2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.62 2000/11/04 14:16:46 zarq Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 #include <openssl/rand.h>
43 #include <openssl/evp.h>
44 #include <openssl/err.h>
47 #include LINUX_IF_TUN_H
64 int taptype = TAP_TYPE_ETHERTAP;
66 int total_tap_out = 0;
67 int total_socket_in = 0;
68 int total_socket_out = 0;
70 config_t *upstreamcfg;
71 static int seconds_till_retry;
77 char *interface_name = NULL; /* Contains the name of the interface */
82 Execute the given script.
83 This function doesn't really belong here.
85 int execute_script(const char* name)
91 asprintf(&scriptname, "%s/%s", confbase, name);
93 if((pid = fork()) < 0)
95 syslog(LOG_ERR, _("System call `%s' failed: %m"),
108 asprintf(&s, "IFNAME=%s", interface_name);
110 execl(scriptname, NULL);
111 /* No return on success */
113 if(errno != ENOENT) /* Ignore if the file does not exist */
114 syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname);
116 /* No need to free things */
120 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
126 outpkt.len = inpkt->len;
128 /* Encrypt the packet */
130 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
131 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
132 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
133 outlen += outpad + 2;
136 outlen = outpkt.len + 2;
137 memcpy(&outpkt, inpkt, outlen);
140 if(debug_lvl >= DEBUG_TRAFFIC)
141 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
142 outlen, cl->name, cl->hostname);
144 total_socket_out += outlen;
148 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
150 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
151 cl->name, cl->hostname);
158 int xrecv(vpn_packet_t *inpkt)
164 outpkt.len = inpkt->len;
166 /* Decrypt the packet */
168 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
169 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
170 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
174 outlen = outpkt.len+2;
175 memcpy(&outpkt, inpkt, outlen);
178 if(debug_lvl >= DEBUG_TRAFFIC)
179 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
182 /* Fix mac address */
184 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
186 if(taptype == TAP_TYPE_TUNTAP)
188 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
189 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
191 total_tap_out += outpkt.len;
195 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
196 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
198 total_tap_out += outpkt.len + 2;
205 add the given packet of size s to the
206 queue q, be it the send or receive queue
208 void add_queue(packet_queue_t **q, void *packet, size_t s)
212 e = xmalloc(sizeof(*e));
213 e->packet = xmalloc(s);
214 memcpy(e->packet, packet, s);
218 *q = xmalloc(sizeof(**q));
219 (*q)->head = (*q)->tail = NULL;
222 e->next = NULL; /* We insert at the tail */
224 if((*q)->tail) /* Do we have a tail? */
226 (*q)->tail->next = e;
227 e->prev = (*q)->tail;
229 else /* No tail -> no head too */
239 /* Remove a queue element */
240 void del_queue(packet_queue_t **q, queue_element_t *e)
245 if(e->next) /* There is a successor, so we are not tail */
247 if(e->prev) /* There is a predecessor, so we are not head */
249 e->next->prev = e->prev;
250 e->prev->next = e->next;
252 else /* We are head */
254 e->next->prev = NULL;
255 (*q)->head = e->next;
258 else /* We are tail (or all alone!) */
260 if(e->prev) /* We are not alone :) */
262 e->prev->next = NULL;
263 (*q)->tail = e->prev;
277 flush a queue by calling function for
278 each packet, and removing it when that
279 returned a zero exit code
281 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
282 int (*function)(conn_list_t*,void*))
284 queue_element_t *p, *next = NULL;
286 for(p = (*pq)->head; p != NULL; )
290 if(!function(cl, p->packet))
296 if(debug_lvl >= DEBUG_TRAFFIC)
297 syslog(LOG_DEBUG, _("Queue flushed"));
302 flush the send&recv queues
303 void because nothing goes wrong here, packets
304 remain in the queue if something goes wrong
306 void flush_queues(conn_list_t *cl)
311 if(debug_lvl >= DEBUG_TRAFFIC)
312 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
313 cl->name, cl->hostname);
314 flush_queue(cl, &(cl->sq), xsend);
319 if(debug_lvl >= DEBUG_TRAFFIC)
320 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
321 cl->name, cl->hostname);
322 flush_queue(cl, &(cl->rq), xrecv);
328 send a packet to the given vpn ip.
330 int send_packet(ip_t to, vpn_packet_t *packet)
335 if((subnet = lookup_subnet_ipv4(to)) == NULL)
337 if(debug_lvl >= DEBUG_TRAFFIC)
339 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
348 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
350 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
352 if(!cl->status.dataopen)
353 if(setup_vpn_connection(cl) < 0)
355 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
356 cl->name, cl->hostname);
360 if(!cl->status.validkey)
362 /* FIXME: Don't queue until everything else is fixed.
363 if(debug_lvl >= DEBUG_TRAFFIC)
364 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
365 cl->name, cl->hostname);
366 add_queue(&(cl->sq), packet, packet->len + 2);
368 if(!cl->status.waitingforkey)
369 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
373 if(!cl->status.active)
375 /* FIXME: Don't queue until everything else is fixed.
376 if(debug_lvl >= DEBUG_TRAFFIC)
377 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
378 cl->name, cl->hostname);
379 add_queue(&(cl->sq), packet, packet->len + 2);
381 return 0; /* We don't want to mess up, do we? */
384 /* can we send it? can we? can we? huh? */
386 return xsend(cl, packet);
390 open the local ethertap device
392 int setup_tap_fd(void)
395 const char *tapfname;
400 if((cfg = get_config_val(config, tapdevice)))
401 tapfname = cfg->data.ptr;
404 tapfname = "/dev/misc/net/tun";
406 tapfname = "/dev/tap0";
409 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
411 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
417 /* Set default MAC address for ethertap devices */
419 taptype = TAP_TYPE_ETHERTAP;
420 mymac.type = SUBNET_MAC;
421 mymac.net.mac.address.x[0] = 0xfe;
422 mymac.net.mac.address.x[1] = 0xfd;
423 mymac.net.mac.address.x[2] = 0x00;
424 mymac.net.mac.address.x[3] = 0x00;
425 mymac.net.mac.address.x[4] = 0x00;
426 mymac.net.mac.address.x[5] = 0x00;
429 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
430 memset(&ifr, 0, sizeof(ifr));
432 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
434 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
436 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
438 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
439 taptype = TAP_TYPE_TUNTAP;
443 /* Add name of network interface to environment (for scripts) */
445 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
446 interface_name = xmalloc(strlen(ifr.ifr_name));
447 strcpy(interface_name, ifr.ifr_name);
454 set up the socket that we listen on for incoming
457 int setup_listen_meta_socket(int port)
460 struct sockaddr_in a;
464 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
466 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
470 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
472 syslog(LOG_ERR, _("System call `%s' failed: %m"),
477 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
479 syslog(LOG_ERR, _("System call `%s' failed: %m"),
484 flags = fcntl(nfd, F_GETFL);
485 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
487 syslog(LOG_ERR, _("System call `%s' failed: %m"),
492 if((cfg = get_config_val(config, interface)))
494 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
496 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
501 memset(&a, 0, sizeof(a));
502 a.sin_family = AF_INET;
503 a.sin_port = htons(port);
505 if((cfg = get_config_val(config, interfaceip)))
506 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
508 a.sin_addr.s_addr = htonl(INADDR_ANY);
510 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
512 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
518 syslog(LOG_ERR, _("System call `%s' failed: %m"),
527 setup the socket for incoming encrypted
530 int setup_vpn_in_socket(int port)
533 struct sockaddr_in a;
536 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
538 syslog(LOG_ERR, _("Creating socket failed: %m"));
542 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
544 syslog(LOG_ERR, _("System call `%s' failed: %m"),
549 flags = fcntl(nfd, F_GETFL);
550 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
552 syslog(LOG_ERR, _("System call `%s' failed: %m"),
557 memset(&a, 0, sizeof(a));
558 a.sin_family = AF_INET;
559 a.sin_port = htons(port);
560 a.sin_addr.s_addr = htonl(INADDR_ANY);
562 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
564 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
572 setup an outgoing meta (tcp) socket
574 int setup_outgoing_meta_socket(conn_list_t *cl)
577 struct sockaddr_in a;
580 if(debug_lvl >= DEBUG_CONNECTIONS)
581 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
583 if((cfg = get_config_val(cl->config, port)) == NULL)
586 cl->port = cfg->data.val;
588 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
589 if(cl->meta_socket == -1)
591 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
592 cl->hostname, cl->port);
596 a.sin_family = AF_INET;
597 a.sin_port = htons(cl->port);
598 a.sin_addr.s_addr = htonl(cl->address);
600 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
602 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
606 flags = fcntl(cl->meta_socket, F_GETFL);
607 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
609 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
610 cl->hostname, cl->port);
614 if(debug_lvl >= DEBUG_CONNECTIONS)
615 syslog(LOG_INFO, _("Connected to %s port %hd"),
616 cl->hostname, cl->port);
624 setup an outgoing connection. It's not
625 necessary to also open an udp socket as
626 well, because the other host will initiate
627 an authentication sequence during which
628 we will do just that.
630 int setup_outgoing_connection(char *name)
638 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
642 ncn = new_conn_list();
643 asprintf(&ncn->name, "%s", name);
645 if(read_host_config(ncn))
647 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
652 if(!(cfg = get_config_val(ncn->config, address)))
654 syslog(LOG_ERR, _("No address specified for %s"));
659 if(!(h = gethostbyname(cfg->data.ptr)))
661 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
666 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
667 ncn->hostname = hostlookup(htonl(ncn->address));
669 if(setup_outgoing_meta_socket(ncn) < 0)
671 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
677 ncn->status.outgoing = 1;
678 ncn->buffer = xmalloc(MAXBUFSIZE);
680 ncn->last_ping_time = time(NULL);
691 Configure conn_list_t myself and set up the local sockets (listen only)
693 int setup_myself(void)
698 myself = new_conn_list();
700 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
702 myself->protocol_version = PROT_CURRENT;
704 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
706 syslog(LOG_ERR, _("Name for tinc daemon required!"));
710 asprintf(&myself->name, "%s", (char*)cfg->data.val);
712 if(check_id(myself->name))
714 syslog(LOG_ERR, _("Invalid name for myself!"));
718 if(!(cfg = get_config_val(config, privatekey)))
720 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
725 myself->rsa_key = RSA_new();
726 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
727 BN_hex2bn(&myself->rsa_key->e, "FFFF");
730 if(read_host_config(myself))
732 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
736 if(!(cfg = get_config_val(myself->config, publickey)))
738 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
743 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
746 if(RSA_check_key(myself->rsa_key) != 1)
748 syslog(LOG_ERR, _("Invalid public/private keypair!"));
752 if(!(cfg = get_config_val(myself->config, port)))
755 myself->port = cfg->data.val;
757 if((cfg = get_config_val(myself->config, indirectdata)))
758 if(cfg->data.val == stupid_true)
759 myself->flags |= EXPORTINDIRECTDATA;
761 if((cfg = get_config_val(myself->config, tcponly)))
762 if(cfg->data.val == stupid_true)
763 myself->flags |= TCPONLY;
765 /* Read in all the subnets specified in the host configuration file */
767 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
770 net->type = SUBNET_IPV4;
771 net->net.ipv4.address = cfg->data.ip->address;
772 net->net.ipv4.mask = cfg->data.ip->mask;
774 /* Teach newbies what subnets are... */
776 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
778 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
782 subnet_add(myself, net);
785 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
787 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
791 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
793 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
794 close(myself->meta_socket);
798 /* Generate packet encryption key */
800 myself->cipher_pkttype = EVP_bf_cfb();
802 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
804 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
805 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
807 if(!(cfg = get_config_val(config, keyexpire)))
810 keylifetime = cfg->data.val;
812 keyexpires = time(NULL) + keylifetime;
814 /* Activate ourselves */
816 myself->status.active = 1;
818 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
824 sigalrm_handler(int a)
828 cfg = get_config_val(upstreamcfg, connectto);
830 if(!cfg && upstreamcfg == config)
831 /* No upstream IP given, we're listen only. */
836 upstreamcfg = cfg->next;
837 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
839 signal(SIGALRM, SIG_IGN);
842 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
845 signal(SIGALRM, sigalrm_handler);
846 upstreamcfg = config;
847 seconds_till_retry += 5;
848 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
849 seconds_till_retry = MAXTIMEOUT;
850 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
852 alarm(seconds_till_retry);
857 setup all initial network connections
859 int setup_network_connections(void)
863 if((cfg = get_config_val(config, pingtimeout)) == NULL)
866 timeout = cfg->data.val;
868 if(setup_tap_fd() < 0)
871 if(setup_myself() < 0)
874 /* Run tinc-up script to further initialize the tap interface */
875 execute_script("tinc-up");
877 if(!(cfg = get_config_val(config, connectto)))
878 /* No upstream IP given, we're listen only. */
883 upstreamcfg = cfg->next;
884 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
886 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
889 signal(SIGALRM, sigalrm_handler);
890 upstreamcfg = config;
891 seconds_till_retry = MAXTIMEOUT;
892 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
893 alarm(seconds_till_retry);
899 close all open network connections
901 void close_network_connections(void)
905 for(p = conn_list; p != NULL; p = p->next)
907 p->status.active = 0;
908 terminate_connection(p);
912 if(myself->status.active)
914 close(myself->meta_socket);
915 close(myself->socket);
916 free_conn_list(myself);
922 /* Execute tinc-down script right after shutting down the interface */
923 execute_script("tinc-down");
927 syslog(LOG_NOTICE, _("Terminating"));
933 create a data (udp) socket
935 int setup_vpn_connection(conn_list_t *cl)
938 struct sockaddr_in a;
940 if(debug_lvl >= DEBUG_TRAFFIC)
941 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
943 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
946 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
950 a.sin_family = AF_INET;
951 a.sin_port = htons(cl->port);
952 a.sin_addr.s_addr = htonl(cl->address);
954 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
956 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
957 cl->hostname, cl->port);
961 flags = fcntl(nfd, F_GETFL);
962 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
964 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
965 cl->name, cl->hostname);
970 cl->status.dataopen = 1;
976 handle an incoming tcp connect call and open
979 conn_list_t *create_new_connection(int sfd)
982 struct sockaddr_in ci;
983 int len = sizeof(ci);
987 if(getpeername(sfd, &ci, &len) < 0)
989 syslog(LOG_ERR, _("System call `%s' failed: %m"),
995 p->address = ntohl(ci.sin_addr.s_addr);
996 p->hostname = hostlookup(ci.sin_addr.s_addr);
997 p->meta_socket = sfd;
999 p->buffer = xmalloc(MAXBUFSIZE);
1001 p->last_ping_time = time(NULL);
1004 if(debug_lvl >= DEBUG_CONNECTIONS)
1005 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1006 p->hostname, htons(ci.sin_port));
1008 p->allow_request = ID;
1014 put all file descriptors in an fd_set array
1016 void build_fdset(fd_set *fs)
1022 for(p = conn_list; p != NULL; p = p->next)
1025 FD_SET(p->meta_socket, fs);
1026 if(p->status.dataopen)
1027 FD_SET(p->socket, fs);
1030 FD_SET(myself->meta_socket, fs);
1031 FD_SET(myself->socket, fs);
1037 receive incoming data from the listening
1038 udp socket and write it to the ethertap
1039 device after being decrypted
1041 int handle_incoming_vpn_data()
1044 int x, l = sizeof(x);
1045 struct sockaddr from;
1047 socklen_t fromlen = sizeof(from);
1049 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1051 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1052 __FILE__, __LINE__, myself->socket);
1057 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1061 if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen)) <= 0)
1063 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1067 if(debug_lvl >= DEBUG_TRAFFIC)
1069 syslog(LOG_DEBUG, _("Received packet of %d bytes"), lenin);
1077 terminate a connection and notify the other
1078 end before closing the sockets
1080 void terminate_connection(conn_list_t *cl)
1085 if(cl->status.remove)
1088 cl->status.remove = 1;
1090 if(debug_lvl >= DEBUG_CONNECTIONS)
1091 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1092 cl->name, cl->hostname);
1097 close(cl->meta_socket);
1100 /* Find all connections that were lost because they were behind cl
1101 (the connection that was dropped). */
1104 for(p = conn_list; p != NULL; p = p->next)
1105 if((p->nexthop == cl) && (p != cl))
1106 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1108 /* Inform others of termination if it was still active */
1110 if(cl->status.active)
1111 for(p = conn_list; p != NULL; p = p->next)
1112 if(p->status.meta && p->status.active && p!=cl)
1113 send_del_host(p, cl);
1115 /* Remove the associated subnets */
1117 for(s = cl->subnets; s; s = s->next)
1120 /* Check if this was our outgoing connection */
1122 if(cl->status.outgoing && cl->status.active)
1124 signal(SIGALRM, sigalrm_handler);
1125 seconds_till_retry = 5;
1126 alarm(seconds_till_retry);
1127 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1132 cl->status.active = 0;
1137 Check if the other end is active.
1138 If we have sent packets, but didn't receive any,
1139 then possibly the other end is dead. We send a
1140 PING request over the meta connection. If the other
1141 end does not reply in time, we consider them dead
1142 and close the connection.
1144 int check_dead_connections(void)
1150 for(p = conn_list; p != NULL; p = p->next)
1152 if(p->status.active && p->status.meta)
1154 if(p->last_ping_time + timeout < now)
1156 if(p->status.pinged && !p->status.got_pong)
1158 if(debug_lvl >= DEBUG_PROTOCOL)
1159 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1160 p->name, p->hostname);
1161 p->status.timeout = 1;
1162 terminate_connection(p);
1164 else if(p->want_ping)
1167 p->last_ping_time = now;
1168 p->status.pinged = 1;
1169 p->status.got_pong = 0;
1179 accept a new tcp connect and create a
1182 int handle_new_meta_connection()
1185 struct sockaddr client;
1186 int nfd, len = sizeof(client);
1188 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1190 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1194 if(!(ncn = create_new_connection(nfd)))
1198 syslog(LOG_NOTICE, _("Closed attempted connection"));
1208 check all connections to see if anything
1209 happened on their sockets
1211 void check_network_activity(fd_set *f)
1214 int x, l = sizeof(x);
1216 for(p = conn_list; p != NULL; p = p->next)
1218 if(p->status.remove)
1221 if(p->status.dataopen)
1222 if(FD_ISSET(p->socket, f))
1225 The only thing that can happen to get us here is apparently an
1226 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1227 something that will not trigger an error directly on send()).
1228 I've once got here when it said `No route to host'.
1230 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1231 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1232 p->name, p->hostname, strerror(x));
1233 terminate_connection(p);
1238 if(FD_ISSET(p->meta_socket, f))
1239 if(receive_meta(p) < 0)
1241 terminate_connection(p);
1246 if(FD_ISSET(myself->socket, f))
1247 handle_incoming_vpn_data();
1249 if(FD_ISSET(myself->meta_socket, f))
1250 handle_new_meta_connection();
1255 read, encrypt and send data that is
1256 available through the ethertap device
1258 void handle_tap_input(void)
1263 if(taptype == TAP_TYPE_TUNTAP)
1265 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1267 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1274 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1276 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1282 total_tap_in += lenin;
1286 if(debug_lvl >= DEBUG_TRAFFIC)
1287 syslog(LOG_WARNING, _("Received short packet from tap device"));
1291 if(debug_lvl >= DEBUG_TRAFFIC)
1293 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1296 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1301 this is where it all happens...
1303 void main_loop(void)
1308 time_t last_ping_check;
1311 last_ping_check = time(NULL);
1315 tv.tv_sec = timeout;
1321 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1323 if(errno != EINTR) /* because of alarm */
1325 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1332 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1334 close_network_connections();
1335 clear_config(&config);
1337 if(read_server_config())
1339 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1345 if(setup_network_connections())
1353 /* Let's check if everybody is still alive */
1355 if(last_ping_check + timeout < t)
1357 check_dead_connections();
1358 last_ping_check = time(NULL);
1360 /* Should we regenerate our key? */
1364 if(debug_lvl >= DEBUG_STATUS)
1365 syslog(LOG_INFO, _("Regenerating symmetric key"));
1367 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1368 send_key_changed(myself, NULL);
1369 keyexpires = time(NULL) + keylifetime;
1375 check_network_activity(&fset);
1377 /* local tap data */
1378 if(FD_ISSET(tap_fd, &fset))