2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.19 2000/07/02 13:36:18 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 int upstreamindex = 0;
60 static int seconds_till_retry;
62 /* The global list of existing connections */
63 conn_list_t *conn_list = NULL;
64 conn_list_t *myself = NULL;
67 strip off the MAC adresses of an ethernet frame
69 void strip_mac_addresses(vpn_packet_t *p)
71 unsigned char tmp[MAXSIZE];
73 memcpy(tmp, p->data, p->len);
75 memcpy(p->data, &tmp[12], p->len);
80 reassemble MAC addresses
82 void add_mac_addresses(vpn_packet_t *p)
84 unsigned char tmp[MAXSIZE];
86 memcpy(&tmp[12], p->data, p->len);
88 tmp[0] = tmp[6] = 0xfe;
89 tmp[1] = tmp[7] = 0xfd;
90 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
91 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
92 memcpy(p->data, &tmp[0], p->len);
96 int xsend(conn_list_t *cl, void *packet)
101 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
102 rp.from = htonl(myself->vpn_ip);
103 rp.data.len = htons(rp.data.len);
104 rp.len = htons(rp.len);
107 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
108 ntohs(rp.len), cl->vpn_hostname, cl->real_hostname);
110 if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
112 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
113 cl->vpn_hostname, cl->real_hostname);
117 total_socket_out += r;
124 int xrecv(conn_list_t *cl, void *packet)
129 do_decrypt((real_packet_t*)packet, &vp, cl->key);
130 add_mac_addresses(&vp);
133 syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
134 ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname);
136 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
137 syslog(LOG_ERR, _("Can't write to tap device: %m"));
139 total_tap_out += lenin;
142 cl->last_ping_time = time(NULL);
148 add the given packet of size s to the
149 queue q, be it the send or receive queue
151 void add_queue(packet_queue_t **q, void *packet, size_t s)
155 e = xmalloc(sizeof(*e));
156 e->packet = xmalloc(s);
157 memcpy(e->packet, packet, s);
161 *q = xmalloc(sizeof(**q));
162 (*q)->head = (*q)->tail = NULL;
165 e->next = NULL; /* We insert at the tail */
167 if((*q)->tail) /* Do we have a tail? */
169 (*q)->tail->next = e;
170 e->prev = (*q)->tail;
172 else /* No tail -> no head too */
182 /* Remove a queue element */
183 void del_queue(packet_queue_t **q, queue_element_t *e)
188 if(e->next) /* There is a successor, so we are not tail */
190 if(e->prev) /* There is a predecessor, so we are not head */
192 e->next->prev = e->prev;
193 e->prev->next = e->next;
195 else /* We are head */
197 e->next->prev = NULL;
198 (*q)->head = e->next;
201 else /* We are tail (or all alone!) */
203 if(e->prev) /* We are not alone :) */
205 e->prev->next = NULL;
206 (*q)->tail = e->prev;
220 flush a queue by calling function for
221 each packet, and removing it when that
222 returned a zero exit code
224 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
225 int (*function)(conn_list_t*,void*))
227 queue_element_t *p, *next = NULL;
229 for(p = (*pq)->head; p != NULL; )
233 if(!function(cl, p->packet))
240 syslog(LOG_DEBUG, _("Queue flushed"));
245 flush the send&recv queues
246 void because nothing goes wrong here, packets
247 remain in the queue if something goes wrong
249 void flush_queues(conn_list_t *cl)
255 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
256 cl->vpn_hostname, cl->real_hostname);
257 flush_queue(cl, &(cl->sq), xsend);
263 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
264 cl->vpn_hostname, cl->real_hostname);
265 flush_queue(cl, &(cl->rq), xrecv);
271 send a packet to the given vpn ip.
273 int send_packet(ip_t to, vpn_packet_t *packet)
277 if((cl = lookup_conn(to)) == NULL)
281 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
285 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
289 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
291 { /* No open outgoing connection has been found. */
293 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
298 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
300 if(myself->flags & EXPORTINDIRECTDATA)
302 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
304 { /* No open outgoing connection has been found. */
306 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
312 /* If indirectdata flag is set for the destination we just looked up,
313 * then real_ip is actually the vpn_ip of the gateway tincd
317 if(cl->flags & INDIRECTDATA)
320 syslog(LOG_NOTICE, _("Indirect packet to %s via %s"),
321 cl->vpn_hostname, cl->real_hostname);
322 if((cl = lookup_conn(cl->real_ip)) == NULL)
325 syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"),
328 /* Gateway tincd dead? Should we kill it? (GS) */
332 if(cl->flags & INDIRECTDATA) /* This should not happen */
335 syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"),
341 if(my_key_expiry <= time(NULL))
344 if(!cl->status.dataopen)
345 if(setup_vpn_connection(cl) < 0)
347 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->vpn_hostname, cl->real_hostname);
351 if(!cl->status.validkey)
354 syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->vpn_hostname, cl->real_hostname);
355 add_queue(&(cl->sq), packet, packet->len + 2);
356 if(!cl->status.waitingforkey)
357 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
361 if(!cl->status.active)
364 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->vpn_hostname, cl->real_hostname);
365 add_queue(&(cl->sq), packet, packet->len + 2);
366 return 0; /* We don't want to mess up, do we? */
369 /* can we send it? can we? can we? huh? */
371 return xsend(cl, packet);
375 open the local ethertap device
377 int setup_tap_fd(void)
380 const char *tapfname;
383 if((cfg = get_config_val(tapdevice)) == NULL)
384 tapfname = "/dev/tap0";
386 tapfname = cfg->data.ptr;
388 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
390 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
400 set up the socket that we listen on for incoming
403 int setup_listen_meta_socket(int port)
406 struct sockaddr_in a;
409 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
411 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
415 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
417 syslog(LOG_ERR, _("setsockopt: %m"));
421 flags = fcntl(nfd, F_GETFL);
422 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
424 syslog(LOG_ERR, _("fcntl: %m"));
428 memset(&a, 0, sizeof(a));
429 a.sin_family = AF_INET;
430 a.sin_port = htons(port);
431 a.sin_addr.s_addr = htonl(INADDR_ANY);
433 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
435 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
441 syslog(LOG_ERR, _("listen: %m"));
449 setup the socket for incoming encrypted
452 int setup_vpn_in_socket(int port)
455 struct sockaddr_in a;
458 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
460 syslog(LOG_ERR, _("Creating socket failed: %m"));
464 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
466 syslog(LOG_ERR, _("setsockopt: %m"));
470 flags = fcntl(nfd, F_GETFL);
471 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
473 syslog(LOG_ERR, _("fcntl: %m"));
477 memset(&a, 0, sizeof(a));
478 a.sin_family = AF_INET;
479 a.sin_port = htons(port);
480 a.sin_addr.s_addr = htonl(INADDR_ANY);
482 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
484 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
492 setup an outgoing meta (tcp) socket
494 int setup_outgoing_meta_socket(conn_list_t *cl)
497 struct sockaddr_in a;
501 syslog(LOG_INFO, _("Trying to connect to %s"), cl->real_hostname);
503 if((cfg = get_config_val(upstreamport)) == NULL)
506 cl->port = cfg->data.val;
508 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
509 if(cl->meta_socket == -1)
511 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
512 cl->real_hostname, cl->port);
516 a.sin_family = AF_INET;
517 a.sin_port = htons(cl->port);
518 a.sin_addr.s_addr = htonl(cl->real_ip);
520 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
522 syslog(LOG_ERR, _("%s port %hd: %m"), cl->real_hostname, cl->port);
526 flags = fcntl(cl->meta_socket, F_GETFL);
527 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
529 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
530 cl->real_hostname, cl->port);
535 syslog(LOG_INFO, _("Connected to %s port %hd"),
536 cl->real_hostname, cl->port);
542 setup an outgoing connection. It's not
543 necessary to also open an udp socket as
544 well, because the other host will initiate
545 an authentication sequence during which
546 we will do just that.
548 int setup_outgoing_connection(char *hostname)
553 if(!(h = gethostbyname(hostname)))
555 syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname);
559 ncn = new_conn_list();
560 ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0])));
561 ncn->real_hostname = hostlookup(htonl(ip));
563 if(setup_outgoing_meta_socket(ncn) < 0)
565 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
567 free_conn_element(ncn);
571 ncn->status.meta = 1;
572 ncn->status.outgoing = 1;
573 ncn->next = conn_list;
580 set up the local sockets (listen only)
582 int setup_myself(void)
586 myself = new_conn_list();
588 if(!(cfg = get_config_val(myvpnip)))
590 syslog(LOG_ERR, _("No value for my VPN IP given"));
594 myself->vpn_ip = cfg->data.ip->ip;
595 myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip));
596 myself->real_hostname = hostlookup(htonl(myself->vpn_ip));
597 myself->vpn_mask = cfg->data.ip->mask;
600 if(!(cfg = get_config_val(listenport)))
603 myself->port = cfg->data.val;
605 if(cfg = get_config_val(indirectdata))
606 if(cfg->data.val == stupid_true)
607 myself->flags |= EXPORTINDIRECTDATA;
609 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
611 syslog(LOG_ERR, _("Unable to set up a listening socket"));
615 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
617 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
618 close(myself->meta_socket);
622 myself->status.active = 1;
624 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
630 sigalrm_handler(int a)
634 cfg = get_next_config_val(upstreamip, upstreamindex++);
638 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
640 signal(SIGALRM, SIG_IGN);
643 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
646 signal(SIGALRM, sigalrm_handler);
648 seconds_till_retry += 5;
649 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
650 seconds_till_retry = MAXTIMEOUT;
651 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
653 alarm(seconds_till_retry);
658 setup all initial network connections
660 int setup_network_connections(void)
664 if((cfg = get_config_val(pingtimeout)) == NULL)
667 timeout = cfg->data.val;
669 if(setup_tap_fd() < 0)
672 if(setup_myself() < 0)
675 if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL)
676 /* No upstream IP given, we're listen only. */
681 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
683 cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */
686 signal(SIGALRM, sigalrm_handler);
688 seconds_till_retry = MAXTIMEOUT;
689 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
690 alarm(seconds_till_retry);
696 close all open network connections
698 void close_network_connections(void)
702 for(p = conn_list; p != NULL; p = p->next)
704 if(p->status.dataopen)
706 shutdown(p->socket, 0); /* No more receptions */
712 shutdown(p->meta_socket, 0); /* No more receptions */
713 close(p->meta_socket);
718 if(myself->status.active)
720 close(myself->meta_socket);
721 close(myself->socket);
727 syslog(LOG_NOTICE, _("Terminating"));
733 create a data (udp) socket
735 int setup_vpn_connection(conn_list_t *cl)
738 struct sockaddr_in a;
741 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->real_hostname);
743 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
746 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
750 a.sin_family = AF_INET;
751 a.sin_port = htons(cl->port);
752 a.sin_addr.s_addr = htonl(cl->real_ip);
754 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
756 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
757 cl->real_hostname, cl->port);
761 flags = fcntl(nfd, F_GETFL);
762 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
764 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
765 cl->vpn_hostname, cl->real_hostname);
770 cl->status.dataopen = 1;
776 handle an incoming tcp connect call and open
779 conn_list_t *create_new_connection(int sfd)
782 struct sockaddr_in ci;
783 int len = sizeof(ci);
787 if(getpeername(sfd, &ci, &len) < 0)
789 syslog(LOG_ERR, _("Error: getpeername: %m"));
793 p->real_ip = ntohl(ci.sin_addr.s_addr);
794 p->real_hostname = hostlookup(ci.sin_addr.s_addr);
795 p->meta_socket = sfd;
798 p->last_ping_time = time(NULL);
802 syslog(LOG_NOTICE, _("Connection from %s port %d"),
803 p->real_hostname, htons(ci.sin_port));
805 if(send_basic_info(p) < 0)
807 free_conn_element(p);
815 put all file descriptors in an fd_set array
817 void build_fdset(fd_set *fs)
823 for(p = conn_list; p != NULL; p = p->next)
826 FD_SET(p->meta_socket, fs);
827 if(p->status.dataopen)
828 FD_SET(p->socket, fs);
831 FD_SET(myself->meta_socket, fs);
832 FD_SET(myself->socket, fs);
838 receive incoming data from the listening
839 udp socket and write it to the ethertap
840 device after being decrypted
842 int handle_incoming_vpn_data(conn_list_t *cl)
846 int x, l = sizeof(x);
849 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
851 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket,
852 cl->vpn_hostname, cl->real_hostname);
857 syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"),
858 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
863 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
866 syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->vpn_hostname, cl->real_hostname);
869 total_socket_in += lenin;
871 rp.data.len = ntohs(rp.data.len);
872 rp.len = ntohs(rp.len);
873 rp.from = ntohl(rp.from);
877 f = lookup_conn(rp.from);
880 syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
881 cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from));
885 if(f->status.validkey)
889 add_queue(&(f->rq), &rp, rp.len);
890 if(!cl->status.waitingforkey)
891 send_key_request(rp.from);
894 if(my_key_expiry <= time(NULL))
902 terminate a connection and notify the other
903 end before closing the sockets
905 void terminate_connection(conn_list_t *cl)
910 if(cl->status.remove)
914 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
915 cl->vpn_hostname, cl->real_hostname);
917 if(cl->status.timeout)
919 /* else if(!cl->status.termreq)
926 close(cl->meta_socket);
928 cl->status.remove = 1;
930 /* If this cl isn't active, don't send any DEL_HOSTs. */
931 if(cl->status.active)
932 notify_others(cl,NULL,send_del_host);
935 /* Find all connections that were lost because they were behind cl
936 (the connection that was dropped). */
938 for(p = conn_list; p != NULL; p = p->next)
940 if((p->nexthop == cl) && (p != cl))
942 if(cl->status.active && p->status.active)
943 notify_others(p,cl,send_del_host);
946 p->status.active = 0;
947 p->status.remove = 1;
951 cl->status.active = 0;
953 if(cl->status.outgoing)
955 signal(SIGALRM, sigalrm_handler);
956 seconds_till_retry = 5;
957 alarm(seconds_till_retry);
958 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
964 Check if the other end is active.
965 If we have sent packets, but didn't receive any,
966 then possibly the other end is dead. We send a
967 PING request over the meta connection. If the other
968 end does not reply in time, we consider them dead
969 and close the connection.
971 int check_dead_connections(void)
977 for(p = conn_list; p != NULL; p = p->next)
981 if(p->status.active && p->status.meta)
983 if(p->last_ping_time + timeout < now)
985 if(p->status.pinged && !p->status.got_pong)
988 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
989 p->vpn_hostname, p->real_hostname);
990 p->status.timeout = 1;
991 terminate_connection(p);
993 else if(p->want_ping)
996 p->last_ping_time = now;
997 p->status.pinged = 1;
998 p->status.got_pong = 0;
1008 accept a new tcp connect and create a
1011 int handle_new_meta_connection(conn_list_t *cl)
1014 struct sockaddr client;
1015 int nfd, len = sizeof(client);
1017 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
1019 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1023 if(!(ncn = create_new_connection(nfd)))
1027 syslog(LOG_NOTICE, _("Closed attempted connection"));
1031 ncn->status.meta = 1;
1032 ncn->next = conn_list;
1039 dispatch any incoming meta requests
1041 int handle_incoming_meta_data(conn_list_t *cl)
1043 int x, l = sizeof(x);
1044 int request, oldlen, i;
1047 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1049 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket,
1050 cl->vpn_hostname, cl->real_hostname);
1055 syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"),
1056 cl->vpn_hostname, cl->real_hostname, sys_errlist[x]);
1060 if(cl->buflen >= MAXBUFSIZE)
1062 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1066 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1074 syslog(LOG_NOTICE, _("Connection closed by %s (%s)"),
1075 cl->vpn_hostname, cl->real_hostname);
1077 syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"),
1078 cl->vpn_hostname, cl->real_hostname);
1082 oldlen = cl->buflen;
1083 cl->buflen += lenin;
1089 for(i = oldlen; i < cl->buflen; i++)
1091 if(cl->buffer[i] == '\n')
1093 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1102 syslog(LOG_DEBUG, _("Got request from %s (%s): %s"),
1103 cl->vpn_hostname, cl->real_hostname, cl->buffer);
1104 if(sscanf(cl->buffer, "%d", &request) == 1)
1106 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1108 syslog(LOG_ERR, _("Unknown request from %s (%s)"),
1109 cl->vpn_hostname, cl->real_hostname);
1113 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1115 syslog(LOG_ERR, _("Error while processing request from %s (%s)"),
1116 cl->vpn_hostname, cl->real_hostname);
1122 syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
1123 cl->vpn_hostname, cl->real_hostname);
1127 cl->buflen -= cl->reqlen;
1128 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1137 cl->last_ping_time = time(NULL);
1144 check all connections to see if anything
1145 happened on their sockets
1147 void check_network_activity(fd_set *f)
1150 int x, l = sizeof(x);
1152 for(p = conn_list; p != NULL; p = p->next)
1154 if(p->status.remove)
1157 if(p->status.dataopen)
1158 if(FD_ISSET(p->socket, f))
1161 The only thing that can happen to get us here is apparently an
1162 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1163 something that will not trigger an error directly on send()).
1164 I've once got here when it said `No route to host'.
1166 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1167 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1168 p->vpn_hostname, p->real_hostname, sys_errlist[x]);
1169 terminate_connection(p);
1174 if(FD_ISSET(p->meta_socket, f))
1175 if(handle_incoming_meta_data(p) < 0)
1177 terminate_connection(p);
1182 if(FD_ISSET(myself->socket, f))
1183 handle_incoming_vpn_data(myself);
1185 if(FD_ISSET(myself->meta_socket, f))
1186 handle_new_meta_connection(myself);
1191 read, encrypt and send data that is
1192 available through the ethertap device
1194 void handle_tap_input(void)
1198 int ether_type, lenin;
1200 memset(&vp, 0, sizeof(vp));
1201 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1203 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1207 total_tap_in += lenin;
1209 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1210 if(ether_type != 0x0800)
1213 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1214 ether_type, MAC_ADDR_V(vp.data[6]));
1221 syslog(LOG_INFO, _("Dropping short packet"));
1225 from = ntohl(*((unsigned long*)(&vp.data[26])));
1226 to = ntohl(*((unsigned long*)(&vp.data[30])));
1228 vp.len = (length_t)lenin - 2;
1230 strip_mac_addresses(&vp);
1232 send_packet(to, &vp);
1237 this is where it all happens...
1239 void main_loop(void)
1244 time_t last_ping_check;
1246 last_ping_check = time(NULL);
1250 tv.tv_sec = timeout;
1256 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1258 if(errno != EINTR) /* because of alarm */
1260 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1268 close_network_connections();
1270 if(read_config_file(configfilename))
1272 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1276 setup_network_connections();
1280 if(last_ping_check + timeout < time(NULL))
1281 /* Let's check if everybody is still alive */
1283 check_dead_connections();
1284 last_ping_check = time(NULL);
1289 check_network_activity(&fset);
1291 /* local tap data */
1292 if(FD_ISSET(tap_fd, &fset))