2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.63 2000/11/04 14:52:40 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 #include <openssl/rand.h>
43 #include <openssl/evp.h>
44 #include <openssl/err.h>
47 #include LINUX_IF_TUN_H
64 int taptype = TAP_TYPE_ETHERTAP;
66 int total_tap_out = 0;
67 int total_socket_in = 0;
68 int total_socket_out = 0;
70 config_t *upstreamcfg;
71 static int seconds_till_retry;
77 char *interface_name = NULL; /* Contains the name of the interface */
82 Execute the given script.
83 This function doesn't really belong here.
85 int execute_script(const char* name)
91 if((pid = fork()) < 0)
93 syslog(LOG_ERR, _("System call `%s' failed: %m"),
105 asprintf(&scriptname, "%s/%s", confbase, name);
106 asprintf(&s, "IFNAME=%s", interface_name);
108 execl(scriptname, NULL);
109 /* No return on success */
111 if(errno != ENOENT) /* Ignore if the file does not exist */
112 syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname);
114 /* No need to free things */
118 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
124 outpkt.len = inpkt->len;
126 /* Encrypt the packet */
128 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
129 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
130 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
131 outlen += outpad + 2;
134 outlen = outpkt.len + 2;
135 memcpy(&outpkt, inpkt, outlen);
138 if(debug_lvl >= DEBUG_TRAFFIC)
139 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
140 outlen, cl->name, cl->hostname);
142 total_socket_out += outlen;
146 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
148 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
149 cl->name, cl->hostname);
156 int xrecv(vpn_packet_t *inpkt)
162 outpkt.len = inpkt->len;
164 /* Decrypt the packet */
166 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
167 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
168 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
172 outlen = outpkt.len+2;
173 memcpy(&outpkt, inpkt, outlen);
176 if(debug_lvl >= DEBUG_TRAFFIC)
177 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
180 /* Fix mac address */
182 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
184 if(taptype == TAP_TYPE_TUNTAP)
186 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
187 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
189 total_tap_out += outpkt.len;
193 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
194 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
196 total_tap_out += outpkt.len + 2;
203 add the given packet of size s to the
204 queue q, be it the send or receive queue
206 void add_queue(packet_queue_t **q, void *packet, size_t s)
210 e = xmalloc(sizeof(*e));
211 e->packet = xmalloc(s);
212 memcpy(e->packet, packet, s);
216 *q = xmalloc(sizeof(**q));
217 (*q)->head = (*q)->tail = NULL;
220 e->next = NULL; /* We insert at the tail */
222 if((*q)->tail) /* Do we have a tail? */
224 (*q)->tail->next = e;
225 e->prev = (*q)->tail;
227 else /* No tail -> no head too */
237 /* Remove a queue element */
238 void del_queue(packet_queue_t **q, queue_element_t *e)
243 if(e->next) /* There is a successor, so we are not tail */
245 if(e->prev) /* There is a predecessor, so we are not head */
247 e->next->prev = e->prev;
248 e->prev->next = e->next;
250 else /* We are head */
252 e->next->prev = NULL;
253 (*q)->head = e->next;
256 else /* We are tail (or all alone!) */
258 if(e->prev) /* We are not alone :) */
260 e->prev->next = NULL;
261 (*q)->tail = e->prev;
275 flush a queue by calling function for
276 each packet, and removing it when that
277 returned a zero exit code
279 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
280 int (*function)(conn_list_t*,void*))
282 queue_element_t *p, *next = NULL;
284 for(p = (*pq)->head; p != NULL; )
288 if(!function(cl, p->packet))
294 if(debug_lvl >= DEBUG_TRAFFIC)
295 syslog(LOG_DEBUG, _("Queue flushed"));
300 flush the send&recv queues
301 void because nothing goes wrong here, packets
302 remain in the queue if something goes wrong
304 void flush_queues(conn_list_t *cl)
309 if(debug_lvl >= DEBUG_TRAFFIC)
310 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
311 cl->name, cl->hostname);
312 flush_queue(cl, &(cl->sq), xsend);
317 if(debug_lvl >= DEBUG_TRAFFIC)
318 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
319 cl->name, cl->hostname);
320 flush_queue(cl, &(cl->rq), xrecv);
326 send a packet to the given vpn ip.
328 int send_packet(ip_t to, vpn_packet_t *packet)
333 if((subnet = lookup_subnet_ipv4(to)) == NULL)
335 if(debug_lvl >= DEBUG_TRAFFIC)
337 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
346 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
348 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
350 if(!cl->status.dataopen)
351 if(setup_vpn_connection(cl) < 0)
353 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
354 cl->name, cl->hostname);
358 if(!cl->status.validkey)
360 /* FIXME: Don't queue until everything else is fixed.
361 if(debug_lvl >= DEBUG_TRAFFIC)
362 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
363 cl->name, cl->hostname);
364 add_queue(&(cl->sq), packet, packet->len + 2);
366 if(!cl->status.waitingforkey)
367 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
371 if(!cl->status.active)
373 /* FIXME: Don't queue until everything else is fixed.
374 if(debug_lvl >= DEBUG_TRAFFIC)
375 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
376 cl->name, cl->hostname);
377 add_queue(&(cl->sq), packet, packet->len + 2);
379 return 0; /* We don't want to mess up, do we? */
382 /* can we send it? can we? can we? huh? */
384 return xsend(cl, packet);
388 open the local ethertap device
390 int setup_tap_fd(void)
393 const char *tapfname;
398 if((cfg = get_config_val(config, tapdevice)))
399 tapfname = cfg->data.ptr;
402 tapfname = "/dev/misc/net/tun";
404 tapfname = "/dev/tap0";
407 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
409 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
415 /* Set default MAC address for ethertap devices */
417 taptype = TAP_TYPE_ETHERTAP;
418 mymac.type = SUBNET_MAC;
419 mymac.net.mac.address.x[0] = 0xfe;
420 mymac.net.mac.address.x[1] = 0xfd;
421 mymac.net.mac.address.x[2] = 0x00;
422 mymac.net.mac.address.x[3] = 0x00;
423 mymac.net.mac.address.x[4] = 0x00;
424 mymac.net.mac.address.x[5] = 0x00;
427 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
428 memset(&ifr, 0, sizeof(ifr));
430 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
432 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
434 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
436 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
437 taptype = TAP_TYPE_TUNTAP;
441 /* Add name of network interface to environment (for scripts) */
443 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
444 interface_name = xmalloc(strlen(ifr.ifr_name));
445 strcpy(interface_name, ifr.ifr_name);
452 set up the socket that we listen on for incoming
455 int setup_listen_meta_socket(int port)
458 struct sockaddr_in a;
462 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
464 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
468 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
470 syslog(LOG_ERR, _("System call `%s' failed: %m"),
475 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
477 syslog(LOG_ERR, _("System call `%s' failed: %m"),
482 flags = fcntl(nfd, F_GETFL);
483 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
485 syslog(LOG_ERR, _("System call `%s' failed: %m"),
490 if((cfg = get_config_val(config, interface)))
492 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
494 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
499 memset(&a, 0, sizeof(a));
500 a.sin_family = AF_INET;
501 a.sin_port = htons(port);
503 if((cfg = get_config_val(config, interfaceip)))
504 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
506 a.sin_addr.s_addr = htonl(INADDR_ANY);
508 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
510 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
516 syslog(LOG_ERR, _("System call `%s' failed: %m"),
525 setup the socket for incoming encrypted
528 int setup_vpn_in_socket(int port)
531 struct sockaddr_in a;
534 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
536 syslog(LOG_ERR, _("Creating socket failed: %m"));
540 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
542 syslog(LOG_ERR, _("System call `%s' failed: %m"),
547 flags = fcntl(nfd, F_GETFL);
548 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
550 syslog(LOG_ERR, _("System call `%s' failed: %m"),
555 memset(&a, 0, sizeof(a));
556 a.sin_family = AF_INET;
557 a.sin_port = htons(port);
558 a.sin_addr.s_addr = htonl(INADDR_ANY);
560 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
562 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
570 setup an outgoing meta (tcp) socket
572 int setup_outgoing_meta_socket(conn_list_t *cl)
575 struct sockaddr_in a;
578 if(debug_lvl >= DEBUG_CONNECTIONS)
579 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
581 if((cfg = get_config_val(cl->config, port)) == NULL)
584 cl->port = cfg->data.val;
586 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
587 if(cl->meta_socket == -1)
589 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
590 cl->hostname, cl->port);
594 a.sin_family = AF_INET;
595 a.sin_port = htons(cl->port);
596 a.sin_addr.s_addr = htonl(cl->address);
598 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
600 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
604 flags = fcntl(cl->meta_socket, F_GETFL);
605 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
607 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
608 cl->hostname, cl->port);
612 if(debug_lvl >= DEBUG_CONNECTIONS)
613 syslog(LOG_INFO, _("Connected to %s port %hd"),
614 cl->hostname, cl->port);
622 setup an outgoing connection. It's not
623 necessary to also open an udp socket as
624 well, because the other host will initiate
625 an authentication sequence during which
626 we will do just that.
628 int setup_outgoing_connection(char *name)
636 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
640 ncn = new_conn_list();
641 asprintf(&ncn->name, "%s", name);
643 if(read_host_config(ncn))
645 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
650 if(!(cfg = get_config_val(ncn->config, address)))
652 syslog(LOG_ERR, _("No address specified for %s"));
657 if(!(h = gethostbyname(cfg->data.ptr)))
659 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
664 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
665 ncn->hostname = hostlookup(htonl(ncn->address));
667 if(setup_outgoing_meta_socket(ncn) < 0)
669 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
675 ncn->status.outgoing = 1;
676 ncn->buffer = xmalloc(MAXBUFSIZE);
678 ncn->last_ping_time = time(NULL);
689 Configure conn_list_t myself and set up the local sockets (listen only)
691 int setup_myself(void)
696 myself = new_conn_list();
698 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
700 myself->protocol_version = PROT_CURRENT;
702 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
704 syslog(LOG_ERR, _("Name for tinc daemon required!"));
708 asprintf(&myself->name, "%s", (char*)cfg->data.val);
710 if(check_id(myself->name))
712 syslog(LOG_ERR, _("Invalid name for myself!"));
716 if(!(cfg = get_config_val(config, privatekey)))
718 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
723 myself->rsa_key = RSA_new();
724 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
725 BN_hex2bn(&myself->rsa_key->e, "FFFF");
728 if(read_host_config(myself))
730 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
734 if(!(cfg = get_config_val(myself->config, publickey)))
736 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
741 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
744 if(RSA_check_key(myself->rsa_key) != 1)
746 syslog(LOG_ERR, _("Invalid public/private keypair!"));
750 if(!(cfg = get_config_val(myself->config, port)))
753 myself->port = cfg->data.val;
755 if((cfg = get_config_val(myself->config, indirectdata)))
756 if(cfg->data.val == stupid_true)
757 myself->flags |= EXPORTINDIRECTDATA;
759 if((cfg = get_config_val(myself->config, tcponly)))
760 if(cfg->data.val == stupid_true)
761 myself->flags |= TCPONLY;
763 /* Read in all the subnets specified in the host configuration file */
765 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
768 net->type = SUBNET_IPV4;
769 net->net.ipv4.address = cfg->data.ip->address;
770 net->net.ipv4.mask = cfg->data.ip->mask;
772 /* Teach newbies what subnets are... */
774 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
776 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
780 subnet_add(myself, net);
783 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
785 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
789 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
791 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
792 close(myself->meta_socket);
796 /* Generate packet encryption key */
798 myself->cipher_pkttype = EVP_bf_cfb();
800 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
802 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
803 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
805 if(!(cfg = get_config_val(config, keyexpire)))
808 keylifetime = cfg->data.val;
810 keyexpires = time(NULL) + keylifetime;
812 /* Activate ourselves */
814 myself->status.active = 1;
816 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
822 sigalrm_handler(int a)
826 cfg = get_config_val(upstreamcfg, connectto);
828 if(!cfg && upstreamcfg == config)
829 /* No upstream IP given, we're listen only. */
834 upstreamcfg = cfg->next;
835 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
837 signal(SIGALRM, SIG_IGN);
840 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
843 signal(SIGALRM, sigalrm_handler);
844 upstreamcfg = config;
845 seconds_till_retry += 5;
846 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
847 seconds_till_retry = MAXTIMEOUT;
848 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
850 alarm(seconds_till_retry);
855 setup all initial network connections
857 int setup_network_connections(void)
861 if((cfg = get_config_val(config, pingtimeout)) == NULL)
864 timeout = cfg->data.val;
866 if(setup_tap_fd() < 0)
869 if(setup_myself() < 0)
872 /* Run tinc-up script to further initialize the tap interface */
873 execute_script("tinc-up");
875 if(!(cfg = get_config_val(config, connectto)))
876 /* No upstream IP given, we're listen only. */
881 upstreamcfg = cfg->next;
882 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
884 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
887 signal(SIGALRM, sigalrm_handler);
888 upstreamcfg = config;
889 seconds_till_retry = MAXTIMEOUT;
890 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
891 alarm(seconds_till_retry);
897 close all open network connections
899 void close_network_connections(void)
903 for(p = conn_list; p != NULL; p = p->next)
905 p->status.active = 0;
906 terminate_connection(p);
910 if(myself->status.active)
912 close(myself->meta_socket);
913 close(myself->socket);
914 free_conn_list(myself);
920 /* Execute tinc-down script right after shutting down the interface */
921 execute_script("tinc-down");
925 syslog(LOG_NOTICE, _("Terminating"));
931 create a data (udp) socket
933 int setup_vpn_connection(conn_list_t *cl)
936 struct sockaddr_in a;
938 if(debug_lvl >= DEBUG_TRAFFIC)
939 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
941 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
944 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
948 a.sin_family = AF_INET;
949 a.sin_port = htons(cl->port);
950 a.sin_addr.s_addr = htonl(cl->address);
952 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
954 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
955 cl->hostname, cl->port);
959 flags = fcntl(nfd, F_GETFL);
960 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
962 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
963 cl->name, cl->hostname);
968 cl->status.dataopen = 1;
974 handle an incoming tcp connect call and open
977 conn_list_t *create_new_connection(int sfd)
980 struct sockaddr_in ci;
981 int len = sizeof(ci);
985 if(getpeername(sfd, &ci, &len) < 0)
987 syslog(LOG_ERR, _("System call `%s' failed: %m"),
993 p->address = ntohl(ci.sin_addr.s_addr);
994 p->hostname = hostlookup(ci.sin_addr.s_addr);
995 p->meta_socket = sfd;
997 p->buffer = xmalloc(MAXBUFSIZE);
999 p->last_ping_time = time(NULL);
1002 if(debug_lvl >= DEBUG_CONNECTIONS)
1003 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1004 p->hostname, htons(ci.sin_port));
1006 p->allow_request = ID;
1012 put all file descriptors in an fd_set array
1014 void build_fdset(fd_set *fs)
1020 for(p = conn_list; p != NULL; p = p->next)
1023 FD_SET(p->meta_socket, fs);
1024 if(p->status.dataopen)
1025 FD_SET(p->socket, fs);
1028 FD_SET(myself->meta_socket, fs);
1029 FD_SET(myself->socket, fs);
1035 receive incoming data from the listening
1036 udp socket and write it to the ethertap
1037 device after being decrypted
1039 int handle_incoming_vpn_data()
1042 int x, l = sizeof(x);
1043 struct sockaddr from;
1045 socklen_t fromlen = sizeof(from);
1047 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1049 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1050 __FILE__, __LINE__, myself->socket);
1055 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1059 if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen)) <= 0)
1061 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1065 if(debug_lvl >= DEBUG_TRAFFIC)
1067 syslog(LOG_DEBUG, _("Received packet of %d bytes"), lenin);
1075 terminate a connection and notify the other
1076 end before closing the sockets
1078 void terminate_connection(conn_list_t *cl)
1083 if(cl->status.remove)
1086 cl->status.remove = 1;
1088 if(debug_lvl >= DEBUG_CONNECTIONS)
1089 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1090 cl->name, cl->hostname);
1095 close(cl->meta_socket);
1098 /* Find all connections that were lost because they were behind cl
1099 (the connection that was dropped). */
1102 for(p = conn_list; p != NULL; p = p->next)
1103 if((p->nexthop == cl) && (p != cl))
1104 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1106 /* Inform others of termination if it was still active */
1108 if(cl->status.active)
1109 for(p = conn_list; p != NULL; p = p->next)
1110 if(p->status.meta && p->status.active && p!=cl)
1111 send_del_host(p, cl);
1113 /* Remove the associated subnets */
1115 for(s = cl->subnets; s; s = s->next)
1118 /* Check if this was our outgoing connection */
1120 if(cl->status.outgoing && cl->status.active)
1122 signal(SIGALRM, sigalrm_handler);
1123 seconds_till_retry = 5;
1124 alarm(seconds_till_retry);
1125 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1130 cl->status.active = 0;
1135 Check if the other end is active.
1136 If we have sent packets, but didn't receive any,
1137 then possibly the other end is dead. We send a
1138 PING request over the meta connection. If the other
1139 end does not reply in time, we consider them dead
1140 and close the connection.
1142 int check_dead_connections(void)
1148 for(p = conn_list; p != NULL; p = p->next)
1150 if(p->status.active && p->status.meta)
1152 if(p->last_ping_time + timeout < now)
1154 if(p->status.pinged && !p->status.got_pong)
1156 if(debug_lvl >= DEBUG_PROTOCOL)
1157 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1158 p->name, p->hostname);
1159 p->status.timeout = 1;
1160 terminate_connection(p);
1162 else if(p->want_ping)
1165 p->last_ping_time = now;
1166 p->status.pinged = 1;
1167 p->status.got_pong = 0;
1177 accept a new tcp connect and create a
1180 int handle_new_meta_connection()
1183 struct sockaddr client;
1184 int nfd, len = sizeof(client);
1186 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1188 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1192 if(!(ncn = create_new_connection(nfd)))
1196 syslog(LOG_NOTICE, _("Closed attempted connection"));
1206 check all connections to see if anything
1207 happened on their sockets
1209 void check_network_activity(fd_set *f)
1212 int x, l = sizeof(x);
1214 for(p = conn_list; p != NULL; p = p->next)
1216 if(p->status.remove)
1219 if(p->status.dataopen)
1220 if(FD_ISSET(p->socket, f))
1223 The only thing that can happen to get us here is apparently an
1224 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1225 something that will not trigger an error directly on send()).
1226 I've once got here when it said `No route to host'.
1228 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1229 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1230 p->name, p->hostname, strerror(x));
1231 terminate_connection(p);
1236 if(FD_ISSET(p->meta_socket, f))
1237 if(receive_meta(p) < 0)
1239 terminate_connection(p);
1244 if(FD_ISSET(myself->socket, f))
1245 handle_incoming_vpn_data();
1247 if(FD_ISSET(myself->meta_socket, f))
1248 handle_new_meta_connection();
1253 read, encrypt and send data that is
1254 available through the ethertap device
1256 void handle_tap_input(void)
1261 if(taptype == TAP_TYPE_TUNTAP)
1263 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1265 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1272 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1274 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1280 total_tap_in += lenin;
1284 if(debug_lvl >= DEBUG_TRAFFIC)
1285 syslog(LOG_WARNING, _("Received short packet from tap device"));
1289 if(debug_lvl >= DEBUG_TRAFFIC)
1291 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1294 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1299 this is where it all happens...
1301 void main_loop(void)
1306 time_t last_ping_check;
1309 last_ping_check = time(NULL);
1313 tv.tv_sec = timeout;
1319 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1321 if(errno != EINTR) /* because of alarm */
1323 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1330 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1332 close_network_connections();
1333 clear_config(&config);
1335 if(read_server_config())
1337 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1343 if(setup_network_connections())
1351 /* Let's check if everybody is still alive */
1353 if(last_ping_check + timeout < t)
1355 check_dead_connections();
1356 last_ping_check = time(NULL);
1358 /* Should we regenerate our key? */
1362 if(debug_lvl >= DEBUG_STATUS)
1363 syslog(LOG_INFO, _("Regenerating symmetric key"));
1365 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1366 send_key_changed(myself, NULL);
1367 keyexpires = time(NULL) + keylifetime;
1373 check_network_activity(&fset);
1375 /* local tap data */
1376 if(FD_ISSET(tap_fd, &fset))