2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.9 2000/06/27 15:08:58 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 static int seconds_till_retry;
61 /* The global list of existing connections */
62 conn_list_t *conn_list = NULL;
63 conn_list_t *myself = NULL;
66 strip off the MAC adresses of an ethernet frame
68 void strip_mac_addresses(vpn_packet_t *p)
70 unsigned char tmp[MAXSIZE];
72 memcpy(tmp, p->data, p->len);
74 memcpy(p->data, &tmp[12], p->len);
79 reassemble MAC addresses
81 void add_mac_addresses(vpn_packet_t *p)
83 unsigned char tmp[MAXSIZE];
85 memcpy(&tmp[12], p->data, p->len);
87 tmp[0] = tmp[6] = 0xfe;
88 tmp[1] = tmp[7] = 0xfd;
89 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
90 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
91 memcpy(p->data, &tmp[0], p->len);
95 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sending packet of %d bytes to " IP_ADDR_S " (%s)"),
107 ntohs(rp.len), IP_ADDR_V(cl->vpn_ip), cl->hostname);
109 if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
111 syslog(LOG_ERR, _("Error sending packet to " IP_ADDR_S " (%s): %m"),
112 IP_ADDR_V(cl->vpn_ip), cl->hostname);
116 total_socket_out += r;
123 int xrecv(conn_list_t *cl, void *packet)
128 do_decrypt((real_packet_t*)packet, &vp, cl->key);
129 add_mac_addresses(&vp);
132 syslog(LOG_ERR, _("Receiving packet of %d bytes from " IP_ADDR_S " (%s)"),
133 ((real_packet_t*)packet)->len, IP_ADDR_V(cl->vpn_ip), cl->hostname);
135 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
136 syslog(LOG_ERR, _("Can't write to tap device: %m"));
138 total_tap_out += lenin;
141 cl->last_ping_time = time(NULL);
147 add the given packet of size s to the
148 queue q, be it the send or receive queue
150 void add_queue(packet_queue_t **q, void *packet, size_t s)
154 e = xmalloc(sizeof(*e));
155 e->packet = xmalloc(s);
156 memcpy(e->packet, packet, s);
160 *q = xmalloc(sizeof(**q));
161 (*q)->head = (*q)->tail = NULL;
164 e->next = NULL; /* We insert at the tail */
166 if((*q)->tail) /* Do we have a tail? */
168 (*q)->tail->next = e;
169 e->prev = (*q)->tail;
171 else /* No tail -> no head too */
181 /* Remove a queue element */
182 void del_queue(packet_queue_t **q, queue_element_t *e)
187 if(e->next) /* There is a successor, so we are not tail */
189 if(e->prev) /* There is a predecessor, so we are not head */
191 e->next->prev = e->prev;
192 e->prev->next = e->next;
194 else /* We are head */
196 e->next->prev = NULL;
197 (*q)->head = e->next;
200 else /* We are tail (or all alone!) */
202 if(e->prev) /* We are not alone :) */
204 e->prev->next = NULL;
205 (*q)->tail = e->prev;
219 flush a queue by calling function for
220 each packet, and removing it when that
221 returned a zero exit code
223 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
224 int (*function)(conn_list_t*,void*))
226 queue_element_t *p, *next = NULL;
228 for(p = (*pq)->head; p != NULL; )
232 if(!function(cl, p->packet))
239 syslog(LOG_DEBUG, _("Queue flushed"));
244 flush the send&recv queues
245 void because nothing goes wrong here, packets
246 remain in the queue if something goes wrong
248 void flush_queues(conn_list_t *cl)
254 syslog(LOG_DEBUG, _("Flushing send queue for " IP_ADDR_S),
255 IP_ADDR_V(cl->vpn_ip));
256 flush_queue(cl, &(cl->sq), xsend);
262 syslog(LOG_DEBUG, _("Flushing receive queue for " IP_ADDR_S),
263 IP_ADDR_V(cl->vpn_ip));
264 flush_queue(cl, &(cl->rq), xrecv);
270 send a packet to the given vpn ip.
272 int send_packet(ip_t to, vpn_packet_t *packet)
276 if((cl = lookup_conn(to)) == NULL)
280 syslog(LOG_NOTICE, _("Trying to look up " IP_ADDR_S " in connection list failed!"),
284 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
288 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
290 { /* No open outgoing connection has been found. */
292 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
297 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
299 if(myself->flags & EXPORTINDIRECTDATA)
301 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
303 { /* No open outgoing connection has been found. */
305 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
311 /* If indirectdata flag is set for the destination we just looked up,
312 * then real_ip is actually the vpn_ip of the gateway tincd
316 if(cl->flags & INDIRECTDATA)
319 syslog(LOG_NOTICE, _("Indirect packet to " IP_ADDR_S " via " IP_ADDR_S),
320 IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip));
321 if((cl = lookup_conn(cl->real_ip)) == NULL)
324 syslog(LOG_NOTICE, _("Indirect look up " IP_ADDR_S " in connection list failed!"),
327 /* Gateway tincd dead? Should we kill it? (GS) */
331 if(cl->flags & INDIRECTDATA) /* This should not happen */
334 syslog(LOG_NOTICE, _("Double indirection for " IP_ADDR_S),
340 if(my_key_expiry <= time(NULL))
343 if(!cl->status.dataopen)
344 if(setup_vpn_connection(cl) < 0)
346 syslog(LOG_ERR, _("Could not open UDP connection to " IP_ADDR_S " (%s)"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
350 if(!cl->status.validkey)
353 syslog(LOG_INFO, _(IP_ADDR_S " (%s) has no valid key, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
354 add_queue(&(cl->sq), packet, packet->len + 2);
355 if(!cl->status.waitingforkey)
356 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
360 if(!cl->status.active)
363 syslog(LOG_INFO, _(IP_ADDR_S " (%s) is not ready, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
364 add_queue(&(cl->sq), packet, packet->len + 2);
365 return 0; /* We don't want to mess up, do we? */
368 /* can we send it? can we? can we? huh? */
370 return xsend(cl, packet);
374 open the local ethertap device
376 int setup_tap_fd(void)
379 const char *tapfname;
382 if((cfg = get_config_val(tapdevice)) == NULL)
383 tapfname = "/dev/tap0";
385 tapfname = cfg->data.ptr;
387 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
389 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
399 set up the socket that we listen on for incoming
402 int setup_listen_meta_socket(int port)
405 struct sockaddr_in a;
408 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
410 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
414 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
416 syslog(LOG_ERR, _("setsockopt: %m"));
420 flags = fcntl(nfd, F_GETFL);
421 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
423 syslog(LOG_ERR, _("fcntl: %m"));
427 memset(&a, 0, sizeof(a));
428 a.sin_family = AF_INET;
429 a.sin_port = htons(port);
430 a.sin_addr.s_addr = htonl(INADDR_ANY);
432 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
434 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
440 syslog(LOG_ERR, _("listen: %m"));
448 setup the socket for incoming encrypted
451 int setup_vpn_in_socket(int port)
454 struct sockaddr_in a;
457 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
459 syslog(LOG_ERR, _("Creating socket failed: %m"));
463 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
465 syslog(LOG_ERR, _("setsockopt: %m"));
469 flags = fcntl(nfd, F_GETFL);
470 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
472 syslog(LOG_ERR, _("fcntl: %m"));
476 memset(&a, 0, sizeof(a));
477 a.sin_family = AF_INET;
478 a.sin_port = htons(port);
479 a.sin_addr.s_addr = htonl(INADDR_ANY);
481 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
483 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
491 setup an outgoing meta (tcp) socket
493 int setup_outgoing_meta_socket(conn_list_t *cl)
496 struct sockaddr_in a;
499 if((cfg = get_config_val(upstreamport)) == NULL)
502 cl->port = cfg->data.val;
504 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
505 if(cl->meta_socket == -1)
507 syslog(LOG_ERR, _("Creating socket failed: %m"));
511 a.sin_family = AF_INET;
512 a.sin_port = htons(cl->port);
513 a.sin_addr.s_addr = htonl(cl->real_ip);
515 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
517 syslog(LOG_ERR, _(IP_ADDR_S ":%d: %m"), IP_ADDR_V(cl->real_ip), cl->port);
521 flags = fcntl(cl->meta_socket, F_GETFL);
522 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
524 syslog(LOG_ERR, _("fcntl: %m"));
528 syslog(LOG_INFO, _("Connected to " IP_ADDR_S ":%hd"),
529 IP_ADDR_V(cl->real_ip), cl->port);
535 setup an outgoing connection. It's not
536 necessary to also open an udp socket as
537 well, because the other host will initiate
538 an authentication sequence during which
539 we will do just that.
541 int setup_outgoing_connection(ip_t ip)
545 ncn = new_conn_list();
547 ncn->hostname = hostlookup(htonl(ip));
549 if(setup_outgoing_meta_socket(ncn) < 0)
551 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
553 free_conn_element(ncn);
557 ncn->status.meta = 1;
558 ncn->status.outgoing = 1;
559 ncn->next = conn_list;
566 set up the local sockets (listen only)
568 int setup_myself(void)
572 myself = new_conn_list();
574 if(!(cfg = get_config_val(myvpnip)))
576 syslog(LOG_ERR, _("No value for my VPN IP given"));
580 myself->vpn_ip = cfg->data.ip->ip;
581 myself->hostname = hostlookup(htonl(myself->vpn_ip));
582 myself->vpn_mask = cfg->data.ip->mask;
585 if(!(cfg = get_config_val(listenport)))
588 myself->port = cfg->data.val;
590 if(cfg = get_config_val(indirectdata))
591 if(cfg->data.val == stupid_true)
592 myself->flags |= EXPORTINDIRECTDATA;
594 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
596 syslog(LOG_ERR, _("Unable to set up a listening socket"));
600 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
602 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
603 close(myself->meta_socket);
607 myself->status.active = 1;
609 syslog(LOG_NOTICE, _("Ready: listening on port %d"), myself->port);
615 sigalrm_handler(int a)
620 cfg = get_config_val(upstreamip);
624 if(!setup_outgoing_connection(cfg->data.ip->ip)) /* function returns 0 when there are no problems */
626 signal(SIGALRM, SIG_IGN);
629 cfg = get_next_config_val(upstreamip, index++); /* Or else we try the next ConnectTo line */
632 signal(SIGALRM, sigalrm_handler);
633 seconds_till_retry += 5;
634 if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */
635 seconds_till_retry = 300;
636 alarm(seconds_till_retry);
637 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
643 setup all initial network connections
645 int setup_network_connections(void)
650 if((cfg = get_config_val(pingtimeout)) == NULL)
653 timeout = cfg->data.val;
655 if(setup_tap_fd() < 0)
658 if(setup_myself() < 0)
661 if((cfg = get_config_val(upstreamip)) == NULL)
662 /* No upstream IP given, we're listen only. */
667 if(!setup_outgoing_connection(cfg->data.ip->ip)) /* function returns 0 when there are no problems */
669 cfg = get_next_config_val(upstreamip, index++); /* Or else we try the next ConnectTo line */
672 signal(SIGALRM, sigalrm_handler);
673 seconds_till_retry = 300;
674 alarm(seconds_till_retry);
675 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes"));
681 close all open network connections
683 void close_network_connections(void)
687 for(p = conn_list; p != NULL; p = p->next)
689 if(p->status.dataopen)
691 shutdown(p->socket, 0); /* No more receptions */
697 shutdown(p->meta_socket, 0); /* No more receptions */
698 close(p->meta_socket);
703 if(myself->status.active)
705 close(myself->meta_socket);
706 close(myself->socket);
712 syslog(LOG_NOTICE, _("Terminating"));
718 create a data (udp) socket
720 int setup_vpn_connection(conn_list_t *cl)
723 struct sockaddr_in a;
726 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
728 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
731 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
735 a.sin_family = AF_INET;
736 a.sin_port = htons(cl->port);
737 a.sin_addr.s_addr = htonl(cl->real_ip);
739 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
741 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
742 cl->hostname, cl->port);
746 flags = fcntl(nfd, F_GETFL);
747 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
749 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, nfd);
754 cl->status.dataopen = 1;
760 handle an incoming tcp connect call and open
763 conn_list_t *create_new_connection(int sfd)
766 struct sockaddr_in ci;
767 int len = sizeof(ci);
771 if(getpeername(sfd, &ci, &len) < 0)
773 syslog(LOG_ERR, _("Error: getpeername: %m"));
777 p->real_ip = ntohl(ci.sin_addr.s_addr);
778 p->hostname = hostlookup(ci.sin_addr.s_addr);
779 p->meta_socket = sfd;
782 p->last_ping_time = time(NULL);
786 syslog(LOG_NOTICE, _("Connection from %s port %d"),
787 p->hostname, htons(ci.sin_port));
789 if(send_basic_info(p) < 0)
799 put all file descriptors in an fd_set array
801 void build_fdset(fd_set *fs)
807 for(p = conn_list; p != NULL; p = p->next)
810 FD_SET(p->meta_socket, fs);
811 if(p->status.dataopen)
812 FD_SET(p->socket, fs);
815 FD_SET(myself->meta_socket, fs);
816 FD_SET(myself->socket, fs);
822 receive incoming data from the listening
823 udp socket and write it to the ethertap
824 device after being decrypted
826 int handle_incoming_vpn_data(conn_list_t *cl)
830 int x, l = sizeof(x);
833 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
835 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->socket);
840 syslog(LOG_ERR, _("Incoming data socket error: %s"), sys_errlist[x]);
845 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
848 syslog(LOG_ERR, _("Receiving packet from %s failed: %m"), cl->hostname);
851 total_socket_in += lenin;
853 rp.data.len = ntohs(rp.data.len);
854 rp.len = ntohs(rp.len);
855 rp.from = ntohl(rp.from);
859 f = lookup_conn(rp.from);
862 syslog(LOG_ERR, _("Got packet from " IP_ADDR_S " (%s) with unknown origin " IP_ADDR_S "?"),
863 IP_ADDR_V(cl->vpn_ip), cl->hostname, IP_ADDR_V(rp.from));
867 if(f->status.validkey)
871 add_queue(&(f->rq), &rp, rp.len);
872 if(!cl->status.waitingforkey)
873 send_key_request(rp.from);
876 if(my_key_expiry <= time(NULL))
884 terminate a connection and notify the other
885 end before closing the sockets
887 void terminate_connection(conn_list_t *cl)
892 if(cl->status.remove)
896 syslog(LOG_NOTICE, _("Closing connection with " IP_ADDR_S " (%s)"),
897 IP_ADDR_V(cl->vpn_ip), cl->hostname);
899 if(cl->status.timeout)
901 else if(!cl->status.termreq)
906 close(cl->meta_socket);
908 if(cl->status.outgoing)
910 signal(SIGALRM, sigalrm_handler);
911 seconds_till_retry = 5;
912 alarm(seconds_till_retry);
913 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
916 cl->status.remove = 1;
918 /* If this cl isn't active, don't send any DEL_HOSTs and don't bother
919 checking for other lost connections. */
920 if(!cl->status.active)
923 cl->status.active = 0;
926 /* Find all connections that were lost because they were behind cl
927 (the connection that was dropped). */
928 for(p = conn_list; p != NULL; p = p->next)
931 p->status.active = 0;
932 p->status.remove = 1;
936 /* Then send a notification about all these connections to all hosts
937 that are still connected to us. */
938 for(p = conn_list; p != NULL; p = p->next)
939 if(!p->status.remove && p->status.meta)
940 for(q = conn_list; q != NULL; q = q->next)
948 Check if the other end is active.
949 If we have sent packets, but didn't receive any,
950 then possibly the other end is dead. We send a
951 PING request over the meta connection. If the other
952 end does not reply in time, we consider them dead
953 and close the connection.
955 int check_dead_connections(void)
961 for(p = conn_list; p != NULL; p = p->next)
965 if(p->status.active && p->status.meta)
967 if(p->last_ping_time + timeout < now)
969 if(p->status.pinged && !p->status.got_pong)
972 syslog(LOG_INFO, _(IP_ADDR_S " (%s) didn't respond to ping"),
973 IP_ADDR_V(p->vpn_ip), p->hostname);
974 p->status.timeout = 1;
975 terminate_connection(p);
977 else if(p->want_ping)
980 p->last_ping_time = now;
981 p->status.pinged = 1;
982 p->status.got_pong = 0;
992 accept a new tcp connect and create a
995 int handle_new_meta_connection(conn_list_t *cl)
998 struct sockaddr client;
999 int nfd, len = sizeof(client);
1001 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1003 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1007 if((ncn = create_new_connection(nfd)) == NULL)
1011 syslog(LOG_NOTICE, _("Closed attempted connection"));
1015 ncn->status.meta = 1;
1016 ncn->next = conn_list;
1023 dispatch any incoming meta requests
1025 int handle_incoming_meta_data(conn_list_t *cl)
1027 int x, l = sizeof(x);
1028 int request, oldlen, i;
1031 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1033 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->meta_socket);
1038 syslog(LOG_ERR, _("Metadata socket error: %s"), sys_errlist[x]);
1042 if(cl->buflen >= MAXBUFSIZE)
1044 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1048 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1052 syslog(LOG_ERR, _("Metadata socket read error: %m"));
1056 oldlen = cl->buflen;
1057 cl->buflen += lenin;
1063 for(i = oldlen; i < cl->buflen; i++)
1065 if(cl->buffer[i] == '\n')
1067 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1076 syslog(LOG_DEBUG, _("Got request from " IP_ADDR_S " (%s): %s"),
1077 IP_ADDR_V(cl->vpn_ip), cl->hostname, cl->buffer);
1078 if(sscanf(cl->buffer, "%d", &request) == 1)
1080 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1082 syslog(LOG_ERR, _("Unknown request from " IP_ADDR_S " (%s)"),
1083 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1087 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1089 syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S " (%s)"),
1090 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1096 syslog(LOG_ERR, _("Bogus data received from " IP_ADDR_S " (%s)"),
1097 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1101 cl->buflen -= cl->reqlen;
1102 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1111 cl->last_ping_time = time(NULL);
1118 check all connections to see if anything
1119 happened on their sockets
1121 void check_network_activity(fd_set *f)
1124 int x, l = sizeof(x);
1126 for(p = conn_list; p != NULL; p = p->next)
1128 if(p->status.remove)
1131 if(p->status.dataopen)
1132 if(FD_ISSET(p->socket, f))
1135 The only thing that can happen to get us here is apparently an
1136 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1137 something that will not trigger an error directly on send()).
1138 I've once got here when it said `No route to host'.
1140 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1141 syslog(LOG_ERR, _("Outgoing data socket error: %s"), sys_errlist[x]);
1142 terminate_connection(p);
1147 if(FD_ISSET(p->meta_socket, f))
1148 if(handle_incoming_meta_data(p) < 0)
1150 terminate_connection(p);
1155 if(FD_ISSET(myself->socket, f))
1156 handle_incoming_vpn_data(myself);
1158 if(FD_ISSET(myself->meta_socket, f))
1159 handle_new_meta_connection(myself);
1164 read, encrypt and send data that is
1165 available through the ethertap device
1167 void handle_tap_input(void)
1171 int ether_type, lenin;
1173 memset(&vp, 0, sizeof(vp));
1174 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1176 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1180 total_tap_in += lenin;
1182 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1183 if(ether_type != 0x0800)
1186 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1187 ether_type, MAC_ADDR_V(vp.data[6]));
1194 syslog(LOG_INFO, _("Dropping short packet"));
1198 from = ntohl(*((unsigned long*)(&vp.data[26])));
1199 to = ntohl(*((unsigned long*)(&vp.data[30])));
1201 vp.len = (length_t)lenin - 2;
1203 strip_mac_addresses(&vp);
1205 send_packet(to, &vp);
1210 this is where it all happens...
1212 void main_loop(void)
1217 time_t last_ping_check;
1219 last_ping_check = time(NULL);
1223 tv.tv_sec = timeout;
1229 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1231 if(errno == EINTR) /* because of alarm */
1233 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1237 if(last_ping_check + timeout < time(NULL))
1238 /* Let's check if everybody is still alive */
1240 check_dead_connections();
1241 last_ping_check = time(NULL);
1245 check_network_activity(&fset);
1247 /* local tap data */
1248 if(FD_ISSET(tap_fd, &fset))