X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=c16a261b4da01fba0cb5c11443dcde22e2126da3;hp=e62bb8dc122b519097a0d1cac913fff312d31aec;hb=da9a1e8084a9b73306bdbc541ee8af938c3e7754;hpb=cea3d8f3056d3c6aaaef473443240b8470c8ea2d diff --git a/src/net.c b/src/net.c index e62bb8dc..c16a261b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,31 +17,47 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.54 2000/10/29 10:39:06 guus Exp $ + $Id: net.c,v 1.35.4.80 2000/11/20 23:29:46 guus Exp $ */ #include "config.h" -#include #include #include -#include -#include #include #include #include #include #include #include -#include #include #include #include #include #include -#include -#include -#include +/* SunOS really wants sys/socket.h BEFORE net/if.h, + and FreeBSD wants these lines below the rest. */ +#include +#include +#include + +#ifdef HAVE_OPENSSL_RAND_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_EVP_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_ERR_H +# include +#else +# include +#endif #ifdef HAVE_TUNTAP #include LINUX_IF_TUN_H @@ -51,11 +67,13 @@ #include #include "conf.h" +#include "connection.h" +#include "list.h" +#include "meta.h" #include "net.h" #include "netutl.h" +#include "process.h" #include "protocol.h" -#include "meta.h" -#include "connlist.h" #include "subnet.h" #include "system.h" @@ -77,33 +95,7 @@ char *unknown = NULL; subnet_t mymac; -/* - strip off the MAC adresses of an ethernet frame -*/ -void strip_mac_addresses(vpn_packet_t *p) -{ -cp - memmove(p->data, p->data + 12, p->len -= 12); -cp -} - -/* - reassemble MAC addresses -*/ -void add_mac_addresses(vpn_packet_t *p) -{ -cp - memcpy(p->data + 12, p->data, p->len); - p->len += 12; - p->data[0] = p->data[6] = 0xfe; - p->data[1] = p->data[7] = 0xfd; - /* Really evil pointer stuff just below! */ - *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address)); - *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26])); -cp -} - -int xsend(conn_list_t *cl, vpn_packet_t *inpkt) +int xsend(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; @@ -111,7 +103,9 @@ int xsend(conn_list_t *cl, vpn_packet_t *inpkt) cp outpkt.len = inpkt->len; - EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey); + /* Encrypt the packet */ + + EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad + 2; @@ -127,8 +121,6 @@ cp total_socket_out += outlen; - cl->want_ping = 1; - if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), @@ -139,15 +131,18 @@ cp return 0; } -int xrecv(vpn_packet_t *inpkt) +int xrecv(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; EVP_CIPHER_CTX ctx; cp outpkt.len = inpkt->len; - EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); - EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); + + /* Decrypt the packet */ + + EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len); + EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8); EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad; @@ -156,6 +151,10 @@ cp memcpy(&outpkt, inpkt, outlen); */ + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"), + outpkt.len, outlen); + /* Fix mac address */ memcpy(outpkt.data, mymac.net.mac.address.x, 6); @@ -255,8 +254,8 @@ cp each packet, and removing it when that returned a zero exit code */ -void flush_queue(conn_list_t *cl, packet_queue_t **pq, - int (*function)(conn_list_t*,void*)) +void flush_queue(connection_t *cl, packet_queue_t **pq, + int (*function)(connection_t*,vpn_packet_t*)) { queue_element_t *p, *next = NULL; cp @@ -280,7 +279,7 @@ cp void because nothing goes wrong here, packets remain in the queue if something goes wrong */ -void flush_queues(conn_list_t *cl) +void flush_queues(connection_t *cl) { cp if(cl->sq) @@ -306,7 +305,7 @@ cp */ int send_packet(ip_t to, vpn_packet_t *packet) { - conn_list_t *cl; + connection_t *cl; subnet_t *subnet; cp if((subnet = lookup_subnet_ipv4(to)) == NULL) @@ -318,14 +317,27 @@ cp } return -1; - } + } cl = subnet->owner; + if(cl == myself) + { + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"), + IP_ADDR_V(to)); + } + + return -1; + } + /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ + /* Connections are now opened beforehand... + if(!cl->status.dataopen) if(setup_vpn_connection(cl) < 0) { @@ -333,6 +345,7 @@ cp cl->name, cl->hostname); return -1; } + */ if(!cl->status.validkey) { @@ -371,11 +384,12 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; - char *envvar; +#ifdef HAVE_TUNTAP struct ifreq ifr; +#endif cp - if((cfg = get_config_val(config, tapdevice))) + if((cfg = get_config_val(config, config_tapdevice))) tapfname = cfg->data.ptr; else #ifdef HAVE_TUNTAP @@ -412,19 +426,11 @@ cp strncpy(ifr.ifr_name, netname, IFNAMSIZ); cp if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) - { + { syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); taptype = TAP_TYPE_TUNTAP; } #endif - - /* Add name of network interface to environment (for scripts) */ - - ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr); - asprintf(&envvar, "IFNAME=%s", ifr.ifr_name); - putenv(envvar); - free(envvar); - cp return 0; } @@ -448,27 +454,34 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { - syslog(LOG_ERR, _("setsockopt: %m")); + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); return -1; } if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one))) { - syslog(LOG_ERR, _("setsockopt: %m")); + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("fcntl: %m")); + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); return -1; } - if((cfg = get_config_val(config, interface))) + if((cfg = get_config_val(config, config_interface))) { if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr))) { + close(nfd); syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr); return -1; } @@ -478,20 +491,23 @@ cp a.sin_family = AF_INET; a.sin_port = htons(port); - if((cfg = get_config_val(config, interfaceip))) + if((cfg = get_config_val(config, config_interfaceip))) a.sin_addr.s_addr = htonl(cfg->data.ip->address); else a.sin_addr.s_addr = htonl(INADDR_ANY); if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { + close(nfd); syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port); return -1; } if(listen(nfd, 3)) { - syslog(LOG_ERR, _("listen: %m")); + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "listen"); return -1; } cp @@ -510,20 +526,25 @@ int setup_vpn_in_socket(int port) cp if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { + close(nfd); syslog(LOG_ERR, _("Creating socket failed: %m")); return -1; } if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { - syslog(LOG_ERR, _("setsockopt: %m")); + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("fcntl: %m")); + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); return -1; } @@ -534,6 +555,7 @@ cp if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { + close(nfd); syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port); return -1; } @@ -544,7 +566,7 @@ cp /* setup an outgoing meta (tcp) socket */ -int setup_outgoing_meta_socket(conn_list_t *cl) +int setup_outgoing_meta_socket(connection_t *cl) { int flags; struct sockaddr_in a; @@ -553,7 +575,7 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); - if((cfg = get_config_val(cl->config, port)) == NULL) + if((cfg = get_config_val(cl->config, config_port)) == NULL) cl->port = 655; else cl->port = cfg->data.val; @@ -572,6 +594,7 @@ cp if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1) { + close(cl->meta_socket); syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port); return -1; } @@ -579,6 +602,7 @@ cp flags = fcntl(cl->meta_socket, F_GETFL); if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) { + close(cl->meta_socket); syslog(LOG_ERR, _("fcntl for %s port %d: %m"), cl->hostname, cl->port); return -1; @@ -602,9 +626,9 @@ cp */ int setup_outgoing_connection(char *name) { - conn_list_t *ncn; + connection_t *ncn; struct hostent *h; - config_t *cfg; + config_t const *cfg; cp if(check_id(name)) { @@ -612,27 +636,27 @@ cp return -1; } - ncn = new_conn_list(); + ncn = new_connection(); asprintf(&ncn->name, "%s", name); if(read_host_config(ncn)) { syslog(LOG_ERR, _("Error reading host configuration file for %s")); - free_conn_list(ncn); + free_connection(ncn); return -1; } - if(!(cfg = get_config_val(ncn->config, address))) + if(!(cfg = get_config_val(ncn->config, config_address))) { syslog(LOG_ERR, _("No address specified for %s")); - free_conn_list(ncn); + free_connection(ncn); return -1; } if(!(h = gethostbyname(cfg->data.ptr))) { syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr); - free_conn_list(ncn); + free_connection(ncn); return -1; } @@ -643,7 +667,7 @@ cp { syslog(LOG_ERR, _("Could not set up a meta connection to %s"), ncn->hostname); - free_conn_list(ncn); + free_connection(ncn); return -1; } @@ -651,9 +675,8 @@ cp ncn->buffer = xmalloc(MAXBUFSIZE); ncn->buflen = 0; ncn->last_ping_time = time(NULL); - ncn->want_ping = 0; - conn_list_add(ncn); + connection_add(ncn); send_id(ncn); cp @@ -661,20 +684,21 @@ cp } /* - Configure conn_list_t myself and set up the local sockets (listen only) + Configure connection_t myself and set up the local sockets (listen only) */ int setup_myself(void) { config_t const *cfg; + config_t *next; subnet_t *net; cp - myself = new_conn_list(); + myself = new_connection(); asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */ myself->flags = 0; myself->protocol_version = PROT_CURRENT; - if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */ + if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */ { syslog(LOG_ERR, _("Name for tinc daemon required!")); return -1; @@ -688,7 +712,7 @@ cp return -1; } cp - if(!(cfg = get_config_val(config, privatekey))) + if(!(cfg = get_config_val(config, config_privatekey))) { syslog(LOG_ERR, _("Private key for tinc daemon required!")); return -1; @@ -706,7 +730,7 @@ cp return -1; } cp - if(!(cfg = get_config_val(myself->config, publickey))) + if(!(cfg = get_config_val(myself->config, config_publickey))) { syslog(LOG_ERR, _("Public key for tinc daemon required!")); return -1; @@ -722,22 +746,22 @@ cp return -1; } */ - if(!(cfg = get_config_val(myself->config, port))) + if(!(cfg = get_config_val(myself->config, config_port))) myself->port = 655; else myself->port = cfg->data.val; - if((cfg = get_config_val(myself->config, indirectdata))) + if((cfg = get_config_val(myself->config, config_indirectdata))) if(cfg->data.val == stupid_true) myself->flags |= EXPORTINDIRECTDATA; - if((cfg = get_config_val(myself->config, tcponly))) + if((cfg = get_config_val(myself->config, config_tcponly))) if(cfg->data.val == stupid_true) myself->flags |= TCPONLY; /* Read in all the subnets specified in the host configuration file */ - for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next) + for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next) { net = new_subnet(); net->type = SUBNET_IPV4; @@ -761,21 +785,16 @@ cp return -1; } - if((myself->socket = setup_vpn_in_socket(myself->port)) < 0) - { - syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!")); - close(myself->meta_socket); - return -1; - } - /* Generate packet encryption key */ - myself->cipher_pkttype = EVP_bf_cbc(); + myself->cipher_pkttype = EVP_bf_cfb(); - myself->cipher_pktkey = (char *)xmalloc(64); - RAND_bytes(myself->cipher_pktkey, 64); + myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; - if(!(cfg = get_config_val(config, keyexpire))) + myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength); + RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); + + if(!(cfg = get_config_val(config, config_keyexpire))) keylifetime = 3600; else keylifetime = cfg->data.val; @@ -787,6 +806,8 @@ cp myself->status.active = 1; syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); + + child_pids = list_new(); cp return 0; } @@ -796,7 +817,7 @@ sigalrm_handler(int a) { config_t const *cfg; cp - cfg = get_config_val(upstreamcfg, connectto); + cfg = get_config_val(upstreamcfg, config_connectto); if(!cfg && upstreamcfg == config) /* No upstream IP given, we're listen only. */ @@ -810,7 +831,7 @@ cp signal(SIGALRM, SIG_IGN); return; } - cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */ + cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); @@ -830,12 +851,20 @@ cp int setup_network_connections(void) { config_t const *cfg; - char *scriptname; cp - if((cfg = get_config_val(config, pingtimeout)) == NULL) - timeout = 5; + init_connections(); + init_subnets(); + + if((cfg = get_config_val(config, config_pingtimeout)) == NULL) + timeout = 60; else - timeout = cfg->data.val; + { + timeout = cfg->data.val; + if(timeout < 1) + { + timeout = 86400; + } + } if(setup_tap_fd() < 0) return -1; @@ -844,23 +873,9 @@ cp return -1; /* Run tinc-up script to further initialize the tap interface */ - - asprintf(&scriptname, "%s/tinc-up", confbase); - - if(!fork()) - { - - execl(scriptname, NULL); - - if(errno != ENOENT) - syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname); - - exit(0); - } - - free(scriptname); - - if(!(cfg = get_config_val(config, connectto))) + execute_script("tinc-up"); + + if(!(cfg = get_config_val(config, config_connectto))) /* No upstream IP given, we're listen only. */ return 0; @@ -869,7 +884,7 @@ cp upstreamcfg = cfg->next; if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ return 0; - cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */ + cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); @@ -886,11 +901,12 @@ cp */ void close_network_connections(void) { - conn_list_t *p; - char *scriptname; + rbl_t *rbl; + connection_t *p; cp - for(p = conn_list; p != NULL; p = p->next) + RBL_FOREACH(connection_tree, rbl) { + p = (connection_t *)rbl->data; p->status.active = 0; terminate_connection(p); } @@ -899,29 +915,16 @@ cp if(myself->status.active) { close(myself->meta_socket); - close(myself->socket); - free_conn_list(myself); + free_connection(myself); myself = NULL; } - /* Execute tinc-down script right before shutting down the interface */ - - asprintf(&scriptname, "%s/tinc-down", confbase); + close(tap_fd); - if(!fork()) - { - execl(scriptname, NULL); + /* Execute tinc-down script right after shutting down the interface */ + execute_script("tinc-down"); - if(errno != ENOENT) - syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname); - - exit(0); - } - - free(scriptname); - - close(tap_fd); - destroy_conn_list(); + destroy_connection_tree(); syslog(LOG_NOTICE, _("Terminating")); cp @@ -931,10 +934,11 @@ cp /* create a data (udp) socket */ -int setup_vpn_connection(conn_list_t *cl) +int setup_vpn_connection(connection_t *cl) { int nfd, flags; struct sockaddr_in a; + const int one = 1; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname); @@ -946,12 +950,42 @@ cp return -1; } + if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) + { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); + return -1; + } + + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) + { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); + return -1; + } + + memset(&a, 0, sizeof(a)); + a.sin_family = AF_INET; + a.sin_port = htons(myself->port); + a.sin_addr.s_addr = htonl(INADDR_ANY); + + if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port); + return -1; + } + a.sin_family = AF_INET; a.sin_port = htons(cl->port); a.sin_addr.s_addr = htonl(cl->address); if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1) { + close(nfd); syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"), cl->hostname, cl->port); return -1; @@ -960,6 +994,7 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, cl->name, cl->hostname); return -1; @@ -975,17 +1010,18 @@ cp handle an incoming tcp connect call and open a connection to it. */ -conn_list_t *create_new_connection(int sfd) +connection_t *create_new_connection(int sfd) { - conn_list_t *p; + connection_t *p; struct sockaddr_in ci; int len = sizeof(ci); cp - p = new_conn_list(); + p = new_connection(); - if(getpeername(sfd, &ci, &len) < 0) + if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0) { - syslog(LOG_ERR, _("Error: getpeername: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "getpeername"); return NULL; } @@ -997,7 +1033,6 @@ cp p->buffer = xmalloc(MAXBUFSIZE); p->buflen = 0; p->last_ping_time = time(NULL); - p->want_ping = 0; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection from %s port %d"), @@ -1013,20 +1048,21 @@ cp */ void build_fdset(fd_set *fs) { - conn_list_t *p; + rbl_t *rbl; + connection_t *p; cp FD_ZERO(fs); - for(p = conn_list; p != NULL; p = p->next) + RBL_FOREACH(connection_tree, rbl) { + p = (connection_t *)rbl->data; if(p->status.meta) - FD_SET(p->meta_socket, fs); + FD_SET(p->meta_socket, fs); if(p->status.dataopen) - FD_SET(p->socket, fs); + FD_SET(p->socket, fs); } FD_SET(myself->meta_socket, fs); - FD_SET(myself->socket, fs); FD_SET(tap_fd, fs); cp } @@ -1036,17 +1072,16 @@ cp udp socket and write it to the ethertap device after being decrypted */ -int handle_incoming_vpn_data() +int handle_incoming_vpn_data(connection_t *cl) { vpn_packet_t pkt; int x, l = sizeof(x); - struct sockaddr from; - socklen_t fromlen = sizeof(from); + int lenin; cp - if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), - __FILE__, __LINE__, myself->socket); + __FILE__, __LINE__, cl->socket); return -1; } if(x) @@ -1055,30 +1090,31 @@ cp return -1; } - if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0) + if((lenin = recv(cl->socket, (char *) &(pkt.len), MTU, 0)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return -1; } -/* + if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len, - from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]); - } -*/ + syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin, + cl->name, cl->hostname); + } + cp - return xrecv(&pkt); + return xrecv(cl, &pkt); } /* terminate a connection and notify the other end before closing the sockets */ -void terminate_connection(conn_list_t *cl) +void terminate_connection(connection_t *cl) { - conn_list_t *p; - subnet_t *s; + connection_t *p; + subnet_t *subnet; + rbl_t *rbl; cp if(cl->status.remove) return; @@ -1094,26 +1130,34 @@ cp if(cl->status.meta) close(cl->meta_socket); -cp /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ if(cl->status.meta) - for(p = conn_list; p != NULL; p = p->next) - if((p->nexthop == cl) && (p != cl)) - terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */ + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->nexthop == cl && p != cl) + terminate_connection(p); + } /* Inform others of termination if it was still active */ if(cl->status.active) - for(p = conn_list; p != NULL; p = p->next) - if(p->status.meta && p->status.active && p!=cl) - send_del_host(p, cl); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->status.meta && p->status.active && p!=cl) + send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ + } /* Remove the associated subnets */ - for(s = cl->subnets; s; s = s->next) - subnet_del(s); + RBL_FOREACH(cl->subnet_tree, rbl) + { + subnet = (subnet_t *)rbl->data; + subnet_del(subnet); + } /* Check if this was our outgoing connection */ @@ -1139,38 +1183,37 @@ cp end does not reply in time, we consider them dead and close the connection. */ -int check_dead_connections(void) +void check_dead_connections(void) { - conn_list_t *p; time_t now; + rbl_t *rbl; + connection_t *cl; cp now = time(NULL); - for(p = conn_list; p != NULL; p = p->next) + + RBL_FOREACH(connection_tree, rbl) { - if(p->status.active && p->status.meta) - { - if(p->last_ping_time + timeout < now) + cl = (connection_t *)rbl->data; + if(cl->status.active && cl->status.meta) + { + if(cl->last_ping_time + timeout < now) { - if(p->status.pinged && !p->status.got_pong) + if(cl->status.pinged) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), - p->name, p->hostname); - p->status.timeout = 1; - terminate_connection(p); + cl->name, cl->hostname); + cl->status.timeout = 1; + terminate_connection(cl); } - else if(p->want_ping) + else { - send_ping(p); - p->last_ping_time = now; - p->status.pinged = 1; - p->status.got_pong = 0; + send_ping(cl); } } - } + } } cp - return 0; } /* @@ -1179,7 +1222,7 @@ cp */ int handle_new_meta_connection() { - conn_list_t *ncn; + connection_t *ncn; struct sockaddr client; int nfd, len = sizeof(client); cp @@ -1197,7 +1240,7 @@ cp return 0; } - conn_list_add(ncn); + connection_add(ncn); cp return 0; } @@ -1208,27 +1251,28 @@ cp */ void check_network_activity(fd_set *f) { - conn_list_t *p; - int x, l = sizeof(x); + connection_t *p; + rbl_t *rbl; cp - for(p = conn_list; p != NULL; p = p->next) + RBL_FOREACH(connection_tree, rbl) { + p = (connection_t *)rbl->data; + if(p->status.remove) - continue; + return; if(p->status.dataopen) if(FD_ISSET(p->socket, f)) { - /* - The only thing that can happen to get us here is apparently an - error on this outgoing(!) UDP socket that isn't immediate (i.e. - something that will not trigger an error directly on send()). - I've once got here when it said `No route to host'. - */ + handle_incoming_vpn_data(p); + + /* Old error stuff (FIXME: copy this to handle_incoming_vpn_data() + getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l); syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), p->name, p->hostname, strerror(x)); terminate_connection(p); + */ return; } @@ -1240,10 +1284,7 @@ cp return; } } - - if(FD_ISSET(myself->socket, f)) - handle_incoming_vpn_data(); - + if(FD_ISSET(myself->meta_socket, f)) handle_new_meta_connection(); cp @@ -1313,7 +1354,7 @@ cp tv.tv_sec = timeout; tv.tv_usec = 0; - prune_conn_list(); + prune_connection_tree(); build_fdset(&fset); if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) @@ -1362,7 +1403,7 @@ cp if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Regenerating symmetric key")); - RAND_bytes(myself->cipher_pktkey, 64); + RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); send_key_changed(myself, NULL); keyexpires = time(NULL) + keylifetime; } @@ -1376,6 +1417,8 @@ cp if(FD_ISSET(tap_fd, &fset)) handle_tap_input(); } + + check_children(); } cp }