2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.52 2000/10/29 02:07:40 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
44 #include LINUX_IF_TUN_H
62 int taptype = TAP_TYPE_ETHERTAP;
64 int total_tap_out = 0;
65 int total_socket_in = 0;
66 int total_socket_out = 0;
68 config_t *upstreamcfg;
69 static int seconds_till_retry;
76 strip off the MAC adresses of an ethernet frame
78 void strip_mac_addresses(vpn_packet_t *p)
81 memmove(p->data, p->data + 12, p->len -= 12);
86 reassemble MAC addresses
88 void add_mac_addresses(vpn_packet_t *p)
91 memcpy(p->data + 12, p->data, p->len);
93 p->data[0] = p->data[6] = 0xfe;
94 p->data[1] = p->data[7] = 0xfd;
95 /* Really evil pointer stuff just below! */
96 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
97 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
101 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
106 outpkt.len = inpkt->len;
108 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
109 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
110 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
111 outlen += outpad + 2;
113 Do encryption when everything else is fixed...
115 outlen = outpkt.len + 2;
116 memcpy(&outpkt, inpkt, outlen);
118 if(debug_lvl >= DEBUG_TRAFFIC)
119 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
120 outlen, cl->name, cl->hostname);
122 total_socket_out += outlen;
126 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
128 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
129 cl->name, cl->hostname);
136 int xrecv(vpn_packet_t *inpkt)
141 outpkt.len = inpkt->len;
143 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
144 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
145 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
148 Do decryption is everything else is fixed...
150 outlen = outpkt.len+2;
151 memcpy(&outpkt, inpkt, outlen);
153 /* Fix mac address */
155 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
157 if(taptype == TAP_TYPE_TUNTAP)
159 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
160 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
162 total_tap_out += outpkt.len;
166 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
167 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
169 total_tap_out += outpkt.len + 2;
176 add the given packet of size s to the
177 queue q, be it the send or receive queue
179 void add_queue(packet_queue_t **q, void *packet, size_t s)
183 e = xmalloc(sizeof(*e));
184 e->packet = xmalloc(s);
185 memcpy(e->packet, packet, s);
189 *q = xmalloc(sizeof(**q));
190 (*q)->head = (*q)->tail = NULL;
193 e->next = NULL; /* We insert at the tail */
195 if((*q)->tail) /* Do we have a tail? */
197 (*q)->tail->next = e;
198 e->prev = (*q)->tail;
200 else /* No tail -> no head too */
210 /* Remove a queue element */
211 void del_queue(packet_queue_t **q, queue_element_t *e)
216 if(e->next) /* There is a successor, so we are not tail */
218 if(e->prev) /* There is a predecessor, so we are not head */
220 e->next->prev = e->prev;
221 e->prev->next = e->next;
223 else /* We are head */
225 e->next->prev = NULL;
226 (*q)->head = e->next;
229 else /* We are tail (or all alone!) */
231 if(e->prev) /* We are not alone :) */
233 e->prev->next = NULL;
234 (*q)->tail = e->prev;
248 flush a queue by calling function for
249 each packet, and removing it when that
250 returned a zero exit code
252 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
253 int (*function)(conn_list_t*,void*))
255 queue_element_t *p, *next = NULL;
257 for(p = (*pq)->head; p != NULL; )
261 if(!function(cl, p->packet))
267 if(debug_lvl >= DEBUG_TRAFFIC)
268 syslog(LOG_DEBUG, _("Queue flushed"));
273 flush the send&recv queues
274 void because nothing goes wrong here, packets
275 remain in the queue if something goes wrong
277 void flush_queues(conn_list_t *cl)
282 if(debug_lvl >= DEBUG_TRAFFIC)
283 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
284 cl->name, cl->hostname);
285 flush_queue(cl, &(cl->sq), xsend);
290 if(debug_lvl >= DEBUG_TRAFFIC)
291 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
292 cl->name, cl->hostname);
293 flush_queue(cl, &(cl->rq), xrecv);
299 send a packet to the given vpn ip.
301 int send_packet(ip_t to, vpn_packet_t *packet)
306 if((subnet = lookup_subnet_ipv4(to)) == NULL)
308 if(debug_lvl >= DEBUG_TRAFFIC)
310 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
319 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
321 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
323 if(!cl->status.dataopen)
324 if(setup_vpn_connection(cl) < 0)
326 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
327 cl->name, cl->hostname);
331 if(!cl->status.validkey)
333 /* Don't queue until everything else is fixed.
334 if(debug_lvl >= DEBUG_TRAFFIC)
335 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
336 cl->name, cl->hostname);
337 add_queue(&(cl->sq), packet, packet->len + 2);
339 if(!cl->status.waitingforkey)
340 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
344 if(!cl->status.active)
346 /* Don't queue until everything else is fixed.
347 if(debug_lvl >= DEBUG_TRAFFIC)
348 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
349 cl->name, cl->hostname);
350 add_queue(&(cl->sq), packet, packet->len + 2);
352 return 0; /* We don't want to mess up, do we? */
355 /* can we send it? can we? can we? huh? */
357 return xsend(cl, packet);
361 open the local ethertap device
363 int setup_tap_fd(void)
366 const char *tapfname;
372 if((cfg = get_config_val(config, tapdevice)))
373 tapfname = cfg->data.ptr;
376 tapfname = "/dev/misc/net/tun";
378 tapfname = "/dev/tap0";
381 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
383 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
389 /* Set default MAC address for ethertap devices */
391 taptype = TAP_TYPE_ETHERTAP;
392 mymac.type = SUBNET_MAC;
393 mymac.net.mac.address.x[0] = 0xfe;
394 mymac.net.mac.address.x[1] = 0xfd;
395 mymac.net.mac.address.x[2] = 0x00;
396 mymac.net.mac.address.x[3] = 0x00;
397 mymac.net.mac.address.x[4] = 0x00;
398 mymac.net.mac.address.x[5] = 0x00;
401 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
402 memset(&ifr, 0, sizeof(ifr));
404 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
406 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
408 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
410 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
411 taptype = TAP_TYPE_TUNTAP;
415 /* Add name of network interface to environment (for scripts) */
417 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
418 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
427 set up the socket that we listen on for incoming
430 int setup_listen_meta_socket(int port)
433 struct sockaddr_in a;
437 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
439 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
443 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
445 syslog(LOG_ERR, _("setsockopt: %m"));
449 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
451 syslog(LOG_ERR, _("setsockopt: %m"));
455 flags = fcntl(nfd, F_GETFL);
456 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
458 syslog(LOG_ERR, _("fcntl: %m"));
462 if((cfg = get_config_val(config, interface)))
464 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
466 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
471 memset(&a, 0, sizeof(a));
472 a.sin_family = AF_INET;
473 a.sin_port = htons(port);
475 if((cfg = get_config_val(config, interfaceip)))
476 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
478 a.sin_addr.s_addr = htonl(INADDR_ANY);
480 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
482 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
488 syslog(LOG_ERR, _("listen: %m"));
496 setup the socket for incoming encrypted
499 int setup_vpn_in_socket(int port)
502 struct sockaddr_in a;
505 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
507 syslog(LOG_ERR, _("Creating socket failed: %m"));
511 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
513 syslog(LOG_ERR, _("setsockopt: %m"));
517 flags = fcntl(nfd, F_GETFL);
518 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
520 syslog(LOG_ERR, _("fcntl: %m"));
524 memset(&a, 0, sizeof(a));
525 a.sin_family = AF_INET;
526 a.sin_port = htons(port);
527 a.sin_addr.s_addr = htonl(INADDR_ANY);
529 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
531 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
539 setup an outgoing meta (tcp) socket
541 int setup_outgoing_meta_socket(conn_list_t *cl)
544 struct sockaddr_in a;
547 if(debug_lvl >= DEBUG_CONNECTIONS)
548 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
550 if((cfg = get_config_val(cl->config, port)) == NULL)
553 cl->port = cfg->data.val;
555 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
556 if(cl->meta_socket == -1)
558 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
559 cl->hostname, cl->port);
563 a.sin_family = AF_INET;
564 a.sin_port = htons(cl->port);
565 a.sin_addr.s_addr = htonl(cl->address);
567 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
569 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
573 flags = fcntl(cl->meta_socket, F_GETFL);
574 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
576 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
577 cl->hostname, cl->port);
581 if(debug_lvl >= DEBUG_CONNECTIONS)
582 syslog(LOG_INFO, _("Connected to %s port %hd"),
583 cl->hostname, cl->port);
591 setup an outgoing connection. It's not
592 necessary to also open an udp socket as
593 well, because the other host will initiate
594 an authentication sequence during which
595 we will do just that.
597 int setup_outgoing_connection(char *name)
605 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
609 ncn = new_conn_list();
610 asprintf(&ncn->name, "%s", name);
612 if(read_host_config(ncn))
614 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
619 if(!(cfg = get_config_val(ncn->config, address)))
621 syslog(LOG_ERR, _("No address specified for %s"));
626 if(!(h = gethostbyname(cfg->data.ptr)))
628 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
633 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
634 ncn->hostname = hostlookup(htonl(ncn->address));
636 if(setup_outgoing_meta_socket(ncn) < 0)
638 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
644 ncn->status.outgoing = 1;
645 ncn->buffer = xmalloc(MAXBUFSIZE);
647 ncn->last_ping_time = time(NULL);
658 Configure conn_list_t myself and set up the local sockets (listen only)
660 int setup_myself(void)
665 myself = new_conn_list();
667 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
669 myself->protocol_version = PROT_CURRENT;
671 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
673 syslog(LOG_ERR, _("Name for tinc daemon required!"));
677 asprintf(&myself->name, "%s", (char*)cfg->data.val);
679 if(check_id(myself->name))
681 syslog(LOG_ERR, _("Invalid name for myself!"));
685 if(!(cfg = get_config_val(config, privatekey)))
687 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
692 myself->rsa_key = RSA_new();
693 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
694 BN_hex2bn(&myself->rsa_key->e, "FFFF");
697 if(read_host_config(myself))
699 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
703 if(!(cfg = get_config_val(myself->config, publickey)))
705 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
710 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
713 if(RSA_check_key(myself->rsa_key) != 1)
715 syslog(LOG_ERR, _("Invalid public/private keypair!"));
719 if(!(cfg = get_config_val(myself->config, port)))
722 myself->port = cfg->data.val;
724 if((cfg = get_config_val(myself->config, indirectdata)))
725 if(cfg->data.val == stupid_true)
726 myself->flags |= EXPORTINDIRECTDATA;
728 if((cfg = get_config_val(myself->config, tcponly)))
729 if(cfg->data.val == stupid_true)
730 myself->flags |= TCPONLY;
732 /* Read in all the subnets specified in the host configuration file */
734 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
737 net->type = SUBNET_IPV4;
738 net->net.ipv4.address = cfg->data.ip->address;
739 net->net.ipv4.mask = cfg->data.ip->mask;
741 /* Teach newbies what subnets are... */
743 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
745 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
749 subnet_add(myself, net);
752 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
754 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
758 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
760 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
761 close(myself->meta_socket);
765 myself->status.active = 1;
767 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
773 sigalrm_handler(int a)
777 cfg = get_config_val(upstreamcfg, connectto);
779 if(!cfg && upstreamcfg == config)
780 /* No upstream IP given, we're listen only. */
785 upstreamcfg = cfg->next;
786 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
788 signal(SIGALRM, SIG_IGN);
791 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
794 signal(SIGALRM, sigalrm_handler);
795 upstreamcfg = config;
796 seconds_till_retry += 5;
797 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
798 seconds_till_retry = MAXTIMEOUT;
799 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
801 alarm(seconds_till_retry);
806 setup all initial network connections
808 int setup_network_connections(void)
813 if((cfg = get_config_val(config, pingtimeout)) == NULL)
816 timeout = cfg->data.val;
818 if(setup_tap_fd() < 0)
821 if(setup_myself() < 0)
824 /* Run tinc-up script to further initialize the tap interface */
826 asprintf(&scriptname, "%s/tinc-up", confbase);
831 execl(scriptname, NULL);
834 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
841 if(!(cfg = get_config_val(config, connectto)))
842 /* No upstream IP given, we're listen only. */
847 upstreamcfg = cfg->next;
848 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
850 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
853 signal(SIGALRM, sigalrm_handler);
854 upstreamcfg = config;
855 seconds_till_retry = MAXTIMEOUT;
856 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
857 alarm(seconds_till_retry);
863 close all open network connections
865 void close_network_connections(void)
870 for(p = conn_list; p != NULL; p = p->next)
872 p->status.active = 0;
873 terminate_connection(p);
877 if(myself->status.active)
879 close(myself->meta_socket);
880 close(myself->socket);
881 free_conn_list(myself);
885 /* Execute tinc-down script right before shutting down the interface */
887 asprintf(&scriptname, "%s/tinc-down", confbase);
891 execl(scriptname, NULL);
894 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
904 syslog(LOG_NOTICE, _("Terminating"));
910 create a data (udp) socket
912 int setup_vpn_connection(conn_list_t *cl)
915 struct sockaddr_in a;
917 if(debug_lvl >= DEBUG_TRAFFIC)
918 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
920 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
923 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
927 a.sin_family = AF_INET;
928 a.sin_port = htons(cl->port);
929 a.sin_addr.s_addr = htonl(cl->address);
931 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
933 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
934 cl->hostname, cl->port);
938 flags = fcntl(nfd, F_GETFL);
939 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
941 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
942 cl->name, cl->hostname);
947 cl->status.dataopen = 1;
953 handle an incoming tcp connect call and open
956 conn_list_t *create_new_connection(int sfd)
959 struct sockaddr_in ci;
960 int len = sizeof(ci);
964 if(getpeername(sfd, &ci, &len) < 0)
966 syslog(LOG_ERR, _("Error: getpeername: %m"));
971 p->address = ntohl(ci.sin_addr.s_addr);
972 p->hostname = hostlookup(ci.sin_addr.s_addr);
973 p->meta_socket = sfd;
975 p->buffer = xmalloc(MAXBUFSIZE);
977 p->last_ping_time = time(NULL);
980 if(debug_lvl >= DEBUG_CONNECTIONS)
981 syslog(LOG_NOTICE, _("Connection from %s port %d"),
982 p->hostname, htons(ci.sin_port));
984 p->allow_request = ID;
990 put all file descriptors in an fd_set array
992 void build_fdset(fd_set *fs)
998 for(p = conn_list; p != NULL; p = p->next)
1001 FD_SET(p->meta_socket, fs);
1002 if(p->status.dataopen)
1003 FD_SET(p->socket, fs);
1006 FD_SET(myself->meta_socket, fs);
1007 FD_SET(myself->socket, fs);
1013 receive incoming data from the listening
1014 udp socket and write it to the ethertap
1015 device after being decrypted
1017 int handle_incoming_vpn_data()
1020 int x, l = sizeof(x);
1021 struct sockaddr from;
1022 socklen_t fromlen = sizeof(from);
1024 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1026 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1027 __FILE__, __LINE__, myself->socket);
1032 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1036 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1038 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1042 if(debug_lvl >= DEBUG_TRAFFIC)
1044 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1045 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1053 terminate a connection and notify the other
1054 end before closing the sockets
1056 void terminate_connection(conn_list_t *cl)
1061 if(cl->status.remove)
1064 cl->status.remove = 1;
1066 if(debug_lvl >= DEBUG_CONNECTIONS)
1067 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1068 cl->name, cl->hostname);
1073 close(cl->meta_socket);
1076 /* Find all connections that were lost because they were behind cl
1077 (the connection that was dropped). */
1080 for(p = conn_list; p != NULL; p = p->next)
1081 if((p->nexthop == cl) && (p != cl))
1082 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1084 /* Inform others of termination if it was still active */
1086 if(cl->status.active)
1087 for(p = conn_list; p != NULL; p = p->next)
1088 if(p->status.meta && p->status.active && p!=cl)
1089 send_del_host(p, cl);
1091 /* Remove the associated subnets */
1093 for(s = cl->subnets; s; s = s->next)
1096 /* Check if this was our outgoing connection */
1098 if(cl->status.outgoing && cl->status.active)
1100 signal(SIGALRM, sigalrm_handler);
1101 seconds_till_retry = 5;
1102 alarm(seconds_till_retry);
1103 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1108 cl->status.active = 0;
1113 Check if the other end is active.
1114 If we have sent packets, but didn't receive any,
1115 then possibly the other end is dead. We send a
1116 PING request over the meta connection. If the other
1117 end does not reply in time, we consider them dead
1118 and close the connection.
1120 int check_dead_connections(void)
1126 for(p = conn_list; p != NULL; p = p->next)
1128 if(p->status.active && p->status.meta)
1130 if(p->last_ping_time + timeout < now)
1132 if(p->status.pinged && !p->status.got_pong)
1134 if(debug_lvl >= DEBUG_PROTOCOL)
1135 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1136 p->name, p->hostname);
1137 p->status.timeout = 1;
1138 terminate_connection(p);
1140 else if(p->want_ping)
1143 p->last_ping_time = now;
1144 p->status.pinged = 1;
1145 p->status.got_pong = 0;
1155 accept a new tcp connect and create a
1158 int handle_new_meta_connection()
1161 struct sockaddr client;
1162 int nfd, len = sizeof(client);
1164 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1166 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1170 if(!(ncn = create_new_connection(nfd)))
1174 syslog(LOG_NOTICE, _("Closed attempted connection"));
1184 check all connections to see if anything
1185 happened on their sockets
1187 void check_network_activity(fd_set *f)
1190 int x, l = sizeof(x);
1192 for(p = conn_list; p != NULL; p = p->next)
1194 if(p->status.remove)
1197 if(p->status.dataopen)
1198 if(FD_ISSET(p->socket, f))
1201 The only thing that can happen to get us here is apparently an
1202 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1203 something that will not trigger an error directly on send()).
1204 I've once got here when it said `No route to host'.
1206 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1207 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1208 p->name, p->hostname, strerror(x));
1209 terminate_connection(p);
1214 if(FD_ISSET(p->meta_socket, f))
1215 if(receive_meta(p) < 0)
1217 terminate_connection(p);
1222 if(FD_ISSET(myself->socket, f))
1223 handle_incoming_vpn_data();
1225 if(FD_ISSET(myself->meta_socket, f))
1226 handle_new_meta_connection();
1231 read, encrypt and send data that is
1232 available through the ethertap device
1234 void handle_tap_input(void)
1239 if(taptype == TAP_TYPE_TUNTAP)
1241 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1243 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1250 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1252 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1258 total_tap_in += lenin;
1262 if(debug_lvl >= DEBUG_TRAFFIC)
1263 syslog(LOG_WARNING, _("Received short packet from tap device"));
1267 if(debug_lvl >= DEBUG_TRAFFIC)
1269 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1272 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1277 this is where it all happens...
1279 void main_loop(void)
1284 time_t last_ping_check;
1286 last_ping_check = time(NULL);
1290 tv.tv_sec = timeout;
1296 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1298 if(errno != EINTR) /* because of alarm */
1300 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1307 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1309 close_network_connections();
1310 clear_config(&config);
1312 if(read_server_config())
1314 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1320 if(setup_network_connections())
1326 if(last_ping_check + timeout < time(NULL))
1327 /* Let's check if everybody is still alive */
1329 check_dead_connections();
1330 last_ping_check = time(NULL);
1335 check_network_activity(&fset);
1337 /* local tap data */
1338 if(FD_ISSET(tap_fd, &fset))