2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.29 2000/09/14 21:51:19 zarq Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
107 ntohs(rp.len), cl->name, cl->hostname);
109 total_socket_out += ntohs(rp.len);
113 if((cl->flags | myself->flags) & TCPONLY)
114 return send_tcppacket(cl, (void*)&rp, ntohs(rp.len));
116 if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
118 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
119 cl->name, cl->hostname);
126 int xrecv(conn_list_t *cl, void *packet)
131 do_decrypt((real_packet_t*)packet, &vp, cl->key);
132 add_mac_addresses(&vp);
135 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
136 ((real_packet_t*)packet)->len, cl->name, cl->hostname);
138 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
139 syslog(LOG_ERR, _("Can't write to tap device: %m"));
141 total_tap_out += lenin;
144 cl->last_ping_time = time(NULL);
150 add the given packet of size s to the
151 queue q, be it the send or receive queue
153 void add_queue(packet_queue_t **q, void *packet, size_t s)
157 e = xmalloc(sizeof(*e));
158 e->packet = xmalloc(s);
159 memcpy(e->packet, packet, s);
163 *q = xmalloc(sizeof(**q));
164 (*q)->head = (*q)->tail = NULL;
167 e->next = NULL; /* We insert at the tail */
169 if((*q)->tail) /* Do we have a tail? */
171 (*q)->tail->next = e;
172 e->prev = (*q)->tail;
174 else /* No tail -> no head too */
184 /* Remove a queue element */
185 void del_queue(packet_queue_t **q, queue_element_t *e)
190 if(e->next) /* There is a successor, so we are not tail */
192 if(e->prev) /* There is a predecessor, so we are not head */
194 e->next->prev = e->prev;
195 e->prev->next = e->next;
197 else /* We are head */
199 e->next->prev = NULL;
200 (*q)->head = e->next;
203 else /* We are tail (or all alone!) */
205 if(e->prev) /* We are not alone :) */
207 e->prev->next = NULL;
208 (*q)->tail = e->prev;
222 flush a queue by calling function for
223 each packet, and removing it when that
224 returned a zero exit code
226 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
227 int (*function)(conn_list_t*,void*))
229 queue_element_t *p, *next = NULL;
231 for(p = (*pq)->head; p != NULL; )
235 if(!function(cl, p->packet))
242 syslog(LOG_DEBUG, _("Queue flushed"));
247 flush the send&recv queues
248 void because nothing goes wrong here, packets
249 remain in the queue if something goes wrong
251 void flush_queues(conn_list_t *cl)
257 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
258 cl->name, cl->hostname);
259 flush_queue(cl, &(cl->sq), xsend);
265 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
266 cl->name, cl->hostname);
267 flush_queue(cl, &(cl->rq), xrecv);
273 send a packet to the given vpn ip.
275 int send_packet(ip_t to, vpn_packet_t *packet)
279 if((cl = lookup_conn(to)) == NULL)
283 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
290 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
292 /* The next few lines will be obsoleted, if we are going indirect, matching subnet_t
293 should point to only our uplink as the recepient
296 if(myself->flags & EXPORTINDIRECTDATA)
298 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
300 { /* No open outgoing connection has been found. */
302 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
308 /* If indirectdata flag is set for the destination we just looked up,
309 * then real_ip is actually the vpn_ip of the gateway tincd
313 if(cl->flags & INDIRECTDATA)
316 syslog(LOG_NOTICE, _("Indirect packet to %s via %s"),
317 cl->name, cl->hostname);
318 if((cl = lookup_conn(cl->real_ip)) == NULL)
321 syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"), IP_ADDR_V(to));
323 /* Gateway tincd dead? Should we kill it? (GS) */
327 if(cl->flags & INDIRECTDATA) /* This should not happen */
330 syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"), IP_ADDR_V(to));
335 if(my_key_expiry <= time(NULL))
338 if(!cl->status.dataopen)
339 if(setup_vpn_connection(cl) < 0)
341 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
342 cl->name, cl->hostname);
346 if(!cl->status.validkey)
349 syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"),
350 cl->name, cl->hostname);
351 add_queue(&(cl->sq), packet, packet->len + 2);
352 if(!cl->status.waitingforkey)
353 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
357 if(!cl->status.active)
360 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
361 cl->name, cl->hostname);
362 add_queue(&(cl->sq), packet, packet->len + 2);
363 return 0; /* We don't want to mess up, do we? */
366 /* can we send it? can we? can we? huh? */
368 return xsend(cl, packet);
372 open the local ethertap device
374 int setup_tap_fd(void)
377 const char *tapfname;
380 if((cfg = get_config_val(tapdevice)) == NULL)
381 tapfname = "/dev/tap0";
383 tapfname = cfg->data.ptr;
385 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
387 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
397 set up the socket that we listen on for incoming
400 int setup_listen_meta_socket(int port)
403 struct sockaddr_in a;
407 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
409 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
413 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
415 syslog(LOG_ERR, _("setsockopt: %m"));
419 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
421 syslog(LOG_ERR, _("setsockopt: %m"));
425 flags = fcntl(nfd, F_GETFL);
426 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
428 syslog(LOG_ERR, _("fcntl: %m"));
432 if((cfg = get_config_val(interface)))
434 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
436 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
441 memset(&a, 0, sizeof(a));
442 a.sin_family = AF_INET;
443 a.sin_port = htons(port);
445 if((cfg = get_config_val(interfaceip)))
446 a.sin_addr.s_addr = htonl(cfg->data.ip->ip);
448 a.sin_addr.s_addr = htonl(INADDR_ANY);
450 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
452 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
458 syslog(LOG_ERR, _("listen: %m"));
466 setup the socket for incoming encrypted
469 int setup_vpn_in_socket(int port)
472 struct sockaddr_in a;
475 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
477 syslog(LOG_ERR, _("Creating socket failed: %m"));
481 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
483 syslog(LOG_ERR, _("setsockopt: %m"));
487 flags = fcntl(nfd, F_GETFL);
488 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
490 syslog(LOG_ERR, _("fcntl: %m"));
494 memset(&a, 0, sizeof(a));
495 a.sin_family = AF_INET;
496 a.sin_port = htons(port);
497 a.sin_addr.s_addr = htonl(INADDR_ANY);
499 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
501 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
509 setup an outgoing meta (tcp) socket
511 int setup_outgoing_meta_socket(conn_list_t *cl)
514 struct sockaddr_in a;
518 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
520 if((cfg = get_config_val(upstreamport)) == NULL)
523 cl->port = cfg->data.val;
525 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
526 if(cl->meta_socket == -1)
528 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
529 cl->hostname, cl->port);
533 a.sin_family = AF_INET;
534 a.sin_port = htons(cl->port);
535 a.sin_addr.s_addr = htonl(cl->real_ip);
537 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
539 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
543 flags = fcntl(cl->meta_socket, F_GETFL);
544 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
546 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
547 cl->hostname, cl->port);
552 syslog(LOG_INFO, _("Connected to %s port %hd"),
553 cl->hostname, cl->port);
559 setup an outgoing connection. It's not
560 necessary to also open an udp socket as
561 well, because the other host will initiate
562 an authentication sequence during which
563 we will do just that.
565 int setup_outgoing_connection(char *hostname)
570 if(!(h = gethostbyname(hostname)))
572 syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname);
576 ncn = new_conn_list();
577 ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0])));
578 ncn->hostname = hostlookup(htonl(ncn->real_ip));
580 if(setup_outgoing_meta_socket(ncn) < 0)
582 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
584 free_conn_element(ncn);
588 ncn->status.meta = 1;
589 ncn->status.outgoing = 1;
590 ncn->next = conn_list;
597 set up the local sockets (listen only)
599 int setup_myself(void)
603 myself = new_conn_list();
605 if(!(cfg = get_config_val(myvpnip)))
607 syslog(LOG_ERR, _("No value for my VPN IP given"));
611 myself->vpn_ip = cfg->data.ip->ip;
612 myself->hostname = hostlookup(htonl(myself->vpn_ip));
613 myself->vpn_mask = cfg->data.ip->mask;
616 if(!(cfg = get_config_val(tincname)))
617 asprintf(&(myself->name), IP_ADDR_S, IP_ADDR_V(myself->vpn_ip));
619 myself->name = (char*)cfg->data.val;
621 if(!(cfg = get_config_val(listenport)))
624 myself->port = cfg->data.val;
626 if((cfg = get_config_val(indirectdata)))
627 if(cfg->data.val == stupid_true)
628 myself->flags |= EXPORTINDIRECTDATA;
630 if((cfg = get_config_val(tcponly)))
631 if(cfg->data.val == stupid_true)
632 myself->flags |= TCPONLY;
634 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
636 syslog(LOG_ERR, _("Unable to set up a listening socket"));
640 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
642 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
643 close(myself->meta_socket);
647 myself->status.active = 1;
649 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
655 sigalrm_handler(int a)
659 cfg = get_next_config_val(upstreamip, upstreamindex++);
663 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
665 signal(SIGALRM, SIG_IGN);
668 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
671 signal(SIGALRM, sigalrm_handler);
673 seconds_till_retry += 5;
674 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
675 seconds_till_retry = MAXTIMEOUT;
676 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
678 alarm(seconds_till_retry);
683 setup all initial network connections
685 int setup_network_connections(void)
689 if((cfg = get_config_val(pingtimeout)) == NULL)
692 timeout = cfg->data.val;
694 if(setup_tap_fd() < 0)
697 if(setup_myself() < 0)
700 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
701 /* No upstream IP given, we're listen only. */
706 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
708 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
711 signal(SIGALRM, sigalrm_handler);
713 seconds_till_retry = MAXTIMEOUT;
714 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
715 alarm(seconds_till_retry);
721 close all open network connections
723 void close_network_connections(void)
727 for(p = conn_list; p != NULL; p = p->next)
729 if(p->status.dataopen)
731 shutdown(p->socket, 0); /* No more receptions */
737 shutdown(p->meta_socket, 0); /* No more receptions */
738 close(p->meta_socket);
743 if(myself->status.active)
745 close(myself->meta_socket);
746 close(myself->socket);
752 syslog(LOG_NOTICE, _("Terminating"));
758 create a data (udp) socket
760 int setup_vpn_connection(conn_list_t *cl)
763 struct sockaddr_in a;
766 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
768 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
771 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
775 a.sin_family = AF_INET;
776 a.sin_port = htons(cl->port);
777 a.sin_addr.s_addr = htonl(cl->real_ip);
779 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
781 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
782 cl->hostname, cl->port);
786 flags = fcntl(nfd, F_GETFL);
787 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
789 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
790 cl->name, cl->hostname);
795 cl->status.dataopen = 1;
801 handle an incoming tcp connect call and open
804 conn_list_t *create_new_connection(int sfd)
807 struct sockaddr_in ci;
808 int len = sizeof(ci);
812 if(getpeername(sfd, &ci, &len) < 0)
814 syslog(LOG_ERR, _("Error: getpeername: %m"));
818 p->real_ip = ntohl(ci.sin_addr.s_addr);
819 p->hostname = hostlookup(ci.sin_addr.s_addr);
820 p->meta_socket = sfd;
823 p->last_ping_time = time(NULL);
827 syslog(LOG_NOTICE, _("Connection from %s port %d"),
828 p->hostname, htons(ci.sin_port));
830 if(send_basic_info(p) < 0)
832 free_conn_element(p);
840 put all file descriptors in an fd_set array
842 void build_fdset(fd_set *fs)
848 for(p = conn_list; p != NULL; p = p->next)
851 FD_SET(p->meta_socket, fs);
852 if(p->status.dataopen)
853 FD_SET(p->socket, fs);
856 FD_SET(myself->meta_socket, fs);
857 FD_SET(myself->socket, fs);
863 receive incoming data from the listening
864 udp socket and write it to the ethertap
865 device after being decrypted
867 int handle_incoming_vpn_data(conn_list_t *cl)
871 int x, l = sizeof(x);
874 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
876 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"),
877 __FILE__, __LINE__, cl->socket,
878 cl->name, cl->hostname);
883 syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"),
884 cl->name, cl->hostname, strerror(x));
889 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
892 syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"),
893 cl->name, cl->hostname);
896 total_socket_in += lenin;
898 rp.data.len = ntohs(rp.data.len);
899 rp.len = ntohs(rp.len);
900 rp.from = ntohl(rp.from);
904 f = lookup_conn(rp.from);
907 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
908 cl->name, cl->hostname, IP_ADDR_V(rp.from));
912 if(f->status.validkey)
916 add_queue(&(f->rq), &rp, rp.len);
917 if(!cl->status.waitingforkey)
918 send_key_request(rp.from);
921 if(my_key_expiry <= time(NULL))
929 terminate a connection and notify the other
930 end before closing the sockets
932 void terminate_connection(conn_list_t *cl)
937 if(cl->status.remove)
941 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
942 cl->name, cl->hostname);
944 if(cl->status.timeout)
946 /* else if(!cl->status.termreq)
953 close(cl->meta_socket);
955 cl->status.remove = 1;
957 /* If this cl isn't active, don't send any DEL_HOSTs. */
958 if(cl->status.active)
959 notify_others(cl,NULL,send_del_host);
962 /* Find all connections that were lost because they were behind cl
963 (the connection that was dropped). */
965 for(p = conn_list; p != NULL; p = p->next)
967 if((p->nexthop == cl) && (p != cl))
969 if(cl->status.active && p->status.active)
970 notify_others(p,cl,send_del_host);
973 p->status.active = 0;
974 p->status.remove = 1;
978 cl->status.active = 0;
980 if(cl->status.outgoing)
982 signal(SIGALRM, sigalrm_handler);
983 seconds_till_retry = 5;
984 alarm(seconds_till_retry);
985 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
991 Check if the other end is active.
992 If we have sent packets, but didn't receive any,
993 then possibly the other end is dead. We send a
994 PING request over the meta connection. If the other
995 end does not reply in time, we consider them dead
996 and close the connection.
998 int check_dead_connections(void)
1004 for(p = conn_list; p != NULL; p = p->next)
1006 if(p->status.remove)
1008 if(p->status.active && p->status.meta)
1010 if(p->last_ping_time + timeout < now)
1012 if(p->status.pinged && !p->status.got_pong)
1015 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1016 p->name, p->hostname);
1017 p->status.timeout = 1;
1018 terminate_connection(p);
1020 else if(p->want_ping)
1023 p->last_ping_time = now;
1024 p->status.pinged = 1;
1025 p->status.got_pong = 0;
1035 accept a new tcp connect and create a
1038 int handle_new_meta_connection(conn_list_t *cl)
1041 struct sockaddr client;
1042 int nfd, len = sizeof(client);
1044 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1046 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1050 if(!(ncn = create_new_connection(nfd)))
1054 syslog(LOG_NOTICE, _("Closed attempted connection"));
1058 ncn->status.meta = 1;
1059 ncn->next = conn_list;
1066 dispatch any incoming meta requests
1068 int handle_incoming_meta_data(conn_list_t *cl)
1070 int x, l = sizeof(x);
1071 int request, oldlen, i;
1074 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1076 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket,
1077 cl->name, cl->hostname);
1082 syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"),
1083 cl->name, cl->hostname, strerror(x));
1087 lenin = read(cl->meta_socket, cl->buffer+cl->buflen, MAXBUFSIZE - cl->buflen);
1095 if(debug_lvl>DEBUG_CONNECTIONS)
1096 syslog(LOG_NOTICE, _("Connection closed by %s (%s)"),
1097 cl->name, cl->hostname);
1100 syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"),
1101 cl->name, cl->hostname);
1105 if(cl->status.encryptin)
1107 /* FIXME: do decryption. */
1110 oldlen = cl->buflen;
1111 cl->buflen += lenin;
1117 for(i = oldlen; i < cl->buflen; i++)
1119 if(cl->buffer[i] == '\n')
1121 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1129 if(debug_lvl > DEBUG_PROTOCOL)
1130 syslog(LOG_DEBUG, _("Got request from %s (%s): %s"),
1131 cl->name, cl->hostname, cl->buffer);
1132 if(sscanf(cl->buffer, "%d", &request) == 1)
1134 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1136 syslog(LOG_ERR, _("Unknown request from %s (%s)"),
1137 cl->name, cl->hostname);
1142 if(debug_lvl > DEBUG_PROTOCOL)
1143 syslog(LOG_DEBUG, _("Got %s from %s (%s)"),
1144 request_name[request], cl->name, cl->hostname);
1146 if(request_handlers[request](cl))
1147 /* Something went wrong. Probably scriptkiddies. Terminate. */
1149 syslog(LOG_ERR, _("Error while processing %s from %s (%s)"),
1150 request_name[request], cl->name, cl->hostname);
1156 syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
1157 cl->name, cl->hostname);
1161 cl->buflen -= cl->reqlen;
1162 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1171 if(cl->buflen >= MAXBUFSIZE)
1173 syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"),
1174 cl->name, cl->hostname);
1178 cl->last_ping_time = time(NULL);
1185 check all connections to see if anything
1186 happened on their sockets
1188 void check_network_activity(fd_set *f)
1191 int x, l = sizeof(x);
1193 for(p = conn_list; p != NULL; p = p->next)
1195 if(p->status.remove)
1198 if(p->status.dataopen)
1199 if(FD_ISSET(p->socket, f))
1202 The only thing that can happen to get us here is apparently an
1203 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1204 something that will not trigger an error directly on send()).
1205 I've once got here when it said `No route to host'.
1207 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1208 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1209 p->name, p->hostname, strerror(x));
1210 terminate_connection(p);
1215 if(FD_ISSET(p->meta_socket, f))
1216 if(handle_incoming_meta_data(p) < 0)
1218 terminate_connection(p);
1223 if(FD_ISSET(myself->socket, f))
1224 handle_incoming_vpn_data(myself);
1226 if(FD_ISSET(myself->meta_socket, f))
1227 handle_new_meta_connection(myself);
1232 read, encrypt and send data that is
1233 available through the ethertap device
1235 void handle_tap_input(void)
1239 int ether_type, lenin;
1241 memset(&vp, 0, sizeof(vp));
1242 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1244 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1248 total_tap_in += lenin;
1250 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1251 if(ether_type != 0x0800)
1254 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6]));
1261 syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6]));
1265 from = ntohl(*((unsigned long*)(&vp.data[26])));
1266 to = ntohl(*((unsigned long*)(&vp.data[30])));
1268 vp.len = (length_t)lenin - 2;
1270 strip_mac_addresses(&vp);
1272 send_packet(to, &vp);
1277 this is where it all happens...
1279 void main_loop(void)
1284 time_t last_ping_check;
1286 last_ping_check = time(NULL);
1290 tv.tv_sec = timeout;
1296 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1298 if(errno != EINTR) /* because of alarm */
1300 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1309 syslog(LOG_INFO, _("Rereading configuration file"));
1310 close_network_connections();
1312 if(read_config_file(configfilename))
1314 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1318 setup_network_connections();
1322 if(last_ping_check + timeout < time(NULL))
1323 /* Let's check if everybody is still alive */
1325 check_dead_connections();
1326 last_ping_check = time(NULL);
1331 check_network_activity(&fset);
1333 /* local tap data */
1334 if(FD_ISSET(tap_fd, &fset))