along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.94 2001/01/13 16:36:21 guus Exp $
+ $Id: net.c,v 1.35.4.100 2001/02/27 16:37:25 guus Exp $
*/
#include "config.h"
#include <fcntl.h>
#include <netdb.h>
#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
cp
outpkt.len = inpkt->len;
- /* Encrypt the packet. FIXME: we should use CBC, not CFB. */
+ /* Encrypt the packet. */
EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
{
connection_t *cl;
subnet_t *subnet;
+ vpn_packet_t *copy;
cp
if((subnet = lookup_subnet_ipv4(&to)) == NULL)
{
syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
cl->name, cl->hostname);
- list_insert_tail(cl->queue, packet);
+ /* Since packet is on the stack of handle_tap_input(),
+ we have to make a copy of it first. */
+
+ copy = xmalloc(sizeof(vpn_packet_t));
+ memcpy(copy, packet, sizeof(vpn_packet_t));
+
+ list_insert_tail(cl->queue, copy);
if(!cl->status.waitingforkey)
send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
void flush_queue(connection_t *cl)
{
list_node_t *node, *next;
-
+cp
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname);
xsend(cl, (vpn_packet_t *)node->data);
list_delete_node(cl->queue, node);
}
+cp
}
/*
{
int nfd, flags;
struct sockaddr_in a;
- const int one = 1;
+ int option;
config_t const *cfg;
cp
if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
return -1;
}
- if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
- {
- close(nfd);
- syslog(LOG_ERR, _("System call `%s' failed: %m"),
- "setsockopt");
- return -1;
- }
-
- if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
- {
- close(nfd);
- syslog(LOG_ERR, _("System call `%s' failed: %m"),
- "setsockopt");
- return -1;
- }
-
flags = fcntl(nfd, F_GETFL);
if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
{
return -1;
}
+ /* Optimize TCP settings */
+
+ option = 1;
+ setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
+ setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option));
+ setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option));
+
+ option = IPTOS_LOWDELAY;
+ setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option));
+
if((cfg = get_config_val(config, config_interface)))
{
- if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
+ if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, cfg->data.ptr, strlen(cfg->data.ptr)))
{
close(nfd);
syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
return -1;
}
- if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
- {
- close(nfd);
- syslog(LOG_ERR, _("System call `%s' failed: %m"),
- "setsockopt");
- return -1;
- }
+ setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
flags = fcntl(nfd, F_GETFL);
if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
int flags;
struct sockaddr_in a;
config_t const *cfg;
+ int option;
cp
if(debug_lvl >= DEBUG_CONNECTIONS)
syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind");
return -1;
}
+
+ /* Optimize TCP settings */
+
+ option = 1;
+ setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option));
+ setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option));
+
+ option = IPTOS_LOWDELAY;
+ setsockopt(cl->meta_socket, SOL_IP, IP_TOS, &option, sizeof(option));
+
+ /* Connect */
a.sin_family = AF_INET;
a.sin_port = htons(cl->port);
cp
/* Generate packet encryption key */
- myself->cipher_pkttype = EVP_bf_cfb();
+ myself->cipher_pkttype = EVP_bf_cbc();
myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
return;
}
-/*
- create a data (udp) socket
- OBSOLETED: use only one listening socket for compatibility with non-Linux operating systems
-*/
-int setup_vpn_connection(connection_t *cl)
-{
- int nfd, flags;
- struct sockaddr_in a;
- const int one = 1;
-cp
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
-
- nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
- if(nfd == -1)
- {
- syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
- return -1;
- }
-
- if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
- {
- close(nfd);
- syslog(LOG_ERR, _("System call `%s' failed: %m"),
- "setsockopt");
- return -1;
- }
-
- flags = fcntl(nfd, F_GETFL);
- if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
- {
- close(nfd);
- syslog(LOG_ERR, _("System call `%s' failed: %m"),
- "fcntl");
- return -1;
- }
-
- memset(&a, 0, sizeof(a));
- a.sin_family = AF_INET;
- a.sin_port = htons(myself->port);
- a.sin_addr.s_addr = htonl(INADDR_ANY);
-
- if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
- {
- close(nfd);
- syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port);
- return -1;
- }
-
- a.sin_family = AF_INET;
- a.sin_port = htons(cl->port);
- a.sin_addr.s_addr = htonl(cl->address);
-
- if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
- {
- close(nfd);
- syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
- cl->hostname, cl->port);
- return -1;
- }
-
- flags = fcntl(nfd, F_GETFL);
- if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
- {
- close(nfd);
- syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
- cl->name, cl->hostname);
- return -1;
- }
-
- cl->socket = nfd;
- cl->status.dataopen = 1;
-cp
- return 0;
-}
-
/*
handle an incoming tcp connect call and open
a connection to it.
/* Check if this was our outgoing connection */
- if(cl->status.outgoing && cl->status.active)
+ if(cl->status.outgoing)
{
+ cl->status.outgoing = 0;
signal(SIGALRM, sigalrm_handler);
seconds_till_retry = 5;
alarm(seconds_till_retry);
}
connection_add(ncn);
+
+ send_id(ncn);
cp
return 0;
}