X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=32c66e8781054fdf07edaae72c28889eaad833b9;hp=47c185d4485e60db8ce000c6741389bc56cd3c76;hb=3b9802a542f1fa439321d3386763ec33989194b5;hpb=56d8e862409ae91c63a27968b01a48a94aafb205 diff --git a/src/net.c b/src/net.c index 47c185d4..32c66e87 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.44 2000/10/22 13:37:15 zarq Exp $ + $Id: net.c,v 1.35.4.51 2000/10/29 00:46:43 guus Exp $ */ #include "config.h" @@ -38,6 +38,7 @@ #include #include #include +#include #ifdef HAVE_TUNTAP #include LINUX_IF_TUN_H @@ -52,21 +53,25 @@ #include "netutl.h" #include "protocol.h" #include "meta.h" +#include "connlist.h" +#include "subnet.h" #include "system.h" int tap_fd = -1; -int taptype = 0; +int taptype = TAP_TYPE_ETHERTAP; int total_tap_in = 0; int total_tap_out = 0; int total_socket_in = 0; int total_socket_out = 0; -int upstreamindex = 0; +config_t *upstreamcfg; static int seconds_till_retry; char *unknown = NULL; +subnet_t mymac; + /* strip off the MAC adresses of an ethernet frame */ @@ -99,10 +104,16 @@ int xsend(conn_list_t *cl, vpn_packet_t *inpkt) int outlen, outpad; cp outpkt.len = inpkt->len; +/* EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL); EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad); - outlen += outpad; + outlen += outpad + 2; + + Do encryption when everything else is fixed... +*/ + outlen = outpkt.len + 2; + memcpy(&outpkt, inpkt, outlen); if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), @@ -112,7 +123,7 @@ cp cl->want_ping = 1; - if((send(cl->socket, (char *) &(outpkt.len), outlen + 2, 0)) < 0) + if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); @@ -127,23 +138,36 @@ int xrecv(vpn_packet_t *inpkt) vpn_packet_t outpkt; int outlen, outpad; cp - if(debug_lvl > DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Receiving packet of %d bytes"), - inpkt->len); - outpkt.len = inpkt->len; +/* EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); - /* FIXME: grok DecryptFinal EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad); - */ - - add_mac_addresses(&outpkt); + outlen += outpad; - if(write(tap_fd, outpkt.data, outpkt.len) < 0) - syslog(LOG_ERR, _("Can't write to tap device: %m")); - else - total_tap_out += outpkt.len; + Do decryption is everything else is fixed... +*/ + outlen = outpkt.len+2; + memcpy(&outpkt, inpkt, outlen); + + /* Fix mac address */ + + memcpy(outpkt.data, mymac.net.mac.address.x, 6); + + if(taptype == TAP_TYPE_TUNTAP) + { + if(write(tap_fd, outpkt.data, outpkt.len) < 0) + syslog(LOG_ERR, _("Can't write to tun/tap device: %m")); + else + total_tap_out += outpkt.len; + } + else /* ethertap */ + { + if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0) + syslog(LOG_ERR, _("Can't write to ethertap device: %m")); + else + total_tap_out += outpkt.len + 2; + } cp return 0; } @@ -277,8 +301,9 @@ cp int send_packet(ip_t to, vpn_packet_t *packet) { conn_list_t *cl; + subnet_t *subnet; cp - if((cl = lookup_conn_list_ipv4(to)) == NULL) + if((subnet = lookup_subnet_ipv4(to)) == NULL) { if(debug_lvl >= DEBUG_TRAFFIC) { @@ -288,6 +313,8 @@ cp return -1; } + + cl = subnet->owner; /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ @@ -303,10 +330,12 @@ cp if(!cl->status.validkey) { +/* Don't queue until everything else is fixed. if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); +*/ if(!cl->status.waitingforkey) send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */ return 0; @@ -314,10 +343,12 @@ cp if(!cl->status.active) { +/* Don't queue until everything else is fixed. if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); +*/ return 0; /* We don't want to mess up, do we? */ } @@ -355,7 +386,16 @@ cp cp tap_fd = nfd; - taptype = 0; + /* Set default MAC address for ethertap devices */ + + taptype = TAP_TYPE_ETHERTAP; + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; #ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ @@ -368,12 +408,7 @@ cp if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) { syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); - taptype = 1; - - if((cfg = get_config_val(config, tapsubnet)) == NULL) - syslog(LOG_INFO, _("tun/tap device will be left unconfigured")); - else - /* Setup inetaddr/netmask etc */; + taptype = TAP_TYPE_TUNTAP; } #endif @@ -438,7 +473,7 @@ cp a.sin_port = htons(port); if((cfg = get_config_val(config, interfaceip))) - a.sin_addr.s_addr = htonl(cfg->data.ip->ip); + a.sin_addr.s_addr = htonl(cfg->data.ip->address); else a.sin_addr.s_addr = htonl(INADDR_ANY); @@ -620,11 +655,12 @@ cp } /* - set up the local sockets (listen only) + Configure conn_list_t myself and set up the local sockets (listen only) */ int setup_myself(void) { config_t const *cfg; + subnet_t *net; cp myself = new_conn_list(); @@ -693,6 +729,26 @@ cp if(cfg->data.val == stupid_true) myself->flags |= TCPONLY; +/* Read in all the subnets specified in the host configuration file */ + + for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next) + { + net = new_subnet(); + net->type = SUBNET_IPV4; + net->net.ipv4.address = cfg->data.ip->address; + net->net.ipv4.mask = cfg->data.ip->mask; + + /* Teach newbies what subnets are... */ + + if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address) + { + syslog(LOG_ERR, _("Network address and subnet mask do not match!")); + return -1; + } + + subnet_add(myself, net); + } + if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening socket!")); @@ -718,24 +774,25 @@ sigalrm_handler(int a) { config_t const *cfg; cp - cfg = get_next_config_val(config, connectto, upstreamindex++); + cfg = get_config_val(upstreamcfg, connectto); - if(!upstreamindex && !cfg) + if(!cfg && upstreamcfg == config) /* No upstream IP given, we're listen only. */ return; while(cfg) { + upstreamcfg = cfg->next; if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ { signal(SIGALRM, SIG_IGN); return; } - cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */ + cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); - upstreamindex = 0; + upstreamcfg = config; seconds_till_retry += 5; if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */ seconds_till_retry = MAXTIMEOUT; @@ -781,19 +838,20 @@ cp free(scriptname); - if((cfg = get_next_config_val(config, connectto, upstreamindex++)) == NULL) + if(!(cfg = get_config_val(config, connectto))) /* No upstream IP given, we're listen only. */ return 0; while(cfg) { + upstreamcfg = cfg->next; if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ return 0; - cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */ + cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); - upstreamindex = 0; + upstreamcfg = config; seconds_till_retry = MAXTIMEOUT; syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); alarm(seconds_till_retry); @@ -818,7 +876,6 @@ cp } if(p->status.meta) { - send_termreq(p); shutdown(p->meta_socket, 0); /* No more receptions */ close(p->meta_socket); } @@ -966,8 +1023,9 @@ cp int handle_incoming_vpn_data() { vpn_packet_t pkt; - int lenin; int x, l = sizeof(x); + struct sockaddr from; + socklen_t fromlen = sizeof(from); cp if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { @@ -981,12 +1039,18 @@ cp return -1; } - if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, NULL, NULL) <= 0) + if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return -1; } - +/* + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len, + from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]); + } +*/ cp return xrecv(&pkt); } @@ -998,10 +1062,14 @@ cp void terminate_connection(conn_list_t *cl) { conn_list_t *p; - + subnet_t *s; cp if(cl->status.remove) - return; + { + return; + } + + cl->status.remove = 1; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), @@ -1012,36 +1080,33 @@ cp if(cl->status.meta) close(cl->meta_socket); - cl->status.remove = 1; - - /* If this cl isn't active, don't send any DEL_HOSTs. */ - -/* FIXME: reprogram this. - if(cl->status.active) - notify_others(cl,NULL,send_del_host); -*/ - cp /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ + if(cl->status.meta) for(p = conn_list; p != NULL; p = p->next) - { - if((p->nexthop == cl) && (p != cl)) - { - if(cl->status.active && p->status.active) -/* FIXME: reprogram this - notify_others(p,cl,send_del_host); -*/; - if(cl->socket) - close(cl->socket); - p->status.active = 0; - p->status.remove = 1; - } - } - + if((p->nexthop == cl) && (p != cl)) + terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */ + + /* Inform others of termination if it was still active */ + + if(cl->status.active) + for(p = conn_list; p != NULL; p = p->next) + if(p->status.meta && p->status.active && p!=cl) + send_del_host(p, cl); + + /* Remove the associated subnets */ + + for(s = cl->subnets; s; s = s->next) + subnet_del(s); + + /* Inactivate */ + cl->status.active = 0; - + + /* Check if this was our outgoing connection */ + if(cl->status.outgoing) { signal(SIGALRM, sigalrm_handler); @@ -1068,8 +1133,6 @@ cp now = time(NULL); for(p = conn_list; p != NULL; p = p->next) { - if(p->status.remove) - continue; if(p->status.active && p->status.meta) { if(p->last_ping_time + timeout < now) @@ -1120,9 +1183,7 @@ cp return 0; } - ncn->status.meta = 1; - ncn->next = conn_list; - conn_list = ncn; + conn_list_add(ncn); cp return 0; } @@ -1181,25 +1242,22 @@ cp void handle_tap_input(void) { vpn_packet_t vp; - ip_t from, to; - int ether_type, lenin; + int lenin; cp - memset(&vp, 0, sizeof(vp)); - - if(taptype = 1) + if(taptype == TAP_TYPE_TUNTAP) { if((lenin = read(tap_fd, vp.data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); + syslog(LOG_ERR, _("Error while reading from tun/tap device: %m")); return; } vp.len = lenin; } - else + else /* ethertap */ { - if((lenin = read(tap_fd, &vp, MTU)) <= 0) + if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); + syslog(LOG_ERR, _("Error while reading from ethertap device: %m")); return; } vp.len = lenin - 2; @@ -1207,25 +1265,19 @@ cp total_tap_in += lenin; - ether_type = ntohs(*((unsigned short*)(&vp.data[12]))); - if(ether_type != 0x0800) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6])); - return; - } - if(lenin < 32) { if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6])); + syslog(LOG_WARNING, _("Received short packet from tap device")); return; } - from = ntohl(*((unsigned long*)(&vp.data[26]))); - to = ntohl(*((unsigned long*)(&vp.data[30]))); + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len); + } - send_packet(to, &vp); + send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp); cp }