2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.51 2000/10/29 00:46:43 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
44 #include LINUX_IF_TUN_H
62 int taptype = TAP_TYPE_ETHERTAP;
64 int total_tap_out = 0;
65 int total_socket_in = 0;
66 int total_socket_out = 0;
68 config_t *upstreamcfg;
69 static int seconds_till_retry;
76 strip off the MAC adresses of an ethernet frame
78 void strip_mac_addresses(vpn_packet_t *p)
81 memmove(p->data, p->data + 12, p->len -= 12);
86 reassemble MAC addresses
88 void add_mac_addresses(vpn_packet_t *p)
91 memcpy(p->data + 12, p->data, p->len);
93 p->data[0] = p->data[6] = 0xfe;
94 p->data[1] = p->data[7] = 0xfd;
95 /* Really evil pointer stuff just below! */
96 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
97 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
101 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
106 outpkt.len = inpkt->len;
108 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
109 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
110 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
111 outlen += outpad + 2;
113 Do encryption when everything else is fixed...
115 outlen = outpkt.len + 2;
116 memcpy(&outpkt, inpkt, outlen);
118 if(debug_lvl >= DEBUG_TRAFFIC)
119 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
120 outlen, cl->name, cl->hostname);
122 total_socket_out += outlen;
126 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
128 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
129 cl->name, cl->hostname);
136 int xrecv(vpn_packet_t *inpkt)
141 outpkt.len = inpkt->len;
143 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
144 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
145 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
148 Do decryption is everything else is fixed...
150 outlen = outpkt.len+2;
151 memcpy(&outpkt, inpkt, outlen);
153 /* Fix mac address */
155 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
157 if(taptype == TAP_TYPE_TUNTAP)
159 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
160 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
162 total_tap_out += outpkt.len;
166 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
167 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
169 total_tap_out += outpkt.len + 2;
176 add the given packet of size s to the
177 queue q, be it the send or receive queue
179 void add_queue(packet_queue_t **q, void *packet, size_t s)
183 e = xmalloc(sizeof(*e));
184 e->packet = xmalloc(s);
185 memcpy(e->packet, packet, s);
189 *q = xmalloc(sizeof(**q));
190 (*q)->head = (*q)->tail = NULL;
193 e->next = NULL; /* We insert at the tail */
195 if((*q)->tail) /* Do we have a tail? */
197 (*q)->tail->next = e;
198 e->prev = (*q)->tail;
200 else /* No tail -> no head too */
210 /* Remove a queue element */
211 void del_queue(packet_queue_t **q, queue_element_t *e)
216 if(e->next) /* There is a successor, so we are not tail */
218 if(e->prev) /* There is a predecessor, so we are not head */
220 e->next->prev = e->prev;
221 e->prev->next = e->next;
223 else /* We are head */
225 e->next->prev = NULL;
226 (*q)->head = e->next;
229 else /* We are tail (or all alone!) */
231 if(e->prev) /* We are not alone :) */
233 e->prev->next = NULL;
234 (*q)->tail = e->prev;
248 flush a queue by calling function for
249 each packet, and removing it when that
250 returned a zero exit code
252 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
253 int (*function)(conn_list_t*,void*))
255 queue_element_t *p, *next = NULL;
257 for(p = (*pq)->head; p != NULL; )
261 if(!function(cl, p->packet))
267 if(debug_lvl >= DEBUG_TRAFFIC)
268 syslog(LOG_DEBUG, _("Queue flushed"));
273 flush the send&recv queues
274 void because nothing goes wrong here, packets
275 remain in the queue if something goes wrong
277 void flush_queues(conn_list_t *cl)
282 if(debug_lvl >= DEBUG_TRAFFIC)
283 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
284 cl->name, cl->hostname);
285 flush_queue(cl, &(cl->sq), xsend);
290 if(debug_lvl >= DEBUG_TRAFFIC)
291 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
292 cl->name, cl->hostname);
293 flush_queue(cl, &(cl->rq), xrecv);
299 send a packet to the given vpn ip.
301 int send_packet(ip_t to, vpn_packet_t *packet)
306 if((subnet = lookup_subnet_ipv4(to)) == NULL)
308 if(debug_lvl >= DEBUG_TRAFFIC)
310 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
319 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
321 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
323 if(!cl->status.dataopen)
324 if(setup_vpn_connection(cl) < 0)
326 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
327 cl->name, cl->hostname);
331 if(!cl->status.validkey)
333 /* Don't queue until everything else is fixed.
334 if(debug_lvl >= DEBUG_TRAFFIC)
335 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
336 cl->name, cl->hostname);
337 add_queue(&(cl->sq), packet, packet->len + 2);
339 if(!cl->status.waitingforkey)
340 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
344 if(!cl->status.active)
346 /* Don't queue until everything else is fixed.
347 if(debug_lvl >= DEBUG_TRAFFIC)
348 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
349 cl->name, cl->hostname);
350 add_queue(&(cl->sq), packet, packet->len + 2);
352 return 0; /* We don't want to mess up, do we? */
355 /* can we send it? can we? can we? huh? */
357 return xsend(cl, packet);
361 open the local ethertap device
363 int setup_tap_fd(void)
366 const char *tapfname;
372 if((cfg = get_config_val(config, tapdevice)))
373 tapfname = cfg->data.ptr;
376 tapfname = "/dev/misc/net/tun";
378 tapfname = "/dev/tap0";
381 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
383 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
389 /* Set default MAC address for ethertap devices */
391 taptype = TAP_TYPE_ETHERTAP;
392 mymac.type = SUBNET_MAC;
393 mymac.net.mac.address.x[0] = 0xfe;
394 mymac.net.mac.address.x[1] = 0xfd;
395 mymac.net.mac.address.x[2] = 0x00;
396 mymac.net.mac.address.x[3] = 0x00;
397 mymac.net.mac.address.x[4] = 0x00;
398 mymac.net.mac.address.x[5] = 0x00;
401 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
402 memset(&ifr, 0, sizeof(ifr));
404 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
406 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
408 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
410 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
411 taptype = TAP_TYPE_TUNTAP;
415 /* Add name of network interface to environment (for scripts) */
417 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
418 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
427 set up the socket that we listen on for incoming
430 int setup_listen_meta_socket(int port)
433 struct sockaddr_in a;
437 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
439 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
443 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
445 syslog(LOG_ERR, _("setsockopt: %m"));
449 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
451 syslog(LOG_ERR, _("setsockopt: %m"));
455 flags = fcntl(nfd, F_GETFL);
456 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
458 syslog(LOG_ERR, _("fcntl: %m"));
462 if((cfg = get_config_val(config, interface)))
464 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
466 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
471 memset(&a, 0, sizeof(a));
472 a.sin_family = AF_INET;
473 a.sin_port = htons(port);
475 if((cfg = get_config_val(config, interfaceip)))
476 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
478 a.sin_addr.s_addr = htonl(INADDR_ANY);
480 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
482 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
488 syslog(LOG_ERR, _("listen: %m"));
496 setup the socket for incoming encrypted
499 int setup_vpn_in_socket(int port)
502 struct sockaddr_in a;
505 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
507 syslog(LOG_ERR, _("Creating socket failed: %m"));
511 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
513 syslog(LOG_ERR, _("setsockopt: %m"));
517 flags = fcntl(nfd, F_GETFL);
518 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
520 syslog(LOG_ERR, _("fcntl: %m"));
524 memset(&a, 0, sizeof(a));
525 a.sin_family = AF_INET;
526 a.sin_port = htons(port);
527 a.sin_addr.s_addr = htonl(INADDR_ANY);
529 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
531 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
539 setup an outgoing meta (tcp) socket
541 int setup_outgoing_meta_socket(conn_list_t *cl)
544 struct sockaddr_in a;
547 if(debug_lvl >= DEBUG_CONNECTIONS)
548 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
550 if((cfg = get_config_val(cl->config, port)) == NULL)
553 cl->port = cfg->data.val;
555 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
556 if(cl->meta_socket == -1)
558 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
559 cl->hostname, cl->port);
563 a.sin_family = AF_INET;
564 a.sin_port = htons(cl->port);
565 a.sin_addr.s_addr = htonl(cl->address);
567 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
569 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
573 flags = fcntl(cl->meta_socket, F_GETFL);
574 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
576 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
577 cl->hostname, cl->port);
581 if(debug_lvl >= DEBUG_CONNECTIONS)
582 syslog(LOG_INFO, _("Connected to %s port %hd"),
583 cl->hostname, cl->port);
591 setup an outgoing connection. It's not
592 necessary to also open an udp socket as
593 well, because the other host will initiate
594 an authentication sequence during which
595 we will do just that.
597 int setup_outgoing_connection(char *name)
605 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
609 ncn = new_conn_list();
610 asprintf(&ncn->name, "%s", name);
612 if(read_host_config(ncn))
614 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
619 if(!(cfg = get_config_val(ncn->config, address)))
621 syslog(LOG_ERR, _("No address specified for %s"));
626 if(!(h = gethostbyname(cfg->data.ptr)))
628 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
633 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
634 ncn->hostname = hostlookup(htonl(ncn->address));
636 if(setup_outgoing_meta_socket(ncn) < 0)
638 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
644 ncn->status.outgoing = 1;
645 ncn->buffer = xmalloc(MAXBUFSIZE);
647 ncn->last_ping_time = time(NULL);
658 Configure conn_list_t myself and set up the local sockets (listen only)
660 int setup_myself(void)
665 myself = new_conn_list();
667 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
669 myself->protocol_version = PROT_CURRENT;
671 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
673 syslog(LOG_ERR, _("Name for tinc daemon required!"));
677 asprintf(&myself->name, "%s", (char*)cfg->data.val);
679 if(check_id(myself->name))
681 syslog(LOG_ERR, _("Invalid name for myself!"));
685 if(!(cfg = get_config_val(config, privatekey)))
687 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
692 myself->rsa_key = RSA_new();
693 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
694 BN_hex2bn(&myself->rsa_key->e, "FFFF");
697 if(read_host_config(myself))
699 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
703 if(!(cfg = get_config_val(myself->config, publickey)))
705 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
710 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
713 if(RSA_check_key(myself->rsa_key) != 1)
715 syslog(LOG_ERR, _("Invalid public/private keypair!"));
719 if(!(cfg = get_config_val(myself->config, port)))
722 myself->port = cfg->data.val;
724 if((cfg = get_config_val(myself->config, indirectdata)))
725 if(cfg->data.val == stupid_true)
726 myself->flags |= EXPORTINDIRECTDATA;
728 if((cfg = get_config_val(myself->config, tcponly)))
729 if(cfg->data.val == stupid_true)
730 myself->flags |= TCPONLY;
732 /* Read in all the subnets specified in the host configuration file */
734 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
737 net->type = SUBNET_IPV4;
738 net->net.ipv4.address = cfg->data.ip->address;
739 net->net.ipv4.mask = cfg->data.ip->mask;
741 /* Teach newbies what subnets are... */
743 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
745 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
749 subnet_add(myself, net);
752 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
754 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
758 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
760 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
761 close(myself->meta_socket);
765 myself->status.active = 1;
767 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
773 sigalrm_handler(int a)
777 cfg = get_config_val(upstreamcfg, connectto);
779 if(!cfg && upstreamcfg == config)
780 /* No upstream IP given, we're listen only. */
785 upstreamcfg = cfg->next;
786 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
788 signal(SIGALRM, SIG_IGN);
791 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
794 signal(SIGALRM, sigalrm_handler);
795 upstreamcfg = config;
796 seconds_till_retry += 5;
797 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
798 seconds_till_retry = MAXTIMEOUT;
799 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
801 alarm(seconds_till_retry);
806 setup all initial network connections
808 int setup_network_connections(void)
813 if((cfg = get_config_val(config, pingtimeout)) == NULL)
816 timeout = cfg->data.val;
818 if(setup_tap_fd() < 0)
821 if(setup_myself() < 0)
824 /* Run tinc-up script to further initialize the tap interface */
826 asprintf(&scriptname, "%s/tinc-up", confbase);
831 execl(scriptname, NULL);
834 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
841 if(!(cfg = get_config_val(config, connectto)))
842 /* No upstream IP given, we're listen only. */
847 upstreamcfg = cfg->next;
848 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
850 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
853 signal(SIGALRM, sigalrm_handler);
854 upstreamcfg = config;
855 seconds_till_retry = MAXTIMEOUT;
856 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
857 alarm(seconds_till_retry);
863 close all open network connections
865 void close_network_connections(void)
870 for(p = conn_list; p != NULL; p = p->next)
872 if(p->status.dataopen)
874 shutdown(p->socket, 0); /* No more receptions */
879 shutdown(p->meta_socket, 0); /* No more receptions */
880 close(p->meta_socket);
885 if(myself->status.active)
887 close(myself->meta_socket);
888 close(myself->socket);
891 /* Execute tinc-down script right before shutting down the interface */
893 asprintf(&scriptname, "%s/tinc-down", confbase);
897 execl(scriptname, NULL);
900 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
910 syslog(LOG_NOTICE, _("Terminating"));
916 create a data (udp) socket
918 int setup_vpn_connection(conn_list_t *cl)
921 struct sockaddr_in a;
923 if(debug_lvl >= DEBUG_TRAFFIC)
924 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
926 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
929 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
933 a.sin_family = AF_INET;
934 a.sin_port = htons(cl->port);
935 a.sin_addr.s_addr = htonl(cl->address);
937 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
939 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
940 cl->hostname, cl->port);
944 flags = fcntl(nfd, F_GETFL);
945 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
947 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
948 cl->name, cl->hostname);
953 cl->status.dataopen = 1;
959 handle an incoming tcp connect call and open
962 conn_list_t *create_new_connection(int sfd)
965 struct sockaddr_in ci;
966 int len = sizeof(ci);
970 if(getpeername(sfd, &ci, &len) < 0)
972 syslog(LOG_ERR, _("Error: getpeername: %m"));
977 p->address = ntohl(ci.sin_addr.s_addr);
978 p->hostname = hostlookup(ci.sin_addr.s_addr);
979 p->meta_socket = sfd;
981 p->buffer = xmalloc(MAXBUFSIZE);
983 p->last_ping_time = time(NULL);
986 if(debug_lvl >= DEBUG_CONNECTIONS)
987 syslog(LOG_NOTICE, _("Connection from %s port %d"),
988 p->hostname, htons(ci.sin_port));
990 p->allow_request = ID;
996 put all file descriptors in an fd_set array
998 void build_fdset(fd_set *fs)
1004 for(p = conn_list; p != NULL; p = p->next)
1007 FD_SET(p->meta_socket, fs);
1008 if(p->status.dataopen)
1009 FD_SET(p->socket, fs);
1012 FD_SET(myself->meta_socket, fs);
1013 FD_SET(myself->socket, fs);
1019 receive incoming data from the listening
1020 udp socket and write it to the ethertap
1021 device after being decrypted
1023 int handle_incoming_vpn_data()
1026 int x, l = sizeof(x);
1027 struct sockaddr from;
1028 socklen_t fromlen = sizeof(from);
1030 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1032 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1033 __FILE__, __LINE__, myself->socket);
1038 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1042 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1044 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1048 if(debug_lvl >= DEBUG_TRAFFIC)
1050 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1051 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1059 terminate a connection and notify the other
1060 end before closing the sockets
1062 void terminate_connection(conn_list_t *cl)
1067 if(cl->status.remove)
1072 cl->status.remove = 1;
1074 if(debug_lvl >= DEBUG_CONNECTIONS)
1075 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1076 cl->name, cl->hostname);
1081 close(cl->meta_socket);
1084 /* Find all connections that were lost because they were behind cl
1085 (the connection that was dropped). */
1088 for(p = conn_list; p != NULL; p = p->next)
1089 if((p->nexthop == cl) && (p != cl))
1090 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1092 /* Inform others of termination if it was still active */
1094 if(cl->status.active)
1095 for(p = conn_list; p != NULL; p = p->next)
1096 if(p->status.meta && p->status.active && p!=cl)
1097 send_del_host(p, cl);
1099 /* Remove the associated subnets */
1101 for(s = cl->subnets; s; s = s->next)
1106 cl->status.active = 0;
1108 /* Check if this was our outgoing connection */
1110 if(cl->status.outgoing)
1112 signal(SIGALRM, sigalrm_handler);
1113 seconds_till_retry = 5;
1114 alarm(seconds_till_retry);
1115 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1121 Check if the other end is active.
1122 If we have sent packets, but didn't receive any,
1123 then possibly the other end is dead. We send a
1124 PING request over the meta connection. If the other
1125 end does not reply in time, we consider them dead
1126 and close the connection.
1128 int check_dead_connections(void)
1134 for(p = conn_list; p != NULL; p = p->next)
1136 if(p->status.active && p->status.meta)
1138 if(p->last_ping_time + timeout < now)
1140 if(p->status.pinged && !p->status.got_pong)
1142 if(debug_lvl >= DEBUG_PROTOCOL)
1143 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1144 p->name, p->hostname);
1145 p->status.timeout = 1;
1146 terminate_connection(p);
1148 else if(p->want_ping)
1151 p->last_ping_time = now;
1152 p->status.pinged = 1;
1153 p->status.got_pong = 0;
1163 accept a new tcp connect and create a
1166 int handle_new_meta_connection()
1169 struct sockaddr client;
1170 int nfd, len = sizeof(client);
1172 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1174 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1178 if(!(ncn = create_new_connection(nfd)))
1182 syslog(LOG_NOTICE, _("Closed attempted connection"));
1192 check all connections to see if anything
1193 happened on their sockets
1195 void check_network_activity(fd_set *f)
1198 int x, l = sizeof(x);
1200 for(p = conn_list; p != NULL; p = p->next)
1202 if(p->status.remove)
1205 if(p->status.dataopen)
1206 if(FD_ISSET(p->socket, f))
1209 The only thing that can happen to get us here is apparently an
1210 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1211 something that will not trigger an error directly on send()).
1212 I've once got here when it said `No route to host'.
1214 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1215 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1216 p->name, p->hostname, strerror(x));
1217 terminate_connection(p);
1222 if(FD_ISSET(p->meta_socket, f))
1223 if(receive_meta(p) < 0)
1225 terminate_connection(p);
1230 if(FD_ISSET(myself->socket, f))
1231 handle_incoming_vpn_data();
1233 if(FD_ISSET(myself->meta_socket, f))
1234 handle_new_meta_connection();
1239 read, encrypt and send data that is
1240 available through the ethertap device
1242 void handle_tap_input(void)
1247 if(taptype == TAP_TYPE_TUNTAP)
1249 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1251 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1258 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1260 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1266 total_tap_in += lenin;
1270 if(debug_lvl >= DEBUG_TRAFFIC)
1271 syslog(LOG_WARNING, _("Received short packet from tap device"));
1275 if(debug_lvl >= DEBUG_TRAFFIC)
1277 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1280 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1285 this is where it all happens...
1287 void main_loop(void)
1292 time_t last_ping_check;
1294 last_ping_check = time(NULL);
1298 tv.tv_sec = timeout;
1304 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1306 if(errno != EINTR) /* because of alarm */
1308 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1316 /* FIXME: reprogram this.
1318 syslog(LOG_INFO, _("Rereading configuration file"));
1319 close_network_connections();
1321 if(read_config_file(&config, configfilename))
1323 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1327 setup_network_connections();
1332 if(last_ping_check + timeout < time(NULL))
1333 /* Let's check if everybody is still alive */
1335 check_dead_connections();
1336 last_ping_check = time(NULL);
1341 check_network_activity(&fset);
1343 /* local tap data */
1344 if(FD_ISSET(tap_fd, &fset))