2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.76 2000/11/16 22:11:40 zarq Exp $
28 #include <netinet/in.h>
32 #include <sys/signal.h>
34 #include <sys/types.h>
37 #include <sys/ioctl.h>
38 /* SunOS really wants sys/socket.h BEFORE net/if.h,
39 and FreeBSD wants these lines below the rest. */
40 #include <arpa/inet.h>
41 #include <sys/socket.h>
44 #ifdef HAVE_OPENSSL_RAND_H
45 # include <openssl/rand.h>
50 #ifdef HAVE_OPENSSL_EVP_H
51 # include <openssl/evp.h>
56 #ifdef HAVE_OPENSSL_ERR_H
57 # include <openssl/err.h>
63 #include LINUX_IF_TUN_H
82 int taptype = TAP_TYPE_ETHERTAP;
84 int total_tap_out = 0;
85 int total_socket_in = 0;
86 int total_socket_out = 0;
88 config_t *upstreamcfg;
89 static int seconds_till_retry;
98 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
104 outpkt.len = inpkt->len;
106 /* Encrypt the packet */
108 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
109 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
110 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
111 outlen += outpad + 2;
114 outlen = outpkt.len + 2;
115 memcpy(&outpkt, inpkt, outlen);
118 if(debug_lvl >= DEBUG_TRAFFIC)
119 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
120 outlen, cl->name, cl->hostname);
122 total_socket_out += outlen;
124 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
126 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
127 cl->name, cl->hostname);
134 int xrecv(conn_list_t *cl, vpn_packet_t *inpkt)
140 outpkt.len = inpkt->len;
142 /* Decrypt the packet */
144 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
145 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
146 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
150 outlen = outpkt.len+2;
151 memcpy(&outpkt, inpkt, outlen);
154 if(debug_lvl >= DEBUG_TRAFFIC)
155 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
158 /* Fix mac address */
160 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
162 if(taptype == TAP_TYPE_TUNTAP)
164 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
165 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
167 total_tap_out += outpkt.len;
171 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
172 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
174 total_tap_out += outpkt.len + 2;
181 add the given packet of size s to the
182 queue q, be it the send or receive queue
184 void add_queue(packet_queue_t **q, void *packet, size_t s)
188 e = xmalloc(sizeof(*e));
189 e->packet = xmalloc(s);
190 memcpy(e->packet, packet, s);
194 *q = xmalloc(sizeof(**q));
195 (*q)->head = (*q)->tail = NULL;
198 e->next = NULL; /* We insert at the tail */
200 if((*q)->tail) /* Do we have a tail? */
202 (*q)->tail->next = e;
203 e->prev = (*q)->tail;
205 else /* No tail -> no head too */
215 /* Remove a queue element */
216 void del_queue(packet_queue_t **q, queue_element_t *e)
221 if(e->next) /* There is a successor, so we are not tail */
223 if(e->prev) /* There is a predecessor, so we are not head */
225 e->next->prev = e->prev;
226 e->prev->next = e->next;
228 else /* We are head */
230 e->next->prev = NULL;
231 (*q)->head = e->next;
234 else /* We are tail (or all alone!) */
236 if(e->prev) /* We are not alone :) */
238 e->prev->next = NULL;
239 (*q)->tail = e->prev;
253 flush a queue by calling function for
254 each packet, and removing it when that
255 returned a zero exit code
257 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
258 int (*function)(conn_list_t*,vpn_packet_t*))
260 queue_element_t *p, *next = NULL;
262 for(p = (*pq)->head; p != NULL; )
266 if(!function(cl, p->packet))
272 if(debug_lvl >= DEBUG_TRAFFIC)
273 syslog(LOG_DEBUG, _("Queue flushed"));
278 flush the send&recv queues
279 void because nothing goes wrong here, packets
280 remain in the queue if something goes wrong
282 void flush_queues(conn_list_t *cl)
287 if(debug_lvl >= DEBUG_TRAFFIC)
288 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
289 cl->name, cl->hostname);
290 flush_queue(cl, &(cl->sq), xsend);
295 if(debug_lvl >= DEBUG_TRAFFIC)
296 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
297 cl->name, cl->hostname);
298 flush_queue(cl, &(cl->rq), xrecv);
304 send a packet to the given vpn ip.
306 int send_packet(ip_t to, vpn_packet_t *packet)
311 if((subnet = lookup_subnet_ipv4(to)) == NULL)
313 if(debug_lvl >= DEBUG_TRAFFIC)
315 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
326 if(debug_lvl >= DEBUG_TRAFFIC)
328 syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"),
335 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
337 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
339 /* Connections are now opened beforehand...
341 if(!cl->status.dataopen)
342 if(setup_vpn_connection(cl) < 0)
344 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
345 cl->name, cl->hostname);
350 if(!cl->status.validkey)
352 /* FIXME: Don't queue until everything else is fixed.
353 if(debug_lvl >= DEBUG_TRAFFIC)
354 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
355 cl->name, cl->hostname);
356 add_queue(&(cl->sq), packet, packet->len + 2);
358 if(!cl->status.waitingforkey)
359 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
363 if(!cl->status.active)
365 /* FIXME: Don't queue until everything else is fixed.
366 if(debug_lvl >= DEBUG_TRAFFIC)
367 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
368 cl->name, cl->hostname);
369 add_queue(&(cl->sq), packet, packet->len + 2);
371 return 0; /* We don't want to mess up, do we? */
374 /* can we send it? can we? can we? huh? */
376 return xsend(cl, packet);
380 open the local ethertap device
382 int setup_tap_fd(void)
385 const char *tapfname;
389 if((cfg = get_config_val(config, config_tapdevice)))
390 tapfname = cfg->data.ptr;
393 tapfname = "/dev/misc/net/tun";
395 tapfname = "/dev/tap0";
398 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
400 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
406 /* Set default MAC address for ethertap devices */
408 taptype = TAP_TYPE_ETHERTAP;
409 mymac.type = SUBNET_MAC;
410 mymac.net.mac.address.x[0] = 0xfe;
411 mymac.net.mac.address.x[1] = 0xfd;
412 mymac.net.mac.address.x[2] = 0x00;
413 mymac.net.mac.address.x[3] = 0x00;
414 mymac.net.mac.address.x[4] = 0x00;
415 mymac.net.mac.address.x[5] = 0x00;
418 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
419 memset(&ifr, 0, sizeof(ifr));
421 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
423 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
425 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
427 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
428 taptype = TAP_TYPE_TUNTAP;
436 set up the socket that we listen on for incoming
439 int setup_listen_meta_socket(int port)
442 struct sockaddr_in a;
446 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
448 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
452 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
455 syslog(LOG_ERR, _("System call `%s' failed: %m"),
460 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
463 syslog(LOG_ERR, _("System call `%s' failed: %m"),
468 flags = fcntl(nfd, F_GETFL);
469 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
472 syslog(LOG_ERR, _("System call `%s' failed: %m"),
477 if((cfg = get_config_val(config, config_interface)))
479 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
482 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
487 memset(&a, 0, sizeof(a));
488 a.sin_family = AF_INET;
489 a.sin_port = htons(port);
491 if((cfg = get_config_val(config, config_interfaceip)))
492 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
494 a.sin_addr.s_addr = htonl(INADDR_ANY);
496 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
499 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
506 syslog(LOG_ERR, _("System call `%s' failed: %m"),
515 setup the socket for incoming encrypted
518 int setup_vpn_in_socket(int port)
521 struct sockaddr_in a;
524 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
527 syslog(LOG_ERR, _("Creating socket failed: %m"));
531 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
534 syslog(LOG_ERR, _("System call `%s' failed: %m"),
539 flags = fcntl(nfd, F_GETFL);
540 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
543 syslog(LOG_ERR, _("System call `%s' failed: %m"),
548 memset(&a, 0, sizeof(a));
549 a.sin_family = AF_INET;
550 a.sin_port = htons(port);
551 a.sin_addr.s_addr = htonl(INADDR_ANY);
553 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
556 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
564 setup an outgoing meta (tcp) socket
566 int setup_outgoing_meta_socket(conn_list_t *cl)
569 struct sockaddr_in a;
572 if(debug_lvl >= DEBUG_CONNECTIONS)
573 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
575 if((cfg = get_config_val(cl->config, config_port)) == NULL)
578 cl->port = cfg->data.val;
580 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
581 if(cl->meta_socket == -1)
583 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
584 cl->hostname, cl->port);
588 a.sin_family = AF_INET;
589 a.sin_port = htons(cl->port);
590 a.sin_addr.s_addr = htonl(cl->address);
592 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
594 close(cl->meta_socket);
595 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
599 flags = fcntl(cl->meta_socket, F_GETFL);
600 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
602 close(cl->meta_socket);
603 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
604 cl->hostname, cl->port);
608 if(debug_lvl >= DEBUG_CONNECTIONS)
609 syslog(LOG_INFO, _("Connected to %s port %hd"),
610 cl->hostname, cl->port);
618 setup an outgoing connection. It's not
619 necessary to also open an udp socket as
620 well, because the other host will initiate
621 an authentication sequence during which
622 we will do just that.
624 int setup_outgoing_connection(char *name)
632 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
636 ncn = new_conn_list();
637 asprintf(&ncn->name, "%s", name);
639 if(read_host_config(ncn))
641 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
646 if(!(cfg = get_config_val(ncn->config, config_address)))
648 syslog(LOG_ERR, _("No address specified for %s"));
653 if(!(h = gethostbyname(cfg->data.ptr)))
655 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
660 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
661 ncn->hostname = hostlookup(htonl(ncn->address));
663 if(setup_outgoing_meta_socket(ncn) < 0)
665 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
671 ncn->status.outgoing = 1;
672 ncn->buffer = xmalloc(MAXBUFSIZE);
674 ncn->last_ping_time = time(NULL);
684 Configure conn_list_t myself and set up the local sockets (listen only)
686 int setup_myself(void)
692 myself = new_conn_list();
694 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
696 myself->protocol_version = PROT_CURRENT;
698 if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */
700 syslog(LOG_ERR, _("Name for tinc daemon required!"));
704 asprintf(&myself->name, "%s", (char*)cfg->data.val);
706 if(check_id(myself->name))
708 syslog(LOG_ERR, _("Invalid name for myself!"));
712 if(!(cfg = get_config_val(config, config_privatekey)))
714 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
719 myself->rsa_key = RSA_new();
720 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
721 BN_hex2bn(&myself->rsa_key->e, "FFFF");
724 if(read_host_config(myself))
726 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
730 if(!(cfg = get_config_val(myself->config, config_publickey)))
732 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
737 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
740 if(RSA_check_key(myself->rsa_key) != 1)
742 syslog(LOG_ERR, _("Invalid public/private keypair!"));
746 if(!(cfg = get_config_val(myself->config, config_port)))
749 myself->port = cfg->data.val;
751 if((cfg = get_config_val(myself->config, config_indirectdata)))
752 if(cfg->data.val == stupid_true)
753 myself->flags |= EXPORTINDIRECTDATA;
755 if((cfg = get_config_val(myself->config, config_tcponly)))
756 if(cfg->data.val == stupid_true)
757 myself->flags |= TCPONLY;
759 /* Read in all the subnets specified in the host configuration file */
761 for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next)
764 net->type = SUBNET_IPV4;
765 net->net.ipv4.address = cfg->data.ip->address;
766 net->net.ipv4.mask = cfg->data.ip->mask;
768 /* Teach newbies what subnets are... */
770 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
772 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
776 subnet_add(myself, net);
779 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
781 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
785 /* Generate packet encryption key */
787 myself->cipher_pkttype = EVP_bf_cfb();
789 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
791 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
792 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
794 if(!(cfg = get_config_val(config, config_keyexpire)))
797 keylifetime = cfg->data.val;
799 keyexpires = time(NULL) + keylifetime;
801 /* Activate ourselves */
803 myself->status.active = 1;
805 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
807 child_pids = list_new();
813 sigalrm_handler(int a)
817 cfg = get_config_val(upstreamcfg, config_connectto);
819 if(!cfg && upstreamcfg == config)
820 /* No upstream IP given, we're listen only. */
825 upstreamcfg = cfg->next;
826 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
828 signal(SIGALRM, SIG_IGN);
831 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
834 signal(SIGALRM, sigalrm_handler);
835 upstreamcfg = config;
836 seconds_till_retry += 5;
837 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
838 seconds_till_retry = MAXTIMEOUT;
839 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
841 alarm(seconds_till_retry);
846 setup all initial network connections
848 int setup_network_connections(void)
852 if((cfg = get_config_val(config, config_pingtimeout)) == NULL)
856 timeout = cfg->data.val;
863 if(setup_tap_fd() < 0)
866 if(setup_myself() < 0)
869 /* Run tinc-up script to further initialize the tap interface */
870 execute_script("tinc-up");
872 if(!(cfg = get_config_val(config, config_connectto)))
873 /* No upstream IP given, we're listen only. */
878 upstreamcfg = cfg->next;
879 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
881 cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */
884 signal(SIGALRM, sigalrm_handler);
885 upstreamcfg = config;
886 seconds_till_retry = MAXTIMEOUT;
887 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
888 alarm(seconds_till_retry);
894 close all open network connections
896 void close_network_connections(void)
900 for(p = conn_list; p != NULL; p = p->next)
902 p->status.active = 0;
903 terminate_connection(p);
907 if(myself->status.active)
909 close(myself->meta_socket);
910 free_conn_list(myself);
916 /* Execute tinc-down script right after shutting down the interface */
917 execute_script("tinc-down");
921 syslog(LOG_NOTICE, _("Terminating"));
927 create a data (udp) socket
929 int setup_vpn_connection(conn_list_t *cl)
932 struct sockaddr_in a;
935 if(debug_lvl >= DEBUG_TRAFFIC)
936 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
938 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
941 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
945 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
948 syslog(LOG_ERR, _("System call `%s' failed: %m"),
953 flags = fcntl(nfd, F_GETFL);
954 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
957 syslog(LOG_ERR, _("System call `%s' failed: %m"),
962 memset(&a, 0, sizeof(a));
963 a.sin_family = AF_INET;
964 a.sin_port = htons(myself->port);
965 a.sin_addr.s_addr = htonl(INADDR_ANY);
967 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
970 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port);
974 a.sin_family = AF_INET;
975 a.sin_port = htons(cl->port);
976 a.sin_addr.s_addr = htonl(cl->address);
978 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
981 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
982 cl->hostname, cl->port);
986 flags = fcntl(nfd, F_GETFL);
987 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
990 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
991 cl->name, cl->hostname);
996 cl->status.dataopen = 1;
1002 handle an incoming tcp connect call and open
1005 conn_list_t *create_new_connection(int sfd)
1008 struct sockaddr_in ci;
1009 int len = sizeof(ci);
1011 p = new_conn_list();
1013 if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0)
1015 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1021 p->address = ntohl(ci.sin_addr.s_addr);
1022 p->hostname = hostlookup(ci.sin_addr.s_addr);
1023 p->meta_socket = sfd;
1025 p->buffer = xmalloc(MAXBUFSIZE);
1027 p->last_ping_time = time(NULL);
1029 if(debug_lvl >= DEBUG_CONNECTIONS)
1030 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1031 p->hostname, htons(ci.sin_port));
1033 p->allow_request = ID;
1039 put all file descriptors in an fd_set array
1041 void build_fdset(fd_set *fs)
1047 for(p = conn_list; p != NULL; p = p->next)
1050 FD_SET(p->meta_socket, fs);
1051 if(p->status.dataopen)
1052 FD_SET(p->socket, fs);
1055 FD_SET(myself->meta_socket, fs);
1061 receive incoming data from the listening
1062 udp socket and write it to the ethertap
1063 device after being decrypted
1065 int handle_incoming_vpn_data(conn_list_t *cl)
1068 int x, l = sizeof(x);
1071 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1073 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1074 __FILE__, __LINE__, cl->socket);
1079 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1083 if((lenin = recv(cl->socket, (char *) &(pkt.len), MTU, 0)) <= 0)
1085 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1089 if(debug_lvl >= DEBUG_TRAFFIC)
1091 syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin,
1092 cl->name, cl->hostname);
1096 return xrecv(cl, &pkt);
1100 terminate a connection and notify the other
1101 end before closing the sockets
1103 void terminate_connection(conn_list_t *cl)
1108 if(cl->status.remove)
1111 cl->status.remove = 1;
1113 if(debug_lvl >= DEBUG_CONNECTIONS)
1114 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1115 cl->name, cl->hostname);
1120 close(cl->meta_socket);
1123 /* Find all connections that were lost because they were behind cl
1124 (the connection that was dropped). */
1127 for(p = conn_list; p != NULL; p = p->next)
1128 if((p->nexthop == cl) && (p != cl))
1129 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1131 /* Inform others of termination if it was still active */
1133 if(cl->status.active)
1134 for(p = conn_list; p != NULL; p = p->next)
1135 if(p->status.meta && p->status.active && p!=cl)
1136 send_del_host(p, cl);
1138 /* Remove the associated subnets */
1140 for(s = cl->subnets; s; s = s->next)
1143 /* Check if this was our outgoing connection */
1145 if(cl->status.outgoing && cl->status.active)
1147 signal(SIGALRM, sigalrm_handler);
1148 seconds_till_retry = 5;
1149 alarm(seconds_till_retry);
1150 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1155 cl->status.active = 0;
1160 Check if the other end is active.
1161 If we have sent packets, but didn't receive any,
1162 then possibly the other end is dead. We send a
1163 PING request over the meta connection. If the other
1164 end does not reply in time, we consider them dead
1165 and close the connection.
1167 int check_dead_connections(void)
1173 for(p = conn_list; p != NULL; p = p->next)
1175 if(p->status.active && p->status.meta)
1177 if(p->last_ping_time + timeout < now)
1179 if(p->status.pinged)
1181 if(debug_lvl >= DEBUG_PROTOCOL)
1182 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1183 p->name, p->hostname);
1184 p->status.timeout = 1;
1185 terminate_connection(p);
1199 accept a new tcp connect and create a
1202 int handle_new_meta_connection()
1205 struct sockaddr client;
1206 int nfd, len = sizeof(client);
1208 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1210 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1214 if(!(ncn = create_new_connection(nfd)))
1218 syslog(LOG_NOTICE, _("Closed attempted connection"));
1228 check all connections to see if anything
1229 happened on their sockets
1231 void check_network_activity(fd_set *f)
1235 for(p = conn_list; p != NULL; p = p->next)
1237 if(p->status.remove)
1240 if(p->status.dataopen)
1241 if(FD_ISSET(p->socket, f))
1243 handle_incoming_vpn_data(p);
1245 /* Old error stuff (FIXME: copy this to handle_incoming_vpn_data()
1247 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1248 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1249 p->name, p->hostname, strerror(x));
1250 terminate_connection(p);
1256 if(FD_ISSET(p->meta_socket, f))
1257 if(receive_meta(p) < 0)
1259 terminate_connection(p);
1264 if(FD_ISSET(myself->meta_socket, f))
1265 handle_new_meta_connection();
1270 read, encrypt and send data that is
1271 available through the ethertap device
1273 void handle_tap_input(void)
1278 if(taptype == TAP_TYPE_TUNTAP)
1280 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1282 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1289 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1291 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1297 total_tap_in += lenin;
1301 if(debug_lvl >= DEBUG_TRAFFIC)
1302 syslog(LOG_WARNING, _("Received short packet from tap device"));
1306 if(debug_lvl >= DEBUG_TRAFFIC)
1308 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1311 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1316 this is where it all happens...
1318 void main_loop(void)
1323 time_t last_ping_check;
1326 last_ping_check = time(NULL);
1330 tv.tv_sec = timeout;
1336 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1338 if(errno != EINTR) /* because of alarm */
1340 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1347 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1349 close_network_connections();
1350 clear_config(&config);
1352 if(read_server_config())
1354 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1360 if(setup_network_connections())
1368 /* Let's check if everybody is still alive */
1370 if(last_ping_check + timeout < t)
1372 check_dead_connections();
1373 last_ping_check = time(NULL);
1375 /* Should we regenerate our key? */
1379 if(debug_lvl >= DEBUG_STATUS)
1380 syslog(LOG_INFO, _("Regenerating symmetric key"));
1382 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1383 send_key_changed(myself, NULL);
1384 keyexpires = time(NULL) + keylifetime;
1390 check_network_activity(&fset);
1392 /* local tap data */
1393 if(FD_ISSET(tap_fd, &fset))