2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.26 2000/08/09 14:02:16 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
107 ntohs(rp.len), cl->vpn_hostname, cl->real_hostname);
109 total_socket_out += ntohs(rp.len);
113 if((cl->flags | myself->flags) & TCPONLY)
114 return send_tcppacket(cl, (void*)&rp, ntohs(rp.len));
116 if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
118 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
119 cl->vpn_hostname, cl->real_hostname);
126 int xrecv(conn_list_t *cl, void *packet)
131 do_decrypt((real_packet_t*)packet, &vp, cl->key);
132 add_mac_addresses(&vp);
135 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
136 ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname);
138 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
139 syslog(LOG_ERR, _("Can't write to tap device: %m"));
141 total_tap_out += lenin;
144 cl->last_ping_time = time(NULL);
149 int tcprecv(conn_list_t *cl, real_packet_t *rp)
155 rp->data.len = ntohs(rp->data.len);
156 rp->len = ntohs(rp->len);
157 rp->from = ntohl(rp->from);
159 total_socket_in += rp->len;
163 f = lookup_conn(rp->from);
166 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
167 cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp->from));
171 if(f->status.validkey)
173 do_decrypt(rp, &vp, cl->key);
174 add_mac_addresses(&vp);
177 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
178 rp->len, cl->vpn_hostname, cl->real_hostname);
180 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
181 syslog(LOG_ERR, _("Can't write to tap device: %m"));
183 total_tap_out += lenin;
187 add_queue(&(cl->sq), rp, rp->len + 2);
188 if(!cl->status.waitingforkey)
189 send_key_request(rp->from);
192 if(my_key_expiry <= time(NULL))
197 cl->last_ping_time = time(NULL);
203 add the given packet of size s to the
204 queue q, be it the send or receive queue
206 void add_queue(packet_queue_t **q, void *packet, size_t s)
210 e = xmalloc(sizeof(*e));
211 e->packet = xmalloc(s);
212 memcpy(e->packet, packet, s);
216 *q = xmalloc(sizeof(**q));
217 (*q)->head = (*q)->tail = NULL;
220 e->next = NULL; /* We insert at the tail */
222 if((*q)->tail) /* Do we have a tail? */
224 (*q)->tail->next = e;
225 e->prev = (*q)->tail;
227 else /* No tail -> no head too */
237 /* Remove a queue element */
238 void del_queue(packet_queue_t **q, queue_element_t *e)
243 if(e->next) /* There is a successor, so we are not tail */
245 if(e->prev) /* There is a predecessor, so we are not head */
247 e->next->prev = e->prev;
248 e->prev->next = e->next;
250 else /* We are head */
252 e->next->prev = NULL;
253 (*q)->head = e->next;
256 else /* We are tail (or all alone!) */
258 if(e->prev) /* We are not alone :) */
260 e->prev->next = NULL;
261 (*q)->tail = e->prev;
275 flush a queue by calling function for
276 each packet, and removing it when that
277 returned a zero exit code
279 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
280 int (*function)(conn_list_t*,void*))
282 queue_element_t *p, *next = NULL;
284 for(p = (*pq)->head; p != NULL; )
288 if(!function(cl, p->packet))
295 syslog(LOG_DEBUG, _("Queue flushed"));
300 flush the send&recv queues
301 void because nothing goes wrong here, packets
302 remain in the queue if something goes wrong
304 void flush_queues(conn_list_t *cl)
310 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
311 cl->vpn_hostname, cl->real_hostname);
312 flush_queue(cl, &(cl->sq), xsend);
318 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
319 cl->vpn_hostname, cl->real_hostname);
320 flush_queue(cl, &(cl->rq), xrecv);
326 send a packet to the given vpn ip.
328 int send_packet(ip_t to, vpn_packet_t *packet)
332 if((cl = lookup_conn(to)) == NULL)
336 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
340 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
344 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
346 { /* No open outgoing connection has been found. */
348 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
353 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
355 if(myself->flags & EXPORTINDIRECTDATA)
357 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
359 { /* No open outgoing connection has been found. */
361 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
367 /* If indirectdata flag is set for the destination we just looked up,
368 * then real_ip is actually the vpn_ip of the gateway tincd
372 if(cl->flags & INDIRECTDATA)
375 syslog(LOG_NOTICE, _("Indirect packet to %s via %s"),
376 cl->vpn_hostname, cl->real_hostname);
377 if((cl = lookup_conn(cl->real_ip)) == NULL)
380 syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"),
383 /* Gateway tincd dead? Should we kill it? (GS) */
387 if(cl->flags & INDIRECTDATA) /* This should not happen */
390 syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"),
396 if(my_key_expiry <= time(NULL))
399 if(!cl->status.dataopen)
400 if(setup_vpn_connection(cl) < 0)
402 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->vpn_hostname, cl->real_hostname);
406 if(!cl->status.validkey)
409 syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->vpn_hostname, cl->real_hostname);
410 add_queue(&(cl->sq), packet, packet->len + 2);
411 if(!cl->status.waitingforkey)
412 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
416 if(!cl->status.active)
419 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->vpn_hostname, cl->real_hostname);
420 add_queue(&(cl->sq), packet, packet->len + 2);
421 return 0; /* We don't want to mess up, do we? */
424 /* can we send it? can we? can we? huh? */
426 return xsend(cl, packet);
430 open the local ethertap device
432 int setup_tap_fd(void)
435 const char *tapfname;
438 if((cfg = get_config_val(tapdevice)) == NULL)
439 tapfname = "/dev/tap0";
441 tapfname = cfg->data.ptr;
443 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
445 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
455 set up the socket that we listen on for incoming
458 int setup_listen_meta_socket(int port)
461 struct sockaddr_in a;
465 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
467 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
471 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
473 syslog(LOG_ERR, _("setsockopt: %m"));
477 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
479 syslog(LOG_ERR, _("setsockopt: %m"));
483 flags = fcntl(nfd, F_GETFL);
484 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
486 syslog(LOG_ERR, _("fcntl: %m"));
490 if((cfg = get_config_val(interface)))
492 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
494 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
499 memset(&a, 0, sizeof(a));
500 a.sin_family = AF_INET;
501 a.sin_port = htons(port);
503 if((cfg = get_config_val(interfaceip)))
504 a.sin_addr.s_addr = htonl(cfg->data.ip->ip);
506 a.sin_addr.s_addr = htonl(INADDR_ANY);
508 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
510 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
516 syslog(LOG_ERR, _("listen: %m"));
524 setup the socket for incoming encrypted
527 int setup_vpn_in_socket(int port)
530 struct sockaddr_in a;
533 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
535 syslog(LOG_ERR, _("Creating socket failed: %m"));
539 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
541 syslog(LOG_ERR, _("setsockopt: %m"));
545 flags = fcntl(nfd, F_GETFL);
546 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
548 syslog(LOG_ERR, _("fcntl: %m"));
552 memset(&a, 0, sizeof(a));
553 a.sin_family = AF_INET;
554 a.sin_port = htons(port);
555 a.sin_addr.s_addr = htonl(INADDR_ANY);
557 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
559 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
567 setup an outgoing meta (tcp) socket
569 int setup_outgoing_meta_socket(conn_list_t *cl)
572 struct sockaddr_in a;
576 syslog(LOG_INFO, _("Trying to connect to %s"), cl->real_hostname);
578 if((cfg = get_config_val(upstreamport)) == NULL)
581 cl->port = cfg->data.val;
583 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
584 if(cl->meta_socket == -1)
586 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
587 cl->real_hostname, cl->port);
591 a.sin_family = AF_INET;
592 a.sin_port = htons(cl->port);
593 a.sin_addr.s_addr = htonl(cl->real_ip);
595 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
597 syslog(LOG_ERR, _("%s port %hd: %m"), cl->real_hostname, cl->port);
601 flags = fcntl(cl->meta_socket, F_GETFL);
602 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
604 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
605 cl->real_hostname, cl->port);
610 syslog(LOG_INFO, _("Connected to %s port %hd"),
611 cl->real_hostname, cl->port);
617 setup an outgoing connection. It's not
618 necessary to also open an udp socket as
619 well, because the other host will initiate
620 an authentication sequence during which
621 we will do just that.
623 int setup_outgoing_connection(char *hostname)
628 if(!(h = gethostbyname(hostname)))
630 syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname);
634 ncn = new_conn_list();
635 ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0])));
636 ncn->real_hostname = hostlookup(htonl(ncn->real_ip));
638 if(setup_outgoing_meta_socket(ncn) < 0)
640 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
642 free_conn_element(ncn);
646 ncn->status.meta = 1;
647 ncn->status.outgoing = 1;
648 ncn->next = conn_list;
655 set up the local sockets (listen only)
657 int setup_myself(void)
661 myself = new_conn_list();
663 if(!(cfg = get_config_val(myvpnip)))
665 syslog(LOG_ERR, _("No value for my VPN IP given"));
669 myself->vpn_ip = cfg->data.ip->ip;
670 myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip));
671 myself->real_hostname = hostlookup(htonl(myself->vpn_ip));
672 myself->vpn_mask = cfg->data.ip->mask;
675 if(!(cfg = get_config_val(listenport)))
678 myself->port = cfg->data.val;
680 if((cfg = get_config_val(indirectdata)))
681 if(cfg->data.val == stupid_true)
682 myself->flags |= EXPORTINDIRECTDATA;
684 if((cfg = get_config_val(tcponly)))
685 if(cfg->data.val == stupid_true)
686 myself->flags |= TCPONLY;
688 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
690 syslog(LOG_ERR, _("Unable to set up a listening socket"));
694 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
696 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
697 close(myself->meta_socket);
701 myself->status.active = 1;
703 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
709 sigalrm_handler(int a)
713 cfg = get_next_config_val(upstreamip, upstreamindex++);
717 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
719 signal(SIGALRM, SIG_IGN);
722 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
725 signal(SIGALRM, sigalrm_handler);
727 seconds_till_retry += 5;
728 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
729 seconds_till_retry = MAXTIMEOUT;
730 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
732 alarm(seconds_till_retry);
737 setup all initial network connections
739 int setup_network_connections(void)
743 if((cfg = get_config_val(pingtimeout)) == NULL)
746 timeout = cfg->data.val;
748 if(setup_tap_fd() < 0)
751 if(setup_myself() < 0)
754 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
755 /* No upstream IP given, we're listen only. */
760 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
762 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
765 signal(SIGALRM, sigalrm_handler);
767 seconds_till_retry = MAXTIMEOUT;
768 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
769 alarm(seconds_till_retry);
775 close all open network connections
777 void close_network_connections(void)
781 for(p = conn_list; p != NULL; p = p->next)
783 if(p->status.dataopen)
785 shutdown(p->socket, 0); /* No more receptions */
791 shutdown(p->meta_socket, 0); /* No more receptions */
792 close(p->meta_socket);
797 if(myself->status.active)
799 close(myself->meta_socket);
800 close(myself->socket);
806 syslog(LOG_NOTICE, _("Terminating"));
812 create a data (udp) socket
814 int setup_vpn_connection(conn_list_t *cl)
817 struct sockaddr_in a;
820 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->real_hostname);
822 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
825 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
829 a.sin_family = AF_INET;
830 a.sin_port = htons(cl->port);
831 a.sin_addr.s_addr = htonl(cl->real_ip);
833 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
835 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
836 cl->real_hostname, cl->port);
840 flags = fcntl(nfd, F_GETFL);
841 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
843 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
844 cl->vpn_hostname, cl->real_hostname);
849 cl->status.dataopen = 1;
855 handle an incoming tcp connect call and open
858 conn_list_t *create_new_connection(int sfd)
861 struct sockaddr_in ci;
862 int len = sizeof(ci);
866 if(getpeername(sfd, &ci, &len) < 0)
868 syslog(LOG_ERR, _("Error: getpeername: %m"));
872 p->real_ip = ntohl(ci.sin_addr.s_addr);
873 p->real_hostname = hostlookup(ci.sin_addr.s_addr);
874 p->meta_socket = sfd;
877 p->last_ping_time = time(NULL);
881 syslog(LOG_NOTICE, _("Connection from %s port %d"),
882 p->real_hostname, htons(ci.sin_port));
884 if(send_basic_info(p) < 0)
886 free_conn_element(p);
894 put all file descriptors in an fd_set array
896 void build_fdset(fd_set *fs)
902 for(p = conn_list; p != NULL; p = p->next)
905 FD_SET(p->meta_socket, fs);
906 if(p->status.dataopen)
907 FD_SET(p->socket, fs);
910 FD_SET(myself->meta_socket, fs);
911 FD_SET(myself->socket, fs);
917 receive incoming data from the listening
918 udp socket and write it to the ethertap
919 device after being decrypted
921 int handle_incoming_vpn_data(conn_list_t *cl)
925 int x, l = sizeof(x);
928 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
930 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket,
931 cl->vpn_hostname, cl->real_hostname);
936 syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"),
937 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
942 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
945 syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->vpn_hostname, cl->real_hostname);
948 total_socket_in += lenin;
950 rp.data.len = ntohs(rp.data.len);
951 rp.len = ntohs(rp.len);
952 rp.from = ntohl(rp.from);
956 f = lookup_conn(rp.from);
959 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
960 cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from));
964 if(f->status.validkey)
968 add_queue(&(f->rq), &rp, rp.len);
969 if(!cl->status.waitingforkey)
970 send_key_request(rp.from);
973 if(my_key_expiry <= time(NULL))
981 terminate a connection and notify the other
982 end before closing the sockets
984 void terminate_connection(conn_list_t *cl)
989 if(cl->status.remove)
993 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
994 cl->vpn_hostname, cl->real_hostname);
996 if(cl->status.timeout)
998 /* else if(!cl->status.termreq)
1005 close(cl->meta_socket);
1007 cl->status.remove = 1;
1009 /* If this cl isn't active, don't send any DEL_HOSTs. */
1010 if(cl->status.active)
1011 notify_others(cl,NULL,send_del_host);
1014 /* Find all connections that were lost because they were behind cl
1015 (the connection that was dropped). */
1017 for(p = conn_list; p != NULL; p = p->next)
1019 if((p->nexthop == cl) && (p != cl))
1021 if(cl->status.active && p->status.active)
1022 notify_others(p,cl,send_del_host);
1025 p->status.active = 0;
1026 p->status.remove = 1;
1030 cl->status.active = 0;
1032 if(cl->status.outgoing)
1034 signal(SIGALRM, sigalrm_handler);
1035 seconds_till_retry = 5;
1036 alarm(seconds_till_retry);
1037 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1043 Check if the other end is active.
1044 If we have sent packets, but didn't receive any,
1045 then possibly the other end is dead. We send a
1046 PING request over the meta connection. If the other
1047 end does not reply in time, we consider them dead
1048 and close the connection.
1050 int check_dead_connections(void)
1056 for(p = conn_list; p != NULL; p = p->next)
1058 if(p->status.remove)
1060 if(p->status.active && p->status.meta)
1062 if(p->last_ping_time + timeout < now)
1064 if(p->status.pinged && !p->status.got_pong)
1067 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1068 p->vpn_hostname, p->real_hostname);
1069 p->status.timeout = 1;
1070 terminate_connection(p);
1072 else if(p->want_ping)
1075 p->last_ping_time = now;
1076 p->status.pinged = 1;
1077 p->status.got_pong = 0;
1087 accept a new tcp connect and create a
1090 int handle_new_meta_connection(conn_list_t *cl)
1093 struct sockaddr client;
1094 int nfd, len = sizeof(client);
1096 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1098 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1102 if(!(ncn = create_new_connection(nfd)))
1106 syslog(LOG_NOTICE, _("Closed attempted connection"));
1110 ncn->status.meta = 1;
1111 ncn->next = conn_list;
1118 dispatch any incoming meta requests
1120 int handle_incoming_meta_data(conn_list_t *cl)
1122 int x, l = sizeof(x);
1123 int request, oldlen, i;
1126 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1128 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket,
1129 cl->vpn_hostname, cl->real_hostname);
1134 syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"),
1135 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
1139 if(cl->buflen >= MAXBUFSIZE)
1141 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1145 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE - cl->buflen);
1154 syslog(LOG_NOTICE, _("Connection closed by %s (%s)"),
1155 cl->vpn_hostname, cl->real_hostname);
1158 syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"),
1159 cl->vpn_hostname, cl->real_hostname);
1163 oldlen = cl->buflen;
1164 cl->buflen += lenin;
1170 if(cl->buflen >= cl->tcppacket)
1172 tcprecv(cl, (real_packet_t *)cl->buffer);
1173 cl->buflen -= cl->tcppacket;
1174 memmove(cl->buffer, cl->buffer + cl->tcppacket, cl->buflen);
1187 for(i = oldlen; i < cl->buflen; i++)
1189 if(cl->buffer[i] == '\n')
1191 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1200 syslog(LOG_DEBUG, _("Got request from %s (%s): %s"),
1201 cl->vpn_hostname, cl->real_hostname, cl->buffer);
1202 if(sscanf(cl->buffer, "%d", &request) == 1)
1204 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1206 syslog(LOG_ERR, _("Unknown request from %s (%s)"),
1207 cl->vpn_hostname, cl->real_hostname);
1211 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1213 syslog(LOG_ERR, _("Error while processing request from %s (%s)"),
1214 cl->vpn_hostname, cl->real_hostname);
1220 syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
1221 cl->vpn_hostname, cl->real_hostname);
1225 cl->buflen -= cl->reqlen;
1226 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1236 cl->last_ping_time = time(NULL);
1243 check all connections to see if anything
1244 happened on their sockets
1246 void check_network_activity(fd_set *f)
1249 int x, l = sizeof(x);
1251 for(p = conn_list; p != NULL; p = p->next)
1253 if(p->status.remove)
1256 if(p->status.dataopen)
1257 if(FD_ISSET(p->socket, f))
1260 The only thing that can happen to get us here is apparently an
1261 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1262 something that will not trigger an error directly on send()).
1263 I've once got here when it said `No route to host'.
1265 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1266 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1267 p->vpn_hostname, p->real_hostname, sys_errlist[x]);
1268 terminate_connection(p);
1273 if(FD_ISSET(p->meta_socket, f))
1274 if(handle_incoming_meta_data(p) < 0)
1276 terminate_connection(p);
1281 if(FD_ISSET(myself->socket, f))
1282 handle_incoming_vpn_data(myself);
1284 if(FD_ISSET(myself->meta_socket, f))
1285 handle_new_meta_connection(myself);
1290 read, encrypt and send data that is
1291 available through the ethertap device
1293 void handle_tap_input(void)
1297 int ether_type, lenin;
1299 memset(&vp, 0, sizeof(vp));
1300 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1302 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1306 total_tap_in += lenin;
1308 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1309 if(ether_type != 0x0800)
1312 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1313 ether_type, MAC_ADDR_V(vp.data[6]));
1320 syslog(LOG_INFO, _("Dropping short packet"));
1324 from = ntohl(*((unsigned long*)(&vp.data[26])));
1325 to = ntohl(*((unsigned long*)(&vp.data[30])));
1327 vp.len = (length_t)lenin - 2;
1329 strip_mac_addresses(&vp);
1331 send_packet(to, &vp);
1336 this is where it all happens...
1338 void main_loop(void)
1343 time_t last_ping_check;
1345 last_ping_check = time(NULL);
1349 tv.tv_sec = timeout;
1355 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1357 if(errno != EINTR) /* because of alarm */
1359 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1367 close_network_connections();
1369 if(read_config_file(configfilename))
1371 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1375 setup_network_connections();
1379 if(last_ping_check + timeout < time(NULL))
1380 /* Let's check if everybody is still alive */
1382 check_dead_connections();
1383 last_ping_check = time(NULL);
1388 check_network_activity(&fset);
1390 /* local tap data */
1391 if(FD_ISSET(tap_fd, &fset))