+ const sockaddr_t *sa = (sockaddr_t *) aip->ai_addr;
+ int from_fd = listen_socket[0].tcp.fd;
+
+ // If we're binding to a dynamically allocated (zero) port, try to get the actual
+ // port of the first TCP socket, and use it for this one. If that succeeds, our
+ // tincd instance will use the same port for all addresses it listens on.
+ int tcp_fd = bind_reusing_port(sa, from_fd, setup_listen_socket);
+
+ if(tcp_fd < 0) {
+ continue;
+ }
+
+ // If we just successfully bound the first socket, use it for the UDP procedure below.
+ // Otherwise, keep using the socket we've obtained from listen_socket[0].
+ if(!from_fd) {
+ from_fd = tcp_fd;
+ }
+
+ int udp_fd = bind_reusing_port(sa, from_fd, setup_vpn_in_socket);
+
+ if(udp_fd < 0) {
+ closesocket(tcp_fd);
+ continue;
+ }
+
+ listen_socket_t *sock = &listen_socket[listen_sockets];
+ io_add(&sock->tcp, handle_new_meta_connection, sock, tcp_fd, IO_READ);
+ io_add(&sock->udp, handle_incoming_vpn_data, sock, udp_fd, IO_READ);
+
+ if(debug_level >= DEBUG_CONNECTIONS) {
+ int tcp_port = get_bound_port(tcp_fd);
+ char *hostname = NULL;
+ sockaddr2str(sa, &hostname, NULL);
+ logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s port %d", hostname, tcp_port);
+ free(hostname);
+ }
+
+ sock->bindto = bindto;
+ memcpy(&sock->sa, aip->ai_addr, aip->ai_addrlen);
+ listen_sockets++;
+ }
+
+ freeaddrinfo(ai);
+ return true;
+}
+
+void device_enable(void) {
+ if(devops.enable) {
+ devops.enable();
+ }
+
+ /* Run tinc-up script to further initialize the tap interface */
+
+ environment_t env;
+ environment_init(&env);
+ execute_script("tinc-up", &env);
+ environment_exit(&env);
+}
+
+void device_disable(void) {
+ environment_t env;
+ environment_init(&env);
+ execute_script("tinc-down", &env);
+ environment_exit(&env);
+
+ if(devops.disable) {
+ devops.disable();
+ }
+}
+
+/*
+ Configure node_t myself and set up the local sockets (listen only)
+*/
+static bool setup_myself(void) {
+ char *name, *type;
+ char *address = NULL;
+ bool port_specified = false;
+
+ if(!(name = get_name())) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Name for tinc daemon required!");
+ return false;
+ }
+
+ myname = xstrdup(name);
+ myself = new_node(name);
+ myself->connection = new_connection();
+ myself->connection->name = name;
+ read_host_config(&config_tree, name, true);
+
+ if(!get_config_string(lookup_config(&config_tree, "Port"), &myport.tcp)) {
+ myport.tcp = xstrdup("655");
+ } else {
+ port_specified = true;
+ }
+
+ myport.udp = xstrdup(myport.tcp);
+
+ myself->connection->options = 0;
+ myself->connection->protocol_major = PROT_MAJOR;
+ myself->connection->protocol_minor = PROT_MINOR;
+
+ myself->options |= PROT_MINOR << 24;
+
+#ifdef DISABLE_LEGACY
+ myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
+ experimental = myself->connection->ecdsa != NULL;
+
+ if(!experimental) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!");
+ return false;
+ }
+
+#else
+
+ if(!get_config_bool(lookup_config(&config_tree, "ExperimentalProtocol"), &experimental)) {
+ myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
+ experimental = myself->connection->ecdsa != NULL;
+
+ if(!experimental) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled.");
+ }
+ } else {
+ if(experimental) {
+ myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
+
+ if(!myself->connection->ecdsa) {