2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2021 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34 #include "address_cache.h"
37 #include "connection.h"
54 #define MAX(a, b) ((a) > (b) ? (a) : (b))
57 /* The minimum size of a probe is 14 bytes, but since we normally use CBC mode
58 encryption, we can add a few extra random bytes without increasing the
59 resulting packet size. */
60 #define MIN_PROBE_SIZE 18
64 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
67 static void send_udppacket(node_t *, vpn_packet_t *);
69 unsigned replaywin = 32;
70 bool localdiscovery = true;
71 bool udp_discovery = true;
72 int udp_discovery_keepalive_interval = 10;
73 int udp_discovery_interval = 2;
74 int udp_discovery_timeout = 30;
76 #define MAX_SEQNO 1073741824
78 static void try_fix_mtu(node_t *n) {
79 if(n->mtuprobes < 0) {
83 if(n->mtuprobes == 20 || n->minmtu >= n->maxmtu) {
84 if(n->minmtu > n->maxmtu) {
85 n->minmtu = n->maxmtu;
87 n->maxmtu = n->minmtu;
91 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
96 static void udp_probe_timeout_handler(void *data) {
99 if(!n->status.udp_confirmed) {
103 logger(DEBUG_TRAFFIC, LOG_INFO, "Too much time has elapsed since last UDP ping response from %s (%s), stopping UDP communication", n->name, n->hostname);
104 n->status.udp_confirmed = false;
105 n->udp_ping_rtt = -1;
112 static void send_udp_probe_reply(node_t *n, vpn_packet_t *packet, length_t len) {
113 if(!n->status.sptps && !n->status.validkey) {
114 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP probe reply to %s (%s) but we don't have his key yet", n->name, n->hostname);
118 /* Type 2 probe replies were introduced in protocol 17.3 */
119 if((n->options >> 24) >= 3) {
121 uint16_t len16 = htons(len);
122 memcpy(DATA(packet) + 1, &len16, 2);
123 packet->len = MIN_PROBE_SIZE;
124 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 2 probe reply length %u to %s (%s)", len, n->name, n->hostname);
127 /* Legacy protocol: n won't understand type 2 probe replies. */
129 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 1 probe reply length %u to %s (%s)", len, n->name, n->hostname);
132 /* Temporarily set udp_confirmed, so that the reply is sent
133 back exactly the way it came in. */
135 bool udp_confirmed = n->status.udp_confirmed;
136 n->status.udp_confirmed = true;
137 send_udppacket(n, packet);
138 n->status.udp_confirmed = udp_confirmed;
141 static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
142 if(!DATA(packet)[0]) {
143 logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
144 send_udp_probe_reply(n, packet, len);
148 if(DATA(packet)[0] == 2) {
149 // It's a type 2 probe reply, use the length field inside the packet
151 memcpy(&len16, DATA(packet) + 1, 2);
155 if(n->status.ping_sent) { // a probe in flight
156 gettimeofday(&now, NULL);
158 timersub(&now, &n->udp_ping_sent, &rtt);
159 n->udp_ping_rtt = rtt.tv_sec * 1000000 + rtt.tv_usec;
160 n->status.ping_sent = false;
161 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s) rtt=%d.%03d", DATA(packet)[0], len, n->name, n->hostname, n->udp_ping_rtt / 1000, n->udp_ping_rtt % 1000);
163 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s)", DATA(packet)[0], len, n->name, n->hostname);
166 /* It's a valid reply: now we know bidirectional communication
167 is possible using the address and socket that the reply
169 if(!n->status.udp_confirmed) {
170 n->status.udp_confirmed = true;
172 if(!n->address_cache) {
173 n->address_cache = open_address_cache(n);
176 reset_address_cache(n->address_cache, &n->address);
179 // Reset the UDP ping timer.
182 timeout_del(&n->udp_ping_timeout);
183 timeout_add(&n->udp_ping_timeout, &udp_probe_timeout_handler, n, &(struct timeval) {
184 udp_discovery_timeout, 0
188 if(len > n->maxmtu) {
189 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
192 /* Set mtuprobes to 1 so that try_mtu() doesn't reset maxmtu */
195 } else if(n->mtuprobes < 0 && len == n->maxmtu) {
196 /* We got a maxmtu sized packet, confirming the PMTU is still valid. */
198 n->mtu_ping_sent = now;
201 /* If applicable, raise the minimum supported MTU */
203 if(n->minmtu < len) {
209 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
211 memcpy(dest, source, len);
213 } else if(level == 10) {
215 lzo_uint lzolen = MAXSIZE;
216 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
221 } else if(level < 10) {
223 unsigned long destlen = MAXSIZE;
225 if(compress2(dest, &destlen, source, len, level) == Z_OK) {
232 lzo_uint lzolen = MAXSIZE;
233 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
243 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
245 memcpy(dest, source, len);
247 } else if(level > 9) {
249 lzo_uint lzolen = MAXSIZE;
251 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) {
260 unsigned long destlen = MAXSIZE;
261 static z_stream stream;
264 inflateReset(&stream);
266 inflateInit(&stream);
269 stream.next_in = source;
270 stream.avail_in = len;
271 stream.next_out = dest;
272 stream.avail_out = destlen;
273 stream.total_out = 0;
275 if(inflate(&stream, Z_FINISH) == Z_STREAM_END) {
276 return stream.total_out;
289 static void receive_packet(node_t *n, vpn_packet_t *packet) {
290 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
291 packet->len, n->name, n->hostname);
294 n->in_bytes += packet->len;
299 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
300 if(n->status.sptps) {
301 return sptps_verify_datagram(&n->sptps, DATA(inpkt), inpkt->len);
304 #ifdef DISABLE_LEGACY
308 if(!n->status.validkey_in || !digest_active(n->indigest) || (size_t)inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
312 return digest_verify(n->indigest, inpkt->data, inpkt->len - digest_length(n->indigest), inpkt->data + inpkt->len - digest_length(n->indigest));
316 static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
317 if(n->status.sptps) {
318 if(!n->sptps.state) {
319 if(!n->status.waitingforkey) {
320 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
323 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
329 n->status.udppacket = true;
330 bool result = sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len);
331 n->status.udppacket = false;
334 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
335 so let's restart SPTPS in case that helps. But don't do that too often
336 to prevent storms, and because that would make life a little too easy
337 for external attackers trying to DoS us. */
338 if(n->last_req_key < now.tv_sec - 10) {
339 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", n->name, n->hostname);
349 #ifdef DISABLE_LEGACY
352 vpn_packet_t pkt1, pkt2;
353 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
356 pkt1.offset = DEFAULT_PACKET_OFFSET;
357 pkt2.offset = DEFAULT_PACKET_OFFSET;
359 if(!n->status.validkey_in) {
360 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
364 /* Check packet length */
366 if((size_t)inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
367 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
368 n->name, n->hostname);
372 /* It's a legacy UDP packet, the data starts after the seqno */
374 inpkt->offset += sizeof(seqno_t);
376 /* Check the message authentication code */
378 if(digest_active(n->indigest)) {
379 inpkt->len -= digest_length(n->indigest);
381 if(!digest_verify(n->indigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
382 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
387 /* Decrypt the packet */
389 if(cipher_active(n->incipher)) {
390 vpn_packet_t *outpkt = pkt[nextpkt++];
393 if(!cipher_decrypt(n->incipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
394 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
398 outpkt->len = outlen;
402 /* Check the sequence number */
405 memcpy(&seqno, SEQNO(inpkt), sizeof(seqno));
406 seqno = ntohl(seqno);
407 inpkt->len -= sizeof(seqno);
410 if(seqno != n->received_seqno + 1) {
411 if(seqno >= n->received_seqno + replaywin * 8) {
412 if(n->farfuture++ < replaywin >> 2) {
413 logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
414 n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture);
418 logger(DEBUG_TRAFFIC, LOG_WARNING, "Lost %d packets from %s (%s)",
419 seqno - n->received_seqno - 1, n->name, n->hostname);
420 memset(n->late, 0, replaywin);
421 } else if(seqno <= n->received_seqno) {
422 if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) {
423 logger(DEBUG_TRAFFIC, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
424 n->name, n->hostname, seqno, n->received_seqno);
428 for(seqno_t i = n->received_seqno + 1; i < seqno; i++) {
429 n->late[(i / 8) % replaywin] |= 1 << i % 8;
435 n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8);
438 if(seqno > n->received_seqno) {
439 n->received_seqno = seqno;
444 if(n->received_seqno > MAX_SEQNO) {
448 /* Decompress the packet */
450 length_t origlen = inpkt->len;
452 if(n->incompression) {
453 vpn_packet_t *outpkt = pkt[nextpkt++];
455 if(!(outpkt->len = uncompress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->incompression))) {
456 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
457 n->name, n->hostname);
463 if(origlen > MTU / 64 + 20) {
464 origlen -= MTU / 64 + 20;
470 if(inpkt->len > n->maxrecentlen) {
471 n->maxrecentlen = inpkt->len;
476 if(!DATA(inpkt)[12] && !DATA(inpkt)[13]) {
477 udp_probe_h(n, inpkt, origlen);
479 receive_packet(n, inpkt);
486 void receive_tcppacket(connection_t *c, const char *buffer, size_t len) {
488 outpkt.offset = DEFAULT_PACKET_OFFSET;
490 if(len > sizeof(outpkt.data) - outpkt.offset) {
496 if(c->options & OPTION_TCPONLY) {
499 outpkt.priority = -1;
502 memcpy(DATA(&outpkt), buffer, len);
504 receive_packet(c->node, &outpkt);
507 bool receive_tcppacket_sptps(connection_t *c, const char *data, size_t len) {
508 if(len < sizeof(node_id_t) + sizeof(node_id_t)) {
509 logger(DEBUG_PROTOCOL, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname);
513 node_t *to = lookup_node_id((node_id_t *)data);
514 data += sizeof(node_id_t);
515 len -= sizeof(node_id_t);
518 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown destination ID", c->name, c->hostname);
522 node_t *from = lookup_node_id((node_id_t *)data);
523 data += sizeof(node_id_t);
524 len -= sizeof(node_id_t);
527 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown source ID", c->name, c->hostname);
531 if(!to->status.reachable) {
532 /* This can happen in the form of a race condition
533 if the node just became unreachable. */
534 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay TCP packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
538 /* Help the sender reach us over UDP.
539 Note that we only do this if we're the destination or the static relay;
540 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
541 if(to->via == myself) {
542 send_udp_info(myself, from);
545 /* If we're not the final recipient, relay the packet. */
548 if(to->status.validkey) {
549 send_sptps_data(to, from, 0, data, len);
556 /* The packet is for us */
558 if(!sptps_receive_data(&from->sptps, data, len)) {
559 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
560 so let's restart SPTPS in case that helps. But don't do that too often
561 to prevent storms. */
562 if(from->last_req_key < now.tv_sec - 10) {
563 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
570 send_mtu_info(myself, from, MTU);
574 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
575 if(!n->status.validkey && !n->connection) {
582 if((!(DATA(origpkt)[12] | DATA(origpkt)[13])) && (n->sptps.outstate)) {
583 sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len);
587 if(routing_mode == RMODE_ROUTER) {
593 if(origpkt->len < offset) {
599 if(n->outcompression) {
601 length_t len = compress_packet(DATA(&outpkt) + offset, DATA(origpkt) + offset, origpkt->len - offset, n->outcompression);
604 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
605 } else if(len < origpkt->len - offset) {
606 outpkt.len = len + offset;
608 type |= PKT_COMPRESSED;
612 /* If we have a direct metaconnection to n, and we can't use UDP, then
613 don't bother with SPTPS and just use a "plaintext" PACKET message.
614 We don't really care about end-to-end security since we're not
615 sending the message through any intermediate nodes. */
616 if(n->connection && origpkt->len > n->minmtu) {
617 send_tcppacket(n->connection, origpkt);
619 sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset);
625 static void adapt_socket(const sockaddr_t *sa, int *sock) {
626 /* Make sure we have a suitable socket for the chosen address */
627 if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) {
628 for(int i = 0; i < listen_sockets; i++) {
629 if(listen_socket[i].sa.sa.sa_family == sa->sa.sa_family) {
637 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
642 /* If the UDP address is confirmed, use it. */
643 if(n->status.udp_confirmed) {
647 /* Send every third packet to n->address; that could be set
648 to the node's reflexive UDP address discovered during key
658 /* Otherwise, address are found in edges to this node.
659 So we pick a random edge and a random socket. */
662 int j = rand() % n->edge_tree->count;
663 edge_t *candidate = NULL;
665 for splay_each(edge_t, e, n->edge_tree) {
667 candidate = e->reverse;
673 *sa = &candidate->address;
674 *sock = rand() % listen_sockets;
677 adapt_socket(*sa, sock);
680 static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) {
683 /* Pick one of the edges from this node at random, then use its local address. */
686 int j = rand() % n->edge_tree->count;
687 edge_t *candidate = NULL;
689 for splay_each(edge_t, e, n->edge_tree) {
696 if(candidate && candidate->local_address.sa.sa_family) {
697 *sa = &candidate->local_address;
698 *sock = rand() % listen_sockets;
699 adapt_socket(*sa, sock);
703 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
704 if(!n->status.reachable) {
705 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
709 if(n->status.sptps) {
710 send_sptps_packet(n, origpkt);
714 #ifdef DISABLE_LEGACY
717 vpn_packet_t pkt1, pkt2;
718 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
719 vpn_packet_t *inpkt = origpkt;
721 vpn_packet_t *outpkt;
722 int origlen = origpkt->len;
724 int origpriority = origpkt->priority;
726 pkt1.offset = DEFAULT_PACKET_OFFSET;
727 pkt2.offset = DEFAULT_PACKET_OFFSET;
729 /* Make sure we have a valid key */
731 if(!n->status.validkey) {
732 logger(DEBUG_TRAFFIC, LOG_INFO,
733 "No valid key known yet for %s (%s), forwarding via TCP",
734 n->name, n->hostname);
735 send_tcppacket(n->nexthop->connection, origpkt);
739 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (DATA(inpkt)[12] | DATA(inpkt)[13])) {
740 logger(DEBUG_TRAFFIC, LOG_INFO,
741 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
742 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
744 if(n != n->nexthop) {
745 send_packet(n->nexthop, origpkt);
747 send_tcppacket(n->nexthop->connection, origpkt);
753 /* Compress the packet */
755 if(n->outcompression) {
756 outpkt = pkt[nextpkt++];
758 if(!(outpkt->len = compress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->outcompression))) {
759 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
760 n->name, n->hostname);
767 /* Add sequence number */
769 seqno_t seqno = htonl(++(n->sent_seqno));
770 memcpy(SEQNO(inpkt), &seqno, sizeof(seqno));
771 inpkt->len += sizeof(seqno);
773 /* Encrypt the packet */
775 if(cipher_active(n->outcipher)) {
776 outpkt = pkt[nextpkt++];
779 if(!cipher_encrypt(n->outcipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
780 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
784 outpkt->len = outlen;
788 /* Add the message authentication code */
790 if(digest_active(n->outdigest)) {
791 if(!digest_create(n->outdigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
792 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
796 inpkt->len += digest_length(n->outdigest);
799 /* Send the packet */
801 const sockaddr_t *sa = NULL;
804 if(n->status.send_locally) {
805 choose_local_address(n, &sa, &sock);
809 choose_udp_address(n, &sa, &sock);
812 if(priorityinheritance && origpriority != listen_socket[sock].priority) {
813 listen_socket[sock].priority = origpriority;
815 switch(sa->sa.sa_family) {
819 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", origpriority);
821 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IP, IP_TOS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
822 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
827 #if defined(IPV6_TCLASS)
830 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", origpriority);
832 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
833 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
844 if(sendto(listen_socket[sock].udp.fd, (void *)SEQNO(inpkt), inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
845 if(sockmsgsize(sockerrno)) {
846 if(n->maxmtu >= origlen) {
847 n->maxmtu = origlen - 1;
850 if(n->mtu >= origlen) {
851 n->mtu = origlen - 1;
856 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
861 origpkt->len = origlen;
865 bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_t len) {
866 node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop;
867 bool direct = from == myself && to == relay;
868 bool relay_supported = (relay->options >> 24) >= 4;
869 bool tcponly = (myself->options | relay->options) & OPTION_TCPONLY;
871 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU. */
873 if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
874 if(type != SPTPS_HANDSHAKE && (to->nexthop->connection->options >> 24) >= 7) {
875 char buf[len + sizeof(to->id) + sizeof(from->id)];
877 memcpy(buf_ptr, &to->id, sizeof(to->id));
878 buf_ptr += sizeof(to->id);
879 memcpy(buf_ptr, &from->id, sizeof(from->id));
880 buf_ptr += sizeof(from->id);
881 memcpy(buf_ptr, data, len);
882 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (TCP)", from->name, from->hostname, to->name, to->hostname, to->nexthop->name, to->nexthop->hostname);
883 return send_sptps_tcppacket(to->nexthop->connection, buf, sizeof(buf));
886 char buf[len * 4 / 3 + 5];
887 b64encode(data, buf, len);
889 /* If this is a handshake packet, use ANS_KEY instead of REQ_KEY, for two reasons:
890 - We don't want intermediate nodes to switch to UDP to relay these packets;
891 - ANS_KEY allows us to learn the reflexive UDP address. */
892 if(type == SPTPS_HANDSHAKE) {
893 to->incompression = myself->incompression;
894 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
896 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, SPTPS_PACKET, buf);
902 if(relay_supported) {
903 overhead += sizeof(to->id) + sizeof(from->id);
906 char buf[len + overhead];
909 if(relay_supported) {
911 /* Inform the recipient that this packet was sent directly. */
912 node_id_t nullid = {0};
913 memcpy(buf_ptr, &nullid, sizeof(nullid));
914 buf_ptr += sizeof(nullid);
916 memcpy(buf_ptr, &to->id, sizeof(to->id));
917 buf_ptr += sizeof(to->id);
920 memcpy(buf_ptr, &from->id, sizeof(from->id));
921 buf_ptr += sizeof(from->id);
925 /* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */
926 memcpy(buf_ptr, data, len);
929 const sockaddr_t *sa = NULL;
932 if(relay->status.send_locally) {
933 choose_local_address(relay, &sa, &sock);
937 choose_udp_address(relay, &sa, &sock);
940 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (UDP)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname);
942 if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
943 if(sockmsgsize(sockerrno)) {
944 // Compensate for SPTPS overhead
945 len -= SPTPS_DATAGRAM_OVERHEAD;
947 if(relay->maxmtu >= len) {
948 relay->maxmtu = len - 1;
951 if(relay->mtu >= len) {
952 relay->mtu = len - 1;
957 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno));
965 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
966 node_t *from = handle;
968 if(type == SPTPS_HANDSHAKE) {
969 if(!from->status.validkey) {
970 from->status.validkey = true;
971 from->status.waitingforkey = false;
972 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) successful", from->name, from->hostname);
979 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
984 inpkt.offset = DEFAULT_PACKET_OFFSET;
987 if(type == PKT_PROBE) {
988 if(!from->status.udppacket) {
989 logger(DEBUG_ALWAYS, LOG_ERR, "Got SPTPS PROBE packet from %s (%s) via TCP", from->name, from->hostname);
994 memcpy(DATA(&inpkt), data, len);
996 if(inpkt.len > from->maxrecentlen) {
997 from->maxrecentlen = inpkt.len;
1000 udp_probe_h(from, &inpkt, len);
1004 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
1005 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
1009 /* Check if we have the headers we need */
1010 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
1011 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
1013 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
1014 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
1017 int offset = (type & PKT_MAC) ? 0 : 14;
1019 if(type & PKT_COMPRESSED) {
1020 length_t ulen = uncompress_packet(DATA(&inpkt) + offset, (const uint8_t *)data, len, from->incompression);
1025 inpkt.len = ulen + offset;
1028 if(inpkt.len > MAXSIZE) {
1032 memcpy(DATA(&inpkt) + offset, data, len);
1033 inpkt.len = len + offset;
1036 /* Generate the Ethernet packet type if necessary */
1038 switch(DATA(&inpkt)[14] >> 4) {
1040 DATA(&inpkt)[12] = 0x08;
1041 DATA(&inpkt)[13] = 0x00;
1045 DATA(&inpkt)[12] = 0x86;
1046 DATA(&inpkt)[13] = 0xDD;
1050 logger(DEBUG_TRAFFIC, LOG_ERR,
1051 "Unknown IP version %d while reading packet from %s (%s)",
1052 DATA(&inpkt)[14] >> 4, from->name, from->hostname);
1057 if(from->status.udppacket && inpkt.len > from->maxrecentlen) {
1058 from->maxrecentlen = inpkt.len;
1061 receive_packet(from, &inpkt);
1065 // This function tries to get SPTPS keys, if they aren't already known.
1066 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if the keys are available.
1067 static void try_sptps(node_t *n) {
1068 if(n->status.validkey) {
1072 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
1074 if(!n->status.waitingforkey) {
1076 } else if(n->last_req_key + 10 < now.tv_sec) {
1077 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
1078 sptps_stop(&n->sptps);
1079 n->status.waitingforkey = false;
1086 static void send_udp_probe_packet(node_t *n, int len) {
1087 vpn_packet_t packet;
1089 if(len > sizeof(packet.data)) {
1090 logger(DEBUG_TRAFFIC, LOG_INFO, "Truncating probe length %d to %s (%s)", len, n->name, n->hostname);
1091 len = sizeof(packet.data);
1094 packet.offset = DEFAULT_PACKET_OFFSET;
1095 memset(DATA(&packet), 0, 14);
1096 randomize(DATA(&packet) + 14, len - 14);
1098 packet.priority = 0;
1100 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending UDP probe length %d to %s (%s)", len, n->name, n->hostname);
1102 send_udppacket(n, &packet);
1105 // This function tries to establish a UDP tunnel to a node so that packets can be sent.
1106 // If a tunnel is already established, it makes sure it stays up.
1107 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if UDP is usable.
1108 static void try_udp(node_t *n) {
1109 if(!udp_discovery) {
1113 /* Send gratuitous probe replies to 1.1 nodes. */
1115 if((n->options >> 24) >= 3 && n->status.udp_confirmed) {
1116 struct timeval ping_tx_elapsed;
1117 timersub(&now, &n->udp_reply_sent, &ping_tx_elapsed);
1119 if(ping_tx_elapsed.tv_sec >= udp_discovery_keepalive_interval - 1) {
1120 n->udp_reply_sent = now;
1122 if(n->maxrecentlen) {
1124 pkt.len = n->maxrecentlen;
1125 pkt.offset = DEFAULT_PACKET_OFFSET;
1126 memset(DATA(&pkt), 0, 14);
1127 randomize(DATA(&pkt) + 14, MIN_PROBE_SIZE - 14);
1128 send_udp_probe_reply(n, &pkt, pkt.len);
1129 n->maxrecentlen = 0;
1136 struct timeval ping_tx_elapsed;
1137 timersub(&now, &n->udp_ping_sent, &ping_tx_elapsed);
1139 int interval = n->status.udp_confirmed ? udp_discovery_keepalive_interval : udp_discovery_interval;
1141 if(ping_tx_elapsed.tv_sec >= interval) {
1142 gettimeofday(&now, NULL);
1143 n->udp_ping_sent = now; // a probe in flight
1144 n->status.ping_sent = true;
1145 send_udp_probe_packet(n, MIN_PROBE_SIZE);
1147 if(localdiscovery && !n->status.udp_confirmed && n->prevedge) {
1148 n->status.send_locally = true;
1149 send_udp_probe_packet(n, MIN_PROBE_SIZE);
1150 n->status.send_locally = false;
1155 static length_t choose_initial_maxmtu(node_t *n) {
1160 const sockaddr_t *sa = NULL;
1162 choose_udp_address(n, &sa, &sockindex);
1168 sock = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
1171 logger(DEBUG_TRAFFIC, LOG_ERR, "Creating MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1175 if(connect(sock, &sa->sa, SALEN(sa->sa))) {
1176 logger(DEBUG_TRAFFIC, LOG_ERR, "Connecting MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1182 socklen_t ip_mtu_len = sizeof(ip_mtu);
1184 if(getsockopt(sock, IPPROTO_IP, IP_MTU, &ip_mtu, &ip_mtu_len)) {
1185 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1192 /* getsockopt(IP_MTU) returns the MTU of the physical interface.
1193 We need to remove various overheads to get to the tinc MTU. */
1194 length_t mtu = ip_mtu;
1195 mtu -= (sa->sa.sa_family == AF_INET6) ? sizeof(struct ip6_hdr) : sizeof(struct ip);
1198 if(n->status.sptps) {
1199 mtu -= SPTPS_DATAGRAM_OVERHEAD;
1201 if((n->options >> 24) >= 4) {
1202 mtu -= sizeof(node_id_t) + sizeof(node_id_t);
1205 #ifndef DISABLE_LEGACY
1207 mtu -= digest_length(n->outdigest);
1209 /* Now it's tricky. We use CBC mode, so the length of the
1210 encrypted payload must be a multiple of the blocksize. The
1211 sequence number is also part of the encrypted payload, so we
1212 must account for it after correcting for the blocksize.
1213 Furthermore, the padding in the last block must be at least
1216 length_t blocksize = cipher_blocksize(n->outcipher);
1229 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) returned absurdly small value: %d", n->name, n->hostname, ip_mtu);
1237 logger(DEBUG_TRAFFIC, LOG_INFO, "Using system-provided maximum tinc MTU for %s (%s): %hd", n->name, n->hostname, mtu);
1246 /* This function tries to determines the MTU of a node.
1247 By calling this function repeatedly, n->minmtu will be progressively
1248 increased, and at some point, n->mtu will be fixed to n->minmtu. If the MTU
1249 is already fixed, this function checks if it can be increased.
1252 static void try_mtu(node_t *n) {
1253 if(!(n->options & OPTION_PMTU_DISCOVERY)) {
1257 if(udp_discovery && !n->status.udp_confirmed) {
1258 n->maxrecentlen = 0;
1265 /* mtuprobes == 0..19: initial discovery, send bursts with 1 second interval, mtuprobes++
1266 mtuprobes == 20: fix MTU, and go to -1
1267 mtuprobes == -1: send one maxmtu and one maxmtu+1 probe every pinginterval
1268 mtuprobes ==-2..-3: send one maxmtu probe every second
1269 mtuprobes == -4: maxmtu no longer valid, reset minmtu and maxmtu and go to 0 */
1271 struct timeval elapsed;
1272 timersub(&now, &n->mtu_ping_sent, &elapsed);
1274 if(n->mtuprobes >= 0) {
1275 if(n->mtuprobes != 0 && elapsed.tv_sec == 0 && elapsed.tv_usec < 333333) {
1279 if(n->mtuprobes < -1) {
1280 if(elapsed.tv_sec < 1) {
1284 if(elapsed.tv_sec < pinginterval) {
1290 n->mtu_ping_sent = now;
1294 if(n->mtuprobes < -3) {
1295 /* We lost three MTU probes, restart discovery */
1296 logger(DEBUG_TRAFFIC, LOG_INFO, "Decrease in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
1301 if(n->mtuprobes < 0) {
1302 /* After the initial discovery, we only send one maxmtu and one
1303 maxmtu+1 probe to detect PMTU increases. */
1304 send_udp_probe_packet(n, n->maxmtu);
1306 if(n->mtuprobes == -1 && n->maxmtu + 1 < MTU) {
1307 send_udp_probe_packet(n, n->maxmtu + 1);
1312 /* Before initial discovery begins, set maxmtu to the most likely value.
1313 If it's underestimated, we will correct it after initial discovery. */
1314 if(n->mtuprobes == 0) {
1315 n->maxmtu = choose_initial_maxmtu(n);
1319 /* Decreasing the number of probes per cycle might make the algorithm react faster to lost packets,
1320 but it will typically increase convergence time in the no-loss case. */
1321 const length_t probes_per_cycle = 8;
1323 /* This magic value was determined using math simulations.
1324 It will result in a 1329-byte first probe, followed (if there was a reply) by a 1407-byte probe.
1325 Since 1407 is just below the range of tinc MTUs over typical networks,
1326 this fine-tuning allows tinc to cover a lot of ground very quickly.
1327 This fine-tuning is only valid for maxmtu = MTU; if maxmtu is smaller,
1328 then it's better to use a multiplier of 1. Indeed, this leads to an interesting scenario
1329 if choose_initial_maxmtu() returns the actual MTU value - it will get confirmed with one single probe. */
1330 const float multiplier = (n->maxmtu == MTU) ? 0.97 : 1;
1332 const float cycle_position = probes_per_cycle - (n->mtuprobes % probes_per_cycle) - 1;
1333 const length_t minmtu = MAX(n->minmtu, 512);
1334 const float interval = n->maxmtu - minmtu;
1336 length_t offset = 0;
1338 /* powf can be underflowed if n->maxmtu is less than 512 due to the minmtu MAX bound */
1340 /* The core of the discovery algorithm is this exponential.
1341 It produces very large probes early in the cycle, and then it very quickly decreases the probe size.
1342 This reflects the fact that in the most difficult cases, we don't get any feedback for probes that
1343 are too large, and therefore we need to concentrate on small offsets so that we can quickly converge
1344 on the precise MTU as we are approaching it.
1345 The last probe of the cycle is always 1 byte in size - this is to make sure we'll get at least one
1346 reply per cycle so that we can make progress. */
1347 offset = powf(interval, multiplier * cycle_position / (probes_per_cycle - 1));
1350 length_t maxmtu = n->maxmtu;
1351 send_udp_probe_packet(n, minmtu + offset);
1353 /* If maxmtu changed, it means the probe was rejected by the system because it was too large.
1354 In that case, we recalculate with the new maxmtu and try again. */
1355 if(n->mtuprobes < 0 || maxmtu == n->maxmtu) {
1360 if(n->mtuprobes >= 0) {
1366 /* These functions try to establish a tunnel to a node (or its relay) so that
1367 packets can be sent (e.g. exchange keys).
1368 If a tunnel is already established, it tries to improve it (e.g. by trying
1369 to establish a UDP tunnel instead of TCP). This function makes no
1370 guarantees - it is up to the caller to check the node's state to figure out
1371 if TCP and/or UDP is usable. By calling this function repeatedly, the
1372 tunnel is gradually improved until we hit the wall imposed by the underlying
1373 network environment. It is recommended to call this function every time a
1374 packet is sent (or intended to be sent) to a node, so that the tunnel keeps
1375 improving as packets flow, and then gracefully downgrades itself as it goes
1379 static void try_tx_sptps(node_t *n, bool mtu) {
1380 /* If n is a TCP-only neighbor, we'll only use "cleartext" PACKET
1381 messages anyway, so there's no need for SPTPS at all. */
1383 if(n->connection && ((myself->options | n->options) & OPTION_TCPONLY)) {
1387 /* Otherwise, try to do SPTPS authentication with n if necessary. */
1391 /* Do we need to statically relay packets? */
1393 node_t *via = (n->via == myself) ? n->nexthop : n->via;
1395 /* If we do have a static relay, try everything with that one instead, if it supports relaying. */
1398 if((via->options >> 24) < 4) {
1406 /* Otherwise, try to establish UDP connectivity. */
1414 /* If we don't have UDP connectivity (yet), we need to use a dynamic relay (nexthop)
1415 while we try to establish direct connectivity. */
1417 if(!n->status.udp_confirmed && n != n->nexthop && (n->nexthop->options >> 24) >= 4) {
1418 try_tx(n->nexthop, mtu);
1422 static void try_tx_legacy(node_t *n, bool mtu) {
1423 /* Does he have our key? If not, send one. */
1425 if(!n->status.validkey_in) {
1429 /* Check if we already have a key, or request one. */
1431 if(!n->status.validkey) {
1432 if(n->last_req_key + 10 <= now.tv_sec) {
1434 n->last_req_key = now.tv_sec;
1447 void try_tx(node_t *n, bool mtu) {
1448 if(!n->status.reachable) {
1452 if(n->status.sptps) {
1453 try_tx_sptps(n, mtu);
1455 try_tx_legacy(n, mtu);
1459 void send_packet(node_t *n, vpn_packet_t *packet) {
1460 // If it's for myself, write it to the tun/tap device.
1464 memcpy(DATA(packet), mymac.x, ETH_ALEN);
1465 // Use an arbitrary fake source address.
1466 memcpy(DATA(packet) + ETH_ALEN, DATA(packet), ETH_ALEN);
1467 DATA(packet)[ETH_ALEN * 2 - 1] ^= 0xFF;
1471 n->out_bytes += packet->len;
1472 devops.write(packet);
1476 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)", packet->len, n->name, n->hostname);
1478 // If the node is not reachable, drop it.
1480 if(!n->status.reachable) {
1481 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable", n->name, n->hostname);
1485 // Keep track of packet statistics.
1488 n->out_bytes += packet->len;
1490 // Check if it should be sent as an SPTPS packet.
1492 if(n->status.sptps) {
1493 send_sptps_packet(n, packet);
1498 // Determine which node to actually send it to.
1500 node_t *via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
1503 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)", n->name, via->name, n->via->hostname);
1506 // Try to send via UDP, unless TCP is forced.
1508 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
1509 if(!send_tcppacket(via->connection, packet)) {
1510 terminate_connection(via->connection, true);
1516 send_udppacket(via, packet);
1520 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
1521 // Always give ourself a copy of the packet.
1522 if(from != myself) {
1523 send_packet(myself, packet);
1526 // In TunnelServer mode, do not forward broadcast packets.
1527 // The MST might not be valid and create loops.
1528 if(tunnelserver || broadcast_mode == BMODE_NONE) {
1532 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
1533 packet->len, from->name, from->hostname);
1535 switch(broadcast_mode) {
1536 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
1537 // This guarantees all nodes receive the broadcast packet, and
1538 // usually distributes the sending of broadcast packets over all nodes.
1540 for list_each(connection_t, c, connection_list)
1541 if(c->edge && c->status.mst && c != from->nexthop->connection) {
1542 send_packet(c->node, packet);
1547 // In direct mode, we send copies to each node we know of.
1548 // However, this only reaches nodes that can be reached in a single hop.
1549 // We don't have enough information to forward broadcast packets in this case.
1551 if(from != myself) {
1555 for splay_each(node_t, n, node_tree)
1556 if(n->status.reachable && n != myself && ((n->via == myself && n->nexthop == n) || n->via == n)) {
1557 send_packet(n, packet);
1567 /* We got a packet from some IP address, but we don't know who sent it. Try to
1568 verify the message authentication code against all active session keys.
1569 Since this is actually an expensive operation, we only do a full check once
1570 a minute, the rest of the time we only check against nodes for which we know
1571 an IP address that matches the one from the packet. */
1573 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
1574 node_t *match = NULL;
1576 static time_t last_hard_try = 0;
1578 for splay_each(node_t, n, node_tree) {
1579 if(!n->status.reachable || n == myself) {
1583 if(!n->status.validkey_in && !(n->status.sptps && n->sptps.instate)) {
1589 for splay_each(edge_t, e, n->edge_tree) {
1594 if(!sockaddrcmp_noport(from, &e->reverse->address)) {
1601 if(last_hard_try == now.tv_sec) {
1608 if(!try_mac(n, pkt)) {
1617 last_hard_try = now.tv_sec;
1623 static void handle_incoming_vpn_packet(listen_socket_t *ls, vpn_packet_t *pkt, sockaddr_t *addr) {
1625 node_id_t nullid = {0};
1627 bool direct = false;
1629 sockaddrunmap(addr); /* Some braindead IPv6 implementations do stupid things. */
1631 // Try to figure out who sent this packet.
1633 node_t *n = lookup_node_udp(addr);
1635 if(n && !n->status.udp_confirmed) {
1636 n = NULL; // Don't believe it if we don't have confirmation yet.
1640 // It might be from a 1.1 node, which might have a source ID in the packet.
1641 pkt->offset = 2 * sizeof(node_id_t);
1642 from = lookup_node_id(SRCID(pkt));
1644 if(from && from->status.sptps && !memcmp(DSTID(pkt), &nullid, sizeof(nullid))) {
1645 if(sptps_verify_datagram(&from->sptps, DATA(pkt), pkt->len - 2 * sizeof(node_id_t))) {
1655 n = try_harder(addr, pkt);
1661 if(debug_level >= DEBUG_PROTOCOL) {
1662 hostname = sockaddr2hostname(addr);
1663 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1672 if(n->status.sptps) {
1673 bool relay_enabled = (n->options >> 24) >= 4;
1676 pkt->offset = 2 * sizeof(node_id_t);
1677 pkt->len -= pkt->offset;
1680 if(!relay_enabled || !memcmp(DSTID(pkt), &nullid, sizeof(nullid))) {
1685 from = lookup_node_id(SRCID(pkt));
1686 to = lookup_node_id(DSTID(pkt));
1690 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from %s (%s) with unknown source and/or destination ID", n->name, n->hostname);
1694 if(!to->status.reachable) {
1695 /* This can happen in the form of a race condition
1696 if the node just became unreachable. */
1697 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
1701 /* The packet is supposed to come from the originator or its static relay
1702 (i.e. with no dynamic relays in between).
1703 If it did not, "help" the static relay by sending it UDP info.
1704 Note that we only do this if we're the destination or the static relay;
1705 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
1707 if(n != from->via && to->via == myself) {
1708 send_udp_info(myself, from);
1711 /* If we're not the final recipient, relay the packet. */
1714 send_sptps_data(to, from, 0, DATA(pkt), pkt->len);
1723 if(!receive_udppacket(from, pkt)) {
1727 n->sock = ls - listen_socket;
1729 if(direct && sockaddrcmp(addr, &n->address)) {
1730 update_node_udp(n, addr);
1733 /* If the packet went through a relay, help the sender find the appropriate MTU
1734 through the relay path. */
1737 send_mtu_info(myself, n, MTU);
1741 void handle_incoming_vpn_data(void *data, int flags) {
1744 listen_socket_t *ls = data;
1746 #ifdef HAVE_RECVMMSG
1748 static int num = MAX_MSG;
1749 static vpn_packet_t pkt[MAX_MSG];
1750 static sockaddr_t addr[MAX_MSG];
1751 static struct mmsghdr msg[MAX_MSG];
1752 static struct iovec iov[MAX_MSG];
1754 for(int i = 0; i < num; i++) {
1757 iov[i] = (struct iovec) {
1758 .iov_base = DATA(&pkt[i]),
1762 msg[i].msg_hdr = (struct msghdr) {
1763 .msg_name = &addr[i].sa,
1764 .msg_namelen = sizeof(addr)[i],
1770 num = recvmmsg(ls->udp.fd, msg, MAX_MSG, MSG_DONTWAIT, NULL);
1773 if(!sockwouldblock(sockerrno)) {
1774 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1780 for(int i = 0; i < num; i++) {
1781 pkt[i].len = msg[i].msg_len;
1783 if(pkt[i].len <= 0 || pkt[i].len > MAXSIZE) {
1787 handle_incoming_vpn_packet(ls, &pkt[i], &addr[i]);
1792 sockaddr_t addr = {0};
1793 socklen_t addrlen = sizeof(addr);
1796 int len = recvfrom(ls->udp.fd, (void *)DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen);
1798 if(len <= 0 || (size_t)len > MAXSIZE) {
1799 if(!sockwouldblock(sockerrno)) {
1800 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1808 handle_incoming_vpn_packet(ls, &pkt, &addr);
1812 void handle_device_data(void *data, int flags) {
1815 vpn_packet_t packet;
1816 packet.offset = DEFAULT_PACKET_OFFSET;
1817 packet.priority = 0;
1818 static int errors = 0;
1820 if(devops.read(&packet)) {
1822 myself->in_packets++;
1823 myself->in_bytes += packet.len;
1824 route(myself, &packet);
1826 usleep(errors * 50000);
1830 logger(DEBUG_ALWAYS, LOG_ERR, "Too many errors from %s, exiting!", device);