+void receive_tcppacket(connection_t *c, const char *buffer, size_t len) {
+ vpn_packet_t outpkt;
+ outpkt.offset = DEFAULT_PACKET_OFFSET;
+
+ if(len > sizeof(outpkt.data) - outpkt.offset) {
+ return;
+ }
+
+ outpkt.len = len;
+
+ if(c->options & OPTION_TCPONLY) {
+ outpkt.priority = 0;
+ } else {
+ outpkt.priority = -1;
+ }
+
+ memcpy(DATA(&outpkt), buffer, len);
+
+ receive_packet(c->node, &outpkt);
+}
+
+bool receive_tcppacket_sptps(connection_t *c, const char *data, size_t len) {
+ if(len < sizeof(node_id_t) + sizeof(node_id_t)) {
+ logger(DEBUG_PROTOCOL, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname);
+ return false;
+ }
+
+ node_t *to = lookup_node_id((node_id_t *)data);
+ data += sizeof(node_id_t);
+ len -= sizeof(node_id_t);
+
+ if(!to) {
+ logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown destination ID", c->name, c->hostname);
+ return true;
+ }
+
+ node_t *from = lookup_node_id((node_id_t *)data);
+ data += sizeof(node_id_t);
+ len -= sizeof(node_id_t);
+
+ if(!from) {
+ logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown source ID", c->name, c->hostname);
+ return true;
+ }
+
+ if(!to->status.reachable) {
+ /* This can happen in the form of a race condition
+ if the node just became unreachable. */
+ logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay TCP packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
+ return true;
+ }
+
+ /* Help the sender reach us over UDP.
+ Note that we only do this if we're the destination or the static relay;
+ otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
+ if(to->via == myself) {
+ send_udp_info(myself, from);
+ }
+
+ /* If we're not the final recipient, relay the packet. */
+
+ if(to != myself) {
+ if(to->status.validkey) {
+ send_sptps_data(to, from, 0, data, len);
+ }
+
+ try_tx(to, true);
+ return true;
+ }
+
+ /* The packet is for us */
+
+ if(!sptps_receive_data(&from->sptps, data, len)) {
+ /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
+ so let's restart SPTPS in case that helps. But don't do that too often
+ to prevent storms. */
+ if(from->last_req_key < now.tv_sec - 10) {
+ logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
+ send_req_key(from);
+ }
+
+ return true;
+ }
+
+ send_mtu_info(myself, from, MTU);
+ return true;
+}
+
+static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
+ if(!n->status.validkey && !n->connection) {
+ return;
+ }
+
+ uint8_t type = 0;
+ int offset = 0;
+
+ if((!(DATA(origpkt)[12] | DATA(origpkt)[13])) && (n->sptps.outstate)) {
+ sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len);
+ return;
+ }
+
+ if(routing_mode == RMODE_ROUTER) {
+ offset = 14;
+ } else {
+ type = PKT_MAC;
+ }
+
+ if(origpkt->len < offset) {
+ return;
+ }
+
+ vpn_packet_t outpkt;
+
+ if(n->outcompression) {
+ outpkt.offset = 0;
+ length_t len = compress_packet(DATA(&outpkt) + offset, DATA(origpkt) + offset, origpkt->len - offset, n->outcompression);
+
+ if(!len) {
+ logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
+ } else if(len < origpkt->len - offset) {
+ outpkt.len = len + offset;
+ origpkt = &outpkt;
+ type |= PKT_COMPRESSED;
+ }
+ }
+
+ /* If we have a direct metaconnection to n, and we can't use UDP, then
+ don't bother with SPTPS and just use a "plaintext" PACKET message.
+ We don't really care about end-to-end security since we're not
+ sending the message through any intermediate nodes. */
+ if(n->connection && origpkt->len > n->minmtu) {
+ send_tcppacket(n->connection, origpkt);
+ } else {
+ sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset);
+ }
+
+ return;
+}
+
+static void adapt_socket(const sockaddr_t *sa, int *sock) {
+ /* Make sure we have a suitable socket for the chosen address */
+ if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) {
+ for(int i = 0; i < listen_sockets; i++) {
+ if(listen_socket[i].sa.sa.sa_family == sa->sa.sa_family) {
+ *sock = i;
+ break;
+ }
+ }
+ }
+}
+
+static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
+ /* Latest guess */
+ *sa = &n->address;
+ *sock = n->sock;
+
+ /* If the UDP address is confirmed, use it. */
+ if(n->status.udp_confirmed) {
+ return;
+ }
+
+ /* Send every third packet to n->address; that could be set
+ to the node's reflexive UDP address discovered during key
+ exchange. */
+
+ static int x = 0;
+
+ if(++x >= 3) {
+ x = 0;
+ return;
+ }
+
+ /* Otherwise, address are found in edges to this node.
+ So we pick a random edge and a random socket. */
+
+ int i = 0;
+ int j = rand() % n->edge_tree->count;
+ edge_t *candidate = NULL;
+
+ for splay_each(edge_t, e, n->edge_tree) {
+ if(i++ == j) {
+ candidate = e->reverse;
+ break;
+ }
+ }
+
+ if(candidate) {
+ *sa = &candidate->address;
+ *sock = rand() % listen_sockets;
+ }
+
+ adapt_socket(*sa, sock);
+}
+
+static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) {
+ *sa = NULL;
+
+ /* Pick one of the edges from this node at random, then use its local address. */
+
+ int i = 0;
+ int j = rand() % n->edge_tree->count;
+ edge_t *candidate = NULL;
+
+ for splay_each(edge_t, e, n->edge_tree) {
+ if(i++ == j) {
+ candidate = e;
+ break;
+ }
+ }
+
+ if(candidate && candidate->local_address.sa.sa_family) {
+ *sa = &candidate->local_address;
+ *sock = rand() % listen_sockets;
+ adapt_socket(*sa, sock);
+ }
+}
+
+static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
+ if(!n->status.reachable) {
+ logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
+ return;
+ }
+
+ if(n->status.sptps) {
+ send_sptps_packet(n, origpkt);
+ return;
+ }
+
+#ifdef DISABLE_LEGACY
+ return;
+#else
+ vpn_packet_t pkt1, pkt2;
+ vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
+ vpn_packet_t *inpkt = origpkt;
+ int nextpkt = 0;
+ vpn_packet_t *outpkt;
+ int origlen = origpkt->len;
+ size_t outlen;
+ int origpriority = origpkt->priority;
+
+ pkt1.offset = DEFAULT_PACKET_OFFSET;
+ pkt2.offset = DEFAULT_PACKET_OFFSET;
+
+ /* Make sure we have a valid key */
+
+ if(!n->status.validkey) {
+ logger(DEBUG_TRAFFIC, LOG_INFO,
+ "No valid key known yet for %s (%s), forwarding via TCP",
+ n->name, n->hostname);
+ send_tcppacket(n->nexthop->connection, origpkt);
+ return;
+ }
+
+ if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (DATA(inpkt)[12] | DATA(inpkt)[13])) {
+ logger(DEBUG_TRAFFIC, LOG_INFO,
+ "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
+ n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
+
+ if(n != n->nexthop) {
+ send_packet(n->nexthop, origpkt);
+ } else {
+ send_tcppacket(n->nexthop->connection, origpkt);
+ }
+
+ return;
+ }
+
+ /* Compress the packet */
+
+ if(n->outcompression) {
+ outpkt = pkt[nextpkt++];
+
+ if(!(outpkt->len = compress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->outcompression))) {
+ logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
+ n->name, n->hostname);
+ return;
+ }
+
+ inpkt = outpkt;
+ }
+
+ /* Add sequence number */
+
+ seqno_t seqno = htonl(++(n->sent_seqno));
+ memcpy(SEQNO(inpkt), &seqno, sizeof(seqno));
+ inpkt->len += sizeof(seqno);
+
+ /* Encrypt the packet */
+
+ if(cipher_active(n->outcipher)) {
+ outpkt = pkt[nextpkt++];
+ outlen = MAXSIZE;
+
+ if(!cipher_encrypt(n->outcipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
+ logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
+ goto end;
+ }
+
+ outpkt->len = outlen;
+ inpkt = outpkt;
+ }
+
+ /* Add the message authentication code */
+
+ if(digest_active(n->outdigest)) {
+ if(!digest_create(n->outdigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
+ logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
+ goto end;
+ }
+
+ inpkt->len += digest_length(n->outdigest);
+ }
+
+ /* Send the packet */
+
+ const sockaddr_t *sa = NULL;
+ int sock;
+
+ if(n->status.send_locally) {
+ choose_local_address(n, &sa, &sock);
+ }
+
+ if(!sa) {
+ choose_udp_address(n, &sa, &sock);
+ }
+
+ if(priorityinheritance && origpriority != listen_socket[sock].priority) {
+ listen_socket[sock].priority = origpriority;
+
+ switch(sa->sa.sa_family) {
+#if defined(IP_TOS)
+
+ case AF_INET:
+ logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", origpriority);
+
+ if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IP, IP_TOS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
+ logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
+ }
+
+ break;
+#endif
+#if defined(IPV6_TCLASS)
+
+ case AF_INET6:
+ logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", origpriority);
+
+ if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
+ logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
+ }
+
+ break;
+#endif
+
+ default:
+ break;
+ }
+ }
+
+ if(sendto(listen_socket[sock].udp.fd, (void *)SEQNO(inpkt), inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
+ if(sockmsgsize(sockerrno)) {
+ if(n->maxmtu >= origlen) {
+ n->maxmtu = origlen - 1;
+ }
+
+ if(n->mtu >= origlen) {
+ n->mtu = origlen - 1;
+ }
+
+ try_fix_mtu(n);
+ } else {
+ logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
+ }
+ }
+
+end:
+ origpkt->len = origlen;
+#endif
+}
+
+bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_t len) {
+ node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop;
+ bool direct = from == myself && to == relay;
+ bool relay_supported = (relay->options >> 24) >= 4;
+ bool tcponly = (myself->options | relay->options) & OPTION_TCPONLY;
+
+ /* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU. */
+
+ if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
+ if(type != SPTPS_HANDSHAKE && (to->nexthop->connection->options >> 24) >= 7) {
+ char buf[len + sizeof(to->id) + sizeof(from->id)];
+ char *buf_ptr = buf;
+ memcpy(buf_ptr, &to->id, sizeof(to->id));
+ buf_ptr += sizeof(to->id);
+ memcpy(buf_ptr, &from->id, sizeof(from->id));
+ buf_ptr += sizeof(from->id);
+ memcpy(buf_ptr, data, len);
+ logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (TCP)", from->name, from->hostname, to->name, to->hostname, to->nexthop->name, to->nexthop->hostname);
+ return send_sptps_tcppacket(to->nexthop->connection, buf, sizeof(buf));
+ }
+
+ char buf[len * 4 / 3 + 5];
+ b64encode(data, buf, len);
+
+ /* If this is a handshake packet, use ANS_KEY instead of REQ_KEY, for two reasons:
+ - We don't want intermediate nodes to switch to UDP to relay these packets;
+ - ANS_KEY allows us to learn the reflexive UDP address. */
+ if(type == SPTPS_HANDSHAKE) {
+ to->incompression = myself->incompression;
+ return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
+ } else {
+ return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, SPTPS_PACKET, buf);
+ }
+ }
+
+ size_t overhead = 0;
+
+ if(relay_supported) {
+ overhead += sizeof(to->id) + sizeof(from->id);
+ }
+
+ char buf[len + overhead];
+ char *buf_ptr = buf;
+
+ if(relay_supported) {
+ if(direct) {
+ /* Inform the recipient that this packet was sent directly. */
+ node_id_t nullid = {0};
+ memcpy(buf_ptr, &nullid, sizeof(nullid));
+ buf_ptr += sizeof(nullid);
+ } else {
+ memcpy(buf_ptr, &to->id, sizeof(to->id));
+ buf_ptr += sizeof(to->id);
+ }
+
+ memcpy(buf_ptr, &from->id, sizeof(from->id));
+ buf_ptr += sizeof(from->id);
+
+ }
+
+ /* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */
+ memcpy(buf_ptr, data, len);
+ buf_ptr += len;
+
+ const sockaddr_t *sa = NULL;
+ int sock;
+
+ if(relay->status.send_locally) {
+ choose_local_address(relay, &sa, &sock);
+ }
+
+ if(!sa) {
+ choose_udp_address(relay, &sa, &sock);
+ }
+
+ logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (UDP)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname);
+
+ if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
+ if(sockmsgsize(sockerrno)) {
+ // Compensate for SPTPS overhead
+ len -= SPTPS_DATAGRAM_OVERHEAD;
+
+ if(relay->maxmtu >= len) {
+ relay->maxmtu = len - 1;
+ }
+
+ if(relay->mtu >= len) {
+ relay->mtu = len - 1;
+ }
+
+ try_fix_mtu(relay);
+ } else {
+ logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno));
+ return false;
+ }
+ }
+
+ return true;
+}
+
+bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
+ node_t *from = handle;
+
+ if(type == SPTPS_HANDSHAKE) {
+ if(!from->status.validkey) {
+ from->status.validkey = true;
+ from->status.waitingforkey = false;
+ logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) successful", from->name, from->hostname);
+ }
+
+ return true;
+ }
+
+ if(len > MTU) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
+ return false;
+ }
+
+ vpn_packet_t inpkt;
+ inpkt.offset = DEFAULT_PACKET_OFFSET;
+ inpkt.priority = 0;
+
+ if(type == PKT_PROBE) {
+ if(!from->status.udppacket) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Got SPTPS PROBE packet from %s (%s) via TCP", from->name, from->hostname);
+ return false;
+ }
+
+ inpkt.len = len;
+ memcpy(DATA(&inpkt), data, len);
+
+ if(inpkt.len > from->maxrecentlen) {
+ from->maxrecentlen = inpkt.len;
+ }
+
+ udp_probe_h(from, &inpkt, len);
+ return true;
+ }
+
+ if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
+ return false;
+ }
+
+ /* Check if we have the headers we need */
+ if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
+ logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
+ return false;
+ } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
+ logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
+ }
+
+ int offset = (type & PKT_MAC) ? 0 : 14;
+
+ if(type & PKT_COMPRESSED) {
+ length_t ulen = uncompress_packet(DATA(&inpkt) + offset, (const uint8_t *)data, len, from->incompression);
+
+ if(!ulen) {
+ return false;
+ } else {
+ inpkt.len = ulen + offset;
+ }
+
+ if(inpkt.len > MAXSIZE) {
+ abort();
+ }
+ } else {
+ memcpy(DATA(&inpkt) + offset, data, len);
+ inpkt.len = len + offset;
+ }
+
+ /* Generate the Ethernet packet type if necessary */
+ if(offset) {
+ switch(DATA(&inpkt)[14] >> 4) {
+ case 4:
+ DATA(&inpkt)[12] = 0x08;
+ DATA(&inpkt)[13] = 0x00;
+ break;
+
+ case 6:
+ DATA(&inpkt)[12] = 0x86;
+ DATA(&inpkt)[13] = 0xDD;
+ break;
+
+ default:
+ logger(DEBUG_TRAFFIC, LOG_ERR,
+ "Unknown IP version %d while reading packet from %s (%s)",
+ DATA(&inpkt)[14] >> 4, from->name, from->hostname);
+ return false;
+ }
+ }
+
+ if(from->status.udppacket && inpkt.len > from->maxrecentlen) {
+ from->maxrecentlen = inpkt.len;
+ }
+
+ receive_packet(from, &inpkt);
+ return true;
+}
+
+// This function tries to get SPTPS keys, if they aren't already known.
+// This function makes no guarantees - it is up to the caller to check the node's state to figure out if the keys are available.
+static void try_sptps(node_t *n) {
+ if(n->status.validkey) {
+ return;
+ }
+
+ logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
+
+ if(!n->status.waitingforkey) {
+ send_req_key(n);
+ } else if(n->last_req_key + 10 < now.tv_sec) {
+ logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
+ sptps_stop(&n->sptps);
+ n->status.waitingforkey = false;
+ send_req_key(n);
+ }
+
+ return;
+}
+
+static void send_udp_probe_packet(node_t *n, int len) {
+ vpn_packet_t packet;
+
+ if(len > sizeof(packet.data)) {
+ logger(DEBUG_TRAFFIC, LOG_INFO, "Truncating probe length %d to %s (%s)", len, n->name, n->hostname);
+ len = sizeof(packet.data);
+ }
+
+ packet.offset = DEFAULT_PACKET_OFFSET;
+ memset(DATA(&packet), 0, 14);
+ randomize(DATA(&packet) + 14, len - 14);
+ packet.len = len;
+ packet.priority = 0;
+
+ logger(DEBUG_TRAFFIC, LOG_INFO, "Sending UDP probe length %d to %s (%s)", len, n->name, n->hostname);
+
+ send_udppacket(n, &packet);
+}
+
+// This function tries to establish a UDP tunnel to a node so that packets can be sent.
+// If a tunnel is already established, it makes sure it stays up.
+// This function makes no guarantees - it is up to the caller to check the node's state to figure out if UDP is usable.
+static void try_udp(node_t *n) {
+ if(!udp_discovery) {
+ return;
+ }
+
+ /* Send gratuitous probe replies to 1.1 nodes. */
+
+ if((n->options >> 24) >= 3 && n->status.udp_confirmed) {
+ struct timeval ping_tx_elapsed;
+ timersub(&now, &n->udp_reply_sent, &ping_tx_elapsed);
+
+ if(ping_tx_elapsed.tv_sec >= udp_discovery_keepalive_interval - 1) {
+ n->udp_reply_sent = now;
+
+ if(n->maxrecentlen) {
+ vpn_packet_t pkt;
+ pkt.len = n->maxrecentlen;
+ pkt.offset = DEFAULT_PACKET_OFFSET;
+ memset(DATA(&pkt), 0, 14);
+ randomize(DATA(&pkt) + 14, MIN_PROBE_SIZE - 14);
+ send_udp_probe_reply(n, &pkt, pkt.len);
+ n->maxrecentlen = 0;
+ }
+ }
+ }
+
+ /* Probe request */
+
+ struct timeval ping_tx_elapsed;
+ timersub(&now, &n->udp_ping_sent, &ping_tx_elapsed);
+
+ int interval = n->status.udp_confirmed ? udp_discovery_keepalive_interval : udp_discovery_interval;
+
+ if(ping_tx_elapsed.tv_sec >= interval) {
+ gettimeofday(&now, NULL);
+ n->udp_ping_sent = now; // a probe in flight
+ n->status.ping_sent = true;
+ send_udp_probe_packet(n, MIN_PROBE_SIZE);
+
+ if(localdiscovery && !n->status.udp_confirmed && n->prevedge) {
+ n->status.send_locally = true;
+ send_udp_probe_packet(n, MIN_PROBE_SIZE);
+ n->status.send_locally = false;
+ }
+ }
+}
+
+static length_t choose_initial_maxmtu(node_t *n) {
+#ifdef IP_MTU
+
+ int sock = -1;
+
+ const sockaddr_t *sa = NULL;
+ int sockindex;
+ choose_udp_address(n, &sa, &sockindex);
+
+ if(!sa) {
+ return MTU;
+ }
+
+ sock = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
+
+ if(sock < 0) {
+ logger(DEBUG_TRAFFIC, LOG_ERR, "Creating MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
+ return MTU;
+ }
+
+ if(connect(sock, &sa->sa, SALEN(sa->sa))) {
+ logger(DEBUG_TRAFFIC, LOG_ERR, "Connecting MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
+ close(sock);
+ return MTU;
+ }
+
+ int ip_mtu;
+ socklen_t ip_mtu_len = sizeof(ip_mtu);
+
+ if(getsockopt(sock, IPPROTO_IP, IP_MTU, &ip_mtu, &ip_mtu_len)) {
+ logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
+ close(sock);
+ return MTU;
+ }
+
+ close(sock);
+
+ /* getsockopt(IP_MTU) returns the MTU of the physical interface.
+ We need to remove various overheads to get to the tinc MTU. */
+ length_t mtu = ip_mtu;
+ mtu -= (sa->sa.sa_family == AF_INET6) ? sizeof(struct ip6_hdr) : sizeof(struct ip);
+ mtu -= 8; /* UDP */
+
+ if(n->status.sptps) {
+ mtu -= SPTPS_DATAGRAM_OVERHEAD;
+
+ if((n->options >> 24) >= 4) {
+ mtu -= sizeof(node_id_t) + sizeof(node_id_t);
+ }
+
+#ifndef DISABLE_LEGACY
+ } else {
+ mtu -= digest_length(n->outdigest);
+
+ /* Now it's tricky. We use CBC mode, so the length of the
+ encrypted payload must be a multiple of the blocksize. The
+ sequence number is also part of the encrypted payload, so we
+ must account for it after correcting for the blocksize.
+ Furthermore, the padding in the last block must be at least
+ 1 byte. */
+
+ length_t blocksize = cipher_blocksize(n->outcipher);
+
+ if(blocksize > 1) {
+ mtu /= blocksize;
+ mtu *= blocksize;
+ mtu--;
+ }
+
+ mtu -= 4; // seqno
+#endif
+ }
+
+ if(mtu < 512) {
+ logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) returned absurdly small value: %d", n->name, n->hostname, ip_mtu);
+ return MTU;
+ }
+
+ if(mtu > MTU) {
+ return MTU;
+ }
+
+ logger(DEBUG_TRAFFIC, LOG_INFO, "Using system-provided maximum tinc MTU for %s (%s): %hd", n->name, n->hostname, mtu);
+ return mtu;
+
+#else
+ (void)n;
+ return MTU;
+#endif
+}
+
+/* This function tries to determines the MTU of a node.
+ By calling this function repeatedly, n->minmtu will be progressively
+ increased, and at some point, n->mtu will be fixed to n->minmtu. If the MTU
+ is already fixed, this function checks if it can be increased.