X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_setup.c;h=b8fb4f0205d3f174cd04147a5a6c142f76fd3888;hb=a62a6825a8a69e279ee0688a4cd9e51fbc52054b;hp=65965908002540ab94340526771bb5d62cafc8bd;hpb=38c25d62c2bc76908bd95fb21c8f5e39ad269884;p=tinc

diff --git a/src/net_setup.c b/src/net_setup.c
index 65965908..b8fb4f02 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -28,11 +28,11 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
-#include "avl_tree.h"
+#include "splay_tree.h"
 #include "conf.h"
 #include "connection.h"
+#include "control.h"
 #include "device.h"
-#include "tevent.h"
 #include "graph.h"
 #include "logger.h"
 #include "net.h"
@@ -47,8 +47,7 @@
 char *myport;
 static struct event device_ev;
 
-bool read_rsa_public_key(connection_t *c)
-{
+bool read_rsa_public_key(connection_t *c) {
 	FILE *fp;
 	char *fname;
 	char *key;
@@ -148,8 +147,7 @@ bool read_rsa_public_key(connection_t *c)
 	return false;
 }
 
-bool read_rsa_private_key(void)
-{
+bool read_rsa_private_key(void) {
 	FILE *fp;
 	char *fname, *key, *pubkey;
 	struct stat s;
@@ -209,11 +207,40 @@ bool read_rsa_private_key(void)
 	return true;
 }
 
+static struct event keyexpire_event;
+
+static void keyexpire_handler(int fd, short events, void *data) {
+	regenerate_key();
+}
+
+void regenerate_key() {
+	RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
+
+	if(timeout_initialized(&keyexpire_event)) {
+		ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
+		event_del(&keyexpire_event);
+		send_key_changed(broadcast, myself);
+	} else {
+		timeout_set(&keyexpire_event, keyexpire_handler, NULL);
+	}
+
+	event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
+
+	if(myself->cipher) {
+		EVP_CIPHER_CTX_init(&packet_ctx);
+		if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
+			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
+					myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
+			abort();
+		}
+
+	}
+}
+
 /*
   Configure node_t myself and set up the local sockets (listen only)
 */
-bool setup_myself(void)
-{
+bool setup_myself(void) {
 	config_t *cfg;
 	subnet_t *subnet;
 	char *name, *hostname, *mode, *afname, *cipher, *digest;
@@ -369,23 +396,11 @@ bool setup_myself(void)
 	myself->connection->outcipher = EVP_bf_ofb();
 
 	myself->key = xmalloc(myself->keylength);
-	RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
 
-	keyexpires = now + keylifetime;
-	
-	if(myself->cipher) {
-		EVP_CIPHER_CTX_init(&packet_ctx);
-		if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
-			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
-					myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
-			return false;
-		}
-
-	}
-
+	regenerate_key();
 	/* Check if we want to use message authentication codes... */
 
 	if(get_config_string
@@ -511,10 +526,8 @@ bool setup_myself(void)
 				  EV_READ|EV_PERSIST,
 				  handle_new_meta_connection, NULL);
 		if(event_add(&listen_socket[listen_sockets].ev_tcp, NULL) < 0) {
-			logger(LOG_WARNING, _("event_add failed: %s"), strerror(errno));
-			close(listen_socket[listen_sockets].tcp);
-			close(listen_socket[listen_sockets].udp);
-			continue;
+			logger(LOG_EMERG, _("event_add failed: %s"), strerror(errno));
+			abort();
 		}
 
 		event_set(&listen_socket[listen_sockets].ev_udp,
@@ -522,11 +535,8 @@ bool setup_myself(void)
 				  EV_READ|EV_PERSIST,
 				  handle_incoming_vpn_data, NULL);
 		if(event_add(&listen_socket[listen_sockets].ev_udp, NULL) < 0) {
-			logger(LOG_WARNING, _("event_add failed: %s"), strerror(errno));
-			close(listen_socket[listen_sockets].tcp);
-			close(listen_socket[listen_sockets].udp);
-			event_del(&listen_socket[listen_sockets].ev_tcp);
-			continue;
+			logger(LOG_EMERG, _("event_add failed: %s"), strerror(errno));
+			abort();
 		}
 
 		ifdebug(CONNECTIONS) {
@@ -537,6 +547,11 @@ bool setup_myself(void)
 
 		memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen);
 		listen_sockets++;
+
+		if(listen_sockets >= MAXSOCKETS) {
+			logger(LOG_WARNING, _("Maximum of %d listening sockets reached"), MAXSOCKETS);
+			break;
+		}
 	}
 
 	freeaddrinfo(ai);
@@ -554,13 +569,9 @@ bool setup_myself(void)
 /*
   setup all initial network connections
 */
-bool setup_network_connections(void)
-{
+bool setup_network_connections(void) {
 	cp();
 
-	now = time(NULL);
-
-	init_tevents();
 	init_connections();
 	init_subnets();
 	init_nodes();
@@ -593,9 +604,8 @@ bool setup_network_connections(void)
 /*
   close all open network connections
 */
-void close_network_connections(void)
-{
-	avl_node_t *node, *next;
+void close_network_connections(void) {
+	splay_node_t *node, *next;
 	connection_t *c;
 	char *envp[5];
 	int i;
@@ -623,6 +633,8 @@ void close_network_connections(void)
 	}
 
 	for(i = 0; i < listen_sockets; i++) {
+		event_del(&listen_socket[i].ev_tcp);
+		event_del(&listen_socket[i].ev_udp);
 		close(listen_socket[i].tcp);
 		close(listen_socket[i].udp);
 	}
@@ -638,7 +650,6 @@ void close_network_connections(void)
 	exit_subnets();
 	exit_nodes();
 	exit_connections();
-	exit_tevents();
 
 	execute_script("tinc-down", envp);