2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.65 2000/11/04 17:09:10 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 #include <openssl/rand.h>
43 #include <openssl/evp.h>
44 #include <openssl/err.h>
47 #include LINUX_IF_TUN_H
64 int taptype = TAP_TYPE_ETHERTAP;
66 int total_tap_out = 0;
67 int total_socket_in = 0;
68 int total_socket_out = 0;
70 config_t *upstreamcfg;
71 static int seconds_till_retry;
77 char *interface_name = NULL; /* Contains the name of the interface */
82 Execute the given script.
83 This function doesn't really belong here.
85 int execute_script(const char* name)
91 if((pid = fork()) < 0)
93 syslog(LOG_ERR, _("System call `%s' failed: %m"),
105 asprintf(&scriptname, "%s/%s", confbase, name);
106 asprintf(&s, "IFNAME=%s", interface_name);
112 asprintf(&s, "NETNAME=%s", netname);
121 if(chdir(confbase) < 0)
123 syslog(LOG_ERR, _("Couldn't chdir to `%s': %m"),
127 execl(scriptname, NULL);
128 /* No return on success */
130 if(errno != ENOENT) /* Ignore if the file does not exist */
131 syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname);
133 /* No need to free things */
137 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
143 outpkt.len = inpkt->len;
145 /* Encrypt the packet */
147 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
148 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
149 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
150 outlen += outpad + 2;
153 outlen = outpkt.len + 2;
154 memcpy(&outpkt, inpkt, outlen);
157 if(debug_lvl >= DEBUG_TRAFFIC)
158 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
159 outlen, cl->name, cl->hostname);
161 total_socket_out += outlen;
165 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
167 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
168 cl->name, cl->hostname);
175 int xrecv(vpn_packet_t *inpkt)
181 outpkt.len = inpkt->len;
183 /* Decrypt the packet */
185 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
186 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
187 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
191 outlen = outpkt.len+2;
192 memcpy(&outpkt, inpkt, outlen);
195 if(debug_lvl >= DEBUG_TRAFFIC)
196 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
199 /* Fix mac address */
201 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
203 if(taptype == TAP_TYPE_TUNTAP)
205 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
206 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
208 total_tap_out += outpkt.len;
212 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
213 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
215 total_tap_out += outpkt.len + 2;
222 add the given packet of size s to the
223 queue q, be it the send or receive queue
225 void add_queue(packet_queue_t **q, void *packet, size_t s)
229 e = xmalloc(sizeof(*e));
230 e->packet = xmalloc(s);
231 memcpy(e->packet, packet, s);
235 *q = xmalloc(sizeof(**q));
236 (*q)->head = (*q)->tail = NULL;
239 e->next = NULL; /* We insert at the tail */
241 if((*q)->tail) /* Do we have a tail? */
243 (*q)->tail->next = e;
244 e->prev = (*q)->tail;
246 else /* No tail -> no head too */
256 /* Remove a queue element */
257 void del_queue(packet_queue_t **q, queue_element_t *e)
262 if(e->next) /* There is a successor, so we are not tail */
264 if(e->prev) /* There is a predecessor, so we are not head */
266 e->next->prev = e->prev;
267 e->prev->next = e->next;
269 else /* We are head */
271 e->next->prev = NULL;
272 (*q)->head = e->next;
275 else /* We are tail (or all alone!) */
277 if(e->prev) /* We are not alone :) */
279 e->prev->next = NULL;
280 (*q)->tail = e->prev;
294 flush a queue by calling function for
295 each packet, and removing it when that
296 returned a zero exit code
298 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
299 int (*function)(conn_list_t*,void*))
301 queue_element_t *p, *next = NULL;
303 for(p = (*pq)->head; p != NULL; )
307 if(!function(cl, p->packet))
313 if(debug_lvl >= DEBUG_TRAFFIC)
314 syslog(LOG_DEBUG, _("Queue flushed"));
319 flush the send&recv queues
320 void because nothing goes wrong here, packets
321 remain in the queue if something goes wrong
323 void flush_queues(conn_list_t *cl)
328 if(debug_lvl >= DEBUG_TRAFFIC)
329 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
330 cl->name, cl->hostname);
331 flush_queue(cl, &(cl->sq), xsend);
336 if(debug_lvl >= DEBUG_TRAFFIC)
337 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
338 cl->name, cl->hostname);
339 flush_queue(cl, &(cl->rq), xrecv);
345 send a packet to the given vpn ip.
347 int send_packet(ip_t to, vpn_packet_t *packet)
352 if((subnet = lookup_subnet_ipv4(to)) == NULL)
354 if(debug_lvl >= DEBUG_TRAFFIC)
356 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
367 if(debug_lvl >= DEBUG_TRAFFIC)
369 syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"),
376 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
378 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
380 if(!cl->status.dataopen)
381 if(setup_vpn_connection(cl) < 0)
383 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
384 cl->name, cl->hostname);
388 if(!cl->status.validkey)
390 /* FIXME: Don't queue until everything else is fixed.
391 if(debug_lvl >= DEBUG_TRAFFIC)
392 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
393 cl->name, cl->hostname);
394 add_queue(&(cl->sq), packet, packet->len + 2);
396 if(!cl->status.waitingforkey)
397 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
401 if(!cl->status.active)
403 /* FIXME: Don't queue until everything else is fixed.
404 if(debug_lvl >= DEBUG_TRAFFIC)
405 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
406 cl->name, cl->hostname);
407 add_queue(&(cl->sq), packet, packet->len + 2);
409 return 0; /* We don't want to mess up, do we? */
412 /* can we send it? can we? can we? huh? */
414 return xsend(cl, packet);
418 open the local ethertap device
420 int setup_tap_fd(void)
423 const char *tapfname;
428 if((cfg = get_config_val(config, tapdevice)))
429 tapfname = cfg->data.ptr;
432 tapfname = "/dev/misc/net/tun";
434 tapfname = "/dev/tap0";
437 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
439 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
445 /* Set default MAC address for ethertap devices */
447 taptype = TAP_TYPE_ETHERTAP;
448 mymac.type = SUBNET_MAC;
449 mymac.net.mac.address.x[0] = 0xfe;
450 mymac.net.mac.address.x[1] = 0xfd;
451 mymac.net.mac.address.x[2] = 0x00;
452 mymac.net.mac.address.x[3] = 0x00;
453 mymac.net.mac.address.x[4] = 0x00;
454 mymac.net.mac.address.x[5] = 0x00;
457 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
458 memset(&ifr, 0, sizeof(ifr));
460 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
462 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
464 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
466 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
467 taptype = TAP_TYPE_TUNTAP;
471 /* Add name of network interface to environment (for scripts) */
473 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
474 interface_name = xmalloc(strlen(ifr.ifr_name));
475 strcpy(interface_name, ifr.ifr_name);
482 set up the socket that we listen on for incoming
485 int setup_listen_meta_socket(int port)
488 struct sockaddr_in a;
492 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
494 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
498 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
500 syslog(LOG_ERR, _("System call `%s' failed: %m"),
505 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
507 syslog(LOG_ERR, _("System call `%s' failed: %m"),
512 flags = fcntl(nfd, F_GETFL);
513 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
515 syslog(LOG_ERR, _("System call `%s' failed: %m"),
520 if((cfg = get_config_val(config, interface)))
522 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
524 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
529 memset(&a, 0, sizeof(a));
530 a.sin_family = AF_INET;
531 a.sin_port = htons(port);
533 if((cfg = get_config_val(config, interfaceip)))
534 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
536 a.sin_addr.s_addr = htonl(INADDR_ANY);
538 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
540 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
546 syslog(LOG_ERR, _("System call `%s' failed: %m"),
555 setup the socket for incoming encrypted
558 int setup_vpn_in_socket(int port)
561 struct sockaddr_in a;
564 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
566 syslog(LOG_ERR, _("Creating socket failed: %m"));
570 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
572 syslog(LOG_ERR, _("System call `%s' failed: %m"),
577 flags = fcntl(nfd, F_GETFL);
578 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
580 syslog(LOG_ERR, _("System call `%s' failed: %m"),
585 memset(&a, 0, sizeof(a));
586 a.sin_family = AF_INET;
587 a.sin_port = htons(port);
588 a.sin_addr.s_addr = htonl(INADDR_ANY);
590 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
592 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
600 setup an outgoing meta (tcp) socket
602 int setup_outgoing_meta_socket(conn_list_t *cl)
605 struct sockaddr_in a;
608 if(debug_lvl >= DEBUG_CONNECTIONS)
609 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
611 if((cfg = get_config_val(cl->config, port)) == NULL)
614 cl->port = cfg->data.val;
616 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
617 if(cl->meta_socket == -1)
619 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
620 cl->hostname, cl->port);
624 a.sin_family = AF_INET;
625 a.sin_port = htons(cl->port);
626 a.sin_addr.s_addr = htonl(cl->address);
628 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
630 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
634 flags = fcntl(cl->meta_socket, F_GETFL);
635 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
637 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
638 cl->hostname, cl->port);
642 if(debug_lvl >= DEBUG_CONNECTIONS)
643 syslog(LOG_INFO, _("Connected to %s port %hd"),
644 cl->hostname, cl->port);
652 setup an outgoing connection. It's not
653 necessary to also open an udp socket as
654 well, because the other host will initiate
655 an authentication sequence during which
656 we will do just that.
658 int setup_outgoing_connection(char *name)
666 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
670 ncn = new_conn_list();
671 asprintf(&ncn->name, "%s", name);
673 if(read_host_config(ncn))
675 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
680 if(!(cfg = get_config_val(ncn->config, address)))
682 syslog(LOG_ERR, _("No address specified for %s"));
687 if(!(h = gethostbyname(cfg->data.ptr)))
689 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
694 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
695 ncn->hostname = hostlookup(htonl(ncn->address));
697 if(setup_outgoing_meta_socket(ncn) < 0)
699 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
705 ncn->status.outgoing = 1;
706 ncn->buffer = xmalloc(MAXBUFSIZE);
708 ncn->last_ping_time = time(NULL);
719 Configure conn_list_t myself and set up the local sockets (listen only)
721 int setup_myself(void)
726 myself = new_conn_list();
728 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
730 myself->protocol_version = PROT_CURRENT;
732 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
734 syslog(LOG_ERR, _("Name for tinc daemon required!"));
738 asprintf(&myself->name, "%s", (char*)cfg->data.val);
740 if(check_id(myself->name))
742 syslog(LOG_ERR, _("Invalid name for myself!"));
746 if(!(cfg = get_config_val(config, privatekey)))
748 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
753 myself->rsa_key = RSA_new();
754 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
755 BN_hex2bn(&myself->rsa_key->e, "FFFF");
758 if(read_host_config(myself))
760 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
764 if(!(cfg = get_config_val(myself->config, publickey)))
766 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
771 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
774 if(RSA_check_key(myself->rsa_key) != 1)
776 syslog(LOG_ERR, _("Invalid public/private keypair!"));
780 if(!(cfg = get_config_val(myself->config, port)))
783 myself->port = cfg->data.val;
785 if((cfg = get_config_val(myself->config, indirectdata)))
786 if(cfg->data.val == stupid_true)
787 myself->flags |= EXPORTINDIRECTDATA;
789 if((cfg = get_config_val(myself->config, tcponly)))
790 if(cfg->data.val == stupid_true)
791 myself->flags |= TCPONLY;
793 /* Read in all the subnets specified in the host configuration file */
795 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
798 net->type = SUBNET_IPV4;
799 net->net.ipv4.address = cfg->data.ip->address;
800 net->net.ipv4.mask = cfg->data.ip->mask;
802 /* Teach newbies what subnets are... */
804 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
806 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
810 subnet_add(myself, net);
813 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
815 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
819 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
821 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
822 close(myself->meta_socket);
826 /* Generate packet encryption key */
828 myself->cipher_pkttype = EVP_bf_cfb();
830 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
832 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
833 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
835 if(!(cfg = get_config_val(config, keyexpire)))
838 keylifetime = cfg->data.val;
840 keyexpires = time(NULL) + keylifetime;
842 /* Activate ourselves */
844 myself->status.active = 1;
846 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
852 sigalrm_handler(int a)
856 cfg = get_config_val(upstreamcfg, connectto);
858 if(!cfg && upstreamcfg == config)
859 /* No upstream IP given, we're listen only. */
864 upstreamcfg = cfg->next;
865 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
867 signal(SIGALRM, SIG_IGN);
870 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
873 signal(SIGALRM, sigalrm_handler);
874 upstreamcfg = config;
875 seconds_till_retry += 5;
876 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
877 seconds_till_retry = MAXTIMEOUT;
878 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
880 alarm(seconds_till_retry);
885 setup all initial network connections
887 int setup_network_connections(void)
891 if((cfg = get_config_val(config, pingtimeout)) == NULL)
894 timeout = cfg->data.val;
896 if(setup_tap_fd() < 0)
899 if(setup_myself() < 0)
902 /* Run tinc-up script to further initialize the tap interface */
903 execute_script("tinc-up");
905 if(!(cfg = get_config_val(config, connectto)))
906 /* No upstream IP given, we're listen only. */
911 upstreamcfg = cfg->next;
912 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
914 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
917 signal(SIGALRM, sigalrm_handler);
918 upstreamcfg = config;
919 seconds_till_retry = MAXTIMEOUT;
920 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
921 alarm(seconds_till_retry);
927 close all open network connections
929 void close_network_connections(void)
933 for(p = conn_list; p != NULL; p = p->next)
935 p->status.active = 0;
936 terminate_connection(p);
940 if(myself->status.active)
942 close(myself->meta_socket);
943 close(myself->socket);
944 free_conn_list(myself);
950 /* Execute tinc-down script right after shutting down the interface */
951 execute_script("tinc-down");
955 syslog(LOG_NOTICE, _("Terminating"));
961 create a data (udp) socket
963 int setup_vpn_connection(conn_list_t *cl)
966 struct sockaddr_in a;
968 if(debug_lvl >= DEBUG_TRAFFIC)
969 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
971 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
974 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
978 a.sin_family = AF_INET;
979 a.sin_port = htons(cl->port);
980 a.sin_addr.s_addr = htonl(cl->address);
982 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
984 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
985 cl->hostname, cl->port);
989 flags = fcntl(nfd, F_GETFL);
990 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
992 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
993 cl->name, cl->hostname);
998 cl->status.dataopen = 1;
1004 handle an incoming tcp connect call and open
1007 conn_list_t *create_new_connection(int sfd)
1010 struct sockaddr_in ci;
1011 int len = sizeof(ci);
1013 p = new_conn_list();
1015 if(getpeername(sfd, &ci, &len) < 0)
1017 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1023 p->address = ntohl(ci.sin_addr.s_addr);
1024 p->hostname = hostlookup(ci.sin_addr.s_addr);
1025 p->meta_socket = sfd;
1027 p->buffer = xmalloc(MAXBUFSIZE);
1029 p->last_ping_time = time(NULL);
1032 if(debug_lvl >= DEBUG_CONNECTIONS)
1033 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1034 p->hostname, htons(ci.sin_port));
1036 p->allow_request = ID;
1042 put all file descriptors in an fd_set array
1044 void build_fdset(fd_set *fs)
1050 for(p = conn_list; p != NULL; p = p->next)
1053 FD_SET(p->meta_socket, fs);
1054 if(p->status.dataopen)
1055 FD_SET(p->socket, fs);
1058 FD_SET(myself->meta_socket, fs);
1059 FD_SET(myself->socket, fs);
1065 receive incoming data from the listening
1066 udp socket and write it to the ethertap
1067 device after being decrypted
1069 int handle_incoming_vpn_data()
1072 int x, l = sizeof(x);
1073 struct sockaddr from;
1075 socklen_t fromlen = sizeof(from);
1077 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1079 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1080 __FILE__, __LINE__, myself->socket);
1085 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1089 if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen)) <= 0)
1091 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1095 if(debug_lvl >= DEBUG_TRAFFIC)
1097 syslog(LOG_DEBUG, _("Received packet of %d bytes"), lenin);
1105 terminate a connection and notify the other
1106 end before closing the sockets
1108 void terminate_connection(conn_list_t *cl)
1113 if(cl->status.remove)
1116 cl->status.remove = 1;
1118 if(debug_lvl >= DEBUG_CONNECTIONS)
1119 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1120 cl->name, cl->hostname);
1125 close(cl->meta_socket);
1128 /* Find all connections that were lost because they were behind cl
1129 (the connection that was dropped). */
1132 for(p = conn_list; p != NULL; p = p->next)
1133 if((p->nexthop == cl) && (p != cl))
1134 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1136 /* Inform others of termination if it was still active */
1138 if(cl->status.active)
1139 for(p = conn_list; p != NULL; p = p->next)
1140 if(p->status.meta && p->status.active && p!=cl)
1141 send_del_host(p, cl);
1143 /* Remove the associated subnets */
1145 for(s = cl->subnets; s; s = s->next)
1148 /* Check if this was our outgoing connection */
1150 if(cl->status.outgoing && cl->status.active)
1152 signal(SIGALRM, sigalrm_handler);
1153 seconds_till_retry = 5;
1154 alarm(seconds_till_retry);
1155 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1160 cl->status.active = 0;
1165 Check if the other end is active.
1166 If we have sent packets, but didn't receive any,
1167 then possibly the other end is dead. We send a
1168 PING request over the meta connection. If the other
1169 end does not reply in time, we consider them dead
1170 and close the connection.
1172 int check_dead_connections(void)
1178 for(p = conn_list; p != NULL; p = p->next)
1180 if(p->status.active && p->status.meta)
1182 if(p->last_ping_time + timeout < now)
1184 if(p->status.pinged && !p->status.got_pong)
1186 if(debug_lvl >= DEBUG_PROTOCOL)
1187 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1188 p->name, p->hostname);
1189 p->status.timeout = 1;
1190 terminate_connection(p);
1192 else if(p->want_ping)
1195 p->last_ping_time = now;
1196 p->status.pinged = 1;
1197 p->status.got_pong = 0;
1207 accept a new tcp connect and create a
1210 int handle_new_meta_connection()
1213 struct sockaddr client;
1214 int nfd, len = sizeof(client);
1216 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1218 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1222 if(!(ncn = create_new_connection(nfd)))
1226 syslog(LOG_NOTICE, _("Closed attempted connection"));
1236 check all connections to see if anything
1237 happened on their sockets
1239 void check_network_activity(fd_set *f)
1242 int x, l = sizeof(x);
1244 for(p = conn_list; p != NULL; p = p->next)
1246 if(p->status.remove)
1249 if(p->status.dataopen)
1250 if(FD_ISSET(p->socket, f))
1253 The only thing that can happen to get us here is apparently an
1254 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1255 something that will not trigger an error directly on send()).
1256 I've once got here when it said `No route to host'.
1258 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1259 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1260 p->name, p->hostname, strerror(x));
1261 terminate_connection(p);
1266 if(FD_ISSET(p->meta_socket, f))
1267 if(receive_meta(p) < 0)
1269 terminate_connection(p);
1274 if(FD_ISSET(myself->socket, f))
1275 handle_incoming_vpn_data();
1277 if(FD_ISSET(myself->meta_socket, f))
1278 handle_new_meta_connection();
1283 read, encrypt and send data that is
1284 available through the ethertap device
1286 void handle_tap_input(void)
1291 if(taptype == TAP_TYPE_TUNTAP)
1293 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1295 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1302 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1304 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1310 total_tap_in += lenin;
1314 if(debug_lvl >= DEBUG_TRAFFIC)
1315 syslog(LOG_WARNING, _("Received short packet from tap device"));
1319 if(debug_lvl >= DEBUG_TRAFFIC)
1321 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1324 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1329 this is where it all happens...
1331 void main_loop(void)
1336 time_t last_ping_check;
1339 last_ping_check = time(NULL);
1343 tv.tv_sec = timeout;
1349 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1351 if(errno != EINTR) /* because of alarm */
1353 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1360 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1362 close_network_connections();
1363 clear_config(&config);
1365 if(read_server_config())
1367 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1373 if(setup_network_connections())
1381 /* Let's check if everybody is still alive */
1383 if(last_ping_check + timeout < t)
1385 check_dead_connections();
1386 last_ping_check = time(NULL);
1388 /* Should we regenerate our key? */
1392 if(debug_lvl >= DEBUG_STATUS)
1393 syslog(LOG_INFO, _("Regenerating symmetric key"));
1395 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1396 send_key_changed(myself, NULL);
1397 keyexpires = time(NULL) + keylifetime;
1403 check_network_activity(&fset);
1405 /* local tap data */
1406 if(FD_ISSET(tap_fd, &fset))