/*
net_setup.c -- Setup.
Copyright (C) 1998-2005 Ivo Timmermans,
- 2000-2010 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2010 Brandon Black <blblack@gmail.com>
char *myport;
static struct event device_ev;
+devops_t devops;
+
+bool node_read_ecdsa_public_key(node_t *n) {
+ if(ecdsa_active(&n->ecdsa))
+ return true;
+
+ splay_tree_t *config_tree;
+ FILE *fp;
+ char *fname;
+ char *p;
+ bool result = false;
+
+ xasprintf(&fname, "%s/hosts/%s", confbase, n->name);
+
+ init_configuration(&config_tree);
+ if(!read_config_file(config_tree, fname))
+ goto exit;
+
+ /* First, check for simple ECDSAPublicKey statement */
+
+ if(get_config_string(lookup_config(config_tree, "ECDSAPublicKey"), &p)) {
+ result = ecdsa_set_base64_public_key(&n->ecdsa, p);
+ free(p);
+ goto exit;
+ }
+
+ /* Else, check for ECDSAPublicKeyFile statement and read it */
+
+ free(fname);
+
+ if(!get_config_string(lookup_config(config_tree, "ECDSAPublicKeyFile"), &fname))
+ xasprintf(&fname, "%s/hosts/%s", confbase, n->name);
+
+ fp = fopen(fname, "r");
+
+ if(!fp) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA public key file `%s': %s", fname, strerror(errno));
+ goto exit;
+ }
+
+ result = ecdsa_read_pem_public_key(&n->ecdsa, fp);
+ fclose(fp);
+
+exit:
+ exit_configuration(&config_tree);
+ free(fname);
+ return result;
+}
bool read_ecdsa_public_key(connection_t *c) {
FILE *fp;
fp = fopen(fname, "r");
if(!fp) {
- logger(LOG_ERR, "Error reading ECDSA public key file `%s': %s",
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA public key file `%s': %s",
fname, strerror(errno));
free(fname);
return false;
fclose(fp);
if(!result)
- logger(LOG_ERR, "Reading ECDSA public key file `%s' failed: %s", fname, strerror(errno));
+ logger(DEBUG_ALWAYS, LOG_ERR, "Reading ECDSA public key file `%s' failed: %s", fname, strerror(errno));
free(fname);
return result;
}
fp = fopen(fname, "r");
if(!fp) {
- logger(LOG_ERR, "Error reading RSA public key file `%s': %s",
- fname, strerror(errno));
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
free(fname);
return false;
}
fclose(fp);
if(!result)
- logger(LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno));
+ logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno));
free(fname);
return result;
}
fp = fopen(fname, "r");
if(!fp) {
- logger(LOG_ERR, "Error reading ECDSA private key file `%s': %s",
- fname, strerror(errno));
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA private key file `%s': %s", fname, strerror(errno));
free(fname);
return false;
}
struct stat s;
if(fstat(fileno(fp), &s)) {
- logger(LOG_ERR, "Could not stat ECDSA private key file `%s': %s'", fname, strerror(errno));
+ logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat ECDSA private key file `%s': %s'", fname, strerror(errno));
free(fname);
return false;
}
if(s.st_mode & ~0100700)
- logger(LOG_WARNING, "Warning: insecure file permissions for ECDSA private key file `%s'!", fname);
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for ECDSA private key file `%s'!", fname);
#endif
result = ecdsa_read_pem_private_key(&myself->connection->ecdsa, fp);
fclose(fp);
if(!result)
- logger(LOG_ERR, "Reading ECDSA private key file `%s' failed: %s", fname, strerror(errno));
+ logger(DEBUG_ALWAYS, LOG_ERR, "Reading ECDSA private key file `%s' failed: %s", fname, strerror(errno));
free(fname);
return result;
}
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &d)) {
if(!get_config_string(lookup_config(config_tree, "PublicKey"), &n)) {
- logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "PrivateKey used but no PublicKey found!");
free(d);
return false;
}
fp = fopen(fname, "r");
if(!fp) {
- logger(LOG_ERR, "Error reading RSA private key file `%s': %s",
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s",
fname, strerror(errno));
free(fname);
return false;
struct stat s;
if(fstat(fileno(fp), &s)) {
- logger(LOG_ERR, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno));
+ logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno));
free(fname);
return false;
}
if(s.st_mode & ~0100700)
- logger(LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
#endif
result = rsa_read_pem_private_key(&myself->connection->rsa, fp);
fclose(fp);
if(!result)
- logger(LOG_ERR, "Reading RSA private key file `%s' failed: %s", fname, strerror(errno));
+ logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA private key file `%s' failed: %s", fname, strerror(errno));
free(fname);
return result;
}
void regenerate_key(void) {
if(timeout_initialized(&keyexpire_event)) {
- ifdebug(STATUS) logger(LOG_INFO, "Expiring symmetric keys");
+ logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys");
event_del(&keyexpire_event);
send_key_changed();
} else {
config_t *cfg;
subnet_t *s, *s2;
node_t *n;
- bool result;
xasprintf(&dname, "%s/hosts", confbase);
dir = opendir(dname);
if(!dir) {
- logger(LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
+ logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
free(dname);
return;
}
xasprintf(&fname, "%s/hosts/%s", confbase, ent->d_name);
init_configuration(&config_tree);
- result = read_config_file(config_tree, fname);
+ read_config_options(config_tree, ent->d_name);
+ read_config_file(config_tree, fname);
free(fname);
- if(!result)
- continue;
if(!n) {
n = new_node();
static bool setup_myself(void) {
config_t *cfg;
subnet_t *subnet;
- char *name, *hostname, *mode, *afname, *cipher, *digest;
+ char *name, *hostname, *mode, *afname, *cipher, *digest, *type;
char *fname = NULL;
char *address = NULL;
char *envp[5];
myself->connection->protocol_minor = PROT_MINOR;
if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */
- logger(LOG_ERR, "Name for tinc daemon required!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Name for tinc daemon required!");
return false;
}
if(!check_id(name)) {
- logger(LOG_ERR, "Invalid name for myself!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Invalid name for myself!");
free(name);
return false;
}
read_config_file(config_tree, fname);
free(fname);
- if(!read_ecdsa_private_key())
+ get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental);
+
+ if(experimental && !read_ecdsa_private_key())
return false;
if(!read_rsa_private_key())
get_config_bool(lookup_config(config_tree, "DirectOnly"), &directonly);
get_config_bool(lookup_config(config_tree, "StrictSubnets"), &strictsubnets);
get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
+ get_config_bool(lookup_config(config_tree, "LocalDiscovery"), &localdiscovery);
strictsubnets |= tunnelserver;
if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) {
else if(!strcasecmp(mode, "hub"))
routing_mode = RMODE_HUB;
else {
- logger(LOG_ERR, "Invalid routing mode!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Invalid routing mode!");
return false;
}
free(mode);
else if(!strcasecmp(mode, "kernel"))
forwarding_mode = FMODE_KERNEL;
else {
- logger(LOG_ERR, "Invalid forwarding mode!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Invalid forwarding mode!");
return false;
}
free(mode);
myself->options |= OPTION_CLAMP_MSS;
get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
+ get_config_bool(lookup_config(config_tree, "DecrementTTL"), &decrement_ttl);
+ get_config_bool(lookup_config(config_tree, "Broadcast"), &broadcast);
#if !defined(SOL_IP) || !defined(IP_TOS)
if(priorityinheritance)
- logger(LOG_WARNING, "%s not supported on this platform", "PriorityInheritance");
+ logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "PriorityInheritance");
#endif
if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire))
if(get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout)) {
if(maxtimeout <= 0) {
- logger(LOG_ERR, "Bogus maximum timeout!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus maximum timeout!");
return false;
}
} else
if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
if(udp_rcvbuf <= 0) {
- logger(LOG_ERR, "UDPRcvBuf cannot be negative!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!");
return false;
}
}
if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) {
if(udp_sndbuf <= 0) {
- logger(LOG_ERR, "UDPSndBuf cannot be negative!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!");
return false;
}
}
if(get_config_int(lookup_config(config_tree, "ReplayWindow"), &replaywin_int)) {
if(replaywin_int < 0) {
- logger(LOG_ERR, "ReplayWindow cannot be negative!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "ReplayWindow cannot be negative!");
return false;
}
replaywin = (unsigned)replaywin_int;
else if(!strcasecmp(afname, "any"))
addressfamily = AF_UNSPEC;
else {
- logger(LOG_ERR, "Invalid address family!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Invalid address family!");
return false;
}
free(afname);
cipher = xstrdup("blowfish");
if(!cipher_open_by_name(&myself->incipher, cipher)) {
- logger(LOG_ERR, "Unrecognized cipher type!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
return false;
}
/* Check if we want to use message authentication codes... */
- if(!get_config_string(lookup_config(config_tree, "Digest"), &digest))
- digest = xstrdup("sha1");
-
int maclength = 4;
get_config_int(lookup_config(config_tree, "MACLength"), &maclength);
if(maclength < 0) {
- logger(LOG_ERR, "Bogus MAC length!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus MAC length!");
return false;
}
+ if(!get_config_string(lookup_config(config_tree, "Digest"), &digest))
+ digest = xstrdup("sha1");
+
if(!digest_open_by_name(&myself->indigest, digest, maclength)) {
- logger(LOG_ERR, "Unrecognized digest type!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
return false;
}
if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) {
if(myself->incompression < 0 || myself->incompression > 11) {
- logger(LOG_ERR, "Bogus compression level!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
return false;
}
} else
/* Open device */
- if(!setup_device())
+ devops = os_devops;
+
+ if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
+ if(!strcasecmp(type, "dummy"))
+ devops = dummy_devops;
+ else if(!strcasecmp(type, "raw_socket"))
+ devops = raw_socket_devops;
+ else if(!strcasecmp(type, "multicast"))
+ devops = multicast_devops;
+#ifdef ENABLE_UML
+ else if(!strcasecmp(type, "uml"))
+ devops = uml_devops;
+#endif
+#ifdef ENABLE_VDE
+ else if(!strcasecmp(type, "vde"))
+ devops = vde_devops;
+#endif
+ }
+
+ if(!devops.setup())
return false;
if(device_fd >= 0) {
event_set(&device_ev, device_fd, EV_READ|EV_PERSIST, handle_device_data, NULL);
if (event_add(&device_ev, NULL) < 0) {
- logger(LOG_ERR, "event_add failed: %s", strerror(errno));
- close_device();
+ logger(DEBUG_ALWAYS, LOG_ERR, "event_add failed: %s", strerror(errno));
+ devops.close();
return false;
}
}
/* Open sockets */
- get_config_string(lookup_config(config_tree, "BindToAddress"), &address);
-
- hint.ai_family = addressfamily;
- hint.ai_socktype = SOCK_STREAM;
- hint.ai_protocol = IPPROTO_TCP;
- hint.ai_flags = AI_PASSIVE;
+ listen_sockets = 0;
+ cfg = lookup_config(config_tree, "BindToAddress");
- err = getaddrinfo(address, myport, &hint, &ai);
+ do {
+ get_config_string(cfg, &address);
+ if(cfg)
+ cfg = lookup_config_next(config_tree, cfg);
- if(err || !ai) {
- logger(LOG_ERR, "System call `%s' failed: %s", "getaddrinfo",
- gai_strerror(err));
- return false;
- }
+ char *port = myport;
- listen_sockets = 0;
+ if(address) {
+ char *space = strchr(address, ' ');
+ if(space) {
+ *space++ = 0;
+ port = space;
+ }
- for(aip = ai; aip; aip = aip->ai_next) {
- listen_socket[listen_sockets].tcp =
- setup_listen_socket((sockaddr_t *) aip->ai_addr);
+ if(!strcmp(address, "*"))
+ *address = 0;
+ }
- if(listen_socket[listen_sockets].tcp < 0)
- continue;
+ hint.ai_family = addressfamily;
+ hint.ai_socktype = SOCK_STREAM;
+ hint.ai_protocol = IPPROTO_TCP;
+ hint.ai_flags = AI_PASSIVE;
- listen_socket[listen_sockets].udp =
- setup_vpn_in_socket((sockaddr_t *) aip->ai_addr);
+ err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
+ free(address);
- if(listen_socket[listen_sockets].udp < 0) {
- close(listen_socket[listen_sockets].tcp);
- continue;
+ if(err || !ai) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "getaddrinfo",
+ gai_strerror(err));
+ return false;
}
- event_set(&listen_socket[listen_sockets].ev_tcp,
- listen_socket[listen_sockets].tcp,
- EV_READ|EV_PERSIST,
- handle_new_meta_connection, NULL);
- if(event_add(&listen_socket[listen_sockets].ev_tcp, NULL) < 0) {
- logger(LOG_ERR, "event_add failed: %s", strerror(errno));
- abort();
- }
+ for(aip = ai; aip; aip = aip->ai_next) {
+ if(listen_sockets >= MAXSOCKETS) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
+ return false;
+ }
- event_set(&listen_socket[listen_sockets].ev_udp,
- listen_socket[listen_sockets].udp,
- EV_READ|EV_PERSIST,
- handle_incoming_vpn_data, NULL);
- if(event_add(&listen_socket[listen_sockets].ev_udp, NULL) < 0) {
- logger(LOG_ERR, "event_add failed: %s", strerror(errno));
- abort();
- }
+ listen_socket[listen_sockets].tcp =
+ setup_listen_socket((sockaddr_t *) aip->ai_addr);
- ifdebug(CONNECTIONS) {
- hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr);
- logger(LOG_NOTICE, "Listening on %s", hostname);
- free(hostname);
- }
+ if(listen_socket[listen_sockets].tcp < 0)
+ continue;
- memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen);
- listen_sockets++;
+ listen_socket[listen_sockets].udp =
+ setup_vpn_in_socket((sockaddr_t *) aip->ai_addr);
- if(listen_sockets >= MAXSOCKETS) {
- logger(LOG_WARNING, "Maximum of %d listening sockets reached", MAXSOCKETS);
- break;
+ if(listen_socket[listen_sockets].udp < 0) {
+ close(listen_socket[listen_sockets].tcp);
+ continue;
+ }
+
+ event_set(&listen_socket[listen_sockets].ev_tcp,
+ listen_socket[listen_sockets].tcp,
+ EV_READ|EV_PERSIST,
+ handle_new_meta_connection, NULL);
+ if(event_add(&listen_socket[listen_sockets].ev_tcp, NULL) < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "event_add failed: %s", strerror(errno));
+ abort();
+ }
+
+ event_set(&listen_socket[listen_sockets].ev_udp,
+ listen_socket[listen_sockets].udp,
+ EV_READ|EV_PERSIST,
+ handle_incoming_vpn_data, (void *)(intptr_t)listen_sockets);
+ if(event_add(&listen_socket[listen_sockets].ev_udp, NULL) < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "event_add failed: %s", strerror(errno));
+ abort();
+ }
+
+ if(debug_level >= DEBUG_CONNECTIONS) {
+ hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr);
+ logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s", hostname);
+ free(hostname);
+ }
+
+ memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen);
+ listen_sockets++;
}
- }
- freeaddrinfo(ai);
+ freeaddrinfo(ai);
+ } while(cfg);
if(listen_sockets)
- logger(LOG_NOTICE, "Ready");
+ logger(DEBUG_ALWAYS, LOG_NOTICE, "Ready");
else {
- logger(LOG_ERR, "Unable to create any listening socket!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Unable to create any listening socket!");
return false;
}
for(i = 0; i < 4; i++)
free(envp[i]);
- close_device();
+ devops.close();
return;
}
projects / meshlink / blobdiff