2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.44 2000/10/22 13:37:15 zarq Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
43 #include LINUX_IF_TUN_H
61 int total_tap_out = 0;
62 int total_socket_in = 0;
63 int total_socket_out = 0;
65 int upstreamindex = 0;
66 static int seconds_till_retry;
71 strip off the MAC adresses of an ethernet frame
73 void strip_mac_addresses(vpn_packet_t *p)
76 memmove(p->data, p->data + 12, p->len -= 12);
81 reassemble MAC addresses
83 void add_mac_addresses(vpn_packet_t *p)
86 memcpy(p->data + 12, p->data, p->len);
88 p->data[0] = p->data[6] = 0xfe;
89 p->data[1] = p->data[7] = 0xfd;
90 /* Really evil pointer stuff just below! */
91 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
92 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
96 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
101 outpkt.len = inpkt->len;
102 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
103 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
104 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
107 if(debug_lvl >= DEBUG_TRAFFIC)
108 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
109 outlen, cl->name, cl->hostname);
111 total_socket_out += outlen;
115 if((send(cl->socket, (char *) &(outpkt.len), outlen + 2, 0)) < 0)
117 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
118 cl->name, cl->hostname);
125 int xrecv(vpn_packet_t *inpkt)
130 if(debug_lvl > DEBUG_TRAFFIC)
131 syslog(LOG_ERR, _("Receiving packet of %d bytes"),
134 outpkt.len = inpkt->len;
135 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
136 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
137 /* FIXME: grok DecryptFinal
138 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
141 add_mac_addresses(&outpkt);
143 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
144 syslog(LOG_ERR, _("Can't write to tap device: %m"));
146 total_tap_out += outpkt.len;
152 add the given packet of size s to the
153 queue q, be it the send or receive queue
155 void add_queue(packet_queue_t **q, void *packet, size_t s)
159 e = xmalloc(sizeof(*e));
160 e->packet = xmalloc(s);
161 memcpy(e->packet, packet, s);
165 *q = xmalloc(sizeof(**q));
166 (*q)->head = (*q)->tail = NULL;
169 e->next = NULL; /* We insert at the tail */
171 if((*q)->tail) /* Do we have a tail? */
173 (*q)->tail->next = e;
174 e->prev = (*q)->tail;
176 else /* No tail -> no head too */
186 /* Remove a queue element */
187 void del_queue(packet_queue_t **q, queue_element_t *e)
192 if(e->next) /* There is a successor, so we are not tail */
194 if(e->prev) /* There is a predecessor, so we are not head */
196 e->next->prev = e->prev;
197 e->prev->next = e->next;
199 else /* We are head */
201 e->next->prev = NULL;
202 (*q)->head = e->next;
205 else /* We are tail (or all alone!) */
207 if(e->prev) /* We are not alone :) */
209 e->prev->next = NULL;
210 (*q)->tail = e->prev;
224 flush a queue by calling function for
225 each packet, and removing it when that
226 returned a zero exit code
228 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
229 int (*function)(conn_list_t*,void*))
231 queue_element_t *p, *next = NULL;
233 for(p = (*pq)->head; p != NULL; )
237 if(!function(cl, p->packet))
243 if(debug_lvl >= DEBUG_TRAFFIC)
244 syslog(LOG_DEBUG, _("Queue flushed"));
249 flush the send&recv queues
250 void because nothing goes wrong here, packets
251 remain in the queue if something goes wrong
253 void flush_queues(conn_list_t *cl)
258 if(debug_lvl >= DEBUG_TRAFFIC)
259 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
260 cl->name, cl->hostname);
261 flush_queue(cl, &(cl->sq), xsend);
266 if(debug_lvl >= DEBUG_TRAFFIC)
267 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
268 cl->name, cl->hostname);
269 flush_queue(cl, &(cl->rq), xrecv);
275 send a packet to the given vpn ip.
277 int send_packet(ip_t to, vpn_packet_t *packet)
281 if((cl = lookup_conn_list_ipv4(to)) == NULL)
283 if(debug_lvl >= DEBUG_TRAFFIC)
285 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
292 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
294 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
296 if(!cl->status.dataopen)
297 if(setup_vpn_connection(cl) < 0)
299 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
300 cl->name, cl->hostname);
304 if(!cl->status.validkey)
306 if(debug_lvl >= DEBUG_TRAFFIC)
307 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
308 cl->name, cl->hostname);
309 add_queue(&(cl->sq), packet, packet->len + 2);
310 if(!cl->status.waitingforkey)
311 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
315 if(!cl->status.active)
317 if(debug_lvl >= DEBUG_TRAFFIC)
318 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
319 cl->name, cl->hostname);
320 add_queue(&(cl->sq), packet, packet->len + 2);
321 return 0; /* We don't want to mess up, do we? */
324 /* can we send it? can we? can we? huh? */
326 return xsend(cl, packet);
330 open the local ethertap device
332 int setup_tap_fd(void)
335 const char *tapfname;
341 if((cfg = get_config_val(config, tapdevice)))
342 tapfname = cfg->data.ptr;
345 tapfname = "/dev/misc/net/tun";
347 tapfname = "/dev/tap0";
350 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
352 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
361 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
362 memset(&ifr, 0, sizeof(ifr));
364 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
366 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
368 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
370 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
373 if((cfg = get_config_val(config, tapsubnet)) == NULL)
374 syslog(LOG_INFO, _("tun/tap device will be left unconfigured"));
376 /* Setup inetaddr/netmask etc */;
380 /* Add name of network interface to environment (for scripts) */
382 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
383 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
392 set up the socket that we listen on for incoming
395 int setup_listen_meta_socket(int port)
398 struct sockaddr_in a;
402 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
404 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
408 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
410 syslog(LOG_ERR, _("setsockopt: %m"));
414 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
416 syslog(LOG_ERR, _("setsockopt: %m"));
420 flags = fcntl(nfd, F_GETFL);
421 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
423 syslog(LOG_ERR, _("fcntl: %m"));
427 if((cfg = get_config_val(config, interface)))
429 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
431 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
436 memset(&a, 0, sizeof(a));
437 a.sin_family = AF_INET;
438 a.sin_port = htons(port);
440 if((cfg = get_config_val(config, interfaceip)))
441 a.sin_addr.s_addr = htonl(cfg->data.ip->ip);
443 a.sin_addr.s_addr = htonl(INADDR_ANY);
445 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
447 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
453 syslog(LOG_ERR, _("listen: %m"));
461 setup the socket for incoming encrypted
464 int setup_vpn_in_socket(int port)
467 struct sockaddr_in a;
470 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
472 syslog(LOG_ERR, _("Creating socket failed: %m"));
476 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
478 syslog(LOG_ERR, _("setsockopt: %m"));
482 flags = fcntl(nfd, F_GETFL);
483 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
485 syslog(LOG_ERR, _("fcntl: %m"));
489 memset(&a, 0, sizeof(a));
490 a.sin_family = AF_INET;
491 a.sin_port = htons(port);
492 a.sin_addr.s_addr = htonl(INADDR_ANY);
494 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
496 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
504 setup an outgoing meta (tcp) socket
506 int setup_outgoing_meta_socket(conn_list_t *cl)
509 struct sockaddr_in a;
512 if(debug_lvl >= DEBUG_CONNECTIONS)
513 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
515 if((cfg = get_config_val(cl->config, port)) == NULL)
518 cl->port = cfg->data.val;
520 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
521 if(cl->meta_socket == -1)
523 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
524 cl->hostname, cl->port);
528 a.sin_family = AF_INET;
529 a.sin_port = htons(cl->port);
530 a.sin_addr.s_addr = htonl(cl->address);
532 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
534 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
538 flags = fcntl(cl->meta_socket, F_GETFL);
539 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
541 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
542 cl->hostname, cl->port);
546 if(debug_lvl >= DEBUG_CONNECTIONS)
547 syslog(LOG_INFO, _("Connected to %s port %hd"),
548 cl->hostname, cl->port);
556 setup an outgoing connection. It's not
557 necessary to also open an udp socket as
558 well, because the other host will initiate
559 an authentication sequence during which
560 we will do just that.
562 int setup_outgoing_connection(char *name)
570 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
574 ncn = new_conn_list();
575 asprintf(&ncn->name, "%s", name);
577 if(read_host_config(ncn))
579 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
584 if(!(cfg = get_config_val(ncn->config, address)))
586 syslog(LOG_ERR, _("No address specified for %s"));
591 if(!(h = gethostbyname(cfg->data.ptr)))
593 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
598 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
599 ncn->hostname = hostlookup(htonl(ncn->address));
601 if(setup_outgoing_meta_socket(ncn) < 0)
603 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
609 ncn->status.outgoing = 1;
610 ncn->buffer = xmalloc(MAXBUFSIZE);
612 ncn->last_ping_time = time(NULL);
623 set up the local sockets (listen only)
625 int setup_myself(void)
629 myself = new_conn_list();
631 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
633 myself->protocol_version = PROT_CURRENT;
635 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
637 syslog(LOG_ERR, _("Name for tinc daemon required!"));
641 asprintf(&myself->name, "%s", (char*)cfg->data.val);
643 if(check_id(myself->name))
645 syslog(LOG_ERR, _("Invalid name for myself!"));
649 if(!(cfg = get_config_val(config, privatekey)))
651 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
656 myself->rsa_key = RSA_new();
657 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
658 BN_hex2bn(&myself->rsa_key->e, "FFFF");
661 if(read_host_config(myself))
663 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
667 if(!(cfg = get_config_val(myself->config, publickey)))
669 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
674 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
677 if(RSA_check_key(myself->rsa_key) != 1)
679 syslog(LOG_ERR, _("Invalid public/private keypair!"));
683 if(!(cfg = get_config_val(myself->config, port)))
686 myself->port = cfg->data.val;
688 if((cfg = get_config_val(myself->config, indirectdata)))
689 if(cfg->data.val == stupid_true)
690 myself->flags |= EXPORTINDIRECTDATA;
692 if((cfg = get_config_val(myself->config, tcponly)))
693 if(cfg->data.val == stupid_true)
694 myself->flags |= TCPONLY;
696 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
698 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
702 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
704 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
705 close(myself->meta_socket);
709 myself->status.active = 1;
711 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
717 sigalrm_handler(int a)
721 cfg = get_next_config_val(config, connectto, upstreamindex++);
723 if(!upstreamindex && !cfg)
724 /* No upstream IP given, we're listen only. */
729 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
731 signal(SIGALRM, SIG_IGN);
734 cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */
737 signal(SIGALRM, sigalrm_handler);
739 seconds_till_retry += 5;
740 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
741 seconds_till_retry = MAXTIMEOUT;
742 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
744 alarm(seconds_till_retry);
749 setup all initial network connections
751 int setup_network_connections(void)
756 if((cfg = get_config_val(config, pingtimeout)) == NULL)
759 timeout = cfg->data.val;
761 if(setup_tap_fd() < 0)
764 if(setup_myself() < 0)
767 /* Run tinc-up script to further initialize the tap interface */
769 asprintf(&scriptname, "%s/tinc-up", confbase);
774 execl(scriptname, NULL);
777 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
784 if((cfg = get_next_config_val(config, connectto, upstreamindex++)) == NULL)
785 /* No upstream IP given, we're listen only. */
790 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
792 cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */
795 signal(SIGALRM, sigalrm_handler);
797 seconds_till_retry = MAXTIMEOUT;
798 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
799 alarm(seconds_till_retry);
805 close all open network connections
807 void close_network_connections(void)
812 for(p = conn_list; p != NULL; p = p->next)
814 if(p->status.dataopen)
816 shutdown(p->socket, 0); /* No more receptions */
822 shutdown(p->meta_socket, 0); /* No more receptions */
823 close(p->meta_socket);
828 if(myself->status.active)
830 close(myself->meta_socket);
831 close(myself->socket);
834 /* Execute tinc-down script right before shutting down the interface */
836 asprintf(&scriptname, "%s/tinc-down", confbase);
840 execl(scriptname, NULL);
843 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
853 syslog(LOG_NOTICE, _("Terminating"));
859 create a data (udp) socket
861 int setup_vpn_connection(conn_list_t *cl)
864 struct sockaddr_in a;
866 if(debug_lvl >= DEBUG_TRAFFIC)
867 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
869 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
872 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
876 a.sin_family = AF_INET;
877 a.sin_port = htons(cl->port);
878 a.sin_addr.s_addr = htonl(cl->address);
880 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
882 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
883 cl->hostname, cl->port);
887 flags = fcntl(nfd, F_GETFL);
888 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
890 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
891 cl->name, cl->hostname);
896 cl->status.dataopen = 1;
902 handle an incoming tcp connect call and open
905 conn_list_t *create_new_connection(int sfd)
908 struct sockaddr_in ci;
909 int len = sizeof(ci);
913 if(getpeername(sfd, &ci, &len) < 0)
915 syslog(LOG_ERR, _("Error: getpeername: %m"));
920 p->address = ntohl(ci.sin_addr.s_addr);
921 p->hostname = hostlookup(ci.sin_addr.s_addr);
922 p->meta_socket = sfd;
924 p->buffer = xmalloc(MAXBUFSIZE);
926 p->last_ping_time = time(NULL);
929 if(debug_lvl >= DEBUG_CONNECTIONS)
930 syslog(LOG_NOTICE, _("Connection from %s port %d"),
931 p->hostname, htons(ci.sin_port));
933 p->allow_request = ID;
939 put all file descriptors in an fd_set array
941 void build_fdset(fd_set *fs)
947 for(p = conn_list; p != NULL; p = p->next)
950 FD_SET(p->meta_socket, fs);
951 if(p->status.dataopen)
952 FD_SET(p->socket, fs);
955 FD_SET(myself->meta_socket, fs);
956 FD_SET(myself->socket, fs);
962 receive incoming data from the listening
963 udp socket and write it to the ethertap
964 device after being decrypted
966 int handle_incoming_vpn_data()
970 int x, l = sizeof(x);
972 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
974 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
975 __FILE__, __LINE__, myself->socket);
980 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
984 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, NULL, NULL) <= 0)
986 syslog(LOG_ERR, _("Receiving packet failed: %m"));
995 terminate a connection and notify the other
996 end before closing the sockets
998 void terminate_connection(conn_list_t *cl)
1003 if(cl->status.remove)
1006 if(debug_lvl >= DEBUG_CONNECTIONS)
1007 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1008 cl->name, cl->hostname);
1013 close(cl->meta_socket);
1015 cl->status.remove = 1;
1017 /* If this cl isn't active, don't send any DEL_HOSTs. */
1019 /* FIXME: reprogram this.
1020 if(cl->status.active)
1021 notify_others(cl,NULL,send_del_host);
1025 /* Find all connections that were lost because they were behind cl
1026 (the connection that was dropped). */
1028 for(p = conn_list; p != NULL; p = p->next)
1030 if((p->nexthop == cl) && (p != cl))
1032 if(cl->status.active && p->status.active)
1033 /* FIXME: reprogram this
1034 notify_others(p,cl,send_del_host);
1038 p->status.active = 0;
1039 p->status.remove = 1;
1043 cl->status.active = 0;
1045 if(cl->status.outgoing)
1047 signal(SIGALRM, sigalrm_handler);
1048 seconds_till_retry = 5;
1049 alarm(seconds_till_retry);
1050 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1056 Check if the other end is active.
1057 If we have sent packets, but didn't receive any,
1058 then possibly the other end is dead. We send a
1059 PING request over the meta connection. If the other
1060 end does not reply in time, we consider them dead
1061 and close the connection.
1063 int check_dead_connections(void)
1069 for(p = conn_list; p != NULL; p = p->next)
1071 if(p->status.remove)
1073 if(p->status.active && p->status.meta)
1075 if(p->last_ping_time + timeout < now)
1077 if(p->status.pinged && !p->status.got_pong)
1079 if(debug_lvl >= DEBUG_PROTOCOL)
1080 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1081 p->name, p->hostname);
1082 p->status.timeout = 1;
1083 terminate_connection(p);
1085 else if(p->want_ping)
1088 p->last_ping_time = now;
1089 p->status.pinged = 1;
1090 p->status.got_pong = 0;
1100 accept a new tcp connect and create a
1103 int handle_new_meta_connection()
1106 struct sockaddr client;
1107 int nfd, len = sizeof(client);
1109 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1111 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1115 if(!(ncn = create_new_connection(nfd)))
1119 syslog(LOG_NOTICE, _("Closed attempted connection"));
1123 ncn->status.meta = 1;
1124 ncn->next = conn_list;
1131 check all connections to see if anything
1132 happened on their sockets
1134 void check_network_activity(fd_set *f)
1137 int x, l = sizeof(x);
1139 for(p = conn_list; p != NULL; p = p->next)
1141 if(p->status.remove)
1144 if(p->status.dataopen)
1145 if(FD_ISSET(p->socket, f))
1148 The only thing that can happen to get us here is apparently an
1149 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1150 something that will not trigger an error directly on send()).
1151 I've once got here when it said `No route to host'.
1153 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1154 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1155 p->name, p->hostname, strerror(x));
1156 terminate_connection(p);
1161 if(FD_ISSET(p->meta_socket, f))
1162 if(receive_meta(p) < 0)
1164 terminate_connection(p);
1169 if(FD_ISSET(myself->socket, f))
1170 handle_incoming_vpn_data();
1172 if(FD_ISSET(myself->meta_socket, f))
1173 handle_new_meta_connection();
1178 read, encrypt and send data that is
1179 available through the ethertap device
1181 void handle_tap_input(void)
1185 int ether_type, lenin;
1187 memset(&vp, 0, sizeof(vp));
1191 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1193 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1200 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1202 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1208 total_tap_in += lenin;
1210 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1211 if(ether_type != 0x0800)
1213 if(debug_lvl >= DEBUG_TRAFFIC)
1214 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6]));
1220 if(debug_lvl >= DEBUG_TRAFFIC)
1221 syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6]));
1225 from = ntohl(*((unsigned long*)(&vp.data[26])));
1226 to = ntohl(*((unsigned long*)(&vp.data[30])));
1228 send_packet(to, &vp);
1233 this is where it all happens...
1235 void main_loop(void)
1240 time_t last_ping_check;
1242 last_ping_check = time(NULL);
1246 tv.tv_sec = timeout;
1252 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1254 if(errno != EINTR) /* because of alarm */
1256 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1264 /* FIXME: reprogram this.
1266 syslog(LOG_INFO, _("Rereading configuration file"));
1267 close_network_connections();
1269 if(read_config_file(&config, configfilename))
1271 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1275 setup_network_connections();
1280 if(last_ping_check + timeout < time(NULL))
1281 /* Let's check if everybody is still alive */
1283 check_dead_connections();
1284 last_ping_check = time(NULL);
1289 check_network_activity(&fset);
1291 /* local tap data */
1292 if(FD_ISSET(tap_fd, &fset))