2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.30 2000/09/15 12:58:39 zarq Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int str2opt(const char *str) {
103 char *opt2str(int opt) {
106 snprintf(s, 49, "%d", opt);
110 int xsend(conn_list_t *cl, void *packet)
114 do_encrypt((vpn_packet_t*)packet, &rp, cl->datakey);
115 rp.from = htonl(myself->vpn_ip);
116 rp.data.len = htons(rp.data.len);
117 rp.len = htons(rp.len);
120 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
121 ntohs(rp.len), cl->name, cl->hostname);
123 total_socket_out += ntohs(rp.len);
127 if((cl->flags | myself->flags) & TCPONLY)
128 return send_tcppacket(cl, (void*)&rp, ntohs(rp.len));
130 if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
132 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
133 cl->name, cl->hostname);
140 int xrecv(conn_list_t *cl, void *packet)
145 do_decrypt((real_packet_t*)packet, &vp, cl->datakey);
146 add_mac_addresses(&vp);
149 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
150 ((real_packet_t*)packet)->len, cl->name, cl->hostname);
152 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
153 syslog(LOG_ERR, _("Can't write to tap device: %m"));
155 total_tap_out += lenin;
158 cl->last_ping_time = time(NULL);
164 add the given packet of size s to the
165 queue q, be it the send or receive queue
167 void add_queue(packet_queue_t **q, void *packet, size_t s)
171 e = xmalloc(sizeof(*e));
172 e->packet = xmalloc(s);
173 memcpy(e->packet, packet, s);
177 *q = xmalloc(sizeof(**q));
178 (*q)->head = (*q)->tail = NULL;
181 e->next = NULL; /* We insert at the tail */
183 if((*q)->tail) /* Do we have a tail? */
185 (*q)->tail->next = e;
186 e->prev = (*q)->tail;
188 else /* No tail -> no head too */
198 /* Remove a queue element */
199 void del_queue(packet_queue_t **q, queue_element_t *e)
204 if(e->next) /* There is a successor, so we are not tail */
206 if(e->prev) /* There is a predecessor, so we are not head */
208 e->next->prev = e->prev;
209 e->prev->next = e->next;
211 else /* We are head */
213 e->next->prev = NULL;
214 (*q)->head = e->next;
217 else /* We are tail (or all alone!) */
219 if(e->prev) /* We are not alone :) */
221 e->prev->next = NULL;
222 (*q)->tail = e->prev;
236 flush a queue by calling function for
237 each packet, and removing it when that
238 returned a zero exit code
240 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
241 int (*function)(conn_list_t*,void*))
243 queue_element_t *p, *next = NULL;
245 for(p = (*pq)->head; p != NULL; )
249 if(!function(cl, p->packet))
256 syslog(LOG_DEBUG, _("Queue flushed"));
261 flush the send&recv queues
262 void because nothing goes wrong here, packets
263 remain in the queue if something goes wrong
265 void flush_queues(conn_list_t *cl)
271 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
272 cl->name, cl->hostname);
273 flush_queue(cl, &(cl->sq), xsend);
279 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
280 cl->name, cl->hostname);
281 flush_queue(cl, &(cl->rq), xrecv);
287 send a packet to the given vpn ip.
289 int send_packet(ip_t to, vpn_packet_t *packet)
293 if((cl = lookup_conn(to)) == NULL)
297 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
304 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
306 /* The next few lines will be obsoleted, if we are going indirect, matching subnet_t
307 should point to only our uplink as the recepient
310 if(myself->flags & EXPORTINDIRECTDATA)
312 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
314 { /* No open outgoing connection has been found. */
316 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
322 /* If indirectdata flag is set for the destination we just looked up,
323 * then real_ip is actually the vpn_ip of the gateway tincd
327 if(cl->flags & INDIRECTDATA)
330 syslog(LOG_NOTICE, _("Indirect packet to %s via %s"),
331 cl->name, cl->hostname);
332 if((cl = lookup_conn(cl->real_ip)) == NULL)
335 syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"), IP_ADDR_V(to));
337 /* Gateway tincd dead? Should we kill it? (GS) */
341 if(cl->flags & INDIRECTDATA) /* This should not happen */
344 syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"), IP_ADDR_V(to));
349 if(my_key_expiry <= time(NULL))
352 if(!cl->status.dataopen)
353 if(setup_vpn_connection(cl) < 0)
355 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
356 cl->name, cl->hostname);
360 if(!cl->status.validkey)
363 syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"),
364 cl->name, cl->hostname);
365 add_queue(&(cl->sq), packet, packet->len + 2);
366 if(!cl->status.waitingforkey)
367 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
371 if(!cl->status.active)
374 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
375 cl->name, cl->hostname);
376 add_queue(&(cl->sq), packet, packet->len + 2);
377 return 0; /* We don't want to mess up, do we? */
380 /* can we send it? can we? can we? huh? */
382 return xsend(cl, packet);
386 open the local ethertap device
388 int setup_tap_fd(void)
391 const char *tapfname;
394 if((cfg = get_config_val(tapdevice)) == NULL)
395 tapfname = "/dev/tap0";
397 tapfname = cfg->data.ptr;
399 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
401 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
411 set up the socket that we listen on for incoming
414 int setup_listen_meta_socket(int port)
417 struct sockaddr_in a;
421 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
423 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
427 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
429 syslog(LOG_ERR, _("setsockopt: %m"));
433 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
435 syslog(LOG_ERR, _("setsockopt: %m"));
439 flags = fcntl(nfd, F_GETFL);
440 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
442 syslog(LOG_ERR, _("fcntl: %m"));
446 if((cfg = get_config_val(interface)))
448 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
450 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
455 memset(&a, 0, sizeof(a));
456 a.sin_family = AF_INET;
457 a.sin_port = htons(port);
459 if((cfg = get_config_val(interfaceip)))
460 a.sin_addr.s_addr = htonl(cfg->data.ip->ip);
462 a.sin_addr.s_addr = htonl(INADDR_ANY);
464 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
466 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
472 syslog(LOG_ERR, _("listen: %m"));
480 setup the socket for incoming encrypted
483 int setup_vpn_in_socket(int port)
486 struct sockaddr_in a;
489 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
491 syslog(LOG_ERR, _("Creating socket failed: %m"));
495 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
497 syslog(LOG_ERR, _("setsockopt: %m"));
501 flags = fcntl(nfd, F_GETFL);
502 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
504 syslog(LOG_ERR, _("fcntl: %m"));
508 memset(&a, 0, sizeof(a));
509 a.sin_family = AF_INET;
510 a.sin_port = htons(port);
511 a.sin_addr.s_addr = htonl(INADDR_ANY);
513 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
515 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
523 setup an outgoing meta (tcp) socket
525 int setup_outgoing_meta_socket(conn_list_t *cl)
528 struct sockaddr_in a;
532 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
534 if((cfg = get_config_val(upstreamport)) == NULL)
537 cl->port = cfg->data.val;
539 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
540 if(cl->meta_socket == -1)
542 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
543 cl->hostname, cl->port);
547 a.sin_family = AF_INET;
548 a.sin_port = htons(cl->port);
549 a.sin_addr.s_addr = htonl(cl->real_ip);
551 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
553 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
557 flags = fcntl(cl->meta_socket, F_GETFL);
558 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
560 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
561 cl->hostname, cl->port);
566 syslog(LOG_INFO, _("Connected to %s port %hd"),
567 cl->hostname, cl->port);
573 setup an outgoing connection. It's not
574 necessary to also open an udp socket as
575 well, because the other host will initiate
576 an authentication sequence during which
577 we will do just that.
579 int setup_outgoing_connection(char *hostname)
584 if(!(h = gethostbyname(hostname)))
586 syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname);
590 ncn = new_conn_list();
591 ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0])));
592 ncn->hostname = hostlookup(htonl(ncn->real_ip));
594 if(setup_outgoing_meta_socket(ncn) < 0)
596 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
598 free_conn_element(ncn);
602 ncn->status.meta = 1;
603 ncn->status.outgoing = 1;
604 ncn->next = conn_list;
611 set up the local sockets (listen only)
613 int setup_myself(void)
617 myself = new_conn_list();
619 if(!(cfg = get_config_val(myvpnip)))
621 syslog(LOG_ERR, _("No value for my VPN IP given"));
625 myself->vpn_ip = cfg->data.ip->ip;
626 myself->hostname = hostlookup(htonl(myself->vpn_ip));
627 myself->vpn_mask = cfg->data.ip->mask;
630 if(!(cfg = get_config_val(tincname)))
631 asprintf(&(myself->name), IP_ADDR_S, IP_ADDR_V(myself->vpn_ip));
633 myself->name = (char*)cfg->data.val;
635 if(!(cfg = get_config_val(listenport)))
638 myself->port = cfg->data.val;
640 if((cfg = get_config_val(indirectdata)))
641 if(cfg->data.val == stupid_true)
642 myself->flags |= EXPORTINDIRECTDATA;
644 if((cfg = get_config_val(tcponly)))
645 if(cfg->data.val == stupid_true)
646 myself->flags |= TCPONLY;
648 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
650 syslog(LOG_ERR, _("Unable to set up a listening socket"));
654 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
656 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
657 close(myself->meta_socket);
661 myself->status.active = 1;
663 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
669 sigalrm_handler(int a)
673 cfg = get_next_config_val(upstreamip, upstreamindex++);
677 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
679 signal(SIGALRM, SIG_IGN);
682 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
685 signal(SIGALRM, sigalrm_handler);
687 seconds_till_retry += 5;
688 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
689 seconds_till_retry = MAXTIMEOUT;
690 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
692 alarm(seconds_till_retry);
697 setup all initial network connections
699 int setup_network_connections(void)
703 if((cfg = get_config_val(pingtimeout)) == NULL)
706 timeout = cfg->data.val;
708 if(setup_tap_fd() < 0)
711 if(setup_myself() < 0)
714 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
715 /* No upstream IP given, we're listen only. */
720 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
722 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
725 signal(SIGALRM, sigalrm_handler);
727 seconds_till_retry = MAXTIMEOUT;
728 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
729 alarm(seconds_till_retry);
735 close all open network connections
737 void close_network_connections(void)
741 for(p = conn_list; p != NULL; p = p->next)
743 if(p->status.dataopen)
745 shutdown(p->socket, 0); /* No more receptions */
751 shutdown(p->meta_socket, 0); /* No more receptions */
752 close(p->meta_socket);
757 if(myself->status.active)
759 close(myself->meta_socket);
760 close(myself->socket);
766 syslog(LOG_NOTICE, _("Terminating"));
772 create a data (udp) socket
774 int setup_vpn_connection(conn_list_t *cl)
777 struct sockaddr_in a;
780 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
782 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
785 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
789 a.sin_family = AF_INET;
790 a.sin_port = htons(cl->port);
791 a.sin_addr.s_addr = htonl(cl->real_ip);
793 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
795 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
796 cl->hostname, cl->port);
800 flags = fcntl(nfd, F_GETFL);
801 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
803 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
804 cl->name, cl->hostname);
809 cl->status.dataopen = 1;
815 handle an incoming tcp connect call and open
818 conn_list_t *create_new_connection(int sfd)
821 struct sockaddr_in ci;
822 int len = sizeof(ci);
826 if(getpeername(sfd, &ci, &len) < 0)
828 syslog(LOG_ERR, _("Error: getpeername: %m"));
832 p->real_ip = ntohl(ci.sin_addr.s_addr);
833 p->hostname = hostlookup(ci.sin_addr.s_addr);
834 p->meta_socket = sfd;
837 p->last_ping_time = time(NULL);
841 syslog(LOG_NOTICE, _("Connection from %s port %d"),
842 p->hostname, htons(ci.sin_port));
844 if(send_basic_info(p) < 0)
846 free_conn_element(p);
854 put all file descriptors in an fd_set array
856 void build_fdset(fd_set *fs)
862 for(p = conn_list; p != NULL; p = p->next)
865 FD_SET(p->meta_socket, fs);
866 if(p->status.dataopen)
867 FD_SET(p->socket, fs);
870 FD_SET(myself->meta_socket, fs);
871 FD_SET(myself->socket, fs);
877 receive incoming data from the listening
878 udp socket and write it to the ethertap
879 device after being decrypted
881 int handle_incoming_vpn_data(conn_list_t *cl)
885 int x, l = sizeof(x);
888 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
890 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"),
891 __FILE__, __LINE__, cl->socket,
892 cl->name, cl->hostname);
897 syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"),
898 cl->name, cl->hostname, strerror(x));
903 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
906 syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"),
907 cl->name, cl->hostname);
910 total_socket_in += lenin;
912 rp.data.len = ntohs(rp.data.len);
913 rp.len = ntohs(rp.len);
914 rp.from = ntohl(rp.from);
918 f = lookup_conn(rp.from);
921 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
922 cl->name, cl->hostname, IP_ADDR_V(rp.from));
926 if(f->status.validkey)
930 add_queue(&(f->rq), &rp, rp.len);
931 if(!cl->status.waitingforkey)
932 send_key_request(rp.from);
935 if(my_key_expiry <= time(NULL))
943 terminate a connection and notify the other
944 end before closing the sockets
946 void terminate_connection(conn_list_t *cl)
951 if(cl->status.remove)
955 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
956 cl->name, cl->hostname);
958 if(cl->status.timeout)
960 /* else if(!cl->status.termreq)
967 close(cl->meta_socket);
969 cl->status.remove = 1;
971 /* If this cl isn't active, don't send any DEL_HOSTs. */
972 if(cl->status.active)
973 notify_others(cl,NULL,send_del_host);
976 /* Find all connections that were lost because they were behind cl
977 (the connection that was dropped). */
979 for(p = conn_list; p != NULL; p = p->next)
981 if((p->nexthop == cl) && (p != cl))
983 if(cl->status.active && p->status.active)
984 notify_others(p,cl,send_del_host);
987 p->status.active = 0;
988 p->status.remove = 1;
992 cl->status.active = 0;
994 if(cl->status.outgoing)
996 signal(SIGALRM, sigalrm_handler);
997 seconds_till_retry = 5;
998 alarm(seconds_till_retry);
999 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1005 Check if the other end is active.
1006 If we have sent packets, but didn't receive any,
1007 then possibly the other end is dead. We send a
1008 PING request over the meta connection. If the other
1009 end does not reply in time, we consider them dead
1010 and close the connection.
1012 int check_dead_connections(void)
1018 for(p = conn_list; p != NULL; p = p->next)
1020 if(p->status.remove)
1022 if(p->status.active && p->status.meta)
1024 if(p->last_ping_time + timeout < now)
1026 if(p->status.pinged && !p->status.got_pong)
1029 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1030 p->name, p->hostname);
1031 p->status.timeout = 1;
1032 terminate_connection(p);
1034 else if(p->want_ping)
1037 p->last_ping_time = now;
1038 p->status.pinged = 1;
1039 p->status.got_pong = 0;
1049 accept a new tcp connect and create a
1052 int handle_new_meta_connection(conn_list_t *cl)
1055 struct sockaddr client;
1056 int nfd, len = sizeof(client);
1058 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1060 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1064 if(!(ncn = create_new_connection(nfd)))
1068 syslog(LOG_NOTICE, _("Closed attempted connection"));
1072 ncn->status.meta = 1;
1073 ncn->next = conn_list;
1080 dispatch any incoming meta requests
1082 int handle_incoming_meta_data(conn_list_t *cl)
1084 int x, l = sizeof(x);
1085 int request, oldlen, i;
1088 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1090 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket,
1091 cl->name, cl->hostname);
1096 syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"),
1097 cl->name, cl->hostname, strerror(x));
1101 lenin = read(cl->meta_socket, cl->buffer+cl->buflen, MAXBUFSIZE - cl->buflen);
1109 if(debug_lvl>DEBUG_CONNECTIONS)
1110 syslog(LOG_NOTICE, _("Connection closed by %s (%s)"),
1111 cl->name, cl->hostname);
1114 syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"),
1115 cl->name, cl->hostname);
1119 if(cl->status.encryptin)
1121 /* FIXME: do decryption. */
1124 oldlen = cl->buflen;
1125 cl->buflen += lenin;
1131 for(i = oldlen; i < cl->buflen; i++)
1133 if(cl->buffer[i] == '\n')
1135 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1143 if(debug_lvl > DEBUG_PROTOCOL)
1144 syslog(LOG_DEBUG, _("Got request from %s (%s): %s"),
1145 cl->name, cl->hostname, cl->buffer);
1146 if(sscanf(cl->buffer, "%d", &request) == 1)
1148 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1150 syslog(LOG_ERR, _("Unknown request from %s (%s)"),
1151 cl->name, cl->hostname);
1156 if(debug_lvl > DEBUG_PROTOCOL)
1157 syslog(LOG_DEBUG, _("Got %s from %s (%s)"),
1158 request_name[request], cl->name, cl->hostname);
1160 if(request_handlers[request](cl))
1161 /* Something went wrong. Probably scriptkiddies. Terminate. */
1163 syslog(LOG_ERR, _("Error while processing %s from %s (%s)"),
1164 request_name[request], cl->name, cl->hostname);
1170 syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
1171 cl->name, cl->hostname);
1175 cl->buflen -= cl->reqlen;
1176 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1185 if(cl->buflen >= MAXBUFSIZE)
1187 syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"),
1188 cl->name, cl->hostname);
1192 cl->last_ping_time = time(NULL);
1199 check all connections to see if anything
1200 happened on their sockets
1202 void check_network_activity(fd_set *f)
1205 int x, l = sizeof(x);
1207 for(p = conn_list; p != NULL; p = p->next)
1209 if(p->status.remove)
1212 if(p->status.dataopen)
1213 if(FD_ISSET(p->socket, f))
1216 The only thing that can happen to get us here is apparently an
1217 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1218 something that will not trigger an error directly on send()).
1219 I've once got here when it said `No route to host'.
1221 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1222 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1223 p->name, p->hostname, strerror(x));
1224 terminate_connection(p);
1229 if(FD_ISSET(p->meta_socket, f))
1230 if(handle_incoming_meta_data(p) < 0)
1232 terminate_connection(p);
1237 if(FD_ISSET(myself->socket, f))
1238 handle_incoming_vpn_data(myself);
1240 if(FD_ISSET(myself->meta_socket, f))
1241 handle_new_meta_connection(myself);
1246 read, encrypt and send data that is
1247 available through the ethertap device
1249 void handle_tap_input(void)
1253 int ether_type, lenin;
1255 memset(&vp, 0, sizeof(vp));
1256 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1258 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1262 total_tap_in += lenin;
1264 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1265 if(ether_type != 0x0800)
1268 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6]));
1275 syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6]));
1279 from = ntohl(*((unsigned long*)(&vp.data[26])));
1280 to = ntohl(*((unsigned long*)(&vp.data[30])));
1282 vp.len = (length_t)lenin - 2;
1284 strip_mac_addresses(&vp);
1286 send_packet(to, &vp);
1291 this is where it all happens...
1293 void main_loop(void)
1298 time_t last_ping_check;
1300 last_ping_check = time(NULL);
1304 tv.tv_sec = timeout;
1310 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1312 if(errno != EINTR) /* because of alarm */
1314 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1323 syslog(LOG_INFO, _("Rereading configuration file"));
1324 close_network_connections();
1326 if(read_config_file(configfilename))
1328 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1332 setup_network_connections();
1336 if(last_ping_check + timeout < time(NULL))
1337 /* Let's check if everybody is still alive */
1339 check_dead_connections();
1340 last_ping_check = time(NULL);
1345 check_network_activity(&fset);
1347 /* local tap data */
1348 if(FD_ISSET(tap_fd, &fset))