9669bc971972488e80ba69391b3841da952f13dc
[tinc] / net.c
1 /*
2     net.c -- most of the network code
3     Copyright (C) 1998-2005 Ivo Timmermans,
4                   2000-2021 Guus Sliepen <guus@tinc-vpn.org>
5                   2006      Scott Lamb <slamb@slamb.org>
6                   2011      Loïc Grenié <loic.grenie@gmail.com>
7
8     This program is free software; you can redistribute it and/or modify
9     it under the terms of the GNU General Public License as published by
10     the Free Software Foundation; either version 2 of the License, or
11     (at your option) any later version.
12
13     This program is distributed in the hope that it will be useful,
14     but WITHOUT ANY WARRANTY; without even the implied warranty of
15     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16     GNU General Public License for more details.
17
18     You should have received a copy of the GNU General Public License along
19     with this program; if not, write to the Free Software Foundation, Inc.,
20     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
23 #include "system.h"
24
25 #include "autoconnect.h"
26 #include "conf_net.h"
27 #include "conf.h"
28 #include "connection.h"
29 #include "crypto.h"
30 #include "graph.h"
31 #include "logger.h"
32 #include "meta.h"
33 #include "names.h"
34 #include "net.h"
35 #include "protocol.h"
36 #include "subnet.h"
37 #include "utils.h"
38
39 int contradicting_add_edge = 0;
40 int contradicting_del_edge = 0;
41 static int sleeptime = 10;
42 time_t last_config_check = 0;
43 static timeout_t pingtimer;
44 static timeout_t periodictimer;
45 static struct timeval last_periodic_run_time;
46
47 /* Purge edges and subnets of unreachable nodes. Use carefully. */
48
49 void purge(void) {
50         logger(DEBUG_PROTOCOL, LOG_DEBUG, "Purging unreachable nodes");
51
52         /* Remove all edges and subnets owned by unreachable nodes. */
53
54         for splay_each(node_t, n, &node_tree) {
55                 if(!n->status.reachable) {
56                         logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Purging node %s (%s)", n->name, n->hostname);
57
58                         for splay_each(subnet_t, s, &n->subnet_tree) {
59                                 send_del_subnet(everyone, s);
60
61                                 if(!strictsubnets) {
62                                         subnet_del(n, s);
63                                 }
64                         }
65
66                         for splay_each(edge_t, e, &n->edge_tree) {
67                                 if(!tunnelserver) {
68                                         send_del_edge(everyone, e);
69                                 }
70
71                                 edge_del(e);
72                         }
73                 }
74         }
75
76         /* Check if anyone else claims to have an edge to an unreachable node. If not, delete node. */
77
78         for splay_each(node_t, n, &node_tree) {
79                 if(!n->status.reachable) {
80                         for splay_each(edge_t, e, &edge_weight_tree)
81                                 if(e->to == n) {
82                                         return;
83                                 }
84
85                         if(!autoconnect && (!strictsubnets || !n->subnet_tree.head))
86                                 /* in strictsubnets mode do not delete nodes with subnets */
87                         {
88                                 node_del(n);
89                         }
90                 }
91         }
92 }
93
94 /* Put a misbehaving connection in the tarpit */
95 void tarpit(int fd) {
96         static int pits[10] = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
97         static unsigned int next_pit = 0;
98
99         if(pits[next_pit] != -1) {
100                 closesocket(pits[next_pit]);
101         }
102
103         pits[next_pit++] = fd;
104
105         if(next_pit >= sizeof pits / sizeof pits[0]) {
106                 next_pit = 0;
107         }
108 }
109
110 /*
111   Terminate a connection:
112   - Mark it as inactive
113   - Remove the edge representing this connection
114   - Kill it with fire
115   - Check if we need to retry making an outgoing connection
116 */
117 void terminate_connection(connection_t *c, bool report) {
118         logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Closing connection with %s (%s)", c->name, c->hostname);
119
120         if(c->node) {
121                 if(c->node->connection == c) {
122                         c->node->connection = NULL;
123                 }
124
125                 if(c->edge) {
126                         if(report && !tunnelserver) {
127                                 send_del_edge(everyone, c->edge);
128                         }
129
130                         edge_del(c->edge);
131                         c->edge = NULL;
132
133                         /* Run MST and SSSP algorithms */
134
135                         graph();
136
137                         /* If the node is not reachable anymore but we remember it had an edge to us, clean it up */
138
139                         if(report && !c->node->status.reachable) {
140                                 edge_t *e;
141                                 e = lookup_edge(c->node, myself);
142
143                                 if(e) {
144                                         if(!tunnelserver) {
145                                                 send_del_edge(everyone, e);
146                                         }
147
148                                         edge_del(e);
149                                 }
150                         }
151                 }
152         }
153
154         outgoing_t *outgoing = c->outgoing;
155         connection_del(c);
156
157         /* Check if this was our outgoing connection */
158
159         if(outgoing) {
160                 do_outgoing_connection(outgoing);
161         }
162
163 #ifndef HAVE_WINDOWS
164         /* Clean up dead proxy processes */
165
166         while(waitpid(-1, NULL, WNOHANG) > 0);
167
168 #endif
169 }
170
171 /*
172   Check if the other end is active.
173   If we have sent packets, but didn't receive any,
174   then possibly the other end is dead. We send a
175   PING request over the meta connection. If the other
176   end does not reply in time, we consider them dead
177   and close the connection.
178 */
179 static void timeout_handler(void *data) {
180
181         bool close_all_connections = false;
182
183         /*
184                  timeout_handler will start after 30 seconds from start of tincd
185                  hold information about the elapsed time since last time the handler
186                  has been run
187         */
188         long sleep_time = now.tv_sec - last_periodic_run_time.tv_sec;
189
190         /*
191                  It seems that finding sane default value is harder than expected
192                  Since we send every second a UDP packet to make holepunching work
193                  And default UDP state expire on firewalls is between 15-30 seconds
194                  we drop all connections after 60 Seconds - UDPDiscoveryTimeout=30
195                  by default
196         */
197         if(sleep_time > 2 * udp_discovery_timeout) {
198                 logger(DEBUG_ALWAYS, LOG_ERR, "Awaking from dead after %ld seconds of sleep", sleep_time);
199                 /*
200                         Do not send any packets to tinc after we wake up.
201                         The other node probably closed our connection but we still
202                         are holding context information to them. This may happen on
203                         laptops or any other hardware which can be suspended for some time.
204                         Sending any data to node that wasn't expecting it will produce
205                         annoying and misleading errors on the other side about failed signature
206                         verification and or about missing sptps context
207                 */
208                 close_all_connections = true;
209         }
210
211         last_periodic_run_time = now;
212
213         for list_each(connection_t, c, &connection_list) {
214                 // control connections (eg. tinc ctl) do not have any timeout
215                 if(c->status.control) {
216                         continue;
217                 }
218
219                 if(close_all_connections) {
220                         logger(DEBUG_ALWAYS, LOG_ERR, "Forcing connection close after sleep time %s (%s)", c->name, c->hostname);
221                         terminate_connection(c, c->edge);
222                         continue;
223                 }
224
225                 // Bail out early if we haven't reached the ping timeout for this node yet
226                 if(c->last_ping_time + pingtimeout > now.tv_sec) {
227                         continue;
228                 }
229
230                 // timeout during connection establishing
231                 if(!c->edge) {
232                         if(c->status.connecting) {
233                                 logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout while connecting to %s (%s)", c->name, c->hostname);
234                         } else {
235                                 logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout from %s (%s) during authentication", c->name, c->hostname);
236                                 c->status.tarpit = true;
237                         }
238
239                         terminate_connection(c, c->edge);
240                         continue;
241                 }
242
243                 // helps in UDP holepunching
244                 try_tx(c->node, false);
245
246                 // timeout during ping
247                 if(c->status.pinged) {
248                         logger(DEBUG_CONNECTIONS, LOG_INFO, "%s (%s) didn't respond to PING in %ld seconds", c->name, c->hostname, (long)(now.tv_sec - c->last_ping_time));
249                         terminate_connection(c, c->edge);
250                         continue;
251                 }
252
253                 // check whether we need to send a new ping
254                 if(c->last_ping_time + pinginterval <= now.tv_sec) {
255                         send_ping(c);
256                 }
257         }
258
259         timeout_set(data, &(struct timeval) {
260                 1, jitter()
261         });
262 }
263
264 static void periodic_handler(void *data) {
265         /* Check if there are too many contradicting ADD_EDGE and DEL_EDGE messages.
266            This usually only happens when another node has the same Name as this node.
267            If so, sleep for a short while to prevent a storm of contradicting messages.
268         */
269
270         if(contradicting_del_edge > 100 && contradicting_add_edge > 100) {
271                 logger(DEBUG_ALWAYS, LOG_WARNING, "Possible node with same Name as us! Sleeping %d seconds.", sleeptime);
272                 sleep_millis(sleeptime * 1000);
273                 sleeptime *= 2;
274
275                 if(sleeptime < 0) {
276                         sleeptime = 3600;
277                 }
278         } else {
279                 sleeptime /= 2;
280
281                 if(sleeptime < 10) {
282                         sleeptime = 10;
283                 }
284         }
285
286         contradicting_add_edge = 0;
287         contradicting_del_edge = 0;
288
289         /* If AutoConnect is set, check if we need to make or break connections. */
290
291         if(autoconnect && node_tree.count > 1) {
292                 do_autoconnect();
293         }
294
295         timeout_set(data, &(struct timeval) {
296                 5, jitter()
297         });
298 }
299
300 void handle_meta_connection_data(connection_t *c) {
301         if(!receive_meta(c)) {
302                 if(!c->status.control) {
303                         c->status.tarpit = true;
304                 }
305
306                 terminate_connection(c, c->edge);
307                 return;
308         }
309 }
310
311 #ifndef HAVE_WINDOWS
312 static void sigterm_handler(void *data) {
313         logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
314         event_exit();
315 }
316
317 static void sighup_handler(void *data) {
318         logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
319         reopenlogger();
320
321         if(reload_configuration()) {
322                 exit(1);
323         }
324 }
325
326 static void sigalrm_handler(void *data) {
327         logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
328         retry();
329 }
330 #endif
331
332 int reload_configuration(void) {
333         char fname[PATH_MAX];
334
335         /* Reread our own configuration file */
336
337         splay_empty_tree(&config_tree);
338
339         if(!read_server_config(&config_tree)) {
340                 logger(DEBUG_ALWAYS, LOG_ERR, "Unable to reread configuration file.");
341                 return EINVAL;
342         }
343
344         read_config_options(&config_tree, NULL);
345
346         snprintf(fname, sizeof(fname), "%s" SLASH "hosts" SLASH "%s", confbase, myself->name);
347         read_config_file(&config_tree, fname, true);
348
349         /* Parse some options that are allowed to be changed while tinc is running */
350
351         setup_myself_reloadable();
352
353         /* If StrictSubnet is set, expire deleted Subnets and read new ones in */
354
355         if(strictsubnets) {
356                 for splay_each(subnet_t, subnet, &subnet_tree)
357                         if(subnet->owner) {
358                                 subnet->expires = 1;
359                         }
360         }
361
362         for splay_each(node_t, n, &node_tree) {
363                 n->status.has_address = false;
364         }
365
366         load_all_nodes();
367
368         if(strictsubnets) {
369                 for splay_each(subnet_t, subnet, &subnet_tree) {
370                         if(!subnet->owner) {
371                                 continue;
372                         }
373
374                         if(subnet->expires == 1) {
375                                 send_del_subnet(everyone, subnet);
376
377                                 if(subnet->owner->status.reachable) {
378                                         subnet_update(subnet->owner, subnet, false);
379                                 }
380
381                                 subnet_del(subnet->owner, subnet);
382                         } else if(subnet->expires == -1) {
383                                 subnet->expires = 0;
384                         } else {
385                                 send_add_subnet(everyone, subnet);
386
387                                 if(subnet->owner->status.reachable) {
388                                         subnet_update(subnet->owner, subnet, true);
389                                 }
390                         }
391                 }
392         } else { /* Only read our own subnets back in */
393                 for splay_each(subnet_t, subnet, &myself->subnet_tree)
394                         if(!subnet->expires) {
395                                 subnet->expires = 1;
396                         }
397
398                 config_t *cfg = lookup_config(&config_tree, "Subnet");
399
400                 while(cfg) {
401                         subnet_t *subnet, *s2;
402
403                         if(get_config_subnet(cfg, &subnet)) {
404                                 if((s2 = lookup_subnet(myself, subnet))) {
405                                         if(s2->expires == 1) {
406                                                 s2->expires = 0;
407                                         }
408
409                                         free_subnet(subnet);
410                                 } else {
411                                         subnet_add(myself, subnet);
412                                         send_add_subnet(everyone, subnet);
413                                         subnet_update(myself, subnet, true);
414                                 }
415                         }
416
417                         cfg = lookup_config_next(&config_tree, cfg);
418                 }
419
420                 for splay_each(subnet_t, subnet, &myself->subnet_tree) {
421                         if(subnet->expires == 1) {
422                                 send_del_subnet(everyone, subnet);
423                                 subnet_update(myself, subnet, false);
424                                 subnet_del(myself, subnet);
425                         }
426                 }
427         }
428
429         /* Try to make outgoing connections */
430
431         try_outgoing_connections();
432
433         /* Close connections to hosts that have a changed or deleted host config file */
434
435         for list_each(connection_t, c, &connection_list) {
436                 if(c->status.control) {
437                         continue;
438                 }
439
440                 snprintf(fname, sizeof(fname), "%s" SLASH "hosts" SLASH "%s", confbase, c->name);
441                 struct stat s;
442
443                 if(stat(fname, &s) || s.st_mtime > last_config_check) {
444                         logger(DEBUG_CONNECTIONS, LOG_INFO, "Host config file of %s has been changed", c->name);
445                         terminate_connection(c, c->edge);
446                 }
447         }
448
449         last_config_check = now.tv_sec;
450
451         return 0;
452 }
453
454 void retry(void) {
455         /* Reset the reconnection timers for all outgoing connections */
456         for list_each(outgoing_t, outgoing, &outgoing_list) {
457                 outgoing->timeout = 0;
458
459                 if(outgoing->ev.cb)
460                         timeout_set(&outgoing->ev, &(struct timeval) {
461                         0, 0
462                 });
463         }
464
465         /* Check for outgoing connections that are in progress, and reset their ping timers */
466         for list_each(connection_t, c, &connection_list) {
467                 if(c->outgoing && !c->node) {
468                         c->last_ping_time = 0;
469                 }
470         }
471
472         /* Kick the ping timeout handler */
473         timeout_set(&pingtimer, &(struct timeval) {
474                 0, 0
475         });
476 }
477
478 /*
479   this is where it all happens...
480 */
481 int main_loop(void) {
482         last_periodic_run_time = now;
483         timeout_add(&pingtimer, timeout_handler, &pingtimer, &(struct timeval) {
484                 pingtimeout, jitter()
485         });
486         timeout_add(&periodictimer, periodic_handler, &periodictimer, &(struct timeval) {
487                 0, 0
488         });
489
490 #ifndef HAVE_WINDOWS
491         signal_t sighup = {0};
492         signal_t sigterm = {0};
493         signal_t sigquit = {0};
494         signal_t sigint = {0};
495         signal_t sigalrm = {0};
496
497         signal_add(&sighup, sighup_handler, &sighup, SIGHUP);
498         signal_add(&sigterm, sigterm_handler, &sigterm, SIGTERM);
499         signal_add(&sigquit, sigterm_handler, &sigquit, SIGQUIT);
500         signal_add(&sigint, sigterm_handler, &sigint, SIGINT);
501         signal_add(&sigalrm, sigalrm_handler, &sigalrm, SIGALRM);
502 #endif
503
504         if(!event_loop()) {
505                 logger(DEBUG_ALWAYS, LOG_ERR, "Error while waiting for input: %s", sockstrerror(sockerrno));
506                 return 1;
507         }
508
509 #ifndef HAVE_WINDOWS
510         signal_del(&sighup);
511         signal_del(&sigterm);
512         signal_del(&sigquit);
513         signal_del(&sigint);
514         signal_del(&sigalrm);
515 #endif
516
517         timeout_del(&periodictimer);
518         timeout_del(&pingtimer);
519
520         return 0;
521 }