2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.53 2000/10/29 09:19:24 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
44 #include LINUX_IF_TUN_H
61 int taptype = TAP_TYPE_ETHERTAP;
63 int total_tap_out = 0;
64 int total_socket_in = 0;
65 int total_socket_out = 0;
67 config_t *upstreamcfg;
68 static int seconds_till_retry;
75 strip off the MAC adresses of an ethernet frame
77 void strip_mac_addresses(vpn_packet_t *p)
80 memmove(p->data, p->data + 12, p->len -= 12);
85 reassemble MAC addresses
87 void add_mac_addresses(vpn_packet_t *p)
90 memcpy(p->data + 12, p->data, p->len);
92 p->data[0] = p->data[6] = 0xfe;
93 p->data[1] = p->data[7] = 0xfd;
94 /* Really evil pointer stuff just below! */
95 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
96 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
100 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
105 outpkt.len = inpkt->len;
107 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
108 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
109 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
110 outlen += outpad + 2;
112 Do encryption when everything else is fixed...
114 outlen = outpkt.len + 2;
115 memcpy(&outpkt, inpkt, outlen);
117 if(debug_lvl >= DEBUG_TRAFFIC)
118 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
119 outlen, cl->name, cl->hostname);
121 total_socket_out += outlen;
125 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
127 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
128 cl->name, cl->hostname);
135 int xrecv(vpn_packet_t *inpkt)
140 outpkt.len = inpkt->len;
142 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
143 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
144 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
147 Do decryption is everything else is fixed...
149 outlen = outpkt.len+2;
150 memcpy(&outpkt, inpkt, outlen);
152 /* Fix mac address */
154 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
156 if(taptype == TAP_TYPE_TUNTAP)
158 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
159 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
161 total_tap_out += outpkt.len;
165 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
166 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
168 total_tap_out += outpkt.len + 2;
175 add the given packet of size s to the
176 queue q, be it the send or receive queue
178 void add_queue(packet_queue_t **q, void *packet, size_t s)
182 e = xmalloc(sizeof(*e));
183 e->packet = xmalloc(s);
184 memcpy(e->packet, packet, s);
188 *q = xmalloc(sizeof(**q));
189 (*q)->head = (*q)->tail = NULL;
192 e->next = NULL; /* We insert at the tail */
194 if((*q)->tail) /* Do we have a tail? */
196 (*q)->tail->next = e;
197 e->prev = (*q)->tail;
199 else /* No tail -> no head too */
209 /* Remove a queue element */
210 void del_queue(packet_queue_t **q, queue_element_t *e)
215 if(e->next) /* There is a successor, so we are not tail */
217 if(e->prev) /* There is a predecessor, so we are not head */
219 e->next->prev = e->prev;
220 e->prev->next = e->next;
222 else /* We are head */
224 e->next->prev = NULL;
225 (*q)->head = e->next;
228 else /* We are tail (or all alone!) */
230 if(e->prev) /* We are not alone :) */
232 e->prev->next = NULL;
233 (*q)->tail = e->prev;
247 flush a queue by calling function for
248 each packet, and removing it when that
249 returned a zero exit code
251 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
252 int (*function)(conn_list_t*,void*))
254 queue_element_t *p, *next = NULL;
256 for(p = (*pq)->head; p != NULL; )
260 if(!function(cl, p->packet))
266 if(debug_lvl >= DEBUG_TRAFFIC)
267 syslog(LOG_DEBUG, _("Queue flushed"));
272 flush the send&recv queues
273 void because nothing goes wrong here, packets
274 remain in the queue if something goes wrong
276 void flush_queues(conn_list_t *cl)
281 if(debug_lvl >= DEBUG_TRAFFIC)
282 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
283 cl->name, cl->hostname);
284 flush_queue(cl, &(cl->sq), xsend);
289 if(debug_lvl >= DEBUG_TRAFFIC)
290 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
291 cl->name, cl->hostname);
292 flush_queue(cl, &(cl->rq), xrecv);
298 send a packet to the given vpn ip.
300 int send_packet(ip_t to, vpn_packet_t *packet)
305 if((subnet = lookup_subnet_ipv4(to)) == NULL)
307 if(debug_lvl >= DEBUG_TRAFFIC)
309 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
318 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
320 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
322 if(!cl->status.dataopen)
323 if(setup_vpn_connection(cl) < 0)
325 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
326 cl->name, cl->hostname);
330 if(!cl->status.validkey)
332 /* Don't queue until everything else is fixed.
333 if(debug_lvl >= DEBUG_TRAFFIC)
334 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
335 cl->name, cl->hostname);
336 add_queue(&(cl->sq), packet, packet->len + 2);
338 if(!cl->status.waitingforkey)
339 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
343 if(!cl->status.active)
345 /* Don't queue until everything else is fixed.
346 if(debug_lvl >= DEBUG_TRAFFIC)
347 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
348 cl->name, cl->hostname);
349 add_queue(&(cl->sq), packet, packet->len + 2);
351 return 0; /* We don't want to mess up, do we? */
354 /* can we send it? can we? can we? huh? */
356 return xsend(cl, packet);
360 open the local ethertap device
362 int setup_tap_fd(void)
365 const char *tapfname;
371 if((cfg = get_config_val(config, tapdevice)))
372 tapfname = cfg->data.ptr;
375 tapfname = "/dev/misc/net/tun";
377 tapfname = "/dev/tap0";
380 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
382 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
388 /* Set default MAC address for ethertap devices */
390 taptype = TAP_TYPE_ETHERTAP;
391 mymac.type = SUBNET_MAC;
392 mymac.net.mac.address.x[0] = 0xfe;
393 mymac.net.mac.address.x[1] = 0xfd;
394 mymac.net.mac.address.x[2] = 0x00;
395 mymac.net.mac.address.x[3] = 0x00;
396 mymac.net.mac.address.x[4] = 0x00;
397 mymac.net.mac.address.x[5] = 0x00;
400 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
401 memset(&ifr, 0, sizeof(ifr));
403 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
405 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
407 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
409 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
410 taptype = TAP_TYPE_TUNTAP;
414 /* Add name of network interface to environment (for scripts) */
416 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
417 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
426 set up the socket that we listen on for incoming
429 int setup_listen_meta_socket(int port)
432 struct sockaddr_in a;
436 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
438 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
442 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
444 syslog(LOG_ERR, _("setsockopt: %m"));
448 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
450 syslog(LOG_ERR, _("setsockopt: %m"));
454 flags = fcntl(nfd, F_GETFL);
455 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
457 syslog(LOG_ERR, _("fcntl: %m"));
461 if((cfg = get_config_val(config, interface)))
463 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
465 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
470 memset(&a, 0, sizeof(a));
471 a.sin_family = AF_INET;
472 a.sin_port = htons(port);
474 if((cfg = get_config_val(config, interfaceip)))
475 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
477 a.sin_addr.s_addr = htonl(INADDR_ANY);
479 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
481 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
487 syslog(LOG_ERR, _("listen: %m"));
495 setup the socket for incoming encrypted
498 int setup_vpn_in_socket(int port)
501 struct sockaddr_in a;
504 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
506 syslog(LOG_ERR, _("Creating socket failed: %m"));
510 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
512 syslog(LOG_ERR, _("setsockopt: %m"));
516 flags = fcntl(nfd, F_GETFL);
517 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
519 syslog(LOG_ERR, _("fcntl: %m"));
523 memset(&a, 0, sizeof(a));
524 a.sin_family = AF_INET;
525 a.sin_port = htons(port);
526 a.sin_addr.s_addr = htonl(INADDR_ANY);
528 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
530 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
538 setup an outgoing meta (tcp) socket
540 int setup_outgoing_meta_socket(conn_list_t *cl)
543 struct sockaddr_in a;
546 if(debug_lvl >= DEBUG_CONNECTIONS)
547 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
549 if((cfg = get_config_val(cl->config, port)) == NULL)
552 cl->port = cfg->data.val;
554 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
555 if(cl->meta_socket == -1)
557 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
558 cl->hostname, cl->port);
562 a.sin_family = AF_INET;
563 a.sin_port = htons(cl->port);
564 a.sin_addr.s_addr = htonl(cl->address);
566 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
568 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
572 flags = fcntl(cl->meta_socket, F_GETFL);
573 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
575 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
576 cl->hostname, cl->port);
580 if(debug_lvl >= DEBUG_CONNECTIONS)
581 syslog(LOG_INFO, _("Connected to %s port %hd"),
582 cl->hostname, cl->port);
590 setup an outgoing connection. It's not
591 necessary to also open an udp socket as
592 well, because the other host will initiate
593 an authentication sequence during which
594 we will do just that.
596 int setup_outgoing_connection(char *name)
604 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
608 ncn = new_conn_list();
609 asprintf(&ncn->name, "%s", name);
611 if(read_host_config(ncn))
613 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
618 if(!(cfg = get_config_val(ncn->config, address)))
620 syslog(LOG_ERR, _("No address specified for %s"));
625 if(!(h = gethostbyname(cfg->data.ptr)))
627 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
632 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
633 ncn->hostname = hostlookup(htonl(ncn->address));
635 if(setup_outgoing_meta_socket(ncn) < 0)
637 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
643 ncn->status.outgoing = 1;
644 ncn->buffer = xmalloc(MAXBUFSIZE);
646 ncn->last_ping_time = time(NULL);
657 Configure conn_list_t myself and set up the local sockets (listen only)
659 int setup_myself(void)
664 myself = new_conn_list();
666 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
668 myself->protocol_version = PROT_CURRENT;
670 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
672 syslog(LOG_ERR, _("Name for tinc daemon required!"));
676 asprintf(&myself->name, "%s", (char*)cfg->data.val);
678 if(check_id(myself->name))
680 syslog(LOG_ERR, _("Invalid name for myself!"));
684 if(!(cfg = get_config_val(config, privatekey)))
686 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
691 myself->rsa_key = RSA_new();
692 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
693 BN_hex2bn(&myself->rsa_key->e, "FFFF");
696 if(read_host_config(myself))
698 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
702 if(!(cfg = get_config_val(myself->config, publickey)))
704 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
709 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
712 if(RSA_check_key(myself->rsa_key) != 1)
714 syslog(LOG_ERR, _("Invalid public/private keypair!"));
718 if(!(cfg = get_config_val(myself->config, port)))
721 myself->port = cfg->data.val;
723 if((cfg = get_config_val(myself->config, indirectdata)))
724 if(cfg->data.val == stupid_true)
725 myself->flags |= EXPORTINDIRECTDATA;
727 if((cfg = get_config_val(myself->config, tcponly)))
728 if(cfg->data.val == stupid_true)
729 myself->flags |= TCPONLY;
731 /* Read in all the subnets specified in the host configuration file */
733 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
736 net->type = SUBNET_IPV4;
737 net->net.ipv4.address = cfg->data.ip->address;
738 net->net.ipv4.mask = cfg->data.ip->mask;
740 /* Teach newbies what subnets are... */
742 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
744 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
748 subnet_add(myself, net);
751 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
753 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
757 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
759 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
760 close(myself->meta_socket);
764 myself->status.active = 1;
766 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
772 sigalrm_handler(int a)
776 cfg = get_config_val(upstreamcfg, connectto);
778 if(!cfg && upstreamcfg == config)
779 /* No upstream IP given, we're listen only. */
784 upstreamcfg = cfg->next;
785 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
787 signal(SIGALRM, SIG_IGN);
790 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
793 signal(SIGALRM, sigalrm_handler);
794 upstreamcfg = config;
795 seconds_till_retry += 5;
796 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
797 seconds_till_retry = MAXTIMEOUT;
798 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
800 alarm(seconds_till_retry);
805 setup all initial network connections
807 int setup_network_connections(void)
812 if((cfg = get_config_val(config, pingtimeout)) == NULL)
815 timeout = cfg->data.val;
817 if(setup_tap_fd() < 0)
820 if(setup_myself() < 0)
823 /* Run tinc-up script to further initialize the tap interface */
825 asprintf(&scriptname, "%s/tinc-up", confbase);
830 execl(scriptname, NULL);
833 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
840 if(!(cfg = get_config_val(config, connectto)))
841 /* No upstream IP given, we're listen only. */
846 upstreamcfg = cfg->next;
847 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
849 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
852 signal(SIGALRM, sigalrm_handler);
853 upstreamcfg = config;
854 seconds_till_retry = MAXTIMEOUT;
855 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
856 alarm(seconds_till_retry);
862 close all open network connections
864 void close_network_connections(void)
869 for(p = conn_list; p != NULL; p = p->next)
871 p->status.active = 0;
872 terminate_connection(p);
876 if(myself->status.active)
878 close(myself->meta_socket);
879 close(myself->socket);
880 free_conn_list(myself);
884 /* Execute tinc-down script right before shutting down the interface */
886 asprintf(&scriptname, "%s/tinc-down", confbase);
890 execl(scriptname, NULL);
893 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
903 syslog(LOG_NOTICE, _("Terminating"));
909 create a data (udp) socket
911 int setup_vpn_connection(conn_list_t *cl)
914 struct sockaddr_in a;
916 if(debug_lvl >= DEBUG_TRAFFIC)
917 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
919 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
922 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
926 a.sin_family = AF_INET;
927 a.sin_port = htons(cl->port);
928 a.sin_addr.s_addr = htonl(cl->address);
930 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
932 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
933 cl->hostname, cl->port);
937 flags = fcntl(nfd, F_GETFL);
938 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
940 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
941 cl->name, cl->hostname);
946 cl->status.dataopen = 1;
952 handle an incoming tcp connect call and open
955 conn_list_t *create_new_connection(int sfd)
958 struct sockaddr_in ci;
959 int len = sizeof(ci);
963 if(getpeername(sfd, &ci, &len) < 0)
965 syslog(LOG_ERR, _("Error: getpeername: %m"));
970 p->address = ntohl(ci.sin_addr.s_addr);
971 p->hostname = hostlookup(ci.sin_addr.s_addr);
972 p->meta_socket = sfd;
974 p->buffer = xmalloc(MAXBUFSIZE);
976 p->last_ping_time = time(NULL);
979 if(debug_lvl >= DEBUG_CONNECTIONS)
980 syslog(LOG_NOTICE, _("Connection from %s port %d"),
981 p->hostname, htons(ci.sin_port));
983 p->allow_request = ID;
989 put all file descriptors in an fd_set array
991 void build_fdset(fd_set *fs)
997 for(p = conn_list; p != NULL; p = p->next)
1000 FD_SET(p->meta_socket, fs);
1001 if(p->status.dataopen)
1002 FD_SET(p->socket, fs);
1005 FD_SET(myself->meta_socket, fs);
1006 FD_SET(myself->socket, fs);
1012 receive incoming data from the listening
1013 udp socket and write it to the ethertap
1014 device after being decrypted
1016 int handle_incoming_vpn_data()
1019 int x, l = sizeof(x);
1020 struct sockaddr from;
1021 socklen_t fromlen = sizeof(from);
1023 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1025 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1026 __FILE__, __LINE__, myself->socket);
1031 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1035 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
1037 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1041 if(debug_lvl >= DEBUG_TRAFFIC)
1043 syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
1044 from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
1052 terminate a connection and notify the other
1053 end before closing the sockets
1055 void terminate_connection(conn_list_t *cl)
1060 if(cl->status.remove)
1063 cl->status.remove = 1;
1065 if(debug_lvl >= DEBUG_CONNECTIONS)
1066 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1067 cl->name, cl->hostname);
1072 close(cl->meta_socket);
1075 /* Find all connections that were lost because they were behind cl
1076 (the connection that was dropped). */
1079 for(p = conn_list; p != NULL; p = p->next)
1080 if((p->nexthop == cl) && (p != cl))
1081 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1083 /* Inform others of termination if it was still active */
1085 if(cl->status.active)
1086 for(p = conn_list; p != NULL; p = p->next)
1087 if(p->status.meta && p->status.active && p!=cl)
1088 send_del_host(p, cl);
1090 /* Remove the associated subnets */
1092 for(s = cl->subnets; s; s = s->next)
1095 /* Check if this was our outgoing connection */
1097 if(cl->status.outgoing && cl->status.active)
1099 signal(SIGALRM, sigalrm_handler);
1100 seconds_till_retry = 5;
1101 alarm(seconds_till_retry);
1102 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1107 cl->status.active = 0;
1112 Check if the other end is active.
1113 If we have sent packets, but didn't receive any,
1114 then possibly the other end is dead. We send a
1115 PING request over the meta connection. If the other
1116 end does not reply in time, we consider them dead
1117 and close the connection.
1119 int check_dead_connections(void)
1125 for(p = conn_list; p != NULL; p = p->next)
1127 if(p->status.active && p->status.meta)
1129 if(p->last_ping_time + timeout < now)
1131 if(p->status.pinged && !p->status.got_pong)
1133 if(debug_lvl >= DEBUG_PROTOCOL)
1134 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1135 p->name, p->hostname);
1136 p->status.timeout = 1;
1137 terminate_connection(p);
1139 else if(p->want_ping)
1142 p->last_ping_time = now;
1143 p->status.pinged = 1;
1144 p->status.got_pong = 0;
1154 accept a new tcp connect and create a
1157 int handle_new_meta_connection()
1160 struct sockaddr client;
1161 int nfd, len = sizeof(client);
1163 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1165 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1169 if(!(ncn = create_new_connection(nfd)))
1173 syslog(LOG_NOTICE, _("Closed attempted connection"));
1183 check all connections to see if anything
1184 happened on their sockets
1186 void check_network_activity(fd_set *f)
1189 int x, l = sizeof(x);
1191 for(p = conn_list; p != NULL; p = p->next)
1193 if(p->status.remove)
1196 if(p->status.dataopen)
1197 if(FD_ISSET(p->socket, f))
1200 The only thing that can happen to get us here is apparently an
1201 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1202 something that will not trigger an error directly on send()).
1203 I've once got here when it said `No route to host'.
1205 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1206 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1207 p->name, p->hostname, strerror(x));
1208 terminate_connection(p);
1213 if(FD_ISSET(p->meta_socket, f))
1214 if(receive_meta(p) < 0)
1216 terminate_connection(p);
1221 if(FD_ISSET(myself->socket, f))
1222 handle_incoming_vpn_data();
1224 if(FD_ISSET(myself->meta_socket, f))
1225 handle_new_meta_connection();
1230 read, encrypt and send data that is
1231 available through the ethertap device
1233 void handle_tap_input(void)
1238 if(taptype == TAP_TYPE_TUNTAP)
1240 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1242 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1249 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1251 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1257 total_tap_in += lenin;
1261 if(debug_lvl >= DEBUG_TRAFFIC)
1262 syslog(LOG_WARNING, _("Received short packet from tap device"));
1266 if(debug_lvl >= DEBUG_TRAFFIC)
1268 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1271 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1276 this is where it all happens...
1278 void main_loop(void)
1283 time_t last_ping_check;
1285 last_ping_check = time(NULL);
1289 tv.tv_sec = timeout;
1295 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1297 if(errno != EINTR) /* because of alarm */
1299 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1306 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1308 close_network_connections();
1309 clear_config(&config);
1311 if(read_server_config())
1313 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1319 if(setup_network_connections())
1325 if(last_ping_check + timeout < time(NULL))
1326 /* Let's check if everybody is still alive */
1328 check_dead_connections();
1329 last_ping_check = time(NULL);
1334 check_network_activity(&fset);
1336 /* local tap data */
1337 if(FD_ISSET(tap_fd, &fset))