2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.50 2000/10/29 00:02:18 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
44 #include LINUX_IF_TUN_H
62 int taptype = TAP_TYPE_ETHERTAP;
64 int total_tap_out = 0;
65 int total_socket_in = 0;
66 int total_socket_out = 0;
68 config_t *upstreamcfg;
69 static int seconds_till_retry;
76 strip off the MAC adresses of an ethernet frame
78 void strip_mac_addresses(vpn_packet_t *p)
81 memmove(p->data, p->data + 12, p->len -= 12);
86 reassemble MAC addresses
88 void add_mac_addresses(vpn_packet_t *p)
91 memcpy(p->data + 12, p->data, p->len);
93 p->data[0] = p->data[6] = 0xfe;
94 p->data[1] = p->data[7] = 0xfd;
95 /* Really evil pointer stuff just below! */
96 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
97 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
101 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
106 outpkt.len = inpkt->len;
108 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
109 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
110 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
111 outlen += outpad + 2;
113 Do encryption when everything else is fixed...
115 outlen = outpkt.len + 2;
116 memcpy(&outpkt, inpkt, outlen);
118 if(debug_lvl >= DEBUG_TRAFFIC)
119 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
120 outlen, cl->name, cl->hostname);
122 total_socket_out += outlen;
126 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
128 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
129 cl->name, cl->hostname);
136 int xrecv(vpn_packet_t *inpkt)
141 outpkt.len = inpkt->len;
143 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
144 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
145 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
148 Do decryption is everything else is fixed...
150 outlen = outpkt.len+2;
151 memcpy(&outpkt, inpkt, outlen);
153 /* Fix mac address */
155 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
157 if(taptype == TAP_TYPE_TUNTAP)
159 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
160 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
162 total_tap_out += outpkt.len;
166 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
167 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
169 total_tap_out += outpkt.len + 2;
176 add the given packet of size s to the
177 queue q, be it the send or receive queue
179 void add_queue(packet_queue_t **q, void *packet, size_t s)
183 e = xmalloc(sizeof(*e));
184 e->packet = xmalloc(s);
185 memcpy(e->packet, packet, s);
189 *q = xmalloc(sizeof(**q));
190 (*q)->head = (*q)->tail = NULL;
193 e->next = NULL; /* We insert at the tail */
195 if((*q)->tail) /* Do we have a tail? */
197 (*q)->tail->next = e;
198 e->prev = (*q)->tail;
200 else /* No tail -> no head too */
210 /* Remove a queue element */
211 void del_queue(packet_queue_t **q, queue_element_t *e)
216 if(e->next) /* There is a successor, so we are not tail */
218 if(e->prev) /* There is a predecessor, so we are not head */
220 e->next->prev = e->prev;
221 e->prev->next = e->next;
223 else /* We are head */
225 e->next->prev = NULL;
226 (*q)->head = e->next;
229 else /* We are tail (or all alone!) */
231 if(e->prev) /* We are not alone :) */
233 e->prev->next = NULL;
234 (*q)->tail = e->prev;
248 flush a queue by calling function for
249 each packet, and removing it when that
250 returned a zero exit code
252 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
253 int (*function)(conn_list_t*,void*))
255 queue_element_t *p, *next = NULL;
257 for(p = (*pq)->head; p != NULL; )
261 if(!function(cl, p->packet))
267 if(debug_lvl >= DEBUG_TRAFFIC)
268 syslog(LOG_DEBUG, _("Queue flushed"));
273 flush the send&recv queues
274 void because nothing goes wrong here, packets
275 remain in the queue if something goes wrong
277 void flush_queues(conn_list_t *cl)
282 if(debug_lvl >= DEBUG_TRAFFIC)
283 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
284 cl->name, cl->hostname);
285 flush_queue(cl, &(cl->sq), xsend);
290 if(debug_lvl >= DEBUG_TRAFFIC)
291 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
292 cl->name, cl->hostname);
293 flush_queue(cl, &(cl->rq), xrecv);
299 send a packet to the given vpn ip.
301 int send_packet(ip_t to, vpn_packet_t *packet)
306 if((subnet = lookup_subnet_ipv4(to)) == NULL)
308 if(debug_lvl >= DEBUG_TRAFFIC)
310 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
319 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
321 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
323 if(!cl->status.dataopen)
324 if(setup_vpn_connection(cl) < 0)
326 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
327 cl->name, cl->hostname);
331 if(!cl->status.validkey)
333 /* Don't queue until everything else is fixed.
334 if(debug_lvl >= DEBUG_TRAFFIC)
335 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
336 cl->name, cl->hostname);
337 add_queue(&(cl->sq), packet, packet->len + 2);
339 if(!cl->status.waitingforkey)
340 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
344 if(!cl->status.active)
346 /* Don't queue until everything else is fixed.
347 if(debug_lvl >= DEBUG_TRAFFIC)
348 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
349 cl->name, cl->hostname);
350 add_queue(&(cl->sq), packet, packet->len + 2);
352 return 0; /* We don't want to mess up, do we? */
355 /* can we send it? can we? can we? huh? */
357 return xsend(cl, packet);
361 open the local ethertap device
363 int setup_tap_fd(void)
366 const char *tapfname;
372 if((cfg = get_config_val(config, tapdevice)))
373 tapfname = cfg->data.ptr;
376 tapfname = "/dev/misc/net/tun";
378 tapfname = "/dev/tap0";
381 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
383 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
389 /* Set default MAC address for ethertap devices */
391 taptype = TAP_TYPE_ETHERTAP;
392 mymac.type = SUBNET_MAC;
393 mymac.net.mac.address.x[0] = 0xfe;
394 mymac.net.mac.address.x[1] = 0xfd;
395 mymac.net.mac.address.x[2] = 0x00;
396 mymac.net.mac.address.x[3] = 0x00;
397 mymac.net.mac.address.x[4] = 0x00;
398 mymac.net.mac.address.x[5] = 0x00;
401 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
402 memset(&ifr, 0, sizeof(ifr));
404 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
406 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
408 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
410 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
411 taptype = TAP_TYPE_TUNTAP;
415 /* Add name of network interface to environment (for scripts) */
417 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
418 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
427 set up the socket that we listen on for incoming
430 int setup_listen_meta_socket(int port)
433 struct sockaddr_in a;
437 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
439 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
443 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
445 syslog(LOG_ERR, _("setsockopt: %m"));
449 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
451 syslog(LOG_ERR, _("setsockopt: %m"));
455 flags = fcntl(nfd, F_GETFL);
456 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
458 syslog(LOG_ERR, _("fcntl: %m"));
462 if((cfg = get_config_val(config, interface)))
464 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
466 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
471 memset(&a, 0, sizeof(a));
472 a.sin_family = AF_INET;
473 a.sin_port = htons(port);
475 if((cfg = get_config_val(config, interfaceip)))
476 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
478 a.sin_addr.s_addr = htonl(INADDR_ANY);
480 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
482 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
488 syslog(LOG_ERR, _("listen: %m"));
496 setup the socket for incoming encrypted
499 int setup_vpn_in_socket(int port)
502 struct sockaddr_in a;
505 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
507 syslog(LOG_ERR, _("Creating socket failed: %m"));
511 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
513 syslog(LOG_ERR, _("setsockopt: %m"));
517 flags = fcntl(nfd, F_GETFL);
518 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
520 syslog(LOG_ERR, _("fcntl: %m"));
524 memset(&a, 0, sizeof(a));
525 a.sin_family = AF_INET;
526 a.sin_port = htons(port);
527 a.sin_addr.s_addr = htonl(INADDR_ANY);
529 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
531 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
539 setup an outgoing meta (tcp) socket
541 int setup_outgoing_meta_socket(conn_list_t *cl)
544 struct sockaddr_in a;
547 if(debug_lvl >= DEBUG_CONNECTIONS)
548 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
550 if((cfg = get_config_val(cl->config, port)) == NULL)
553 cl->port = cfg->data.val;
555 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
556 if(cl->meta_socket == -1)
558 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
559 cl->hostname, cl->port);
563 a.sin_family = AF_INET;
564 a.sin_port = htons(cl->port);
565 a.sin_addr.s_addr = htonl(cl->address);
567 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
569 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
573 flags = fcntl(cl->meta_socket, F_GETFL);
574 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
576 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
577 cl->hostname, cl->port);
581 if(debug_lvl >= DEBUG_CONNECTIONS)
582 syslog(LOG_INFO, _("Connected to %s port %hd"),
583 cl->hostname, cl->port);
591 setup an outgoing connection. It's not
592 necessary to also open an udp socket as
593 well, because the other host will initiate
594 an authentication sequence during which
595 we will do just that.
597 int setup_outgoing_connection(char *name)
605 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
609 ncn = new_conn_list();
610 asprintf(&ncn->name, "%s", name);
612 if(read_host_config(ncn))
614 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
619 if(!(cfg = get_config_val(ncn->config, address)))
621 syslog(LOG_ERR, _("No address specified for %s"));
626 if(!(h = gethostbyname(cfg->data.ptr)))
628 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
633 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
634 ncn->hostname = hostlookup(htonl(ncn->address));
636 if(setup_outgoing_meta_socket(ncn) < 0)
638 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
644 ncn->status.outgoing = 1;
645 ncn->buffer = xmalloc(MAXBUFSIZE);
647 ncn->last_ping_time = time(NULL);
658 Configure conn_list_t myself and set up the local sockets (listen only)
660 int setup_myself(void)
665 myself = new_conn_list();
667 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
669 myself->protocol_version = PROT_CURRENT;
671 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
673 syslog(LOG_ERR, _("Name for tinc daemon required!"));
677 asprintf(&myself->name, "%s", (char*)cfg->data.val);
679 if(check_id(myself->name))
681 syslog(LOG_ERR, _("Invalid name for myself!"));
685 if(!(cfg = get_config_val(config, privatekey)))
687 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
692 myself->rsa_key = RSA_new();
693 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
694 BN_hex2bn(&myself->rsa_key->e, "FFFF");
697 if(read_host_config(myself))
699 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
703 if(!(cfg = get_config_val(myself->config, publickey)))
705 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
710 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
713 if(RSA_check_key(myself->rsa_key) != 1)
715 syslog(LOG_ERR, _("Invalid public/private keypair!"));
719 if(!(cfg = get_config_val(myself->config, port)))
722 myself->port = cfg->data.val;
724 if((cfg = get_config_val(myself->config, indirectdata)))
725 if(cfg->data.val == stupid_true)
726 myself->flags |= EXPORTINDIRECTDATA;
728 if((cfg = get_config_val(myself->config, tcponly)))
729 if(cfg->data.val == stupid_true)
730 myself->flags |= TCPONLY;
732 /* Read in all the subnets specified in the host configuration file */
734 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
737 net->type = SUBNET_IPV4;
738 net->net.ipv4.address = cfg->data.ip->address;
739 net->net.ipv4.mask = cfg->data.ip->mask;
741 subnet_add(myself, net);
744 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
746 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
750 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
752 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
753 close(myself->meta_socket);
757 myself->status.active = 1;
759 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
765 sigalrm_handler(int a)
769 cfg = get_config_val(upstreamcfg, connectto);
771 if(!cfg && upstreamcfg == config)
772 /* No upstream IP given, we're listen only. */
777 upstreamcfg = cfg->next;
778 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
780 signal(SIGALRM, SIG_IGN);
783 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
786 signal(SIGALRM, sigalrm_handler);
787 upstreamcfg = config;
788 seconds_till_retry += 5;
789 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
790 seconds_till_retry = MAXTIMEOUT;
791 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
793 alarm(seconds_till_retry);
798 setup all initial network connections
800 int setup_network_connections(void)
805 if((cfg = get_config_val(config, pingtimeout)) == NULL)
808 timeout = cfg->data.val;
810 if(setup_tap_fd() < 0)
813 if(setup_myself() < 0)
816 /* Run tinc-up script to further initialize the tap interface */
818 asprintf(&scriptname, "%s/tinc-up", confbase);
823 execl(scriptname, NULL);
826 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
833 if(!(cfg = get_config_val(config, connectto)))
834 /* No upstream IP given, we're listen only. */
839 upstreamcfg = cfg->next;
840 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
842 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
845 signal(SIGALRM, sigalrm_handler);
846 upstreamcfg = config;
847 seconds_till_retry = MAXTIMEOUT;
848 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
849 alarm(seconds_till_retry);
855 close all open network connections
857 void close_network_connections(void)
862 for(p = conn_list; p != NULL; p = p->next)
864 if(p->status.dataopen)
866 shutdown(p->socket, 0); /* No more receptions */
871 shutdown(p->meta_socket, 0); /* No more receptions */
872 close(p->meta_socket);
877 if(myself->status.active)
879 close(myself->meta_socket);
880 close(myself->socket);
883 /* Execute tinc-down script right before shutting down the interface */
885 asprintf(&scriptname, "%s/tinc-down", confbase);
889 execl(scriptname, NULL);
892 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
902 syslog(LOG_NOTICE, _("Terminating"));
908 create a data (udp) socket
910 int setup_vpn_connection(conn_list_t *cl)
913 struct sockaddr_in a;
915 if(debug_lvl >= DEBUG_TRAFFIC)
916 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
918 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
921 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
925 a.sin_family = AF_INET;
926 a.sin_port = htons(cl->port);
927 a.sin_addr.s_addr = htonl(cl->address);
929 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
931 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
932 cl->hostname, cl->port);
936 flags = fcntl(nfd, F_GETFL);
937 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
939 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
940 cl->name, cl->hostname);
945 cl->status.dataopen = 1;
951 handle an incoming tcp connect call and open
954 conn_list_t *create_new_connection(int sfd)
957 struct sockaddr_in ci;
958 int len = sizeof(ci);
962 if(getpeername(sfd, &ci, &len) < 0)
964 syslog(LOG_ERR, _("Error: getpeername: %m"));
969 p->address = ntohl(ci.sin_addr.s_addr);
970 p->hostname = hostlookup(ci.sin_addr.s_addr);
971 p->meta_socket = sfd;
973 p->buffer = xmalloc(MAXBUFSIZE);
975 p->last_ping_time = time(NULL);
978 if(debug_lvl >= DEBUG_CONNECTIONS)
979 syslog(LOG_NOTICE, _("Connection from %s port %d"),
980 p->hostname, htons(ci.sin_port));
982 p->allow_request = ID;
988 put all file descriptors in an fd_set array
990 void build_fdset(fd_set *fs)
996 for(p = conn_list; p != NULL; p = p->next)
999 FD_SET(p->meta_socket, fs);
1000 if(p->status.dataopen)
1001 FD_SET(p->socket, fs);
1004 FD_SET(myself->meta_socket, fs);
1005 FD_SET(myself->socket, fs);
1011 receive incoming data from the listening
1012 udp socket and write it to the ethertap
1013 device after being decrypted
1015 int handle_incoming_vpn_data()
1018 int x, l = sizeof(x);
1019 struct sockaddr from;
1020 socklen_t fromlen = sizeof(from);
1022 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1024 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1025 __FILE__, __LINE__, myself->socket);
1030 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1034 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1036 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1040 if(debug_lvl >= DEBUG_TRAFFIC)
1042 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1043 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1051 terminate a connection and notify the other
1052 end before closing the sockets
1054 void terminate_connection(conn_list_t *cl)
1059 if(cl->status.remove)
1064 cl->status.remove = 1;
1066 if(debug_lvl >= DEBUG_CONNECTIONS)
1067 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1068 cl->name, cl->hostname);
1073 close(cl->meta_socket);
1076 /* Find all connections that were lost because they were behind cl
1077 (the connection that was dropped). */
1080 for(p = conn_list; p != NULL; p = p->next)
1081 if((p->nexthop == cl) && (p != cl))
1082 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1084 /* Inform others of termination if it was still active */
1086 if(cl->status.active)
1087 for(p = conn_list; p != NULL; p = p->next)
1088 if(p->status.meta && p->status.active && p!=cl)
1089 send_del_host(p, cl);
1091 /* Remove the associated subnets */
1093 for(s = cl->subnets; s; s = s->next)
1098 cl->status.active = 0;
1100 /* Check if this was our outgoing connection */
1102 if(cl->status.outgoing)
1104 signal(SIGALRM, sigalrm_handler);
1105 seconds_till_retry = 5;
1106 alarm(seconds_till_retry);
1107 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1113 Check if the other end is active.
1114 If we have sent packets, but didn't receive any,
1115 then possibly the other end is dead. We send a
1116 PING request over the meta connection. If the other
1117 end does not reply in time, we consider them dead
1118 and close the connection.
1120 int check_dead_connections(void)
1126 for(p = conn_list; p != NULL; p = p->next)
1128 if(p->status.active && p->status.meta)
1130 if(p->last_ping_time + timeout < now)
1132 if(p->status.pinged && !p->status.got_pong)
1134 if(debug_lvl >= DEBUG_PROTOCOL)
1135 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1136 p->name, p->hostname);
1137 p->status.timeout = 1;
1138 terminate_connection(p);
1140 else if(p->want_ping)
1143 p->last_ping_time = now;
1144 p->status.pinged = 1;
1145 p->status.got_pong = 0;
1155 accept a new tcp connect and create a
1158 int handle_new_meta_connection()
1161 struct sockaddr client;
1162 int nfd, len = sizeof(client);
1164 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1166 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1170 if(!(ncn = create_new_connection(nfd)))
1174 syslog(LOG_NOTICE, _("Closed attempted connection"));
1184 check all connections to see if anything
1185 happened on their sockets
1187 void check_network_activity(fd_set *f)
1190 int x, l = sizeof(x);
1192 for(p = conn_list; p != NULL; p = p->next)
1194 if(p->status.remove)
1197 if(p->status.dataopen)
1198 if(FD_ISSET(p->socket, f))
1201 The only thing that can happen to get us here is apparently an
1202 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1203 something that will not trigger an error directly on send()).
1204 I've once got here when it said `No route to host'.
1206 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1207 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1208 p->name, p->hostname, strerror(x));
1209 terminate_connection(p);
1214 if(FD_ISSET(p->meta_socket, f))
1215 if(receive_meta(p) < 0)
1217 terminate_connection(p);
1222 if(FD_ISSET(myself->socket, f))
1223 handle_incoming_vpn_data();
1225 if(FD_ISSET(myself->meta_socket, f))
1226 handle_new_meta_connection();
1231 read, encrypt and send data that is
1232 available through the ethertap device
1234 void handle_tap_input(void)
1239 if(taptype == TAP_TYPE_TUNTAP)
1241 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1243 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1250 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1252 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1258 total_tap_in += lenin;
1262 if(debug_lvl >= DEBUG_TRAFFIC)
1263 syslog(LOG_WARNING, _("Received short packet from tap device"));
1267 if(debug_lvl >= DEBUG_TRAFFIC)
1269 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1272 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1277 this is where it all happens...
1279 void main_loop(void)
1284 time_t last_ping_check;
1286 last_ping_check = time(NULL);
1290 tv.tv_sec = timeout;
1296 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1298 if(errno != EINTR) /* because of alarm */
1300 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1308 /* FIXME: reprogram this.
1310 syslog(LOG_INFO, _("Rereading configuration file"));
1311 close_network_connections();
1313 if(read_config_file(&config, configfilename))
1315 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1319 setup_network_connections();
1324 if(last_ping_check + timeout < time(NULL))
1325 /* Let's check if everybody is still alive */
1327 check_dead_connections();
1328 last_ping_check = time(NULL);
1333 check_network_activity(&fset);
1335 /* local tap data */
1336 if(FD_ISSET(tap_fd, &fset))