X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=718295349738c9473616c4b0caa03ea32eb65b4f;hp=35d9563ce9b9efb6586927008446c38e70e455e4;hb=1708997bc8ab55122f9de9cc8b81397d3a003ea9;hpb=94497336efc1cc60561575e74d420e9e8e8c657e diff --git a/src/net.c b/src/net.c index 35d9563c..71829534 100644 --- a/src/net.c +++ b/src/net.c @@ -1,7 +1,7 @@ /* net.c -- most of the network code - Copyright (C) 1998-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.140 2001/10/28 08:41:19 guus Exp $ + $Id: net.c,v 1.35.4.153 2002/02/11 14:20:21 guus Exp $ */ #include "config.h" @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -48,6 +49,7 @@ #include #include #include +#include #ifndef HAVE_RAND_PSEUDO_BYTES #define RAND_pseudo_bytes RAND_bytes @@ -66,9 +68,11 @@ #include "process.h" #include "protocol.h" #include "subnet.h" +#include "graph.h" #include "process.h" #include "route.h" #include "device.h" +#include "event.h" #include "system.h" @@ -81,6 +85,13 @@ int udp_socket = -1; int keylifetime = 0; int keyexpires = 0; +int do_prune = 0; +int do_purge = 0; +int sighup = 0; +int sigalrm = 0; + +#define MAX_SEQNO 1073741824 + /* VPN packet I/O */ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) @@ -88,14 +99,46 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t outpkt; int outlen, outpad; EVP_CIPHER_CTX ctx; + char hmac[EVP_MAX_MD_SIZE]; cp + + if(myself->digest && myself->maclength) + { + inpkt->len -= myself->maclength; + HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL); + if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength)) + { + syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); + return; + } + } + /* Decrypt the packet */ - EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len); - EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad); - outlen += outpad; - outpkt.len = outlen - sizeof(outpkt.salt); + if(myself->cipher) + { + EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); + EVP_DecryptUpdate(&ctx, (char *)&outpkt.seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); + EVP_DecryptFinal(&ctx, (char *)&outpkt.seqno + outlen, &outpad); + outlen += outpad; + outpkt.len = outlen - sizeof(outpkt.seqno); + } + else + { + memcpy((char *)&outpkt.seqno, (char *)&inpkt->seqno, inpkt->len); + outpkt.len = inpkt->len - sizeof(outpkt.seqno); + } + + if (ntohl(outpkt.seqno) <= n->received_seqno) + { + syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, ntohl(*(unsigned int *)&outpkt.seqno)); + return; + } + + n->received_seqno = ntohl(outpkt.seqno); + + if(n->received_seqno > MAX_SEQNO) + keyexpires = 0; receive_packet(n, &outpkt); cp @@ -152,18 +195,32 @@ cp /* Encrypt the packet. */ - RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt)); + inpkt->seqno = htonl(++(n->sent_seqno)); + + if(n->cipher) + { + EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); + EVP_EncryptUpdate(&ctx, (char *)&outpkt.seqno, &outlen, (char *)&inpkt->seqno, inpkt->len + sizeof(inpkt->seqno)); + EVP_EncryptFinal(&ctx, (char *)&outpkt.seqno + outlen, &outpad); + outlen += outpad; + } + else + { + memcpy((char *)&outpkt.seqno, (char *)&inpkt->seqno, inpkt->len + sizeof(inpkt->seqno)); + outlen = inpkt->len + sizeof(inpkt->seqno); + } - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); - EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad); - outlen += outpad; + if(n->digest && n->maclength) + { + HMAC(n->digest, n->key, n->keylength, (char *)&outpkt.seqno, outlen, (char *)&outpkt.seqno + outlen, &outpad); + outlen += n->maclength; + } to.sin_family = AF_INET; to.sin_addr.s_addr = htonl(n->address); to.sin_port = htons(n->port); - if((sendto(udp_socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) + if((sendto(udp_socket, (char *)&outpkt.seqno, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), n->name, n->hostname); @@ -177,6 +234,7 @@ cp */ void send_packet(node_t *n, vpn_packet_t *packet) { + node_t *via; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), @@ -191,24 +249,20 @@ cp return; } - - if(!n->status.active) + + if(!n->status.reachable) { if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("%s (%s) is not active, dropping packet"), + syslog(LOG_INFO, _("Node %s (%s) is not reachable"), n->name, n->hostname); - return; } -/* FIXME - if(n->via == myself) - via = n->nexthop; - else - via = n->via; + + via = (n->via == myself)?n->nexthop:n->via; if(via != n && debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), - n->name, via->name, via->hostname); + n->name, via->name, n->via->hostname); if((myself->options | via->options) & OPTION_TCPONLY) { @@ -217,10 +271,9 @@ cp } else send_udppacket(via, packet); -*/ } -/* Broadcast a packet to all active direct connections */ +/* Broadcast a packet using the minimum spanning tree */ void broadcast_packet(node_t *from, vpn_packet_t *packet) { @@ -234,7 +287,7 @@ cp for(node = connection_tree->head; node; node = node->next) { c = (connection_t *)node->data; - if(c->status.active && c != from->nexthop->connection) + if(c->status.active && c->status.mst && c != from->nexthop->connection) send_packet(c->node, packet); } cp @@ -258,14 +311,15 @@ cp /* Setup sockets */ -int setup_listen_socket(int port) +int setup_listen_socket(port_t port) { int nfd, flags; struct sockaddr_in a; int option; + ipv4_t *address; +#ifdef HAVE_LINUX char *interface; - char *address; - ip_mask_t *ipmask; +#endif cp if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { @@ -307,14 +361,10 @@ cp a.sin_addr.s_addr = htonl(INADDR_ANY); a.sin_port = htons(port); - if(get_config_string(lookup_config(config_tree, "BindToAddress"), &address)) + if(get_config_address(lookup_config(config_tree, "BindToAddress"), &address)) { - ipmask = strtoip(address); - if(ipmask) - { - a.sin_addr.s_addr = htonl(ipmask->address); - free(ipmask); - } + a.sin_addr.s_addr = htonl(*address); + free(address); } if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) @@ -335,7 +385,7 @@ cp return nfd; } -int setup_vpn_in_socket(int port) +int setup_vpn_in_socket(port_t port) { int nfd, flags; struct sockaddr_in a; @@ -374,11 +424,29 @@ cp return nfd; } +void retry_outgoing(outgoing_t *outgoing) +{ + event_t *event; +cp + outgoing->timeout += 5; + if(outgoing->timeout > maxtimeout) + outgoing->timeout = maxtimeout; + + event = new_event(); + event->handler = (event_handler_t)setup_outgoing_connection; + event->time = time(NULL) + outgoing->timeout; + event->data = outgoing; + event_add(event); + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); +cp +} + int setup_outgoing_socket(connection_t *c) { int flags; struct sockaddr_in a; - int option; cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); @@ -450,13 +518,25 @@ cp return 0; } -int setup_outgoing_connection(char *name) +void setup_outgoing_connection(outgoing_t *outgoing) { connection_t *c; + node_t *n; struct hostent *h; cp + n = lookup_node(outgoing->name); + + if(n) + if(n->connection) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Already connected to %s"), outgoing->name); + n->connection->outgoing = outgoing; + return; + } + c = new_connection(); - c->name = xstrdup(name); + c->name = xstrdup(outgoing->name); init_configuration(&c->config_tree); read_connection_config(c); @@ -465,21 +545,20 @@ cp { syslog(LOG_ERR, _("No address specified for %s"), c->name); free_connection(c); - return -1; + free(outgoing->name); + free(outgoing); + return; } if(!get_config_port(lookup_config(c->config_tree, "Port"), &c->port)) - { - syslog(LOG_ERR, _("No port specified for %s"), c->name); - free_connection(c); - return -1; - } + c->port = 655; if(!(h = gethostbyname(c->hostname))) { syslog(LOG_ERR, _("Error looking up `%s': %m"), c->hostname); free_connection(c); - return -1; + retry_outgoing(outgoing); + return; } c->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); @@ -489,18 +568,17 @@ cp { syslog(LOG_ERR, _("Could not set up a meta connection to %s (%s)"), c->name, c->hostname); - free_connection(c); - return -1; + retry_outgoing(outgoing); + return; } - c->status.outgoing = 1; + c->outgoing = outgoing; c->last_ping_time = time(NULL); connection_add(c); send_id(c); cp - return 0; } int read_rsa_public_key(connection_t *c) @@ -508,7 +586,6 @@ int read_rsa_public_key(connection_t *c) FILE *fp; char *fname; char *key; - void *result; cp if(!c->rsa_key) c->rsa_key = RSA_new(); @@ -519,6 +596,7 @@ cp { BN_hex2bn(&c->rsa_key->n, key); BN_hex2bn(&c->rsa_key->e, "FFFF"); + free(key); return 0; } @@ -532,11 +610,13 @@ cp { syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), fname); + free(fname); return -1; } - result = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + free(fname); + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); - if(!result) + if(!c->rsa_key) { syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"), fname); @@ -545,24 +625,24 @@ cp return 0; } else - return -1; + { + free(fname); + return -1; + } } /* Else, check if a harnessed public key is in the config file */ - result = NULL; - asprintf(&fname, "%s/hosts/%s", confbase, c->name); if((fp = fopen(fname, "r"))) { - result = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); - free(fname); } free(fname); - if(result) + if(c->rsa_key) return 0; else { @@ -574,38 +654,68 @@ cp int read_rsa_private_key(void) { FILE *fp; - void *result; char *fname, *key; cp - if(!myself->connection->rsa_key) - myself->connection->rsa_key = RSA_new(); - if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { + myself->connection->rsa_key = RSA_new(); BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); + free(key); + return 0; } - else if(get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) + + if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) + asprintf(&fname, "%s/rsa_key.priv", confbase); + + if(is_safe_path(fname)) { if((fp = fopen(fname, "r")) == NULL) { syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), fname); + free(fname); return -1; } - result = PEM_read_RSAPrivateKey(fp, &myself->connection->rsa_key, NULL, NULL); + free(fname); + myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); fclose(fp); - if(!result) + if(!myself->connection->rsa_key) { syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), fname); return -1; } + return 0; + } + + free(fname); + return -1; +} + +int check_rsa_key(RSA *rsa_key) +{ + char *test1, *test2, *test3; +cp + if(rsa_key->p && rsa_key->q) + { + if(RSA_check_key(rsa_key) != 1) + return -1; } else { - syslog(LOG_ERR, _("No private key for tinc daemon specified!")); - return -1; + test1 = xmalloc(RSA_size(rsa_key)); + test2 = xmalloc(RSA_size(rsa_key)); + test3 = xmalloc(RSA_size(rsa_key)); + + if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) + return -1; + + if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) + return -1; + + if(memcmp(test1, test3, RSA_size(rsa_key))) + return -1; } cp return 0; @@ -618,7 +728,7 @@ int setup_myself(void) { config_t *cfg; subnet_t *subnet; - char *name, *mode; + char *name, *mode, *cipher, *digest; int choice; cp myself = new_node(); @@ -661,13 +771,12 @@ cp return -1; cp -/* - if(RSA_check_key(rsa_key) != 1) + if(check_rsa_key(myself->connection->rsa_key)) { syslog(LOG_ERR, _("Invalid public/private keypair!")); return -1; } -*/ + if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->port)) myself->port = 655; @@ -743,9 +852,28 @@ cp cp /* Generate packet encryption key */ - myself->cipher = EVP_bf_cbc(); + if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) + { + if(!strcasecmp(cipher, "none")) + { + myself->cipher = NULL; + } + else + { + if(!(myself->cipher = EVP_get_cipherbyname(cipher))) + { + syslog(LOG_ERR, _("Unrecognized cipher type!")); + return -1; + } + } + } + else + myself->cipher = EVP_bf_cbc(); - myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; + if(myself->cipher) + myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; + else + myself->keylength = 1; myself->key = (char *)xmalloc(myself->keylength); RAND_pseudo_bytes(myself->key, myself->keylength); @@ -754,6 +882,45 @@ cp keylifetime = 3600; keyexpires = time(NULL) + keylifetime; + + /* Check if we want to use message authentication codes... */ + + if(get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest)) + { + if(!strcasecmp(digest, "none")) + { + myself->digest = NULL; + } + else + { + if(!(myself->digest = EVP_get_digestbyname(digest))) + { + syslog(LOG_ERR, _("Unrecognized digest type!")); + return -1; + } + } + } + else + myself->digest = EVP_sha1(); + + if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) + { + if(myself->digest) + { + if(myself->maclength > myself->digest->md_size) + { + syslog(LOG_ERR, _("MAC length exceeds size of digest!")); + return -1; + } + else if (myself->maclength < 0) + { + syslog(LOG_ERR, _("Bogus MAC length!")); + return -1; + } + } + } + else + myself->maclength = 4; cp /* Done */ @@ -762,6 +929,8 @@ cp myself->status.active = 1; node_add(myself); + graph(); + syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); cp return 0; @@ -776,17 +945,18 @@ cp init_connections(); init_subnets(); init_nodes(); - init_vertices(); + init_edges(); + init_events(); - if(get_config_int(lookup_config(config_tree, "PingTimeout"), &timeout)) + if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) { - if(timeout < 1) + if(pingtimeout < 1) { - timeout = 86400; + pingtimeout = 86400; } } else - timeout = 60; + pingtimeout = 60; if(setup_device() < 0) return -1; @@ -797,8 +967,7 @@ cp if(setup_myself() < 0) return -1; - signal(SIGALRM, try_outgoing_connections); - alarm(5); + try_outgoing_connections(); cp return 0; } @@ -815,13 +984,22 @@ cp { next = node->next; c = (connection_t *)node->data; - c->status.outgoing = 0; + if(c->outgoing) + free(c->outgoing->name), free(c->outgoing); terminate_connection(c, 0); } -// terminate_connection(myself, 0); + if(myself && myself->connection) + terminate_connection(myself->connection, 0); -// destroy_trees(); + close(udp_socket); + close(tcp_socket); + + exit_events(); + exit_edges(); + exit_subnets(); + exit_nodes(); + exit_connections(); execute_script("tinc-down"); @@ -852,13 +1030,13 @@ cp c->address = ntohl(ci.sin_addr.s_addr); c->hostname = hostlookup(ci.sin_addr.s_addr); - c->port = htons(ci.sin_port); /* This one will be overwritten later */ + c->port = htons(ci.sin_port); c->socket = sfd; c->last_ping_time = time(NULL); if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection from %s port %d"), - c->hostname, htons(ci.sin_port)); + c->hostname, c->port); c->allow_request = ID; cp @@ -912,7 +1090,7 @@ cp return; } - if((pkt.len = recvfrom(udp_socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) + if((pkt.len = recvfrom(udp_socket, (char *)&pkt.seqno, MAXSIZE, 0, (struct sockaddr *)&from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return; @@ -922,9 +1100,10 @@ cp if(!n) { - syslog(LOG_WARNING, _("Received UDP packets on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + syslog(LOG_WARNING, _("Received UDP packet on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); return; } + /* if(n->connection) n->connection->last_ping_time = time(NULL); @@ -933,17 +1112,123 @@ cp cp } +/* Purge edges and subnets of unreachable nodes. Use carefully. */ + +void purge(void) +{ + avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext, *cnode; + node_t *n; + edge_t *e; + subnet_t *s; + connection_t *c; +cp + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_DEBUG, _("Purging unreachable nodes")); + + for(nnode = node_tree->head; nnode; nnode = nnext) + { + nnext = nnode->next; + n = (node_t *)nnode->data; + + if(!n->status.reachable) + { + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, _("Purging node %s (%s)"), n->name, n->hostname); + + for(snode = n->subnet_tree->head; snode; snode = snext) + { + snext = snode->next; + s = (subnet_t *)snode->data; + + for(cnode = connection_tree->head; cnode; cnode = cnode->next) + { + c = (connection_t *)cnode->data; + if(c->status.active) + send_del_subnet(c, s); + } + + subnet_del(n, s); + } + + for(enode = n->edge_tree->head; enode; enode = enext) + { + enext = enode->next; + e = (edge_t *)enode->data; + + for(cnode = connection_tree->head; cnode; cnode = cnode->next) + { + c = (connection_t *)cnode->data; + if(c->status.active) + send_del_edge(c, e); + } + + edge_del(e); + } + + node_del(n); + } + } +cp +} + /* Terminate a connection: - - Close the sockets - - Remove associated hosts and subnets + - Close the socket + - Remove associated edge and tell other connections about it if report = 1 + - Check if we need to retry making an outgoing connection - Deactivate the host - - Since it might still be referenced, put it on the prune list. - - If report == 1, then send DEL_HOST messages to the other tinc daemons. */ void terminate_connection(connection_t *c, int report) { - /* Needs a serious rewrite. */ + avl_node_t *node; + connection_t *other; +cp + if(c->status.remove) + return; + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), + c->name, c->hostname); + + c->status.remove = 1; + + if(c->socket) + close(c->socket); + + if(c->edge) + { + if(report) + { + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_del_edge(other, c->edge); + } + } + + edge_del(c->edge); + } + + /* Run MST and SSSP algorithms */ + + graph(); + + /* Check if this was our outgoing connection */ + + if(c->outgoing) + { + retry_outgoing(c->outgoing); + c->outgoing = NULL; + } + + /* Deactivate */ + + c->status.active = 0; + if(c->node) + c->node->connection = NULL; + do_prune = 1; +cp } /* @@ -966,7 +1251,7 @@ cp { next = node->next; c = (connection_t *)node->data; - if(c->last_ping_time + timeout < now) + if(c->last_ping_time + pingtimeout < now) { if(c->status.active) { @@ -1026,65 +1311,27 @@ cp return 0; } -void randomized_alarm(int seconds) -{ - unsigned char r; - RAND_pseudo_bytes(&r, 1); - alarm((seconds * (int)r) / 128 + 1); -} - -/* This function is severely fucked up. - We want to redesign it so the following rules apply: - - - Try all ConnectTo's in a row: - - if a connect() fails, try next one immediately, - - if it works, wait 5 seconds or so. - - If none of them were succesful, increase delay and retry. - - If all were succesful, don't try anymore. -*/ - -RETSIGTYPE -try_outgoing_connections(int a) +void try_outgoing_connections(void) { static config_t *cfg = NULL; - static int retry = 0; char *name; + outgoing_t *outgoing; cp - if(!cfg) - cfg = lookup_config(config_tree, "ConnectTo"); - - if(!cfg) - return; - - while(cfg) + for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) { get_config_string(cfg, &name); - cfg = lookup_config_next(config_tree, cfg); /* Next time skip to next ConnectTo line */ - - if(!setup_outgoing_connection(name)) /* function returns 0 when there are no problems */ - retry = 1; - - } - get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout); - - if(retry) - { - seconds_till_retry += 5; - if(seconds_till_retry > maxtimeout) /* Don't wait more than MAXTIMEOUT seconds. */ - seconds_till_retry = maxtimeout; + if(check_id(name)) + { + syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); + free(name); + continue; + } - syslog(LOG_ERR, _("Failed to setup all outgoing connections, will retry in %d seconds"), - seconds_till_retry); - - /* Randomize timeout to avoid global synchronisation effects */ - randomized_alarm(seconds_till_retry); + outgoing = xmalloc_and_zero(sizeof(*outgoing)); + outgoing->name = name; + setup_outgoing_connection(outgoing); } - else - { - seconds_till_retry = 5; - } -cp } /* @@ -1119,6 +1366,25 @@ cp cp } +void prune_connections(void) +{ + connection_t *c; + avl_node_t *node, *next; +cp + for(node = connection_tree->head; node; node = next) + { + next = node->next; + c = (connection_t *)node->data; + + if(c->status.remove) + connection_del(c); + } + + if(!connection_tree->head) + purge(); +cp +} + /* this is where it all happens... */ @@ -1129,20 +1395,29 @@ void main_loop(void) int r; time_t last_ping_check; int t; + event_t *event; vpn_packet_t packet; cp last_ping_check = time(NULL); + srand(time(NULL)); + for(;;) { - tv.tv_sec = timeout; + tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ tv.tv_usec = 0; + if(do_prune) + { + prune_connections(); + do_prune = 0; + } + build_fdset(&fset); if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) { - if(errno != EINTR) /* because of alarm */ + if(errno != EINTR) /* because of a signal */ { syslog(LOG_ERR, _("Error while waiting for input: %m")); return; @@ -1170,11 +1445,17 @@ cp continue; } + if(do_purge) + { + purge(); + do_purge = 0; + } + t = time(NULL); /* Let's check if everybody is still alive */ - if(last_ping_check + timeout < t) + if(last_ping_check + pingtimeout < t) { check_dead_connections(); last_ping_check = time(NULL); @@ -1192,6 +1473,25 @@ cp } } + if(sigalrm) + { + syslog(LOG_INFO, _("Flushing event queue")); + + while(event_tree->head) + { + event = (event_t *)event_tree->head->data; + event->handler(event->data); + event_del(event); + } + sigalrm = 0; + } + + while((event = get_expired_event())) + { + event->handler(event->data); + free(event); + } + if(r > 0) { check_network_activity(&fset); @@ -1199,9 +1499,7 @@ cp /* local tap data */ if(FD_ISSET(device_fd, &fset)) { - if(read_packet(&packet)) - return; - else + if(!read_packet(&packet)) route_outgoing(&packet); } }