2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34 #include "address_cache.h"
37 #include "connection.h"
54 #define MAX(a, b) ((a) > (b) ? (a) : (b))
57 /* The minimum size of a probe is 14 bytes, but since we normally use CBC mode
58 encryption, we can add a few extra random bytes without increasing the
59 resulting packet size. */
60 #define MIN_PROBE_SIZE 18
64 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
67 static void send_udppacket(node_t *, vpn_packet_t *);
69 unsigned replaywin = 32;
70 bool localdiscovery = true;
71 bool udp_discovery = true;
72 int udp_discovery_keepalive_interval = 10;
73 int udp_discovery_interval = 2;
74 int udp_discovery_timeout = 30;
76 #define MAX_SEQNO 1073741824
78 static void try_fix_mtu(node_t *n) {
79 if(n->mtuprobes < 0) {
83 if(n->mtuprobes == 20 || n->minmtu >= n->maxmtu) {
84 if(n->minmtu > n->maxmtu) {
85 n->minmtu = n->maxmtu;
87 n->maxmtu = n->minmtu;
91 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
96 static void udp_probe_timeout_handler(void *data) {
99 if(!n->status.udp_confirmed) {
103 logger(DEBUG_TRAFFIC, LOG_INFO, "Too much time has elapsed since last UDP ping response from %s (%s), stopping UDP communication", n->name, n->hostname);
104 n->status.udp_confirmed = false;
105 n->udp_ping_rtt = -1;
112 static void send_udp_probe_reply(node_t *n, vpn_packet_t *packet, length_t len) {
113 if(!n->status.sptps && !n->status.validkey) {
114 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP probe reply to %s (%s) but we don't have his key yet", n->name, n->hostname);
118 /* Type 2 probe replies were introduced in protocol 17.3 */
119 if((n->options >> 24) >= 3) {
121 uint16_t len16 = htons(len);
122 memcpy(DATA(packet) + 1, &len16, 2);
123 packet->len = MIN_PROBE_SIZE;
124 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 2 probe reply length %u to %s (%s)", len, n->name, n->hostname);
127 /* Legacy protocol: n won't understand type 2 probe replies. */
129 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 1 probe reply length %u to %s (%s)", len, n->name, n->hostname);
132 /* Temporarily set udp_confirmed, so that the reply is sent
133 back exactly the way it came in. */
135 bool udp_confirmed = n->status.udp_confirmed;
136 n->status.udp_confirmed = true;
137 send_udppacket(n, packet);
138 n->status.udp_confirmed = udp_confirmed;
141 static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
142 if(!DATA(packet)[0]) {
143 logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
144 send_udp_probe_reply(n, packet, len);
148 if(DATA(packet)[0] == 2) {
149 // It's a type 2 probe reply, use the length field inside the packet
151 memcpy(&len16, DATA(packet) + 1, 2);
155 if (n->udp_ping_sent.tv_sec != 0) { // a probe in flight
156 gettimeofday(&now, NULL);
158 timersub(&now, &n->udp_ping_sent, &rtt);
159 n->udp_ping_rtt = rtt.tv_sec*1000000 + rtt.tv_usec;
160 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s) rtt=%d.%03d", DATA(packet)[0], len, n->name, n->hostname, n->udp_ping_rtt / 1000, n->udp_ping_rtt % 1000);
162 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s)", DATA(packet)[0], len, n->name, n->hostname);
165 /* It's a valid reply: now we know bidirectional communication
166 is possible using the address and socket that the reply
168 if(!n->status.udp_confirmed) {
169 n->status.udp_confirmed = true;
170 fprintf(stderr, "Updating address cache...\n");
172 if(!n->address_cache) {
173 n->address_cache = open_address_cache(n);
176 reset_address_cache(n->address_cache, &n->address);
179 // Reset the UDP ping timer. (no probe in flight)
180 n->udp_ping_sent.tv_sec = 0;
183 timeout_del(&n->udp_ping_timeout);
184 timeout_add(&n->udp_ping_timeout, &udp_probe_timeout_handler, n, &(struct timeval) {
185 udp_discovery_timeout, 0
189 if(len > n->maxmtu) {
190 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
193 /* Set mtuprobes to 1 so that try_mtu() doesn't reset maxmtu */
196 } else if(n->mtuprobes < 0 && len == n->maxmtu) {
197 /* We got a maxmtu sized packet, confirming the PMTU is still valid. */
199 n->mtu_ping_sent = now;
202 /* If applicable, raise the minimum supported MTU */
204 if(n->minmtu < len) {
210 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
212 memcpy(dest, source, len);
214 } else if(level == 10) {
216 lzo_uint lzolen = MAXSIZE;
217 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
222 } else if(level < 10) {
224 unsigned long destlen = MAXSIZE;
226 if(compress2(dest, &destlen, source, len, level) == Z_OK) {
233 lzo_uint lzolen = MAXSIZE;
234 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
244 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
246 memcpy(dest, source, len);
248 } else if(level > 9) {
250 lzo_uint lzolen = MAXSIZE;
252 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) {
261 unsigned long destlen = MAXSIZE;
262 static z_stream stream;
265 inflateReset(&stream);
267 inflateInit(&stream);
270 stream.next_in = source;
271 stream.avail_in = len;
272 stream.next_out = dest;
273 stream.avail_out = destlen;
274 stream.total_out = 0;
276 if(inflate(&stream, Z_FINISH) == Z_STREAM_END) {
277 return stream.total_out;
290 static void receive_packet(node_t *n, vpn_packet_t *packet) {
291 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
292 packet->len, n->name, n->hostname);
295 n->in_bytes += packet->len;
300 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
301 if(n->status.sptps) {
302 return sptps_verify_datagram(&n->sptps, DATA(inpkt), inpkt->len);
305 #ifdef DISABLE_LEGACY
309 if(!n->status.validkey_in || !digest_active(n->indigest) || inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
313 return digest_verify(n->indigest, inpkt->data, inpkt->len - digest_length(n->indigest), inpkt->data + inpkt->len - digest_length(n->indigest));
317 static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
318 vpn_packet_t pkt1, pkt2;
319 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
322 pkt1.offset = DEFAULT_PACKET_OFFSET;
323 pkt2.offset = DEFAULT_PACKET_OFFSET;
325 if(n->status.sptps) {
326 if(!n->sptps.state) {
327 if(!n->status.waitingforkey) {
328 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
331 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
337 n->status.udppacket = true;
338 bool result = sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len);
339 n->status.udppacket = false;
342 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
343 so let's restart SPTPS in case that helps. But don't do that too often
344 to prevent storms, and because that would make life a little too easy
345 for external attackers trying to DoS us. */
346 if(n->last_req_key < now.tv_sec - 10) {
347 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", n->name, n->hostname);
357 #ifdef DISABLE_LEGACY
361 if(!n->status.validkey_in) {
362 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
366 /* Check packet length */
368 if(inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
369 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
370 n->name, n->hostname);
374 /* It's a legacy UDP packet, the data starts after the seqno */
376 inpkt->offset += sizeof(seqno_t);
378 /* Check the message authentication code */
380 if(digest_active(n->indigest)) {
381 inpkt->len -= digest_length(n->indigest);
383 if(!digest_verify(n->indigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
384 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
389 /* Decrypt the packet */
391 if(cipher_active(n->incipher)) {
392 vpn_packet_t *outpkt = pkt[nextpkt++];
395 if(!cipher_decrypt(n->incipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
396 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
400 outpkt->len = outlen;
404 /* Check the sequence number */
407 memcpy(&seqno, SEQNO(inpkt), sizeof(seqno));
408 seqno = ntohl(seqno);
409 inpkt->len -= sizeof(seqno);
412 if(seqno != n->received_seqno + 1) {
413 if(seqno >= n->received_seqno + replaywin * 8) {
414 if(n->farfuture++ < replaywin >> 2) {
415 logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
416 n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture);
420 logger(DEBUG_TRAFFIC, LOG_WARNING, "Lost %d packets from %s (%s)",
421 seqno - n->received_seqno - 1, n->name, n->hostname);
422 memset(n->late, 0, replaywin);
423 } else if(seqno <= n->received_seqno) {
424 if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) {
425 logger(DEBUG_TRAFFIC, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
426 n->name, n->hostname, seqno, n->received_seqno);
430 for(int i = n->received_seqno + 1; i < seqno; i++) {
431 n->late[(i / 8) % replaywin] |= 1 << i % 8;
437 n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8);
440 if(seqno > n->received_seqno) {
441 n->received_seqno = seqno;
446 if(n->received_seqno > MAX_SEQNO) {
450 /* Decompress the packet */
452 length_t origlen = inpkt->len;
454 if(n->incompression) {
455 vpn_packet_t *outpkt = pkt[nextpkt++];
457 if((outpkt->len = uncompress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->incompression)) < 0) {
458 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
459 n->name, n->hostname);
465 origlen -= MTU / 64 + 20;
468 if(inpkt->len > n->maxrecentlen) {
469 n->maxrecentlen = inpkt->len;
474 if(!DATA(inpkt)[12] && !DATA(inpkt)[13]) {
475 udp_probe_h(n, inpkt, origlen);
477 receive_packet(n, inpkt);
484 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
486 outpkt.offset = DEFAULT_PACKET_OFFSET;
488 if(len > sizeof(outpkt.data) - outpkt.offset) {
494 if(c->options & OPTION_TCPONLY) {
497 outpkt.priority = -1;
500 memcpy(DATA(&outpkt), buffer, len);
502 receive_packet(c->node, &outpkt);
505 bool receive_tcppacket_sptps(connection_t *c, const char *data, int len) {
506 if(len < sizeof(node_id_t) + sizeof(node_id_t)) {
507 logger(DEBUG_PROTOCOL, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname);
511 node_t *to = lookup_node_id((node_id_t *)data);
512 data += sizeof(node_id_t);
513 len -= sizeof(node_id_t);
516 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown destination ID", c->name, c->hostname);
520 node_t *from = lookup_node_id((node_id_t *)data);
521 data += sizeof(node_id_t);
522 len -= sizeof(node_id_t);
525 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown source ID", c->name, c->hostname);
529 if(!to->status.reachable) {
530 /* This can happen in the form of a race condition
531 if the node just became unreachable. */
532 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay TCP packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
536 /* Help the sender reach us over UDP.
537 Note that we only do this if we're the destination or the static relay;
538 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
539 if(to->via == myself) {
540 send_udp_info(myself, from);
543 /* If we're not the final recipient, relay the packet. */
546 send_sptps_data(to, from, 0, data, len);
551 /* The packet is for us */
553 if(!sptps_receive_data(&from->sptps, data, len)) {
554 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
555 so let's restart SPTPS in case that helps. But don't do that too often
556 to prevent storms. */
557 if(from->last_req_key < now.tv_sec - 10) {
558 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
565 send_mtu_info(myself, from, MTU);
569 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
570 if(!n->status.validkey && !n->connection) {
577 if((!(DATA(origpkt)[12] | DATA(origpkt)[13])) && (n->sptps.outstate)) {
578 sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len);
582 if(routing_mode == RMODE_ROUTER) {
588 if(origpkt->len < offset) {
594 if(n->outcompression) {
596 int len = compress_packet(DATA(&outpkt) + offset, DATA(origpkt) + offset, origpkt->len - offset, n->outcompression);
599 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
600 } else if(len < origpkt->len - offset) {
601 outpkt.len = len + offset;
603 type |= PKT_COMPRESSED;
607 /* If we have a direct metaconnection to n, and we can't use UDP, then
608 don't bother with SPTPS and just use a "plaintext" PACKET message.
609 We don't really care about end-to-end security since we're not
610 sending the message through any intermediate nodes. */
611 if(n->connection && origpkt->len > n->minmtu) {
612 send_tcppacket(n->connection, origpkt);
614 sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset);
620 static void adapt_socket(const sockaddr_t *sa, int *sock) {
621 /* Make sure we have a suitable socket for the chosen address */
622 if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) {
623 for(int i = 0; i < listen_sockets; i++) {
624 if(listen_socket[i].sa.sa.sa_family == sa->sa.sa_family) {
632 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
637 /* If the UDP address is confirmed, use it. */
638 if(n->status.udp_confirmed) {
642 /* Send every third packet to n->address; that could be set
643 to the node's reflexive UDP address discovered during key
653 /* Otherwise, address are found in edges to this node.
654 So we pick a random edge and a random socket. */
657 int j = rand() % n->edge_tree->count;
658 edge_t *candidate = NULL;
660 for splay_each(edge_t, e, n->edge_tree) {
662 candidate = e->reverse;
668 *sa = &candidate->address;
669 *sock = rand() % listen_sockets;
672 adapt_socket(*sa, sock);
675 static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) {
678 /* Pick one of the edges from this node at random, then use its local address. */
681 int j = rand() % n->edge_tree->count;
682 edge_t *candidate = NULL;
684 for splay_each(edge_t, e, n->edge_tree) {
691 if(candidate && candidate->local_address.sa.sa_family) {
692 *sa = &candidate->local_address;
693 *sock = rand() % listen_sockets;
694 adapt_socket(*sa, sock);
698 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
699 vpn_packet_t pkt1, pkt2;
700 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
701 vpn_packet_t *inpkt = origpkt;
703 vpn_packet_t *outpkt;
704 int origlen = origpkt->len;
706 int origpriority = origpkt->priority;
708 pkt1.offset = DEFAULT_PACKET_OFFSET;
709 pkt2.offset = DEFAULT_PACKET_OFFSET;
711 if(!n->status.reachable) {
712 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
716 if(n->status.sptps) {
717 send_sptps_packet(n, origpkt);
721 #ifdef DISABLE_LEGACY
724 /* Make sure we have a valid key */
726 if(!n->status.validkey) {
727 logger(DEBUG_TRAFFIC, LOG_INFO,
728 "No valid key known yet for %s (%s), forwarding via TCP",
729 n->name, n->hostname);
730 send_tcppacket(n->nexthop->connection, origpkt);
734 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (DATA(inpkt)[12] | DATA(inpkt)[13])) {
735 logger(DEBUG_TRAFFIC, LOG_INFO,
736 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
737 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
739 if(n != n->nexthop) {
740 send_packet(n->nexthop, origpkt);
742 send_tcppacket(n->nexthop->connection, origpkt);
748 /* Compress the packet */
750 if(n->outcompression) {
751 outpkt = pkt[nextpkt++];
753 if((outpkt->len = compress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->outcompression)) < 0) {
754 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
755 n->name, n->hostname);
762 /* Add sequence number */
764 seqno_t seqno = htonl(++(n->sent_seqno));
765 memcpy(SEQNO(inpkt), &seqno, sizeof(seqno));
766 inpkt->len += sizeof(seqno);
768 /* Encrypt the packet */
770 if(cipher_active(n->outcipher)) {
771 outpkt = pkt[nextpkt++];
774 if(!cipher_encrypt(n->outcipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
775 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
779 outpkt->len = outlen;
783 /* Add the message authentication code */
785 if(digest_active(n->outdigest)) {
786 if(!digest_create(n->outdigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
787 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
791 inpkt->len += digest_length(n->outdigest);
794 /* Send the packet */
796 const sockaddr_t *sa = NULL;
799 if(n->status.send_locally) {
800 choose_local_address(n, &sa, &sock);
804 choose_udp_address(n, &sa, &sock);
807 if(priorityinheritance && origpriority != listen_socket[sock].priority) {
808 listen_socket[sock].priority = origpriority;
810 switch(sa->sa.sa_family) {
814 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", origpriority);
816 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IP, IP_TOS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
817 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
822 #if defined(IPV6_TCLASS)
825 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", origpriority);
827 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
828 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
839 if(sendto(listen_socket[sock].udp.fd, (void *)SEQNO(inpkt), inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
840 if(sockmsgsize(sockerrno)) {
841 if(n->maxmtu >= origlen) {
842 n->maxmtu = origlen - 1;
845 if(n->mtu >= origlen) {
846 n->mtu = origlen - 1;
851 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
856 origpkt->len = origlen;
860 bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_t len) {
861 node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop;
862 bool direct = from == myself && to == relay;
863 bool relay_supported = (relay->options >> 24) >= 4;
864 bool tcponly = (myself->options | relay->options) & OPTION_TCPONLY;
866 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU. */
868 if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
869 if(type != SPTPS_HANDSHAKE && (to->nexthop->connection->options >> 24) >= 7) {
870 char buf[len + sizeof(to->id) + sizeof(from->id)];
872 memcpy(buf_ptr, &to->id, sizeof(to->id));
873 buf_ptr += sizeof(to->id);
874 memcpy(buf_ptr, &from->id, sizeof(from->id));
875 buf_ptr += sizeof(from->id);
876 memcpy(buf_ptr, data, len);
877 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (TCP)", from->name, from->hostname, to->name, to->hostname, to->nexthop->name, to->nexthop->hostname);
878 return send_sptps_tcppacket(to->nexthop->connection, buf, sizeof(buf));
881 char buf[len * 4 / 3 + 5];
882 b64encode(data, buf, len);
884 /* If this is a handshake packet, use ANS_KEY instead of REQ_KEY, for two reasons:
885 - We don't want intermediate nodes to switch to UDP to relay these packets;
886 - ANS_KEY allows us to learn the reflexive UDP address. */
887 if(type == SPTPS_HANDSHAKE) {
888 to->incompression = myself->incompression;
889 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
891 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, SPTPS_PACKET, buf);
897 if(relay_supported) {
898 overhead += sizeof(to->id) + sizeof(from->id);
901 char buf[len + overhead];
904 if(relay_supported) {
906 /* Inform the recipient that this packet was sent directly. */
907 node_id_t nullid = {{0}};
908 memcpy(buf_ptr, &nullid, sizeof(nullid));
909 buf_ptr += sizeof(nullid);
911 memcpy(buf_ptr, &to->id, sizeof(to->id));
912 buf_ptr += sizeof(to->id);
915 memcpy(buf_ptr, &from->id, sizeof(from->id));
916 buf_ptr += sizeof(from->id);
920 /* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */
921 memcpy(buf_ptr, data, len);
924 const sockaddr_t *sa = NULL;
927 if(relay->status.send_locally) {
928 choose_local_address(relay, &sa, &sock);
932 choose_udp_address(relay, &sa, &sock);
935 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (UDP)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname);
937 if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
938 if(sockmsgsize(sockerrno)) {
939 // Compensate for SPTPS overhead
940 len -= SPTPS_DATAGRAM_OVERHEAD;
942 if(relay->maxmtu >= len) {
943 relay->maxmtu = len - 1;
946 if(relay->mtu >= len) {
947 relay->mtu = len - 1;
952 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno));
960 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
961 node_t *from = handle;
963 if(type == SPTPS_HANDSHAKE) {
964 if(!from->status.validkey) {
965 from->status.validkey = true;
966 from->status.waitingforkey = false;
967 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) successful", from->name, from->hostname);
974 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
979 inpkt.offset = DEFAULT_PACKET_OFFSET;
982 if(type == PKT_PROBE) {
983 if(!from->status.udppacket) {
984 logger(DEBUG_ALWAYS, LOG_ERR, "Got SPTPS PROBE packet from %s (%s) via TCP", from->name, from->hostname);
989 memcpy(DATA(&inpkt), data, len);
991 if(inpkt.len > from->maxrecentlen) {
992 from->maxrecentlen = inpkt.len;
995 udp_probe_h(from, &inpkt, len);
999 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
1000 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
1004 /* Check if we have the headers we need */
1005 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
1006 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
1008 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
1009 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
1012 int offset = (type & PKT_MAC) ? 0 : 14;
1014 if(type & PKT_COMPRESSED) {
1015 length_t ulen = uncompress_packet(DATA(&inpkt) + offset, (const uint8_t *)data, len, from->incompression);
1020 inpkt.len = ulen + offset;
1023 if(inpkt.len > MAXSIZE) {
1027 memcpy(DATA(&inpkt) + offset, data, len);
1028 inpkt.len = len + offset;
1031 /* Generate the Ethernet packet type if necessary */
1033 switch(DATA(&inpkt)[14] >> 4) {
1035 DATA(&inpkt)[12] = 0x08;
1036 DATA(&inpkt)[13] = 0x00;
1040 DATA(&inpkt)[12] = 0x86;
1041 DATA(&inpkt)[13] = 0xDD;
1045 logger(DEBUG_TRAFFIC, LOG_ERR,
1046 "Unknown IP version %d while reading packet from %s (%s)",
1047 DATA(&inpkt)[14] >> 4, from->name, from->hostname);
1052 if(from->status.udppacket && inpkt.len > from->maxrecentlen) {
1053 from->maxrecentlen = inpkt.len;
1056 receive_packet(from, &inpkt);
1060 // This function tries to get SPTPS keys, if they aren't already known.
1061 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if the keys are available.
1062 static void try_sptps(node_t *n) {
1063 if(n->status.validkey) {
1067 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
1069 if(!n->status.waitingforkey) {
1071 } else if(n->last_req_key + 10 < now.tv_sec) {
1072 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
1073 sptps_stop(&n->sptps);
1074 n->status.waitingforkey = false;
1081 static void send_udp_probe_packet(node_t *n, int len) {
1082 vpn_packet_t packet;
1083 packet.offset = DEFAULT_PACKET_OFFSET;
1084 memset(DATA(&packet), 0, 14);
1085 randomize(DATA(&packet) + 14, len - 14);
1087 packet.priority = 0;
1089 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending UDP probe length %d to %s (%s)", len, n->name, n->hostname);
1091 send_udppacket(n, &packet);
1094 // This function tries to establish a UDP tunnel to a node so that packets can be sent.
1095 // If a tunnel is already established, it makes sure it stays up.
1096 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if UDP is usable.
1097 static void try_udp(node_t *n) {
1098 if(!udp_discovery) {
1102 /* Send gratuitous probe replies to 1.1 nodes. */
1104 if((n->options >> 24) >= 3 && n->status.udp_confirmed) {
1105 struct timeval ping_tx_elapsed;
1106 timersub(&now, &n->udp_reply_sent, &ping_tx_elapsed);
1108 if(ping_tx_elapsed.tv_sec >= udp_discovery_keepalive_interval - 1) {
1109 n->udp_reply_sent = now;
1111 if(n->maxrecentlen) {
1113 pkt.len = n->maxrecentlen;
1114 pkt.offset = DEFAULT_PACKET_OFFSET;
1115 memset(DATA(&pkt), 0, 14);
1116 randomize(DATA(&pkt) + 14, MIN_PROBE_SIZE - 14);
1117 send_udp_probe_reply(n, &pkt, pkt.len);
1118 n->maxrecentlen = 0;
1125 struct timeval ping_tx_elapsed;
1126 timersub(&now, &n->udp_ping_sent, &ping_tx_elapsed);
1128 int interval = n->status.udp_confirmed ? udp_discovery_keepalive_interval : udp_discovery_interval;
1130 if(ping_tx_elapsed.tv_sec >= interval) {
1131 gettimeofday(&now, NULL);
1132 n->udp_ping_sent = now; // a probe in flight
1133 send_udp_probe_packet(n, MIN_PROBE_SIZE);
1135 if(localdiscovery && !n->status.udp_confirmed && n->prevedge) {
1136 n->status.send_locally = true;
1137 send_udp_probe_packet(n, MIN_PROBE_SIZE);
1138 n->status.send_locally = false;
1143 static length_t choose_initial_maxmtu(node_t *n) {
1148 const sockaddr_t *sa = NULL;
1150 choose_udp_address(n, &sa, &sockindex);
1156 sock = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
1159 logger(DEBUG_TRAFFIC, LOG_ERR, "Creating MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1163 if(connect(sock, &sa->sa, SALEN(sa->sa))) {
1164 logger(DEBUG_TRAFFIC, LOG_ERR, "Connecting MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1170 socklen_t ip_mtu_len = sizeof(ip_mtu);
1172 if(getsockopt(sock, IPPROTO_IP, IP_MTU, &ip_mtu, &ip_mtu_len)) {
1173 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1180 /* getsockopt(IP_MTU) returns the MTU of the physical interface.
1181 We need to remove various overheads to get to the tinc MTU. */
1182 length_t mtu = ip_mtu;
1183 mtu -= (sa->sa.sa_family == AF_INET6) ? sizeof(struct ip6_hdr) : sizeof(struct ip);
1186 if(n->status.sptps) {
1187 mtu -= SPTPS_DATAGRAM_OVERHEAD;
1189 if((n->options >> 24) >= 4) {
1190 mtu -= sizeof(node_id_t) + sizeof(node_id_t);
1193 #ifndef DISABLE_LEGACY
1195 mtu -= digest_length(n->outdigest);
1197 /* Now it's tricky. We use CBC mode, so the length of the
1198 encrypted payload must be a multiple of the blocksize. The
1199 sequence number is also part of the encrypted payload, so we
1200 must account for it after correcting for the blocksize.
1201 Furthermore, the padding in the last block must be at least
1204 length_t blocksize = cipher_blocksize(n->outcipher);
1217 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) returned absurdly small value: %d", n->name, n->hostname, ip_mtu);
1225 logger(DEBUG_TRAFFIC, LOG_INFO, "Using system-provided maximum tinc MTU for %s (%s): %hd", n->name, n->hostname, mtu);
1235 /* This function tries to determines the MTU of a node.
1236 By calling this function repeatedly, n->minmtu will be progressively
1237 increased, and at some point, n->mtu will be fixed to n->minmtu. If the MTU
1238 is already fixed, this function checks if it can be increased.
1241 static void try_mtu(node_t *n) {
1242 if(!(n->options & OPTION_PMTU_DISCOVERY)) {
1246 if(udp_discovery && !n->status.udp_confirmed) {
1247 n->maxrecentlen = 0;
1254 /* mtuprobes == 0..19: initial discovery, send bursts with 1 second interval, mtuprobes++
1255 mtuprobes == 20: fix MTU, and go to -1
1256 mtuprobes == -1: send one maxmtu and one maxmtu+1 probe every pinginterval
1257 mtuprobes ==-2..-3: send one maxmtu probe every second
1258 mtuprobes == -4: maxmtu no longer valid, reset minmtu and maxmtu and go to 0 */
1260 struct timeval elapsed;
1261 timersub(&now, &n->mtu_ping_sent, &elapsed);
1263 if(n->mtuprobes >= 0) {
1264 if(n->mtuprobes != 0 && elapsed.tv_sec == 0 && elapsed.tv_usec < 333333) {
1268 if(n->mtuprobes < -1) {
1269 if(elapsed.tv_sec < 1) {
1273 if(elapsed.tv_sec < pinginterval) {
1279 n->mtu_ping_sent = now;
1283 if(n->mtuprobes < -3) {
1284 /* We lost three MTU probes, restart discovery */
1285 logger(DEBUG_TRAFFIC, LOG_INFO, "Decrease in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
1290 if(n->mtuprobes < 0) {
1291 /* After the initial discovery, we only send one maxmtu and one
1292 maxmtu+1 probe to detect PMTU increases. */
1293 send_udp_probe_packet(n, n->maxmtu);
1295 if(n->mtuprobes == -1 && n->maxmtu + 1 < MTU) {
1296 send_udp_probe_packet(n, n->maxmtu + 1);
1301 /* Before initial discovery begins, set maxmtu to the most likely value.
1302 If it's underestimated, we will correct it after initial discovery. */
1303 if(n->mtuprobes == 0) {
1304 n->maxmtu = choose_initial_maxmtu(n);
1308 /* Decreasing the number of probes per cycle might make the algorithm react faster to lost packets,
1309 but it will typically increase convergence time in the no-loss case. */
1310 const length_t probes_per_cycle = 8;
1312 /* This magic value was determined using math simulations.
1313 It will result in a 1329-byte first probe, followed (if there was a reply) by a 1407-byte probe.
1314 Since 1407 is just below the range of tinc MTUs over typical networks,
1315 this fine-tuning allows tinc to cover a lot of ground very quickly.
1316 This fine-tuning is only valid for maxmtu = MTU; if maxmtu is smaller,
1317 then it's better to use a multiplier of 1. Indeed, this leads to an interesting scenario
1318 if choose_initial_maxmtu() returns the actual MTU value - it will get confirmed with one single probe. */
1319 const float multiplier = (n->maxmtu == MTU) ? 0.97 : 1;
1321 const float cycle_position = probes_per_cycle - (n->mtuprobes % probes_per_cycle) - 1;
1322 const length_t minmtu = MAX(n->minmtu, 512);
1323 const float interval = n->maxmtu - minmtu;
1325 /* The core of the discovery algorithm is this exponential.
1326 It produces very large probes early in the cycle, and then it very quickly decreases the probe size.
1327 This reflects the fact that in the most difficult cases, we don't get any feedback for probes that
1328 are too large, and therefore we need to concentrate on small offsets so that we can quickly converge
1329 on the precise MTU as we are approaching it.
1330 The last probe of the cycle is always 1 byte in size - this is to make sure we'll get at least one
1331 reply per cycle so that we can make progress. */
1332 const length_t offset = powf(interval, multiplier * cycle_position / (probes_per_cycle - 1));
1334 length_t maxmtu = n->maxmtu;
1335 send_udp_probe_packet(n, minmtu + offset);
1337 /* If maxmtu changed, it means the probe was rejected by the system because it was too large.
1338 In that case, we recalculate with the new maxmtu and try again. */
1339 if(n->mtuprobes < 0 || maxmtu == n->maxmtu) {
1344 if(n->mtuprobes >= 0) {
1350 /* These functions try to establish a tunnel to a node (or its relay) so that
1351 packets can be sent (e.g. exchange keys).
1352 If a tunnel is already established, it tries to improve it (e.g. by trying
1353 to establish a UDP tunnel instead of TCP). This function makes no
1354 guarantees - it is up to the caller to check the node's state to figure out
1355 if TCP and/or UDP is usable. By calling this function repeatedly, the
1356 tunnel is gradually improved until we hit the wall imposed by the underlying
1357 network environment. It is recommended to call this function every time a
1358 packet is sent (or intended to be sent) to a node, so that the tunnel keeps
1359 improving as packets flow, and then gracefully downgrades itself as it goes
1363 static void try_tx_sptps(node_t *n, bool mtu) {
1364 /* If n is a TCP-only neighbor, we'll only use "cleartext" PACKET
1365 messages anyway, so there's no need for SPTPS at all. */
1367 if(n->connection && ((myself->options | n->options) & OPTION_TCPONLY)) {
1371 /* Otherwise, try to do SPTPS authentication with n if necessary. */
1375 /* Do we need to statically relay packets? */
1377 node_t *via = (n->via == myself) ? n->nexthop : n->via;
1379 /* If we do have a static relay, try everything with that one instead, if it supports relaying. */
1382 if((via->options >> 24) < 4) {
1390 /* Otherwise, try to establish UDP connectivity. */
1398 /* If we don't have UDP connectivity (yet), we need to use a dynamic relay (nexthop)
1399 while we try to establish direct connectivity. */
1401 if(!n->status.udp_confirmed && n != n->nexthop && (n->nexthop->options >> 24) >= 4) {
1402 try_tx(n->nexthop, mtu);
1406 static void try_tx_legacy(node_t *n, bool mtu) {
1407 /* Does he have our key? If not, send one. */
1409 if(!n->status.validkey_in) {
1413 /* Check if we already have a key, or request one. */
1415 if(!n->status.validkey) {
1416 if(n->last_req_key + 10 <= now.tv_sec) {
1418 n->last_req_key = now.tv_sec;
1431 void try_tx(node_t *n, bool mtu) {
1432 if(!n->status.reachable) {
1436 if(n->status.sptps) {
1437 try_tx_sptps(n, mtu);
1439 try_tx_legacy(n, mtu);
1443 void send_packet(node_t *n, vpn_packet_t *packet) {
1444 // If it's for myself, write it to the tun/tap device.
1448 memcpy(DATA(packet), mymac.x, ETH_ALEN);
1449 // Use an arbitrary fake source address.
1450 memcpy(DATA(packet) + ETH_ALEN, DATA(packet), ETH_ALEN);
1451 DATA(packet)[ETH_ALEN * 2 - 1] ^= 0xFF;
1455 n->out_bytes += packet->len;
1456 devops.write(packet);
1460 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)", packet->len, n->name, n->hostname);
1462 // If the node is not reachable, drop it.
1464 if(!n->status.reachable) {
1465 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable", n->name, n->hostname);
1469 // Keep track of packet statistics.
1472 n->out_bytes += packet->len;
1474 // Check if it should be sent as an SPTPS packet.
1476 if(n->status.sptps) {
1477 send_sptps_packet(n, packet);
1482 // Determine which node to actually send it to.
1484 node_t *via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
1487 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)", n->name, via->name, n->via->hostname);
1490 // Try to send via UDP, unless TCP is forced.
1492 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
1493 if(!send_tcppacket(via->connection, packet)) {
1494 terminate_connection(via->connection, true);
1500 send_udppacket(via, packet);
1504 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
1505 // Always give ourself a copy of the packet.
1506 if(from != myself) {
1507 send_packet(myself, packet);
1510 // In TunnelServer mode, do not forward broadcast packets.
1511 // The MST might not be valid and create loops.
1512 if(tunnelserver || broadcast_mode == BMODE_NONE) {
1516 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
1517 packet->len, from->name, from->hostname);
1519 switch(broadcast_mode) {
1520 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
1521 // This guarantees all nodes receive the broadcast packet, and
1522 // usually distributes the sending of broadcast packets over all nodes.
1524 for list_each(connection_t, c, connection_list)
1525 if(c->edge && c->status.mst && c != from->nexthop->connection) {
1526 send_packet(c->node, packet);
1531 // In direct mode, we send copies to each node we know of.
1532 // However, this only reaches nodes that can be reached in a single hop.
1533 // We don't have enough information to forward broadcast packets in this case.
1535 if(from != myself) {
1539 for splay_each(node_t, n, node_tree)
1540 if(n->status.reachable && n != myself && ((n->via == myself && n->nexthop == n) || n->via == n)) {
1541 send_packet(n, packet);
1551 /* We got a packet from some IP address, but we don't know who sent it. Try to
1552 verify the message authentication code against all active session keys.
1553 Since this is actually an expensive operation, we only do a full check once
1554 a minute, the rest of the time we only check against nodes for which we know
1555 an IP address that matches the one from the packet. */
1557 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
1558 node_t *match = NULL;
1560 static time_t last_hard_try = 0;
1562 for splay_each(node_t, n, node_tree) {
1563 if(!n->status.reachable || n == myself) {
1567 if(!n->status.validkey_in && !(n->status.sptps && n->sptps.instate)) {
1573 for splay_each(edge_t, e, n->edge_tree) {
1578 if(!sockaddrcmp_noport(from, &e->reverse->address)) {
1585 if(last_hard_try == now.tv_sec) {
1592 if(!try_mac(n, pkt)) {
1601 last_hard_try = now.tv_sec;
1607 static void handle_incoming_vpn_packet(listen_socket_t *ls, vpn_packet_t *pkt, sockaddr_t *addr) {
1609 node_id_t nullid = {{0}};
1611 bool direct = false;
1613 sockaddrunmap(addr); /* Some braindead IPv6 implementations do stupid things. */
1615 // Try to figure out who sent this packet.
1617 node_t *n = lookup_node_udp(addr);
1619 if(n && !n->status.udp_confirmed) {
1620 n = NULL; // Don't believe it if we don't have confirmation yet.
1624 // It might be from a 1.1 node, which might have a source ID in the packet.
1625 pkt->offset = 2 * sizeof(node_id_t);
1626 from = lookup_node_id(SRCID(pkt));
1628 if(from && !memcmp(DSTID(pkt), &nullid, sizeof(nullid)) && from->status.sptps) {
1629 if(sptps_verify_datagram(&from->sptps, DATA(pkt), pkt->len - 2 * sizeof(node_id_t))) {
1639 n = try_harder(addr, pkt);
1645 if(debug_level >= DEBUG_PROTOCOL) {
1646 hostname = sockaddr2hostname(addr);
1647 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1656 if(n->status.sptps) {
1657 bool relay_enabled = (n->options >> 24) >= 4;
1660 pkt->offset = 2 * sizeof(node_id_t);
1661 pkt->len -= pkt->offset;
1664 if(!memcmp(DSTID(pkt), &nullid, sizeof(nullid)) || !relay_enabled) {
1669 from = lookup_node_id(SRCID(pkt));
1670 to = lookup_node_id(DSTID(pkt));
1674 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from %s (%s) with unknown source and/or destination ID", n->name, n->hostname);
1678 if(!to->status.reachable) {
1679 /* This can happen in the form of a race condition
1680 if the node just became unreachable. */
1681 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
1685 /* The packet is supposed to come from the originator or its static relay
1686 (i.e. with no dynamic relays in between).
1687 If it did not, "help" the static relay by sending it UDP info.
1688 Note that we only do this if we're the destination or the static relay;
1689 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
1691 if(n != from->via && to->via == myself) {
1692 send_udp_info(myself, from);
1695 /* If we're not the final recipient, relay the packet. */
1698 send_sptps_data(to, from, 0, DATA(pkt), pkt->len);
1707 if(!receive_udppacket(from, pkt)) {
1711 n->sock = ls - listen_socket;
1713 if(direct && sockaddrcmp(addr, &n->address)) {
1714 update_node_udp(n, addr);
1717 /* If the packet went through a relay, help the sender find the appropriate MTU
1718 through the relay path. */
1721 send_mtu_info(myself, n, MTU);
1725 void handle_incoming_vpn_data(void *data, int flags) {
1726 listen_socket_t *ls = data;
1728 #ifdef HAVE_RECVMMSG
1730 static int num = MAX_MSG;
1731 static vpn_packet_t pkt[MAX_MSG];
1732 static sockaddr_t addr[MAX_MSG];
1733 static struct mmsghdr msg[MAX_MSG];
1734 static struct iovec iov[MAX_MSG];
1736 for(int i = 0; i < num; i++) {
1739 iov[i] = (struct iovec) {
1740 .iov_base = DATA(&pkt[i]),
1744 msg[i].msg_hdr = (struct msghdr) {
1745 .msg_name = &addr[i].sa,
1746 .msg_namelen = sizeof(addr)[i],
1752 num = recvmmsg(ls->udp.fd, msg, MAX_MSG, MSG_DONTWAIT, NULL);
1755 if(!sockwouldblock(sockerrno)) {
1756 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1762 for(int i = 0; i < num; i++) {
1763 pkt[i].len = msg[i].msg_len;
1765 if(pkt[i].len <= 0 || pkt[i].len > MAXSIZE) {
1769 handle_incoming_vpn_packet(ls, &pkt[i], &addr[i]);
1774 sockaddr_t addr = {};
1775 socklen_t addrlen = sizeof(addr);
1778 int len = recvfrom(ls->udp.fd, (void *)DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen);
1780 if(len <= 0 || len > MAXSIZE) {
1781 if(!sockwouldblock(sockerrno)) {
1782 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1790 handle_incoming_vpn_packet(ls, &pkt, &addr);
1794 void handle_device_data(void *data, int flags) {
1795 vpn_packet_t packet;
1796 packet.offset = DEFAULT_PACKET_OFFSET;
1797 packet.priority = 0;
1798 static int errors = 0;
1800 if(devops.read(&packet)) {
1802 myself->in_packets++;
1803 myself->in_bytes += packet.len;
1804 route(myself, &packet);
1806 usleep(errors * 50000);
1810 logger(DEBUG_ALWAYS, LOG_ERR, "Too many errors from %s, exiting!", device);
projects / oweals / tinc.git / blob