/*
net.c -- most of the network code
- Copyright (C) 1998-2001 Ivo Timmermans <itimmermans@bigfoot.com>,
- 2000,2001 Guus Sliepen <guus@sliepen.warande.net>
+ Copyright (C) 1998-2002 Ivo Timmermans <itimmermans@bigfoot.com>,
+ 2000-2002 Guus Sliepen <guus@sliepen.warande.net>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.149 2001/11/16 12:22:02 zarq Exp $
+ $Id: net.c,v 1.35.4.155 2002/02/12 14:36:45 guus Exp $
*/
#include "config.h"
#include <stdlib.h>
#include <string.h>
#include <signal.h>
-#include <sys/signal.h>
#include <sys/time.h>
#include <sys/types.h>
#include <syslog.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
+#include <openssl/hmac.h>
#ifndef HAVE_RAND_PSEUDO_BYTES
#define RAND_pseudo_bytes RAND_bytes
#endif
+#include <zlib.h>
+
#include <utils.h>
#include <xalloc.h>
#include <avl_tree.h>
#include "connection.h"
#include "meta.h"
#include "net.h"
+#include "netutl.h"
#include "process.h"
#include "protocol.h"
#include "subnet.h"
+#include "graph.h"
#include "process.h"
#include "route.h"
#include "device.h"
+#include "event.h"
#include "system.h"
int keyexpires = 0;
int do_prune = 0;
+int do_purge = 0;
+int sighup = 0;
+int sigalrm = 0;
+
+#define MAX_SEQNO 1073741824
/* VPN packet I/O */
void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
{
- vpn_packet_t outpkt;
+ vpn_packet_t pkt1, pkt2;
+ vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2};
+ int nextpkt = 0;
+ vpn_packet_t *outpkt = pkt[0];
int outlen, outpad;
+ long int complen = MTU + 12;
EVP_CIPHER_CTX ctx;
+ char hmac[EVP_MAX_MD_SIZE];
cp
+ /* Check the message authentication code */
+
+ if(myself->digest && myself->maclength)
+ {
+ inpkt->len -= myself->maclength;
+ HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL);
+ if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength))
+ {
+ syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname);
+ return;
+ }
+ }
+
/* Decrypt the packet */
- EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len);
- EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len);
- EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad);
- outlen += outpad;
- outpkt.len = outlen - sizeof(outpkt.salt);
+ if(myself->cipher)
+ {
+ outpkt = pkt[nextpkt++];
+
+ EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len);
+ EVP_DecryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len);
+ EVP_DecryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad);
+
+ outpkt->len = outlen + outpad;
+ inpkt = outpkt;
+ }
+
+ /* Check the sequence number */
+
+ inpkt->len -= sizeof(inpkt->seqno);
+ inpkt->seqno = ntohl(inpkt->seqno);
- receive_packet(n, &outpkt);
+ if(inpkt->seqno <= n->received_seqno)
+ {
+ syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno);
+ return;
+ }
+
+ n->received_seqno = inpkt->seqno;
+
+ if(n->received_seqno > MAX_SEQNO)
+ keyexpires = 0;
+
+ /* Decompress the packet */
+
+ if(myself->compression)
+ {
+ outpkt = pkt[nextpkt++];
+
+ if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK)
+ {
+ syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname);
+ return;
+ }
+
+ outpkt->len = complen;
+ inpkt = outpkt;
+ }
+
+ receive_packet(n, inpkt);
cp
}
void send_udppacket(node_t *n, vpn_packet_t *inpkt)
{
- vpn_packet_t outpkt;
+ vpn_packet_t pkt1, pkt2;
+ vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2};
+ int nextpkt = 0;
+ vpn_packet_t *outpkt;
int outlen, outpad;
+ long int complen = MTU + 12;
EVP_CIPHER_CTX ctx;
struct sockaddr_in to;
socklen_t tolen = sizeof(to);
if(!n->status.waitingforkey)
send_req_key(n->nexthop->connection, myself, n);
+
return;
}
- /* Encrypt the packet. */
+ /* Compress the packet */
- RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt));
+ if(n->compression)
+ {
+ outpkt = pkt[nextpkt++];
- EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len);
- EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt));
- EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad);
- outlen += outpad;
+ if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK)
+ {
+ syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname);
+ return;
+ }
+
+ outpkt->len = complen;
+ inpkt = outpkt;
+ }
+
+ /* Add sequence number */
+
+ inpkt->seqno = htonl(++(n->sent_seqno));
+ inpkt->len += sizeof(inpkt->seqno);
+
+ /* Encrypt the packet */
+
+ if(n->cipher)
+ {
+ outpkt = pkt[nextpkt++];
+
+ EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len);
+ EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len);
+ EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad);
+
+ outpkt->len = outlen + outpad;
+ inpkt = outpkt;
+ }
+
+ /* Add the message authentication code */
+
+ if(n->digest && n->maclength)
+ {
+ HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen);
+ inpkt->len += n->maclength;
+ }
+
+ /* Send the packet */
to.sin_family = AF_INET;
to.sin_addr.s_addr = htonl(n->address);
to.sin_port = htons(n->port);
- if((sendto(udp_socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
+ if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, (const struct sockaddr *)&to, tolen)) < 0)
{
syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
n->name, n->hostname);
*/
void send_packet(node_t *n, vpn_packet_t *packet)
{
+ node_t *via;
cp
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
return;
}
+
+ if(!n->status.reachable)
+ {
+ if(debug_lvl >= DEBUG_TRAFFIC)
+ syslog(LOG_INFO, _("Node %s (%s) is not reachable"),
+ n->name, n->hostname);
+ return;
+ }
+
+ via = (n->via == myself)?n->nexthop:n->via;
- if(n->via != n && debug_lvl >= DEBUG_TRAFFIC)
+ if(via != n && debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"),
- n->name, n->via->name, n->via->hostname);
+ n->name, via->name, n->via->hostname);
- if((myself->options | n->via->options) & OPTION_TCPONLY)
+ if((myself->options | via->options) & OPTION_TCPONLY)
{
- if(send_tcppacket(n->via->connection, packet))
- terminate_connection(n->via->connection, 1);
+ if(send_tcppacket(via->connection, packet))
+ terminate_connection(via->connection, 1);
}
else
- send_udppacket(n->via, packet);
+ send_udppacket(via, packet);
}
-/* Broadcast a packet to all active direct connections */
+/* Broadcast a packet using the minimum spanning tree */
void broadcast_packet(node_t *from, vpn_packet_t *packet)
{
for(node = connection_tree->head; node; node = node->next)
{
c = (connection_t *)node->data;
- if(c->status.active && c != from->nexthop->connection)
+ if(c->status.active && c->status.mst && c != from->nexthop->connection)
send_packet(c->node, packet);
}
cp
/* Setup sockets */
-int setup_listen_socket(int port)
+int setup_listen_socket(port_t port)
{
int nfd, flags;
struct sockaddr_in a;
int option;
- char *address;
- ip_mask_t *ipmask;
+ ipv4_t *address;
#ifdef HAVE_LINUX
char *interface;
#endif
a.sin_addr.s_addr = htonl(INADDR_ANY);
a.sin_port = htons(port);
- if(get_config_string(lookup_config(config_tree, "BindToAddress"), &address))
+ if(get_config_address(lookup_config(config_tree, "BindToAddress"), &address))
{
- ipmask = strtoip(address);
- if(ipmask)
- {
- a.sin_addr.s_addr = htonl(ipmask->address);
- free(ipmask);
- }
+ a.sin_addr.s_addr = htonl(*address);
+ free(address);
}
if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
return nfd;
}
-int setup_vpn_in_socket(int port)
+int setup_vpn_in_socket(port_t port)
{
int nfd, flags;
struct sockaddr_in a;
return nfd;
}
+void retry_outgoing(outgoing_t *outgoing)
+{
+ event_t *event;
+cp
+ outgoing->timeout += 5;
+ if(outgoing->timeout > maxtimeout)
+ outgoing->timeout = maxtimeout;
+
+ event = new_event();
+ event->handler = (event_handler_t)setup_outgoing_connection;
+ event->time = time(NULL) + outgoing->timeout;
+ event->data = outgoing;
+ event_add(event);
+
+ if(debug_lvl >= DEBUG_CONNECTIONS)
+ syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout);
+cp
+}
+
int setup_outgoing_socket(connection_t *c)
{
int flags;
/* Connect */
- if(connect(c->socket, c->address->ai_addr, c->address->ai_addrlen) == -1)
+ a.sin_family = AF_INET;
+ a.sin_port = htons(c->port);
+ a.sin_addr.s_addr = htonl(c->address);
+
+ if(connect(c->socket, (struct sockaddr *)&a, sizeof(a)) == -1)
{
close(c->socket);
- syslog(LOG_ERR, _("%s port %s: %m"), c->hostname, c->port);
+ syslog(LOG_ERR, _("%s port %hd: %m"), c->hostname, c->port);
return -1;
}
if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0)
{
close(c->socket);
- syslog(LOG_ERR, _("fcntl for %s port %s: %m"),
+ syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
c->hostname, c->port);
return -1;
}
if(debug_lvl >= DEBUG_CONNECTIONS)
- syslog(LOG_INFO, _("Connected to %s port %s"),
+ syslog(LOG_INFO, _("Connected to %s port %hd"),
c->hostname, c->port);
cp
return 0;
}
-int setup_outgoing_connection(char *name)
+void setup_outgoing_connection(outgoing_t *outgoing)
{
connection_t *c;
node_t *n;
- struct addrinfo *ai, *aitop, hints;
- int r, ipv6preferred;
-
+ struct hostent *h;
cp
- n = lookup_node(name);
+ n = lookup_node(outgoing->name);
if(n)
if(n->connection)
{
if(debug_lvl >= DEBUG_CONNECTIONS)
- syslog(LOG_INFO, _("Already connected to %s"), name);
- return 0;
+ syslog(LOG_INFO, _("Already connected to %s"), outgoing->name);
+ n->connection->outgoing = outgoing;
+ return;
}
c = new_connection();
- c->name = xstrdup(name);
+ c->name = xstrdup(outgoing->name);
init_configuration(&c->config_tree);
read_connection_config(c);
{
syslog(LOG_ERR, _("No address specified for %s"), c->name);
free_connection(c);
- return -1;
- }
-
- if(!get_config_string(lookup_config(c->config_tree, "Port"), &c->port))
- {
- syslog(LOG_ERR, _("No port specified for %s"), c->name);
- free_connection(c);
- return -1;
+ free(outgoing->name);
+ free(outgoing);
+ return;
}
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_family = AF_INET;
- if(get_config_bool(lookup_config(c->config_tree, "IPv6Preferred"), &ipv6preferred))
- {
- if(ipv6preferred)
- hints.ai_family = PF_UNSPEC;
- }
+ if(!get_config_port(lookup_config(c->config_tree, "Port"), &c->port))
+ c->port = 655;
- if((r = getaddrinfo(c->hostname, c->port, &hints, &aitop)) != 0)
+ if(!(h = gethostbyname(c->hostname)))
{
- syslog(LOG_ERR, _("Looking up %s failed: %s\n"),
- c->hostname, gai_strerror(r));
- return -1;
+ syslog(LOG_ERR, _("Error looking up `%s': %m"), c->hostname);
+ free_connection(c);
+ retry_outgoing(outgoing);
+ return;
}
- for(ai = aitop; ai != NULL; ai = ai->ai_next)
- {
- if(setup_outgoing_socket(c) < 0)
- continue;
- }
+ c->address = ntohl(*((ipv4_t*)(h->h_addr_list[0])));
+ c->hostname = hostlookup(htonl(c->address));
- if(ai == NULL)
+ if(setup_outgoing_socket(c) < 0)
{
- /* No connection alternative succeeded */
- free_connection(c);
- return -1;
+ syslog(LOG_ERR, _("Could not set up a meta connection to %s (%s)"),
+ c->name, c->hostname);
+ retry_outgoing(outgoing);
+ return;
}
- c->status.outgoing = 1;
+ c->outgoing = outgoing;
c->last_ping_time = time(NULL);
connection_add(c);
send_id(c);
cp
- return 0;
}
int read_rsa_public_key(connection_t *c)
{
BN_hex2bn(&c->rsa_key->n, key);
BN_hex2bn(&c->rsa_key->e, "FFFF");
+ free(key);
return 0;
}
{
syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
fname);
+ free(fname);
return -1;
}
+ free(fname);
c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
fclose(fp);
if(!c->rsa_key)
return 0;
}
else
- return -1;
+ {
+ free(fname);
+ return -1;
+ }
}
/* Else, check if a harnessed public key is in the config file */
myself->connection->rsa_key = RSA_new();
BN_hex2bn(&myself->connection->rsa_key->d, key);
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
+ free(key);
+ return 0;
}
- else if(get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
+
+ if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
+ asprintf(&fname, "%s/rsa_key.priv", confbase);
+
+ if(is_safe_path(fname))
{
if((fp = fopen(fname, "r")) == NULL)
{
syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
fname);
+ free(fname);
return -1;
}
+ free(fname);
myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
if(!myself->connection->rsa_key)
fname);
return -1;
}
+ return 0;
+ }
+
+ free(fname);
+ return -1;
+}
+
+int check_rsa_key(RSA *rsa_key)
+{
+ char *test1, *test2, *test3;
+cp
+ if(rsa_key->p && rsa_key->q)
+ {
+ if(RSA_check_key(rsa_key) != 1)
+ return -1;
}
else
{
- syslog(LOG_ERR, _("No private key for tinc daemon specified!"));
- return -1;
+ test1 = xmalloc(RSA_size(rsa_key));
+ test2 = xmalloc(RSA_size(rsa_key));
+ test3 = xmalloc(RSA_size(rsa_key));
+
+ if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key))
+ return -1;
+
+ if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key))
+ return -1;
+
+ if(memcmp(test1, test3, RSA_size(rsa_key)))
+ return -1;
}
cp
return 0;
{
config_t *cfg;
subnet_t *subnet;
- char *name, *mode;
+ char *name, *mode, *cipher, *digest;
int choice;
cp
myself = new_node();
return -1;
cp
-/*
- if(RSA_check_key(rsa_key) != 1)
+ if(check_rsa_key(myself->connection->rsa_key))
{
syslog(LOG_ERR, _("Invalid public/private keypair!"));
return -1;
}
-*/
+
if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->port))
myself->port = 655;
cp
/* Generate packet encryption key */
- myself->cipher = EVP_bf_cbc();
+ if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher))
+ {
+ if(!strcasecmp(cipher, "none"))
+ {
+ myself->cipher = NULL;
+ }
+ else
+ {
+ if(!(myself->cipher = EVP_get_cipherbyname(cipher)))
+ {
+ syslog(LOG_ERR, _("Unrecognized cipher type!"));
+ return -1;
+ }
+ }
+ }
+ else
+ myself->cipher = EVP_bf_cbc();
- myself->keylength = myself->cipher->key_len + myself->cipher->iv_len;
+ if(myself->cipher)
+ myself->keylength = myself->cipher->key_len + myself->cipher->iv_len;
+ else
+ myself->keylength = 1;
myself->key = (char *)xmalloc(myself->keylength);
RAND_pseudo_bytes(myself->key, myself->keylength);
keylifetime = 3600;
keyexpires = time(NULL) + keylifetime;
+
+ /* Check if we want to use message authentication codes... */
+
+ if(get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest))
+ {
+ if(!strcasecmp(digest, "none"))
+ {
+ myself->digest = NULL;
+ }
+ else
+ {
+ if(!(myself->digest = EVP_get_digestbyname(digest)))
+ {
+ syslog(LOG_ERR, _("Unrecognized digest type!"));
+ return -1;
+ }
+ }
+ }
+ else
+ myself->digest = EVP_sha1();
+
+ if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength))
+ {
+ if(myself->digest)
+ {
+ if(myself->maclength > myself->digest->md_size)
+ {
+ syslog(LOG_ERR, _("MAC length exceeds size of digest!"));
+ return -1;
+ }
+ else if (myself->maclength < 0)
+ {
+ syslog(LOG_ERR, _("Bogus MAC length!"));
+ return -1;
+ }
+ }
+ }
+ else
+ myself->maclength = 4;
+
+ /* Compression */
+
+ if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression))
+ {
+ if(myself->compression < 0 || myself->compression > 9)
+ {
+ syslog(LOG_ERR, _("Bogus compression level!"));
+ return -1;
+ }
+ }
+ else
+ myself->compression = 0;
cp
/* Done */
myself->status.active = 1;
node_add(myself);
+ graph();
+
syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
cp
return 0;
init_subnets();
init_nodes();
init_edges();
+ init_events();
- if(get_config_int(lookup_config(config_tree, "PingTimeout"), &timeout))
+ if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout))
{
- if(timeout < 1)
+ if(pingtimeout < 1)
{
- timeout = 86400;
+ pingtimeout = 86400;
}
}
else
- timeout = 60;
+ pingtimeout = 60;
if(setup_device() < 0)
return -1;
if(setup_myself() < 0)
return -1;
- signal(SIGALRM, try_outgoing_connections);
- alarm(5);
+ try_outgoing_connections();
cp
return 0;
}
{
next = node->next;
c = (connection_t *)node->data;
- c->status.outgoing = 0;
+ if(c->outgoing)
+ free(c->outgoing->name), free(c->outgoing);
terminate_connection(c, 0);
}
- terminate_connection(myself->connection, 0);
+ if(myself && myself->connection)
+ terminate_connection(myself->connection, 0);
close(udp_socket);
close(tcp_socket);
+ exit_events();
exit_edges();
exit_subnets();
exit_nodes();
return;
}
- if((pkt.len = recvfrom(udp_socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0)
+ if((pkt.len = recvfrom(udp_socket, (char *)&pkt.seqno, MAXSIZE, 0, (struct sockaddr *)&from, &fromlen)) <= 0)
{
syslog(LOG_ERR, _("Receiving packet failed: %m"));
return;
syslog(LOG_WARNING, _("Received UDP packet on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
return;
}
+
/*
if(n->connection)
n->connection->last_ping_time = time(NULL);
cp
}
+/* Purge edges and subnets of unreachable nodes. Use carefully. */
+
+void purge(void)
+{
+ avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext, *cnode;
+ node_t *n;
+ edge_t *e;
+ subnet_t *s;
+ connection_t *c;
+cp
+ if(debug_lvl >= DEBUG_PROTOCOL)
+ syslog(LOG_DEBUG, _("Purging unreachable nodes"));
+
+ for(nnode = node_tree->head; nnode; nnode = nnext)
+ {
+ nnext = nnode->next;
+ n = (node_t *)nnode->data;
+
+ if(!n->status.reachable)
+ {
+ if(debug_lvl >= DEBUG_SCARY_THINGS)
+ syslog(LOG_DEBUG, _("Purging node %s (%s)"), n->name, n->hostname);
+
+ for(snode = n->subnet_tree->head; snode; snode = snext)
+ {
+ snext = snode->next;
+ s = (subnet_t *)snode->data;
+
+ for(cnode = connection_tree->head; cnode; cnode = cnode->next)
+ {
+ c = (connection_t *)cnode->data;
+ if(c->status.active)
+ send_del_subnet(c, s);
+ }
+
+ subnet_del(n, s);
+ }
+
+ for(enode = n->edge_tree->head; enode; enode = enext)
+ {
+ enext = enode->next;
+ e = (edge_t *)enode->data;
+
+ for(cnode = connection_tree->head; cnode; cnode = cnode->next)
+ {
+ c = (connection_t *)cnode->data;
+ if(c->status.active)
+ send_del_edge(c, e);
+ }
+
+ edge_del(e);
+ }
+
+ node_del(n);
+ }
+ }
+cp
+}
+
/*
Terminate a connection:
- Close the socket
edge_del(c->edge);
}
+ /* Run MST and SSSP algorithms */
+
+ graph();
+
/* Check if this was our outgoing connection */
- if(c->status.outgoing)
+ if(c->outgoing)
{
- c->status.outgoing = 0;
- signal(SIGALRM, try_outgoing_connections);
- alarm(seconds_till_retry);
- syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
+ retry_outgoing(c->outgoing);
+ c->outgoing = NULL;
}
/* Deactivate */
{
next = node->next;
c = (connection_t *)node->data;
- if(c->last_ping_time + timeout < now)
+ if(c->last_ping_time + pingtimeout < now)
{
if(c->status.active)
{
return 0;
}
-void randomized_alarm(int seconds)
-{
- unsigned char r;
- RAND_pseudo_bytes(&r, 1);
- alarm((seconds * (int)r) / 128 + 1);
-}
-
-/* This function is severely fucked up.
- We want to redesign it so the following rules apply:
-
- - Try all ConnectTo's in a row:
- - if a connect() fails, try next one immediately,
- - if it works, wait 5 seconds or so.
- - If none of them were succesful, increase delay and retry.
- - If all were succesful, don't try anymore.
-*/
-
-RETSIGTYPE
-try_outgoing_connections(int a)
+void try_outgoing_connections(void)
{
static config_t *cfg = NULL;
- static int retry = 0;
char *name;
+ outgoing_t *outgoing;
cp
- if(!cfg)
- cfg = lookup_config(config_tree, "ConnectTo");
-
- if(!cfg)
- return;
-
- while(cfg)
+ for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg))
{
get_config_string(cfg, &name);
if(check_id(name))
{
syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line);
+ free(name);
continue;
}
- if(setup_outgoing_connection(name)) /* function returns 0 when there are no problems */
- retry = 1;
-
- cfg = lookup_config_next(config._tree, cfg); /* Next time skip to next ConnectTo line */
- }
-
- get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout);
-
- if(retry)
- {
- seconds_till_retry += 5;
- if(seconds_till_retry > maxtimeout) /* Don't wait more than MAXTIMEOUT seconds. */
- seconds_till_retry = maxtimeout;
-
- syslog(LOG_ERR, _("Failed to setup any outgoing connection, will retry in %d seconds"),
- seconds_till_retry);
-
- /* Randomize timeout to avoid global synchronisation effects */
- randomized_alarm(seconds_till_retry);
- }
- else
- {
- seconds_till_retry = 5;
+ outgoing = xmalloc_and_zero(sizeof(*outgoing));
+ outgoing->name = name;
+ setup_outgoing_connection(outgoing);
}
-cp
}
/*
if(c->status.remove)
connection_del(c);
}
+
+ if(!connection_tree->head)
+ purge();
cp
}
int r;
time_t last_ping_check;
int t;
+ event_t *event;
vpn_packet_t packet;
cp
last_ping_check = time(NULL);
+ srand(time(NULL));
+
for(;;)
{
- tv.tv_sec = timeout;
+ tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */
tv.tv_usec = 0;
if(do_prune)
if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
{
- if(errno != EINTR) /* because of alarm */
+ if(errno != EINTR) /* because of a signal */
{
syslog(LOG_ERR, _("Error while waiting for input: %m"));
return;
continue;
}
+ if(do_purge)
+ {
+ purge();
+ do_purge = 0;
+ }
+
t = time(NULL);
/* Let's check if everybody is still alive */
- if(last_ping_check + timeout < t)
+ if(last_ping_check + pingtimeout < t)
{
check_dead_connections();
last_ping_check = time(NULL);
}
}
+ if(sigalrm)
+ {
+ syslog(LOG_INFO, _("Flushing event queue"));
+
+ while(event_tree->head)
+ {
+ event = (event_t *)event_tree->head->data;
+ event->handler(event->data);
+ event_del(event);
+ }
+ sigalrm = 0;
+ }
+
+ while((event = get_expired_event()))
+ {
+ event->handler(event->data);
+ free(event);
+ }
+
if(r > 0)
{
check_network_activity(&fset);
/* local tap data */
if(FD_ISSET(device_fd, &fset))
{
- if(read_packet(&packet))
- return;
- else
+ if(!read_packet(&packet))
route_outgoing(&packet);
}
}