X-Git-Url: https://git.librecmc.org/?p=oweals%2Ftinc.git;a=blobdiff_plain;f=src%2Fnet.c;h=893892c033bedbb453453829ddd384a853ac45ed;hp=a4324a4774fc4b537b6ea37c4d0eed98eaabc9ac;hb=1eedf54681d4556c6874f7baee8e810cab867756;hpb=698191fd2f512f3618e2d60592fcd57cd750b965 diff --git a/src/net.c b/src/net.c index a4324a4..893892c 100644 --- a/src/net.c +++ b/src/net.c @@ -17,31 +17,47 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.67 2000/11/04 22:57:30 guus Exp $ + $Id: net.c,v 1.35.4.82 2000/11/25 13:33:30 guus Exp $ */ #include "config.h" -#include #include #include -#include -#include #include #include #include #include #include #include -#include #include #include #include #include #include -#include -#include -#include +/* SunOS really wants sys/socket.h BEFORE net/if.h, + and FreeBSD wants these lines below the rest. */ +#include +#include +#include + +#ifdef HAVE_OPENSSL_RAND_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_EVP_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_ERR_H +# include +#else +# include +#endif #ifdef HAVE_TUNTAP #include LINUX_IF_TUN_H @@ -51,10 +67,12 @@ #include #include "conf.h" -#include "connlist.h" +#include "connection.h" +#include "list.h" #include "meta.h" #include "net.h" #include "netutl.h" +#include "process.h" #include "protocol.h" #include "subnet.h" @@ -74,71 +92,16 @@ int keylifetime = 0; int keyexpires = 0; char *unknown = NULL; -char *interface_name = NULL; /* Contains the name of the interface */ subnet_t mymac; -/* - Execute the given script. - This function doesn't really belong here. -*/ -int execute_script(const char* name) -{ - char *scriptname; - pid_t pid; - char *s; - - if((pid = fork()) < 0) - { - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fork"); - return -1; - } - - if(pid) - { - return 0; - } - - /* Child here */ - - asprintf(&scriptname, "%s/%s", confbase, name); - asprintf(&s, "IFNAME=%s", interface_name); - putenv(s); - free(s); - - if(netname) - { - asprintf(&s, "NETNAME=%s", netname); - putenv(s); - free(s); - } - else - { - unsetenv("NETNAME"); - } - - if(chdir(confbase) < 0) - { - syslog(LOG_ERR, _("Couldn't chdir to `%s': %m"), - confbase); - } - - execl(scriptname, NULL); - /* No return on success */ - - if(errno != ENOENT) /* Ignore if the file does not exist */ - syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname); - - /* No need to free things */ - exit(0); -} - -int xsend(conn_list_t *cl, vpn_packet_t *inpkt) +int xsend(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; EVP_CIPHER_CTX ctx; + struct sockaddr_in to; + socklen_t tolen = sizeof(to); cp outpkt.len = inpkt->len; @@ -160,7 +123,11 @@ cp total_socket_out += outlen; - if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0) + to.sin_family = AF_INET; + to.sin_addr.s_addr = htonl(cl->address); + to.sin_port = htons(cl->port); + + if((sendto(myself->socket, (char *) &(outpkt.len), outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); @@ -170,7 +137,7 @@ cp return 0; } -int xrecv(conn_list_t *cl, vpn_packet_t *inpkt) +int xrecv(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; @@ -293,8 +260,8 @@ cp each packet, and removing it when that returned a zero exit code */ -void flush_queue(conn_list_t *cl, packet_queue_t **pq, - int (*function)(conn_list_t*,vpn_packet_t*)) +void flush_queue(connection_t *cl, packet_queue_t **pq, + int (*function)(connection_t*,vpn_packet_t*)) { queue_element_t *p, *next = NULL; cp @@ -318,7 +285,7 @@ cp void because nothing goes wrong here, packets remain in the queue if something goes wrong */ -void flush_queues(conn_list_t *cl) +void flush_queues(connection_t *cl) { cp if(cl->sq) @@ -344,7 +311,7 @@ cp */ int send_packet(ip_t to, vpn_packet_t *packet) { - conn_list_t *cl; + connection_t *cl; subnet_t *subnet; cp if((subnet = lookup_subnet_ipv4(to)) == NULL) @@ -375,17 +342,6 @@ cp /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ - /* Connections are now opened beforehand... - - if(!cl->status.dataopen) - if(setup_vpn_connection(cl) < 0) - { - syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), - cl->name, cl->hostname); - return -1; - } - */ - if(!cl->status.validkey) { /* FIXME: Don't queue until everything else is fixed. @@ -423,17 +379,31 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; +#ifdef HAVE_LINUX + #ifdef HAVE_TUNTAP struct ifreq ifr; + #endif +#endif cp if((cfg = get_config_val(config, config_tapdevice))) tapfname = cfg->data.ptr; else -#ifdef HAVE_TUNTAP - tapfname = "/dev/misc/net/tun"; -#else - tapfname = "/dev/tap0"; + { +#ifdef HAVE_LINUX + #ifdef HAVE_TUNTAP + tapfname = "/dev/misc/net/tun"; + #else + tapfname = "/dev/tap0"; + #endif +#endif +#ifdef HAVE_FREEBSD + tapfname = "/dev/tap0"; #endif +#ifdef HAVE_SOLARIS + tapfname = "/dev/tun"; +#endif + } cp if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0) { @@ -443,9 +413,10 @@ cp cp tap_fd = nfd; + taptype = TAP_TYPE_ETHERTAP; + /* Set default MAC address for ethertap devices */ - taptype = TAP_TYPE_ETHERTAP; mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; @@ -454,7 +425,8 @@ cp mymac.net.mac.address.x[4] = 0x00; mymac.net.mac.address.x[5] = 0x00; -#ifdef HAVE_TUNTAP +#ifdef HAVE_LINUX + #ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ memset(&ifr, 0, sizeof(ifr)); cp @@ -463,18 +435,15 @@ cp strncpy(ifr.ifr_name, netname, IFNAMSIZ); cp if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) - { + { syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); taptype = TAP_TYPE_TUNTAP; } + #endif +#endif +#ifdef HAVE_FREEBSD + taptype = TAP_TYPE_TUNTAP; #endif - - /* Add name of network interface to environment (for scripts) */ - - ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr); - interface_name = xmalloc(strlen(ifr.ifr_name)); - strcpy(interface_name, ifr.ifr_name); - cp return 0; } @@ -498,6 +467,7 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "setsockopt"); return -1; @@ -505,6 +475,7 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one))) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "setsockopt"); return -1; @@ -513,6 +484,7 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "fcntl"); return -1; @@ -522,6 +494,7 @@ cp { if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr))) { + close(nfd); syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr); return -1; } @@ -538,12 +511,14 @@ cp if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { + close(nfd); syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port); return -1; } if(listen(nfd, 3)) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "listen"); return -1; @@ -564,12 +539,14 @@ int setup_vpn_in_socket(int port) cp if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { + close(nfd); syslog(LOG_ERR, _("Creating socket failed: %m")); return -1; } if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "setsockopt"); return -1; @@ -578,6 +555,7 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "fcntl"); return -1; @@ -590,6 +568,7 @@ cp if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { + close(nfd); syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port); return -1; } @@ -600,7 +579,7 @@ cp /* setup an outgoing meta (tcp) socket */ -int setup_outgoing_meta_socket(conn_list_t *cl) +int setup_outgoing_meta_socket(connection_t *cl) { int flags; struct sockaddr_in a; @@ -628,6 +607,7 @@ cp if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1) { + close(cl->meta_socket); syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port); return -1; } @@ -635,6 +615,7 @@ cp flags = fcntl(cl->meta_socket, F_GETFL); if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) { + close(cl->meta_socket); syslog(LOG_ERR, _("fcntl for %s port %d: %m"), cl->hostname, cl->port); return -1; @@ -650,15 +631,11 @@ cp } /* - setup an outgoing connection. It's not - necessary to also open an udp socket as - well, because the other host will initiate - an authentication sequence during which - we will do just that. + Setup an outgoing meta connection. */ int setup_outgoing_connection(char *name) { - conn_list_t *ncn; + connection_t *ncn; struct hostent *h; config_t const *cfg; cp @@ -668,27 +645,27 @@ cp return -1; } - ncn = new_conn_list(); + ncn = new_connection(); asprintf(&ncn->name, "%s", name); if(read_host_config(ncn)) { syslog(LOG_ERR, _("Error reading host configuration file for %s")); - free_conn_list(ncn); + free_connection(ncn); return -1; } if(!(cfg = get_config_val(ncn->config, config_address))) { syslog(LOG_ERR, _("No address specified for %s")); - free_conn_list(ncn); + free_connection(ncn); return -1; } if(!(h = gethostbyname(cfg->data.ptr))) { syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr); - free_conn_list(ncn); + free_connection(ncn); return -1; } @@ -699,7 +676,7 @@ cp { syslog(LOG_ERR, _("Could not set up a meta connection to %s"), ncn->hostname); - free_conn_list(ncn); + free_connection(ncn); return -1; } @@ -708,7 +685,7 @@ cp ncn->buflen = 0; ncn->last_ping_time = time(NULL); - conn_list_add(ncn); + connection_add(ncn); send_id(ncn); cp @@ -716,7 +693,7 @@ cp } /* - Configure conn_list_t myself and set up the local sockets (listen only) + Configure connection_t myself and set up the local sockets (listen only) */ int setup_myself(void) { @@ -724,7 +701,7 @@ int setup_myself(void) config_t *next; subnet_t *net; cp - myself = new_conn_list(); + myself = new_connection(); asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */ myself->flags = 0; @@ -813,7 +790,13 @@ cp if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { - syslog(LOG_ERR, _("Unable to set up a listening socket!")); + syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); + return -1; + } + + if((myself->socket = setup_vpn_in_socket(myself->port)) < 0) + { + syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); return -1; } @@ -882,6 +865,9 @@ int setup_network_connections(void) { config_t const *cfg; cp + init_connections(); + init_subnets(); + if((cfg = get_config_val(config, config_pingtimeout)) == NULL) timeout = 60; else @@ -896,12 +882,12 @@ cp if(setup_tap_fd() < 0) return -1; - if(setup_myself() < 0) - return -1; - /* Run tinc-up script to further initialize the tap interface */ execute_script("tinc-up"); + if(setup_myself() < 0) + return -1; + if(!(cfg = get_config_val(config, config_connectto))) /* No upstream IP given, we're listen only. */ return 0; @@ -928,10 +914,12 @@ cp */ void close_network_connections(void) { - conn_list_t *p; + rbl_t *rbl; + connection_t *p; cp - for(p = conn_list; p != NULL; p = p->next) + RBL_FOREACH(connection_tree, rbl) { + p = (connection_t *)rbl->data; p->status.active = 0; terminate_connection(p); } @@ -940,7 +928,7 @@ cp if(myself->status.active) { close(myself->meta_socket); - free_conn_list(myself); + free_connection(myself); myself = NULL; } @@ -949,17 +937,16 @@ cp /* Execute tinc-down script right after shutting down the interface */ execute_script("tinc-down"); - destroy_conn_list(); - - syslog(LOG_NOTICE, _("Terminating")); + destroy_connection_tree(); cp return; } /* create a data (udp) socket + OBSOLETED: use only one listening socket for compatibility with non-Linux operating systems */ -int setup_vpn_connection(conn_list_t *cl) +int setup_vpn_connection(connection_t *cl) { int nfd, flags; struct sockaddr_in a; @@ -977,6 +964,7 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "setsockopt"); return -1; @@ -985,6 +973,7 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "fcntl"); return -1; @@ -997,6 +986,7 @@ cp if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { + close(nfd); syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port); return -1; } @@ -1007,6 +997,7 @@ cp if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1) { + close(nfd); syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"), cl->hostname, cl->port); return -1; @@ -1015,6 +1006,7 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, cl->name, cl->hostname); return -1; @@ -1030,15 +1022,15 @@ cp handle an incoming tcp connect call and open a connection to it. */ -conn_list_t *create_new_connection(int sfd) +connection_t *create_new_connection(int sfd) { - conn_list_t *p; + connection_t *p; struct sockaddr_in ci; int len = sizeof(ci); cp - p = new_conn_list(); + p = new_connection(); - if(getpeername(sfd, &ci, &len) < 0) + if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0) { syslog(LOG_ERR, _("System call `%s' failed: %m"), "getpeername"); @@ -1068,16 +1060,18 @@ cp */ void build_fdset(fd_set *fs) { - conn_list_t *p; + rbl_t *rbl; + connection_t *p; cp FD_ZERO(fs); - for(p = conn_list; p != NULL; p = p->next) + FD_SET(myself->socket, fs); + + RBL_FOREACH(connection_tree, rbl) { + p = (connection_t *)rbl->data; if(p->status.meta) - FD_SET(p->meta_socket, fs); - if(p->status.dataopen) - FD_SET(p->socket, fs); + FD_SET(p->meta_socket, fs); } FD_SET(myself->meta_socket, fs); @@ -1090,16 +1084,19 @@ cp udp socket and write it to the ethertap device after being decrypted */ -int handle_incoming_vpn_data(conn_list_t *cl) +int handle_incoming_vpn_data(void) { vpn_packet_t pkt; int x, l = sizeof(x); int lenin; + struct sockaddr_in from; + socklen_t fromlen = sizeof(from); + connection_t *cl; cp - if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), - __FILE__, __LINE__, cl->socket); + __FILE__, __LINE__, myself->socket); return -1; } if(x) @@ -1108,12 +1105,20 @@ cp return -1; } - if((lenin = recv(cl->socket, (char *) &(pkt.len), MTU, 0)) <= 0) + if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return -1; } + cl = lookup_connection(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + + if(!cl) + { + syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + return 0; + } + if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin, @@ -1128,10 +1133,11 @@ cp terminate a connection and notify the other end before closing the sockets */ -void terminate_connection(conn_list_t *cl) +void terminate_connection(connection_t *cl) { - conn_list_t *p; - subnet_t *s; + connection_t *p; + subnet_t *subnet; + rbl_t *rbl; cp if(cl->status.remove) return; @@ -1147,26 +1153,34 @@ cp if(cl->status.meta) close(cl->meta_socket); -cp /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ if(cl->status.meta) - for(p = conn_list; p != NULL; p = p->next) - if((p->nexthop == cl) && (p != cl)) - terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */ + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->nexthop == cl && p != cl) + terminate_connection(p); + } /* Inform others of termination if it was still active */ if(cl->status.active) - for(p = conn_list; p != NULL; p = p->next) - if(p->status.meta && p->status.active && p!=cl) - send_del_host(p, cl); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->status.meta && p->status.active && p!=cl) + send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ + } /* Remove the associated subnets */ - for(s = cl->subnets; s; s = s->next) - subnet_del(s); + RBL_FOREACH(cl->subnet_tree, rbl) + { + subnet = (subnet_t *)rbl->data; + subnet_del(subnet); + } /* Check if this was our outgoing connection */ @@ -1192,35 +1206,37 @@ cp end does not reply in time, we consider them dead and close the connection. */ -int check_dead_connections(void) +void check_dead_connections(void) { - conn_list_t *p; time_t now; + rbl_t *rbl; + connection_t *cl; cp now = time(NULL); - for(p = conn_list; p != NULL; p = p->next) + + RBL_FOREACH(connection_tree, rbl) { - if(p->status.active && p->status.meta) - { - if(p->last_ping_time + timeout < now) + cl = (connection_t *)rbl->data; + if(cl->status.active && cl->status.meta) + { + if(cl->last_ping_time + timeout < now) { - if(p->status.pinged) + if(cl->status.pinged) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), - p->name, p->hostname); - p->status.timeout = 1; - terminate_connection(p); + cl->name, cl->hostname); + cl->status.timeout = 1; + terminate_connection(cl); } else { - send_ping(p); + send_ping(cl); } } - } + } } cp - return 0; } /* @@ -1229,7 +1245,7 @@ cp */ int handle_new_meta_connection() { - conn_list_t *ncn; + connection_t *ncn; struct sockaddr client; int nfd, len = sizeof(client); cp @@ -1247,7 +1263,7 @@ cp return 0; } - conn_list_add(ncn); + connection_add(ncn); cp return 0; } @@ -1258,27 +1274,18 @@ cp */ void check_network_activity(fd_set *f) { - conn_list_t *p; + connection_t *p; + rbl_t *rbl; cp - for(p = conn_list; p != NULL; p = p->next) - { - if(p->status.remove) - continue; + if(FD_ISSET(myself->socket, f)) + handle_incoming_vpn_data(); - if(p->status.dataopen) - if(FD_ISSET(p->socket, f)) - { - handle_incoming_vpn_data(p); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; - /* Old error stuff (FIXME: copy this to handle_incoming_vpn_data() - - getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l); - syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), - p->name, p->hostname, strerror(x)); - terminate_connection(p); - */ - return; - } + if(p->status.remove) + return; if(p->status.meta) if(FD_ISSET(p->meta_socket, f)) @@ -1288,7 +1295,7 @@ cp return; } } - + if(FD_ISSET(myself->meta_socket, f)) handle_new_meta_connection(); cp @@ -1358,7 +1365,7 @@ cp tv.tv_sec = timeout; tv.tv_usec = 0; - prune_conn_list(); + prune_connection_tree(); build_fdset(&fset); if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)