2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.70 2000/11/08 17:56:34 guus Exp $
25 #include <arpa/inet.h>
28 /* SunOS really wants sys/socket.h BEFORE net/if.h */
29 #include <sys/socket.h>
32 #include <netinet/in.h>
36 #include <sys/signal.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 #include <openssl/rand.h>
43 #include <openssl/evp.h>
44 #include <openssl/err.h>
47 #include LINUX_IF_TUN_H
64 int taptype = TAP_TYPE_ETHERTAP;
66 int total_tap_out = 0;
67 int total_socket_in = 0;
68 int total_socket_out = 0;
70 config_t *upstreamcfg;
71 static int seconds_till_retry;
81 Execute the given script.
82 This function doesn't really belong here.
84 int execute_script(const char *name)
90 if((pid = fork()) < 0)
92 syslog(LOG_ERR, _("System call `%s' failed: %m"),
106 asprintf(&s, "NETNAME=%s", netname);
107 putenv(s); /* Don't free s! see man 3 putenv */
116 chdir(confbase); /* This cannot fail since we already read config files from this directory. */
118 asprintf(&scriptname, "%s/%s", confbase, name);
119 execl(scriptname, NULL);
121 /* No return on success */
123 if(errno != ENOENT) /* Ignore if the file does not exist */
124 syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname);
126 /* No need to free things */
131 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
137 outpkt.len = inpkt->len;
139 /* Encrypt the packet */
141 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
142 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
143 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
144 outlen += outpad + 2;
147 outlen = outpkt.len + 2;
148 memcpy(&outpkt, inpkt, outlen);
151 if(debug_lvl >= DEBUG_TRAFFIC)
152 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
153 outlen, cl->name, cl->hostname);
155 total_socket_out += outlen;
157 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
159 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
160 cl->name, cl->hostname);
167 int xrecv(conn_list_t *cl, vpn_packet_t *inpkt)
173 outpkt.len = inpkt->len;
175 /* Decrypt the packet */
177 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
178 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
179 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
183 outlen = outpkt.len+2;
184 memcpy(&outpkt, inpkt, outlen);
187 if(debug_lvl >= DEBUG_TRAFFIC)
188 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
191 /* Fix mac address */
193 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
195 if(taptype == TAP_TYPE_TUNTAP)
197 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
198 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
200 total_tap_out += outpkt.len;
204 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
205 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
207 total_tap_out += outpkt.len + 2;
214 add the given packet of size s to the
215 queue q, be it the send or receive queue
217 void add_queue(packet_queue_t **q, void *packet, size_t s)
221 e = xmalloc(sizeof(*e));
222 e->packet = xmalloc(s);
223 memcpy(e->packet, packet, s);
227 *q = xmalloc(sizeof(**q));
228 (*q)->head = (*q)->tail = NULL;
231 e->next = NULL; /* We insert at the tail */
233 if((*q)->tail) /* Do we have a tail? */
235 (*q)->tail->next = e;
236 e->prev = (*q)->tail;
238 else /* No tail -> no head too */
248 /* Remove a queue element */
249 void del_queue(packet_queue_t **q, queue_element_t *e)
254 if(e->next) /* There is a successor, so we are not tail */
256 if(e->prev) /* There is a predecessor, so we are not head */
258 e->next->prev = e->prev;
259 e->prev->next = e->next;
261 else /* We are head */
263 e->next->prev = NULL;
264 (*q)->head = e->next;
267 else /* We are tail (or all alone!) */
269 if(e->prev) /* We are not alone :) */
271 e->prev->next = NULL;
272 (*q)->tail = e->prev;
286 flush a queue by calling function for
287 each packet, and removing it when that
288 returned a zero exit code
290 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
291 int (*function)(conn_list_t*,vpn_packet_t*))
293 queue_element_t *p, *next = NULL;
295 for(p = (*pq)->head; p != NULL; )
299 if(!function(cl, p->packet))
305 if(debug_lvl >= DEBUG_TRAFFIC)
306 syslog(LOG_DEBUG, _("Queue flushed"));
311 flush the send&recv queues
312 void because nothing goes wrong here, packets
313 remain in the queue if something goes wrong
315 void flush_queues(conn_list_t *cl)
320 if(debug_lvl >= DEBUG_TRAFFIC)
321 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
322 cl->name, cl->hostname);
323 flush_queue(cl, &(cl->sq), xsend);
328 if(debug_lvl >= DEBUG_TRAFFIC)
329 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
330 cl->name, cl->hostname);
331 flush_queue(cl, &(cl->rq), xrecv);
337 send a packet to the given vpn ip.
339 int send_packet(ip_t to, vpn_packet_t *packet)
344 if((subnet = lookup_subnet_ipv4(to)) == NULL)
346 if(debug_lvl >= DEBUG_TRAFFIC)
348 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
359 if(debug_lvl >= DEBUG_TRAFFIC)
361 syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"),
368 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
370 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
372 /* Connections are now opened beforehand...
374 if(!cl->status.dataopen)
375 if(setup_vpn_connection(cl) < 0)
377 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
378 cl->name, cl->hostname);
383 if(!cl->status.validkey)
385 /* FIXME: Don't queue until everything else is fixed.
386 if(debug_lvl >= DEBUG_TRAFFIC)
387 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
388 cl->name, cl->hostname);
389 add_queue(&(cl->sq), packet, packet->len + 2);
391 if(!cl->status.waitingforkey)
392 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
396 if(!cl->status.active)
398 /* FIXME: Don't queue until everything else is fixed.
399 if(debug_lvl >= DEBUG_TRAFFIC)
400 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
401 cl->name, cl->hostname);
402 add_queue(&(cl->sq), packet, packet->len + 2);
404 return 0; /* We don't want to mess up, do we? */
407 /* can we send it? can we? can we? huh? */
409 return xsend(cl, packet);
413 open the local ethertap device
415 int setup_tap_fd(void)
418 const char *tapfname;
423 if((cfg = get_config_val(config, config_tapdevice)))
424 tapfname = cfg->data.ptr;
427 tapfname = "/dev/misc/net/tun";
429 tapfname = "/dev/tap0";
432 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
434 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
440 /* Set default MAC address for ethertap devices */
442 taptype = TAP_TYPE_ETHERTAP;
443 mymac.type = SUBNET_MAC;
444 mymac.net.mac.address.x[0] = 0xfe;
445 mymac.net.mac.address.x[1] = 0xfd;
446 mymac.net.mac.address.x[2] = 0x00;
447 mymac.net.mac.address.x[3] = 0x00;
448 mymac.net.mac.address.x[4] = 0x00;
449 mymac.net.mac.address.x[5] = 0x00;
452 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
453 memset(&ifr, 0, sizeof(ifr));
455 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
457 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
459 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
461 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
462 taptype = TAP_TYPE_TUNTAP;
470 set up the socket that we listen on for incoming
473 int setup_listen_meta_socket(int port)
476 struct sockaddr_in a;
480 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
482 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
486 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
489 syslog(LOG_ERR, _("System call `%s' failed: %m"),
494 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
497 syslog(LOG_ERR, _("System call `%s' failed: %m"),
502 flags = fcntl(nfd, F_GETFL);
503 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
506 syslog(LOG_ERR, _("System call `%s' failed: %m"),
511 if((cfg = get_config_val(config, config_interface)))
513 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
516 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
521 memset(&a, 0, sizeof(a));
522 a.sin_family = AF_INET;
523 a.sin_port = htons(port);
525 if((cfg = get_config_val(config, config_interfaceip)))
526 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
528 a.sin_addr.s_addr = htonl(INADDR_ANY);
530 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
533 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
540 syslog(LOG_ERR, _("System call `%s' failed: %m"),
549 setup the socket for incoming encrypted
552 int setup_vpn_in_socket(int port)
555 struct sockaddr_in a;
558 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
561 syslog(LOG_ERR, _("Creating socket failed: %m"));
565 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
568 syslog(LOG_ERR, _("System call `%s' failed: %m"),
573 flags = fcntl(nfd, F_GETFL);
574 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
577 syslog(LOG_ERR, _("System call `%s' failed: %m"),
582 memset(&a, 0, sizeof(a));
583 a.sin_family = AF_INET;
584 a.sin_port = htons(port);
585 a.sin_addr.s_addr = htonl(INADDR_ANY);
587 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
590 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
598 setup an outgoing meta (tcp) socket
600 int setup_outgoing_meta_socket(conn_list_t *cl)
603 struct sockaddr_in a;
606 if(debug_lvl >= DEBUG_CONNECTIONS)
607 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
609 if((cfg = get_config_val(cl->config, config_port)) == NULL)
612 cl->port = cfg->data.val;
614 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
615 if(cl->meta_socket == -1)
617 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
618 cl->hostname, cl->port);
622 a.sin_family = AF_INET;
623 a.sin_port = htons(cl->port);
624 a.sin_addr.s_addr = htonl(cl->address);
626 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
628 close(cl->meta_socket);
629 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
633 flags = fcntl(cl->meta_socket, F_GETFL);
634 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
636 close(cl->meta_socket);
637 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
638 cl->hostname, cl->port);
642 if(debug_lvl >= DEBUG_CONNECTIONS)
643 syslog(LOG_INFO, _("Connected to %s port %hd"),
644 cl->hostname, cl->port);
652 setup an outgoing connection. It's not
653 necessary to also open an udp socket as
654 well, because the other host will initiate
655 an authentication sequence during which
656 we will do just that.
658 int setup_outgoing_connection(char *name)
666 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
670 ncn = new_conn_list();
671 asprintf(&ncn->name, "%s", name);
673 if(read_host_config(ncn))
675 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
680 if(!(cfg = get_config_val(ncn->config, config_address)))
682 syslog(LOG_ERR, _("No address specified for %s"));
687 if(!(h = gethostbyname(cfg->data.ptr)))
689 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
694 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
695 ncn->hostname = hostlookup(htonl(ncn->address));
697 if(setup_outgoing_meta_socket(ncn) < 0)
699 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
705 ncn->status.outgoing = 1;
706 ncn->buffer = xmalloc(MAXBUFSIZE);
708 ncn->last_ping_time = time(NULL);
718 Configure conn_list_t myself and set up the local sockets (listen only)
720 int setup_myself(void)
726 myself = new_conn_list();
728 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
730 myself->protocol_version = PROT_CURRENT;
732 if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */
734 syslog(LOG_ERR, _("Name for tinc daemon required!"));
738 asprintf(&myself->name, "%s", (char*)cfg->data.val);
740 if(check_id(myself->name))
742 syslog(LOG_ERR, _("Invalid name for myself!"));
746 if(!(cfg = get_config_val(config, config_privatekey)))
748 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
753 myself->rsa_key = RSA_new();
754 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
755 BN_hex2bn(&myself->rsa_key->e, "FFFF");
758 if(read_host_config(myself))
760 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
764 if(!(cfg = get_config_val(myself->config, config_publickey)))
766 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
771 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
774 if(RSA_check_key(myself->rsa_key) != 1)
776 syslog(LOG_ERR, _("Invalid public/private keypair!"));
780 if(!(cfg = get_config_val(myself->config, config_port)))
783 myself->port = cfg->data.val;
785 if((cfg = get_config_val(myself->config, config_indirectdata)))
786 if(cfg->data.val == stupid_true)
787 myself->flags |= EXPORTINDIRECTDATA;
789 if((cfg = get_config_val(myself->config, config_tcponly)))
790 if(cfg->data.val == stupid_true)
791 myself->flags |= TCPONLY;
793 /* Read in all the subnets specified in the host configuration file */
795 for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next)
798 net->type = SUBNET_IPV4;
799 net->net.ipv4.address = cfg->data.ip->address;
800 net->net.ipv4.mask = cfg->data.ip->mask;
802 /* Teach newbies what subnets are... */
804 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
806 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
810 subnet_add(myself, net);
813 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
815 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
819 /* Generate packet encryption key */
821 myself->cipher_pkttype = EVP_bf_cfb();
823 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
825 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
826 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
828 if(!(cfg = get_config_val(config, config_keyexpire)))
831 keylifetime = cfg->data.val;
833 keyexpires = time(NULL) + keylifetime;
835 /* Activate ourselves */
837 myself->status.active = 1;
839 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
845 sigalrm_handler(int a)
849 cfg = get_config_val(upstreamcfg, config_connectto);
851 if(!cfg && upstreamcfg == config)
852 /* No upstream IP given, we're listen only. */
857 upstreamcfg = cfg->next;
858 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
860 signal(SIGALRM, SIG_IGN);
863 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
866 signal(SIGALRM, sigalrm_handler);
867 upstreamcfg = config;
868 seconds_till_retry += 5;
869 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
870 seconds_till_retry = MAXTIMEOUT;
871 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
873 alarm(seconds_till_retry);
878 setup all initial network connections
880 int setup_network_connections(void)
884 if((cfg = get_config_val(config, config_pingtimeout)) == NULL)
888 timeout = cfg->data.val;
895 if(setup_tap_fd() < 0)
898 if(setup_myself() < 0)
901 /* Run tinc-up script to further initialize the tap interface */
902 execute_script("tinc-up");
904 if(!(cfg = get_config_val(config, config_connectto)))
905 /* No upstream IP given, we're listen only. */
910 upstreamcfg = cfg->next;
911 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
913 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
916 signal(SIGALRM, sigalrm_handler);
917 upstreamcfg = config;
918 seconds_till_retry = MAXTIMEOUT;
919 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
920 alarm(seconds_till_retry);
926 close all open network connections
928 void close_network_connections(void)
932 for(p = conn_list; p != NULL; p = p->next)
934 p->status.active = 0;
935 terminate_connection(p);
939 if(myself->status.active)
941 close(myself->meta_socket);
942 free_conn_list(myself);
948 /* Execute tinc-down script right after shutting down the interface */
949 execute_script("tinc-down");
953 syslog(LOG_NOTICE, _("Terminating"));
959 create a data (udp) socket
961 int setup_vpn_connection(conn_list_t *cl)
964 struct sockaddr_in a;
967 if(debug_lvl >= DEBUG_TRAFFIC)
968 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
970 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
973 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
977 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
980 syslog(LOG_ERR, _("System call `%s' failed: %m"),
985 flags = fcntl(nfd, F_GETFL);
986 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
989 syslog(LOG_ERR, _("System call `%s' failed: %m"),
994 memset(&a, 0, sizeof(a));
995 a.sin_family = AF_INET;
996 a.sin_port = htons(myself->port);
997 a.sin_addr.s_addr = htonl(INADDR_ANY);
999 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
1002 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port);
1006 a.sin_family = AF_INET;
1007 a.sin_port = htons(cl->port);
1008 a.sin_addr.s_addr = htonl(cl->address);
1010 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
1013 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
1014 cl->hostname, cl->port);
1018 flags = fcntl(nfd, F_GETFL);
1019 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
1022 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
1023 cl->name, cl->hostname);
1028 cl->status.dataopen = 1;
1034 handle an incoming tcp connect call and open
1037 conn_list_t *create_new_connection(int sfd)
1040 struct sockaddr_in ci;
1041 int len = sizeof(ci);
1043 p = new_conn_list();
1045 if(getpeername(sfd, &ci, &len) < 0)
1047 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1053 p->address = ntohl(ci.sin_addr.s_addr);
1054 p->hostname = hostlookup(ci.sin_addr.s_addr);
1055 p->meta_socket = sfd;
1057 p->buffer = xmalloc(MAXBUFSIZE);
1059 p->last_ping_time = time(NULL);
1061 if(debug_lvl >= DEBUG_CONNECTIONS)
1062 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1063 p->hostname, htons(ci.sin_port));
1065 p->allow_request = ID;
1071 put all file descriptors in an fd_set array
1073 void build_fdset(fd_set *fs)
1079 for(p = conn_list; p != NULL; p = p->next)
1082 FD_SET(p->meta_socket, fs);
1083 if(p->status.dataopen)
1084 FD_SET(p->socket, fs);
1087 FD_SET(myself->meta_socket, fs);
1093 receive incoming data from the listening
1094 udp socket and write it to the ethertap
1095 device after being decrypted
1097 int handle_incoming_vpn_data(conn_list_t *cl)
1100 int x, l = sizeof(x);
1103 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1105 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1106 __FILE__, __LINE__, cl->socket);
1111 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1115 if((lenin = recv(cl->socket, (char *) &(pkt.len), MTU, 0)) <= 0)
1117 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1121 if(debug_lvl >= DEBUG_TRAFFIC)
1123 syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin,
1124 cl->name, cl->hostname);
1128 return xrecv(cl, &pkt);
1132 terminate a connection and notify the other
1133 end before closing the sockets
1135 void terminate_connection(conn_list_t *cl)
1140 if(cl->status.remove)
1143 cl->status.remove = 1;
1145 if(debug_lvl >= DEBUG_CONNECTIONS)
1146 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1147 cl->name, cl->hostname);
1152 close(cl->meta_socket);
1155 /* Find all connections that were lost because they were behind cl
1156 (the connection that was dropped). */
1159 for(p = conn_list; p != NULL; p = p->next)
1160 if((p->nexthop == cl) && (p != cl))
1161 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1163 /* Inform others of termination if it was still active */
1165 if(cl->status.active)
1166 for(p = conn_list; p != NULL; p = p->next)
1167 if(p->status.meta && p->status.active && p!=cl)
1168 send_del_host(p, cl);
1170 /* Remove the associated subnets */
1172 for(s = cl->subnets; s; s = s->next)
1175 /* Check if this was our outgoing connection */
1177 if(cl->status.outgoing && cl->status.active)
1179 signal(SIGALRM, sigalrm_handler);
1180 seconds_till_retry = 5;
1181 alarm(seconds_till_retry);
1182 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1187 cl->status.active = 0;
1192 Check if the other end is active.
1193 If we have sent packets, but didn't receive any,
1194 then possibly the other end is dead. We send a
1195 PING request over the meta connection. If the other
1196 end does not reply in time, we consider them dead
1197 and close the connection.
1199 int check_dead_connections(void)
1205 for(p = conn_list; p != NULL; p = p->next)
1207 if(p->status.active && p->status.meta)
1209 if(p->last_ping_time + timeout < now)
1211 if(p->status.pinged)
1213 if(debug_lvl >= DEBUG_PROTOCOL)
1214 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1215 p->name, p->hostname);
1216 p->status.timeout = 1;
1217 terminate_connection(p);
1231 accept a new tcp connect and create a
1234 int handle_new_meta_connection()
1237 struct sockaddr client;
1238 int nfd, len = sizeof(client);
1240 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1242 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1246 if(!(ncn = create_new_connection(nfd)))
1250 syslog(LOG_NOTICE, _("Closed attempted connection"));
1260 check all connections to see if anything
1261 happened on their sockets
1263 void check_network_activity(fd_set *f)
1267 for(p = conn_list; p != NULL; p = p->next)
1269 if(p->status.remove)
1272 if(p->status.dataopen)
1273 if(FD_ISSET(p->socket, f))
1275 handle_incoming_vpn_data(p);
1277 /* Old error stuff (FIXME: copy this to handle_incoming_vpn_data()
1279 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1280 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1281 p->name, p->hostname, strerror(x));
1282 terminate_connection(p);
1288 if(FD_ISSET(p->meta_socket, f))
1289 if(receive_meta(p) < 0)
1291 terminate_connection(p);
1296 if(FD_ISSET(myself->meta_socket, f))
1297 handle_new_meta_connection();
1302 read, encrypt and send data that is
1303 available through the ethertap device
1305 void handle_tap_input(void)
1310 if(taptype == TAP_TYPE_TUNTAP)
1312 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1314 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1321 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1323 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1329 total_tap_in += lenin;
1333 if(debug_lvl >= DEBUG_TRAFFIC)
1334 syslog(LOG_WARNING, _("Received short packet from tap device"));
1338 if(debug_lvl >= DEBUG_TRAFFIC)
1340 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1343 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1348 this is where it all happens...
1350 void main_loop(void)
1355 time_t last_ping_check;
1358 last_ping_check = time(NULL);
1362 tv.tv_sec = timeout;
1368 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1370 if(errno != EINTR) /* because of alarm */
1372 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1379 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1381 close_network_connections();
1382 clear_config(&config);
1384 if(read_server_config())
1386 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1392 if(setup_network_connections())
1400 /* Let's check if everybody is still alive */
1402 if(last_ping_check + timeout < t)
1404 check_dead_connections();
1405 last_ping_check = time(NULL);
1407 /* Should we regenerate our key? */
1411 if(debug_lvl >= DEBUG_STATUS)
1412 syslog(LOG_INFO, _("Regenerating symmetric key"));
1414 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1415 send_key_changed(myself, NULL);
1416 keyexpires = time(NULL) + keylifetime;
1422 check_network_activity(&fset);
1424 /* local tap data */
1425 if(FD_ISSET(tap_fd, &fset))