2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.67 2000/11/04 22:57:30 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 #include <openssl/rand.h>
43 #include <openssl/evp.h>
44 #include <openssl/err.h>
47 #include LINUX_IF_TUN_H
64 int taptype = TAP_TYPE_ETHERTAP;
66 int total_tap_out = 0;
67 int total_socket_in = 0;
68 int total_socket_out = 0;
70 config_t *upstreamcfg;
71 static int seconds_till_retry;
77 char *interface_name = NULL; /* Contains the name of the interface */
82 Execute the given script.
83 This function doesn't really belong here.
85 int execute_script(const char* name)
91 if((pid = fork()) < 0)
93 syslog(LOG_ERR, _("System call `%s' failed: %m"),
105 asprintf(&scriptname, "%s/%s", confbase, name);
106 asprintf(&s, "IFNAME=%s", interface_name);
112 asprintf(&s, "NETNAME=%s", netname);
121 if(chdir(confbase) < 0)
123 syslog(LOG_ERR, _("Couldn't chdir to `%s': %m"),
127 execl(scriptname, NULL);
128 /* No return on success */
130 if(errno != ENOENT) /* Ignore if the file does not exist */
131 syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname);
133 /* No need to free things */
137 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
143 outpkt.len = inpkt->len;
145 /* Encrypt the packet */
147 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
148 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
149 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
150 outlen += outpad + 2;
153 outlen = outpkt.len + 2;
154 memcpy(&outpkt, inpkt, outlen);
157 if(debug_lvl >= DEBUG_TRAFFIC)
158 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
159 outlen, cl->name, cl->hostname);
161 total_socket_out += outlen;
163 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
165 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
166 cl->name, cl->hostname);
173 int xrecv(conn_list_t *cl, vpn_packet_t *inpkt)
179 outpkt.len = inpkt->len;
181 /* Decrypt the packet */
183 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
184 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
185 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
189 outlen = outpkt.len+2;
190 memcpy(&outpkt, inpkt, outlen);
193 if(debug_lvl >= DEBUG_TRAFFIC)
194 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
197 /* Fix mac address */
199 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
201 if(taptype == TAP_TYPE_TUNTAP)
203 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
204 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
206 total_tap_out += outpkt.len;
210 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
211 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
213 total_tap_out += outpkt.len + 2;
220 add the given packet of size s to the
221 queue q, be it the send or receive queue
223 void add_queue(packet_queue_t **q, void *packet, size_t s)
227 e = xmalloc(sizeof(*e));
228 e->packet = xmalloc(s);
229 memcpy(e->packet, packet, s);
233 *q = xmalloc(sizeof(**q));
234 (*q)->head = (*q)->tail = NULL;
237 e->next = NULL; /* We insert at the tail */
239 if((*q)->tail) /* Do we have a tail? */
241 (*q)->tail->next = e;
242 e->prev = (*q)->tail;
244 else /* No tail -> no head too */
254 /* Remove a queue element */
255 void del_queue(packet_queue_t **q, queue_element_t *e)
260 if(e->next) /* There is a successor, so we are not tail */
262 if(e->prev) /* There is a predecessor, so we are not head */
264 e->next->prev = e->prev;
265 e->prev->next = e->next;
267 else /* We are head */
269 e->next->prev = NULL;
270 (*q)->head = e->next;
273 else /* We are tail (or all alone!) */
275 if(e->prev) /* We are not alone :) */
277 e->prev->next = NULL;
278 (*q)->tail = e->prev;
292 flush a queue by calling function for
293 each packet, and removing it when that
294 returned a zero exit code
296 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
297 int (*function)(conn_list_t*,vpn_packet_t*))
299 queue_element_t *p, *next = NULL;
301 for(p = (*pq)->head; p != NULL; )
305 if(!function(cl, p->packet))
311 if(debug_lvl >= DEBUG_TRAFFIC)
312 syslog(LOG_DEBUG, _("Queue flushed"));
317 flush the send&recv queues
318 void because nothing goes wrong here, packets
319 remain in the queue if something goes wrong
321 void flush_queues(conn_list_t *cl)
326 if(debug_lvl >= DEBUG_TRAFFIC)
327 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
328 cl->name, cl->hostname);
329 flush_queue(cl, &(cl->sq), xsend);
334 if(debug_lvl >= DEBUG_TRAFFIC)
335 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
336 cl->name, cl->hostname);
337 flush_queue(cl, &(cl->rq), xrecv);
343 send a packet to the given vpn ip.
345 int send_packet(ip_t to, vpn_packet_t *packet)
350 if((subnet = lookup_subnet_ipv4(to)) == NULL)
352 if(debug_lvl >= DEBUG_TRAFFIC)
354 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
365 if(debug_lvl >= DEBUG_TRAFFIC)
367 syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"),
374 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
376 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
378 /* Connections are now opened beforehand...
380 if(!cl->status.dataopen)
381 if(setup_vpn_connection(cl) < 0)
383 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
384 cl->name, cl->hostname);
389 if(!cl->status.validkey)
391 /* FIXME: Don't queue until everything else is fixed.
392 if(debug_lvl >= DEBUG_TRAFFIC)
393 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
394 cl->name, cl->hostname);
395 add_queue(&(cl->sq), packet, packet->len + 2);
397 if(!cl->status.waitingforkey)
398 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
402 if(!cl->status.active)
404 /* FIXME: Don't queue until everything else is fixed.
405 if(debug_lvl >= DEBUG_TRAFFIC)
406 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
407 cl->name, cl->hostname);
408 add_queue(&(cl->sq), packet, packet->len + 2);
410 return 0; /* We don't want to mess up, do we? */
413 /* can we send it? can we? can we? huh? */
415 return xsend(cl, packet);
419 open the local ethertap device
421 int setup_tap_fd(void)
424 const char *tapfname;
429 if((cfg = get_config_val(config, config_tapdevice)))
430 tapfname = cfg->data.ptr;
433 tapfname = "/dev/misc/net/tun";
435 tapfname = "/dev/tap0";
438 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
440 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
446 /* Set default MAC address for ethertap devices */
448 taptype = TAP_TYPE_ETHERTAP;
449 mymac.type = SUBNET_MAC;
450 mymac.net.mac.address.x[0] = 0xfe;
451 mymac.net.mac.address.x[1] = 0xfd;
452 mymac.net.mac.address.x[2] = 0x00;
453 mymac.net.mac.address.x[3] = 0x00;
454 mymac.net.mac.address.x[4] = 0x00;
455 mymac.net.mac.address.x[5] = 0x00;
458 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
459 memset(&ifr, 0, sizeof(ifr));
461 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
463 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
465 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
467 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
468 taptype = TAP_TYPE_TUNTAP;
472 /* Add name of network interface to environment (for scripts) */
474 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
475 interface_name = xmalloc(strlen(ifr.ifr_name));
476 strcpy(interface_name, ifr.ifr_name);
483 set up the socket that we listen on for incoming
486 int setup_listen_meta_socket(int port)
489 struct sockaddr_in a;
493 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
495 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
499 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
501 syslog(LOG_ERR, _("System call `%s' failed: %m"),
506 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
508 syslog(LOG_ERR, _("System call `%s' failed: %m"),
513 flags = fcntl(nfd, F_GETFL);
514 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
516 syslog(LOG_ERR, _("System call `%s' failed: %m"),
521 if((cfg = get_config_val(config, config_interface)))
523 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
525 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
530 memset(&a, 0, sizeof(a));
531 a.sin_family = AF_INET;
532 a.sin_port = htons(port);
534 if((cfg = get_config_val(config, config_interfaceip)))
535 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
537 a.sin_addr.s_addr = htonl(INADDR_ANY);
539 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
541 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
547 syslog(LOG_ERR, _("System call `%s' failed: %m"),
556 setup the socket for incoming encrypted
559 int setup_vpn_in_socket(int port)
562 struct sockaddr_in a;
565 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
567 syslog(LOG_ERR, _("Creating socket failed: %m"));
571 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
573 syslog(LOG_ERR, _("System call `%s' failed: %m"),
578 flags = fcntl(nfd, F_GETFL);
579 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
581 syslog(LOG_ERR, _("System call `%s' failed: %m"),
586 memset(&a, 0, sizeof(a));
587 a.sin_family = AF_INET;
588 a.sin_port = htons(port);
589 a.sin_addr.s_addr = htonl(INADDR_ANY);
591 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
593 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
601 setup an outgoing meta (tcp) socket
603 int setup_outgoing_meta_socket(conn_list_t *cl)
606 struct sockaddr_in a;
609 if(debug_lvl >= DEBUG_CONNECTIONS)
610 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
612 if((cfg = get_config_val(cl->config, config_port)) == NULL)
615 cl->port = cfg->data.val;
617 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
618 if(cl->meta_socket == -1)
620 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
621 cl->hostname, cl->port);
625 a.sin_family = AF_INET;
626 a.sin_port = htons(cl->port);
627 a.sin_addr.s_addr = htonl(cl->address);
629 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
631 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
635 flags = fcntl(cl->meta_socket, F_GETFL);
636 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
638 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
639 cl->hostname, cl->port);
643 if(debug_lvl >= DEBUG_CONNECTIONS)
644 syslog(LOG_INFO, _("Connected to %s port %hd"),
645 cl->hostname, cl->port);
653 setup an outgoing connection. It's not
654 necessary to also open an udp socket as
655 well, because the other host will initiate
656 an authentication sequence during which
657 we will do just that.
659 int setup_outgoing_connection(char *name)
667 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
671 ncn = new_conn_list();
672 asprintf(&ncn->name, "%s", name);
674 if(read_host_config(ncn))
676 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
681 if(!(cfg = get_config_val(ncn->config, config_address)))
683 syslog(LOG_ERR, _("No address specified for %s"));
688 if(!(h = gethostbyname(cfg->data.ptr)))
690 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
695 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
696 ncn->hostname = hostlookup(htonl(ncn->address));
698 if(setup_outgoing_meta_socket(ncn) < 0)
700 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
706 ncn->status.outgoing = 1;
707 ncn->buffer = xmalloc(MAXBUFSIZE);
709 ncn->last_ping_time = time(NULL);
719 Configure conn_list_t myself and set up the local sockets (listen only)
721 int setup_myself(void)
727 myself = new_conn_list();
729 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
731 myself->protocol_version = PROT_CURRENT;
733 if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */
735 syslog(LOG_ERR, _("Name for tinc daemon required!"));
739 asprintf(&myself->name, "%s", (char*)cfg->data.val);
741 if(check_id(myself->name))
743 syslog(LOG_ERR, _("Invalid name for myself!"));
747 if(!(cfg = get_config_val(config, config_privatekey)))
749 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
754 myself->rsa_key = RSA_new();
755 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
756 BN_hex2bn(&myself->rsa_key->e, "FFFF");
759 if(read_host_config(myself))
761 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
765 if(!(cfg = get_config_val(myself->config, config_publickey)))
767 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
772 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
775 if(RSA_check_key(myself->rsa_key) != 1)
777 syslog(LOG_ERR, _("Invalid public/private keypair!"));
781 if(!(cfg = get_config_val(myself->config, config_port)))
784 myself->port = cfg->data.val;
786 if((cfg = get_config_val(myself->config, config_indirectdata)))
787 if(cfg->data.val == stupid_true)
788 myself->flags |= EXPORTINDIRECTDATA;
790 if((cfg = get_config_val(myself->config, config_tcponly)))
791 if(cfg->data.val == stupid_true)
792 myself->flags |= TCPONLY;
794 /* Read in all the subnets specified in the host configuration file */
796 for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next)
799 net->type = SUBNET_IPV4;
800 net->net.ipv4.address = cfg->data.ip->address;
801 net->net.ipv4.mask = cfg->data.ip->mask;
803 /* Teach newbies what subnets are... */
805 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
807 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
811 subnet_add(myself, net);
814 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
816 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
820 /* Generate packet encryption key */
822 myself->cipher_pkttype = EVP_bf_cfb();
824 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
826 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
827 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
829 if(!(cfg = get_config_val(config, config_keyexpire)))
832 keylifetime = cfg->data.val;
834 keyexpires = time(NULL) + keylifetime;
836 /* Activate ourselves */
838 myself->status.active = 1;
840 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
846 sigalrm_handler(int a)
850 cfg = get_config_val(upstreamcfg, config_connectto);
852 if(!cfg && upstreamcfg == config)
853 /* No upstream IP given, we're listen only. */
858 upstreamcfg = cfg->next;
859 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
861 signal(SIGALRM, SIG_IGN);
864 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
867 signal(SIGALRM, sigalrm_handler);
868 upstreamcfg = config;
869 seconds_till_retry += 5;
870 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
871 seconds_till_retry = MAXTIMEOUT;
872 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
874 alarm(seconds_till_retry);
879 setup all initial network connections
881 int setup_network_connections(void)
885 if((cfg = get_config_val(config, config_pingtimeout)) == NULL)
889 timeout = cfg->data.val;
896 if(setup_tap_fd() < 0)
899 if(setup_myself() < 0)
902 /* Run tinc-up script to further initialize the tap interface */
903 execute_script("tinc-up");
905 if(!(cfg = get_config_val(config, config_connectto)))
906 /* No upstream IP given, we're listen only. */
911 upstreamcfg = cfg->next;
912 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
914 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
917 signal(SIGALRM, sigalrm_handler);
918 upstreamcfg = config;
919 seconds_till_retry = MAXTIMEOUT;
920 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
921 alarm(seconds_till_retry);
927 close all open network connections
929 void close_network_connections(void)
933 for(p = conn_list; p != NULL; p = p->next)
935 p->status.active = 0;
936 terminate_connection(p);
940 if(myself->status.active)
942 close(myself->meta_socket);
943 free_conn_list(myself);
949 /* Execute tinc-down script right after shutting down the interface */
950 execute_script("tinc-down");
954 syslog(LOG_NOTICE, _("Terminating"));
960 create a data (udp) socket
962 int setup_vpn_connection(conn_list_t *cl)
965 struct sockaddr_in a;
968 if(debug_lvl >= DEBUG_TRAFFIC)
969 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
971 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
974 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
978 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
980 syslog(LOG_ERR, _("System call `%s' failed: %m"),
985 flags = fcntl(nfd, F_GETFL);
986 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
988 syslog(LOG_ERR, _("System call `%s' failed: %m"),
993 memset(&a, 0, sizeof(a));
994 a.sin_family = AF_INET;
995 a.sin_port = htons(myself->port);
996 a.sin_addr.s_addr = htonl(INADDR_ANY);
998 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
1000 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port);
1004 a.sin_family = AF_INET;
1005 a.sin_port = htons(cl->port);
1006 a.sin_addr.s_addr = htonl(cl->address);
1008 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
1010 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
1011 cl->hostname, cl->port);
1015 flags = fcntl(nfd, F_GETFL);
1016 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
1018 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
1019 cl->name, cl->hostname);
1024 cl->status.dataopen = 1;
1030 handle an incoming tcp connect call and open
1033 conn_list_t *create_new_connection(int sfd)
1036 struct sockaddr_in ci;
1037 int len = sizeof(ci);
1039 p = new_conn_list();
1041 if(getpeername(sfd, &ci, &len) < 0)
1043 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1049 p->address = ntohl(ci.sin_addr.s_addr);
1050 p->hostname = hostlookup(ci.sin_addr.s_addr);
1051 p->meta_socket = sfd;
1053 p->buffer = xmalloc(MAXBUFSIZE);
1055 p->last_ping_time = time(NULL);
1057 if(debug_lvl >= DEBUG_CONNECTIONS)
1058 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1059 p->hostname, htons(ci.sin_port));
1061 p->allow_request = ID;
1067 put all file descriptors in an fd_set array
1069 void build_fdset(fd_set *fs)
1075 for(p = conn_list; p != NULL; p = p->next)
1078 FD_SET(p->meta_socket, fs);
1079 if(p->status.dataopen)
1080 FD_SET(p->socket, fs);
1083 FD_SET(myself->meta_socket, fs);
1089 receive incoming data from the listening
1090 udp socket and write it to the ethertap
1091 device after being decrypted
1093 int handle_incoming_vpn_data(conn_list_t *cl)
1096 int x, l = sizeof(x);
1099 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1101 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1102 __FILE__, __LINE__, cl->socket);
1107 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1111 if((lenin = recv(cl->socket, (char *) &(pkt.len), MTU, 0)) <= 0)
1113 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1117 if(debug_lvl >= DEBUG_TRAFFIC)
1119 syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin,
1120 cl->name, cl->hostname);
1124 return xrecv(cl, &pkt);
1128 terminate a connection and notify the other
1129 end before closing the sockets
1131 void terminate_connection(conn_list_t *cl)
1136 if(cl->status.remove)
1139 cl->status.remove = 1;
1141 if(debug_lvl >= DEBUG_CONNECTIONS)
1142 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1143 cl->name, cl->hostname);
1148 close(cl->meta_socket);
1151 /* Find all connections that were lost because they were behind cl
1152 (the connection that was dropped). */
1155 for(p = conn_list; p != NULL; p = p->next)
1156 if((p->nexthop == cl) && (p != cl))
1157 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1159 /* Inform others of termination if it was still active */
1161 if(cl->status.active)
1162 for(p = conn_list; p != NULL; p = p->next)
1163 if(p->status.meta && p->status.active && p!=cl)
1164 send_del_host(p, cl);
1166 /* Remove the associated subnets */
1168 for(s = cl->subnets; s; s = s->next)
1171 /* Check if this was our outgoing connection */
1173 if(cl->status.outgoing && cl->status.active)
1175 signal(SIGALRM, sigalrm_handler);
1176 seconds_till_retry = 5;
1177 alarm(seconds_till_retry);
1178 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1183 cl->status.active = 0;
1188 Check if the other end is active.
1189 If we have sent packets, but didn't receive any,
1190 then possibly the other end is dead. We send a
1191 PING request over the meta connection. If the other
1192 end does not reply in time, we consider them dead
1193 and close the connection.
1195 int check_dead_connections(void)
1201 for(p = conn_list; p != NULL; p = p->next)
1203 if(p->status.active && p->status.meta)
1205 if(p->last_ping_time + timeout < now)
1207 if(p->status.pinged)
1209 if(debug_lvl >= DEBUG_PROTOCOL)
1210 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1211 p->name, p->hostname);
1212 p->status.timeout = 1;
1213 terminate_connection(p);
1227 accept a new tcp connect and create a
1230 int handle_new_meta_connection()
1233 struct sockaddr client;
1234 int nfd, len = sizeof(client);
1236 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1238 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1242 if(!(ncn = create_new_connection(nfd)))
1246 syslog(LOG_NOTICE, _("Closed attempted connection"));
1256 check all connections to see if anything
1257 happened on their sockets
1259 void check_network_activity(fd_set *f)
1263 for(p = conn_list; p != NULL; p = p->next)
1265 if(p->status.remove)
1268 if(p->status.dataopen)
1269 if(FD_ISSET(p->socket, f))
1271 handle_incoming_vpn_data(p);
1273 /* Old error stuff (FIXME: copy this to handle_incoming_vpn_data()
1275 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1276 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1277 p->name, p->hostname, strerror(x));
1278 terminate_connection(p);
1284 if(FD_ISSET(p->meta_socket, f))
1285 if(receive_meta(p) < 0)
1287 terminate_connection(p);
1292 if(FD_ISSET(myself->meta_socket, f))
1293 handle_new_meta_connection();
1298 read, encrypt and send data that is
1299 available through the ethertap device
1301 void handle_tap_input(void)
1306 if(taptype == TAP_TYPE_TUNTAP)
1308 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1310 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1317 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1319 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1325 total_tap_in += lenin;
1329 if(debug_lvl >= DEBUG_TRAFFIC)
1330 syslog(LOG_WARNING, _("Received short packet from tap device"));
1334 if(debug_lvl >= DEBUG_TRAFFIC)
1336 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1339 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1344 this is where it all happens...
1346 void main_loop(void)
1351 time_t last_ping_check;
1354 last_ping_check = time(NULL);
1358 tv.tv_sec = timeout;
1364 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1366 if(errno != EINTR) /* because of alarm */
1368 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1375 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1377 close_network_connections();
1378 clear_config(&config);
1380 if(read_server_config())
1382 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1388 if(setup_network_connections())
1396 /* Let's check if everybody is still alive */
1398 if(last_ping_check + timeout < t)
1400 check_dead_connections();
1401 last_ping_check = time(NULL);
1403 /* Should we regenerate our key? */
1407 if(debug_lvl >= DEBUG_STATUS)
1408 syslog(LOG_INFO, _("Regenerating symmetric key"));
1410 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1411 send_key_changed(myself, NULL);
1412 keyexpires = time(NULL) + keylifetime;
1418 check_network_activity(&fset);
1420 /* local tap data */
1421 if(FD_ISSET(tap_fd, &fset))