2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.45 2000/10/24 15:46:16 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
43 #include LINUX_IF_TUN_H
61 int total_tap_out = 0;
62 int total_socket_in = 0;
63 int total_socket_out = 0;
65 config_t *upstreamcfg;
66 static int seconds_till_retry;
71 strip off the MAC adresses of an ethernet frame
73 void strip_mac_addresses(vpn_packet_t *p)
76 memmove(p->data, p->data + 12, p->len -= 12);
81 reassemble MAC addresses
83 void add_mac_addresses(vpn_packet_t *p)
86 memcpy(p->data + 12, p->data, p->len);
88 p->data[0] = p->data[6] = 0xfe;
89 p->data[1] = p->data[7] = 0xfd;
90 /* Really evil pointer stuff just below! */
91 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
92 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
96 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
101 outpkt.len = inpkt->len;
102 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
103 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
104 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
107 if(debug_lvl >= DEBUG_TRAFFIC)
108 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
109 outlen, cl->name, cl->hostname);
111 total_socket_out += outlen;
115 if((send(cl->socket, (char *) &(outpkt.len), outlen + 2, 0)) < 0)
117 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
118 cl->name, cl->hostname);
125 int xrecv(vpn_packet_t *inpkt)
130 outpkt.len = inpkt->len;
131 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
132 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
133 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
137 add_mac_addresses(&outpkt);
140 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
141 syslog(LOG_ERR, _("Can't write to tap device: %m"));
143 total_tap_out += outpkt.len;
149 add the given packet of size s to the
150 queue q, be it the send or receive queue
152 void add_queue(packet_queue_t **q, void *packet, size_t s)
156 e = xmalloc(sizeof(*e));
157 e->packet = xmalloc(s);
158 memcpy(e->packet, packet, s);
162 *q = xmalloc(sizeof(**q));
163 (*q)->head = (*q)->tail = NULL;
166 e->next = NULL; /* We insert at the tail */
168 if((*q)->tail) /* Do we have a tail? */
170 (*q)->tail->next = e;
171 e->prev = (*q)->tail;
173 else /* No tail -> no head too */
183 /* Remove a queue element */
184 void del_queue(packet_queue_t **q, queue_element_t *e)
189 if(e->next) /* There is a successor, so we are not tail */
191 if(e->prev) /* There is a predecessor, so we are not head */
193 e->next->prev = e->prev;
194 e->prev->next = e->next;
196 else /* We are head */
198 e->next->prev = NULL;
199 (*q)->head = e->next;
202 else /* We are tail (or all alone!) */
204 if(e->prev) /* We are not alone :) */
206 e->prev->next = NULL;
207 (*q)->tail = e->prev;
221 flush a queue by calling function for
222 each packet, and removing it when that
223 returned a zero exit code
225 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
226 int (*function)(conn_list_t*,void*))
228 queue_element_t *p, *next = NULL;
230 for(p = (*pq)->head; p != NULL; )
234 if(!function(cl, p->packet))
240 if(debug_lvl >= DEBUG_TRAFFIC)
241 syslog(LOG_DEBUG, _("Queue flushed"));
246 flush the send&recv queues
247 void because nothing goes wrong here, packets
248 remain in the queue if something goes wrong
250 void flush_queues(conn_list_t *cl)
255 if(debug_lvl >= DEBUG_TRAFFIC)
256 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
257 cl->name, cl->hostname);
258 flush_queue(cl, &(cl->sq), xsend);
263 if(debug_lvl >= DEBUG_TRAFFIC)
264 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
265 cl->name, cl->hostname);
266 flush_queue(cl, &(cl->rq), xrecv);
272 send a packet to the given vpn ip.
274 int send_packet(ip_t to, vpn_packet_t *packet)
278 if((cl = lookup_conn_list_ipv4(to)) == NULL)
280 if(debug_lvl >= DEBUG_TRAFFIC)
282 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
289 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
291 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
293 if(!cl->status.dataopen)
294 if(setup_vpn_connection(cl) < 0)
296 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
297 cl->name, cl->hostname);
301 if(!cl->status.validkey)
303 if(debug_lvl >= DEBUG_TRAFFIC)
304 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
305 cl->name, cl->hostname);
306 add_queue(&(cl->sq), packet, packet->len + 2);
307 if(!cl->status.waitingforkey)
308 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
312 if(!cl->status.active)
314 if(debug_lvl >= DEBUG_TRAFFIC)
315 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
316 cl->name, cl->hostname);
317 add_queue(&(cl->sq), packet, packet->len + 2);
318 return 0; /* We don't want to mess up, do we? */
321 /* can we send it? can we? can we? huh? */
323 return xsend(cl, packet);
327 open the local ethertap device
329 int setup_tap_fd(void)
332 const char *tapfname;
338 if((cfg = get_config_val(config, tapdevice)))
339 tapfname = cfg->data.ptr;
342 tapfname = "/dev/misc/net/tun";
344 tapfname = "/dev/tap0";
347 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
349 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
358 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
359 memset(&ifr, 0, sizeof(ifr));
361 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
363 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
365 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
367 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
370 if((cfg = get_config_val(config, tapsubnet)) == NULL)
371 syslog(LOG_INFO, _("tun/tap device will be left unconfigured"));
373 /* Setup inetaddr/netmask etc */;
377 /* Add name of network interface to environment (for scripts) */
379 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
380 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
389 set up the socket that we listen on for incoming
392 int setup_listen_meta_socket(int port)
395 struct sockaddr_in a;
399 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
401 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
405 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
407 syslog(LOG_ERR, _("setsockopt: %m"));
411 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
413 syslog(LOG_ERR, _("setsockopt: %m"));
417 flags = fcntl(nfd, F_GETFL);
418 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
420 syslog(LOG_ERR, _("fcntl: %m"));
424 if((cfg = get_config_val(config, interface)))
426 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
428 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
433 memset(&a, 0, sizeof(a));
434 a.sin_family = AF_INET;
435 a.sin_port = htons(port);
437 if((cfg = get_config_val(config, interfaceip)))
438 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
440 a.sin_addr.s_addr = htonl(INADDR_ANY);
442 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
444 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
450 syslog(LOG_ERR, _("listen: %m"));
458 setup the socket for incoming encrypted
461 int setup_vpn_in_socket(int port)
464 struct sockaddr_in a;
467 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
469 syslog(LOG_ERR, _("Creating socket failed: %m"));
473 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
475 syslog(LOG_ERR, _("setsockopt: %m"));
479 flags = fcntl(nfd, F_GETFL);
480 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
482 syslog(LOG_ERR, _("fcntl: %m"));
486 memset(&a, 0, sizeof(a));
487 a.sin_family = AF_INET;
488 a.sin_port = htons(port);
489 a.sin_addr.s_addr = htonl(INADDR_ANY);
491 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
493 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
501 setup an outgoing meta (tcp) socket
503 int setup_outgoing_meta_socket(conn_list_t *cl)
506 struct sockaddr_in a;
509 if(debug_lvl >= DEBUG_CONNECTIONS)
510 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
512 if((cfg = get_config_val(cl->config, port)) == NULL)
515 cl->port = cfg->data.val;
517 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
518 if(cl->meta_socket == -1)
520 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
521 cl->hostname, cl->port);
525 a.sin_family = AF_INET;
526 a.sin_port = htons(cl->port);
527 a.sin_addr.s_addr = htonl(cl->address);
529 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
531 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
535 flags = fcntl(cl->meta_socket, F_GETFL);
536 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
538 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
539 cl->hostname, cl->port);
543 if(debug_lvl >= DEBUG_CONNECTIONS)
544 syslog(LOG_INFO, _("Connected to %s port %hd"),
545 cl->hostname, cl->port);
553 setup an outgoing connection. It's not
554 necessary to also open an udp socket as
555 well, because the other host will initiate
556 an authentication sequence during which
557 we will do just that.
559 int setup_outgoing_connection(char *name)
567 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
571 ncn = new_conn_list();
572 asprintf(&ncn->name, "%s", name);
574 if(read_host_config(ncn))
576 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
581 if(!(cfg = get_config_val(ncn->config, address)))
583 syslog(LOG_ERR, _("No address specified for %s"));
588 if(!(h = gethostbyname(cfg->data.ptr)))
590 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
595 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
596 ncn->hostname = hostlookup(htonl(ncn->address));
598 if(setup_outgoing_meta_socket(ncn) < 0)
600 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
606 ncn->status.outgoing = 1;
607 ncn->buffer = xmalloc(MAXBUFSIZE);
609 ncn->last_ping_time = time(NULL);
620 Configure conn_list_t myself and set up the local sockets (listen only)
622 int setup_myself(void)
628 myself = new_conn_list();
630 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
632 myself->protocol_version = PROT_CURRENT;
634 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
636 syslog(LOG_ERR, _("Name for tinc daemon required!"));
640 asprintf(&myself->name, "%s", (char*)cfg->data.val);
642 if(check_id(myself->name))
644 syslog(LOG_ERR, _("Invalid name for myself!"));
648 if(!(cfg = get_config_val(config, privatekey)))
650 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
655 myself->rsa_key = RSA_new();
656 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
657 BN_hex2bn(&myself->rsa_key->e, "FFFF");
660 if(read_host_config(myself))
662 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
666 if(!(cfg = get_config_val(myself->config, publickey)))
668 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
673 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
676 if(RSA_check_key(myself->rsa_key) != 1)
678 syslog(LOG_ERR, _("Invalid public/private keypair!"));
682 if(!(cfg = get_config_val(myself->config, port)))
685 myself->port = cfg->data.val;
687 if((cfg = get_config_val(myself->config, indirectdata)))
688 if(cfg->data.val == stupid_true)
689 myself->flags |= EXPORTINDIRECTDATA;
691 if((cfg = get_config_val(myself->config, tcponly)))
692 if(cfg->data.val == stupid_true)
693 myself->flags |= TCPONLY;
695 /* Read in all the subnets specified in the host configuration file */
697 for(cfg = myself->config; cfg = get_config_val(cfg, subnet); cfg = cfg->next)
700 net->type = SUBNET_IPV4;
701 net->net.ipv4.address = cfg->data.ip->address;
702 net->net.ipv4.mask = cfg->data.ip->mask;
704 subnet_add(myself, net);
707 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
709 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
713 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
715 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
716 close(myself->meta_socket);
720 myself->status.active = 1;
722 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
728 sigalrm_handler(int a)
732 cfg = get_config_val(upstreamcfg, connectto);
734 if(!cfg && upstreamcfg == myself->config)
735 /* No upstream IP given, we're listen only. */
740 upstreamcfg = cfg->next;
741 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
743 signal(SIGALRM, SIG_IGN);
746 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
749 signal(SIGALRM, sigalrm_handler);
750 upstreamcfg = myself->config;
751 seconds_till_retry += 5;
752 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
753 seconds_till_retry = MAXTIMEOUT;
754 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
756 alarm(seconds_till_retry);
761 setup all initial network connections
763 int setup_network_connections(void)
768 if((cfg = get_config_val(config, pingtimeout)) == NULL)
771 timeout = cfg->data.val;
773 if(setup_tap_fd() < 0)
776 if(setup_myself() < 0)
779 /* Run tinc-up script to further initialize the tap interface */
781 asprintf(&scriptname, "%s/tinc-up", confbase);
786 execl(scriptname, NULL);
789 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
796 if(!(cfg = get_config_val(myself->config, connectto)))
797 /* No upstream IP given, we're listen only. */
802 upstreamcfg = cfg->next;
803 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
805 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
808 signal(SIGALRM, sigalrm_handler);
809 upstreamcfg = myself->config;
810 seconds_till_retry = MAXTIMEOUT;
811 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
812 alarm(seconds_till_retry);
818 close all open network connections
820 void close_network_connections(void)
825 for(p = conn_list; p != NULL; p = p->next)
827 if(p->status.dataopen)
829 shutdown(p->socket, 0); /* No more receptions */
835 shutdown(p->meta_socket, 0); /* No more receptions */
836 close(p->meta_socket);
841 if(myself->status.active)
843 close(myself->meta_socket);
844 close(myself->socket);
847 /* Execute tinc-down script right before shutting down the interface */
849 asprintf(&scriptname, "%s/tinc-down", confbase);
853 execl(scriptname, NULL);
856 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
866 syslog(LOG_NOTICE, _("Terminating"));
872 create a data (udp) socket
874 int setup_vpn_connection(conn_list_t *cl)
877 struct sockaddr_in a;
879 if(debug_lvl >= DEBUG_TRAFFIC)
880 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
882 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
885 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
889 a.sin_family = AF_INET;
890 a.sin_port = htons(cl->port);
891 a.sin_addr.s_addr = htonl(cl->address);
893 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
895 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
896 cl->hostname, cl->port);
900 flags = fcntl(nfd, F_GETFL);
901 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
903 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
904 cl->name, cl->hostname);
909 cl->status.dataopen = 1;
915 handle an incoming tcp connect call and open
918 conn_list_t *create_new_connection(int sfd)
921 struct sockaddr_in ci;
922 int len = sizeof(ci);
926 if(getpeername(sfd, &ci, &len) < 0)
928 syslog(LOG_ERR, _("Error: getpeername: %m"));
933 p->address = ntohl(ci.sin_addr.s_addr);
934 p->hostname = hostlookup(ci.sin_addr.s_addr);
935 p->meta_socket = sfd;
937 p->buffer = xmalloc(MAXBUFSIZE);
939 p->last_ping_time = time(NULL);
942 if(debug_lvl >= DEBUG_CONNECTIONS)
943 syslog(LOG_NOTICE, _("Connection from %s port %d"),
944 p->hostname, htons(ci.sin_port));
946 p->allow_request = ID;
952 put all file descriptors in an fd_set array
954 void build_fdset(fd_set *fs)
960 for(p = conn_list; p != NULL; p = p->next)
963 FD_SET(p->meta_socket, fs);
964 if(p->status.dataopen)
965 FD_SET(p->socket, fs);
968 FD_SET(myself->meta_socket, fs);
969 FD_SET(myself->socket, fs);
975 receive incoming data from the listening
976 udp socket and write it to the ethertap
977 device after being decrypted
979 int handle_incoming_vpn_data()
983 int x, l = sizeof(x);
984 struct sockaddr from;
985 socklen_t fromlen = sizeof(from);
987 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
989 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
990 __FILE__, __LINE__, myself->socket);
995 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
999 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1001 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1005 if(debug_lvl >= DEBUG_TRAFFIC)
1007 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1008 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1016 terminate a connection and notify the other
1017 end before closing the sockets
1019 void terminate_connection(conn_list_t *cl)
1024 if(cl->status.remove)
1027 if(debug_lvl >= DEBUG_CONNECTIONS)
1028 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1029 cl->name, cl->hostname);
1034 close(cl->meta_socket);
1036 cl->status.remove = 1;
1038 /* If this cl isn't active, don't send any DEL_HOSTs. */
1040 /* FIXME: reprogram this.
1041 if(cl->status.active)
1042 notify_others(cl,NULL,send_del_host);
1046 /* Find all connections that were lost because they were behind cl
1047 (the connection that was dropped). */
1049 for(p = conn_list; p != NULL; p = p->next)
1051 if((p->nexthop == cl) && (p != cl))
1053 if(cl->status.active && p->status.active)
1054 /* FIXME: reprogram this
1055 notify_others(p,cl,send_del_host);
1059 p->status.active = 0;
1060 p->status.remove = 1;
1064 cl->status.active = 0;
1066 if(cl->status.outgoing)
1068 signal(SIGALRM, sigalrm_handler);
1069 seconds_till_retry = 5;
1070 alarm(seconds_till_retry);
1071 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1077 Check if the other end is active.
1078 If we have sent packets, but didn't receive any,
1079 then possibly the other end is dead. We send a
1080 PING request over the meta connection. If the other
1081 end does not reply in time, we consider them dead
1082 and close the connection.
1084 int check_dead_connections(void)
1090 for(p = conn_list; p != NULL; p = p->next)
1092 if(p->status.remove)
1094 if(p->status.active && p->status.meta)
1096 if(p->last_ping_time + timeout < now)
1098 if(p->status.pinged && !p->status.got_pong)
1100 if(debug_lvl >= DEBUG_PROTOCOL)
1101 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1102 p->name, p->hostname);
1103 p->status.timeout = 1;
1104 terminate_connection(p);
1106 else if(p->want_ping)
1109 p->last_ping_time = now;
1110 p->status.pinged = 1;
1111 p->status.got_pong = 0;
1121 accept a new tcp connect and create a
1124 int handle_new_meta_connection()
1127 struct sockaddr client;
1128 int nfd, len = sizeof(client);
1130 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1132 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1136 if(!(ncn = create_new_connection(nfd)))
1140 syslog(LOG_NOTICE, _("Closed attempted connection"));
1144 ncn->status.meta = 1;
1145 ncn->next = conn_list;
1152 check all connections to see if anything
1153 happened on their sockets
1155 void check_network_activity(fd_set *f)
1158 int x, l = sizeof(x);
1160 for(p = conn_list; p != NULL; p = p->next)
1162 if(p->status.remove)
1165 if(p->status.dataopen)
1166 if(FD_ISSET(p->socket, f))
1169 The only thing that can happen to get us here is apparently an
1170 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1171 something that will not trigger an error directly on send()).
1172 I've once got here when it said `No route to host'.
1174 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1175 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1176 p->name, p->hostname, strerror(x));
1177 terminate_connection(p);
1182 if(FD_ISSET(p->meta_socket, f))
1183 if(receive_meta(p) < 0)
1185 terminate_connection(p);
1190 if(FD_ISSET(myself->socket, f))
1191 handle_incoming_vpn_data();
1193 if(FD_ISSET(myself->meta_socket, f))
1194 handle_new_meta_connection();
1199 read, encrypt and send data that is
1200 available through the ethertap device
1202 void handle_tap_input(void)
1209 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1211 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1218 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1220 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1226 total_tap_in += lenin;
1230 if(debug_lvl >= DEBUG_TRAFFIC)
1231 syslog(LOG_WARNING, _("Received short packet from tap device"));
1235 if(debug_lvl >= DEBUG_TRAFFIC)
1237 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1240 // route_packet(&vp);
1245 this is where it all happens...
1247 void main_loop(void)
1252 time_t last_ping_check;
1254 last_ping_check = time(NULL);
1258 tv.tv_sec = timeout;
1264 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1266 if(errno != EINTR) /* because of alarm */
1268 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1276 /* FIXME: reprogram this.
1278 syslog(LOG_INFO, _("Rereading configuration file"));
1279 close_network_connections();
1281 if(read_config_file(&config, configfilename))
1283 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1287 setup_network_connections();
1292 if(last_ping_check + timeout < time(NULL))
1293 /* Let's check if everybody is still alive */
1295 check_dead_connections();
1296 last_ping_check = time(NULL);
1301 check_network_activity(&fset);
1303 /* local tap data */
1304 if(FD_ISSET(tap_fd, &fset))