2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.49 2000/10/28 21:52:22 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
43 #include LINUX_IF_TUN_H
61 int taptype = TAP_TYPE_ETHERTAP;
63 int total_tap_out = 0;
64 int total_socket_in = 0;
65 int total_socket_out = 0;
67 config_t *upstreamcfg;
68 static int seconds_till_retry;
75 strip off the MAC adresses of an ethernet frame
77 void strip_mac_addresses(vpn_packet_t *p)
80 memmove(p->data, p->data + 12, p->len -= 12);
85 reassemble MAC addresses
87 void add_mac_addresses(vpn_packet_t *p)
90 memcpy(p->data + 12, p->data, p->len);
92 p->data[0] = p->data[6] = 0xfe;
93 p->data[1] = p->data[7] = 0xfd;
94 /* Really evil pointer stuff just below! */
95 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
96 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
100 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
105 outpkt.len = inpkt->len;
107 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
108 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
109 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
110 outlen += outpad + 2;
112 Do encryption when everything else is fixed...
114 outlen = outpkt.len + 2;
115 memcpy(&outpkt, inpkt, outlen);
117 if(debug_lvl >= DEBUG_TRAFFIC)
118 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
119 outlen, cl->name, cl->hostname);
121 total_socket_out += outlen;
125 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
127 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
128 cl->name, cl->hostname);
135 int xrecv(vpn_packet_t *inpkt)
140 outpkt.len = inpkt->len;
142 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
143 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
144 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
147 Do decryption is everything else is fixed...
149 outlen = outpkt.len+2;
150 memcpy(&outpkt, inpkt, outlen);
152 /* Fix mac address */
154 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
156 if(taptype == TAP_TYPE_TUNTAP)
158 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
159 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
161 total_tap_out += outpkt.len;
165 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
166 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
168 total_tap_out += outpkt.len + 2;
175 add the given packet of size s to the
176 queue q, be it the send or receive queue
178 void add_queue(packet_queue_t **q, void *packet, size_t s)
182 e = xmalloc(sizeof(*e));
183 e->packet = xmalloc(s);
184 memcpy(e->packet, packet, s);
188 *q = xmalloc(sizeof(**q));
189 (*q)->head = (*q)->tail = NULL;
192 e->next = NULL; /* We insert at the tail */
194 if((*q)->tail) /* Do we have a tail? */
196 (*q)->tail->next = e;
197 e->prev = (*q)->tail;
199 else /* No tail -> no head too */
209 /* Remove a queue element */
210 void del_queue(packet_queue_t **q, queue_element_t *e)
215 if(e->next) /* There is a successor, so we are not tail */
217 if(e->prev) /* There is a predecessor, so we are not head */
219 e->next->prev = e->prev;
220 e->prev->next = e->next;
222 else /* We are head */
224 e->next->prev = NULL;
225 (*q)->head = e->next;
228 else /* We are tail (or all alone!) */
230 if(e->prev) /* We are not alone :) */
232 e->prev->next = NULL;
233 (*q)->tail = e->prev;
247 flush a queue by calling function for
248 each packet, and removing it when that
249 returned a zero exit code
251 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
252 int (*function)(conn_list_t*,void*))
254 queue_element_t *p, *next = NULL;
256 for(p = (*pq)->head; p != NULL; )
260 if(!function(cl, p->packet))
266 if(debug_lvl >= DEBUG_TRAFFIC)
267 syslog(LOG_DEBUG, _("Queue flushed"));
272 flush the send&recv queues
273 void because nothing goes wrong here, packets
274 remain in the queue if something goes wrong
276 void flush_queues(conn_list_t *cl)
281 if(debug_lvl >= DEBUG_TRAFFIC)
282 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
283 cl->name, cl->hostname);
284 flush_queue(cl, &(cl->sq), xsend);
289 if(debug_lvl >= DEBUG_TRAFFIC)
290 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
291 cl->name, cl->hostname);
292 flush_queue(cl, &(cl->rq), xrecv);
298 send a packet to the given vpn ip.
300 int send_packet(ip_t to, vpn_packet_t *packet)
305 if((subnet = lookup_subnet_ipv4(to)) == NULL)
307 if(debug_lvl >= DEBUG_TRAFFIC)
309 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
318 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
320 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
322 if(!cl->status.dataopen)
323 if(setup_vpn_connection(cl) < 0)
325 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
326 cl->name, cl->hostname);
330 if(!cl->status.validkey)
332 /* Don't queue until everything else is fixed.
333 if(debug_lvl >= DEBUG_TRAFFIC)
334 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
335 cl->name, cl->hostname);
336 add_queue(&(cl->sq), packet, packet->len + 2);
338 if(!cl->status.waitingforkey)
339 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
343 if(!cl->status.active)
345 /* Don't queue until everything else is fixed.
346 if(debug_lvl >= DEBUG_TRAFFIC)
347 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
348 cl->name, cl->hostname);
349 add_queue(&(cl->sq), packet, packet->len + 2);
351 return 0; /* We don't want to mess up, do we? */
354 /* can we send it? can we? can we? huh? */
356 return xsend(cl, packet);
360 open the local ethertap device
362 int setup_tap_fd(void)
365 const char *tapfname;
371 if((cfg = get_config_val(config, tapdevice)))
372 tapfname = cfg->data.ptr;
375 tapfname = "/dev/misc/net/tun";
377 tapfname = "/dev/tap0";
380 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
382 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
388 /* Set default MAC address for ethertap devices */
390 taptype = TAP_TYPE_ETHERTAP;
391 mymac.type = SUBNET_MAC;
392 mymac.net.mac.address.x[0] = 0xfe;
393 mymac.net.mac.address.x[1] = 0xfd;
394 mymac.net.mac.address.x[2] = 0x00;
395 mymac.net.mac.address.x[3] = 0x00;
396 mymac.net.mac.address.x[4] = 0x00;
397 mymac.net.mac.address.x[5] = 0x00;
400 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
401 memset(&ifr, 0, sizeof(ifr));
403 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
405 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
407 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
409 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
410 taptype = TAP_TYPE_TUNTAP;
414 /* Add name of network interface to environment (for scripts) */
416 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
417 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
426 set up the socket that we listen on for incoming
429 int setup_listen_meta_socket(int port)
432 struct sockaddr_in a;
436 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
438 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
442 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
444 syslog(LOG_ERR, _("setsockopt: %m"));
448 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
450 syslog(LOG_ERR, _("setsockopt: %m"));
454 flags = fcntl(nfd, F_GETFL);
455 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
457 syslog(LOG_ERR, _("fcntl: %m"));
461 if((cfg = get_config_val(config, interface)))
463 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
465 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
470 memset(&a, 0, sizeof(a));
471 a.sin_family = AF_INET;
472 a.sin_port = htons(port);
474 if((cfg = get_config_val(config, interfaceip)))
475 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
477 a.sin_addr.s_addr = htonl(INADDR_ANY);
479 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
481 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
487 syslog(LOG_ERR, _("listen: %m"));
495 setup the socket for incoming encrypted
498 int setup_vpn_in_socket(int port)
501 struct sockaddr_in a;
504 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
506 syslog(LOG_ERR, _("Creating socket failed: %m"));
510 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
512 syslog(LOG_ERR, _("setsockopt: %m"));
516 flags = fcntl(nfd, F_GETFL);
517 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
519 syslog(LOG_ERR, _("fcntl: %m"));
523 memset(&a, 0, sizeof(a));
524 a.sin_family = AF_INET;
525 a.sin_port = htons(port);
526 a.sin_addr.s_addr = htonl(INADDR_ANY);
528 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
530 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
538 setup an outgoing meta (tcp) socket
540 int setup_outgoing_meta_socket(conn_list_t *cl)
543 struct sockaddr_in a;
546 if(debug_lvl >= DEBUG_CONNECTIONS)
547 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
549 if((cfg = get_config_val(cl->config, port)) == NULL)
552 cl->port = cfg->data.val;
554 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
555 if(cl->meta_socket == -1)
557 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
558 cl->hostname, cl->port);
562 a.sin_family = AF_INET;
563 a.sin_port = htons(cl->port);
564 a.sin_addr.s_addr = htonl(cl->address);
566 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
568 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
572 flags = fcntl(cl->meta_socket, F_GETFL);
573 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
575 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
576 cl->hostname, cl->port);
580 if(debug_lvl >= DEBUG_CONNECTIONS)
581 syslog(LOG_INFO, _("Connected to %s port %hd"),
582 cl->hostname, cl->port);
590 setup an outgoing connection. It's not
591 necessary to also open an udp socket as
592 well, because the other host will initiate
593 an authentication sequence during which
594 we will do just that.
596 int setup_outgoing_connection(char *name)
604 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
608 ncn = new_conn_list();
609 asprintf(&ncn->name, "%s", name);
611 if(read_host_config(ncn))
613 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
618 if(!(cfg = get_config_val(ncn->config, address)))
620 syslog(LOG_ERR, _("No address specified for %s"));
625 if(!(h = gethostbyname(cfg->data.ptr)))
627 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
632 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
633 ncn->hostname = hostlookup(htonl(ncn->address));
635 if(setup_outgoing_meta_socket(ncn) < 0)
637 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
643 ncn->status.outgoing = 1;
644 ncn->buffer = xmalloc(MAXBUFSIZE);
646 ncn->last_ping_time = time(NULL);
657 Configure conn_list_t myself and set up the local sockets (listen only)
659 int setup_myself(void)
665 myself = new_conn_list();
667 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
669 myself->protocol_version = PROT_CURRENT;
671 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
673 syslog(LOG_ERR, _("Name for tinc daemon required!"));
677 asprintf(&myself->name, "%s", (char*)cfg->data.val);
679 if(check_id(myself->name))
681 syslog(LOG_ERR, _("Invalid name for myself!"));
685 if(!(cfg = get_config_val(config, privatekey)))
687 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
692 myself->rsa_key = RSA_new();
693 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
694 BN_hex2bn(&myself->rsa_key->e, "FFFF");
697 if(read_host_config(myself))
699 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
703 if(!(cfg = get_config_val(myself->config, publickey)))
705 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
710 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
713 if(RSA_check_key(myself->rsa_key) != 1)
715 syslog(LOG_ERR, _("Invalid public/private keypair!"));
719 if(!(cfg = get_config_val(myself->config, port)))
722 myself->port = cfg->data.val;
724 if((cfg = get_config_val(myself->config, indirectdata)))
725 if(cfg->data.val == stupid_true)
726 myself->flags |= EXPORTINDIRECTDATA;
728 if((cfg = get_config_val(myself->config, tcponly)))
729 if(cfg->data.val == stupid_true)
730 myself->flags |= TCPONLY;
732 /* Read in all the subnets specified in the host configuration file */
734 for(cfg = myself->config; cfg = get_config_val(cfg, subnet); cfg = cfg->next)
737 net->type = SUBNET_IPV4;
738 net->net.ipv4.address = cfg->data.ip->address;
739 net->net.ipv4.mask = cfg->data.ip->mask;
741 subnet_add(myself, net);
744 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
746 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
750 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
752 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
753 close(myself->meta_socket);
757 myself->status.active = 1;
759 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
765 sigalrm_handler(int a)
769 cfg = get_config_val(upstreamcfg, connectto);
771 if(!cfg && upstreamcfg == config)
772 /* No upstream IP given, we're listen only. */
777 upstreamcfg = cfg->next;
778 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
780 signal(SIGALRM, SIG_IGN);
783 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
786 signal(SIGALRM, sigalrm_handler);
787 upstreamcfg = config;
788 seconds_till_retry += 5;
789 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
790 seconds_till_retry = MAXTIMEOUT;
791 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
793 alarm(seconds_till_retry);
798 setup all initial network connections
800 int setup_network_connections(void)
805 if((cfg = get_config_val(config, pingtimeout)) == NULL)
808 timeout = cfg->data.val;
810 if(setup_tap_fd() < 0)
813 if(setup_myself() < 0)
816 /* Run tinc-up script to further initialize the tap interface */
818 asprintf(&scriptname, "%s/tinc-up", confbase);
823 execl(scriptname, NULL);
826 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
833 if(!(cfg = get_config_val(config, connectto)))
834 /* No upstream IP given, we're listen only. */
839 upstreamcfg = cfg->next;
840 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
842 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
845 signal(SIGALRM, sigalrm_handler);
846 upstreamcfg = config;
847 seconds_till_retry = MAXTIMEOUT;
848 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
849 alarm(seconds_till_retry);
855 close all open network connections
857 void close_network_connections(void)
862 for(p = conn_list; p != NULL; p = p->next)
864 if(p->status.dataopen)
866 shutdown(p->socket, 0); /* No more receptions */
872 shutdown(p->meta_socket, 0); /* No more receptions */
873 close(p->meta_socket);
878 if(myself->status.active)
880 close(myself->meta_socket);
881 close(myself->socket);
884 /* Execute tinc-down script right before shutting down the interface */
886 asprintf(&scriptname, "%s/tinc-down", confbase);
890 execl(scriptname, NULL);
893 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
903 syslog(LOG_NOTICE, _("Terminating"));
909 create a data (udp) socket
911 int setup_vpn_connection(conn_list_t *cl)
914 struct sockaddr_in a;
916 if(debug_lvl >= DEBUG_TRAFFIC)
917 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
919 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
922 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
926 a.sin_family = AF_INET;
927 a.sin_port = htons(cl->port);
928 a.sin_addr.s_addr = htonl(cl->address);
930 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
932 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
933 cl->hostname, cl->port);
937 flags = fcntl(nfd, F_GETFL);
938 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
940 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
941 cl->name, cl->hostname);
946 cl->status.dataopen = 1;
952 handle an incoming tcp connect call and open
955 conn_list_t *create_new_connection(int sfd)
958 struct sockaddr_in ci;
959 int len = sizeof(ci);
963 if(getpeername(sfd, &ci, &len) < 0)
965 syslog(LOG_ERR, _("Error: getpeername: %m"));
970 p->address = ntohl(ci.sin_addr.s_addr);
971 p->hostname = hostlookup(ci.sin_addr.s_addr);
972 p->meta_socket = sfd;
974 p->buffer = xmalloc(MAXBUFSIZE);
976 p->last_ping_time = time(NULL);
979 if(debug_lvl >= DEBUG_CONNECTIONS)
980 syslog(LOG_NOTICE, _("Connection from %s port %d"),
981 p->hostname, htons(ci.sin_port));
983 p->allow_request = ID;
989 put all file descriptors in an fd_set array
991 void build_fdset(fd_set *fs)
997 for(p = conn_list; p != NULL; p = p->next)
1000 FD_SET(p->meta_socket, fs);
1001 if(p->status.dataopen)
1002 FD_SET(p->socket, fs);
1005 FD_SET(myself->meta_socket, fs);
1006 FD_SET(myself->socket, fs);
1012 receive incoming data from the listening
1013 udp socket and write it to the ethertap
1014 device after being decrypted
1016 int handle_incoming_vpn_data()
1020 int x, l = sizeof(x);
1021 struct sockaddr from;
1022 socklen_t fromlen = sizeof(from);
1024 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1026 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1027 __FILE__, __LINE__, myself->socket);
1032 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1036 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1038 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1042 if(debug_lvl >= DEBUG_TRAFFIC)
1044 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1045 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1053 terminate a connection and notify the other
1054 end before closing the sockets
1056 void terminate_connection(conn_list_t *cl)
1061 if(cl->status.remove)
1064 if(debug_lvl >= DEBUG_CONNECTIONS)
1065 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1066 cl->name, cl->hostname);
1071 close(cl->meta_socket);
1073 cl->status.remove = 1;
1075 /* If this cl isn't active, don't send any DEL_HOSTs. */
1077 /* FIXME: reprogram this.
1078 if(cl->status.active)
1079 notify_others(cl,NULL,send_del_host);
1083 /* Find all connections that were lost because they were behind cl
1084 (the connection that was dropped). */
1086 for(p = conn_list; p != NULL; p = p->next)
1088 if((p->nexthop == cl) && (p != cl))
1090 if(cl->status.active && p->status.active)
1091 /* FIXME: reprogram this
1092 notify_others(p,cl,send_del_host);
1096 p->status.active = 0;
1097 p->status.remove = 1;
1101 cl->status.active = 0;
1103 if(cl->status.outgoing)
1105 signal(SIGALRM, sigalrm_handler);
1106 seconds_till_retry = 5;
1107 alarm(seconds_till_retry);
1108 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1114 Check if the other end is active.
1115 If we have sent packets, but didn't receive any,
1116 then possibly the other end is dead. We send a
1117 PING request over the meta connection. If the other
1118 end does not reply in time, we consider them dead
1119 and close the connection.
1121 int check_dead_connections(void)
1127 for(p = conn_list; p != NULL; p = p->next)
1129 if(p->status.remove)
1131 if(p->status.active && p->status.meta)
1133 if(p->last_ping_time + timeout < now)
1135 if(p->status.pinged && !p->status.got_pong)
1137 if(debug_lvl >= DEBUG_PROTOCOL)
1138 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1139 p->name, p->hostname);
1140 p->status.timeout = 1;
1141 terminate_connection(p);
1143 else if(p->want_ping)
1146 p->last_ping_time = now;
1147 p->status.pinged = 1;
1148 p->status.got_pong = 0;
1158 accept a new tcp connect and create a
1161 int handle_new_meta_connection()
1164 struct sockaddr client;
1165 int nfd, len = sizeof(client);
1167 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1169 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1173 if(!(ncn = create_new_connection(nfd)))
1177 syslog(LOG_NOTICE, _("Closed attempted connection"));
1181 ncn->status.meta = 1;
1182 ncn->next = conn_list;
1189 check all connections to see if anything
1190 happened on their sockets
1192 void check_network_activity(fd_set *f)
1195 int x, l = sizeof(x);
1197 for(p = conn_list; p != NULL; p = p->next)
1199 if(p->status.remove)
1202 if(p->status.dataopen)
1203 if(FD_ISSET(p->socket, f))
1206 The only thing that can happen to get us here is apparently an
1207 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1208 something that will not trigger an error directly on send()).
1209 I've once got here when it said `No route to host'.
1211 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1212 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1213 p->name, p->hostname, strerror(x));
1214 terminate_connection(p);
1219 if(FD_ISSET(p->meta_socket, f))
1220 if(receive_meta(p) < 0)
1222 terminate_connection(p);
1227 if(FD_ISSET(myself->socket, f))
1228 handle_incoming_vpn_data();
1230 if(FD_ISSET(myself->meta_socket, f))
1231 handle_new_meta_connection();
1236 read, encrypt and send data that is
1237 available through the ethertap device
1239 void handle_tap_input(void)
1246 if(taptype == TAP_TYPE_TUNTAP)
1248 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1250 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1257 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1259 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1265 total_tap_in += lenin;
1269 if(debug_lvl >= DEBUG_TRAFFIC)
1270 syslog(LOG_WARNING, _("Received short packet from tap device"));
1274 if(debug_lvl >= DEBUG_TRAFFIC)
1276 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1279 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1284 this is where it all happens...
1286 void main_loop(void)
1291 time_t last_ping_check;
1293 last_ping_check = time(NULL);
1297 tv.tv_sec = timeout;
1303 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1305 if(errno != EINTR) /* because of alarm */
1307 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1315 /* FIXME: reprogram this.
1317 syslog(LOG_INFO, _("Rereading configuration file"));
1318 close_network_connections();
1320 if(read_config_file(&config, configfilename))
1322 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1326 setup_network_connections();
1331 if(last_ping_check + timeout < time(NULL))
1332 /* Let's check if everybody is still alive */
1334 check_dead_connections();
1335 last_ping_check = time(NULL);
1340 check_network_activity(&fset);
1342 /* local tap data */
1343 if(FD_ISSET(tap_fd, &fset))