2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.71 2000/11/15 01:06:10 zarq Exp $
25 #include <arpa/inet.h>
28 /* SunOS really wants sys/socket.h BEFORE net/if.h */
29 #include <sys/socket.h>
32 #include <netinet/in.h>
36 #include <sys/signal.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
43 #ifdef HAVE_OPENSSL_RAND_H
44 # include <openssl/rand.h>
49 #ifdef HAVE_OPENSSL_EVP_H
50 # include <openssl/evp.h>
55 #ifdef HAVE_OPENSSL_ERR_H
56 # include <openssl/err.h>
62 #include LINUX_IF_TUN_H
79 int taptype = TAP_TYPE_ETHERTAP;
81 int total_tap_out = 0;
82 int total_socket_in = 0;
83 int total_socket_out = 0;
85 config_t *upstreamcfg;
86 static int seconds_till_retry;
96 Execute the given script.
97 This function doesn't really belong here.
99 int execute_script(const char *name)
105 if((pid = fork()) < 0)
107 syslog(LOG_ERR, _("System call `%s' failed: %m"),
121 asprintf(&s, "NETNAME=%s", netname);
122 putenv(s); /* Don't free s! see man 3 putenv */
131 chdir(confbase); /* This cannot fail since we already read config files from this directory. */
133 asprintf(&scriptname, "%s/%s", confbase, name);
134 execl(scriptname, NULL);
136 /* No return on success */
138 if(errno != ENOENT) /* Ignore if the file does not exist */
139 syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname);
141 /* No need to free things */
146 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
152 outpkt.len = inpkt->len;
154 /* Encrypt the packet */
156 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
157 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
158 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
159 outlen += outpad + 2;
162 outlen = outpkt.len + 2;
163 memcpy(&outpkt, inpkt, outlen);
166 if(debug_lvl >= DEBUG_TRAFFIC)
167 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
168 outlen, cl->name, cl->hostname);
170 total_socket_out += outlen;
172 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
174 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
175 cl->name, cl->hostname);
182 int xrecv(conn_list_t *cl, vpn_packet_t *inpkt)
188 outpkt.len = inpkt->len;
190 /* Decrypt the packet */
192 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
193 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
194 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
198 outlen = outpkt.len+2;
199 memcpy(&outpkt, inpkt, outlen);
202 if(debug_lvl >= DEBUG_TRAFFIC)
203 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
206 /* Fix mac address */
208 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
210 if(taptype == TAP_TYPE_TUNTAP)
212 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
213 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
215 total_tap_out += outpkt.len;
219 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
220 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
222 total_tap_out += outpkt.len + 2;
229 add the given packet of size s to the
230 queue q, be it the send or receive queue
232 void add_queue(packet_queue_t **q, void *packet, size_t s)
236 e = xmalloc(sizeof(*e));
237 e->packet = xmalloc(s);
238 memcpy(e->packet, packet, s);
242 *q = xmalloc(sizeof(**q));
243 (*q)->head = (*q)->tail = NULL;
246 e->next = NULL; /* We insert at the tail */
248 if((*q)->tail) /* Do we have a tail? */
250 (*q)->tail->next = e;
251 e->prev = (*q)->tail;
253 else /* No tail -> no head too */
263 /* Remove a queue element */
264 void del_queue(packet_queue_t **q, queue_element_t *e)
269 if(e->next) /* There is a successor, so we are not tail */
271 if(e->prev) /* There is a predecessor, so we are not head */
273 e->next->prev = e->prev;
274 e->prev->next = e->next;
276 else /* We are head */
278 e->next->prev = NULL;
279 (*q)->head = e->next;
282 else /* We are tail (or all alone!) */
284 if(e->prev) /* We are not alone :) */
286 e->prev->next = NULL;
287 (*q)->tail = e->prev;
301 flush a queue by calling function for
302 each packet, and removing it when that
303 returned a zero exit code
305 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
306 int (*function)(conn_list_t*,vpn_packet_t*))
308 queue_element_t *p, *next = NULL;
310 for(p = (*pq)->head; p != NULL; )
314 if(!function(cl, p->packet))
320 if(debug_lvl >= DEBUG_TRAFFIC)
321 syslog(LOG_DEBUG, _("Queue flushed"));
326 flush the send&recv queues
327 void because nothing goes wrong here, packets
328 remain in the queue if something goes wrong
330 void flush_queues(conn_list_t *cl)
335 if(debug_lvl >= DEBUG_TRAFFIC)
336 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
337 cl->name, cl->hostname);
338 flush_queue(cl, &(cl->sq), xsend);
343 if(debug_lvl >= DEBUG_TRAFFIC)
344 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
345 cl->name, cl->hostname);
346 flush_queue(cl, &(cl->rq), xrecv);
352 send a packet to the given vpn ip.
354 int send_packet(ip_t to, vpn_packet_t *packet)
359 if((subnet = lookup_subnet_ipv4(to)) == NULL)
361 if(debug_lvl >= DEBUG_TRAFFIC)
363 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
374 if(debug_lvl >= DEBUG_TRAFFIC)
376 syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"),
383 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
385 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
387 /* Connections are now opened beforehand...
389 if(!cl->status.dataopen)
390 if(setup_vpn_connection(cl) < 0)
392 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
393 cl->name, cl->hostname);
398 if(!cl->status.validkey)
400 /* FIXME: Don't queue until everything else is fixed.
401 if(debug_lvl >= DEBUG_TRAFFIC)
402 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
403 cl->name, cl->hostname);
404 add_queue(&(cl->sq), packet, packet->len + 2);
406 if(!cl->status.waitingforkey)
407 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
411 if(!cl->status.active)
413 /* FIXME: Don't queue until everything else is fixed.
414 if(debug_lvl >= DEBUG_TRAFFIC)
415 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
416 cl->name, cl->hostname);
417 add_queue(&(cl->sq), packet, packet->len + 2);
419 return 0; /* We don't want to mess up, do we? */
422 /* can we send it? can we? can we? huh? */
424 return xsend(cl, packet);
428 open the local ethertap device
430 int setup_tap_fd(void)
433 const char *tapfname;
438 if((cfg = get_config_val(config, config_tapdevice)))
439 tapfname = cfg->data.ptr;
442 tapfname = "/dev/misc/net/tun";
444 tapfname = "/dev/tap0";
447 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
449 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
455 /* Set default MAC address for ethertap devices */
457 taptype = TAP_TYPE_ETHERTAP;
458 mymac.type = SUBNET_MAC;
459 mymac.net.mac.address.x[0] = 0xfe;
460 mymac.net.mac.address.x[1] = 0xfd;
461 mymac.net.mac.address.x[2] = 0x00;
462 mymac.net.mac.address.x[3] = 0x00;
463 mymac.net.mac.address.x[4] = 0x00;
464 mymac.net.mac.address.x[5] = 0x00;
467 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
468 memset(&ifr, 0, sizeof(ifr));
470 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
472 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
474 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
476 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
477 taptype = TAP_TYPE_TUNTAP;
485 set up the socket that we listen on for incoming
488 int setup_listen_meta_socket(int port)
491 struct sockaddr_in a;
495 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
497 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
501 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
504 syslog(LOG_ERR, _("System call `%s' failed: %m"),
509 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
512 syslog(LOG_ERR, _("System call `%s' failed: %m"),
517 flags = fcntl(nfd, F_GETFL);
518 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
521 syslog(LOG_ERR, _("System call `%s' failed: %m"),
526 if((cfg = get_config_val(config, config_interface)))
528 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
531 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
536 memset(&a, 0, sizeof(a));
537 a.sin_family = AF_INET;
538 a.sin_port = htons(port);
540 if((cfg = get_config_val(config, config_interfaceip)))
541 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
543 a.sin_addr.s_addr = htonl(INADDR_ANY);
545 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
548 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
555 syslog(LOG_ERR, _("System call `%s' failed: %m"),
564 setup the socket for incoming encrypted
567 int setup_vpn_in_socket(int port)
570 struct sockaddr_in a;
573 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
576 syslog(LOG_ERR, _("Creating socket failed: %m"));
580 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
583 syslog(LOG_ERR, _("System call `%s' failed: %m"),
588 flags = fcntl(nfd, F_GETFL);
589 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
592 syslog(LOG_ERR, _("System call `%s' failed: %m"),
597 memset(&a, 0, sizeof(a));
598 a.sin_family = AF_INET;
599 a.sin_port = htons(port);
600 a.sin_addr.s_addr = htonl(INADDR_ANY);
602 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
605 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
613 setup an outgoing meta (tcp) socket
615 int setup_outgoing_meta_socket(conn_list_t *cl)
618 struct sockaddr_in a;
621 if(debug_lvl >= DEBUG_CONNECTIONS)
622 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
624 if((cfg = get_config_val(cl->config, config_port)) == NULL)
627 cl->port = cfg->data.val;
629 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
630 if(cl->meta_socket == -1)
632 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
633 cl->hostname, cl->port);
637 a.sin_family = AF_INET;
638 a.sin_port = htons(cl->port);
639 a.sin_addr.s_addr = htonl(cl->address);
641 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
643 close(cl->meta_socket);
644 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
648 flags = fcntl(cl->meta_socket, F_GETFL);
649 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
651 close(cl->meta_socket);
652 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
653 cl->hostname, cl->port);
657 if(debug_lvl >= DEBUG_CONNECTIONS)
658 syslog(LOG_INFO, _("Connected to %s port %hd"),
659 cl->hostname, cl->port);
667 setup an outgoing connection. It's not
668 necessary to also open an udp socket as
669 well, because the other host will initiate
670 an authentication sequence during which
671 we will do just that.
673 int setup_outgoing_connection(char *name)
681 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
685 ncn = new_conn_list();
686 asprintf(&ncn->name, "%s", name);
688 if(read_host_config(ncn))
690 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
695 if(!(cfg = get_config_val(ncn->config, config_address)))
697 syslog(LOG_ERR, _("No address specified for %s"));
702 if(!(h = gethostbyname(cfg->data.ptr)))
704 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
709 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
710 ncn->hostname = hostlookup(htonl(ncn->address));
712 if(setup_outgoing_meta_socket(ncn) < 0)
714 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
720 ncn->status.outgoing = 1;
721 ncn->buffer = xmalloc(MAXBUFSIZE);
723 ncn->last_ping_time = time(NULL);
733 Configure conn_list_t myself and set up the local sockets (listen only)
735 int setup_myself(void)
741 myself = new_conn_list();
743 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
745 myself->protocol_version = PROT_CURRENT;
747 if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */
749 syslog(LOG_ERR, _("Name for tinc daemon required!"));
753 asprintf(&myself->name, "%s", (char*)cfg->data.val);
755 if(check_id(myself->name))
757 syslog(LOG_ERR, _("Invalid name for myself!"));
761 if(!(cfg = get_config_val(config, config_privatekey)))
763 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
768 myself->rsa_key = RSA_new();
769 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
770 BN_hex2bn(&myself->rsa_key->e, "FFFF");
773 if(read_host_config(myself))
775 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
779 if(!(cfg = get_config_val(myself->config, config_publickey)))
781 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
786 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
789 if(RSA_check_key(myself->rsa_key) != 1)
791 syslog(LOG_ERR, _("Invalid public/private keypair!"));
795 if(!(cfg = get_config_val(myself->config, config_port)))
798 myself->port = cfg->data.val;
800 if((cfg = get_config_val(myself->config, config_indirectdata)))
801 if(cfg->data.val == stupid_true)
802 myself->flags |= EXPORTINDIRECTDATA;
804 if((cfg = get_config_val(myself->config, config_tcponly)))
805 if(cfg->data.val == stupid_true)
806 myself->flags |= TCPONLY;
808 /* Read in all the subnets specified in the host configuration file */
810 for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next)
813 net->type = SUBNET_IPV4;
814 net->net.ipv4.address = cfg->data.ip->address;
815 net->net.ipv4.mask = cfg->data.ip->mask;
817 /* Teach newbies what subnets are... */
819 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
821 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
825 subnet_add(myself, net);
828 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
830 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
834 /* Generate packet encryption key */
836 myself->cipher_pkttype = EVP_bf_cfb();
838 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
840 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
841 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
843 if(!(cfg = get_config_val(config, config_keyexpire)))
846 keylifetime = cfg->data.val;
848 keyexpires = time(NULL) + keylifetime;
850 /* Activate ourselves */
852 myself->status.active = 1;
854 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
860 sigalrm_handler(int a)
864 cfg = get_config_val(upstreamcfg, config_connectto);
866 if(!cfg && upstreamcfg == config)
867 /* No upstream IP given, we're listen only. */
872 upstreamcfg = cfg->next;
873 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
875 signal(SIGALRM, SIG_IGN);
878 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
881 signal(SIGALRM, sigalrm_handler);
882 upstreamcfg = config;
883 seconds_till_retry += 5;
884 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
885 seconds_till_retry = MAXTIMEOUT;
886 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
888 alarm(seconds_till_retry);
893 setup all initial network connections
895 int setup_network_connections(void)
899 if((cfg = get_config_val(config, config_pingtimeout)) == NULL)
903 timeout = cfg->data.val;
910 if(setup_tap_fd() < 0)
913 if(setup_myself() < 0)
916 /* Run tinc-up script to further initialize the tap interface */
917 execute_script("tinc-up");
919 if(!(cfg = get_config_val(config, config_connectto)))
920 /* No upstream IP given, we're listen only. */
925 upstreamcfg = cfg->next;
926 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
928 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
931 signal(SIGALRM, sigalrm_handler);
932 upstreamcfg = config;
933 seconds_till_retry = MAXTIMEOUT;
934 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
935 alarm(seconds_till_retry);
941 close all open network connections
943 void close_network_connections(void)
947 for(p = conn_list; p != NULL; p = p->next)
949 p->status.active = 0;
950 terminate_connection(p);
954 if(myself->status.active)
956 close(myself->meta_socket);
957 free_conn_list(myself);
963 /* Execute tinc-down script right after shutting down the interface */
964 execute_script("tinc-down");
968 syslog(LOG_NOTICE, _("Terminating"));
974 create a data (udp) socket
976 int setup_vpn_connection(conn_list_t *cl)
979 struct sockaddr_in a;
982 if(debug_lvl >= DEBUG_TRAFFIC)
983 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
985 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
988 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
992 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
995 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1000 flags = fcntl(nfd, F_GETFL);
1001 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
1004 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1009 memset(&a, 0, sizeof(a));
1010 a.sin_family = AF_INET;
1011 a.sin_port = htons(myself->port);
1012 a.sin_addr.s_addr = htonl(INADDR_ANY);
1014 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
1017 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port);
1021 a.sin_family = AF_INET;
1022 a.sin_port = htons(cl->port);
1023 a.sin_addr.s_addr = htonl(cl->address);
1025 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
1028 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
1029 cl->hostname, cl->port);
1033 flags = fcntl(nfd, F_GETFL);
1034 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
1037 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
1038 cl->name, cl->hostname);
1043 cl->status.dataopen = 1;
1049 handle an incoming tcp connect call and open
1052 conn_list_t *create_new_connection(int sfd)
1055 struct sockaddr_in ci;
1056 int len = sizeof(ci);
1058 p = new_conn_list();
1060 if(getpeername(sfd, &ci, &len) < 0)
1062 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1068 p->address = ntohl(ci.sin_addr.s_addr);
1069 p->hostname = hostlookup(ci.sin_addr.s_addr);
1070 p->meta_socket = sfd;
1072 p->buffer = xmalloc(MAXBUFSIZE);
1074 p->last_ping_time = time(NULL);
1076 if(debug_lvl >= DEBUG_CONNECTIONS)
1077 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1078 p->hostname, htons(ci.sin_port));
1080 p->allow_request = ID;
1086 put all file descriptors in an fd_set array
1088 void build_fdset(fd_set *fs)
1094 for(p = conn_list; p != NULL; p = p->next)
1097 FD_SET(p->meta_socket, fs);
1098 if(p->status.dataopen)
1099 FD_SET(p->socket, fs);
1102 FD_SET(myself->meta_socket, fs);
1108 receive incoming data from the listening
1109 udp socket and write it to the ethertap
1110 device after being decrypted
1112 int handle_incoming_vpn_data(conn_list_t *cl)
1115 int x, l = sizeof(x);
1118 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1120 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1121 __FILE__, __LINE__, cl->socket);
1126 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1130 if((lenin = recv(cl->socket, (char *) &(pkt.len), MTU, 0)) <= 0)
1132 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1136 if(debug_lvl >= DEBUG_TRAFFIC)
1138 syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin,
1139 cl->name, cl->hostname);
1143 return xrecv(cl, &pkt);
1147 terminate a connection and notify the other
1148 end before closing the sockets
1150 void terminate_connection(conn_list_t *cl)
1155 if(cl->status.remove)
1158 cl->status.remove = 1;
1160 if(debug_lvl >= DEBUG_CONNECTIONS)
1161 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1162 cl->name, cl->hostname);
1167 close(cl->meta_socket);
1170 /* Find all connections that were lost because they were behind cl
1171 (the connection that was dropped). */
1174 for(p = conn_list; p != NULL; p = p->next)
1175 if((p->nexthop == cl) && (p != cl))
1176 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1178 /* Inform others of termination if it was still active */
1180 if(cl->status.active)
1181 for(p = conn_list; p != NULL; p = p->next)
1182 if(p->status.meta && p->status.active && p!=cl)
1183 send_del_host(p, cl);
1185 /* Remove the associated subnets */
1187 for(s = cl->subnets; s; s = s->next)
1190 /* Check if this was our outgoing connection */
1192 if(cl->status.outgoing && cl->status.active)
1194 signal(SIGALRM, sigalrm_handler);
1195 seconds_till_retry = 5;
1196 alarm(seconds_till_retry);
1197 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1202 cl->status.active = 0;
1207 Check if the other end is active.
1208 If we have sent packets, but didn't receive any,
1209 then possibly the other end is dead. We send a
1210 PING request over the meta connection. If the other
1211 end does not reply in time, we consider them dead
1212 and close the connection.
1214 int check_dead_connections(void)
1220 for(p = conn_list; p != NULL; p = p->next)
1222 if(p->status.active && p->status.meta)
1224 if(p->last_ping_time + timeout < now)
1226 if(p->status.pinged)
1228 if(debug_lvl >= DEBUG_PROTOCOL)
1229 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1230 p->name, p->hostname);
1231 p->status.timeout = 1;
1232 terminate_connection(p);
1246 accept a new tcp connect and create a
1249 int handle_new_meta_connection()
1252 struct sockaddr client;
1253 int nfd, len = sizeof(client);
1255 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1257 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1261 if(!(ncn = create_new_connection(nfd)))
1265 syslog(LOG_NOTICE, _("Closed attempted connection"));
1275 check all connections to see if anything
1276 happened on their sockets
1278 void check_network_activity(fd_set *f)
1282 for(p = conn_list; p != NULL; p = p->next)
1284 if(p->status.remove)
1287 if(p->status.dataopen)
1288 if(FD_ISSET(p->socket, f))
1290 handle_incoming_vpn_data(p);
1292 /* Old error stuff (FIXME: copy this to handle_incoming_vpn_data()
1294 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1295 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1296 p->name, p->hostname, strerror(x));
1297 terminate_connection(p);
1303 if(FD_ISSET(p->meta_socket, f))
1304 if(receive_meta(p) < 0)
1306 terminate_connection(p);
1311 if(FD_ISSET(myself->meta_socket, f))
1312 handle_new_meta_connection();
1317 read, encrypt and send data that is
1318 available through the ethertap device
1320 void handle_tap_input(void)
1325 if(taptype == TAP_TYPE_TUNTAP)
1327 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1329 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1336 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1338 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1344 total_tap_in += lenin;
1348 if(debug_lvl >= DEBUG_TRAFFIC)
1349 syslog(LOG_WARNING, _("Received short packet from tap device"));
1353 if(debug_lvl >= DEBUG_TRAFFIC)
1355 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1358 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1363 this is where it all happens...
1365 void main_loop(void)
1370 time_t last_ping_check;
1373 last_ping_check = time(NULL);
1377 tv.tv_sec = timeout;
1383 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1385 if(errno != EINTR) /* because of alarm */
1387 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1394 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1396 close_network_connections();
1397 clear_config(&config);
1399 if(read_server_config())
1401 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1407 if(setup_network_connections())
1415 /* Let's check if everybody is still alive */
1417 if(last_ping_check + timeout < t)
1419 check_dead_connections();
1420 last_ping_check = time(NULL);
1422 /* Should we regenerate our key? */
1426 if(debug_lvl >= DEBUG_STATUS)
1427 syslog(LOG_INFO, _("Regenerating symmetric key"));
1429 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1430 send_key_changed(myself, NULL);
1431 keyexpires = time(NULL) + keylifetime;
1437 check_network_activity(&fset);
1439 /* local tap data */
1440 if(FD_ISSET(tap_fd, &fset))