2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.28 2000/09/14 11:54:50 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), ntohs(rp.len), cl->id, cl->hostname);
108 total_socket_out += ntohs(rp.len);
112 if((cl->flags | myself->flags) & TCPONLY)
113 return send_tcppacket(cl, (void*)&rp, ntohs(rp.len));
115 if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
117 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->id, cl->hostname);
124 int xrecv(conn_list_t *cl, void *packet)
129 do_decrypt((real_packet_t*)packet, &vp, cl->key);
130 add_mac_addresses(&vp);
133 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), ((real_packet_t*)packet)->len, cl->id, cl->hostname);
135 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
136 syslog(LOG_ERR, _("Can't write to tap device: %m"));
138 total_tap_out += lenin;
141 cl->last_ping_time = time(NULL);
147 add the given packet of size s to the
148 queue q, be it the send or receive queue
150 void add_queue(packet_queue_t **q, void *packet, size_t s)
154 e = xmalloc(sizeof(*e));
155 e->packet = xmalloc(s);
156 memcpy(e->packet, packet, s);
160 *q = xmalloc(sizeof(**q));
161 (*q)->head = (*q)->tail = NULL;
164 e->next = NULL; /* We insert at the tail */
166 if((*q)->tail) /* Do we have a tail? */
168 (*q)->tail->next = e;
169 e->prev = (*q)->tail;
171 else /* No tail -> no head too */
181 /* Remove a queue element */
182 void del_queue(packet_queue_t **q, queue_element_t *e)
187 if(e->next) /* There is a successor, so we are not tail */
189 if(e->prev) /* There is a predecessor, so we are not head */
191 e->next->prev = e->prev;
192 e->prev->next = e->next;
194 else /* We are head */
196 e->next->prev = NULL;
197 (*q)->head = e->next;
200 else /* We are tail (or all alone!) */
202 if(e->prev) /* We are not alone :) */
204 e->prev->next = NULL;
205 (*q)->tail = e->prev;
219 flush a queue by calling function for
220 each packet, and removing it when that
221 returned a zero exit code
223 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
224 int (*function)(conn_list_t*,void*))
226 queue_element_t *p, *next = NULL;
228 for(p = (*pq)->head; p != NULL; )
232 if(!function(cl, p->packet))
239 syslog(LOG_DEBUG, _("Queue flushed"));
244 flush the send&recv queues
245 void because nothing goes wrong here, packets
246 remain in the queue if something goes wrong
248 void flush_queues(conn_list_t *cl)
254 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), cl->id, cl->hostname);
255 flush_queue(cl, &(cl->sq), xsend);
261 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), cl->id, cl->hostname);
262 flush_queue(cl, &(cl->rq), xrecv);
268 send a packet to the given vpn ip.
270 int send_packet(ip_t to, vpn_packet_t *packet)
274 if((cl = lookup_conn(to)) == NULL)
278 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
285 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
287 /* The next few lines will be obsoleted, if we are going indirect, matching subnet_t
288 should point to only our uplink as the recepient
291 if(myself->flags & EXPORTINDIRECTDATA)
293 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
295 { /* No open outgoing connection has been found. */
297 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
303 /* If indirectdata flag is set for the destination we just looked up,
304 * then real_ip is actually the vpn_ip of the gateway tincd
308 if(cl->flags & INDIRECTDATA)
311 syslog(LOG_NOTICE, _("Indirect packet to %s via %s"), cl->id, cl->hostname);
312 if((cl = lookup_conn(cl->real_ip)) == NULL)
315 syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"), IP_ADDR_V(to));
317 /* Gateway tincd dead? Should we kill it? (GS) */
321 if(cl->flags & INDIRECTDATA) /* This should not happen */
324 syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"), IP_ADDR_V(to));
329 if(my_key_expiry <= time(NULL))
332 if(!cl->status.dataopen)
333 if(setup_vpn_connection(cl) < 0)
335 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->id, cl->hostname);
339 if(!cl->status.validkey)
342 syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->id, cl->hostname);
343 add_queue(&(cl->sq), packet, packet->len + 2);
344 if(!cl->status.waitingforkey)
345 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
349 if(!cl->status.active)
352 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->id, cl->hostname);
353 add_queue(&(cl->sq), packet, packet->len + 2);
354 return 0; /* We don't want to mess up, do we? */
357 /* can we send it? can we? can we? huh? */
359 return xsend(cl, packet);
363 open the local ethertap device
365 int setup_tap_fd(void)
368 const char *tapfname;
371 if((cfg = get_config_val(tapdevice)) == NULL)
372 tapfname = "/dev/tap0";
374 tapfname = cfg->data.ptr;
376 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
378 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
388 set up the socket that we listen on for incoming
391 int setup_listen_meta_socket(int port)
394 struct sockaddr_in a;
398 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
400 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
404 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
406 syslog(LOG_ERR, _("setsockopt: %m"));
410 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
412 syslog(LOG_ERR, _("setsockopt: %m"));
416 flags = fcntl(nfd, F_GETFL);
417 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
419 syslog(LOG_ERR, _("fcntl: %m"));
423 if((cfg = get_config_val(interface)))
425 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
427 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
432 memset(&a, 0, sizeof(a));
433 a.sin_family = AF_INET;
434 a.sin_port = htons(port);
436 if((cfg = get_config_val(interfaceip)))
437 a.sin_addr.s_addr = htonl(cfg->data.ip->ip);
439 a.sin_addr.s_addr = htonl(INADDR_ANY);
441 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
443 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
449 syslog(LOG_ERR, _("listen: %m"));
457 setup the socket for incoming encrypted
460 int setup_vpn_in_socket(int port)
463 struct sockaddr_in a;
466 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
468 syslog(LOG_ERR, _("Creating socket failed: %m"));
472 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
474 syslog(LOG_ERR, _("setsockopt: %m"));
478 flags = fcntl(nfd, F_GETFL);
479 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
481 syslog(LOG_ERR, _("fcntl: %m"));
485 memset(&a, 0, sizeof(a));
486 a.sin_family = AF_INET;
487 a.sin_port = htons(port);
488 a.sin_addr.s_addr = htonl(INADDR_ANY);
490 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
492 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
500 setup an outgoing meta (tcp) socket
502 int setup_outgoing_meta_socket(conn_list_t *cl)
505 struct sockaddr_in a;
509 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
511 if((cfg = get_config_val(upstreamport)) == NULL)
514 cl->port = cfg->data.val;
516 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
517 if(cl->meta_socket == -1)
519 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
520 cl->hostname, cl->port);
524 a.sin_family = AF_INET;
525 a.sin_port = htons(cl->port);
526 a.sin_addr.s_addr = htonl(cl->real_ip);
528 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
530 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
534 flags = fcntl(cl->meta_socket, F_GETFL);
535 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
537 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
538 cl->hostname, cl->port);
543 syslog(LOG_INFO, _("Connected to %s port %hd"),
544 cl->hostname, cl->port);
550 setup an outgoing connection. It's not
551 necessary to also open an udp socket as
552 well, because the other host will initiate
553 an authentication sequence during which
554 we will do just that.
556 int setup_outgoing_connection(char *hostname)
561 if(!(h = gethostbyname(hostname)))
563 syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname);
567 ncn = new_conn_list();
568 ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0])));
569 ncn->hostname = hostlookup(htonl(ncn->real_ip));
571 if(setup_outgoing_meta_socket(ncn) < 0)
573 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
575 free_conn_element(ncn);
579 ncn->status.meta = 1;
580 ncn->status.outgoing = 1;
581 ncn->next = conn_list;
588 set up the local sockets (listen only)
590 int setup_myself(void)
594 myself = new_conn_list();
596 if(!(cfg = get_config_val(myvpnip)))
598 syslog(LOG_ERR, _("No value for my VPN IP given"));
602 myself->vpn_ip = cfg->data.ip->ip;
603 myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip));
604 myself->hostname = hostlookup(htonl(myself->vpn_ip));
605 myself->vpn_mask = cfg->data.ip->mask;
608 if(!(cfg = get_config_val(listenport)))
611 myself->port = cfg->data.val;
613 if((cfg = get_config_val(indirectdata)))
614 if(cfg->data.val == stupid_true)
615 myself->flags |= EXPORTINDIRECTDATA;
617 if((cfg = get_config_val(tcponly)))
618 if(cfg->data.val == stupid_true)
619 myself->flags |= TCPONLY;
621 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
623 syslog(LOG_ERR, _("Unable to set up a listening socket"));
627 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
629 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
630 close(myself->meta_socket);
634 myself->status.active = 1;
636 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
642 sigalrm_handler(int a)
646 cfg = get_next_config_val(upstreamip, upstreamindex++);
650 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
652 signal(SIGALRM, SIG_IGN);
655 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
658 signal(SIGALRM, sigalrm_handler);
660 seconds_till_retry += 5;
661 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
662 seconds_till_retry = MAXTIMEOUT;
663 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
665 alarm(seconds_till_retry);
670 setup all initial network connections
672 int setup_network_connections(void)
676 if((cfg = get_config_val(pingtimeout)) == NULL)
679 timeout = cfg->data.val;
681 if(setup_tap_fd() < 0)
684 if(setup_myself() < 0)
687 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
688 /* No upstream IP given, we're listen only. */
693 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
695 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
698 signal(SIGALRM, sigalrm_handler);
700 seconds_till_retry = MAXTIMEOUT;
701 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
702 alarm(seconds_till_retry);
708 close all open network connections
710 void close_network_connections(void)
714 for(p = conn_list; p != NULL; p = p->next)
716 if(p->status.dataopen)
718 shutdown(p->socket, 0); /* No more receptions */
724 shutdown(p->meta_socket, 0); /* No more receptions */
725 close(p->meta_socket);
730 if(myself->status.active)
732 close(myself->meta_socket);
733 close(myself->socket);
739 syslog(LOG_NOTICE, _("Terminating"));
745 create a data (udp) socket
747 int setup_vpn_connection(conn_list_t *cl)
750 struct sockaddr_in a;
753 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
755 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
758 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
762 a.sin_family = AF_INET;
763 a.sin_port = htons(cl->port);
764 a.sin_addr.s_addr = htonl(cl->real_ip);
766 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
768 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
769 cl->hostname, cl->port);
773 flags = fcntl(nfd, F_GETFL);
774 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
776 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, cl->id, cl->hostname);
781 cl->status.dataopen = 1;
787 handle an incoming tcp connect call and open
790 conn_list_t *create_new_connection(int sfd)
793 struct sockaddr_in ci;
794 int len = sizeof(ci);
798 if(getpeername(sfd, &ci, &len) < 0)
800 syslog(LOG_ERR, _("Error: getpeername: %m"));
804 p->real_ip = ntohl(ci.sin_addr.s_addr);
805 p->hostname = hostlookup(ci.sin_addr.s_addr);
806 p->meta_socket = sfd;
809 p->last_ping_time = time(NULL);
813 syslog(LOG_NOTICE, _("Connection from %s port %d"),
814 p->hostname, htons(ci.sin_port));
816 if(send_basic_info(p) < 0)
818 free_conn_element(p);
826 put all file descriptors in an fd_set array
828 void build_fdset(fd_set *fs)
834 for(p = conn_list; p != NULL; p = p->next)
837 FD_SET(p->meta_socket, fs);
838 if(p->status.dataopen)
839 FD_SET(p->socket, fs);
842 FD_SET(myself->meta_socket, fs);
843 FD_SET(myself->socket, fs);
849 receive incoming data from the listening
850 udp socket and write it to the ethertap
851 device after being decrypted
853 int handle_incoming_vpn_data(conn_list_t *cl)
857 int x, l = sizeof(x);
860 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
862 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket, cl->id, cl->hostname);
867 syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x));
872 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
875 syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->id, cl->hostname);
878 total_socket_in += lenin;
880 rp.data.len = ntohs(rp.data.len);
881 rp.len = ntohs(rp.len);
882 rp.from = ntohl(rp.from);
886 f = lookup_conn(rp.from);
889 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), cl->id, cl->hostname, IP_ADDR_V(rp.from));
893 if(f->status.validkey)
897 add_queue(&(f->rq), &rp, rp.len);
898 if(!cl->status.waitingforkey)
899 send_key_request(rp.from);
902 if(my_key_expiry <= time(NULL))
910 terminate a connection and notify the other
911 end before closing the sockets
913 void terminate_connection(conn_list_t *cl)
918 if(cl->status.remove)
922 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->id, cl->hostname);
924 if(cl->status.timeout)
926 /* else if(!cl->status.termreq)
933 close(cl->meta_socket);
935 cl->status.remove = 1;
937 /* If this cl isn't active, don't send any DEL_HOSTs. */
938 if(cl->status.active)
939 notify_others(cl,NULL,send_del_host);
942 /* Find all connections that were lost because they were behind cl
943 (the connection that was dropped). */
945 for(p = conn_list; p != NULL; p = p->next)
947 if((p->nexthop == cl) && (p != cl))
949 if(cl->status.active && p->status.active)
950 notify_others(p,cl,send_del_host);
953 p->status.active = 0;
954 p->status.remove = 1;
958 cl->status.active = 0;
960 if(cl->status.outgoing)
962 signal(SIGALRM, sigalrm_handler);
963 seconds_till_retry = 5;
964 alarm(seconds_till_retry);
965 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
971 Check if the other end is active.
972 If we have sent packets, but didn't receive any,
973 then possibly the other end is dead. We send a
974 PING request over the meta connection. If the other
975 end does not reply in time, we consider them dead
976 and close the connection.
978 int check_dead_connections(void)
984 for(p = conn_list; p != NULL; p = p->next)
988 if(p->status.active && p->status.meta)
990 if(p->last_ping_time + timeout < now)
992 if(p->status.pinged && !p->status.got_pong)
995 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), cl->id, cl->hostname);
996 p->status.timeout = 1;
997 terminate_connection(p);
999 else if(p->want_ping)
1002 p->last_ping_time = now;
1003 p->status.pinged = 1;
1004 p->status.got_pong = 0;
1014 accept a new tcp connect and create a
1017 int handle_new_meta_connection(conn_list_t *cl)
1020 struct sockaddr client;
1021 int nfd, len = sizeof(client);
1023 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1025 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1029 if(!(ncn = create_new_connection(nfd)))
1033 syslog(LOG_NOTICE, _("Closed attempted connection"));
1037 ncn->status.meta = 1;
1038 ncn->next = conn_list;
1045 dispatch any incoming meta requests
1047 int handle_incoming_meta_data(conn_list_t *cl)
1049 int x, l = sizeof(x);
1050 int request, oldlen, i;
1053 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1055 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, cl->id, cl->hostname);
1060 syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x));
1064 lenin = read(cl->meta_socket, cl->buffer+cl->buflen, MAXBUFSIZE - cl->buflen);
1072 if(debug_lvl>DEBUG_CONNECTIONS)
1073 syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->id, cl->hostname);
1076 syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), cl->id, cl->hostname);
1080 if(cl->status.encrypted)
1082 /* FIXME: do decryption. */
1085 oldlen = cl->buflen;
1086 cl->buflen += lenin;
1092 for(i = oldlen; i < cl->buflen; i++)
1094 if(cl->buffer[i] == '\n')
1096 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1104 if(debug_lvl > DEBUG_PROTOCOL)
1105 syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), cl->id, cl->hostname, cl->buffer);
1106 if(sscanf(cl->buffer, "%d", &request) == 1)
1108 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1110 syslog(LOG_ERR, _("Unknown request from %s (%s)"), cl->id, cl->hostname);
1115 if(debug_lvl > DEBUG_PROTOCOL)
1116 syslog(LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], cl->id, cl->hostname);
1118 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1120 syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), request_name[request], cl->id, cl->hostname);
1126 syslog(LOG_ERR, _("Bogus data received from %s (%s)"), cl->id, cl->hostname);
1130 cl->buflen -= cl->reqlen;
1131 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1140 if(cl->buflen >= MAXBUFSIZE)
1142 syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), cl->id, cl->hostname);
1146 cl->last_ping_time = time(NULL);
1153 check all connections to see if anything
1154 happened on their sockets
1156 void check_network_activity(fd_set *f)
1159 int x, l = sizeof(x);
1161 for(p = conn_list; p != NULL; p = p->next)
1163 if(p->status.remove)
1166 if(p->status.dataopen)
1167 if(FD_ISSET(p->socket, f))
1170 The only thing that can happen to get us here is apparently an
1171 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1172 something that will not trigger an error directly on send()).
1173 I've once got here when it said `No route to host'.
1175 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1176 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x));
1177 terminate_connection(p);
1182 if(FD_ISSET(p->meta_socket, f))
1183 if(handle_incoming_meta_data(p) < 0)
1185 terminate_connection(p);
1190 if(FD_ISSET(myself->socket, f))
1191 handle_incoming_vpn_data(myself);
1193 if(FD_ISSET(myself->meta_socket, f))
1194 handle_new_meta_connection(myself);
1199 read, encrypt and send data that is
1200 available through the ethertap device
1202 void handle_tap_input(void)
1206 int ether_type, lenin;
1208 memset(&vp, 0, sizeof(vp));
1209 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1211 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1215 total_tap_in += lenin;
1217 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1218 if(ether_type != 0x0800)
1221 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6]));
1228 syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6]));
1232 from = ntohl(*((unsigned long*)(&vp.data[26])));
1233 to = ntohl(*((unsigned long*)(&vp.data[30])));
1235 vp.len = (length_t)lenin - 2;
1237 strip_mac_addresses(&vp);
1239 send_packet(to, &vp);
1244 this is where it all happens...
1246 void main_loop(void)
1251 time_t last_ping_check;
1253 last_ping_check = time(NULL);
1257 tv.tv_sec = timeout;
1263 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1265 if(errno != EINTR) /* because of alarm */
1267 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1275 close_network_connections();
1277 if(read_config_file(configfilename))
1279 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1283 setup_network_connections();
1287 if(last_ping_check + timeout < time(NULL))
1288 /* Let's check if everybody is still alive */
1290 check_dead_connections();
1291 last_ping_check = time(NULL);
1296 check_network_activity(&fset);
1298 /* local tap data */
1299 if(FD_ISSET(tap_fd, &fset))