2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.21 2000/08/07 14:52:15 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int xsend(conn_list_t *cl, void *packet)
101 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
102 rp.from = htonl(myself->vpn_ip);
103 rp.data.len = htons(rp.data.len);
104 rp.len = htons(rp.len);
107 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
108 ntohs(rp.len), cl->vpn_hostname, cl->real_hostname);
110 total_socket_out += r;
114 if((cl->flags | myself->flags) & TCPONLY)
115 return send_tcppacket(cl, packet, ntohs(rp.len));
117 if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
119 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
120 cl->vpn_hostname, cl->real_hostname);
127 int xrecv(conn_list_t *cl, void *packet)
132 do_decrypt((real_packet_t*)packet, &vp, cl->key);
133 add_mac_addresses(&vp);
136 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
137 ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname);
139 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
140 syslog(LOG_ERR, _("Can't write to tap device: %m"));
142 total_tap_out += lenin;
145 cl->last_ping_time = time(NULL);
151 add the given packet of size s to the
152 queue q, be it the send or receive queue
154 void add_queue(packet_queue_t **q, void *packet, size_t s)
158 e = xmalloc(sizeof(*e));
159 e->packet = xmalloc(s);
160 memcpy(e->packet, packet, s);
164 *q = xmalloc(sizeof(**q));
165 (*q)->head = (*q)->tail = NULL;
168 e->next = NULL; /* We insert at the tail */
170 if((*q)->tail) /* Do we have a tail? */
172 (*q)->tail->next = e;
173 e->prev = (*q)->tail;
175 else /* No tail -> no head too */
185 /* Remove a queue element */
186 void del_queue(packet_queue_t **q, queue_element_t *e)
191 if(e->next) /* There is a successor, so we are not tail */
193 if(e->prev) /* There is a predecessor, so we are not head */
195 e->next->prev = e->prev;
196 e->prev->next = e->next;
198 else /* We are head */
200 e->next->prev = NULL;
201 (*q)->head = e->next;
204 else /* We are tail (or all alone!) */
206 if(e->prev) /* We are not alone :) */
208 e->prev->next = NULL;
209 (*q)->tail = e->prev;
223 flush a queue by calling function for
224 each packet, and removing it when that
225 returned a zero exit code
227 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
228 int (*function)(conn_list_t*,void*))
230 queue_element_t *p, *next = NULL;
232 for(p = (*pq)->head; p != NULL; )
236 if(!function(cl, p->packet))
243 syslog(LOG_DEBUG, _("Queue flushed"));
248 flush the send&recv queues
249 void because nothing goes wrong here, packets
250 remain in the queue if something goes wrong
252 void flush_queues(conn_list_t *cl)
258 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
259 cl->vpn_hostname, cl->real_hostname);
260 flush_queue(cl, &(cl->sq), xsend);
266 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
267 cl->vpn_hostname, cl->real_hostname);
268 flush_queue(cl, &(cl->rq), xrecv);
274 send a packet to the given vpn ip.
276 int send_packet(ip_t to, vpn_packet_t *packet)
280 if((cl = lookup_conn(to)) == NULL)
284 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
288 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
292 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
294 { /* No open outgoing connection has been found. */
296 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
301 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
303 if(myself->flags & EXPORTINDIRECTDATA)
305 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
307 { /* No open outgoing connection has been found. */
309 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
315 /* If indirectdata flag is set for the destination we just looked up,
316 * then real_ip is actually the vpn_ip of the gateway tincd
320 if(cl->flags & INDIRECTDATA)
323 syslog(LOG_NOTICE, _("Indirect packet to %s via %s"),
324 cl->vpn_hostname, cl->real_hostname);
325 if((cl = lookup_conn(cl->real_ip)) == NULL)
328 syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"),
331 /* Gateway tincd dead? Should we kill it? (GS) */
335 if(cl->flags & INDIRECTDATA) /* This should not happen */
338 syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"),
344 if(my_key_expiry <= time(NULL))
347 if(!cl->status.dataopen)
348 if(setup_vpn_connection(cl) < 0)
350 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->vpn_hostname, cl->real_hostname);
354 if(!cl->status.validkey)
357 syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->vpn_hostname, cl->real_hostname);
358 add_queue(&(cl->sq), packet, packet->len + 2);
359 if(!cl->status.waitingforkey)
360 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
364 if(!cl->status.active)
367 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->vpn_hostname, cl->real_hostname);
368 add_queue(&(cl->sq), packet, packet->len + 2);
369 return 0; /* We don't want to mess up, do we? */
372 /* can we send it? can we? can we? huh? */
374 return xsend(cl, packet);
378 open the local ethertap device
380 int setup_tap_fd(void)
383 const char *tapfname;
386 if((cfg = get_config_val(tapdevice)) == NULL)
387 tapfname = "/dev/tap0";
389 tapfname = cfg->data.ptr;
391 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
393 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
403 set up the socket that we listen on for incoming
406 int setup_listen_meta_socket(int port)
409 struct sockaddr_in a;
412 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
414 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
418 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
420 syslog(LOG_ERR, _("setsockopt: %m"));
424 flags = fcntl(nfd, F_GETFL);
425 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
427 syslog(LOG_ERR, _("fcntl: %m"));
431 memset(&a, 0, sizeof(a));
432 a.sin_family = AF_INET;
433 a.sin_port = htons(port);
434 a.sin_addr.s_addr = htonl(INADDR_ANY);
436 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
438 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
444 syslog(LOG_ERR, _("listen: %m"));
452 setup the socket for incoming encrypted
455 int setup_vpn_in_socket(int port)
458 struct sockaddr_in a;
461 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
463 syslog(LOG_ERR, _("Creating socket failed: %m"));
467 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
469 syslog(LOG_ERR, _("setsockopt: %m"));
473 flags = fcntl(nfd, F_GETFL);
474 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
476 syslog(LOG_ERR, _("fcntl: %m"));
480 memset(&a, 0, sizeof(a));
481 a.sin_family = AF_INET;
482 a.sin_port = htons(port);
483 a.sin_addr.s_addr = htonl(INADDR_ANY);
485 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
487 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
495 setup an outgoing meta (tcp) socket
497 int setup_outgoing_meta_socket(conn_list_t *cl)
500 struct sockaddr_in a;
504 syslog(LOG_INFO, _("Trying to connect to %s"), cl->real_hostname);
506 if((cfg = get_config_val(upstreamport)) == NULL)
509 cl->port = cfg->data.val;
511 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
512 if(cl->meta_socket == -1)
514 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
515 cl->real_hostname, cl->port);
519 a.sin_family = AF_INET;
520 a.sin_port = htons(cl->port);
521 a.sin_addr.s_addr = htonl(cl->real_ip);
523 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
525 syslog(LOG_ERR, _("%s port %hd: %m"), cl->real_hostname, cl->port);
529 flags = fcntl(cl->meta_socket, F_GETFL);
530 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
532 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
533 cl->real_hostname, cl->port);
538 syslog(LOG_INFO, _("Connected to %s port %hd"),
539 cl->real_hostname, cl->port);
545 setup an outgoing connection. It's not
546 necessary to also open an udp socket as
547 well, because the other host will initiate
548 an authentication sequence during which
549 we will do just that.
551 int setup_outgoing_connection(char *hostname)
556 if(!(h = gethostbyname(hostname)))
558 syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname);
562 ncn = new_conn_list();
563 ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0])));
564 ncn->real_hostname = hostlookup(htonl(ncn->real_ip));
566 if(setup_outgoing_meta_socket(ncn) < 0)
568 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
570 free_conn_element(ncn);
574 ncn->status.meta = 1;
575 ncn->status.outgoing = 1;
576 ncn->next = conn_list;
583 set up the local sockets (listen only)
585 int setup_myself(void)
589 myself = new_conn_list();
591 if(!(cfg = get_config_val(myvpnip)))
593 syslog(LOG_ERR, _("No value for my VPN IP given"));
597 myself->vpn_ip = cfg->data.ip->ip;
598 myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip));
599 myself->real_hostname = hostlookup(htonl(myself->vpn_ip));
600 myself->vpn_mask = cfg->data.ip->mask;
603 if(!(cfg = get_config_val(listenport)))
606 myself->port = cfg->data.val;
608 if(cfg = get_config_val(indirectdata))
609 if(cfg->data.val == stupid_true)
610 myself->flags |= EXPORTINDIRECTDATA;
612 if(cfg = get_config_val(tcponly))
613 if(cfg->data.val == stupid_true)
614 myself->flags |= TCPONLY;
616 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
618 syslog(LOG_ERR, _("Unable to set up a listening socket"));
622 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
624 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
625 close(myself->meta_socket);
629 myself->status.active = 1;
631 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
637 sigalrm_handler(int a)
641 cfg = get_next_config_val(upstreamip, upstreamindex++);
645 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
647 signal(SIGALRM, SIG_IGN);
650 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
653 signal(SIGALRM, sigalrm_handler);
655 seconds_till_retry += 5;
656 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
657 seconds_till_retry = MAXTIMEOUT;
658 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
660 alarm(seconds_till_retry);
665 setup all initial network connections
667 int setup_network_connections(void)
671 if((cfg = get_config_val(pingtimeout)) == NULL)
674 timeout = cfg->data.val;
676 if(setup_tap_fd() < 0)
679 if(setup_myself() < 0)
682 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
683 /* No upstream IP given, we're listen only. */
688 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
690 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
693 signal(SIGALRM, sigalrm_handler);
695 seconds_till_retry = MAXTIMEOUT;
696 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
697 alarm(seconds_till_retry);
703 close all open network connections
705 void close_network_connections(void)
709 for(p = conn_list; p != NULL; p = p->next)
711 if(p->status.dataopen)
713 shutdown(p->socket, 0); /* No more receptions */
719 shutdown(p->meta_socket, 0); /* No more receptions */
720 close(p->meta_socket);
725 if(myself->status.active)
727 close(myself->meta_socket);
728 close(myself->socket);
734 syslog(LOG_NOTICE, _("Terminating"));
740 create a data (udp) socket
742 int setup_vpn_connection(conn_list_t *cl)
745 struct sockaddr_in a;
748 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->real_hostname);
750 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
753 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
757 a.sin_family = AF_INET;
758 a.sin_port = htons(cl->port);
759 a.sin_addr.s_addr = htonl(cl->real_ip);
761 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
763 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
764 cl->real_hostname, cl->port);
768 flags = fcntl(nfd, F_GETFL);
769 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
771 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
772 cl->vpn_hostname, cl->real_hostname);
777 cl->status.dataopen = 1;
783 handle an incoming tcp connect call and open
786 conn_list_t *create_new_connection(int sfd)
789 struct sockaddr_in ci;
790 int len = sizeof(ci);
794 if(getpeername(sfd, &ci, &len) < 0)
796 syslog(LOG_ERR, _("Error: getpeername: %m"));
800 p->real_ip = ntohl(ci.sin_addr.s_addr);
801 p->real_hostname = hostlookup(ci.sin_addr.s_addr);
802 p->meta_socket = sfd;
805 p->last_ping_time = time(NULL);
809 syslog(LOG_NOTICE, _("Connection from %s port %d"),
810 p->real_hostname, htons(ci.sin_port));
812 if(send_basic_info(p) < 0)
814 free_conn_element(p);
822 put all file descriptors in an fd_set array
824 void build_fdset(fd_set *fs)
830 for(p = conn_list; p != NULL; p = p->next)
833 FD_SET(p->meta_socket, fs);
834 if(p->status.dataopen)
835 FD_SET(p->socket, fs);
838 FD_SET(myself->meta_socket, fs);
839 FD_SET(myself->socket, fs);
845 receive incoming data from the listening
846 udp socket and write it to the ethertap
847 device after being decrypted
849 int handle_incoming_vpn_data(conn_list_t *cl)
853 int x, l = sizeof(x);
856 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
858 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket,
859 cl->vpn_hostname, cl->real_hostname);
864 syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"),
865 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
870 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
873 syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->vpn_hostname, cl->real_hostname);
876 total_socket_in += lenin;
878 rp.data.len = ntohs(rp.data.len);
879 rp.len = ntohs(rp.len);
880 rp.from = ntohl(rp.from);
884 f = lookup_conn(rp.from);
887 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
888 cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from));
892 if(f->status.validkey)
896 add_queue(&(f->rq), &rp, rp.len);
897 if(!cl->status.waitingforkey)
898 send_key_request(rp.from);
901 if(my_key_expiry <= time(NULL))
909 terminate a connection and notify the other
910 end before closing the sockets
912 void terminate_connection(conn_list_t *cl)
917 if(cl->status.remove)
921 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
922 cl->vpn_hostname, cl->real_hostname);
924 if(cl->status.timeout)
926 /* else if(!cl->status.termreq)
933 close(cl->meta_socket);
935 cl->status.remove = 1;
937 /* If this cl isn't active, don't send any DEL_HOSTs. */
938 if(cl->status.active)
939 notify_others(cl,NULL,send_del_host);
942 /* Find all connections that were lost because they were behind cl
943 (the connection that was dropped). */
945 for(p = conn_list; p != NULL; p = p->next)
947 if((p->nexthop == cl) && (p != cl))
949 if(cl->status.active && p->status.active)
950 notify_others(p,cl,send_del_host);
953 p->status.active = 0;
954 p->status.remove = 1;
958 cl->status.active = 0;
960 if(cl->status.outgoing)
962 signal(SIGALRM, sigalrm_handler);
963 seconds_till_retry = 5;
964 alarm(seconds_till_retry);
965 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
971 Check if the other end is active.
972 If we have sent packets, but didn't receive any,
973 then possibly the other end is dead. We send a
974 PING request over the meta connection. If the other
975 end does not reply in time, we consider them dead
976 and close the connection.
978 int check_dead_connections(void)
984 for(p = conn_list; p != NULL; p = p->next)
988 if(p->status.active && p->status.meta)
990 if(p->last_ping_time + timeout < now)
992 if(p->status.pinged && !p->status.got_pong)
995 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
996 p->vpn_hostname, p->real_hostname);
997 p->status.timeout = 1;
998 terminate_connection(p);
1000 else if(p->want_ping)
1003 p->last_ping_time = now;
1004 p->status.pinged = 1;
1005 p->status.got_pong = 0;
1015 accept a new tcp connect and create a
1018 int handle_new_meta_connection(conn_list_t *cl)
1021 struct sockaddr client;
1022 int nfd, len = sizeof(client);
1024 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1026 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1030 if(!(ncn = create_new_connection(nfd)))
1034 syslog(LOG_NOTICE, _("Closed attempted connection"));
1038 ncn->status.meta = 1;
1039 ncn->next = conn_list;
1046 dispatch any incoming meta requests
1048 int handle_incoming_meta_data(conn_list_t *cl)
1050 int x, l = sizeof(x);
1051 int request, oldlen, i;
1054 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1056 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket,
1057 cl->vpn_hostname, cl->real_hostname);
1062 syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"),
1063 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
1067 if(cl->buflen >= MAXBUFSIZE)
1069 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1073 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1081 syslog(LOG_NOTICE, _("Connection closed by %s (%s)"),
1082 cl->vpn_hostname, cl->real_hostname);
1084 syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"),
1085 cl->vpn_hostname, cl->real_hostname);
1089 oldlen = cl->buflen;
1090 cl->buflen += lenin;
1096 for(i = oldlen; i < cl->buflen; i++)
1098 if(cl->buffer[i] == '\n')
1100 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1109 syslog(LOG_DEBUG, _("Got request from %s (%s): %s"),
1110 cl->vpn_hostname, cl->real_hostname, cl->buffer);
1111 if(sscanf(cl->buffer, "%d", &request) == 1)
1113 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1115 syslog(LOG_ERR, _("Unknown request from %s (%s)"),
1116 cl->vpn_hostname, cl->real_hostname);
1120 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1122 syslog(LOG_ERR, _("Error while processing request from %s (%s)"),
1123 cl->vpn_hostname, cl->real_hostname);
1129 syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
1130 cl->vpn_hostname, cl->real_hostname);
1134 cl->buflen -= cl->reqlen;
1135 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1144 cl->last_ping_time = time(NULL);
1151 check all connections to see if anything
1152 happened on their sockets
1154 void check_network_activity(fd_set *f)
1157 int x, l = sizeof(x);
1159 for(p = conn_list; p != NULL; p = p->next)
1161 if(p->status.remove)
1164 if(p->status.dataopen)
1165 if(FD_ISSET(p->socket, f))
1168 The only thing that can happen to get us here is apparently an
1169 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1170 something that will not trigger an error directly on send()).
1171 I've once got here when it said `No route to host'.
1173 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1174 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1175 p->vpn_hostname, p->real_hostname, sys_errlist[x]);
1176 terminate_connection(p);
1181 if(FD_ISSET(p->meta_socket, f))
1182 if(handle_incoming_meta_data(p) < 0)
1184 terminate_connection(p);
1189 if(FD_ISSET(myself->socket, f))
1190 handle_incoming_vpn_data(myself);
1192 if(FD_ISSET(myself->meta_socket, f))
1193 handle_new_meta_connection(myself);
1198 read, encrypt and send data that is
1199 available through the ethertap device
1201 void handle_tap_input(void)
1205 int ether_type, lenin;
1207 memset(&vp, 0, sizeof(vp));
1208 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1210 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1214 total_tap_in += lenin;
1216 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1217 if(ether_type != 0x0800)
1220 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1221 ether_type, MAC_ADDR_V(vp.data[6]));
1228 syslog(LOG_INFO, _("Dropping short packet"));
1232 from = ntohl(*((unsigned long*)(&vp.data[26])));
1233 to = ntohl(*((unsigned long*)(&vp.data[30])));
1235 vp.len = (length_t)lenin - 2;
1237 strip_mac_addresses(&vp);
1239 send_packet(to, &vp);
1244 this is where it all happens...
1246 void main_loop(void)
1251 time_t last_ping_check;
1253 last_ping_check = time(NULL);
1257 tv.tv_sec = timeout;
1263 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1265 if(errno != EINTR) /* because of alarm */
1267 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1275 close_network_connections();
1277 if(read_config_file(configfilename))
1279 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1283 setup_network_connections();
1287 if(last_ping_check + timeout < time(NULL))
1288 /* Let's check if everybody is still alive */
1290 check_dead_connections();
1291 last_ping_check = time(NULL);
1296 check_network_activity(&fset);
1298 /* local tap data */
1299 if(FD_ISSET(tap_fd, &fset))