2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/pem.h>
29 #include <openssl/hmac.h>
41 #include "connection.h"
58 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
61 static void send_udppacket(node_t *, vpn_packet_t *);
63 unsigned replaywin = 16;
64 bool localdiscovery = false;
66 #define MAX_SEQNO 1073741824
68 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
69 mtuprobes == 31: sleep pinginterval seconds
70 mtuprobes == 32: send 1 burst, sleep pingtimeout second
71 mtuprobes == 33: no response from other side, restart PMTU discovery process
73 Probes are sent in batches of three, with random sizes between the lower and
74 upper boundaries for the MTU thus far discovered.
76 In case local discovery is enabled, a fourth packet is added to each batch,
77 which will be broadcast to the local network.
80 static void send_mtu_probe_handler(void *data) {
86 if(!n->status.reachable || !n->status.validkey) {
87 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
92 if(n->mtuprobes > 32) {
95 timeout = pinginterval;
99 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
100 n->status.udp_confirmed = false;
106 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
107 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
111 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
112 if(n->minmtu > n->maxmtu)
113 n->minmtu = n->maxmtu;
115 n->maxmtu = n->minmtu;
117 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
121 if(n->mtuprobes == 31) {
122 timeout = pinginterval;
124 } else if(n->mtuprobes == 32) {
125 timeout = pingtimeout;
128 for(int i = 0; i < 3 + localdiscovery; i++) {
131 if(n->maxmtu <= n->minmtu)
134 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
140 memset(packet.data, 0, 14);
141 randomize(packet.data + 14, len - 14);
143 if(i >= 3 && n->mtuprobes <= 10)
144 packet.priority = -1;
148 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
150 send_udppacket(n, &packet);
154 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
157 void send_mtu_probe(node_t *n) {
158 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
159 send_mtu_probe_handler(n);
162 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
163 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
165 if(!packet->data[0]) {
166 /* It's a probe request, send back a reply */
170 /* Temporarily set udp_confirmed, so that the reply is sent
171 back exactly the way it came in. */
173 bool udp_confirmed = n->status.udp_confirmed;
174 n->status.udp_confirmed = true;
175 send_udppacket(n, packet);
176 n->status.udp_confirmed = udp_confirmed;
178 /* It's a valid reply: now we know bidirectional communication
179 is possible using the address and socket that the reply
182 n->status.udp_confirmed = true;
184 /* If we haven't established the PMTU yet, restart the discovery process. */
186 if(n->mtuprobes > 30) {
193 /* If applicable, raise the minimum supported MTU */
202 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
204 memcpy(dest, source, len);
206 } else if(level == 10) {
208 lzo_uint lzolen = MAXSIZE;
209 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
214 } else if(level < 10) {
216 unsigned long destlen = MAXSIZE;
217 if(compress2(dest, &destlen, source, len, level) == Z_OK)
224 lzo_uint lzolen = MAXSIZE;
225 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
235 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
237 memcpy(dest, source, len);
239 } else if(level > 9) {
241 lzo_uint lzolen = MAXSIZE;
242 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
250 unsigned long destlen = MAXSIZE;
251 if(uncompress(dest, &destlen, source, len) == Z_OK)
263 static void receive_packet(node_t *n, vpn_packet_t *packet) {
264 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
265 packet->len, n->name, n->hostname);
268 n->in_bytes += packet->len;
273 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
275 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
277 if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest))
280 return digest_verify(&n->indigest, &inpkt->seqno, inpkt->len - n->indigest.maclength, (const char *)&inpkt->seqno + inpkt->len - n->indigest.maclength);
283 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
284 vpn_packet_t pkt1, pkt2;
285 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
287 vpn_packet_t *outpkt = pkt[0];
290 if(n->status.sptps) {
291 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
295 if(!cipher_active(&n->incipher)) {
296 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
297 n->name, n->hostname);
301 /* Check packet length */
303 if(inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) {
304 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
305 n->name, n->hostname);
309 /* Check the message authentication code */
311 if(digest_active(&n->indigest)) {
312 inpkt->len -= n->indigest.maclength;
313 if(!digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
314 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
318 /* Decrypt the packet */
320 if(cipher_active(&n->incipher)) {
321 outpkt = pkt[nextpkt++];
324 if(!cipher_decrypt(&n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
325 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
329 outpkt->len = outlen;
333 /* Check the sequence number */
335 inpkt->len -= sizeof inpkt->seqno;
336 inpkt->seqno = ntohl(inpkt->seqno);
339 if(inpkt->seqno != n->received_seqno + 1) {
340 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
341 if(n->farfuture++ < replaywin >> 2) {
342 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
343 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
346 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
347 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
348 memset(n->late, 0, replaywin);
349 } else if (inpkt->seqno <= n->received_seqno) {
350 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
351 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
352 n->name, n->hostname, inpkt->seqno, n->received_seqno);
356 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
357 n->late[(i / 8) % replaywin] |= 1 << i % 8;
362 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
365 if(inpkt->seqno > n->received_seqno)
366 n->received_seqno = inpkt->seqno;
370 if(n->received_seqno > MAX_SEQNO)
373 /* Decompress the packet */
375 length_t origlen = inpkt->len;
377 if(n->incompression) {
378 outpkt = pkt[nextpkt++];
380 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
381 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
382 n->name, n->hostname);
388 origlen -= MTU/64 + 20;
393 if(!inpkt->data[12] && !inpkt->data[13])
394 mtu_probe_h(n, inpkt, origlen);
396 receive_packet(n, inpkt);
399 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
403 if(c->options & OPTION_TCPONLY)
406 outpkt.priority = -1;
407 memcpy(outpkt.data, buffer, len);
409 receive_packet(c->node, &outpkt);
412 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
413 if(!n->status.validkey) {
414 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
415 if(!n->status.waitingforkey)
417 else if(n->last_req_key + 10 < time(NULL)) {
418 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
419 sptps_stop(&n->sptps);
420 n->status.waitingforkey = false;
429 if(!(origpkt->data[12] | origpkt->data[13])) {
430 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
434 if(routing_mode == RMODE_ROUTER)
439 if(origpkt->len < offset)
444 if(n->outcompression) {
445 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
447 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
448 } else if(len < origpkt->len - offset) {
449 outpkt.len = len + offset;
451 type |= PKT_COMPRESSED;
455 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
459 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
464 /* If the UDP address is confirmed, use it. */
465 if(n->status.udp_confirmed)
468 /* Send every third packet to n->address; that could be set
469 to the node's reflexive UDP address discovered during key
478 /* Otherwise, address are found in edges to this node.
479 So we pick a random edge and a random socket. */
482 int j = rand() % n->edge_tree->count;
483 edge_t *candidate = NULL;
485 for splay_each(edge_t, e, n->edge_tree) {
487 candidate = e->reverse;
493 *sa = &candidate->address;
494 *sock = rand() % listen_sockets;
497 /* Make sure we have a suitable socket for the chosen address */
498 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
499 for(int i = 0; i < listen_sockets; i++) {
500 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
508 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
509 static sockaddr_t broadcast_ipv4 = {
511 .sin_family = AF_INET,
512 .sin_addr.s_addr = -1,
516 static sockaddr_t broadcast_ipv6 = {
518 .sin6_family = AF_INET6,
519 .sin6_addr.s6_addr[0x0] = 0xff,
520 .sin6_addr.s6_addr[0x1] = 0x02,
521 .sin6_addr.s6_addr[0xf] = 0x01,
525 *sock = rand() % listen_sockets;
527 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
528 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
529 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
530 *sa = &broadcast_ipv6;
532 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
533 *sa = &broadcast_ipv4;
537 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
538 vpn_packet_t pkt1, pkt2;
539 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
540 vpn_packet_t *inpkt = origpkt;
542 vpn_packet_t *outpkt;
543 int origlen = origpkt->len;
545 #if defined(SOL_IP) && defined(IP_TOS)
546 static int priority = 0;
548 int origpriority = origpkt->priority;
550 if(!n->status.reachable) {
551 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
556 return send_sptps_packet(n, origpkt);
558 /* Make sure we have a valid key */
560 if(!n->status.validkey) {
561 logger(DEBUG_TRAFFIC, LOG_INFO,
562 "No valid key known yet for %s (%s), forwarding via TCP",
563 n->name, n->hostname);
565 if(n->last_req_key + 10 <= now.tv_sec) {
567 n->last_req_key = now.tv_sec;
570 send_tcppacket(n->nexthop->connection, origpkt);
575 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
576 logger(DEBUG_TRAFFIC, LOG_INFO,
577 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
578 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
581 send_packet(n->nexthop, origpkt);
583 send_tcppacket(n->nexthop->connection, origpkt);
588 /* Compress the packet */
590 if(n->outcompression) {
591 outpkt = pkt[nextpkt++];
593 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
594 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
595 n->name, n->hostname);
602 /* Add sequence number */
604 inpkt->seqno = htonl(++(n->sent_seqno));
605 inpkt->len += sizeof inpkt->seqno;
607 /* Encrypt the packet */
609 if(cipher_active(&n->outcipher)) {
610 outpkt = pkt[nextpkt++];
613 if(!cipher_encrypt(&n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
614 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
618 outpkt->len = outlen;
622 /* Add the message authentication code */
624 if(digest_active(&n->outdigest)) {
625 digest_create(&n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
626 inpkt->len += digest_length(&n->outdigest);
629 /* Send the packet */
631 const sockaddr_t *sa;
634 /* Overloaded use of priority field: -1 means local broadcast */
636 if(origpriority == -1 && n->prevedge)
637 choose_broadcast_address(n, &sa, &sock);
639 choose_udp_address(n, &sa, &sock);
641 #if defined(SOL_IP) && defined(IP_TOS)
642 if(priorityinheritance && origpriority != priority
643 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
644 priority = origpriority;
645 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
646 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
647 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
651 if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
652 if(sockmsgsize(sockerrno)) {
653 if(n->maxmtu >= origlen)
654 n->maxmtu = origlen - 1;
655 if(n->mtu >= origlen)
656 n->mtu = origlen - 1;
658 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
662 origpkt->len = origlen;
665 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
668 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
670 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
671 char buf[len * 4 / 3 + 5];
672 b64encode(data, buf, len);
673 /* If no valid key is known yet, send the packets using ANS_KEY requests,
674 to ensure we get to learn the reflexive UDP address. */
675 if(!to->status.validkey)
676 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
678 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
681 /* Otherwise, send the packet via UDP */
683 const sockaddr_t *sa;
686 choose_udp_address(to, &sa, &sock);
688 if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
689 if(sockmsgsize(sockerrno)) {
690 if(to->maxmtu >= len)
691 to->maxmtu = len - 1;
695 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
703 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
704 node_t *from = handle;
706 if(type == SPTPS_HANDSHAKE) {
707 if(!from->status.validkey) {
708 from->status.validkey = true;
709 from->status.waitingforkey = false;
710 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
716 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
722 if(type == PKT_PROBE) {
724 memcpy(inpkt.data, data, len);
725 mtu_probe_h(from, &inpkt, len);
729 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
730 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
734 /* Check if we have the headers we need */
735 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
736 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
738 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
739 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
742 int offset = (type & PKT_MAC) ? 0 : 14;
743 if(type & PKT_COMPRESSED) {
744 length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
748 inpkt.len = ulen + offset;
750 if(inpkt.len > MAXSIZE)
753 memcpy(inpkt.data + offset, data, len);
754 inpkt.len = len + offset;
757 /* Generate the Ethernet packet type if necessary */
759 switch(inpkt.data[14] >> 4) {
761 inpkt.data[12] = 0x08;
762 inpkt.data[13] = 0x00;
765 inpkt.data[12] = 0x86;
766 inpkt.data[13] = 0xDD;
769 logger(DEBUG_TRAFFIC, LOG_ERR,
770 "Unknown IP version %d while reading packet from %s (%s)",
771 inpkt.data[14] >> 4, from->name, from->hostname);
776 receive_packet(from, &inpkt);
781 send a packet to the given vpn ip.
783 void send_packet(node_t *n, vpn_packet_t *packet) {
788 memcpy(packet->data, mymac.x, ETH_ALEN);
790 n->out_bytes += packet->len;
791 devops.write(packet);
795 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
796 packet->len, n->name, n->hostname);
798 if(!n->status.reachable) {
799 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
800 n->name, n->hostname);
805 n->out_bytes += packet->len;
807 if(n->status.sptps) {
808 send_sptps_packet(n, packet);
812 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
815 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
816 n->name, via->name, n->via->hostname);
818 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
819 if(!send_tcppacket(via->connection, packet))
820 terminate_connection(via->connection, true);
822 send_udppacket(via, packet);
825 /* Broadcast a packet using the minimum spanning tree */
827 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
828 // Always give ourself a copy of the packet.
830 send_packet(myself, packet);
832 // In TunnelServer mode, do not forward broadcast packets.
833 // The MST might not be valid and create loops.
834 if(tunnelserver || broadcast_mode == BMODE_NONE)
837 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
838 packet->len, from->name, from->hostname);
840 switch(broadcast_mode) {
841 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
842 // This guarantees all nodes receive the broadcast packet, and
843 // usually distributes the sending of broadcast packets over all nodes.
845 for list_each(connection_t, c, connection_list)
846 if(c->status.active && c->status.mst && c != from->nexthop->connection)
847 send_packet(c->node, packet);
850 // In direct mode, we send copies to each node we know of.
851 // However, this only reaches nodes that can be reached in a single hop.
852 // We don't have enough information to forward broadcast packets in this case.
857 for splay_each(node_t, n, node_tree)
858 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
859 send_packet(n, packet);
867 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
870 static time_t last_hard_try = 0;
872 for splay_each(edge_t, e, edge_weight_tree) {
873 if(!e->to->status.reachable || e->to == myself)
876 if(sockaddrcmp_noport(from, &e->address)) {
877 if(last_hard_try == now.tv_sec)
882 if(!try_mac(e->to, pkt))
890 last_hard_try = now.tv_sec;
892 last_hard_try = now.tv_sec;
896 void handle_incoming_vpn_data(void *data, int flags) {
897 listen_socket_t *ls = data;
900 sockaddr_t from = {{0}};
901 socklen_t fromlen = sizeof from;
905 len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
907 if(len <= 0 || len > MAXSIZE) {
908 if(!sockwouldblock(sockerrno))
909 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
915 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
917 n = lookup_node_udp(&from);
920 n = try_harder(&from, &pkt);
922 update_node_udp(n, &from);
923 else if(debug_level >= DEBUG_PROTOCOL) {
924 hostname = sockaddr2hostname(&from);
925 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
933 n->sock = ls - listen_socket;
935 receive_udppacket(n, &pkt);
938 void handle_device_data(void *data, int flags) {
943 if(devops.read(&packet)) {
944 myself->in_packets++;
945 myself->in_bytes += packet.len;
946 route(myself, &packet);