-int tap_fd = -1;
-int taptype = TAP_TYPE_ETHERTAP;
-int total_tap_in = 0;
-int total_tap_out = 0;
-int total_socket_in = 0;
-int total_socket_out = 0;
-
-config_t *upstreamcfg;
-static int seconds_till_retry;
-
-int keylifetime = 0;
-int keyexpires = 0;
-
-char *unknown = NULL;
-
-void send_udppacket(connection_t *cl, vpn_packet_t *inpkt)
-{
- vpn_packet_t outpkt;
- int outlen, outpad;
- EVP_CIPHER_CTX ctx;
- struct sockaddr_in to;
- socklen_t tolen = sizeof(to);
- vpn_packet_t *copy;
-cp
- if(!cl->status.validkey)
- {
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
- cl->name, cl->hostname);
-
- /* Since packet is on the stack of handle_tap_input(),
- we have to make a copy of it first. */
-
- copy = xmalloc(sizeof(vpn_packet_t));
- memcpy(copy, inpkt, sizeof(vpn_packet_t));
-
- list_insert_tail(cl->queue, copy);
-
- if(!cl->status.waitingforkey)
- send_req_key(myself, cl);
- return;
- }
-
- /* Encrypt the packet. */
-
- RAND_bytes(inpkt->salt, sizeof(inpkt->salt));
-
- EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
- EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt));
- EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad);
- outlen += outpad;
-
- total_socket_out += outlen;
-
- to.sin_family = AF_INET;
- to.sin_addr.s_addr = htonl(cl->address);
- to.sin_port = htons(cl->port);
-
- if((sendto(myself->socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
- {
- syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
- cl->name, cl->hostname);
- return;
- }
-cp
-}
-
-void receive_packet(connection_t *cl, vpn_packet_t *packet)
-{
-cp
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, cl->name, cl->hostname);
-
- route_incoming(cl, packet);
-cp
-}
-
-void receive_udppacket(connection_t *cl, vpn_packet_t *inpkt)
-{
- vpn_packet_t outpkt;
- int outlen, outpad;
- EVP_CIPHER_CTX ctx;
-cp
- /* Decrypt the packet */
-
- EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
- EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len);
- EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad);
- outlen += outpad;
- outpkt.len = outlen - sizeof(outpkt.salt);
-
- receive_packet(cl, &outpkt);
-cp
-}
-
-void accept_packet(vpn_packet_t *packet)
-{
-cp
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_DEBUG, _("Writing packet of %d bytes to tap device"),
- packet->len);
-
- if(taptype == TAP_TYPE_TUNTAP)
- {
- if(write(tap_fd, packet->data, packet->len) < 0)
- syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
- else
- total_tap_out += packet->len;
- }
- else /* ethertap */
- {
- if(write(tap_fd, packet->data - 2, packet->len + 2) < 0)
- syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
- else
- total_tap_out += packet->len + 2;
- }
-cp
-}
-
-/*
- send a packet to the given vpn ip.
-*/
-void send_packet(connection_t *cl, vpn_packet_t *packet)
-{
-cp
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
- packet->len, cl->name, cl->hostname);
-
- if(cl == myself)
- {
- if(debug_lvl >= DEBUG_TRAFFIC)
- {
- syslog(LOG_NOTICE, _("Packet is looping back to us!"));
- }
-
- return;
- }
-
- if(!cl->status.active)
- {
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_INFO, _("%s (%s) is not active, dropping packet"),
- cl->name, cl->hostname);
-
- return;
- }
-
- /* Check if it has to go via TCP or UDP... */
-cp
- if((cl->options | myself->options) & OPTION_TCPONLY)
- {
- if(send_tcppacket(cl, packet))
- terminate_connection(cl);
- }
- else
- send_udppacket(cl, packet);
-}
-
-void flush_queue(connection_t *cl)
-{
- list_node_t *node, *next;
-cp
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname);
-
- for(node = cl->queue->head; node; node = next)
- {
- next = node->next;
- send_udppacket(cl, (vpn_packet_t *)node->data);
- list_delete_node(cl->queue, node);
- }
-cp
-}
-
-/*
- open the local ethertap device
-*/
-int setup_tap_fd(void)
-{
- int nfd;
- const char *tapfname;
- config_t const *cfg;
-#ifdef HAVE_LINUX
-# ifdef HAVE_TUNTAP
- struct ifreq ifr;
-# endif
-#endif
-
-cp
- if((cfg = get_config_val(config, config_tapdevice)))
- tapfname = cfg->data.ptr;
- else
- {
-#ifdef HAVE_LINUX
-# ifdef HAVE_TUNTAP
- tapfname = "/dev/net/tun";
-# else
- tapfname = "/dev/tap0";
-# endif
-#endif
-#ifdef HAVE_FREEBSD
- tapfname = "/dev/tap0";
-#endif
-#ifdef HAVE_SOLARIS
- tapfname = "/dev/tun";
-#endif
- }
-cp
- if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
- {
- syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
- return -1;
- }
-cp
- tap_fd = nfd;
-
- taptype = TAP_TYPE_ETHERTAP;
-
- /* Set default MAC address for ethertap devices */
-
- mymac.type = SUBNET_MAC;
- mymac.net.mac.address.x[0] = 0xfe;
- mymac.net.mac.address.x[1] = 0xfd;
- mymac.net.mac.address.x[2] = 0x00;
- mymac.net.mac.address.x[3] = 0x00;
- mymac.net.mac.address.x[4] = 0x00;
- mymac.net.mac.address.x[5] = 0x00;
-
-#ifdef HAVE_LINUX
- #ifdef HAVE_TUNTAP
- /* Ok now check if this is an old ethertap or a new tun/tap thingie */
- memset(&ifr, 0, sizeof(ifr));
-cp
- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
- if (netname)
- strncpy(ifr.ifr_name, netname, IFNAMSIZ);
-cp
- if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
- {
- syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
- taptype = TAP_TYPE_TUNTAP;
- }
- #endif