+ if(listen_sockets >= MAXSOCKETS) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
+ freeaddrinfo(ai);
+ return false;
+ }
+
+ int tcp_fd = setup_listen_socket((sockaddr_t *) aip->ai_addr);
+
+ if(tcp_fd < 0) {
+ continue;
+ }
+
+ int udp_fd = setup_vpn_in_socket((sockaddr_t *) aip->ai_addr);
+
+ if(udp_fd < 0) {
+ close(tcp_fd);
+ continue;
+ }
+
+ io_add(&listen_socket[listen_sockets].tcp, handle_new_meta_connection, &listen_socket[listen_sockets], tcp_fd, IO_READ);
+ io_add(&listen_socket[listen_sockets].udp, handle_incoming_vpn_data, &listen_socket[listen_sockets], udp_fd, IO_READ);
+
+ if(debug_level >= DEBUG_CONNECTIONS) {
+ char *hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr);
+ logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s", hostname);
+ free(hostname);
+ }
+
+ listen_socket[listen_sockets].bindto = bindto;
+ memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen);
+ listen_sockets++;
+ }
+
+ freeaddrinfo(ai);
+ return true;
+}
+
+void device_enable(void) {
+ if(devops.enable) {
+ devops.enable();
+ }
+
+ /* Run tinc-up script to further initialize the tap interface */
+
+ environment_t env;
+ environment_init(&env);
+ execute_script("tinc-up", &env);
+ environment_exit(&env);
+}
+
+void device_disable(void) {
+ environment_t env;
+ environment_init(&env);
+ execute_script("tinc-down", &env);
+ environment_exit(&env);
+
+ if(devops.disable) {
+ devops.disable();
+ }
+}
+
+/*
+ Configure node_t myself and set up the local sockets (listen only)
+*/
+static bool setup_myself(void) {
+ char *name, *hostname, *type;
+ char *address = NULL;
+ bool port_specified = false;
+
+ if(!(name = get_name())) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Name for tinc daemon required!");
+ return false;
+ }
+
+ myname = xstrdup(name);
+ myself = new_node();
+ myself->connection = new_connection();
+ myself->name = name;
+ myself->connection->name = xstrdup(name);
+ read_host_config(&config_tree, name, true);
+
+ if(!get_config_string(lookup_config(&config_tree, "Port"), &myport)) {
+ myport = xstrdup("655");
+ } else {
+ port_specified = true;
+ }
+
+ myself->connection->options = 0;
+ myself->connection->protocol_major = PROT_MAJOR;
+ myself->connection->protocol_minor = PROT_MINOR;
+
+ myself->options |= PROT_MINOR << 24;
+
+#ifdef DISABLE_LEGACY
+ myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
+ experimental = myself->connection->ecdsa != NULL;
+
+ if(!experimental) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!");
+ return false;
+ }
+
+#else
+
+ if(!get_config_bool(lookup_config(&config_tree, "ExperimentalProtocol"), &experimental)) {
+ myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
+ experimental = myself->connection->ecdsa != NULL;
+
+ if(!experimental) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled.");
+ }
+ } else {
+ if(experimental) {
+ myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
+
+ if(!myself->connection->ecdsa) {
+ return false;
+ }
+ }
+ }
+
+ myself->connection->rsa = read_rsa_private_key(&config_tree, NULL);
+
+ if(!myself->connection->rsa) {
+ if(experimental) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled.");
+ } else {
+ logger(DEBUG_ALWAYS, LOG_ERR, "No private keys available, cannot start tinc!");
+ return false;
+ }
+ }
+
+#endif
+
+ /* Ensure myport is numeric */
+
+ if(!atoi(myport)) {
+ struct addrinfo *ai = str2addrinfo("localhost", myport, SOCK_DGRAM);
+ sockaddr_t sa;
+
+ if(!ai || !ai->ai_addr) {
+ return false;
+ }
+
+ free(myport);
+ memcpy(&sa, ai->ai_addr, ai->ai_addrlen);
+ freeaddrinfo(ai);
+ sockaddr2str(&sa, NULL, &myport);
+ }
+
+ /* Read in all the subnets specified in the host configuration file */
+
+ for(config_t *cfg = lookup_config(&config_tree, "Subnet"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
+ subnet_t *subnet;
+
+ if(!get_config_subnet(cfg, &subnet)) {
+ return false;
+ }
+
+ subnet_add(myself, subnet);
+ }
+
+ /* Check some options */
+
+ if(!setup_myself_reloadable()) {
+ return false;
+ }
+
+ get_config_bool(lookup_config(&config_tree, "StrictSubnets"), &strictsubnets);
+ get_config_bool(lookup_config(&config_tree, "TunnelServer"), &tunnelserver);
+ strictsubnets |= tunnelserver;
+
+ if(get_config_int(lookup_config(&config_tree, "MaxConnectionBurst"), &max_connection_burst)) {
+ if(max_connection_burst <= 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "MaxConnectionBurst cannot be negative!");
+ return false;
+ }
+ }
+
+ if(get_config_int(lookup_config(&config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
+ if(udp_rcvbuf < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!");
+ return false;
+ }
+
+ udp_rcvbuf_warnings = true;
+ }
+
+ if(get_config_int(lookup_config(&config_tree, "UDPSndBuf"), &udp_sndbuf)) {
+ if(udp_sndbuf < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!");
+ return false;
+ }
+
+ udp_sndbuf_warnings = true;
+ }
+
+ get_config_int(lookup_config(&config_tree, "FWMark"), &fwmark);
+#ifndef SO_MARK
+
+ if(fwmark) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "FWMark not supported on this platform!");
+ return false;
+ }
+
+#endif
+
+ int replaywin_int;
+
+ if(get_config_int(lookup_config(&config_tree, "ReplayWindow"), &replaywin_int)) {
+ if(replaywin_int < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "ReplayWindow cannot be negative!");
+ return false;
+ }
+
+ replaywin = (unsigned)replaywin_int;
+ sptps_replaywin = replaywin;
+ }
+
+#ifndef DISABLE_LEGACY
+ /* Generate packet encryption key */
+
+ char *cipher;
+
+ if(!get_config_string(lookup_config(&config_tree, "Cipher"), &cipher)) {
+ cipher = xstrdup("aes-256-cbc");
+ }
+
+ if(!strcasecmp(cipher, "none")) {
+ myself->incipher = NULL;
+ } else {
+ myself->incipher = cipher_alloc();
+
+ if(!cipher_open_by_name(myself->incipher, cipher)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
+ cipher_free(&myself->incipher);
+ free(cipher);
+ return false;
+ }
+ }
+
+ free(cipher);
+
+ timeout_add(&keyexpire_timeout, keyexpire_handler, &keyexpire_timeout, &(struct timeval) {
+ keylifetime, jitter()
+ });
+
+ /* Check if we want to use message authentication codes... */