2 net.c -- most of the network code
3 Copyright (C) 1998-2001 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000,2001 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.118 2001/07/04 08:41:36 guus Exp $
28 #include <netinet/in.h>
30 #include <netinet/ip.h>
31 #include <netinet/tcp.h>
36 #include <sys/signal.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 /* SunOS really wants sys/socket.h BEFORE net/if.h,
43 and FreeBSD wants these lines below the rest. */
44 #include <arpa/inet.h>
45 #include <sys/socket.h>
48 #include <openssl/rand.h>
49 #include <openssl/evp.h>
50 #include <openssl/pem.h>
52 #ifndef HAVE_RAND_PSEUDO_BYTES
53 #define RAND_pseudo_bytes RAND_bytes
57 #include LINUX_IF_TUN_H
66 #include "connection.h"
79 int taptype = TAP_TYPE_ETHERTAP;
81 int total_tap_out = 0;
82 int total_socket_in = 0;
83 int total_socket_out = 0;
85 config_t *upstreamcfg;
86 int seconds_till_retry = 5;
91 void send_udppacket(connection_t *cl, vpn_packet_t *inpkt)
96 struct sockaddr_in to;
97 socklen_t tolen = sizeof(to);
100 if(!cl->status.validkey)
102 if(debug_lvl >= DEBUG_TRAFFIC)
103 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
104 cl->name, cl->hostname);
106 /* Since packet is on the stack of handle_tap_input(),
107 we have to make a copy of it first. */
109 copy = xmalloc(sizeof(vpn_packet_t));
110 memcpy(copy, inpkt, sizeof(vpn_packet_t));
112 list_insert_tail(cl->queue, copy);
114 if(!cl->status.waitingforkey)
115 send_req_key(myself, cl);
119 /* Encrypt the packet. */
121 RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt));
123 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
124 EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt));
125 EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad);
128 total_socket_out += outlen;
130 to.sin_family = AF_INET;
131 to.sin_addr.s_addr = htonl(cl->address);
132 to.sin_port = htons(cl->port);
134 if((sendto(myself->socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
136 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
137 cl->name, cl->hostname);
143 void receive_packet(connection_t *cl, vpn_packet_t *packet)
146 if(debug_lvl >= DEBUG_TRAFFIC)
147 syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, cl->name, cl->hostname);
149 route_incoming(cl, packet);
153 void receive_udppacket(connection_t *cl, vpn_packet_t *inpkt)
159 /* Decrypt the packet */
161 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
162 EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len);
163 EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad);
165 outpkt.len = outlen - sizeof(outpkt.salt);
167 total_socket_in += outlen;
169 receive_packet(cl, &outpkt);
173 void receive_tcppacket(connection_t *cl, char *buffer, int len)
178 memcpy(outpkt.data, buffer, len);
180 receive_packet(cl, &outpkt);
184 void accept_packet(vpn_packet_t *packet)
187 if(debug_lvl >= DEBUG_TRAFFIC)
188 syslog(LOG_DEBUG, _("Writing packet of %d bytes to tap device"),
191 if(taptype == TAP_TYPE_TUNTAP)
193 if(write(tap_fd, packet->data, packet->len) < 0)
194 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
196 total_tap_out += packet->len;
200 if(write(tap_fd, packet->data - 2, packet->len + 2) < 0)
201 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
203 total_tap_out += packet->len;
209 send a packet to the given vpn ip.
211 void send_packet(connection_t *cl, vpn_packet_t *packet)
214 if(debug_lvl >= DEBUG_TRAFFIC)
215 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
216 packet->len, cl->name, cl->hostname);
220 if(debug_lvl >= DEBUG_TRAFFIC)
222 syslog(LOG_NOTICE, _("Packet is looping back to us!"));
228 if(!cl->status.active)
230 if(debug_lvl >= DEBUG_TRAFFIC)
231 syslog(LOG_INFO, _("%s (%s) is not active, dropping packet"),
232 cl->name, cl->hostname);
237 /* Check if it has to go via TCP or UDP... */
239 if((cl->options | myself->options) & OPTION_TCPONLY)
241 if(send_tcppacket(cl, packet))
242 terminate_connection(cl);
245 send_udppacket(cl, packet);
248 /* Broadcast a packet to all active connections */
250 void broadcast_packet(connection_t *from, vpn_packet_t *packet)
255 if(debug_lvl >= DEBUG_TRAFFIC)
256 syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"),
257 packet->len, from->name, from->hostname);
259 for(node = connection_tree->head; node; node = node->next)
261 cl = (connection_t *)node->data;
262 if(cl->status.meta && cl != from)
263 send_packet(cl, packet);
268 void flush_queue(connection_t *cl)
270 list_node_t *node, *next;
272 if(debug_lvl >= DEBUG_TRAFFIC)
273 syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname);
275 for(node = cl->queue->head; node; node = next)
278 send_udppacket(cl, (vpn_packet_t *)node->data);
279 list_delete_node(cl->queue, node);
285 open the local ethertap device
287 int setup_tap_fd(void)
290 const char *tapfname;
299 if((cfg = get_config_val(config, config_tapdevice)))
300 tapfname = cfg->data.ptr;
305 tapfname = "/dev/net/tun";
307 tapfname = "/dev/tap0";
311 tapfname = "/dev/tap0";
314 tapfname = "/dev/tun";
318 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
320 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
326 taptype = TAP_TYPE_ETHERTAP;
328 /* Set default MAC address for ethertap devices */
330 mymac.type = SUBNET_MAC;
331 mymac.net.mac.address.x[0] = 0xfe;
332 mymac.net.mac.address.x[1] = 0xfd;
333 mymac.net.mac.address.x[2] = 0x00;
334 mymac.net.mac.address.x[3] = 0x00;
335 mymac.net.mac.address.x[4] = 0x00;
336 mymac.net.mac.address.x[5] = 0x00;
340 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
341 memset(&ifr, 0, sizeof(ifr));
343 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
345 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
347 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
349 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
350 taptype = TAP_TYPE_TUNTAP;
354 taptype = TAP_TYPE_TUNTAP;
361 set up the socket that we listen on for incoming
364 int setup_listen_meta_socket(int port)
367 struct sockaddr_in a;
371 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
373 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
377 flags = fcntl(nfd, F_GETFL);
378 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
381 syslog(LOG_ERR, _("System call `%s' failed: %m"),
386 /* Optimize TCP settings */
389 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
390 setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option));
392 setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option));
394 option = IPTOS_LOWDELAY;
395 setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option));
397 if((cfg = get_config_val(config, config_interface)))
399 if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, cfg->data.ptr, strlen(cfg->data.ptr)))
402 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
408 memset(&a, 0, sizeof(a));
409 a.sin_family = AF_INET;
410 a.sin_port = htons(port);
412 if((cfg = get_config_val(config, config_interfaceip)))
413 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
415 a.sin_addr.s_addr = htonl(INADDR_ANY);
417 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
420 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
427 syslog(LOG_ERR, _("System call `%s' failed: %m"),
436 setup the socket for incoming encrypted
439 int setup_vpn_in_socket(int port)
442 struct sockaddr_in a;
445 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
448 syslog(LOG_ERR, _("Creating socket failed: %m"));
452 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
454 flags = fcntl(nfd, F_GETFL);
455 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
458 syslog(LOG_ERR, _("System call `%s' failed: %m"),
463 memset(&a, 0, sizeof(a));
464 a.sin_family = AF_INET;
465 a.sin_port = htons(port);
466 a.sin_addr.s_addr = htonl(INADDR_ANY);
468 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
471 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
479 setup an outgoing meta (tcp) socket
481 int setup_outgoing_meta_socket(connection_t *cl)
484 struct sockaddr_in a;
488 if(debug_lvl >= DEBUG_CONNECTIONS)
489 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
491 if((cfg = get_config_val(cl->config, config_port)) == NULL)
494 cl->port = cfg->data.val;
496 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
497 if(cl->meta_socket == -1)
499 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
500 cl->hostname, cl->port);
504 /* Bind first to get a fix on our source port */
506 a.sin_family = AF_INET;
507 a.sin_port = htons(0);
508 a.sin_addr.s_addr = htonl(INADDR_ANY);
510 if(bind(cl->meta_socket, (struct sockaddr *)&a, sizeof(struct sockaddr)))
512 close(cl->meta_socket);
513 syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind");
517 /* Optimize TCP settings */
520 setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option));
522 setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option));
524 option = IPTOS_LOWDELAY;
525 setsockopt(cl->meta_socket, SOL_IP, IP_TOS, &option, sizeof(option));
529 a.sin_family = AF_INET;
530 a.sin_port = htons(cl->port);
531 a.sin_addr.s_addr = htonl(cl->address);
533 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
535 close(cl->meta_socket);
536 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
540 flags = fcntl(cl->meta_socket, F_GETFL);
541 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
543 close(cl->meta_socket);
544 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
545 cl->hostname, cl->port);
549 if(debug_lvl >= DEBUG_CONNECTIONS)
550 syslog(LOG_INFO, _("Connected to %s port %hd"),
551 cl->hostname, cl->port);
559 Setup an outgoing meta connection.
561 int setup_outgoing_connection(char *name)
569 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
573 ncn = new_connection();
574 asprintf(&ncn->name, "%s", name);
576 if(read_host_config(ncn))
578 syslog(LOG_ERR, _("Error reading host configuration file for %s"), ncn->name);
579 free_connection(ncn);
583 if(!(cfg = get_config_val(ncn->config, config_address)))
585 syslog(LOG_ERR, _("No address specified for %s"), ncn->name);
586 free_connection(ncn);
590 if(!(h = gethostbyname(cfg->data.ptr)))
592 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
593 free_connection(ncn);
597 ncn->address = ntohl(*((ipv4_t*)(h->h_addr_list[0])));
598 ncn->hostname = hostlookup(htonl(ncn->address));
600 if(setup_outgoing_meta_socket(ncn) < 0)
602 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
604 free_connection(ncn);
608 ncn->status.outgoing = 1;
609 ncn->buffer = xmalloc(MAXBUFSIZE);
611 ncn->last_ping_time = time(NULL);
620 int read_rsa_public_key(connection_t *cl)
628 cl->rsa_key = RSA_new();
630 /* First, check for simple PublicKey statement */
632 if((cfg = get_config_val(cl->config, config_publickey)))
634 BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
635 BN_hex2bn(&cl->rsa_key->e, "FFFF");
639 /* Else, check for PublicKeyFile statement and read it */
641 if((cfg = get_config_val(cl->config, config_publickeyfile)))
643 if(is_safe_path(cfg->data.ptr))
645 if((fp = fopen(cfg->data.ptr, "r")) == NULL)
647 syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
651 result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
655 syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"),
665 /* Else, check if a harnessed public key is in the config file */
667 asprintf(&fname, "%s/hosts/%s", confbase, cl->name);
668 if((fp = fopen(fname, "r")))
670 result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
679 /* Nothing worked. */
681 syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
686 int read_rsa_private_key(void)
693 myself->rsa_key = RSA_new();
695 if((cfg = get_config_val(config, config_privatekey)))
697 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
698 BN_hex2bn(&myself->rsa_key->e, "FFFF");
700 else if((cfg = get_config_val(config, config_privatekeyfile)))
702 if((fp = fopen(cfg->data.ptr, "r")) == NULL)
704 syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
708 result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL);
712 syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
719 syslog(LOG_ERR, _("No private key for tinc daemon specified!"));
727 Configure connection_t myself and set up the local sockets (listen only)
729 int setup_myself(void)
735 myself = new_connection();
737 asprintf(&myself->hostname, _("MYSELF"));
739 myself->protocol_version = PROT_CURRENT;
741 if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */
743 syslog(LOG_ERR, _("Name for tinc daemon required!"));
747 asprintf(&myself->name, "%s", (char*)cfg->data.val);
749 if(check_id(myself->name))
751 syslog(LOG_ERR, _("Invalid name for myself!"));
755 if(read_rsa_private_key())
758 if(read_host_config(myself))
760 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
764 if(read_rsa_public_key(myself))
769 if(RSA_check_key(myself->rsa_key) != 1)
771 syslog(LOG_ERR, _("Invalid public/private keypair!"));
775 if(!(cfg = get_config_val(myself->config, config_port)))
778 myself->port = cfg->data.val;
780 /* Read in all the subnets specified in the host configuration file */
782 for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next)
785 net->type = SUBNET_IPV4;
786 net->net.ipv4.address = cfg->data.ip->address;
787 net->net.ipv4.mask = cfg->data.ip->mask;
789 /* Teach newbies what subnets are... */
791 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
793 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
797 subnet_add(myself, net);
801 /* Check some options */
803 if((cfg = get_config_val(config, config_indirectdata)))
804 if(cfg->data.val == stupid_true)
805 myself->options |= OPTION_INDIRECT;
807 if((cfg = get_config_val(config, config_tcponly)))
808 if(cfg->data.val == stupid_true)
809 myself->options |= OPTION_TCPONLY;
811 if((cfg = get_config_val(myself->config, config_indirectdata)))
812 if(cfg->data.val == stupid_true)
813 myself->options |= OPTION_INDIRECT;
815 if((cfg = get_config_val(myself->config, config_tcponly)))
816 if(cfg->data.val == stupid_true)
817 myself->options |= OPTION_TCPONLY;
819 if(myself->options & OPTION_TCPONLY)
820 myself->options |= OPTION_INDIRECT;
822 if((cfg = get_config_val(config, config_mode)))
824 if(!strcasecmp(cfg->data.ptr, "router"))
825 routing_mode = RMODE_ROUTER;
826 else if (!strcasecmp(cfg->data.ptr, "switch"))
827 routing_mode = RMODE_SWITCH;
828 else if (!strcasecmp(cfg->data.ptr, "hub"))
829 routing_mode = RMODE_HUB;
832 syslog(LOG_ERR, _("Invalid routing mode!"));
837 routing_mode = RMODE_ROUTER;
842 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
844 syslog(LOG_ERR, _("Unable to set up a listening TCP socket!"));
848 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
850 syslog(LOG_ERR, _("Unable to set up a listening UDP socket!"));
854 /* Generate packet encryption key */
856 myself->cipher_pkttype = EVP_bf_cbc();
858 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
860 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
861 RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
863 if(!(cfg = get_config_val(config, config_keyexpire)))
866 keylifetime = cfg->data.val;
868 keyexpires = time(NULL) + keylifetime;
871 /* Activate ourselves */
873 myself->status.active = 1;
875 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
881 sigalrm_handler(int a)
885 cfg = get_config_val(upstreamcfg, config_connectto);
889 if(upstreamcfg == config)
891 /* No upstream IP given, we're listen only. */
892 signal(SIGALRM, SIG_IGN);
898 /* We previously tried all the ConnectTo lines. Now wrap back to the first. */
899 cfg = get_config_val(config, config_connectto);
904 upstreamcfg = cfg->next;
905 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
907 signal(SIGALRM, SIG_IGN);
910 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
913 signal(SIGALRM, sigalrm_handler);
914 upstreamcfg = config;
915 seconds_till_retry += 5;
916 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
917 seconds_till_retry = MAXTIMEOUT;
918 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
920 alarm(seconds_till_retry);
925 setup all initial network connections
927 int setup_network_connections(void)
934 if((cfg = get_config_val(config, config_pingtimeout)) == NULL)
938 timeout = cfg->data.val;
945 if(setup_tap_fd() < 0)
948 /* Run tinc-up script to further initialize the tap interface */
949 execute_script("tinc-up");
951 if(setup_myself() < 0)
954 if(!(cfg = get_config_val(config, config_connectto)))
955 /* No upstream IP given, we're listen only. */
960 upstreamcfg = cfg->next;
961 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
963 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
968 signal(SIGALRM, sigalrm_handler);
969 upstreamcfg = config;
970 seconds_till_retry = MAXTIMEOUT;
971 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
972 alarm(seconds_till_retry);
982 close all open network connections
984 void close_network_connections(void)
989 for(node = connection_tree->head; node; node = node->next)
991 p = (connection_t *)node->data;
992 p->status.outgoing = 0;
993 p->status.active = 0;
994 terminate_connection(p);
998 if(myself->status.active)
1000 close(myself->meta_socket);
1001 free_connection(myself);
1005 execute_script("tinc-down");
1009 destroy_connection_tree();
1015 handle an incoming tcp connect call and open
1018 connection_t *create_new_connection(int sfd)
1021 struct sockaddr_in ci;
1022 int len = sizeof(ci);
1024 p = new_connection();
1026 if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0)
1028 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1034 asprintf(&p->name, _("UNKNOWN"));
1035 p->address = ntohl(ci.sin_addr.s_addr);
1036 p->hostname = hostlookup(ci.sin_addr.s_addr);
1037 p->port = htons(ci.sin_port); /* This one will be overwritten later */
1038 p->meta_socket = sfd;
1040 p->buffer = xmalloc(MAXBUFSIZE);
1042 p->last_ping_time = time(NULL);
1044 if(debug_lvl >= DEBUG_CONNECTIONS)
1045 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1046 p->hostname, htons(ci.sin_port));
1048 p->allow_request = ID;
1054 put all file descriptors in an fd_set array
1056 void build_fdset(fd_set *fs)
1063 FD_SET(myself->socket, fs);
1065 for(node = connection_tree->head; node; node = node->next)
1067 p = (connection_t *)node->data;
1069 FD_SET(p->meta_socket, fs);
1072 FD_SET(myself->meta_socket, fs);
1078 receive incoming data from the listening
1079 udp socket and write it to the ethertap
1080 device after being decrypted
1082 void handle_incoming_vpn_data(void)
1085 int x, l = sizeof(x);
1086 struct sockaddr_in from;
1087 socklen_t fromlen = sizeof(from);
1090 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1092 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1093 __FILE__, __LINE__, myself->socket);
1098 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1102 if((pkt.len = recvfrom(myself->socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0)
1104 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1108 cl = lookup_connection(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
1112 syslog(LOG_WARNING, _("Received UDP packets on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
1116 cl->last_ping_time = time(NULL);
1118 receive_udppacket(cl, &pkt);
1123 terminate a connection and notify the other
1124 end before closing the sockets
1126 void terminate_connection(connection_t *cl)
1130 avl_node_t *node, *next;
1132 if(cl->status.remove)
1135 if(debug_lvl >= DEBUG_CONNECTIONS)
1136 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1137 cl->name, cl->hostname);
1139 cl->status.remove = 1;
1144 close(cl->meta_socket);
1149 /* Find all connections that were lost because they were behind cl
1150 (the connection that was dropped). */
1152 for(node = connection_tree->head; node; node = node->next)
1154 p = (connection_t *)node->data;
1155 if(p->nexthop == cl && p != cl)
1156 terminate_connection(p);
1159 /* Inform others of termination if it was still active */
1161 if(cl->status.active)
1162 for(node = connection_tree->head; node; node = node->next)
1164 p = (connection_t *)node->data;
1165 if(p->status.meta && p->status.active && p != cl)
1166 send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */
1170 /* Remove the associated subnets */
1172 for(node = cl->subnet_tree->head; node; node = next)
1175 subnet = (subnet_t *)node->data;
1179 /* Check if this was our outgoing connection */
1181 if(cl->status.outgoing)
1183 cl->status.outgoing = 0;
1184 signal(SIGALRM, sigalrm_handler);
1185 alarm(seconds_till_retry);
1186 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
1191 cl->status.active = 0;
1196 Check if the other end is active.
1197 If we have sent packets, but didn't receive any,
1198 then possibly the other end is dead. We send a
1199 PING request over the meta connection. If the other
1200 end does not reply in time, we consider them dead
1201 and close the connection.
1203 void check_dead_connections(void)
1211 for(node = connection_tree->head; node; node = node->next)
1213 cl = (connection_t *)node->data;
1214 if(cl->status.active && cl->status.meta)
1216 if(cl->last_ping_time + timeout < now)
1218 if(cl->status.pinged)
1220 if(debug_lvl >= DEBUG_PROTOCOL)
1221 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1222 cl->name, cl->hostname);
1223 cl->status.timeout = 1;
1224 terminate_connection(cl);
1237 accept a new tcp connect and create a
1240 int handle_new_meta_connection()
1243 struct sockaddr client;
1244 int nfd, len = sizeof(client);
1246 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1248 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1252 if(!(ncn = create_new_connection(nfd)))
1256 syslog(LOG_NOTICE, _("Closed attempted connection"));
1260 connection_add(ncn);
1268 check all connections to see if anything
1269 happened on their sockets
1271 void check_network_activity(fd_set *f)
1276 if(FD_ISSET(myself->socket, f))
1277 handle_incoming_vpn_data();
1279 for(node = connection_tree->head; node; node = node->next)
1281 p = (connection_t *)node->data;
1283 if(p->status.remove)
1287 if(FD_ISSET(p->meta_socket, f))
1288 if(receive_meta(p) < 0)
1290 terminate_connection(p);
1295 if(FD_ISSET(myself->meta_socket, f))
1296 handle_new_meta_connection();
1301 read, encrypt and send data that is
1302 available through the ethertap device
1304 void handle_tap_input(void)
1309 if(taptype == TAP_TYPE_TUNTAP)
1311 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1313 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1320 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1322 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1328 total_tap_in += vp.len;
1332 if(debug_lvl >= DEBUG_TRAFFIC)
1333 syslog(LOG_WARNING, _("Received short packet from tap device"));
1337 if(debug_lvl >= DEBUG_TRAFFIC)
1339 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1342 route_outgoing(&vp);
1347 this is where it all happens...
1349 void main_loop(void)
1354 time_t last_ping_check;
1357 last_ping_check = time(NULL);
1361 tv.tv_sec = timeout;
1364 prune_connection_tree();
1367 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1369 if(errno != EINTR) /* because of alarm */
1371 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1378 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1380 close_network_connections();
1381 clear_config(&config);
1383 if(read_server_config())
1385 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1391 if(setup_network_connections())
1399 /* Let's check if everybody is still alive */
1401 if(last_ping_check + timeout < t)
1403 check_dead_connections();
1404 last_ping_check = time(NULL);
1406 /* Should we regenerate our key? */
1410 if(debug_lvl >= DEBUG_STATUS)
1411 syslog(LOG_INFO, _("Regenerating symmetric key"));
1413 RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1414 send_key_changed(myself, NULL);
1415 keyexpires = time(NULL) + keylifetime;
1421 check_network_activity(&fset);
1423 /* local tap data */
1424 if(FD_ISSET(tap_fd, &fset))
projects / oweals / tinc.git / blob