2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include "connection.h"
52 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
55 static void send_udppacket(node_t *, vpn_packet_t *);
57 unsigned replaywin = 16;
58 bool localdiscovery = false;
60 #define MAX_SEQNO 1073741824
62 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
63 mtuprobes == 31: sleep pinginterval seconds
64 mtuprobes == 32: send 1 burst, sleep pingtimeout second
65 mtuprobes == 33: no response from other side, restart PMTU discovery process
67 Probes are sent in batches of at least three, with random sizes between the
68 lower and upper boundaries for the MTU thus far discovered.
70 After the initial discovery, a fourth packet is added to each batch with a
71 size larger than the currently known PMTU, to test if the PMTU has increased.
73 In case local discovery is enabled, another packet is added to each batch,
74 which will be broadcast to the local network.
78 static void send_mtu_probe_handler(void *data) {
84 if(!n->status.reachable || !n->status.validkey) {
85 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
90 if(n->mtuprobes > 32) {
93 timeout = pinginterval;
97 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
98 n->status.udp_confirmed = false;
104 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
105 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
109 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
110 if(n->minmtu > n->maxmtu)
111 n->minmtu = n->maxmtu;
113 n->maxmtu = n->minmtu;
115 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
119 if(n->mtuprobes == 31) {
120 timeout = pinginterval;
122 } else if(n->mtuprobes == 32) {
123 timeout = pingtimeout;
126 for(int i = 0; i < 4 + localdiscovery; i++) {
130 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
133 } else if(n->maxmtu <= n->minmtu) {
136 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
143 memset(packet.data, 0, 14);
144 randomize(packet.data + 14, len - 14);
146 if(i >= 4 && n->mtuprobes <= 10)
147 packet.priority = -1;
151 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
153 send_udppacket(n, &packet);
156 n->probe_counter = 0;
157 gettimeofday(&n->probe_time, NULL);
159 /* Calculate the packet loss of incoming traffic by comparing the rate of
160 packets received to the rate with which the sequence number has increased.
163 if(n->received > n->prev_received)
164 n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
166 n->packetloss = n->received_seqno <= n->prev_received_seqno;
168 n->prev_received_seqno = n->received_seqno;
169 n->prev_received = n->received;
172 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
175 void send_mtu_probe(node_t *n) {
176 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
177 send_mtu_probe_handler(n);
180 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
181 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
183 if(!packet->data[0]) {
184 /* It's a probe request, send back a reply */
188 /* Temporarily set udp_confirmed, so that the reply is sent
189 back exactly the way it came in. */
191 bool udp_confirmed = n->status.udp_confirmed;
192 n->status.udp_confirmed = true;
193 send_udppacket(n, packet);
194 n->status.udp_confirmed = udp_confirmed;
196 /* It's a valid reply: now we know bidirectional communication
197 is possible using the address and socket that the reply
200 n->status.udp_confirmed = true;
202 /* If we haven't established the PMTU yet, restart the discovery process. */
204 if(n->mtuprobes > 30) {
205 if (len == n->maxmtu + 8) {
206 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
218 /* If applicable, raise the minimum supported MTU */
225 /* Calculate RTT and bandwidth.
226 The RTT is the time between the MTU probe burst was sent and the first
227 reply is received. The bandwidth is measured using the time between the
228 arrival of the first and third probe reply.
231 struct timeval now, diff;
232 gettimeofday(&now, NULL);
233 timersub(&now, &n->probe_time, &diff);
236 if(n->probe_counter == 1) {
237 n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
239 } else if(n->probe_counter == 3) {
240 n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
241 logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
246 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
248 memcpy(dest, source, len);
250 } else if(level == 10) {
252 lzo_uint lzolen = MAXSIZE;
253 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
258 } else if(level < 10) {
260 unsigned long destlen = MAXSIZE;
261 if(compress2(dest, &destlen, source, len, level) == Z_OK)
268 lzo_uint lzolen = MAXSIZE;
269 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
279 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
281 memcpy(dest, source, len);
283 } else if(level > 9) {
285 lzo_uint lzolen = MAXSIZE;
286 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
294 unsigned long destlen = MAXSIZE;
295 if(uncompress(dest, &destlen, source, len) == Z_OK)
307 static void receive_packet(node_t *n, vpn_packet_t *packet) {
308 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
309 packet->len, n->name, n->hostname);
312 n->in_bytes += packet->len;
317 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
319 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
321 if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest))
324 return digest_verify(&n->indigest, &inpkt->seqno, inpkt->len - n->indigest.maclength, (const char *)&inpkt->seqno + inpkt->len - n->indigest.maclength);
327 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
328 vpn_packet_t pkt1, pkt2;
329 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
331 vpn_packet_t *outpkt = pkt[0];
334 if(n->status.sptps) {
335 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
339 if(!cipher_active(&n->incipher)) {
340 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
341 n->name, n->hostname);
345 /* Check packet length */
347 if(inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) {
348 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
349 n->name, n->hostname);
353 /* Check the message authentication code */
355 if(digest_active(&n->indigest)) {
356 inpkt->len -= n->indigest.maclength;
357 if(!digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
358 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
362 /* Decrypt the packet */
364 if(cipher_active(&n->incipher)) {
365 outpkt = pkt[nextpkt++];
368 if(!cipher_decrypt(&n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
369 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
373 outpkt->len = outlen;
377 /* Check the sequence number */
379 inpkt->len -= sizeof inpkt->seqno;
380 inpkt->seqno = ntohl(inpkt->seqno);
383 if(inpkt->seqno != n->received_seqno + 1) {
384 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
385 if(n->farfuture++ < replaywin >> 2) {
386 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
387 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
390 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
391 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
392 memset(n->late, 0, replaywin);
393 } else if (inpkt->seqno <= n->received_seqno) {
394 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
395 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
396 n->name, n->hostname, inpkt->seqno, n->received_seqno);
400 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
401 n->late[(i / 8) % replaywin] |= 1 << i % 8;
406 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
409 if(inpkt->seqno > n->received_seqno)
410 n->received_seqno = inpkt->seqno;
414 if(n->received_seqno > MAX_SEQNO)
417 /* Decompress the packet */
419 length_t origlen = inpkt->len;
421 if(n->incompression) {
422 outpkt = pkt[nextpkt++];
424 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
425 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
426 n->name, n->hostname);
432 origlen -= MTU/64 + 20;
437 if(!inpkt->data[12] && !inpkt->data[13])
438 mtu_probe_h(n, inpkt, origlen);
440 receive_packet(n, inpkt);
443 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
447 if(c->options & OPTION_TCPONLY)
450 outpkt.priority = -1;
451 memcpy(outpkt.data, buffer, len);
453 receive_packet(c->node, &outpkt);
456 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
457 if(!n->status.validkey) {
458 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
459 if(!n->status.waitingforkey)
461 else if(n->last_req_key + 10 < now.tv_sec) {
462 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
463 sptps_stop(&n->sptps);
464 n->status.waitingforkey = false;
473 if(!(origpkt->data[12] | origpkt->data[13])) {
474 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
478 if(routing_mode == RMODE_ROUTER)
483 if(origpkt->len < offset)
488 if(n->outcompression) {
489 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
491 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
492 } else if(len < origpkt->len - offset) {
493 outpkt.len = len + offset;
495 type |= PKT_COMPRESSED;
499 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
503 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
508 /* If the UDP address is confirmed, use it. */
509 if(n->status.udp_confirmed)
512 /* Send every third packet to n->address; that could be set
513 to the node's reflexive UDP address discovered during key
522 /* Otherwise, address are found in edges to this node.
523 So we pick a random edge and a random socket. */
526 int j = rand() % n->edge_tree->count;
527 edge_t *candidate = NULL;
529 for splay_each(edge_t, e, n->edge_tree) {
531 candidate = e->reverse;
537 *sa = &candidate->address;
538 *sock = rand() % listen_sockets;
541 /* Make sure we have a suitable socket for the chosen address */
542 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
543 for(int i = 0; i < listen_sockets; i++) {
544 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
552 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
553 static sockaddr_t broadcast_ipv4 = {
555 .sin_family = AF_INET,
556 .sin_addr.s_addr = -1,
560 static sockaddr_t broadcast_ipv6 = {
562 .sin6_family = AF_INET6,
563 .sin6_addr.s6_addr[0x0] = 0xff,
564 .sin6_addr.s6_addr[0x1] = 0x02,
565 .sin6_addr.s6_addr[0xf] = 0x01,
569 *sock = rand() % listen_sockets;
571 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
572 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
573 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
574 *sa = &broadcast_ipv6;
576 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
577 *sa = &broadcast_ipv4;
581 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
582 vpn_packet_t pkt1, pkt2;
583 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
584 vpn_packet_t *inpkt = origpkt;
586 vpn_packet_t *outpkt;
587 int origlen = origpkt->len;
589 #if defined(SOL_IP) && defined(IP_TOS)
590 static int priority = 0;
592 int origpriority = origpkt->priority;
594 if(!n->status.reachable) {
595 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
600 return send_sptps_packet(n, origpkt);
602 /* Make sure we have a valid key */
604 if(!n->status.validkey) {
605 logger(DEBUG_TRAFFIC, LOG_INFO,
606 "No valid key known yet for %s (%s), forwarding via TCP",
607 n->name, n->hostname);
609 if(n->last_req_key + 10 <= now.tv_sec) {
611 n->last_req_key = now.tv_sec;
614 send_tcppacket(n->nexthop->connection, origpkt);
619 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
620 logger(DEBUG_TRAFFIC, LOG_INFO,
621 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
622 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
625 send_packet(n->nexthop, origpkt);
627 send_tcppacket(n->nexthop->connection, origpkt);
632 /* Compress the packet */
634 if(n->outcompression) {
635 outpkt = pkt[nextpkt++];
637 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
638 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
639 n->name, n->hostname);
646 /* Add sequence number */
648 inpkt->seqno = htonl(++(n->sent_seqno));
649 inpkt->len += sizeof inpkt->seqno;
651 /* Encrypt the packet */
653 if(cipher_active(&n->outcipher)) {
654 outpkt = pkt[nextpkt++];
657 if(!cipher_encrypt(&n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
658 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
662 outpkt->len = outlen;
666 /* Add the message authentication code */
668 if(digest_active(&n->outdigest)) {
669 digest_create(&n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
670 inpkt->len += digest_length(&n->outdigest);
673 /* Send the packet */
675 const sockaddr_t *sa;
678 /* Overloaded use of priority field: -1 means local broadcast */
680 if(origpriority == -1 && n->prevedge)
681 choose_broadcast_address(n, &sa, &sock);
683 choose_udp_address(n, &sa, &sock);
685 #if defined(SOL_IP) && defined(IP_TOS)
686 if(priorityinheritance && origpriority != priority
687 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
688 priority = origpriority;
689 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
690 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
691 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
695 if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
696 if(sockmsgsize(sockerrno)) {
697 if(n->maxmtu >= origlen)
698 n->maxmtu = origlen - 1;
699 if(n->mtu >= origlen)
700 n->mtu = origlen - 1;
702 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
706 origpkt->len = origlen;
709 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
712 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
714 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
715 char buf[len * 4 / 3 + 5];
716 b64encode(data, buf, len);
717 /* If no valid key is known yet, send the packets using ANS_KEY requests,
718 to ensure we get to learn the reflexive UDP address. */
719 if(!to->status.validkey)
720 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
722 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
725 /* Otherwise, send the packet via UDP */
727 const sockaddr_t *sa;
730 choose_udp_address(to, &sa, &sock);
732 if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
733 if(sockmsgsize(sockerrno)) {
734 if(to->maxmtu >= len)
735 to->maxmtu = len - 1;
739 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
747 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
748 node_t *from = handle;
750 if(type == SPTPS_HANDSHAKE) {
751 if(!from->status.validkey) {
752 from->status.validkey = true;
753 from->status.waitingforkey = false;
754 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
760 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
766 if(type == PKT_PROBE) {
768 memcpy(inpkt.data, data, len);
769 mtu_probe_h(from, &inpkt, len);
773 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
774 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
778 /* Check if we have the headers we need */
779 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
780 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
782 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
783 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
786 int offset = (type & PKT_MAC) ? 0 : 14;
787 if(type & PKT_COMPRESSED) {
788 length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
792 inpkt.len = ulen + offset;
794 if(inpkt.len > MAXSIZE)
797 memcpy(inpkt.data + offset, data, len);
798 inpkt.len = len + offset;
801 /* Generate the Ethernet packet type if necessary */
803 switch(inpkt.data[14] >> 4) {
805 inpkt.data[12] = 0x08;
806 inpkt.data[13] = 0x00;
809 inpkt.data[12] = 0x86;
810 inpkt.data[13] = 0xDD;
813 logger(DEBUG_TRAFFIC, LOG_ERR,
814 "Unknown IP version %d while reading packet from %s (%s)",
815 inpkt.data[14] >> 4, from->name, from->hostname);
820 receive_packet(from, &inpkt);
825 send a packet to the given vpn ip.
827 void send_packet(node_t *n, vpn_packet_t *packet) {
832 memcpy(packet->data, mymac.x, ETH_ALEN);
834 n->out_bytes += packet->len;
835 devops.write(packet);
839 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
840 packet->len, n->name, n->hostname);
842 if(!n->status.reachable) {
843 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
844 n->name, n->hostname);
849 n->out_bytes += packet->len;
851 if(n->status.sptps) {
852 send_sptps_packet(n, packet);
856 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
859 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
860 n->name, via->name, n->via->hostname);
862 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
863 if(!send_tcppacket(via->connection, packet))
864 terminate_connection(via->connection, true);
866 send_udppacket(via, packet);
869 /* Broadcast a packet using the minimum spanning tree */
871 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
872 // Always give ourself a copy of the packet.
874 send_packet(myself, packet);
876 // In TunnelServer mode, do not forward broadcast packets.
877 // The MST might not be valid and create loops.
878 if(tunnelserver || broadcast_mode == BMODE_NONE)
881 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
882 packet->len, from->name, from->hostname);
884 switch(broadcast_mode) {
885 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
886 // This guarantees all nodes receive the broadcast packet, and
887 // usually distributes the sending of broadcast packets over all nodes.
889 for list_each(connection_t, c, connection_list)
890 if(c->status.active && c->status.mst && c != from->nexthop->connection)
891 send_packet(c->node, packet);
894 // In direct mode, we send copies to each node we know of.
895 // However, this only reaches nodes that can be reached in a single hop.
896 // We don't have enough information to forward broadcast packets in this case.
901 for splay_each(node_t, n, node_tree)
902 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
903 send_packet(n, packet);
911 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
914 static time_t last_hard_try = 0;
916 for splay_each(edge_t, e, edge_weight_tree) {
917 if(!e->to->status.reachable || e->to == myself)
920 if(sockaddrcmp_noport(from, &e->address)) {
921 if(last_hard_try == now.tv_sec)
926 if(!try_mac(e->to, pkt))
934 last_hard_try = now.tv_sec;
936 last_hard_try = now.tv_sec;
940 void handle_incoming_vpn_data(void *data, int flags) {
941 listen_socket_t *ls = data;
944 sockaddr_t from = {{0}};
945 socklen_t fromlen = sizeof from;
949 len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
951 if(len <= 0 || len > MAXSIZE) {
952 if(!sockwouldblock(sockerrno))
953 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
959 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
961 n = lookup_node_udp(&from);
964 n = try_harder(&from, &pkt);
966 update_node_udp(n, &from);
967 else if(debug_level >= DEBUG_PROTOCOL) {
968 hostname = sockaddr2hostname(&from);
969 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
977 n->sock = ls - listen_socket;
979 receive_udppacket(n, &pkt);
982 void handle_device_data(void *data, int flags) {
987 if(devops.read(&packet)) {
988 myself->in_packets++;
989 myself->in_bytes += packet.len;
990 route(myself, &packet);