2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.1 2000/06/23 19:27:02 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 static int seconds_till_retry;
61 /* The global list of existing connections */
62 conn_list_t *conn_list = NULL;
63 conn_list_t *myself = NULL;
66 strip off the MAC adresses of an ethernet frame
68 void strip_mac_addresses(vpn_packet_t *p)
70 unsigned char tmp[MAXSIZE];
72 memcpy(tmp, p->data, p->len);
74 memcpy(p->data, &tmp[12], p->len);
79 reassemble MAC addresses
81 void add_mac_addresses(vpn_packet_t *p)
83 unsigned char tmp[MAXSIZE];
85 memcpy(&tmp[12], p->data, p->len);
87 tmp[0] = tmp[6] = 0xfe;
88 tmp[1] = tmp[7] = 0xfd;
89 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
90 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
91 memcpy(p->data, &tmp[0], p->len);
95 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sent %d bytes to %lx"), ntohs(rp.len), cl->vpn_ip);
108 if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
110 syslog(LOG_ERR, _("Error sending data: %m"));
114 total_socket_out += r;
121 int xrecv(conn_list_t *cl, void *packet)
126 do_decrypt((real_packet_t*)packet, &vp, cl->key);
127 add_mac_addresses(&vp);
129 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
130 syslog(LOG_ERR, _("Can't write to tap device: %m"));
132 total_tap_out += lenin;
135 cl->last_ping_time = time(NULL);
141 add the given packet of size s to the
142 queue q, be it the send or receive queue
144 void add_queue(packet_queue_t **q, void *packet, size_t s)
149 syslog(LOG_DEBUG, _("packet to queue: %d"), s);
151 e = xmalloc(sizeof(*e));
152 e->packet = xmalloc(s);
153 memcpy(e->packet, packet, s);
157 *q = xmalloc(sizeof(**q));
158 (*q)->head = (*q)->tail = NULL;
161 e->next = NULL; /* We insert at the tail */
163 if((*q)->tail) /* Do we have a tail? */
165 (*q)->tail->next = e;
166 e->prev = (*q)->tail;
168 else /* No tail -> no head too */
178 /* Remove a queue element */
179 void del_queue(packet_queue_t **q, queue_element_t *e)
184 if(e->next) /* There is a successor, so we are not tail */
186 if(e->prev) /* There is a predecessor, so we are not head */
188 e->next->prev = e->prev;
189 e->prev->next = e->next;
191 else /* We are head */
193 e->next->prev = NULL;
194 (*q)->head = e->next;
197 else /* We are tail (or all alone!) */
199 if(e->prev) /* We are not alone :) */
201 e->prev->next = NULL;
202 (*q)->tail = e->prev;
216 flush a queue by calling function for
217 each packet, and removing it when that
218 returned a zero exit code
220 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
221 int (*function)(conn_list_t*,void*))
223 queue_element_t *p, *next = NULL;
225 for(p = (*pq)->head; p != NULL; )
229 if(!function(cl, p->packet))
236 syslog(LOG_DEBUG, _("queue flushed"));
241 flush the send&recv queues
242 void because nothing goes wrong here, packets
243 remain in the queue if something goes wrong
245 void flush_queues(conn_list_t *cl)
251 syslog(LOG_DEBUG, _("Flushing send queue for " IP_ADDR_S),
252 IP_ADDR_V(cl->vpn_ip));
253 flush_queue(cl, &(cl->sq), xsend);
259 syslog(LOG_DEBUG, _("Flushing receive queue for " IP_ADDR_S),
260 IP_ADDR_V(cl->vpn_ip));
261 flush_queue(cl, &(cl->rq), xrecv);
267 send a packet to the given vpn ip.
269 int send_packet(ip_t to, vpn_packet_t *packet)
273 if((cl = lookup_conn(to)) == NULL)
277 syslog(LOG_NOTICE, _("trying to look up " IP_ADDR_S " in connection list failed."),
281 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
285 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
287 { /* No open outgoing connection has been found. */
289 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to."));
294 /* If indirectdata flag is set, then real_ip is actually the vpn_ip of the gateway tincd
298 if(cl->flags & INDIRECTDATA)
300 if((cl = lookup_conn(cl->vpn_ip)) == NULL)
304 syslog(LOG_NOTICE, _("indirect look up " IP_ADDR_S " in connection list failed."),
308 /* Gateway tincd dead? Should we kill it? (GS) */
312 if(cl->flags & INDIRECTDATA) /* This should not happen */
315 syslog(LOG_NOTICE, _("double indirection for " IP_ADDR_S),
321 if(my_key_expiry <= time(NULL))
324 if(!cl->status.dataopen)
325 if(setup_vpn_connection(cl) < 0)
328 if(!cl->status.validkey)
330 add_queue(&(cl->sq), packet, packet->len + 2);
331 if(!cl->status.waitingforkey)
332 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
336 if(!cl->status.active)
338 add_queue(&(cl->sq), packet, packet->len + 2);
340 syslog(LOG_INFO, _(IP_ADDR_S " is not ready, queueing packet."), IP_ADDR_V(cl->vpn_ip));
341 return 0; /* We don't want to mess up, do we? */
344 /* can we send it? can we? can we? huh? */
346 return xsend(cl, packet);
350 open the local ethertap device
352 int setup_tap_fd(void)
355 const char *tapfname;
358 if((cfg = get_config_val(tapdevice)) == NULL)
359 tapfname = "/dev/tap0";
361 tapfname = cfg->data.ptr;
363 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
365 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
375 set up the socket that we listen on for incoming
378 int setup_listen_meta_socket(int port)
381 struct sockaddr_in a;
384 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
386 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
390 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
392 syslog(LOG_ERR, _("setsockopt: %m"));
396 flags = fcntl(nfd, F_GETFL);
397 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
399 syslog(LOG_ERR, _("fcntl: %m"));
403 memset(&a, 0, sizeof(a));
404 a.sin_family = AF_INET;
405 a.sin_port = htons(port);
406 a.sin_addr.s_addr = htonl(INADDR_ANY);
408 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
410 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
416 syslog(LOG_ERR, _("listen: %m"));
424 setup the socket for incoming encrypted
427 int setup_vpn_in_socket(int port)
430 struct sockaddr_in a;
433 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
435 syslog(LOG_ERR, _("Creating socket failed: %m"));
439 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
441 syslog(LOG_ERR, _("setsockopt: %m"));
445 flags = fcntl(nfd, F_GETFL);
446 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
448 syslog(LOG_ERR, _("fcntl: %m"));
452 memset(&a, 0, sizeof(a));
453 a.sin_family = AF_INET;
454 a.sin_port = htons(port);
455 a.sin_addr.s_addr = htonl(INADDR_ANY);
457 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
459 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
467 setup an outgoing meta (tcp) socket
469 int setup_outgoing_meta_socket(conn_list_t *cl)
472 struct sockaddr_in a;
475 if((cfg = get_config_val(upstreamport)) == NULL)
478 cl->port = cfg->data.val;
480 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
481 if(cl->meta_socket == -1)
483 syslog(LOG_ERR, _("Creating socket failed: %m"));
487 a.sin_family = AF_INET;
488 a.sin_port = htons(cl->port);
489 a.sin_addr.s_addr = htonl(cl->real_ip);
491 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
493 syslog(LOG_ERR, _(IP_ADDR_S ":%d: %m"), IP_ADDR_V(cl->real_ip), cl->port);
497 flags = fcntl(cl->meta_socket, F_GETFL);
498 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
500 syslog(LOG_ERR, _("fcntl: %m"));
504 cl->hostname = hostlookup(htonl(cl->real_ip));
506 syslog(LOG_INFO, _("Connected to %s:%hd"), cl->hostname, cl->port);
512 setup an outgoing connection. It's not
513 necessary to also open an udp socket as
514 well, because the other host will initiate
515 an authentication sequence during which
516 we will do just that.
518 int setup_outgoing_connection(ip_t ip)
522 ncn = new_conn_list();
525 if(setup_outgoing_meta_socket(ncn) < 0)
527 syslog(LOG_ERR, _("Could not set up a meta connection."));
528 free_conn_element(ncn);
532 ncn->status.meta = 1;
533 ncn->status.outgoing = 1;
534 ncn->next = conn_list;
541 set up the local sockets (listen only)
543 int setup_myself(void)
547 myself = new_conn_list();
549 if(!(cfg = get_config_val(myvpnip)))
551 syslog(LOG_ERR, _("No value for my VPN IP given"));
555 myself->vpn_ip = cfg->data.ip->ip;
556 myself->vpn_mask = cfg->data.ip->mask;
559 if(!(cfg = get_config_val(listenport)))
562 myself->port = cfg->data.val;
564 if(cfg = get_config_val(indirectdata))
566 myself->flags |= EXPORTINDIRECTDATA;
568 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
570 syslog(LOG_ERR, _("Unable to set up a listening socket"));
574 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
576 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
577 close(myself->meta_socket);
581 myself->status.active = 1;
583 syslog(LOG_NOTICE, _("Ready: listening on port %d."), myself->port);
589 sigalrm_handler(int a)
593 cfg = get_config_val(upstreamip);
595 if(!setup_outgoing_connection(cfg->data.ip->ip))
597 signal(SIGALRM, SIG_IGN);
601 signal(SIGALRM, sigalrm_handler);
602 seconds_till_retry += 5;
603 if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */
604 seconds_till_retry = 300;
605 alarm(seconds_till_retry);
606 syslog(LOG_ERR, _("Still failed to connect to other. Will retry in %d seconds."),
613 setup all initial network connections
615 int setup_network_connections(void)
619 if((cfg = get_config_val(pingtimeout)) == NULL)
622 timeout = cfg->data.val;
624 if(setup_tap_fd() < 0)
627 if(setup_myself() < 0)
630 if((cfg = get_config_val(upstreamip)) == NULL)
631 /* No upstream IP given, we're listen only. */
634 if(setup_outgoing_connection(cfg->data.ip->ip))
636 signal(SIGALRM, sigalrm_handler);
637 seconds_till_retry = 300;
638 alarm(seconds_till_retry);
639 syslog(LOG_NOTICE, _("Try to re-establish outgoing connection in 5 minutes."));
646 close all open network connections
648 void close_network_connections(void)
652 for(p = conn_list; p != NULL; p = p->next)
654 if(p->status.dataopen)
656 shutdown(p->socket, 0); /* No more receptions */
662 shutdown(p->meta_socket, 0); /* No more receptions */
663 close(p->meta_socket);
668 if(myself->status.active)
670 close(myself->meta_socket);
671 close(myself->socket);
677 syslog(LOG_NOTICE, _("Terminating."));
683 create a data (udp) socket
685 int setup_vpn_connection(conn_list_t *cl)
688 struct sockaddr_in a;
691 syslog(LOG_DEBUG, _("Opening UDP socket to " IP_ADDR_S), IP_ADDR_V(cl->real_ip));
693 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
696 syslog(LOG_ERR, _("Creating data socket failed: %m"));
700 a.sin_family = AF_INET;
701 a.sin_port = htons(cl->port);
702 a.sin_addr.s_addr = htonl(cl->real_ip);
704 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
706 syslog(LOG_ERR, _("Connecting to " IP_ADDR_S ":%d failed: %m"),
707 IP_ADDR_V(cl->real_ip), cl->port);
711 flags = fcntl(nfd, F_GETFL);
712 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
714 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, nfd);
719 cl->status.dataopen = 1;
725 handle an incoming tcp connect call and open
728 conn_list_t *create_new_connection(int sfd)
731 struct sockaddr_in ci;
732 int len = sizeof(ci);
736 if(getpeername(sfd, &ci, &len) < 0)
738 syslog(LOG_ERR, _("Error: getpeername: %m"));
742 p->hostname = hostlookup(ci.sin_addr.s_addr);
743 p->real_ip = ntohl(ci.sin_addr.s_addr);
744 p->meta_socket = sfd;
747 p->last_ping_time = time(NULL);
750 syslog(LOG_NOTICE, _("Connection from %s:%d"), p->hostname, htons(ci.sin_port));
752 if(send_basic_info(p) < 0)
762 put all file descriptors in an fd_set array
764 void build_fdset(fd_set *fs)
770 for(p = conn_list; p != NULL; p = p->next)
773 FD_SET(p->meta_socket, fs);
774 if(p->status.dataopen)
775 FD_SET(p->socket, fs);
778 FD_SET(myself->meta_socket, fs);
779 FD_SET(myself->socket, fs);
785 receive incoming data from the listening
786 udp socket and write it to the ethertap
787 device after being decrypted
789 int handle_incoming_vpn_data(conn_list_t *cl)
793 int x, l = sizeof(x);
796 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
798 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->socket);
803 syslog(LOG_ERR, _("Incoming data socket error: %s"), sys_errlist[x]);
808 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
811 syslog(LOG_ERR, _("Receiving data failed: %m"));
814 total_socket_in += lenin;
816 rp.data.len = ntohs(rp.data.len);
817 rp.len = ntohs(rp.len);
818 rp.from = ntohl(rp.from);
822 f = lookup_conn(rp.from);
824 syslog(LOG_DEBUG, _("packet from " IP_ADDR_S " (len %d)"),
825 IP_ADDR_V(rp.from), rp.len);
828 syslog(LOG_ERR, _("Got packet from unknown source " IP_ADDR_S),
833 if(f->status.validkey)
837 add_queue(&(f->rq), &rp, rp.len);
838 if(!cl->status.waitingforkey)
839 send_key_request(rp.from);
842 if(my_key_expiry <= time(NULL))
850 terminate a connection and notify the other
851 end before closing the sockets
853 void terminate_connection(conn_list_t *cl)
858 if(cl->status.remove)
862 syslog(LOG_NOTICE, _("Closing connection with %s."), cl->hostname);
864 if(cl->status.timeout)
866 else if(!cl->status.termreq)
871 close(cl->meta_socket);
873 if(cl->status.outgoing)
875 signal(SIGALRM, sigalrm_handler);
876 seconds_till_retry = 5;
877 alarm(seconds_till_retry);
878 syslog(LOG_NOTICE, _("Try to re-establish outgoing connection in 5 seconds."));
881 cl->status.active = 0;
882 cl->status.remove = 1;
885 /* Find all connections that were lost because they were behind cl
886 (the connection that was dropped). */
887 for(p = conn_list; p != NULL; p = p->next)
890 p->status.active = 0;
891 p->status.remove = 1;
895 /* Then send a notification about all these connections to all hosts
896 that are still connected to us. */
897 for(p = conn_list; p != NULL; p = p->next)
898 if(!p->status.remove && p->status.meta)
899 for(q = conn_list; q != NULL; q = q->next)
907 Check if the other end is active.
908 If we have sent packets, but didn't receive any,
909 then possibly the other end is dead. We send a
910 PING request over the meta connection. If the other
911 end does not reply in time, we consider them dead
912 and close the connection.
914 int check_dead_connections(void)
920 for(p = conn_list; p != NULL; p = p->next)
924 if(p->status.active && p->status.meta)
926 if(p->last_ping_time + timeout < now)
928 if(p->status.pinged && !p->status.got_pong)
930 syslog(LOG_INFO, _("%s (" IP_ADDR_S ") didn't respond to ping"),
931 p->hostname, IP_ADDR_V(p->vpn_ip));
932 p->status.timeout = 1;
933 terminate_connection(p);
935 else if(p->want_ping)
938 p->last_ping_time = now;
939 p->status.pinged = 1;
940 p->status.got_pong = 0;
950 accept a new tcp connect and create a
953 int handle_new_meta_connection(conn_list_t *cl)
956 struct sockaddr client;
957 int nfd, len = sizeof(client);
959 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
961 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
965 if((ncn = create_new_connection(nfd)) == NULL)
969 syslog(LOG_NOTICE, _("Closed attempted connection."));
973 ncn->status.meta = 1;
974 ncn->next = conn_list;
981 dispatch any incoming meta requests
983 int handle_incoming_meta_data(conn_list_t *cl)
985 int x, l = sizeof(x);
986 int request, oldlen, i;
989 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
991 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->meta_socket);
996 syslog(LOG_ERR, _("Metadata socket error: %s"), sys_errlist[x]);
1000 if(cl->buflen >= MAXBUFSIZE)
1002 syslog(LOG_ERR, _("Metadata read buffer overflow."));
1006 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1010 syslog(LOG_ERR, _("Metadata socket read error: %m"));
1014 oldlen = cl->buflen;
1015 cl->buflen += lenin;
1021 for(i = oldlen; i < cl->buflen; i++)
1023 if(cl->buffer[i] == '\n')
1025 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1033 if(sscanf(cl->buffer, "%d", &request) == 1)
1035 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1037 syslog(LOG_ERR, _("Unknown request: %s"), cl->buffer);
1042 syslog(LOG_DEBUG, _("Got request: %s"), cl->buffer);
1044 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1046 syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S), IP_ADDR_V(cl->real_ip));
1052 syslog(LOG_ERR, _("Bogus data received."));
1056 cl->buflen -= cl->reqlen;
1057 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1066 cl->last_ping_time = time(NULL);
1073 check all connections to see if anything
1074 happened on their sockets
1076 void check_network_activity(fd_set *f)
1079 int x, l = sizeof(x);
1081 for(p = conn_list; p != NULL; p = p->next)
1083 if(p->status.remove)
1086 if(p->status.dataopen)
1087 if(FD_ISSET(p->socket, f))
1090 The only thing that can happen to get us here is apparently an
1091 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1092 something that will not trigger an error directly on send()).
1093 I've once got here when it said `No route to host'.
1095 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1096 syslog(LOG_ERR, _("Outgoing data socket error: %s"), sys_errlist[x]);
1097 terminate_connection(p);
1102 if(FD_ISSET(p->meta_socket, f))
1103 if(handle_incoming_meta_data(p) < 0)
1105 terminate_connection(p);
1110 if(FD_ISSET(myself->socket, f))
1111 handle_incoming_vpn_data(myself);
1113 if(FD_ISSET(myself->meta_socket, f))
1114 handle_new_meta_connection(myself);
1119 read, encrypt and send data that is
1120 available through the ethertap device
1122 void handle_tap_input(void)
1126 int ether_type, lenin;
1128 memset(&vp, 0, sizeof(vp));
1129 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1131 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1135 total_tap_in += lenin;
1137 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1138 if(ether_type != 0x0800)
1141 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1142 ether_type, MAC_ADDR_V(vp.data[6]));
1149 syslog(LOG_INFO, _("Dropping short packet"));
1153 from = ntohl(*((unsigned long*)(&vp.data[26])));
1154 to = ntohl(*((unsigned long*)(&vp.data[30])));
1157 syslog(LOG_DEBUG, _("An IP packet (%04x) for " IP_ADDR_S " from " IP_ADDR_S),
1158 ether_type, IP_ADDR_V(to), IP_ADDR_V(from));
1160 syslog(LOG_DEBUG, _(MAC_ADDR_S " to " MAC_ADDR_S),
1161 MAC_ADDR_V(vp.data[0]), MAC_ADDR_V(vp.data[6]));
1163 vp.len = (length_t)lenin - 2;
1165 strip_mac_addresses(&vp);
1167 send_packet(to, &vp);
1172 this is where it all happens...
1174 void main_loop(void)
1179 time_t last_ping_check;
1181 last_ping_check = time(NULL);
1185 tv.tv_sec = timeout;
1191 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1193 if(errno == EINTR) /* because of alarm */
1195 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1199 if(last_ping_check + timeout < time(NULL))
1200 /* Let's check if everybody is still alive */
1202 check_dead_connections();
1203 last_ping_check = time(NULL);
1207 check_network_activity(&fset);
1209 /* local tap data */
1210 if(FD_ISSET(tap_fd, &fset))