X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_setup.c;h=c5f776af613111c417fec9d07792cd463ca47585;hb=fb0cfccf7dc2240b576011edcf74fd5b058916cb;hp=0c399bb6cecba5802af1f2363ec6f7f594341156;hpb=834290b00f859412ee48bef454a07083cb727130;p=tinc diff --git a/src/net_setup.c b/src/net_setup.c index 0c399bb6..c5f776af 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -28,11 +28,10 @@ #include #include -#include "avl_tree.h" +#include "splay_tree.h" #include "conf.h" #include "connection.h" #include "device.h" -#include "tevent.h" #include "graph.h" #include "logger.h" #include "net.h" @@ -45,9 +44,9 @@ #include "xalloc.h" char *myport; +static struct event device_ev; -bool read_rsa_public_key(connection_t *c) -{ +bool read_rsa_public_key(connection_t *c) { FILE *fp; char *fname; char *key; @@ -147,8 +146,7 @@ bool read_rsa_public_key(connection_t *c) return false; } -bool read_rsa_private_key(void) -{ +bool read_rsa_private_key(void) { FILE *fp; char *fname, *key, *pubkey; struct stat s; @@ -208,11 +206,40 @@ bool read_rsa_private_key(void) return true; } +static struct event keyexpire_event; + +static void keyexpire_handler(int fd, short events, void *data) { + regenerate_key(); +} + +void regenerate_key() { + RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength); + + if(timeout_initialized(&keyexpire_event)) { + ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key")); + event_del(&keyexpire_event); + send_key_changed(broadcast, myself); + } else { + timeout_set(&keyexpire_event, keyexpire_handler, NULL); + } + + event_add(&keyexpire_event, &(struct timeval){keylifetime, 0}); + + if(myself->cipher) { + EVP_CIPHER_CTX_init(&packet_ctx); + if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); + abort(); + } + + } +} + /* Configure node_t myself and set up the local sockets (listen only) */ -bool setup_myself(void) -{ +bool setup_myself(void) { config_t *cfg; subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest; @@ -368,23 +395,11 @@ bool setup_myself(void) myself->connection->outcipher = EVP_bf_ofb(); myself->key = xmalloc(myself->keylength); - RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; - keyexpires = now + keylifetime; - - if(myself->cipher) { - EVP_CIPHER_CTX_init(&packet_ctx); - if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) { - logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), - myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); - return false; - } - - } - + regenerate_key(); /* Check if we want to use message authentication codes... */ if(get_config_string @@ -447,6 +462,14 @@ bool setup_myself(void) if(!setup_device()) return false; + event_set(&device_ev, device_fd, EV_READ|EV_PERSIST, + handle_device_data, NULL); + if (event_add(&device_ev, NULL) < 0) { + logger(LOG_ERR, _("event_add failed: %s"), strerror(errno)); + close_device(); + return false; + } + /* Run tinc-up script to further initialize the tap interface */ asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); @@ -492,8 +515,33 @@ bool setup_myself(void) listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *) aip->ai_addr); - if(listen_socket[listen_sockets].udp < 0) + if(listen_socket[listen_sockets].udp < 0) { + close(listen_socket[listen_sockets].tcp); continue; + } + + event_set(&listen_socket[listen_sockets].ev_tcp, + listen_socket[listen_sockets].tcp, + EV_READ|EV_PERSIST, + handle_new_meta_connection, NULL); + if(event_add(&listen_socket[listen_sockets].ev_tcp, NULL) < 0) { + logger(LOG_WARNING, _("event_add failed: %s"), strerror(errno)); + close(listen_socket[listen_sockets].tcp); + close(listen_socket[listen_sockets].udp); + continue; + } + + event_set(&listen_socket[listen_sockets].ev_udp, + listen_socket[listen_sockets].udp, + EV_READ|EV_PERSIST, + handle_incoming_vpn_data, NULL); + if(event_add(&listen_socket[listen_sockets].ev_udp, NULL) < 0) { + logger(LOG_WARNING, _("event_add failed: %s"), strerror(errno)); + close(listen_socket[listen_sockets].tcp); + close(listen_socket[listen_sockets].udp); + event_del(&listen_socket[listen_sockets].ev_tcp); + continue; + } ifdebug(CONNECTIONS) { hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr); @@ -503,6 +551,11 @@ bool setup_myself(void) memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen); listen_sockets++; + + if(listen_sockets >= MAXSOCKETS) { + logger(LOG_WARNING, _("Maximum of %d listening sockets reached"), MAXSOCKETS); + break; + } } freeaddrinfo(ai); @@ -520,13 +573,9 @@ bool setup_myself(void) /* setup all initial network connections */ -bool setup_network_connections(void) -{ +bool setup_network_connections(void) { cp(); - now = time(NULL); - - init_tevents(); init_connections(); init_subnets(); init_nodes(); @@ -559,9 +608,8 @@ bool setup_network_connections(void) /* close all open network connections */ -void close_network_connections(void) -{ - avl_node_t *node, *next; +void close_network_connections(void) { + splay_node_t *node, *next; connection_t *c; char *envp[5]; int i; @@ -589,6 +637,8 @@ void close_network_connections(void) } for(i = 0; i < listen_sockets; i++) { + event_del(&listen_socket[i].ev_tcp); + event_del(&listen_socket[i].ev_udp); close(listen_socket[i].tcp); close(listen_socket[i].udp); } @@ -604,7 +654,6 @@ void close_network_connections(void) exit_subnets(); exit_nodes(); exit_connections(); - exit_tevents(); execute_script("tinc-down", envp);