2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include "connection.h"
52 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
55 static void send_udppacket(node_t *, vpn_packet_t *);
57 unsigned replaywin = 16;
58 bool localdiscovery = false;
59 sockaddr_t localdiscovery_address;
61 #define MAX_SEQNO 1073741824
63 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
64 mtuprobes == 31: sleep pinginterval seconds
65 mtuprobes == 32: send 1 burst, sleep pingtimeout second
66 mtuprobes == 33: no response from other side, restart PMTU discovery process
68 Probes are sent in batches of at least three, with random sizes between the
69 lower and upper boundaries for the MTU thus far discovered.
71 After the initial discovery, a fourth packet is added to each batch with a
72 size larger than the currently known PMTU, to test if the PMTU has increased.
74 In case local discovery is enabled, another packet is added to each batch,
75 which will be broadcast to the local network.
79 static void send_mtu_probe_handler(void *data) {
85 if(!n->status.reachable || !n->status.validkey) {
86 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
91 if(n->mtuprobes > 32) {
94 timeout = pinginterval;
98 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
99 n->status.udp_confirmed = false;
105 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
106 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
110 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
111 if(n->minmtu > n->maxmtu)
112 n->minmtu = n->maxmtu;
114 n->maxmtu = n->minmtu;
116 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
120 if(n->mtuprobes == 31) {
121 timeout = pinginterval;
123 } else if(n->mtuprobes == 32) {
124 timeout = pingtimeout;
127 for(int i = 0; i < 4 + localdiscovery; i++) {
131 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
134 } else if(n->maxmtu <= n->minmtu) {
137 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
144 memset(packet.data, 0, 14);
145 randomize(packet.data + 14, len - 14);
147 if(i >= 4 && n->mtuprobes <= 10)
148 packet.priority = -1;
152 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
154 send_udppacket(n, &packet);
157 n->probe_counter = 0;
158 gettimeofday(&n->probe_time, NULL);
160 /* Calculate the packet loss of incoming traffic by comparing the rate of
161 packets received to the rate with which the sequence number has increased.
164 if(n->received > n->prev_received)
165 n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
167 n->packetloss = n->received_seqno <= n->prev_received_seqno;
169 n->prev_received_seqno = n->received_seqno;
170 n->prev_received = n->received;
173 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
176 void send_mtu_probe(node_t *n) {
177 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
178 send_mtu_probe_handler(n);
181 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
182 if(!packet->data[0]) {
183 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe request %d from %s (%s)", packet->len, n->name, n->hostname);
185 /* It's a probe request, send back a reply */
187 /* Type 2 probe replies were introduced in protocol 17.3 */
188 if ((n->options >> 24) == 3) {
189 uint8_t* data = packet->data;
191 uint16_t len16 = htons(len); memcpy(data, &len16, 2); data += 2;
193 gettimeofday(&now, NULL);
194 uint32_t sec = htonl(now.tv_sec); memcpy(data, &sec, 4); data += 4;
195 uint32_t usec = htonl(now.tv_usec); memcpy(data, &usec, 4); data += 4;
196 packet->len = data - packet->data;
198 /* Legacy protocol: n won't understand type 2 probe replies. */
202 /* Temporarily set udp_confirmed, so that the reply is sent
203 back exactly the way it came in. */
205 bool udp_confirmed = n->status.udp_confirmed;
206 n->status.udp_confirmed = true;
207 send_udppacket(n, packet);
208 n->status.udp_confirmed = udp_confirmed;
210 length_t probelen = len;
211 if (packet->data[0] == 2) {
213 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received invalid (too short) MTU probe reply from %s (%s)", n->name, n->hostname);
215 uint16_t probelen16; memcpy(&probelen16, packet->data + 1, 2); probelen = ntohs(probelen16);
218 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d MTU probe reply %d from %s (%s)", packet->data[0], probelen, n->name, n->hostname);
220 /* It's a valid reply: now we know bidirectional communication
221 is possible using the address and socket that the reply
224 n->status.udp_confirmed = true;
226 /* If we haven't established the PMTU yet, restart the discovery process. */
228 if(n->mtuprobes > 30) {
229 if (probelen == n->maxmtu + 8) {
230 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
242 /* If applicable, raise the minimum supported MTU */
244 if(probelen > n->maxmtu)
245 probelen = n->maxmtu;
246 if(n->minmtu < probelen)
247 n->minmtu = probelen;
249 /* Calculate RTT and bandwidth.
250 The RTT is the time between the MTU probe burst was sent and the first
251 reply is received. The bandwidth is measured using the time between the
252 arrival of the first and third probe reply (or type 2 probe requests).
255 struct timeval now, diff;
256 gettimeofday(&now, NULL);
257 timersub(&now, &n->probe_time, &diff);
259 struct timeval probe_timestamp = now;
260 if (packet->data[0] == 2 && packet->len >= 11) {
261 uint32_t sec; memcpy(&sec, packet->data + 3, 4);
262 uint32_t usec; memcpy(&usec, packet->data + 7, 4);
263 probe_timestamp.tv_sec = ntohl(sec);
264 probe_timestamp.tv_usec = ntohl(usec);
269 if(n->probe_counter == 1) {
270 n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
271 n->probe_time = probe_timestamp;
272 } else if(n->probe_counter == 3) {
273 struct timeval probe_timestamp_diff;
274 timersub(&probe_timestamp, &n->probe_time, &probe_timestamp_diff);
275 n->bandwidth = 2.0 * probelen / (probe_timestamp_diff.tv_sec + probe_timestamp_diff.tv_usec * 1e-6);
276 logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
281 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
283 memcpy(dest, source, len);
285 } else if(level == 10) {
287 lzo_uint lzolen = MAXSIZE;
288 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
293 } else if(level < 10) {
295 unsigned long destlen = MAXSIZE;
296 if(compress2(dest, &destlen, source, len, level) == Z_OK)
303 lzo_uint lzolen = MAXSIZE;
304 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
314 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
316 memcpy(dest, source, len);
318 } else if(level > 9) {
320 lzo_uint lzolen = MAXSIZE;
321 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
329 unsigned long destlen = MAXSIZE;
330 if(uncompress(dest, &destlen, source, len) == Z_OK)
342 static void receive_packet(node_t *n, vpn_packet_t *packet) {
343 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
344 packet->len, n->name, n->hostname);
347 n->in_bytes += packet->len;
352 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
354 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
356 if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest))
359 return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
362 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
363 vpn_packet_t pkt1, pkt2;
364 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
366 vpn_packet_t *outpkt = pkt[0];
369 if(n->status.sptps) {
370 if(!n->sptps.state) {
371 if(!n->status.waitingforkey) {
372 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
375 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
379 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
383 if(!cipher_active(n->incipher)) {
384 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
388 /* Check packet length */
390 if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) {
391 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
392 n->name, n->hostname);
396 /* Check the message authentication code */
398 if(digest_active(n->indigest)) {
399 inpkt->len -= digest_length(n->indigest);
400 if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
401 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
405 /* Decrypt the packet */
407 if(cipher_active(n->incipher)) {
408 outpkt = pkt[nextpkt++];
411 if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
412 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
416 outpkt->len = outlen;
420 /* Check the sequence number */
422 inpkt->len -= sizeof inpkt->seqno;
423 inpkt->seqno = ntohl(inpkt->seqno);
426 if(inpkt->seqno != n->received_seqno + 1) {
427 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
428 if(n->farfuture++ < replaywin >> 2) {
429 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
430 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
433 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
434 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
435 memset(n->late, 0, replaywin);
436 } else if (inpkt->seqno <= n->received_seqno) {
437 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
438 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
439 n->name, n->hostname, inpkt->seqno, n->received_seqno);
443 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
444 n->late[(i / 8) % replaywin] |= 1 << i % 8;
449 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
452 if(inpkt->seqno > n->received_seqno)
453 n->received_seqno = inpkt->seqno;
457 if(n->received_seqno > MAX_SEQNO)
460 /* Decompress the packet */
462 length_t origlen = inpkt->len;
464 if(n->incompression) {
465 outpkt = pkt[nextpkt++];
467 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
468 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
469 n->name, n->hostname);
475 origlen -= MTU/64 + 20;
480 if(!inpkt->data[12] && !inpkt->data[13])
481 mtu_probe_h(n, inpkt, origlen);
483 receive_packet(n, inpkt);
486 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
489 if(len > sizeof outpkt.data)
493 if(c->options & OPTION_TCPONLY)
496 outpkt.priority = -1;
497 memcpy(outpkt.data, buffer, len);
499 receive_packet(c->node, &outpkt);
502 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
503 if(!n->status.validkey) {
504 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
505 if(!n->status.waitingforkey)
507 else if(n->last_req_key + 10 < now.tv_sec) {
508 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
509 sptps_stop(&n->sptps);
510 n->status.waitingforkey = false;
519 if(!(origpkt->data[12] | origpkt->data[13])) {
520 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
524 if(routing_mode == RMODE_ROUTER)
529 if(origpkt->len < offset)
534 if(n->outcompression) {
535 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
537 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
538 } else if(len < origpkt->len - offset) {
539 outpkt.len = len + offset;
541 type |= PKT_COMPRESSED;
545 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
549 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
554 /* If the UDP address is confirmed, use it. */
555 if(n->status.udp_confirmed)
558 /* Send every third packet to n->address; that could be set
559 to the node's reflexive UDP address discovered during key
568 /* Otherwise, address are found in edges to this node.
569 So we pick a random edge and a random socket. */
572 int j = rand() % n->edge_tree->count;
573 edge_t *candidate = NULL;
575 for splay_each(edge_t, e, n->edge_tree) {
577 candidate = e->reverse;
583 *sa = &candidate->address;
584 *sock = rand() % listen_sockets;
587 /* Make sure we have a suitable socket for the chosen address */
588 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
589 for(int i = 0; i < listen_sockets; i++) {
590 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
598 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
599 static sockaddr_t broadcast_ipv4 = {
601 .sin_family = AF_INET,
602 .sin_addr.s_addr = -1,
606 static sockaddr_t broadcast_ipv6 = {
608 .sin6_family = AF_INET6,
609 .sin6_addr.s6_addr[0x0] = 0xff,
610 .sin6_addr.s6_addr[0x1] = 0x02,
611 .sin6_addr.s6_addr[0xf] = 0x01,
615 *sock = rand() % listen_sockets;
617 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
618 if(localdiscovery_address.sa.sa_family == AF_INET6) {
619 localdiscovery_address.in6.sin6_port = n->prevedge->address.in.sin_port;
620 *sa = &localdiscovery_address;
622 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
623 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
624 *sa = &broadcast_ipv6;
627 if(localdiscovery_address.sa.sa_family == AF_INET) {
628 localdiscovery_address.in.sin_port = n->prevedge->address.in.sin_port;
629 *sa = &localdiscovery_address;
631 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
632 *sa = &broadcast_ipv4;
637 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
638 vpn_packet_t pkt1, pkt2;
639 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
640 vpn_packet_t *inpkt = origpkt;
642 vpn_packet_t *outpkt;
643 int origlen = origpkt->len;
645 #if defined(SOL_IP) && defined(IP_TOS)
646 static int priority = 0;
648 int origpriority = origpkt->priority;
650 if(!n->status.reachable) {
651 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
656 return send_sptps_packet(n, origpkt);
658 /* Make sure we have a valid key */
660 if(!n->status.validkey) {
661 logger(DEBUG_TRAFFIC, LOG_INFO,
662 "No valid key known yet for %s (%s), forwarding via TCP",
663 n->name, n->hostname);
665 if(n->last_req_key + 10 <= now.tv_sec) {
667 n->last_req_key = now.tv_sec;
670 send_tcppacket(n->nexthop->connection, origpkt);
675 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
676 logger(DEBUG_TRAFFIC, LOG_INFO,
677 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
678 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
681 send_packet(n->nexthop, origpkt);
683 send_tcppacket(n->nexthop->connection, origpkt);
688 /* Compress the packet */
690 if(n->outcompression) {
691 outpkt = pkt[nextpkt++];
693 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
694 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
695 n->name, n->hostname);
702 /* Add sequence number */
704 inpkt->seqno = htonl(++(n->sent_seqno));
705 inpkt->len += sizeof inpkt->seqno;
707 /* Encrypt the packet */
709 if(cipher_active(n->outcipher)) {
710 outpkt = pkt[nextpkt++];
713 if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
714 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
718 outpkt->len = outlen;
722 /* Add the message authentication code */
724 if(digest_active(n->outdigest)) {
725 if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) {
726 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
730 inpkt->len += digest_length(n->outdigest);
733 /* Send the packet */
735 const sockaddr_t *sa;
738 /* Overloaded use of priority field: -1 means local broadcast */
740 if(origpriority == -1 && n->prevedge)
741 choose_broadcast_address(n, &sa, &sock);
743 choose_udp_address(n, &sa, &sock);
745 #if defined(SOL_IP) && defined(IP_TOS)
746 if(priorityinheritance && origpriority != priority
747 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
748 priority = origpriority;
749 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
750 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
751 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
755 if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
756 if(sockmsgsize(sockerrno)) {
757 if(n->maxmtu >= origlen)
758 n->maxmtu = origlen - 1;
759 if(n->mtu >= origlen)
760 n->mtu = origlen - 1;
762 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
766 origpkt->len = origlen;
769 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
772 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
774 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
775 char buf[len * 4 / 3 + 5];
776 b64encode(data, buf, len);
777 /* If no valid key is known yet, send the packets using ANS_KEY requests,
778 to ensure we get to learn the reflexive UDP address. */
779 if(!to->status.validkey) {
780 to->incompression = myself->incompression;
781 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, to->incompression);
783 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
787 /* Otherwise, send the packet via UDP */
789 const sockaddr_t *sa;
792 choose_udp_address(to, &sa, &sock);
794 if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
795 if(sockmsgsize(sockerrno)) {
796 if(to->maxmtu >= len)
797 to->maxmtu = len - 1;
801 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
809 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
810 node_t *from = handle;
812 if(type == SPTPS_HANDSHAKE) {
813 if(!from->status.validkey) {
814 from->status.validkey = true;
815 from->status.waitingforkey = false;
816 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
822 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
828 if(type == PKT_PROBE) {
830 memcpy(inpkt.data, data, len);
831 mtu_probe_h(from, &inpkt, len);
835 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
836 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
840 /* Check if we have the headers we need */
841 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
842 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
844 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
845 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
848 int offset = (type & PKT_MAC) ? 0 : 14;
849 if(type & PKT_COMPRESSED) {
850 length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
854 inpkt.len = ulen + offset;
856 if(inpkt.len > MAXSIZE)
859 memcpy(inpkt.data + offset, data, len);
860 inpkt.len = len + offset;
863 /* Generate the Ethernet packet type if necessary */
865 switch(inpkt.data[14] >> 4) {
867 inpkt.data[12] = 0x08;
868 inpkt.data[13] = 0x00;
871 inpkt.data[12] = 0x86;
872 inpkt.data[13] = 0xDD;
875 logger(DEBUG_TRAFFIC, LOG_ERR,
876 "Unknown IP version %d while reading packet from %s (%s)",
877 inpkt.data[14] >> 4, from->name, from->hostname);
882 receive_packet(from, &inpkt);
887 send a packet to the given vpn ip.
889 void send_packet(node_t *n, vpn_packet_t *packet) {
894 memcpy(packet->data, mymac.x, ETH_ALEN);
896 n->out_bytes += packet->len;
897 devops.write(packet);
901 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
902 packet->len, n->name, n->hostname);
904 if(!n->status.reachable) {
905 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
906 n->name, n->hostname);
911 n->out_bytes += packet->len;
913 if(n->status.sptps) {
914 send_sptps_packet(n, packet);
918 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
921 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
922 n->name, via->name, n->via->hostname);
924 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
925 if(!send_tcppacket(via->connection, packet))
926 terminate_connection(via->connection, true);
928 send_udppacket(via, packet);
931 /* Broadcast a packet using the minimum spanning tree */
933 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
934 // Always give ourself a copy of the packet.
936 send_packet(myself, packet);
938 // In TunnelServer mode, do not forward broadcast packets.
939 // The MST might not be valid and create loops.
940 if(tunnelserver || broadcast_mode == BMODE_NONE)
943 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
944 packet->len, from->name, from->hostname);
946 switch(broadcast_mode) {
947 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
948 // This guarantees all nodes receive the broadcast packet, and
949 // usually distributes the sending of broadcast packets over all nodes.
951 for list_each(connection_t, c, connection_list)
952 if(c->status.active && c->status.mst && c != from->nexthop->connection)
953 send_packet(c->node, packet);
956 // In direct mode, we send copies to each node we know of.
957 // However, this only reaches nodes that can be reached in a single hop.
958 // We don't have enough information to forward broadcast packets in this case.
963 for splay_each(node_t, n, node_tree)
964 if(n->status.reachable && n != myself && ((n->via == myself && n->nexthop == n) || n->via == n))
965 send_packet(n, packet);
973 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
976 static time_t last_hard_try = 0;
978 for splay_each(edge_t, e, edge_weight_tree) {
979 if(!e->to->status.reachable || e->to == myself)
982 if(sockaddrcmp_noport(from, &e->address)) {
983 if(last_hard_try == now.tv_sec)
988 if(!try_mac(e->to, pkt))
996 last_hard_try = now.tv_sec;
998 last_hard_try = now.tv_sec;
1002 void handle_incoming_vpn_data(void *data, int flags) {
1003 listen_socket_t *ls = data;
1006 sockaddr_t from = {{0}};
1007 socklen_t fromlen = sizeof from;
1011 len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
1013 if(len <= 0 || len > MAXSIZE) {
1014 if(!sockwouldblock(sockerrno))
1015 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1021 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
1023 n = lookup_node_udp(&from);
1026 n = try_harder(&from, &pkt);
1028 update_node_udp(n, &from);
1029 else if(debug_level >= DEBUG_PROTOCOL) {
1030 hostname = sockaddr2hostname(&from);
1031 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1039 n->sock = ls - listen_socket;
1041 receive_udppacket(n, &pkt);
1044 void handle_device_data(void *data, int flags) {
1045 vpn_packet_t packet;
1047 packet.priority = 0;
1049 if(devops.read(&packet)) {
1050 myself->in_packets++;
1051 myself->in_bytes += packet.len;
1052 route(myself, &packet);