2 net.c -- most of the network code
3 Copyright (C) 1998-2001 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000,2001 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.145 2001/10/31 20:22:52 guus Exp $
28 #include <netinet/in.h>
30 #include <netinet/ip.h>
31 #include <netinet/tcp.h>
36 #include <sys/signal.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 /* SunOS really wants sys/socket.h BEFORE net/if.h,
43 and FreeBSD wants these lines below the rest. */
44 #include <arpa/inet.h>
45 #include <sys/socket.h>
48 #include <openssl/rand.h>
49 #include <openssl/evp.h>
50 #include <openssl/pem.h>
52 #ifndef HAVE_RAND_PSEUDO_BYTES
53 #define RAND_pseudo_bytes RAND_bytes
62 #include "connection.h"
76 int seconds_till_retry = 5;
88 void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
94 /* Decrypt the packet */
96 EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len);
97 EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len);
98 EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad);
100 outpkt.len = outlen - sizeof(outpkt.salt);
102 receive_packet(n, &outpkt);
106 void receive_tcppacket(connection_t *c, char *buffer, int len)
111 memcpy(outpkt.data, buffer, len);
113 receive_packet(c->node, &outpkt);
117 void receive_packet(node_t *n, vpn_packet_t *packet)
120 if(debug_lvl >= DEBUG_TRAFFIC)
121 syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname);
123 route_incoming(n, packet);
127 void send_udppacket(node_t *n, vpn_packet_t *inpkt)
132 struct sockaddr_in to;
133 socklen_t tolen = sizeof(to);
136 if(!n->status.validkey)
138 if(debug_lvl >= DEBUG_TRAFFIC)
139 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
140 n->name, n->hostname);
142 /* Since packet is on the stack of handle_tap_input(),
143 we have to make a copy of it first. */
145 copy = xmalloc(sizeof(vpn_packet_t));
146 memcpy(copy, inpkt, sizeof(vpn_packet_t));
148 list_insert_tail(n->queue, copy);
150 if(!n->status.waitingforkey)
151 send_req_key(n->nexthop->connection, myself, n);
155 /* Encrypt the packet. */
157 RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt));
159 EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len);
160 EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt));
161 EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad);
164 to.sin_family = AF_INET;
165 to.sin_addr.s_addr = htonl(n->address);
166 to.sin_port = htons(n->port);
168 if((sendto(udp_socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
170 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
171 n->name, n->hostname);
178 send a packet to the given vpn ip.
180 void send_packet(node_t *n, vpn_packet_t *packet)
183 if(debug_lvl >= DEBUG_TRAFFIC)
184 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
185 packet->len, n->name, n->hostname);
189 if(debug_lvl >= DEBUG_TRAFFIC)
191 syslog(LOG_NOTICE, _("Packet is looping back to us!"));
197 if(n->via != n && debug_lvl >= DEBUG_TRAFFIC)
198 syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"),
199 n->name, n->via->name, n->via->hostname);
201 if((myself->options | n->via->options) & OPTION_TCPONLY)
203 if(send_tcppacket(n->via->connection, packet))
204 terminate_connection(n->via->connection, 1);
207 send_udppacket(n->via, packet);
210 /* Broadcast a packet to all active direct connections */
212 void broadcast_packet(node_t *from, vpn_packet_t *packet)
217 if(debug_lvl >= DEBUG_TRAFFIC)
218 syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"),
219 packet->len, from->name, from->hostname);
221 for(node = connection_tree->head; node; node = node->next)
223 c = (connection_t *)node->data;
224 if(c->status.active && c != from->nexthop->connection)
225 send_packet(c->node, packet);
230 void flush_queue(node_t *n)
232 list_node_t *node, *next;
234 if(debug_lvl >= DEBUG_TRAFFIC)
235 syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname);
237 for(node = n->queue->head; node; node = next)
240 send_udppacket(n, (vpn_packet_t *)node->data);
241 list_delete_node(n->queue, node);
248 int setup_listen_socket(int port)
251 struct sockaddr_in a;
257 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
259 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
263 flags = fcntl(nfd, F_GETFL);
264 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
267 syslog(LOG_ERR, _("System call `%s' failed: %m"),
272 /* Optimize TCP settings */
275 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
276 setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option));
278 setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option));
280 option = IPTOS_LOWDELAY;
281 setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option));
283 if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface))
284 if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface)))
287 syslog(LOG_ERR, _("Can't bind to interface %s: %m"), interface);
292 memset(&a, 0, sizeof(a));
293 a.sin_family = AF_INET;
294 a.sin_addr.s_addr = htonl(INADDR_ANY);
295 a.sin_port = htons(port);
297 if(get_config_string(lookup_config(config_tree, "BindToAddress"), &address))
299 ipmask = strtoip(address);
302 a.sin_addr.s_addr = htonl(ipmask->address);
307 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
310 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
317 syslog(LOG_ERR, _("System call `%s' failed: %m"),
325 int setup_vpn_in_socket(int port)
328 struct sockaddr_in a;
331 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
334 syslog(LOG_ERR, _("Creating socket failed: %m"));
338 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
340 flags = fcntl(nfd, F_GETFL);
341 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
344 syslog(LOG_ERR, _("System call `%s' failed: %m"),
349 memset(&a, 0, sizeof(a));
350 a.sin_family = AF_INET;
351 a.sin_port = htons(port);
352 a.sin_addr.s_addr = htonl(INADDR_ANY);
354 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
357 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
364 int setup_outgoing_socket(connection_t *c)
367 struct sockaddr_in a;
369 if(debug_lvl >= DEBUG_CONNECTIONS)
370 syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname);
372 c->socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
376 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
377 c->hostname, c->port);
381 /* Bind first to get a fix on our source port???
383 a.sin_family = AF_INET;
384 a.sin_port = htons(0);
385 a.sin_addr.s_addr = htonl(INADDR_ANY);
387 if(bind(c->socket, (struct sockaddr *)&a, sizeof(struct sockaddr)))
390 syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind");
396 /* Optimize TCP settings?
399 setsockopt(c->socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option));
401 setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option));
403 option = IPTOS_LOWDELAY;
404 setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option));
411 a.sin_family = AF_INET;
412 a.sin_port = htons(c->port);
413 a.sin_addr.s_addr = htonl(c->address);
415 if(connect(c->socket, (struct sockaddr *)&a, sizeof(a)) == -1)
418 syslog(LOG_ERR, _("%s port %hd: %m"), c->hostname, c->port);
422 flags = fcntl(c->socket, F_GETFL);
424 if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0)
427 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
428 c->hostname, c->port);
432 if(debug_lvl >= DEBUG_CONNECTIONS)
433 syslog(LOG_INFO, _("Connected to %s port %hd"),
434 c->hostname, c->port);
439 int setup_outgoing_connection(char *name)
445 n = lookup_node(name);
450 if(debug_lvl >= DEBUG_CONNECTIONS)
451 syslog(LOG_INFO, _("Already connected to %s"), name);
455 c = new_connection();
456 c->name = xstrdup(name);
458 init_configuration(&c->config_tree);
459 read_connection_config(c);
461 if(!get_config_string(lookup_config(c->config_tree, "Address"), &c->hostname))
463 syslog(LOG_ERR, _("No address specified for %s"), c->name);
468 if(!get_config_port(lookup_config(c->config_tree, "Port"), &c->port))
470 syslog(LOG_ERR, _("No port specified for %s"), c->name);
475 if(!(h = gethostbyname(c->hostname)))
477 syslog(LOG_ERR, _("Error looking up `%s': %m"), c->hostname);
482 c->address = ntohl(*((ipv4_t*)(h->h_addr_list[0])));
483 c->hostname = hostlookup(htonl(c->address));
485 if(setup_outgoing_socket(c) < 0)
487 syslog(LOG_ERR, _("Could not set up a meta connection to %s (%s)"),
488 c->name, c->hostname);
493 c->status.outgoing = 1;
494 c->last_ping_time = time(NULL);
503 int read_rsa_public_key(connection_t *c)
511 c->rsa_key = RSA_new();
513 /* First, check for simple PublicKey statement */
515 if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key))
517 BN_hex2bn(&c->rsa_key->n, key);
518 BN_hex2bn(&c->rsa_key->e, "FFFF");
522 /* Else, check for PublicKeyFile statement and read it */
524 if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname))
526 if(is_safe_path(fname))
528 if((fp = fopen(fname, "r")) == NULL)
530 syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
534 result = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
538 syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"),
548 /* Else, check if a harnessed public key is in the config file */
552 asprintf(&fname, "%s/hosts/%s", confbase, c->name);
553 if((fp = fopen(fname, "r")))
555 result = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
566 syslog(LOG_ERR, _("No public key for %s specified!"), c->name);
571 int read_rsa_private_key(void)
577 if(!myself->connection->rsa_key)
578 myself->connection->rsa_key = RSA_new();
580 if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key))
582 BN_hex2bn(&myself->connection->rsa_key->d, key);
583 BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
585 else if(get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
587 if((fp = fopen(fname, "r")) == NULL)
589 syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
593 result = PEM_read_RSAPrivateKey(fp, &myself->connection->rsa_key, NULL, NULL);
597 syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
604 syslog(LOG_ERR, _("No private key for tinc daemon specified!"));
612 Configure node_t myself and set up the local sockets (listen only)
614 int setup_myself(void)
622 myself->connection = new_connection();
623 init_configuration(&myself->connection->config_tree);
625 asprintf(&myself->hostname, _("MYSELF"));
626 asprintf(&myself->connection->hostname, _("MYSELF"));
628 myself->connection->options = 0;
629 myself->connection->protocol_version = PROT_CURRENT;
631 if(!get_config_string(lookup_config(config_tree, "Name"), &name)) /* Not acceptable */
633 syslog(LOG_ERR, _("Name for tinc daemon required!"));
639 syslog(LOG_ERR, _("Invalid name for myself!"));
645 myself->connection->name = xstrdup(name);
648 if(read_rsa_private_key())
651 if(read_connection_config(myself->connection))
653 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
657 if(read_rsa_public_key(myself->connection))
662 if(RSA_check_key(rsa_key) != 1)
664 syslog(LOG_ERR, _("Invalid public/private keypair!"));
668 if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->port))
671 myself->connection->port = myself->port;
673 /* Read in all the subnets specified in the host configuration file */
675 cfg = lookup_config(myself->connection->config_tree, "Subnet");
679 if(!get_config_subnet(cfg, &subnet))
682 subnet_add(myself, subnet);
684 cfg = lookup_config_next(myself->connection->config_tree, cfg);
688 /* Check some options */
690 if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice))
692 myself->options |= OPTION_INDIRECT;
694 if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice))
696 myself->options |= OPTION_TCPONLY;
698 if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice))
700 myself->options |= OPTION_INDIRECT;
702 if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice))
704 myself->options |= OPTION_TCPONLY;
706 if(myself->options & OPTION_TCPONLY)
707 myself->options |= OPTION_INDIRECT;
709 if(get_config_string(lookup_config(config_tree, "Mode"), &mode))
711 if(!strcasecmp(mode, "router"))
712 routing_mode = RMODE_ROUTER;
713 else if (!strcasecmp(mode, "switch"))
714 routing_mode = RMODE_SWITCH;
715 else if (!strcasecmp(mode, "hub"))
716 routing_mode = RMODE_HUB;
719 syslog(LOG_ERR, _("Invalid routing mode!"));
724 routing_mode = RMODE_ROUTER;
729 if((tcp_socket = setup_listen_socket(myself->port)) < 0)
731 syslog(LOG_ERR, _("Unable to set up a listening TCP socket!"));
735 if((udp_socket = setup_vpn_in_socket(myself->port)) < 0)
737 syslog(LOG_ERR, _("Unable to set up a listening UDP socket!"));
741 /* Generate packet encryption key */
743 myself->cipher = EVP_bf_cbc();
745 myself->keylength = myself->cipher->key_len + myself->cipher->iv_len;
747 myself->key = (char *)xmalloc(myself->keylength);
748 RAND_pseudo_bytes(myself->key, myself->keylength);
750 if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
753 keyexpires = time(NULL) + keylifetime;
757 myself->nexthop = myself;
758 myself->via = myself;
759 myself->status.active = 1;
762 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
768 setup all initial network connections
770 int setup_network_connections(void)
778 if(get_config_int(lookup_config(config_tree, "PingTimeout"), &timeout))
788 if(setup_device() < 0)
791 /* Run tinc-up script to further initialize the tap interface */
792 execute_script("tinc-up");
794 if(setup_myself() < 0)
797 signal(SIGALRM, try_outgoing_connections);
804 close all open network connections
806 void close_network_connections(void)
808 avl_node_t *node, *next;
811 for(node = connection_tree->head; node; node = next)
814 c = (connection_t *)node->data;
815 c->status.outgoing = 0;
816 terminate_connection(c, 0);
819 terminate_connection(myself->connection, 0);
827 execute_script("tinc-down");
835 handle an incoming tcp connect call and open
838 connection_t *create_new_connection(int sfd)
841 struct sockaddr_in ci;
842 int len = sizeof(ci);
844 c = new_connection();
846 if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0)
848 syslog(LOG_ERR, _("System call `%s' failed: %m"),
854 c->address = ntohl(ci.sin_addr.s_addr);
855 c->hostname = hostlookup(ci.sin_addr.s_addr);
856 c->port = htons(ci.sin_port); /* This one will be overwritten later */
858 c->last_ping_time = time(NULL);
860 if(debug_lvl >= DEBUG_CONNECTIONS)
861 syslog(LOG_NOTICE, _("Connection from %s port %d"),
862 c->hostname, htons(ci.sin_port));
864 c->allow_request = ID;
870 put all file descriptors in an fd_set array
872 void build_fdset(fd_set *fs)
879 for(node = connection_tree->head; node; node = node->next)
881 c = (connection_t *)node->data;
882 FD_SET(c->socket, fs);
885 FD_SET(tcp_socket, fs);
886 FD_SET(udp_socket, fs);
887 FD_SET(device_fd, fs);
892 receive incoming data from the listening
893 udp socket and write it to the ethertap
894 device after being decrypted
896 void handle_incoming_vpn_data(void)
899 int x, l = sizeof(x);
900 struct sockaddr_in from;
901 socklen_t fromlen = sizeof(from);
904 if(getsockopt(udp_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
906 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
907 __FILE__, __LINE__, udp_socket);
912 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
916 if((pkt.len = recvfrom(udp_socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0)
918 syslog(LOG_ERR, _("Receiving packet failed: %m"));
922 n = lookup_node_udp(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
926 syslog(LOG_WARNING, _("Received UDP packet on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
931 n->connection->last_ping_time = time(NULL);
933 receive_udppacket(n, &pkt);
938 Terminate a connection:
940 - Remove associated edge and tell other connections about it if report = 1
941 - Check if we need to retry making an outgoing connection
942 - Deactivate the host
944 void terminate_connection(connection_t *c, int report)
952 if(debug_lvl >= DEBUG_CONNECTIONS)
953 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
954 c->name, c->hostname);
956 c->status.remove = 1;
965 for(node = connection_tree->head; node; node = node->next)
967 other = (connection_t *)node->data;
968 if(other->status.active && other != c)
969 send_del_edge(other, c->edge);
976 /* Check if this was our outgoing connection */
978 if(c->status.outgoing)
980 c->status.outgoing = 0;
981 signal(SIGALRM, try_outgoing_connections);
982 alarm(seconds_till_retry);
983 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
988 c->status.active = 0;
990 c->node->connection = NULL;
996 Check if the other end is active.
997 If we have sent packets, but didn't receive any,
998 then possibly the other end is dead. We send a
999 PING request over the meta connection. If the other
1000 end does not reply in time, we consider them dead
1001 and close the connection.
1003 void check_dead_connections(void)
1006 avl_node_t *node, *next;
1011 for(node = connection_tree->head; node; node = next)
1014 c = (connection_t *)node->data;
1015 if(c->last_ping_time + timeout < now)
1017 if(c->status.active)
1019 if(c->status.pinged)
1021 if(debug_lvl >= DEBUG_PROTOCOL)
1022 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1023 c->name, c->hostname);
1024 c->status.timeout = 1;
1025 terminate_connection(c, 1);
1034 if(debug_lvl >= DEBUG_CONNECTIONS)
1035 syslog(LOG_WARNING, _("Timeout from %s (%s) during authentication"),
1036 c->name, c->hostname);
1037 terminate_connection(c, 0);
1045 accept a new tcp connect and create a
1048 int handle_new_meta_connection()
1051 struct sockaddr client;
1052 int fd, len = sizeof(client);
1054 if((fd = accept(tcp_socket, &client, &len)) < 0)
1056 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1060 if(!(new = create_new_connection(fd)))
1064 syslog(LOG_NOTICE, _("Closed attempted connection"));
1068 connection_add(new);
1075 void randomized_alarm(int seconds)
1078 RAND_pseudo_bytes(&r, 1);
1079 alarm((seconds * (int)r) / 128 + 1);
1082 /* This function is severely fucked up.
1083 We want to redesign it so the following rules apply:
1085 - Try all ConnectTo's in a row:
1086 - if a connect() fails, try next one immediately,
1087 - if it works, wait 5 seconds or so.
1088 - If none of them were succesful, increase delay and retry.
1089 - If all were succesful, don't try anymore.
1093 try_outgoing_connections(int a)
1095 static config_t *cfg = NULL;
1096 static int retry = 0;
1100 cfg = lookup_config(config_tree, "ConnectTo");
1107 get_config_string(cfg, &name);
1108 cfg = lookup_config_next(config_tree, cfg); /* Next time skip to next ConnectTo line */
1112 syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line);
1116 if(setup_outgoing_connection(name)) /* function returns 0 when there are no problems */
1121 get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout);
1125 seconds_till_retry += 5;
1126 if(seconds_till_retry > maxtimeout) /* Don't wait more than MAXTIMEOUT seconds. */
1127 seconds_till_retry = maxtimeout;
1129 syslog(LOG_ERR, _("Failed to setup all outgoing connections, will retry in %d seconds"),
1130 seconds_till_retry);
1132 /* Randomize timeout to avoid global synchronisation effects */
1133 randomized_alarm(seconds_till_retry);
1137 seconds_till_retry = 5;
1143 check all connections to see if anything
1144 happened on their sockets
1146 void check_network_activity(fd_set *f)
1151 if(FD_ISSET(udp_socket, f))
1152 handle_incoming_vpn_data();
1154 for(node = connection_tree->head; node; node = node->next)
1156 c = (connection_t *)node->data;
1158 if(c->status.remove)
1161 if(FD_ISSET(c->socket, f))
1162 if(receive_meta(c) < 0)
1164 terminate_connection(c, c->status.active);
1169 if(FD_ISSET(tcp_socket, f))
1170 handle_new_meta_connection();
1174 void prune_connections(void)
1177 avl_node_t *node, *next;
1179 for(node = connection_tree->head; node; node = next)
1182 c = (connection_t *)node->data;
1184 if(c->status.remove)
1191 this is where it all happens...
1193 void main_loop(void)
1198 time_t last_ping_check;
1200 vpn_packet_t packet;
1202 last_ping_check = time(NULL);
1206 tv.tv_sec = timeout;
1211 prune_connections();
1217 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1219 if(errno != EINTR) /* because of alarm */
1221 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1228 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1230 close_network_connections();
1231 exit_configuration(&config_tree);
1233 if(read_server_config())
1235 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1241 if(setup_network_connections())
1249 /* Let's check if everybody is still alive */
1251 if(last_ping_check + timeout < t)
1253 check_dead_connections();
1254 last_ping_check = time(NULL);
1256 /* Should we regenerate our key? */
1260 if(debug_lvl >= DEBUG_STATUS)
1261 syslog(LOG_INFO, _("Regenerating symmetric key"));
1263 RAND_pseudo_bytes(myself->key, myself->keylength);
1264 send_key_changed(myself->connection, myself);
1265 keyexpires = time(NULL) + keylifetime;
1271 check_network_activity(&fset);
1273 /* local tap data */
1274 if(FD_ISSET(device_fd, &fset))
1276 if(read_packet(&packet))
1279 route_outgoing(&packet);
projects / tinc / blob