDR_S "?"), + IP_ADDR_V(cl->vpn_ip), cl->hostname, IP_ADDR_V(rp.from)); return -1; } @@ -784,7 +865,7 @@ int handle_incoming_vpn_data(conn_list_t *cl) if(my_key_expiry <= time(NULL)) regenerate_keys(); } - +cp return 0; } @@ -794,11 +875,15 @@ int handle_incoming_vpn_data(conn_list_t *cl) */ void terminate_connection(conn_list_t *cl) { + conn_list_t *p, *q; + +cp if(cl->status.remove) return; if(debug_lvl > 0) - syslog(LOG_NOTICE, "Closing connection with %s.", cl->hostname); + syslog(LOG_NOTICE, _("Closing connection with " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); if(cl->status.timeout) send_timeout(cl); @@ -811,64 +896,78 @@ void terminate_connection(conn_list_t *cl) if(cl->status.outgoing) { - alarm(5); signal(SIGALRM, sigalrm_handler); - syslog(LOG_NOTICE, "Try to re-establish outgoing connection in 5 seconds."); + seconds_till_retry = 5; + alarm(seconds_till_retry); + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds")); } + cl->status.active = 0; cl->status.remove = 1; -} - -/* - send out a ping request to all active - connections -*/ -int send_broadcast_ping(void) -{ - conn_list_t *p; +cp + /* Find all connections that were lost because they were behind cl + (the connection that was dropped). */ for(p = conn_list; p != NULL; p = p->next) - { - if(p->status.remove) - continue; - if(p->status.active && p->status.meta) - { - if(send_ping(p)) - terminate_connection(p); - else - { - p->status.pinged = 1; - p->status.got_pong = 0; - } - } - } + if(p->nexthop == cl) + { + p->status.active = 0; + p->status.remove = 1; + } - last_ping_time = time(NULL); +cp + /* Then send a notification about all these connections to all hosts + that are still connected to us. */ + for(p = conn_list; p != NULL; p = p->next) + if(!p->status.remove && p->status.meta) + for(q = conn_list; q != NULL; q = q->next) + if(q->status.remove) + send_del_host(p, q); - return 0; +cp } /* - end all connections that did not respond - to the ping probe in time + Check if the other end is active. + If we have sent packets, but didn't receive any, + then possibly the other end is dead. We send a + PING request over the meta connection. If the other + end does not reply in time, we consider them dead + and close the connection. */ int check_dead_connections(void) { conn_list_t *p; - + time_t now; +cp + now = time(NULL); for(p = conn_list; p != NULL; p = p->next) { if(p->status.remove) continue; - if(p->status.active && p->status.meta && p->status.pinged && !p->status.got_pong) + if(p->status.active && p->status.meta) { - syslog(LOG_INFO, "%s (" IP_ADDR_S ") didn't respond to ping", - p->hostname, IP_ADDR_V(p->vpn_ip)); - p->status.timeout = 1; - terminate_connection(p); + if(p->last_ping_time + timeout < now) + { + if(p->status.pinged && !p->status.got_pong) + { + if(debug_lvl > 1) + syslog(LOG_INFO, _(IP_ADDR_S " (%s) didn't respond to ping"), + IP_ADDR_V(p->vpn_ip), p->hostname); + p->status.timeout = 1; + terminate_connection(p); + } + else if(p->want_ping) + { + send_ping(p); + p->last_ping_time = now; + p->status.pinged = 1; + p->status.got_pong = 0; + } + } } } - +cp return 0; } @@ -880,11 +979,11 @@ int handle_new_meta_connection(conn_list_t *cl) { conn_list_t *ncn; struct sockaddr client; - int nfd, len = sizeof(struct sockaddr); - + int nfd, len = sizeof(client); +cp if((nfd = accept(cl->meta_socket, &client, &len)) < 0) { - syslog(LOG_ERR, "Accepting a new connection failed: %m"); + syslog(LOG_ERR, _("Accepting a new connection failed: %m")); return -1; } @@ -892,14 +991,14 @@ int handle_new_meta_connection(conn_list_t *cl) { shutdown(nfd, 2); close(nfd); - syslog(LOG_NOTICE, "Closed attempted connection."); + syslog(LOG_NOTICE, _("Closed attempted connection")); return 0; } ncn->status.meta = 1; ncn->next = conn_list; conn_list = ncn; - +cp return 0; } @@ -908,38 +1007,93 @@ int handle_new_meta_connection(conn_list_t *cl) */ int handle_incoming_meta_data(conn_list_t *cl) { - int x, l = sizeof(x), lenin; - unsigned char tmp[1600]; - int request; - + int x, l = sizeof(x); + int request, oldlen, i; + int lenin = 0; +cp if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, "This is a bug: %s:%d: %d:%m", __FILE__, __LINE__, cl->meta_socket); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->meta_socket); return -1; } if(x) { - syslog(LOG_ERR, "Metadata socket error: %s", sys_errlist[x]); + syslog(LOG_ERR, _("Metadata socket error: %s"), sys_errlist[x]); return -1; } - if((lenin = recv(cl->meta_socket, &tmp, sizeof(tmp), 0)) <= 0) + if(cl->buflen >= MAXBUFSIZE) { - syslog(LOG_ERR, "Receive failed: %m"); + syslog(LOG_ERR, _("Metadata read buffer overflow!")); return -1; } - request = (int)(tmp[0]); - - if(debug_lvl > 3) - syslog(LOG_DEBUG, "got request %d", request); + lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen); - if(request_handlers[request] == NULL) - syslog(LOG_ERR, "Unknown request %d.", request); - else - if(request_handlers[request](cl, tmp, lenin) < 0) + if(lenin<=0) + { + syslog(LOG_ERR, _("Metadata socket read error: %m")); return -1; - + } + + oldlen = cl->buflen; + cl->buflen += lenin; + + for(;;) + { + cl->reqlen = 0; + + for(i = oldlen; i < cl->buflen; i++) + { + if(cl->buffer[i] == '\n') + { + cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */ + cl->reqlen = i + 1; + break; + } + } + + if(cl->reqlen) + { + if(debug_lvl > 2) + syslog(LOG_DEBUG, _("Got request from " IP_ADDR_S " (%s): %s"), + IP_ADDR_V(cl->vpn_ip), cl->hostname, cl->buffer); + if(sscanf(cl->buffer, "%d", &request) == 1) + { + if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) + { + syslog(LOG_ERR, _("Unknown request from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); + return -1; + } + + if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ + { + syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); + return -1; + } + } + else + { + syslog(LOG_ERR, _("Bogus data received from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); + return -1; + } + + cl->buflen -= cl->reqlen; + memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen); + oldlen = 0; + } + else + { + break; + } + } + + cl->last_ping_time = time(NULL); + cl->want_ping = 0; +cp return 0; } @@ -951,13 +1105,13 @@ void check_network_activity(fd_set *f) { conn_list_t *p; int x, l = sizeof(x); - +cp for(p = conn_list; p != NULL; p = p->next) { if(p->status.remove) continue; -cp - if(p->status.active) + + if(p->status.dataopen) if(FD_ISSET(p->socket, f)) { /* @@ -967,11 +1121,11 @@ cp I've once got here when it said `No route to host'. */ getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l); - syslog(LOG_ERR, "Outgoing data socket error: %s", sys_errlist[x]); + syslog(LOG_ERR, _("Outgoing data socket error: %s"), sys_errlist[x]); terminate_connection(p); return; } -cp + if(p->status.meta) if(FD_ISSET(p->meta_socket, f)) if(handle_incoming_meta_data(p) < 0) @@ -979,13 +1133,11 @@ cp terminate_connection(p); return; } -cp } -cp if(FD_ISSET(myself->socket, f)) handle_incoming_vpn_data(myself); -cp + if(FD_ISSET(myself->meta_socket, f)) handle_new_meta_connection(myself); cp @@ -1000,11 +1152,11 @@ void handle_tap_input(void) vpn_packet_t vp; ip_t from, to; int ether_type, lenin; - +cp memset(&vp, 0, sizeof(vp)); if((lenin = read(tap_fd, &vp, MTU)) <= 0) { - syslog(LOG_ERR, "Error while reading from tapdevice: %m"); + syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); return; } @@ -1013,83 +1165,71 @@ void handle_tap_input(void) ether_type = ntohs(*((unsigned short*)(&vp.data[12]))); if(ether_type != 0x0800) { - if(debug_lvl > 0) - syslog(LOG_INFO, "Non-IP ethernet frame %04x from " MAC_ADDR_S, + if(debug_lvl > 3) + syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S), ether_type, MAC_ADDR_V(vp.data[6])); return; } if(lenin < 32) { - if(debug_lvl > 0) - syslog(LOG_INFO, "Dropping short packet"); + if(debug_lvl > 3) + syslog(LOG_INFO, _("Dropping short packet")); return; } from = ntohl(*((unsigned long*)(&vp.data[26]))); to = ntohl(*((unsigned long*)(&vp.data[30]))); - if(debug_lvl > 2) - syslog(LOG_DEBUG, "An IP packet (%04x) for " IP_ADDR_S " from " IP_ADDR_S, - ether_type, IP_ADDR_V(to), IP_ADDR_V(from)); - if(debug_lvl > 3) - syslog(LOG_DEBUG, MAC_ADDR_S " to " MAC_ADDR_S, - MAC_ADDR_V(vp.data[0]), MAC_ADDR_V(vp.data[6])); - vp.len = (length_t)lenin - 2; -cp + strip_mac_addresses(&vp); -cp + send_packet(to, &vp); cp } /* - this is where it al happens... + this is where it all happens... */ void main_loop(void) { fd_set fset; struct timeval tv; int r; - - last_ping_time = time(NULL); + time_t last_ping_check; +cp + last_ping_check = time(NULL); for(;;) { tv.tv_sec = timeout; tv.tv_usec = 0; -cp prune_conn_list(); -cp build_fdset(&fset); -cp if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) { if(errno == EINTR) /* because of alarm */ continue; - syslog(LOG_ERR, "Error while waiting for input: %m"); + syslog(LOG_ERR, _("Error while waiting for input: %m")); return; } -cp - if(r == 0 || last_ping_time + timeout < time(NULL)) - /* Timeout... hm... something might be wrong. */ + if(last_ping_check + timeout < time(NULL)) + /* Let's check if everybody is still alive */ { check_dead_connections(); - send_broadcast_ping(); + last_ping_check = time(NULL); continue; } -cp check_network_activity(&fset); -cp /* local tap data */ if(FD_ISSET(tap_fd, &fset)) handle_tap_input(); -cp } +cp }