2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include "connection.h"
50 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
53 static void send_udppacket(node_t *, vpn_packet_t *);
55 unsigned replaywin = 16;
56 bool localdiscovery = false;
57 sockaddr_t localdiscovery_address;
59 #define MAX_SEQNO 1073741824
61 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
62 mtuprobes == 31: sleep pinginterval seconds
63 mtuprobes == 32: send 1 burst, sleep pingtimeout second
64 mtuprobes == 33: no response from other side, restart PMTU discovery process
66 Probes are sent in batches of at least three, with random sizes between the
67 lower and upper boundaries for the MTU thus far discovered.
69 After the initial discovery, a fourth packet is added to each batch with a
70 size larger than the currently known PMTU, to test if the PMTU has increased.
72 In case local discovery is enabled, another packet is added to each batch,
73 which will be broadcast to the local network.
77 static void send_mtu_probe_handler(void *data) {
83 if(!n->status.reachable || !n->status.validkey) {
84 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
89 if(n->mtuprobes > 32) {
92 timeout = pinginterval;
96 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
97 n->status.udp_confirmed = false;
103 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
104 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
108 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
109 if(n->minmtu > n->maxmtu)
110 n->minmtu = n->maxmtu;
112 n->maxmtu = n->minmtu;
114 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
118 if(n->mtuprobes == 31) {
119 timeout = pinginterval;
121 } else if(n->mtuprobes == 32) {
122 timeout = pingtimeout;
125 for(int i = 0; i < 4 + localdiscovery; i++) {
129 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
132 } else if(n->maxmtu <= n->minmtu) {
135 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
142 memset(packet.data, 0, 14);
143 randomize(packet.data + 14, len - 14);
146 n->status.broadcast = i >= 4 && n->mtuprobes <= 10 && n->prevedge;
148 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
150 send_udppacket(n, &packet);
153 n->status.broadcast = false;
154 n->probe_counter = 0;
155 gettimeofday(&n->probe_time, NULL);
157 /* Calculate the packet loss of incoming traffic by comparing the rate of
158 packets received to the rate with which the sequence number has increased.
161 if(n->received > n->prev_received)
162 n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
164 n->packetloss = n->received_seqno <= n->prev_received_seqno;
166 n->prev_received_seqno = n->received_seqno;
167 n->prev_received = n->received;
170 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
173 void send_mtu_probe(node_t *n) {
174 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
175 send_mtu_probe_handler(n);
178 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
179 if(!packet->data[0]) {
180 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe request %d from %s (%s)", packet->len, n->name, n->hostname);
182 /* It's a probe request, send back a reply */
184 /* Type 2 probe replies were introduced in protocol 17.3 */
185 if ((n->options >> 24) == 3) {
186 uint8_t* data = packet->data;
188 uint16_t len16 = htons(len); memcpy(data, &len16, 2); data += 2;
190 gettimeofday(&now, NULL);
191 uint32_t sec = htonl(now.tv_sec); memcpy(data, &sec, 4); data += 4;
192 uint32_t usec = htonl(now.tv_usec); memcpy(data, &usec, 4); data += 4;
193 packet->len = data - packet->data;
195 /* Legacy protocol: n won't understand type 2 probe replies. */
199 /* Temporarily set udp_confirmed, so that the reply is sent
200 back exactly the way it came in. */
202 bool udp_confirmed = n->status.udp_confirmed;
203 n->status.udp_confirmed = true;
204 send_udppacket(n, packet);
205 n->status.udp_confirmed = udp_confirmed;
207 length_t probelen = len;
208 if (packet->data[0] == 2) {
210 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received invalid (too short) MTU probe reply from %s (%s)", n->name, n->hostname);
212 uint16_t probelen16; memcpy(&probelen16, packet->data + 1, 2); probelen = ntohs(probelen16);
215 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d MTU probe reply %d from %s (%s)", packet->data[0], probelen, n->name, n->hostname);
217 /* It's a valid reply: now we know bidirectional communication
218 is possible using the address and socket that the reply
221 n->status.udp_confirmed = true;
223 /* If we haven't established the PMTU yet, restart the discovery process. */
225 if(n->mtuprobes > 30) {
226 if (probelen == n->maxmtu + 8) {
227 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
239 /* If applicable, raise the minimum supported MTU */
241 if(probelen > n->maxmtu)
242 probelen = n->maxmtu;
243 if(n->minmtu < probelen)
244 n->minmtu = probelen;
246 /* Calculate RTT and bandwidth.
247 The RTT is the time between the MTU probe burst was sent and the first
248 reply is received. The bandwidth is measured using the time between the
249 arrival of the first and third probe reply (or type 2 probe requests).
252 struct timeval now, diff;
253 gettimeofday(&now, NULL);
254 timersub(&now, &n->probe_time, &diff);
256 struct timeval probe_timestamp = now;
257 if (packet->data[0] == 2 && packet->len >= 11) {
258 uint32_t sec; memcpy(&sec, packet->data + 3, 4);
259 uint32_t usec; memcpy(&usec, packet->data + 7, 4);
260 probe_timestamp.tv_sec = ntohl(sec);
261 probe_timestamp.tv_usec = ntohl(usec);
266 if(n->probe_counter == 1) {
267 n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
268 n->probe_time = probe_timestamp;
269 } else if(n->probe_counter == 3) {
270 struct timeval probe_timestamp_diff;
271 timersub(&probe_timestamp, &n->probe_time, &probe_timestamp_diff);
272 n->bandwidth = 2.0 * probelen / (probe_timestamp_diff.tv_sec + probe_timestamp_diff.tv_usec * 1e-6);
273 logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
278 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
280 memcpy(dest, source, len);
282 } else if(level == 10) {
284 lzo_uint lzolen = MAXSIZE;
285 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
290 } else if(level < 10) {
292 unsigned long destlen = MAXSIZE;
293 if(compress2(dest, &destlen, source, len, level) == Z_OK)
300 lzo_uint lzolen = MAXSIZE;
301 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
311 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
313 memcpy(dest, source, len);
315 } else if(level > 9) {
317 lzo_uint lzolen = MAXSIZE;
318 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
326 unsigned long destlen = MAXSIZE;
327 if(uncompress(dest, &destlen, source, len) == Z_OK)
339 static void receive_packet(node_t *n, vpn_packet_t *packet) {
340 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
341 packet->len, n->name, n->hostname);
344 n->in_bytes += packet->len;
349 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
351 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
353 if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest))
356 return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
359 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
360 vpn_packet_t pkt1, pkt2;
361 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
363 vpn_packet_t *outpkt = pkt[0];
366 if(n->status.sptps) {
367 if(!n->sptps.state) {
368 if(!n->status.waitingforkey) {
369 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
372 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
376 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
380 if(!cipher_active(n->incipher)) {
381 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
385 /* Check packet length */
387 if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) {
388 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
389 n->name, n->hostname);
393 /* Check the message authentication code */
395 if(digest_active(n->indigest)) {
396 inpkt->len -= digest_length(n->indigest);
397 if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
398 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
402 /* Decrypt the packet */
404 if(cipher_active(n->incipher)) {
405 outpkt = pkt[nextpkt++];
408 if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
409 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
413 outpkt->len = outlen;
417 /* Check the sequence number */
419 inpkt->len -= sizeof inpkt->seqno;
420 inpkt->seqno = ntohl(inpkt->seqno);
423 if(inpkt->seqno != n->received_seqno + 1) {
424 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
425 if(n->farfuture++ < replaywin >> 2) {
426 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
427 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
430 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
431 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
432 memset(n->late, 0, replaywin);
433 } else if (inpkt->seqno <= n->received_seqno) {
434 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
435 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
436 n->name, n->hostname, inpkt->seqno, n->received_seqno);
440 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
441 n->late[(i / 8) % replaywin] |= 1 << i % 8;
446 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
449 if(inpkt->seqno > n->received_seqno)
450 n->received_seqno = inpkt->seqno;
454 if(n->received_seqno > MAX_SEQNO)
457 /* Decompress the packet */
459 length_t origlen = inpkt->len;
461 if(n->incompression) {
462 outpkt = pkt[nextpkt++];
464 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
465 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
466 n->name, n->hostname);
472 origlen -= MTU/64 + 20;
477 if(!inpkt->data[12] && !inpkt->data[13])
478 mtu_probe_h(n, inpkt, origlen);
480 receive_packet(n, inpkt);
483 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
486 if(len > sizeof outpkt.data)
490 if(c->options & OPTION_TCPONLY)
493 outpkt.priority = -1;
494 memcpy(outpkt.data, buffer, len);
496 receive_packet(c->node, &outpkt);
499 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
500 if(!n->status.validkey) {
501 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
502 if(!n->status.waitingforkey)
504 else if(n->last_req_key + 10 < now.tv_sec) {
505 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
506 sptps_stop(&n->sptps);
507 n->status.waitingforkey = false;
516 if(!(origpkt->data[12] | origpkt->data[13])) {
517 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
521 if(routing_mode == RMODE_ROUTER)
526 if(origpkt->len < offset)
531 if(n->outcompression) {
532 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
534 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
535 } else if(len < origpkt->len - offset) {
536 outpkt.len = len + offset;
538 type |= PKT_COMPRESSED;
542 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
546 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
551 /* If the UDP address is confirmed, use it. */
552 if(n->status.udp_confirmed)
555 /* Send every third packet to n->address; that could be set
556 to the node's reflexive UDP address discovered during key
565 /* Otherwise, address are found in edges to this node.
566 So we pick a random edge and a random socket. */
569 int j = rand() % n->edge_tree->count;
570 edge_t *candidate = NULL;
572 for splay_each(edge_t, e, n->edge_tree) {
574 candidate = e->reverse;
580 *sa = &candidate->address;
581 *sock = rand() % listen_sockets;
584 /* Make sure we have a suitable socket for the chosen address */
585 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
586 for(int i = 0; i < listen_sockets; i++) {
587 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
595 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
596 static sockaddr_t broadcast_ipv4 = {
598 .sin_family = AF_INET,
599 .sin_addr.s_addr = -1,
603 static sockaddr_t broadcast_ipv6 = {
605 .sin6_family = AF_INET6,
606 .sin6_addr.s6_addr[0x0] = 0xff,
607 .sin6_addr.s6_addr[0x1] = 0x02,
608 .sin6_addr.s6_addr[0xf] = 0x01,
612 *sock = rand() % listen_sockets;
614 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
615 if(localdiscovery_address.sa.sa_family == AF_INET6) {
616 localdiscovery_address.in6.sin6_port = n->prevedge->address.in.sin_port;
617 *sa = &localdiscovery_address;
619 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
620 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
621 *sa = &broadcast_ipv6;
624 if(localdiscovery_address.sa.sa_family == AF_INET) {
625 localdiscovery_address.in.sin_port = n->prevedge->address.in.sin_port;
626 *sa = &localdiscovery_address;
628 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
629 *sa = &broadcast_ipv4;
634 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
635 vpn_packet_t pkt1, pkt2;
636 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
637 vpn_packet_t *inpkt = origpkt;
639 vpn_packet_t *outpkt;
640 int origlen = origpkt->len;
642 #if defined(SOL_IP) && defined(IP_TOS)
643 static int priority = 0;
645 int origpriority = origpkt->priority;
647 if(!n->status.reachable) {
648 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
653 return send_sptps_packet(n, origpkt);
655 /* Make sure we have a valid key */
657 if(!n->status.validkey) {
658 logger(DEBUG_TRAFFIC, LOG_INFO,
659 "No valid key known yet for %s (%s), forwarding via TCP",
660 n->name, n->hostname);
662 if(n->last_req_key + 10 <= now.tv_sec) {
664 n->last_req_key = now.tv_sec;
667 send_tcppacket(n->nexthop->connection, origpkt);
672 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
673 logger(DEBUG_TRAFFIC, LOG_INFO,
674 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
675 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
678 send_packet(n->nexthop, origpkt);
680 send_tcppacket(n->nexthop->connection, origpkt);
685 /* Compress the packet */
687 if(n->outcompression) {
688 outpkt = pkt[nextpkt++];
690 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
691 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
692 n->name, n->hostname);
699 /* Add sequence number */
701 inpkt->seqno = htonl(++(n->sent_seqno));
702 inpkt->len += sizeof inpkt->seqno;
704 /* Encrypt the packet */
706 if(cipher_active(n->outcipher)) {
707 outpkt = pkt[nextpkt++];
710 if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
711 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
715 outpkt->len = outlen;
719 /* Add the message authentication code */
721 if(digest_active(n->outdigest)) {
722 if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) {
723 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
727 inpkt->len += digest_length(n->outdigest);
730 /* Send the packet */
732 const sockaddr_t *sa;
735 if(n->status.broadcast)
736 choose_broadcast_address(n, &sa, &sock);
738 choose_udp_address(n, &sa, &sock);
740 #if defined(SOL_IP) && defined(IP_TOS)
741 if(priorityinheritance && origpriority != priority
742 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
743 priority = origpriority;
744 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
745 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
746 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
750 if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
751 if(sockmsgsize(sockerrno)) {
752 if(n->maxmtu >= origlen)
753 n->maxmtu = origlen - 1;
754 if(n->mtu >= origlen)
755 n->mtu = origlen - 1;
757 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
761 origpkt->len = origlen;
764 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
767 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
769 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
770 char buf[len * 4 / 3 + 5];
771 b64encode(data, buf, len);
772 /* If no valid key is known yet, send the packets using ANS_KEY requests,
773 to ensure we get to learn the reflexive UDP address. */
774 if(!to->status.validkey) {
775 to->incompression = myself->incompression;
776 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, to->incompression);
778 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
782 /* Otherwise, send the packet via UDP */
784 const sockaddr_t *sa;
787 if(to->status.broadcast)
788 choose_broadcast_address(to, &sa, &sock);
790 choose_udp_address(to, &sa, &sock);
792 if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
793 if(sockmsgsize(sockerrno)) {
794 if(to->maxmtu >= len)
795 to->maxmtu = len - 1;
799 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
807 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
808 node_t *from = handle;
810 if(type == SPTPS_HANDSHAKE) {
811 if(!from->status.validkey) {
812 from->status.validkey = true;
813 from->status.waitingforkey = false;
814 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
820 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
826 if(type == PKT_PROBE) {
828 memcpy(inpkt.data, data, len);
829 mtu_probe_h(from, &inpkt, len);
833 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
834 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
838 /* Check if we have the headers we need */
839 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
840 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
842 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
843 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
846 int offset = (type & PKT_MAC) ? 0 : 14;
847 if(type & PKT_COMPRESSED) {
848 length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
852 inpkt.len = ulen + offset;
854 if(inpkt.len > MAXSIZE)
857 memcpy(inpkt.data + offset, data, len);
858 inpkt.len = len + offset;
861 /* Generate the Ethernet packet type if necessary */
863 switch(inpkt.data[14] >> 4) {
865 inpkt.data[12] = 0x08;
866 inpkt.data[13] = 0x00;
869 inpkt.data[12] = 0x86;
870 inpkt.data[13] = 0xDD;
873 logger(DEBUG_TRAFFIC, LOG_ERR,
874 "Unknown IP version %d while reading packet from %s (%s)",
875 inpkt.data[14] >> 4, from->name, from->hostname);
880 receive_packet(from, &inpkt);
885 send a packet to the given vpn ip.
887 void send_packet(node_t *n, vpn_packet_t *packet) {
892 memcpy(packet->data, mymac.x, ETH_ALEN);
894 n->out_bytes += packet->len;
895 // TODO: send to application
899 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
900 packet->len, n->name, n->hostname);
902 if(!n->status.reachable) {
903 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
904 n->name, n->hostname);
909 n->out_bytes += packet->len;
911 if(n->status.sptps) {
912 send_sptps_packet(n, packet);
916 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
919 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
920 n->name, via->name, n->via->hostname);
922 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
923 if(!send_tcppacket(via->connection, packet))
924 terminate_connection(via->connection, true);
926 send_udppacket(via, packet);
929 /* Broadcast a packet using the minimum spanning tree */
931 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
932 // Always give ourself a copy of the packet.
934 send_packet(myself, packet);
936 // In TunnelServer mode, do not forward broadcast packets.
937 // The MST might not be valid and create loops.
938 if(tunnelserver || broadcast_mode == BMODE_NONE)
941 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
942 packet->len, from->name, from->hostname);
944 switch(broadcast_mode) {
945 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
946 // This guarantees all nodes receive the broadcast packet, and
947 // usually distributes the sending of broadcast packets over all nodes.
949 for list_each(connection_t, c, connection_list)
950 if(c->status.active && c->status.mst && c != from->nexthop->connection)
951 send_packet(c->node, packet);
954 // In direct mode, we send copies to each node we know of.
955 // However, this only reaches nodes that can be reached in a single hop.
956 // We don't have enough information to forward broadcast packets in this case.
961 for splay_each(node_t, n, node_tree)
962 if(n->status.reachable && n != myself && ((n->via == myself && n->nexthop == n) || n->via == n))
963 send_packet(n, packet);
971 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
974 static time_t last_hard_try = 0;
976 for splay_each(edge_t, e, edge_weight_tree) {
977 if(!e->to->status.reachable || e->to == myself)
980 if(sockaddrcmp_noport(from, &e->address)) {
981 if(last_hard_try == now.tv_sec)
986 if(!try_mac(e->to, pkt))
994 last_hard_try = now.tv_sec;
996 last_hard_try = now.tv_sec;
1000 void handle_incoming_vpn_data(void *data, int flags) {
1001 listen_socket_t *ls = data;
1004 sockaddr_t from = {{0}};
1005 socklen_t fromlen = sizeof from;
1009 len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
1011 if(len <= 0 || len > MAXSIZE) {
1012 if(!sockwouldblock(sockerrno))
1013 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1019 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
1021 n = lookup_node_udp(&from);
1024 n = try_harder(&from, &pkt);
1026 update_node_udp(n, &from);
1027 else if(debug_level >= DEBUG_PROTOCOL) {
1028 hostname = sockaddr2hostname(&from);
1029 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1037 n->sock = ls - listen_socket;
1039 receive_udppacket(n, &pkt);