2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.60 2000/11/04 11:49:57 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 #include <openssl/rand.h>
43 #include <openssl/evp.h>
44 #include <openssl/err.h>
47 #include LINUX_IF_TUN_H
64 int taptype = TAP_TYPE_ETHERTAP;
66 int total_tap_out = 0;
67 int total_socket_in = 0;
68 int total_socket_out = 0;
70 config_t *upstreamcfg;
71 static int seconds_till_retry;
77 char *interface_name = NULL; /* Contains the name of the interface */
82 Execute the given script.
83 This function doesn't really belong here.
85 int execute_script(const char* name)
90 extern char **environment; /* From tincd.c; contains our env */
92 asprintf(&scriptname, "%s/%s", confbase, name);
94 if((pid = fork()) < 0)
96 syslog(LOG_ERR, _("System call `%s' failed: %m"),
109 env = xmalloc(sizeof(environment) + 1 * sizeof(char*));
110 memcpy(&(env[1]), environment, sizeof(environment));
111 asprintf(&(env[0]), "IFNAME=%s", interface_name);
112 execle(scriptname, NULL, env);
113 /* No return on success */
115 if(errno != ENOENT) /* Ignore if the file does not exist */
116 syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname);
118 /* No need to free things */
122 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
128 outpkt.len = inpkt->len;
130 /* Encrypt the packet */
132 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
133 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
134 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
135 outlen += outpad + 2;
138 outlen = outpkt.len + 2;
139 memcpy(&outpkt, inpkt, outlen);
142 if(debug_lvl >= DEBUG_TRAFFIC)
143 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
144 outlen, cl->name, cl->hostname);
146 total_socket_out += outlen;
150 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
152 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
153 cl->name, cl->hostname);
160 int xrecv(vpn_packet_t *inpkt)
166 outpkt.len = inpkt->len;
168 /* Decrypt the packet */
170 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
171 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
172 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
176 outlen = outpkt.len+2;
177 memcpy(&outpkt, inpkt, outlen);
180 if(debug_lvl >= DEBUG_TRAFFIC)
181 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
184 /* Fix mac address */
186 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
188 if(taptype == TAP_TYPE_TUNTAP)
190 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
191 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
193 total_tap_out += outpkt.len;
197 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
198 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
200 total_tap_out += outpkt.len + 2;
207 add the given packet of size s to the
208 queue q, be it the send or receive queue
210 void add_queue(packet_queue_t **q, void *packet, size_t s)
214 e = xmalloc(sizeof(*e));
215 e->packet = xmalloc(s);
216 memcpy(e->packet, packet, s);
220 *q = xmalloc(sizeof(**q));
221 (*q)->head = (*q)->tail = NULL;
224 e->next = NULL; /* We insert at the tail */
226 if((*q)->tail) /* Do we have a tail? */
228 (*q)->tail->next = e;
229 e->prev = (*q)->tail;
231 else /* No tail -> no head too */
241 /* Remove a queue element */
242 void del_queue(packet_queue_t **q, queue_element_t *e)
247 if(e->next) /* There is a successor, so we are not tail */
249 if(e->prev) /* There is a predecessor, so we are not head */
251 e->next->prev = e->prev;
252 e->prev->next = e->next;
254 else /* We are head */
256 e->next->prev = NULL;
257 (*q)->head = e->next;
260 else /* We are tail (or all alone!) */
262 if(e->prev) /* We are not alone :) */
264 e->prev->next = NULL;
265 (*q)->tail = e->prev;
279 flush a queue by calling function for
280 each packet, and removing it when that
281 returned a zero exit code
283 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
284 int (*function)(conn_list_t*,void*))
286 queue_element_t *p, *next = NULL;
288 for(p = (*pq)->head; p != NULL; )
292 if(!function(cl, p->packet))
298 if(debug_lvl >= DEBUG_TRAFFIC)
299 syslog(LOG_DEBUG, _("Queue flushed"));
304 flush the send&recv queues
305 void because nothing goes wrong here, packets
306 remain in the queue if something goes wrong
308 void flush_queues(conn_list_t *cl)
313 if(debug_lvl >= DEBUG_TRAFFIC)
314 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
315 cl->name, cl->hostname);
316 flush_queue(cl, &(cl->sq), xsend);
321 if(debug_lvl >= DEBUG_TRAFFIC)
322 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
323 cl->name, cl->hostname);
324 flush_queue(cl, &(cl->rq), xrecv);
330 send a packet to the given vpn ip.
332 int send_packet(ip_t to, vpn_packet_t *packet)
337 if((subnet = lookup_subnet_ipv4(to)) == NULL)
339 if(debug_lvl >= DEBUG_TRAFFIC)
341 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
350 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
352 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
354 if(!cl->status.dataopen)
355 if(setup_vpn_connection(cl) < 0)
357 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
358 cl->name, cl->hostname);
362 if(!cl->status.validkey)
364 /* FIXME: Don't queue until everything else is fixed.
365 if(debug_lvl >= DEBUG_TRAFFIC)
366 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
367 cl->name, cl->hostname);
368 add_queue(&(cl->sq), packet, packet->len + 2);
370 if(!cl->status.waitingforkey)
371 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
375 if(!cl->status.active)
377 /* FIXME: Don't queue until everything else is fixed.
378 if(debug_lvl >= DEBUG_TRAFFIC)
379 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
380 cl->name, cl->hostname);
381 add_queue(&(cl->sq), packet, packet->len + 2);
383 return 0; /* We don't want to mess up, do we? */
386 /* can we send it? can we? can we? huh? */
388 return xsend(cl, packet);
392 open the local ethertap device
394 int setup_tap_fd(void)
397 const char *tapfname;
402 if((cfg = get_config_val(config, tapdevice)))
403 tapfname = cfg->data.ptr;
406 tapfname = "/dev/misc/net/tun";
408 tapfname = "/dev/tap0";
411 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
413 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
419 /* Set default MAC address for ethertap devices */
421 taptype = TAP_TYPE_ETHERTAP;
422 mymac.type = SUBNET_MAC;
423 mymac.net.mac.address.x[0] = 0xfe;
424 mymac.net.mac.address.x[1] = 0xfd;
425 mymac.net.mac.address.x[2] = 0x00;
426 mymac.net.mac.address.x[3] = 0x00;
427 mymac.net.mac.address.x[4] = 0x00;
428 mymac.net.mac.address.x[5] = 0x00;
431 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
432 memset(&ifr, 0, sizeof(ifr));
434 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
436 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
438 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
440 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
441 taptype = TAP_TYPE_TUNTAP;
445 /* Add name of network interface to environment (for scripts) */
447 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
448 interface_name = xmalloc(strlen(ifr.ifr_name));
449 strcpy(interface_name, ifr.ifr_name);
456 set up the socket that we listen on for incoming
459 int setup_listen_meta_socket(int port)
462 struct sockaddr_in a;
466 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
468 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
472 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
474 syslog(LOG_ERR, _("System call `%s' failed: %m"),
479 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
481 syslog(LOG_ERR, _("System call `%s' failed: %m"),
486 flags = fcntl(nfd, F_GETFL);
487 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
489 syslog(LOG_ERR, _("System call `%s' failed: %m"),
494 if((cfg = get_config_val(config, interface)))
496 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
498 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
503 memset(&a, 0, sizeof(a));
504 a.sin_family = AF_INET;
505 a.sin_port = htons(port);
507 if((cfg = get_config_val(config, interfaceip)))
508 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
510 a.sin_addr.s_addr = htonl(INADDR_ANY);
512 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
514 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
520 syslog(LOG_ERR, _("System call `%s' failed: %m"),
529 setup the socket for incoming encrypted
532 int setup_vpn_in_socket(int port)
535 struct sockaddr_in a;
538 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
540 syslog(LOG_ERR, _("Creating socket failed: %m"));
544 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
546 syslog(LOG_ERR, _("System call `%s' failed: %m"),
551 flags = fcntl(nfd, F_GETFL);
552 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
554 syslog(LOG_ERR, _("System call `%s' failed: %m"),
559 memset(&a, 0, sizeof(a));
560 a.sin_family = AF_INET;
561 a.sin_port = htons(port);
562 a.sin_addr.s_addr = htonl(INADDR_ANY);
564 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
566 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
574 setup an outgoing meta (tcp) socket
576 int setup_outgoing_meta_socket(conn_list_t *cl)
579 struct sockaddr_in a;
582 if(debug_lvl >= DEBUG_CONNECTIONS)
583 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
585 if((cfg = get_config_val(cl->config, port)) == NULL)
588 cl->port = cfg->data.val;
590 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
591 if(cl->meta_socket == -1)
593 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
594 cl->hostname, cl->port);
598 a.sin_family = AF_INET;
599 a.sin_port = htons(cl->port);
600 a.sin_addr.s_addr = htonl(cl->address);
602 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
604 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
608 flags = fcntl(cl->meta_socket, F_GETFL);
609 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
611 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
612 cl->hostname, cl->port);
616 if(debug_lvl >= DEBUG_CONNECTIONS)
617 syslog(LOG_INFO, _("Connected to %s port %hd"),
618 cl->hostname, cl->port);
626 setup an outgoing connection. It's not
627 necessary to also open an udp socket as
628 well, because the other host will initiate
629 an authentication sequence during which
630 we will do just that.
632 int setup_outgoing_connection(char *name)
640 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
644 ncn = new_conn_list();
645 asprintf(&ncn->name, "%s", name);
647 if(read_host_config(ncn))
649 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
654 if(!(cfg = get_config_val(ncn->config, address)))
656 syslog(LOG_ERR, _("No address specified for %s"));
661 if(!(h = gethostbyname(cfg->data.ptr)))
663 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
668 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
669 ncn->hostname = hostlookup(htonl(ncn->address));
671 if(setup_outgoing_meta_socket(ncn) < 0)
673 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
679 ncn->status.outgoing = 1;
680 ncn->buffer = xmalloc(MAXBUFSIZE);
682 ncn->last_ping_time = time(NULL);
693 Configure conn_list_t myself and set up the local sockets (listen only)
695 int setup_myself(void)
700 myself = new_conn_list();
702 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
704 myself->protocol_version = PROT_CURRENT;
706 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
708 syslog(LOG_ERR, _("Name for tinc daemon required!"));
712 asprintf(&myself->name, "%s", (char*)cfg->data.val);
714 if(check_id(myself->name))
716 syslog(LOG_ERR, _("Invalid name for myself!"));
720 if(!(cfg = get_config_val(config, privatekey)))
722 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
727 myself->rsa_key = RSA_new();
728 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
729 BN_hex2bn(&myself->rsa_key->e, "FFFF");
732 if(read_host_config(myself))
734 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
738 if(!(cfg = get_config_val(myself->config, publickey)))
740 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
745 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
748 if(RSA_check_key(myself->rsa_key) != 1)
750 syslog(LOG_ERR, _("Invalid public/private keypair!"));
754 if(!(cfg = get_config_val(myself->config, port)))
757 myself->port = cfg->data.val;
759 if((cfg = get_config_val(myself->config, indirectdata)))
760 if(cfg->data.val == stupid_true)
761 myself->flags |= EXPORTINDIRECTDATA;
763 if((cfg = get_config_val(myself->config, tcponly)))
764 if(cfg->data.val == stupid_true)
765 myself->flags |= TCPONLY;
767 /* Read in all the subnets specified in the host configuration file */
769 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
772 net->type = SUBNET_IPV4;
773 net->net.ipv4.address = cfg->data.ip->address;
774 net->net.ipv4.mask = cfg->data.ip->mask;
776 /* Teach newbies what subnets are... */
778 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
780 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
784 subnet_add(myself, net);
787 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
789 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
793 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
795 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
796 close(myself->meta_socket);
800 /* Generate packet encryption key */
802 myself->cipher_pkttype = EVP_bf_cfb();
804 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
806 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
807 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
809 if(!(cfg = get_config_val(config, keyexpire)))
812 keylifetime = cfg->data.val;
814 keyexpires = time(NULL) + keylifetime;
816 /* Activate ourselves */
818 myself->status.active = 1;
820 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
826 sigalrm_handler(int a)
830 cfg = get_config_val(upstreamcfg, connectto);
832 if(!cfg && upstreamcfg == config)
833 /* No upstream IP given, we're listen only. */
838 upstreamcfg = cfg->next;
839 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
841 signal(SIGALRM, SIG_IGN);
844 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
847 signal(SIGALRM, sigalrm_handler);
848 upstreamcfg = config;
849 seconds_till_retry += 5;
850 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
851 seconds_till_retry = MAXTIMEOUT;
852 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
854 alarm(seconds_till_retry);
859 setup all initial network connections
861 int setup_network_connections(void)
865 if((cfg = get_config_val(config, pingtimeout)) == NULL)
868 timeout = cfg->data.val;
870 if(setup_tap_fd() < 0)
873 if(setup_myself() < 0)
876 /* Run tinc-up script to further initialize the tap interface */
877 execute_script("tinc-up");
879 if(!(cfg = get_config_val(config, connectto)))
880 /* No upstream IP given, we're listen only. */
885 upstreamcfg = cfg->next;
886 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
888 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
891 signal(SIGALRM, sigalrm_handler);
892 upstreamcfg = config;
893 seconds_till_retry = MAXTIMEOUT;
894 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
895 alarm(seconds_till_retry);
901 close all open network connections
903 void close_network_connections(void)
907 for(p = conn_list; p != NULL; p = p->next)
909 p->status.active = 0;
910 terminate_connection(p);
914 if(myself->status.active)
916 close(myself->meta_socket);
917 close(myself->socket);
918 free_conn_list(myself);
924 /* Execute tinc-down script right after shutting down the interface */
925 execute_script("tinc-down");
929 syslog(LOG_NOTICE, _("Terminating"));
935 create a data (udp) socket
937 int setup_vpn_connection(conn_list_t *cl)
940 struct sockaddr_in a;
942 if(debug_lvl >= DEBUG_TRAFFIC)
943 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
945 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
948 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
952 a.sin_family = AF_INET;
953 a.sin_port = htons(cl->port);
954 a.sin_addr.s_addr = htonl(cl->address);
956 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
958 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
959 cl->hostname, cl->port);
963 flags = fcntl(nfd, F_GETFL);
964 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
966 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
967 cl->name, cl->hostname);
972 cl->status.dataopen = 1;
978 handle an incoming tcp connect call and open
981 conn_list_t *create_new_connection(int sfd)
984 struct sockaddr_in ci;
985 int len = sizeof(ci);
989 if(getpeername(sfd, &ci, &len) < 0)
991 syslog(LOG_ERR, _("System call `%s' failed: %m"),
997 p->address = ntohl(ci.sin_addr.s_addr);
998 p->hostname = hostlookup(ci.sin_addr.s_addr);
999 p->meta_socket = sfd;
1001 p->buffer = xmalloc(MAXBUFSIZE);
1003 p->last_ping_time = time(NULL);
1006 if(debug_lvl >= DEBUG_CONNECTIONS)
1007 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1008 p->hostname, htons(ci.sin_port));
1010 p->allow_request = ID;
1016 put all file descriptors in an fd_set array
1018 void build_fdset(fd_set *fs)
1024 for(p = conn_list; p != NULL; p = p->next)
1027 FD_SET(p->meta_socket, fs);
1028 if(p->status.dataopen)
1029 FD_SET(p->socket, fs);
1032 FD_SET(myself->meta_socket, fs);
1033 FD_SET(myself->socket, fs);
1039 receive incoming data from the listening
1040 udp socket and write it to the ethertap
1041 device after being decrypted
1043 int handle_incoming_vpn_data()
1046 int x, l = sizeof(x);
1047 struct sockaddr from;
1049 socklen_t fromlen = sizeof(from);
1051 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1053 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1054 __FILE__, __LINE__, myself->socket);
1059 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1063 if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen)) <= 0)
1065 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1069 if(debug_lvl >= DEBUG_TRAFFIC)
1071 syslog(LOG_DEBUG, _("Received packet of %d bytes"), lenin);
1079 terminate a connection and notify the other
1080 end before closing the sockets
1082 void terminate_connection(conn_list_t *cl)
1087 if(cl->status.remove)
1090 cl->status.remove = 1;
1092 if(debug_lvl >= DEBUG_CONNECTIONS)
1093 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1094 cl->name, cl->hostname);
1099 close(cl->meta_socket);
1102 /* Find all connections that were lost because they were behind cl
1103 (the connection that was dropped). */
1106 for(p = conn_list; p != NULL; p = p->next)
1107 if((p->nexthop == cl) && (p != cl))
1108 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1110 /* Inform others of termination if it was still active */
1112 if(cl->status.active)
1113 for(p = conn_list; p != NULL; p = p->next)
1114 if(p->status.meta && p->status.active && p!=cl)
1115 send_del_host(p, cl);
1117 /* Remove the associated subnets */
1119 for(s = cl->subnets; s; s = s->next)
1122 /* Check if this was our outgoing connection */
1124 if(cl->status.outgoing && cl->status.active)
1126 signal(SIGALRM, sigalrm_handler);
1127 seconds_till_retry = 5;
1128 alarm(seconds_till_retry);
1129 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1134 cl->status.active = 0;
1139 Check if the other end is active.
1140 If we have sent packets, but didn't receive any,
1141 then possibly the other end is dead. We send a
1142 PING request over the meta connection. If the other
1143 end does not reply in time, we consider them dead
1144 and close the connection.
1146 int check_dead_connections(void)
1152 for(p = conn_list; p != NULL; p = p->next)
1154 if(p->status.active && p->status.meta)
1156 if(p->last_ping_time + timeout < now)
1158 if(p->status.pinged && !p->status.got_pong)
1160 if(debug_lvl >= DEBUG_PROTOCOL)
1161 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1162 p->name, p->hostname);
1163 p->status.timeout = 1;
1164 terminate_connection(p);
1166 else if(p->want_ping)
1169 p->last_ping_time = now;
1170 p->status.pinged = 1;
1171 p->status.got_pong = 0;
1181 accept a new tcp connect and create a
1184 int handle_new_meta_connection()
1187 struct sockaddr client;
1188 int nfd, len = sizeof(client);
1190 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1192 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1196 if(!(ncn = create_new_connection(nfd)))
1200 syslog(LOG_NOTICE, _("Closed attempted connection"));
1210 check all connections to see if anything
1211 happened on their sockets
1213 void check_network_activity(fd_set *f)
1216 int x, l = sizeof(x);
1218 for(p = conn_list; p != NULL; p = p->next)
1220 if(p->status.remove)
1223 if(p->status.dataopen)
1224 if(FD_ISSET(p->socket, f))
1227 The only thing that can happen to get us here is apparently an
1228 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1229 something that will not trigger an error directly on send()).
1230 I've once got here when it said `No route to host'.
1232 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1233 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1234 p->name, p->hostname, strerror(x));
1235 terminate_connection(p);
1240 if(FD_ISSET(p->meta_socket, f))
1241 if(receive_meta(p) < 0)
1243 terminate_connection(p);
1248 if(FD_ISSET(myself->socket, f))
1249 handle_incoming_vpn_data();
1251 if(FD_ISSET(myself->meta_socket, f))
1252 handle_new_meta_connection();
1257 read, encrypt and send data that is
1258 available through the ethertap device
1260 void handle_tap_input(void)
1265 if(taptype == TAP_TYPE_TUNTAP)
1267 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1269 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1276 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1278 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1284 total_tap_in += lenin;
1288 if(debug_lvl >= DEBUG_TRAFFIC)
1289 syslog(LOG_WARNING, _("Received short packet from tap device"));
1293 if(debug_lvl >= DEBUG_TRAFFIC)
1295 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1298 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1303 this is where it all happens...
1305 void main_loop(void)
1310 time_t last_ping_check;
1313 last_ping_check = time(NULL);
1317 tv.tv_sec = timeout;
1323 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1325 if(errno != EINTR) /* because of alarm */
1327 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1334 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1336 close_network_connections();
1337 clear_config(&config);
1339 if(read_server_config())
1341 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1347 if(setup_network_connections())
1355 /* Let's check if everybody is still alive */
1357 if(last_ping_check + timeout < t)
1359 check_dead_connections();
1360 last_ping_check = time(NULL);
1362 /* Should we regenerate our key? */
1366 if(debug_lvl >= DEBUG_STATUS)
1367 syslog(LOG_INFO, _("Regenerating symmetric key"));
1369 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1370 send_key_changed(myself, NULL);
1371 keyexpires = time(NULL) + keylifetime;
1377 check_network_activity(&fset);
1379 /* local tap data */
1380 if(FD_ISSET(tap_fd, &fset))