From 9fed0ec34b9208611a7e96a595f23fa04e60a5c0 Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon, 1 Mar 2010 23:44:56 +0100
Subject: [PATCH] Preload all Subnets in TunnelServer mode.
This simplifies the logic in protocol_subnet.c.
---
src/connection.c | 4 +--
src/net_setup.c | 62 +++++++++++++++++++++++++++++++++++++++++++
src/protocol_subnet.c | 34 +++++++-----------------
3 files changed, 73 insertions(+), 27 deletions(-)
diff --git a/src/connection.c b/src/connection.c
index 9a26ec9..6229e79 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -130,11 +130,11 @@ void dump_connections(void) {
bool read_connection_config(connection_t *c) {
char *fname;
- int x;
+ bool x;
xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
x = read_config_file(c->config_tree, fname);
free(fname);
- return x == 0;
+ return x;
}
diff --git a/src/net_setup.c b/src/net_setup.c
index 6360c59..cad84cc 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -201,6 +201,65 @@ bool read_rsa_private_key(void) {
return true;
}
+/*
+ Read Subnets from all host config files
+*/
+static void load_all_subnets(void) {
+ DIR *dir;
+ struct dirent *ent;
+ char *dname;
+ char *fname;
+ avl_tree_t *config_tree;
+ config_t *cfg;
+ subnet_t *s;
+ node_t *n;
+ bool result;
+
+ xasprintf(&dname, "%s/hosts", confbase);
+ dir = opendir(dname);
+ if(!dir) {
+ logger(LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
+ free(dname);
+ return;
+ }
+
+ while((ent = readdir(dir))) {
+ if(!check_id(ent->d_name))
+ continue;
+
+ n = lookup_node(ent->d_name);
+ if(n)
+ continue;
+
+ #ifdef _DIRENT_HAVE_D_TYPE
+ //if(ent->d_type != DT_REG)
+ // continue;
+ #endif
+
+ xasprintf(&fname, "%s/hosts/%s", confbase, ent->d_name);
+ init_configuration(&config_tree);
+ result = read_config_file(config_tree, fname);
+ free(fname);
+ if(!result)
+ continue;
+
+ n = new_node();
+ n->name = xstrdup(ent->d_name);
+ node_add(n);
+
+ for(cfg = lookup_config(config_tree, "Subnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
+ if(!get_config_subnet(cfg, &s))
+ continue;
+
+ subnet_add(n, s);
+ }
+
+ exit_configuration(&config_tree);
+ }
+
+ closedir(dir);
+}
+
/*
Configure node_t myself and set up the local sockets (listen only)
*/
@@ -426,6 +485,9 @@ bool setup_myself(void) {
graph();
+ if(tunnelserver)
+ load_all_subnets();
+
/* Open device */
if(!setup_device())
diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c
index ba75c89..7098e2a 100644
--- a/src/protocol_subnet.c
+++ b/src/protocol_subnet.c
@@ -104,29 +104,12 @@ bool add_subnet_h(connection_t *c) {
return true;
}
- /* In tunnel server mode, check if the subnet matches one in the config file of this node */
+ /* In tunnel server mode, we should already know all allowed subnets */
if(tunnelserver) {
- config_t *cfg;
- subnet_t *allowed;
-
- for(cfg = lookup_config(c->config_tree, "Subnet"); cfg; cfg = lookup_config_next(c->config_tree, cfg)) {
- if(!get_config_subnet(cfg, &allowed))
- continue;
-
- if(!subnet_compare(&s, allowed))
- break;
-
- free_subnet(allowed);
- }
-
- if(!cfg) {
- logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s",
- "ADD_SUBNET", c->name, c->hostname, subnetstr);
- return true;
- }
-
- free_subnet(allowed);
+ logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s",
+ "ADD_SUBNET", c->name, c->hostname, subnetstr);
+ return true;
}
/* If everything is correct, add the subnet to the list of the owner */
@@ -139,8 +122,7 @@ bool add_subnet_h(connection_t *c) {
/* Tell the rest */
- if(!tunnelserver)
- forward_request(c);
+ forward_request(c);
/* Fast handoff of roaming MAC addresses */
@@ -228,10 +210,12 @@ bool del_subnet_h(connection_t *c) {
return true;
}
+ if(tunnelserver)
+ return true;
+
/* Tell the rest */
- if(!tunnelserver)
- forward_request(c);
+ forward_request(c);
/* Finally, delete it. */
--
2.25.1