2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include "connection.h"
52 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
55 static void send_udppacket(node_t *, vpn_packet_t *);
57 unsigned replaywin = 16;
58 bool localdiscovery = false;
60 #define MAX_SEQNO 1073741824
62 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
63 mtuprobes == 31: sleep pinginterval seconds
64 mtuprobes == 32: send 1 burst, sleep pingtimeout second
65 mtuprobes == 33: no response from other side, restart PMTU discovery process
67 Probes are sent in batches of at least three, with random sizes between the
68 lower and upper boundaries for the MTU thus far discovered.
70 After the initial discovery, a fourth packet is added to each batch with a
71 size larger than the currently known PMTU, to test if the PMTU has increased.
73 In case local discovery is enabled, another packet is added to each batch,
74 which will be broadcast to the local network.
78 static void send_mtu_probe_handler(void *data) {
84 if(!n->status.reachable || !n->status.validkey) {
85 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
90 if(n->mtuprobes > 32) {
93 timeout = pinginterval;
97 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
98 n->status.udp_confirmed = false;
104 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
105 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
109 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
110 if(n->minmtu > n->maxmtu)
111 n->minmtu = n->maxmtu;
113 n->maxmtu = n->minmtu;
115 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
119 if(n->mtuprobes == 31) {
120 timeout = pinginterval;
122 } else if(n->mtuprobes == 32) {
123 timeout = pingtimeout;
126 for(int i = 0; i < 4 + localdiscovery; i++) {
130 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
133 } else if(n->maxmtu <= n->minmtu) {
136 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
143 memset(packet.data, 0, 14);
144 randomize(packet.data + 14, len - 14);
146 if(i >= 4 && n->mtuprobes <= 10)
147 packet.priority = -1;
151 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
153 send_udppacket(n, &packet);
156 n->probe_counter = 0;
157 gettimeofday(&n->probe_time, NULL);
159 /* Calculate the packet loss of incoming traffic by comparing the rate of
160 packets received to the rate with which the sequence number has increased.
163 if(n->received > n->prev_received)
164 n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
166 n->packetloss = n->received_seqno <= n->prev_received_seqno;
168 n->prev_received_seqno = n->received_seqno;
169 n->prev_received = n->received;
172 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
175 void send_mtu_probe(node_t *n) {
176 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
177 send_mtu_probe_handler(n);
180 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
181 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
183 if(!packet->data[0]) {
184 /* It's a probe request, send back a reply */
188 /* Temporarily set udp_confirmed, so that the reply is sent
189 back exactly the way it came in. */
191 bool udp_confirmed = n->status.udp_confirmed;
192 n->status.udp_confirmed = true;
193 send_udppacket(n, packet);
194 n->status.udp_confirmed = udp_confirmed;
196 /* It's a valid reply: now we know bidirectional communication
197 is possible using the address and socket that the reply
200 n->status.udp_confirmed = true;
202 /* If we haven't established the PMTU yet, restart the discovery process. */
204 if(n->mtuprobes > 30) {
205 if (len == n->maxmtu + 8) {
206 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
218 /* If applicable, raise the minimum supported MTU */
225 /* Calculate RTT and bandwidth.
226 The RTT is the time between the MTU probe burst was sent and the first
227 reply is received. The bandwidth is measured using the time between the
228 arrival of the first and third probe reply.
231 struct timeval now, diff;
232 gettimeofday(&now, NULL);
233 timersub(&now, &n->probe_time, &diff);
236 if(n->probe_counter == 1) {
237 n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
239 } else if(n->probe_counter == 3) {
240 n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
241 logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
246 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
248 memcpy(dest, source, len);
250 } else if(level == 10) {
252 lzo_uint lzolen = MAXSIZE;
253 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
258 } else if(level < 10) {
260 unsigned long destlen = MAXSIZE;
261 if(compress2(dest, &destlen, source, len, level) == Z_OK)
268 lzo_uint lzolen = MAXSIZE;
269 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
279 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
281 memcpy(dest, source, len);
283 } else if(level > 9) {
285 lzo_uint lzolen = MAXSIZE;
286 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
294 unsigned long destlen = MAXSIZE;
295 if(uncompress(dest, &destlen, source, len) == Z_OK)
307 static void receive_packet(node_t *n, vpn_packet_t *packet) {
308 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
309 packet->len, n->name, n->hostname);
312 n->in_bytes += packet->len;
317 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
319 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
321 if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest))
324 return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
327 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
328 vpn_packet_t pkt1, pkt2;
329 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
331 vpn_packet_t *outpkt = pkt[0];
334 if(n->status.sptps) {
335 if(!n->sptps.state) {
336 if(!n->status.waitingforkey) {
337 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
340 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
344 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
348 if(!cipher_active(n->incipher)) {
349 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
353 /* Check packet length */
355 if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) {
356 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
357 n->name, n->hostname);
361 /* Check the message authentication code */
363 if(digest_active(n->indigest)) {
364 inpkt->len -= digest_length(n->indigest);
365 if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
366 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
370 /* Decrypt the packet */
372 if(cipher_active(n->incipher)) {
373 outpkt = pkt[nextpkt++];
376 if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
377 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
381 outpkt->len = outlen;
385 /* Check the sequence number */
387 inpkt->len -= sizeof inpkt->seqno;
388 inpkt->seqno = ntohl(inpkt->seqno);
391 if(inpkt->seqno != n->received_seqno + 1) {
392 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
393 if(n->farfuture++ < replaywin >> 2) {
394 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
395 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
398 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
399 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
400 memset(n->late, 0, replaywin);
401 } else if (inpkt->seqno <= n->received_seqno) {
402 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
403 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
404 n->name, n->hostname, inpkt->seqno, n->received_seqno);
408 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
409 n->late[(i / 8) % replaywin] |= 1 << i % 8;
414 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
417 if(inpkt->seqno > n->received_seqno)
418 n->received_seqno = inpkt->seqno;
422 if(n->received_seqno > MAX_SEQNO)
425 /* Decompress the packet */
427 length_t origlen = inpkt->len;
429 if(n->incompression) {
430 outpkt = pkt[nextpkt++];
432 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
433 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
434 n->name, n->hostname);
440 origlen -= MTU/64 + 20;
445 if(!inpkt->data[12] && !inpkt->data[13])
446 mtu_probe_h(n, inpkt, origlen);
448 receive_packet(n, inpkt);
451 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
454 if(len > sizeof outpkt.data)
458 if(c->options & OPTION_TCPONLY)
461 outpkt.priority = -1;
462 memcpy(outpkt.data, buffer, len);
464 receive_packet(c->node, &outpkt);
467 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
468 if(!n->status.validkey) {
469 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
470 if(!n->status.waitingforkey)
472 else if(n->last_req_key + 10 < now.tv_sec) {
473 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
474 sptps_stop(&n->sptps);
475 n->status.waitingforkey = false;
484 if(!(origpkt->data[12] | origpkt->data[13])) {
485 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
489 if(routing_mode == RMODE_ROUTER)
494 if(origpkt->len < offset)
499 if(n->outcompression) {
500 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
502 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
503 } else if(len < origpkt->len - offset) {
504 outpkt.len = len + offset;
506 type |= PKT_COMPRESSED;
510 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
514 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
519 /* If the UDP address is confirmed, use it. */
520 if(n->status.udp_confirmed)
523 /* Send every third packet to n->address; that could be set
524 to the node's reflexive UDP address discovered during key
533 /* Otherwise, address are found in edges to this node.
534 So we pick a random edge and a random socket. */
537 int j = rand() % n->edge_tree->count;
538 edge_t *candidate = NULL;
540 for splay_each(edge_t, e, n->edge_tree) {
542 candidate = e->reverse;
548 *sa = &candidate->address;
549 *sock = rand() % listen_sockets;
552 /* Make sure we have a suitable socket for the chosen address */
553 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
554 for(int i = 0; i < listen_sockets; i++) {
555 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
563 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
564 static sockaddr_t broadcast_ipv4 = {
566 .sin_family = AF_INET,
567 .sin_addr.s_addr = -1,
571 static sockaddr_t broadcast_ipv6 = {
573 .sin6_family = AF_INET6,
574 .sin6_addr.s6_addr[0x0] = 0xff,
575 .sin6_addr.s6_addr[0x1] = 0x02,
576 .sin6_addr.s6_addr[0xf] = 0x01,
580 *sock = rand() % listen_sockets;
582 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
583 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
584 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
585 *sa = &broadcast_ipv6;
587 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
588 *sa = &broadcast_ipv4;
592 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
593 vpn_packet_t pkt1, pkt2;
594 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
595 vpn_packet_t *inpkt = origpkt;
597 vpn_packet_t *outpkt;
598 int origlen = origpkt->len;
600 #if defined(SOL_IP) && defined(IP_TOS)
601 static int priority = 0;
603 int origpriority = origpkt->priority;
605 if(!n->status.reachable) {
606 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
611 return send_sptps_packet(n, origpkt);
613 /* Make sure we have a valid key */
615 if(!n->status.validkey) {
616 logger(DEBUG_TRAFFIC, LOG_INFO,
617 "No valid key known yet for %s (%s), forwarding via TCP",
618 n->name, n->hostname);
620 if(n->last_req_key + 10 <= now.tv_sec) {
622 n->last_req_key = now.tv_sec;
625 send_tcppacket(n->nexthop->connection, origpkt);
630 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
631 logger(DEBUG_TRAFFIC, LOG_INFO,
632 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
633 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
636 send_packet(n->nexthop, origpkt);
638 send_tcppacket(n->nexthop->connection, origpkt);
643 /* Compress the packet */
645 if(n->outcompression) {
646 outpkt = pkt[nextpkt++];
648 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
649 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
650 n->name, n->hostname);
657 /* Add sequence number */
659 inpkt->seqno = htonl(++(n->sent_seqno));
660 inpkt->len += sizeof inpkt->seqno;
662 /* Encrypt the packet */
664 if(cipher_active(n->outcipher)) {
665 outpkt = pkt[nextpkt++];
668 if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
669 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
673 outpkt->len = outlen;
677 /* Add the message authentication code */
679 if(digest_active(n->outdigest)) {
680 if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) {
681 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
685 inpkt->len += digest_length(n->outdigest);
688 /* Send the packet */
690 const sockaddr_t *sa;
693 /* Overloaded use of priority field: -1 means local broadcast */
695 if(origpriority == -1 && n->prevedge)
696 choose_broadcast_address(n, &sa, &sock);
698 choose_udp_address(n, &sa, &sock);
700 #if defined(SOL_IP) && defined(IP_TOS)
701 if(priorityinheritance && origpriority != priority
702 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
703 priority = origpriority;
704 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
705 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
706 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
710 if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
711 if(sockmsgsize(sockerrno)) {
712 if(n->maxmtu >= origlen)
713 n->maxmtu = origlen - 1;
714 if(n->mtu >= origlen)
715 n->mtu = origlen - 1;
717 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
721 origpkt->len = origlen;
724 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
727 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
729 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
730 char buf[len * 4 / 3 + 5];
731 b64encode(data, buf, len);
732 /* If no valid key is known yet, send the packets using ANS_KEY requests,
733 to ensure we get to learn the reflexive UDP address. */
734 if(!to->status.validkey)
735 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
737 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
740 /* Otherwise, send the packet via UDP */
742 const sockaddr_t *sa;
745 choose_udp_address(to, &sa, &sock);
747 if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
748 if(sockmsgsize(sockerrno)) {
749 if(to->maxmtu >= len)
750 to->maxmtu = len - 1;
754 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
762 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
763 node_t *from = handle;
765 if(type == SPTPS_HANDSHAKE) {
766 if(!from->status.validkey) {
767 from->status.validkey = true;
768 from->status.waitingforkey = false;
769 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
775 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
781 if(type == PKT_PROBE) {
783 memcpy(inpkt.data, data, len);
784 mtu_probe_h(from, &inpkt, len);
788 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
789 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
793 /* Check if we have the headers we need */
794 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
795 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
797 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
798 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
801 int offset = (type & PKT_MAC) ? 0 : 14;
802 if(type & PKT_COMPRESSED) {
803 length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
807 inpkt.len = ulen + offset;
809 if(inpkt.len > MAXSIZE)
812 memcpy(inpkt.data + offset, data, len);
813 inpkt.len = len + offset;
816 /* Generate the Ethernet packet type if necessary */
818 switch(inpkt.data[14] >> 4) {
820 inpkt.data[12] = 0x08;
821 inpkt.data[13] = 0x00;
824 inpkt.data[12] = 0x86;
825 inpkt.data[13] = 0xDD;
828 logger(DEBUG_TRAFFIC, LOG_ERR,
829 "Unknown IP version %d while reading packet from %s (%s)",
830 inpkt.data[14] >> 4, from->name, from->hostname);
835 receive_packet(from, &inpkt);
840 send a packet to the given vpn ip.
842 void send_packet(node_t *n, vpn_packet_t *packet) {
847 memcpy(packet->data, mymac.x, ETH_ALEN);
849 n->out_bytes += packet->len;
850 devops.write(packet);
854 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
855 packet->len, n->name, n->hostname);
857 if(!n->status.reachable) {
858 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
859 n->name, n->hostname);
864 n->out_bytes += packet->len;
866 if(n->status.sptps) {
867 send_sptps_packet(n, packet);
871 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
874 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
875 n->name, via->name, n->via->hostname);
877 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
878 if(!send_tcppacket(via->connection, packet))
879 terminate_connection(via->connection, true);
881 send_udppacket(via, packet);
884 /* Broadcast a packet using the minimum spanning tree */
886 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
887 // Always give ourself a copy of the packet.
889 send_packet(myself, packet);
891 // In TunnelServer mode, do not forward broadcast packets.
892 // The MST might not be valid and create loops.
893 if(tunnelserver || broadcast_mode == BMODE_NONE)
896 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
897 packet->len, from->name, from->hostname);
899 switch(broadcast_mode) {
900 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
901 // This guarantees all nodes receive the broadcast packet, and
902 // usually distributes the sending of broadcast packets over all nodes.
904 for list_each(connection_t, c, connection_list)
905 if(c->status.active && c->status.mst && c != from->nexthop->connection)
906 send_packet(c->node, packet);
909 // In direct mode, we send copies to each node we know of.
910 // However, this only reaches nodes that can be reached in a single hop.
911 // We don't have enough information to forward broadcast packets in this case.
916 for splay_each(node_t, n, node_tree)
917 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
918 send_packet(n, packet);
926 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
929 static time_t last_hard_try = 0;
931 for splay_each(edge_t, e, edge_weight_tree) {
932 if(!e->to->status.reachable || e->to == myself)
935 if(sockaddrcmp_noport(from, &e->address)) {
936 if(last_hard_try == now.tv_sec)
941 if(!try_mac(e->to, pkt))
949 last_hard_try = now.tv_sec;
951 last_hard_try = now.tv_sec;
955 void handle_incoming_vpn_data(void *data, int flags) {
956 listen_socket_t *ls = data;
959 sockaddr_t from = {{0}};
960 socklen_t fromlen = sizeof from;
964 len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
966 if(len <= 0 || len > MAXSIZE) {
967 if(!sockwouldblock(sockerrno))
968 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
974 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
976 n = lookup_node_udp(&from);
979 n = try_harder(&from, &pkt);
981 update_node_udp(n, &from);
982 else if(debug_level >= DEBUG_PROTOCOL) {
983 hostname = sockaddr2hostname(&from);
984 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
992 n->sock = ls - listen_socket;
994 receive_udppacket(n, &pkt);
997 void handle_device_data(void *data, int flags) {
1000 packet.priority = 0;
1002 if(devops.read(&packet)) {
1003 myself->in_packets++;
1004 myself->in_bytes += packet.len;
1005 route(myself, &packet);
projects / tinc / blob