2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.10 2000/06/27 20:10:48 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int xsend(conn_list_t *cl, void *packet)
101 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
102 rp.from = htonl(myself->vpn_ip);
103 rp.data.len = htons(rp.data.len);
104 rp.len = htons(rp.len);
107 syslog(LOG_ERR, _("Sending packet of %d bytes to " IP_ADDR_S " (%s)"),
108 ntohs(rp.len), IP_ADDR_V(cl->vpn_ip), cl->hostname);
110 if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
112 syslog(LOG_ERR, _("Error sending packet to " IP_ADDR_S " (%s): %m"),
113 IP_ADDR_V(cl->vpn_ip), cl->hostname);
117 total_socket_out += r;
124 int xrecv(conn_list_t *cl, void *packet)
129 do_decrypt((real_packet_t*)packet, &vp, cl->key);
130 add_mac_addresses(&vp);
133 syslog(LOG_ERR, _("Receiving packet of %d bytes from " IP_ADDR_S " (%s)"),
134 ((real_packet_t*)packet)->len, IP_ADDR_V(cl->vpn_ip), cl->hostname);
136 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
137 syslog(LOG_ERR, _("Can't write to tap device: %m"));
139 total_tap_out += lenin;
142 cl->last_ping_time = time(NULL);
148 add the given packet of size s to the
149 queue q, be it the send or receive queue
151 void add_queue(packet_queue_t **q, void *packet, size_t s)
155 e = xmalloc(sizeof(*e));
156 e->packet = xmalloc(s);
157 memcpy(e->packet, packet, s);
161 *q = xmalloc(sizeof(**q));
162 (*q)->head = (*q)->tail = NULL;
165 e->next = NULL; /* We insert at the tail */
167 if((*q)->tail) /* Do we have a tail? */
169 (*q)->tail->next = e;
170 e->prev = (*q)->tail;
172 else /* No tail -> no head too */
182 /* Remove a queue element */
183 void del_queue(packet_queue_t **q, queue_element_t *e)
188 if(e->next) /* There is a successor, so we are not tail */
190 if(e->prev) /* There is a predecessor, so we are not head */
192 e->next->prev = e->prev;
193 e->prev->next = e->next;
195 else /* We are head */
197 e->next->prev = NULL;
198 (*q)->head = e->next;
201 else /* We are tail (or all alone!) */
203 if(e->prev) /* We are not alone :) */
205 e->prev->next = NULL;
206 (*q)->tail = e->prev;
220 flush a queue by calling function for
221 each packet, and removing it when that
222 returned a zero exit code
224 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
225 int (*function)(conn_list_t*,void*))
227 queue_element_t *p, *next = NULL;
229 for(p = (*pq)->head; p != NULL; )
233 if(!function(cl, p->packet))
240 syslog(LOG_DEBUG, _("Queue flushed"));
245 flush the send&recv queues
246 void because nothing goes wrong here, packets
247 remain in the queue if something goes wrong
249 void flush_queues(conn_list_t *cl)
255 syslog(LOG_DEBUG, _("Flushing send queue for " IP_ADDR_S),
256 IP_ADDR_V(cl->vpn_ip));
257 flush_queue(cl, &(cl->sq), xsend);
263 syslog(LOG_DEBUG, _("Flushing receive queue for " IP_ADDR_S),
264 IP_ADDR_V(cl->vpn_ip));
265 flush_queue(cl, &(cl->rq), xrecv);
271 send a packet to the given vpn ip.
273 int send_packet(ip_t to, vpn_packet_t *packet)
277 if((cl = lookup_conn(to)) == NULL)
281 syslog(LOG_NOTICE, _("Trying to look up " IP_ADDR_S " in connection list failed!"),
285 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
289 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
291 { /* No open outgoing connection has been found. */
293 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
298 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
300 if(myself->flags & EXPORTINDIRECTDATA)
302 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
304 { /* No open outgoing connection has been found. */
306 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
312 /* If indirectdata flag is set for the destination we just looked up,
313 * then real_ip is actually the vpn_ip of the gateway tincd
317 if(cl->flags & INDIRECTDATA)
320 syslog(LOG_NOTICE, _("Indirect packet to " IP_ADDR_S " via " IP_ADDR_S),
321 IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip));
322 if((cl = lookup_conn(cl->real_ip)) == NULL)
325 syslog(LOG_NOTICE, _("Indirect look up " IP_ADDR_S " in connection list failed!"),
328 /* Gateway tincd dead? Should we kill it? (GS) */
332 if(cl->flags & INDIRECTDATA) /* This should not happen */
335 syslog(LOG_NOTICE, _("Double indirection for " IP_ADDR_S),
341 if(my_key_expiry <= time(NULL))
344 if(!cl->status.dataopen)
345 if(setup_vpn_connection(cl) < 0)
347 syslog(LOG_ERR, _("Could not open UDP connection to " IP_ADDR_S " (%s)"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
351 if(!cl->status.validkey)
354 syslog(LOG_INFO, _(IP_ADDR_S " (%s) has no valid key, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
355 add_queue(&(cl->sq), packet, packet->len + 2);
356 if(!cl->status.waitingforkey)
357 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
361 if(!cl->status.active)
364 syslog(LOG_INFO, _(IP_ADDR_S " (%s) is not ready, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
365 add_queue(&(cl->sq), packet, packet->len + 2);
366 return 0; /* We don't want to mess up, do we? */
369 /* can we send it? can we? can we? huh? */
371 return xsend(cl, packet);
375 open the local ethertap device
377 int setup_tap_fd(void)
380 const char *tapfname;
383 if((cfg = get_config_val(tapdevice)) == NULL)
384 tapfname = "/dev/tap0";
386 tapfname = cfg->data.ptr;
388 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
390 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
400 set up the socket that we listen on for incoming
403 int setup_listen_meta_socket(int port)
406 struct sockaddr_in a;
409 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
411 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
415 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
417 syslog(LOG_ERR, _("setsockopt: %m"));
421 flags = fcntl(nfd, F_GETFL);
422 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
424 syslog(LOG_ERR, _("fcntl: %m"));
428 memset(&a, 0, sizeof(a));
429 a.sin_family = AF_INET;
430 a.sin_port = htons(port);
431 a.sin_addr.s_addr = htonl(INADDR_ANY);
433 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
435 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
441 syslog(LOG_ERR, _("listen: %m"));
449 setup the socket for incoming encrypted
452 int setup_vpn_in_socket(int port)
455 struct sockaddr_in a;
458 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
460 syslog(LOG_ERR, _("Creating socket failed: %m"));
464 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
466 syslog(LOG_ERR, _("setsockopt: %m"));
470 flags = fcntl(nfd, F_GETFL);
471 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
473 syslog(LOG_ERR, _("fcntl: %m"));
477 memset(&a, 0, sizeof(a));
478 a.sin_family = AF_INET;
479 a.sin_port = htons(port);
480 a.sin_addr.s_addr = htonl(INADDR_ANY);
482 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
484 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
492 setup an outgoing meta (tcp) socket
494 int setup_outgoing_meta_socket(conn_list_t *cl)
497 struct sockaddr_in a;
501 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
503 if((cfg = get_config_val(upstreamport)) == NULL)
506 cl->port = cfg->data.val;
508 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
509 if(cl->meta_socket == -1)
511 syslog(LOG_ERR, _("Creating socket failed: %m"));
515 a.sin_family = AF_INET;
516 a.sin_port = htons(cl->port);
517 a.sin_addr.s_addr = htonl(cl->real_ip);
519 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
521 syslog(LOG_ERR, _(IP_ADDR_S ":%d: %m"), IP_ADDR_V(cl->real_ip), cl->port);
525 flags = fcntl(cl->meta_socket, F_GETFL);
526 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
528 syslog(LOG_ERR, _("fcntl: %m"));
532 syslog(LOG_INFO, _("Connected to " IP_ADDR_S ":%hd"),
533 IP_ADDR_V(cl->real_ip), cl->port);
539 setup an outgoing connection. It's not
540 necessary to also open an udp socket as
541 well, because the other host will initiate
542 an authentication sequence during which
543 we will do just that.
545 int setup_outgoing_connection(ip_t ip)
549 ncn = new_conn_list();
551 ncn->hostname = hostlookup(htonl(ip));
553 if(setup_outgoing_meta_socket(ncn) < 0)
555 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
557 free_conn_element(ncn);
561 ncn->status.meta = 1;
562 ncn->status.outgoing = 1;
563 ncn->next = conn_list;
570 set up the local sockets (listen only)
572 int setup_myself(void)
576 myself = new_conn_list();
578 if(!(cfg = get_config_val(myvpnip)))
580 syslog(LOG_ERR, _("No value for my VPN IP given"));
584 myself->vpn_ip = cfg->data.ip->ip;
585 myself->hostname = hostlookup(htonl(myself->vpn_ip));
586 myself->vpn_mask = cfg->data.ip->mask;
589 if(!(cfg = get_config_val(listenport)))
592 myself->port = cfg->data.val;
594 if(cfg = get_config_val(indirectdata))
595 if(cfg->data.val == stupid_true)
596 myself->flags |= EXPORTINDIRECTDATA;
598 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
600 syslog(LOG_ERR, _("Unable to set up a listening socket"));
604 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
606 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
607 close(myself->meta_socket);
611 myself->status.active = 1;
613 syslog(LOG_NOTICE, _("Ready: listening on port %d"), myself->port);
619 sigalrm_handler(int a)
623 cfg = get_next_config_val(upstreamip, upstreamindex++);
627 if(!setup_outgoing_connection(cfg->data.ip->ip)) /* function returns 0 when there are no problems */
629 signal(SIGALRM, SIG_IGN);
632 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
635 signal(SIGALRM, sigalrm_handler);
637 seconds_till_retry += 5;
638 if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */
639 seconds_till_retry = 300;
640 alarm(seconds_till_retry);
641 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
647 setup all initial network connections
649 int setup_network_connections(void)
653 if((cfg = get_config_val(pingtimeout)) == NULL)
656 timeout = cfg->data.val;
658 if(setup_tap_fd() < 0)
661 if(setup_myself() < 0)
664 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
665 /* No upstream IP given, we're listen only. */
670 if(!setup_outgoing_connection(cfg->data.ip->ip)) /* function returns 0 when there are no problems */
672 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
675 signal(SIGALRM, sigalrm_handler);
677 seconds_till_retry = 300;
678 alarm(seconds_till_retry);
679 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes"));
685 close all open network connections
687 void close_network_connections(void)
691 for(p = conn_list; p != NULL; p = p->next)
693 if(p->status.dataopen)
695 shutdown(p->socket, 0); /* No more receptions */
701 shutdown(p->meta_socket, 0); /* No more receptions */
702 close(p->meta_socket);
707 if(myself->status.active)
709 close(myself->meta_socket);
710 close(myself->socket);
716 syslog(LOG_NOTICE, _("Terminating"));
722 create a data (udp) socket
724 int setup_vpn_connection(conn_list_t *cl)
727 struct sockaddr_in a;
730 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
732 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
735 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
739 a.sin_family = AF_INET;
740 a.sin_port = htons(cl->port);
741 a.sin_addr.s_addr = htonl(cl->real_ip);
743 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
745 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
746 cl->hostname, cl->port);
750 flags = fcntl(nfd, F_GETFL);
751 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
753 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, nfd);
758 cl->status.dataopen = 1;
764 handle an incoming tcp connect call and open
767 conn_list_t *create_new_connection(int sfd)
770 struct sockaddr_in ci;
771 int len = sizeof(ci);
775 if(getpeername(sfd, &ci, &len) < 0)
777 syslog(LOG_ERR, _("Error: getpeername: %m"));
781 p->real_ip = ntohl(ci.sin_addr.s_addr);
782 p->hostname = hostlookup(ci.sin_addr.s_addr);
783 p->meta_socket = sfd;
786 p->last_ping_time = time(NULL);
790 syslog(LOG_NOTICE, _("Connection from %s port %d"),
791 p->hostname, htons(ci.sin_port));
793 if(send_basic_info(p) < 0)
803 put all file descriptors in an fd_set array
805 void build_fdset(fd_set *fs)
811 for(p = conn_list; p != NULL; p = p->next)
814 FD_SET(p->meta_socket, fs);
815 if(p->status.dataopen)
816 FD_SET(p->socket, fs);
819 FD_SET(myself->meta_socket, fs);
820 FD_SET(myself->socket, fs);
826 receive incoming data from the listening
827 udp socket and write it to the ethertap
828 device after being decrypted
830 int handle_incoming_vpn_data(conn_list_t *cl)
834 int x, l = sizeof(x);
837 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
839 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->socket);
844 syslog(LOG_ERR, _("Incoming data socket error: %s"), sys_errlist[x]);
849 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
852 syslog(LOG_ERR, _("Receiving packet from %s failed: %m"), cl->hostname);
855 total_socket_in += lenin;
857 rp.data.len = ntohs(rp.data.len);
858 rp.len = ntohs(rp.len);
859 rp.from = ntohl(rp.from);
863 f = lookup_conn(rp.from);
866 syslog(LOG_ERR, _("Got packet from " IP_ADDR_S " (%s) with unknown origin " IP_ADDR_S "?"),
867 IP_ADDR_V(cl->vpn_ip), cl->hostname, IP_ADDR_V(rp.from));
871 if(f->status.validkey)
875 add_queue(&(f->rq), &rp, rp.len);
876 if(!cl->status.waitingforkey)
877 send_key_request(rp.from);
880 if(my_key_expiry <= time(NULL))
888 terminate a connection and notify the other
889 end before closing the sockets
891 void terminate_connection(conn_list_t *cl)
896 if(cl->status.remove)
900 syslog(LOG_NOTICE, _("Closing connection with " IP_ADDR_S " (%s)"),
901 IP_ADDR_V(cl->vpn_ip), cl->hostname);
903 if(cl->status.timeout)
905 else if(!cl->status.termreq)
910 close(cl->meta_socket);
912 if(cl->status.outgoing)
914 signal(SIGALRM, sigalrm_handler);
915 seconds_till_retry = 5;
916 alarm(seconds_till_retry);
917 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
920 cl->status.remove = 1;
922 /* If this cl isn't active, don't send any DEL_HOSTs and don't bother
923 checking for other lost connections. */
924 if(!cl->status.active)
927 cl->status.active = 0;
930 /* Find all connections that were lost because they were behind cl
931 (the connection that was dropped). */
932 for(p = conn_list; p != NULL; p = p->next)
935 p->status.active = 0;
936 p->status.remove = 1;
940 /* Then send a notification about all these connections to all hosts
941 that are still connected to us. */
942 for(p = conn_list; p != NULL; p = p->next)
943 if(!p->status.remove && p->status.meta)
944 for(q = conn_list; q != NULL; q = q->next)
952 Check if the other end is active.
953 If we have sent packets, but didn't receive any,
954 then possibly the other end is dead. We send a
955 PING request over the meta connection. If the other
956 end does not reply in time, we consider them dead
957 and close the connection.
959 int check_dead_connections(void)
965 for(p = conn_list; p != NULL; p = p->next)
969 if(p->status.active && p->status.meta)
971 if(p->last_ping_time + timeout < now)
973 if(p->status.pinged && !p->status.got_pong)
976 syslog(LOG_INFO, _(IP_ADDR_S " (%s) didn't respond to ping"),
977 IP_ADDR_V(p->vpn_ip), p->hostname);
978 p->status.timeout = 1;
979 terminate_connection(p);
981 else if(p->want_ping)
984 p->last_ping_time = now;
985 p->status.pinged = 1;
986 p->status.got_pong = 0;
996 accept a new tcp connect and create a
999 int handle_new_meta_connection(conn_list_t *cl)
1002 struct sockaddr client;
1003 int nfd, len = sizeof(client);
1005 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1007 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1011 if((ncn = create_new_connection(nfd)) == NULL)
1015 syslog(LOG_NOTICE, _("Closed attempted connection"));
1019 ncn->status.meta = 1;
1020 ncn->next = conn_list;
1027 dispatch any incoming meta requests
1029 int handle_incoming_meta_data(conn_list_t *cl)
1031 int x, l = sizeof(x);
1032 int request, oldlen, i;
1035 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1037 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->meta_socket);
1042 syslog(LOG_ERR, _("Metadata socket error: %s"), sys_errlist[x]);
1046 if(cl->buflen >= MAXBUFSIZE)
1048 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1052 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1056 syslog(LOG_ERR, _("Metadata socket read error: %m"));
1060 oldlen = cl->buflen;
1061 cl->buflen += lenin;
1067 for(i = oldlen; i < cl->buflen; i++)
1069 if(cl->buffer[i] == '\n')
1071 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1080 syslog(LOG_DEBUG, _("Got request from " IP_ADDR_S " (%s): %s"),
1081 IP_ADDR_V(cl->vpn_ip), cl->hostname, cl->buffer);
1082 if(sscanf(cl->buffer, "%d", &request) == 1)
1084 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1086 syslog(LOG_ERR, _("Unknown request from " IP_ADDR_S " (%s)"),
1087 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1091 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1093 syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S " (%s)"),
1094 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1100 syslog(LOG_ERR, _("Bogus data received from " IP_ADDR_S " (%s)"),
1101 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1105 cl->buflen -= cl->reqlen;
1106 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1115 cl->last_ping_time = time(NULL);
1122 check all connections to see if anything
1123 happened on their sockets
1125 void check_network_activity(fd_set *f)
1128 int x, l = sizeof(x);
1130 for(p = conn_list; p != NULL; p = p->next)
1132 if(p->status.remove)
1135 if(p->status.dataopen)
1136 if(FD_ISSET(p->socket, f))
1139 The only thing that can happen to get us here is apparently an
1140 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1141 something that will not trigger an error directly on send()).
1142 I've once got here when it said `No route to host'.
1144 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1145 syslog(LOG_ERR, _("Outgoing data socket error: %s"), sys_errlist[x]);
1146 terminate_connection(p);
1151 if(FD_ISSET(p->meta_socket, f))
1152 if(handle_incoming_meta_data(p) < 0)
1154 terminate_connection(p);
1159 if(FD_ISSET(myself->socket, f))
1160 handle_incoming_vpn_data(myself);
1162 if(FD_ISSET(myself->meta_socket, f))
1163 handle_new_meta_connection(myself);
1168 read, encrypt and send data that is
1169 available through the ethertap device
1171 void handle_tap_input(void)
1175 int ether_type, lenin;
1177 memset(&vp, 0, sizeof(vp));
1178 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1180 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1184 total_tap_in += lenin;
1186 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1187 if(ether_type != 0x0800)
1190 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1191 ether_type, MAC_ADDR_V(vp.data[6]));
1198 syslog(LOG_INFO, _("Dropping short packet"));
1202 from = ntohl(*((unsigned long*)(&vp.data[26])));
1203 to = ntohl(*((unsigned long*)(&vp.data[30])));
1205 vp.len = (length_t)lenin - 2;
1207 strip_mac_addresses(&vp);
1209 send_packet(to, &vp);
1214 this is where it all happens...
1216 void main_loop(void)
1221 time_t last_ping_check;
1223 last_ping_check = time(NULL);
1227 tv.tv_sec = timeout;
1233 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1235 if(errno == EINTR) /* because of alarm */
1237 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1241 if(last_ping_check + timeout < time(NULL))
1242 /* Let's check if everybody is still alive */
1244 check_dead_connections();
1245 last_ping_check = time(NULL);
1249 check_network_activity(&fset);
1251 /* local tap data */
1252 if(FD_ISSET(tap_fd, &fset))