along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.82 2000/11/25 13:33:30 guus Exp $
+ $Id: net.c,v 1.35.4.89 2001/01/05 23:53:49 guus Exp $
*/
#include "config.h"
# include <err.h>
#endif
+#ifdef HAVE_OPENSSL_PEM_H
+# include <openssl/pem.h>
+#else
+# include <pem.h>
+#endif
+
#ifdef HAVE_TUNTAP
#include LINUX_IF_TUN_H
#endif
#include <utils.h>
#include <xalloc.h>
+#include <avl_tree.h>
#include "conf.h"
#include "connection.h"
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
- outpkt.len, outlen);
+ outpkt.len);
/* Fix mac address */
connection_t *cl;
subnet_t *subnet;
cp
- if((subnet = lookup_subnet_ipv4(to)) == NULL)
+ if((subnet = lookup_subnet_ipv4(&to)) == NULL)
{
if(debug_lvl >= DEBUG_TRAFFIC)
{
const char *tapfname;
config_t const *cfg;
#ifdef HAVE_LINUX
- #ifdef HAVE_TUNTAP
+# ifdef HAVE_TUNTAP
struct ifreq ifr;
- #endif
+# endif
#endif
cp
else
{
#ifdef HAVE_LINUX
- #ifdef HAVE_TUNTAP
+# ifdef HAVE_TUNTAP
tapfname = "/dev/misc/net/tun";
- #else
+# else
tapfname = "/dev/tap0";
- #endif
+# endif
#endif
#ifdef HAVE_FREEBSD
tapfname = "/dev/tap0";
return -1;
}
+ /* Bind first to get a fix on our source port */
+
+ a.sin_family = AF_INET;
+ a.sin_port = htons(0);
+ a.sin_addr.s_addr = htonl(INADDR_ANY);
+
+ if(bind(cl->meta_socket, (struct sockaddr *)&a, sizeof(struct sockaddr)))
+ {
+ close(cl->meta_socket);
+ syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind");
+ return -1;
+ }
+
a.sin_family = AF_INET;
a.sin_port = htons(cl->port);
a.sin_addr.s_addr = htonl(cl->address);
if(read_host_config(ncn))
{
- syslog(LOG_ERR, _("Error reading host configuration file for %s"));
+ syslog(LOG_ERR, _("Error reading host configuration file for %s"), ncn->name);
free_connection(ncn);
return -1;
}
if(!(cfg = get_config_val(ncn->config, config_address)))
{
- syslog(LOG_ERR, _("No address specified for %s"));
+ syslog(LOG_ERR, _("No address specified for %s"), ncn->name);
free_connection(ncn);
return -1;
}
return 0;
}
+int read_rsa_public_key(connection_t *cl)
+{
+ config_t const *cfg;
+ FILE *fp;
+ void *result;
+cp
+ if(!cl->rsa_key)
+ cl->rsa_key = RSA_new();
+
+ if((cfg = get_config_val(cl->config, config_publickey)))
+ {
+ BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
+ BN_hex2bn(&cl->rsa_key->e, "FFFF");
+ }
+ else if((cfg = get_config_val(cl->config, config_publickeyfile)))
+ {
+ if(is_safe_path(cfg->data.ptr))
+ {
+ if((fp = fopen(cfg->data.ptr, "r")) == NULL)
+ {
+ syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
+ cfg->data.ptr);
+ return -1;
+ }
+ result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
+ fclose(fp);
+ if(!result)
+ {
+ syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"),
+ cfg->data.ptr);
+ return -1;
+ }
+ }
+ else
+ return -1;
+ }
+ else
+ {
+ syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
+ return -1;
+ }
+cp
+ return 0;
+}
+
+int read_rsa_private_key(void)
+{
+ config_t const *cfg;
+ FILE *fp;
+ void *result;
+cp
+ if(!myself->rsa_key)
+ myself->rsa_key = RSA_new();
+
+ if((cfg = get_config_val(config, config_privatekey)))
+ {
+ BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
+ BN_hex2bn(&myself->rsa_key->e, "FFFF");
+ }
+ else if((cfg = get_config_val(config, config_privatekeyfile)))
+ {
+ if((fp = fopen(cfg->data.ptr, "r")) == NULL)
+ {
+ syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
+ cfg->data.ptr);
+ return -1;
+ }
+ result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL);
+ fclose(fp);
+ if(!result)
+ {
+ syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
+ cfg->data.ptr);
+ return -1;
+ }
+ }
+ else
+ {
+ syslog(LOG_ERR, _("No private key for tinc daemon specified!"));
+ return -1;
+ }
+cp
+ return 0;
+}
+
/*
Configure connection_t myself and set up the local sockets (listen only)
*/
return -1;
}
cp
- if(!(cfg = get_config_val(config, config_privatekey)))
- {
- syslog(LOG_ERR, _("Private key for tinc daemon required!"));
- return -1;
- }
- else
- {
- myself->rsa_key = RSA_new();
- BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
- BN_hex2bn(&myself->rsa_key->e, "FFFF");
- }
+ if(read_rsa_private_key())
+ return -1;
if(read_host_config(myself))
{
syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
return -1;
}
+
+ if(read_rsa_public_key(myself))
+ return -1;
cp
- if(!(cfg = get_config_val(myself->config, config_publickey)))
- {
- syslog(LOG_ERR, _("Public key for tinc daemon required!"));
- return -1;
- }
- else
- {
- BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
- }
+
/*
if(RSA_check_key(myself->rsa_key) != 1)
{
syslog(LOG_ERR, _("Unable to set up a listening UDP socket!"));
return -1;
}
-
+cp
/* Generate packet encryption key */
myself->cipher_pkttype = EVP_bf_cfb();
keylifetime = cfg->data.val;
keyexpires = time(NULL) + keylifetime;
-
+cp
/* Activate ourselves */
-
+
myself->status.active = 1;
syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
*/
void close_network_connections(void)
{
- rbl_t *rbl;
+ avl_node_t *node;
connection_t *p;
cp
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
p->status.active = 0;
terminate_connection(p);
}
p->name = unknown;
p->address = ntohl(ci.sin_addr.s_addr);
p->hostname = hostlookup(ci.sin_addr.s_addr);
+ p->port = htons(ci.sin_port); /* This one will be overwritten later */
p->meta_socket = sfd;
p->status.meta = 1;
p->buffer = xmalloc(MAXBUFSIZE);
*/
void build_fdset(fd_set *fs)
{
- rbl_t *rbl;
+ avl_node_t *node;
connection_t *p;
cp
FD_ZERO(fs);
FD_SET(myself->socket, fs);
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p->status.meta)
FD_SET(p->meta_socket, fs);
}
if(!cl)
{
- syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
+ syslog(LOG_WARNING, _("Received UDP packets on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
return 0;
}
{
connection_t *p;
subnet_t *subnet;
- rbl_t *rbl;
+ avl_node_t *node, *next;
cp
if(cl->status.remove)
return;
(the connection that was dropped). */
if(cl->status.meta)
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p->nexthop == cl && p != cl)
terminate_connection(p);
}
/* Inform others of termination if it was still active */
if(cl->status.active)
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p->status.meta && p->status.active && p!=cl)
send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */
}
/* Remove the associated subnets */
- RBL_FOREACH(cl->subnet_tree, rbl)
+ for(node = cl->subnet_tree->head; node; node = next)
{
- subnet = (subnet_t *)rbl->data;
+ next = node->next;
+ subnet = (subnet_t *)node->data;
subnet_del(subnet);
}
void check_dead_connections(void)
{
time_t now;
- rbl_t *rbl;
+ avl_node_t *node;
connection_t *cl;
cp
now = time(NULL);
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- cl = (connection_t *)rbl->data;
+ cl = (connection_t *)node->data;
if(cl->status.active && cl->status.meta)
{
if(cl->last_ping_time + timeout < now)
void check_network_activity(fd_set *f)
{
connection_t *p;
- rbl_t *rbl;
+ avl_node_t *node;
cp
if(FD_ISSET(myself->socket, f))
handle_incoming_vpn_data();
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p->status.remove)
return;