X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_setup.c;h=22a956151f03a520e49f10ffbe6d7af9e068f61d;hb=ddc6a81a854023e38b563f213aa9a449ee91add8;hp=3ab91a0529613f314504b767da95f5052fb6aaf4;hpb=7ed25590257b6ed33dfa879d187a09b0d790794f;p=tinc

diff --git a/src/net_setup.c b/src/net_setup.c
index 3ab91a05..22a95615 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
-    Copyright (C) 1998-2003 Ivo Timmermans <ivo@o2w.nl>,
-                  2000-2003 Guus Sliepen <guus@sliepen.eu.org>
+    Copyright (C) 1998-2005 Ivo Timmermans,
+                  2000-2006 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_setup.c,v 1.1.2.43 2003/08/14 14:21:35 guus Exp $
+    $Id$
 */
 
 #include "system.h"
@@ -25,12 +25,13 @@
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
 
 #include "avl_tree.h"
 #include "conf.h"
 #include "connection.h"
 #include "device.h"
-#include "event.h"
 #include "graph.h"
 #include "logger.h"
 #include "net.h"
@@ -43,6 +44,7 @@
 #include "xalloc.h"
 
 char *myport;
+static struct event device_ev;
 
 bool read_rsa_public_key(connection_t *c)
 {
@@ -148,17 +150,23 @@ bool read_rsa_public_key(connection_t *c)
 bool read_rsa_private_key(void)
 {
 	FILE *fp;
-	char *fname, *key;
+	char *fname, *key, *pubkey;
 	struct stat s;
 
 	cp();
 
 	if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
+		if(!get_config_string(lookup_config(myself->connection->config_tree, "PublicKey"), &pubkey)) {
+			logger(LOG_ERR, _("PrivateKey used but no PublicKey found!"));
+			return false;
+		}
 		myself->connection->rsa_key = RSA_new();
 //		RSA_blinding_on(myself->connection->rsa_key, NULL);
 		BN_hex2bn(&myself->connection->rsa_key->d, key);
+		BN_hex2bn(&myself->connection->rsa_key->n, pubkey);
 		BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
 		free(key);
+		free(pubkey);
 		return true;
 	}
 
@@ -200,6 +208,36 @@ bool read_rsa_private_key(void)
 	return true;
 }
 
+static struct event keyexpire_event;
+
+static void keyexpire_handler(int fd, short events, void *data) {
+	regenerate_key();
+}
+
+void regenerate_key() {
+	RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
+
+	if(timeout_initialized(&keyexpire_event)) {
+		ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
+		event_del(&keyexpire_event);
+		send_key_changed(broadcast, myself);
+	} else {
+		timeout_set(&keyexpire_event, keyexpire_handler, NULL);
+	}
+
+	event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
+
+	if(myself->cipher) {
+		EVP_CIPHER_CTX_init(&packet_ctx);
+		if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
+			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+					myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
+			abort();
+		}
+
+	}
+}
+
 /*
   Configure node_t myself and set up the local sockets (listen only)
 */
@@ -240,19 +278,15 @@ bool setup_myself(void)
 	myself->name = name;
 	myself->connection->name = xstrdup(name);
 
-	if(!read_rsa_private_key())
-		return false;
-
 	if(!read_connection_config(myself->connection)) {
 		logger(LOG_ERR, _("Cannot open host configuration file for myself!"));
 		return false;
 	}
 
-	if(!read_rsa_public_key(myself->connection))
+	if(!read_rsa_private_key())
 		return false;
 
-	if(!get_config_string
-	   (lookup_config(myself->connection->config_tree, "Port"), &myport))
+	if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
 		asprintf(&myport, "655");
 
 	/* Read in all the subnets specified in the host configuration file */
@@ -270,25 +304,26 @@ bool setup_myself(void)
 
 	/* Check some options */
 
-	if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice))
-		if(choice)
-			myself->options |= OPTION_INDIRECT;
+	if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice) && choice)
+		myself->options |= OPTION_INDIRECT;
+
+	if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice) && choice)
+		myself->options |= OPTION_TCPONLY;
 
-	if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice))
-		if(choice)
-			myself->options |= OPTION_TCPONLY;
+	if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice) && choice)
+		myself->options |= OPTION_INDIRECT;
 
-	if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice))
-		if(choice)
-			myself->options |= OPTION_INDIRECT;
+	if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice)
+		myself->options |= OPTION_TCPONLY;
 
-	if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice))
-		if(choice)
-			myself->options |= OPTION_TCPONLY;
+	if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice)
+		myself->options |= OPTION_PMTU_DISCOVERY;
 
 	if(myself->options & OPTION_TCPONLY)
 		myself->options |= OPTION_INDIRECT;
 
+	get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
+
 	if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) {
 		if(!strcasecmp(mode, "router"))
 			routing_mode = RMODE_ROUTER;
@@ -314,7 +349,7 @@ bool setup_myself(void)
 	if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire))
 		macexpire = 600;
 
-	if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) {
+	if(get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout)) {
 		if(maxtimeout <= 0) {
 			logger(LOG_ERR, _("Bogus maximum timeout!"));
 			return false;
@@ -362,19 +397,12 @@ bool setup_myself(void)
 
 	myself->connection->outcipher = EVP_bf_ofb();
 
-	myself->key = (char *) xmalloc(myself->keylength);
-	RAND_pseudo_bytes(myself->key, myself->keylength);
+	myself->key = xmalloc(myself->keylength);
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
 
-	keyexpires = now + keylifetime;
-	
-	if(myself->cipher) {
-		EVP_CIPHER_CTX_init(&packet_ctx);
-		EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len);
-	}
-
+	regenerate_key();
 	/* Check if we want to use message authentication codes... */
 
 	if(get_config_string
@@ -427,7 +455,6 @@ bool setup_myself(void)
 
 	myself->nexthop = myself;
 	myself->via = myself;
-	myself->status.active = true;
 	myself->status.reachable = true;
 	node_add(myself);
 
@@ -438,6 +465,14 @@ bool setup_myself(void)
 	if(!setup_device())
 		return false;
 
+	event_set(&device_ev, device_fd, EV_READ|EV_PERSIST,
+			  handle_device_data, NULL);
+	if (event_add(&device_ev, NULL) < 0) {
+		logger(LOG_ERR, _("event_add failed: %s"), strerror(errno));
+		close_device();
+		return false;
+	}
+
 	/* Run tinc-up script to further initialize the tap interface */
 	asprintf(&envp[0], "NETNAME=%s", netname ? : "");
 	asprintf(&envp[1], "DEVICE=%s", device ? : "");
@@ -450,6 +485,10 @@ bool setup_myself(void)
 	for(i = 0; i < 5; i++)
 		free(envp[i]);
 
+	/* Run subnet-up scripts for our own subnets */
+
+	subnet_update(myself, NULL, true);
+
 	/* Open sockets */
 
 	get_config_string(lookup_config(config_tree, "BindToAddress"), &address);
@@ -479,8 +518,33 @@ bool setup_myself(void)
 		listen_socket[listen_sockets].udp =
 			setup_vpn_in_socket((sockaddr_t *) aip->ai_addr);
 
-		if(listen_socket[listen_sockets].udp < 0)
+		if(listen_socket[listen_sockets].udp < 0) {
+			close(listen_socket[listen_sockets].tcp);
+			continue;
+		}
+
+		event_set(&listen_socket[listen_sockets].ev_tcp,
+				  listen_socket[listen_sockets].tcp,
+				  EV_READ|EV_PERSIST,
+				  handle_new_meta_connection, NULL);
+		if(event_add(&listen_socket[listen_sockets].ev_tcp, NULL) < 0) {
+			logger(LOG_WARNING, _("event_add failed: %s"), strerror(errno));
+			close(listen_socket[listen_sockets].tcp);
+			close(listen_socket[listen_sockets].udp);
 			continue;
+		}
+
+		event_set(&listen_socket[listen_sockets].ev_udp,
+				  listen_socket[listen_sockets].udp,
+				  EV_READ|EV_PERSIST,
+				  handle_incoming_vpn_data, NULL);
+		if(event_add(&listen_socket[listen_sockets].ev_udp, NULL) < 0) {
+			logger(LOG_WARNING, _("event_add failed: %s"), strerror(errno));
+			close(listen_socket[listen_sockets].tcp);
+			close(listen_socket[listen_sockets].udp);
+			event_del(&listen_socket[listen_sockets].ev_tcp);
+			continue;
+		}
 
 		ifdebug(CONNECTIONS) {
 			hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr);
@@ -488,8 +552,13 @@ bool setup_myself(void)
 			free(hostname);
 		}
 
-		listen_socket[listen_sockets].sa.sa = *aip->ai_addr;
+		memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen);
 		listen_sockets++;
+
+		if(listen_sockets >= MAXSOCKETS) {
+			logger(LOG_WARNING, _("Maximum of %d listening sockets reached"), MAXSOCKETS);
+			break;
+		}
 	}
 
 	freeaddrinfo(ai);
@@ -511,21 +580,26 @@ bool setup_network_connections(void)
 {
 	cp();
 
-	now = time(NULL);
-
 	init_connections();
 	init_subnets();
 	init_nodes();
 	init_edges();
-	init_events();
 	init_requests();
 
-	if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) {
-		if(pingtimeout < 1) {
-			pingtimeout = 86400;
+	if(get_config_int(lookup_config(config_tree, "PingInterval"), &pinginterval)) {
+		if(pinginterval < 1) {
+			pinginterval = 86400;
 		}
 	} else
-		pingtimeout = 60;
+		pinginterval = 60;
+
+	if(!get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout))
+		pingtimeout = 5;
+	if(pingtimeout < 1 || pingtimeout > pinginterval)
+		pingtimeout = pinginterval;
+
+	if(!get_config_int(lookup_config(config_tree, "MaxOutputBufferSize"), &maxoutbufsize))
+		maxoutbufsize = 4 * MTU;
 
 	if(!setup_myself())
 		return false;
@@ -549,34 +623,43 @@ void close_network_connections(void)
 
 	for(node = connection_tree->head; node; node = next) {
 		next = node->next;
-		c = (connection_t *) node->data;
+		c = node->data;
+
+		if(c->outgoing) {
+			if(c->outgoing->ai)
+				freeaddrinfo(c->outgoing->ai);
+			free(c->outgoing->name);
+			free(c->outgoing);
+			c->outgoing = NULL;
+		}
 
-		if(c->outgoing)
-			free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL;
 		terminate_connection(c, false);
 	}
 
-	if(myself && myself->connection)
+	if(myself && myself->connection) {
+		subnet_update(myself, NULL, false);
 		terminate_connection(myself->connection, false);
+	}
 
 	for(i = 0; i < listen_sockets; i++) {
+		event_del(&listen_socket[i].ev_tcp);
+		event_del(&listen_socket[i].ev_udp);
 		close(listen_socket[i].tcp);
 		close(listen_socket[i].udp);
 	}
 
-	exit_requests();
-	exit_events();
-	exit_edges();
-	exit_subnets();
-	exit_nodes();
-	exit_connections();
-
 	asprintf(&envp[0], "NETNAME=%s", netname ? : "");
 	asprintf(&envp[1], "DEVICE=%s", device ? : "");
 	asprintf(&envp[2], "INTERFACE=%s", iface ? : "");
 	asprintf(&envp[3], "NAME=%s", myself->name);
 	envp[4] = NULL;
 
+	exit_requests();
+	exit_edges();
+	exit_subnets();
+	exit_nodes();
+	exit_connections();
+
 	execute_script("tinc-down", envp);
 
 	for(i = 0; i < 4; i++)