2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.7 2000/06/26 19:39:34 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
55 int total_tap_out = 0;
56 int total_socket_in = 0;
57 int total_socket_out = 0;
59 static int seconds_till_retry;
61 /* The global list of existing connections */
62 conn_list_t *conn_list = NULL;
63 conn_list_t *myself = NULL;
66 strip off the MAC adresses of an ethernet frame
68 void strip_mac_addresses(vpn_packet_t *p)
70 unsigned char tmp[MAXSIZE];
72 memcpy(tmp, p->data, p->len);
74 memcpy(p->data, &tmp[12], p->len);
79 reassemble MAC addresses
81 void add_mac_addresses(vpn_packet_t *p)
83 unsigned char tmp[MAXSIZE];
85 memcpy(&tmp[12], p->data, p->len);
87 tmp[0] = tmp[6] = 0xfe;
88 tmp[1] = tmp[7] = 0xfd;
89 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
90 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
91 memcpy(p->data, &tmp[0], p->len);
95 int xsend(conn_list_t *cl, void *packet)
100 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
101 rp.from = htonl(myself->vpn_ip);
102 rp.data.len = htons(rp.data.len);
103 rp.len = htons(rp.len);
106 syslog(LOG_ERR, _("Sending packet of %d bytes to " IP_ADDR_S " (%s)"),
107 ntohs(rp.len), IP_ADDR_V(cl->vpn_ip), cl->hostname);
109 if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
111 syslog(LOG_ERR, _("Error sending packet to " IP_ADDR_S " (%s): %m"),
112 IP_ADDR_V(cl->vpn_ip), cl->hostname);
116 total_socket_out += r;
123 int xrecv(conn_list_t *cl, void *packet)
128 do_decrypt((real_packet_t*)packet, &vp, cl->key);
129 add_mac_addresses(&vp);
132 syslog(LOG_ERR, _("Receiving packet of %d bytes from " IP_ADDR_S " (%s)"),
133 ((real_packet_t*)packet)->len, IP_ADDR_V(cl->vpn_ip), cl->hostname);
135 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
136 syslog(LOG_ERR, _("Can't write to tap device: %m"));
138 total_tap_out += lenin;
141 cl->last_ping_time = time(NULL);
147 add the given packet of size s to the
148 queue q, be it the send or receive queue
150 void add_queue(packet_queue_t **q, void *packet, size_t s)
154 e = xmalloc(sizeof(*e));
155 e->packet = xmalloc(s);
156 memcpy(e->packet, packet, s);
160 *q = xmalloc(sizeof(**q));
161 (*q)->head = (*q)->tail = NULL;
164 e->next = NULL; /* We insert at the tail */
166 if((*q)->tail) /* Do we have a tail? */
168 (*q)->tail->next = e;
169 e->prev = (*q)->tail;
171 else /* No tail -> no head too */
181 /* Remove a queue element */
182 void del_queue(packet_queue_t **q, queue_element_t *e)
187 if(e->next) /* There is a successor, so we are not tail */
189 if(e->prev) /* There is a predecessor, so we are not head */
191 e->next->prev = e->prev;
192 e->prev->next = e->next;
194 else /* We are head */
196 e->next->prev = NULL;
197 (*q)->head = e->next;
200 else /* We are tail (or all alone!) */
202 if(e->prev) /* We are not alone :) */
204 e->prev->next = NULL;
205 (*q)->tail = e->prev;
219 flush a queue by calling function for
220 each packet, and removing it when that
221 returned a zero exit code
223 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
224 int (*function)(conn_list_t*,void*))
226 queue_element_t *p, *next = NULL;
228 for(p = (*pq)->head; p != NULL; )
232 if(!function(cl, p->packet))
239 syslog(LOG_DEBUG, _("Queue flushed"));
244 flush the send&recv queues
245 void because nothing goes wrong here, packets
246 remain in the queue if something goes wrong
248 void flush_queues(conn_list_t *cl)
254 syslog(LOG_DEBUG, _("Flushing send queue for " IP_ADDR_S),
255 IP_ADDR_V(cl->vpn_ip));
256 flush_queue(cl, &(cl->sq), xsend);
262 syslog(LOG_DEBUG, _("Flushing receive queue for " IP_ADDR_S),
263 IP_ADDR_V(cl->vpn_ip));
264 flush_queue(cl, &(cl->rq), xrecv);
270 send a packet to the given vpn ip.
272 int send_packet(ip_t to, vpn_packet_t *packet)
276 if((cl = lookup_conn(to)) == NULL)
280 syslog(LOG_NOTICE, _("Trying to look up " IP_ADDR_S " in connection list failed!"),
284 /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */
288 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
290 { /* No open outgoing connection has been found. */
292 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
297 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
299 if(myself->flags & EXPORTINDIRECTDATA)
301 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
303 { /* No open outgoing connection has been found. */
305 syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!"));
311 /* If indirectdata flag is set for the destination we just looked up,
312 * then real_ip is actually the vpn_ip of the gateway tincd
316 if(cl->flags & INDIRECTDATA)
319 syslog(LOG_NOTICE, _("Indirect packet to " IP_ADDR_S " via " IP_ADDR_S),
320 IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip));
321 if((cl = lookup_conn(cl->real_ip)) == NULL)
324 syslog(LOG_NOTICE, _("Indirect look up " IP_ADDR_S " in connection list failed!"),
327 /* Gateway tincd dead? Should we kill it? (GS) */
331 if(cl->flags & INDIRECTDATA) /* This should not happen */
334 syslog(LOG_NOTICE, _("Double indirection for " IP_ADDR_S),
340 if(my_key_expiry <= time(NULL))
343 if(!cl->status.dataopen)
344 if(setup_vpn_connection(cl) < 0)
346 syslog(LOG_ERR, _("Could not open UDP connection to " IP_ADDR_S " (%s)"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
350 if(!cl->status.validkey)
353 syslog(LOG_INFO, _(IP_ADDR_S " (%s) has no valid key, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
354 add_queue(&(cl->sq), packet, packet->len + 2);
355 if(!cl->status.waitingforkey)
356 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
360 if(!cl->status.active)
363 syslog(LOG_INFO, _(IP_ADDR_S " (%s) is not ready, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname);
364 add_queue(&(cl->sq), packet, packet->len + 2);
365 return 0; /* We don't want to mess up, do we? */
368 /* can we send it? can we? can we? huh? */
370 return xsend(cl, packet);
374 open the local ethertap device
376 int setup_tap_fd(void)
379 const char *tapfname;
382 if((cfg = get_config_val(tapdevice)) == NULL)
383 tapfname = "/dev/tap0";
385 tapfname = cfg->data.ptr;
387 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
389 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
399 set up the socket that we listen on for incoming
402 int setup_listen_meta_socket(int port)
405 struct sockaddr_in a;
408 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
410 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
414 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
416 syslog(LOG_ERR, _("setsockopt: %m"));
420 flags = fcntl(nfd, F_GETFL);
421 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
423 syslog(LOG_ERR, _("fcntl: %m"));
427 memset(&a, 0, sizeof(a));
428 a.sin_family = AF_INET;
429 a.sin_port = htons(port);
430 a.sin_addr.s_addr = htonl(INADDR_ANY);
432 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
434 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
440 syslog(LOG_ERR, _("listen: %m"));
448 setup the socket for incoming encrypted
451 int setup_vpn_in_socket(int port)
454 struct sockaddr_in a;
457 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
459 syslog(LOG_ERR, _("Creating socket failed: %m"));
463 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
465 syslog(LOG_ERR, _("setsockopt: %m"));
469 flags = fcntl(nfd, F_GETFL);
470 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
472 syslog(LOG_ERR, _("fcntl: %m"));
476 memset(&a, 0, sizeof(a));
477 a.sin_family = AF_INET;
478 a.sin_port = htons(port);
479 a.sin_addr.s_addr = htonl(INADDR_ANY);
481 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
483 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
491 setup an outgoing meta (tcp) socket
493 int setup_outgoing_meta_socket(conn_list_t *cl)
496 struct sockaddr_in a;
499 if((cfg = get_config_val(upstreamport)) == NULL)
502 cl->port = cfg->data.val;
504 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
505 if(cl->meta_socket == -1)
507 syslog(LOG_ERR, _("Creating socket failed: %m"));
511 a.sin_family = AF_INET;
512 a.sin_port = htons(cl->port);
513 a.sin_addr.s_addr = htonl(cl->real_ip);
515 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
517 syslog(LOG_ERR, _(IP_ADDR_S ":%d: %m"), IP_ADDR_V(cl->real_ip), cl->port);
521 flags = fcntl(cl->meta_socket, F_GETFL);
522 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
524 syslog(LOG_ERR, _("fcntl: %m"));
528 syslog(LOG_INFO, _("Connected to " IP_ADDR_S ":%hd"),
529 IP_ADDR_V(cl->real_ip), cl->port);
535 setup an outgoing connection. It's not
536 necessary to also open an udp socket as
537 well, because the other host will initiate
538 an authentication sequence during which
539 we will do just that.
541 int setup_outgoing_connection(ip_t ip)
545 ncn = new_conn_list();
547 ncn->hostname = hostlookup(htonl(ip));
549 if(setup_outgoing_meta_socket(ncn) < 0)
551 syslog(LOG_ERR, _("Could not set up a meta connection!"));
552 free_conn_element(ncn);
556 ncn->status.meta = 1;
557 ncn->status.outgoing = 1;
558 ncn->next = conn_list;
565 set up the local sockets (listen only)
567 int setup_myself(void)
571 myself = new_conn_list();
573 if(!(cfg = get_config_val(myvpnip)))
575 syslog(LOG_ERR, _("No value for my VPN IP given"));
579 myself->vpn_ip = cfg->data.ip->ip;
580 myself->hostname = hostlookup(htonl(myself->vpn_ip));
581 myself->vpn_mask = cfg->data.ip->mask;
584 if(!(cfg = get_config_val(listenport)))
587 myself->port = cfg->data.val;
589 if(cfg = get_config_val(indirectdata))
591 myself->flags |= EXPORTINDIRECTDATA;
593 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
595 syslog(LOG_ERR, _("Unable to set up a listening socket"));
599 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
601 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket"));
602 close(myself->meta_socket);
606 myself->status.active = 1;
608 syslog(LOG_NOTICE, _("Ready: listening on port %d"), myself->port);
614 sigalrm_handler(int a)
618 cfg = get_config_val(upstreamip);
620 if(!setup_outgoing_connection(cfg->data.ip->ip))
622 signal(SIGALRM, SIG_IGN);
626 signal(SIGALRM, sigalrm_handler);
627 seconds_till_retry += 5;
628 if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */
629 seconds_till_retry = 300;
630 alarm(seconds_till_retry);
631 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
638 setup all initial network connections
640 int setup_network_connections(void)
644 if((cfg = get_config_val(pingtimeout)) == NULL)
647 timeout = cfg->data.val;
649 if(setup_tap_fd() < 0)
652 if(setup_myself() < 0)
655 if((cfg = get_config_val(upstreamip)) == NULL)
656 /* No upstream IP given, we're listen only. */
659 if(setup_outgoing_connection(cfg->data.ip->ip))
661 signal(SIGALRM, sigalrm_handler);
662 seconds_till_retry = 300;
663 alarm(seconds_till_retry);
664 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes"));
671 close all open network connections
673 void close_network_connections(void)
677 for(p = conn_list; p != NULL; p = p->next)
679 if(p->status.dataopen)
681 shutdown(p->socket, 0); /* No more receptions */
687 shutdown(p->meta_socket, 0); /* No more receptions */
688 close(p->meta_socket);
693 if(myself->status.active)
695 close(myself->meta_socket);
696 close(myself->socket);
702 syslog(LOG_NOTICE, _("Terminating"));
708 create a data (udp) socket
710 int setup_vpn_connection(conn_list_t *cl)
713 struct sockaddr_in a;
716 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
718 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
721 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
725 a.sin_family = AF_INET;
726 a.sin_port = htons(cl->port);
727 a.sin_addr.s_addr = htonl(cl->real_ip);
729 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
731 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
732 cl->hostname, cl->port);
736 flags = fcntl(nfd, F_GETFL);
737 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
739 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, nfd);
744 cl->status.dataopen = 1;
750 handle an incoming tcp connect call and open
753 conn_list_t *create_new_connection(int sfd)
756 struct sockaddr_in ci;
757 int len = sizeof(ci);
761 if(getpeername(sfd, &ci, &len) < 0)
763 syslog(LOG_ERR, _("Error: getpeername: %m"));
767 p->real_ip = ntohl(ci.sin_addr.s_addr);
768 p->hostname = hostlookup(ci.sin_addr.s_addr);
769 p->meta_socket = sfd;
772 p->last_ping_time = time(NULL);
775 syslog(LOG_NOTICE, _("Connection from %s port %d"),
776 p->hostname, htons(ci.sin_port));
778 if(send_basic_info(p) < 0)
788 put all file descriptors in an fd_set array
790 void build_fdset(fd_set *fs)
796 for(p = conn_list; p != NULL; p = p->next)
799 FD_SET(p->meta_socket, fs);
800 if(p->status.dataopen)
801 FD_SET(p->socket, fs);
804 FD_SET(myself->meta_socket, fs);
805 FD_SET(myself->socket, fs);
811 receive incoming data from the listening
812 udp socket and write it to the ethertap
813 device after being decrypted
815 int handle_incoming_vpn_data(conn_list_t *cl)
819 int x, l = sizeof(x);
822 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
824 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->socket);
829 syslog(LOG_ERR, _("Incoming data socket error: %s"), sys_errlist[x]);
834 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
837 syslog(LOG_ERR, _("Receiving packet from %s failed: %m"), cl->hostname);
840 total_socket_in += lenin;
842 rp.data.len = ntohs(rp.data.len);
843 rp.len = ntohs(rp.len);
844 rp.from = ntohl(rp.from);
848 f = lookup_conn(rp.from);
851 syslog(LOG_ERR, _("Got packet from " IP_ADDR_S " (%s) with unknown origin " IP_ADDR_S "?"),
852 IP_ADDR_V(cl->vpn_ip), cl->hostname, IP_ADDR_V(rp.from));
856 if(f->status.validkey)
860 add_queue(&(f->rq), &rp, rp.len);
861 if(!cl->status.waitingforkey)
862 send_key_request(rp.from);
865 if(my_key_expiry <= time(NULL))
873 terminate a connection and notify the other
874 end before closing the sockets
876 void terminate_connection(conn_list_t *cl)
881 if(cl->status.remove)
885 syslog(LOG_NOTICE, _("Closing connection with " IP_ADDR_S " (%s)"),
886 IP_ADDR_V(cl->vpn_ip), cl->hostname);
888 if(cl->status.timeout)
890 else if(!cl->status.termreq)
895 close(cl->meta_socket);
897 if(cl->status.outgoing)
899 signal(SIGALRM, sigalrm_handler);
900 seconds_till_retry = 5;
901 alarm(seconds_till_retry);
902 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
905 cl->status.active = 0;
906 cl->status.remove = 1;
909 /* Find all connections that were lost because they were behind cl
910 (the connection that was dropped). */
911 for(p = conn_list; p != NULL; p = p->next)
914 p->status.active = 0;
915 p->status.remove = 1;
919 /* Then send a notification about all these connections to all hosts
920 that are still connected to us. */
921 for(p = conn_list; p != NULL; p = p->next)
922 if(!p->status.remove && p->status.meta)
923 for(q = conn_list; q != NULL; q = q->next)
931 Check if the other end is active.
932 If we have sent packets, but didn't receive any,
933 then possibly the other end is dead. We send a
934 PING request over the meta connection. If the other
935 end does not reply in time, we consider them dead
936 and close the connection.
938 int check_dead_connections(void)
944 for(p = conn_list; p != NULL; p = p->next)
948 if(p->status.active && p->status.meta)
950 if(p->last_ping_time + timeout < now)
952 if(p->status.pinged && !p->status.got_pong)
955 syslog(LOG_INFO, _(IP_ADDR_S " (%s) didn't respond to ping"),
956 IP_ADDR_V(p->vpn_ip), p->hostname);
957 p->status.timeout = 1;
958 terminate_connection(p);
960 else if(p->want_ping)
963 p->last_ping_time = now;
964 p->status.pinged = 1;
965 p->status.got_pong = 0;
975 accept a new tcp connect and create a
978 int handle_new_meta_connection(conn_list_t *cl)
981 struct sockaddr client;
982 int nfd, len = sizeof(client);
984 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
986 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
990 if((ncn = create_new_connection(nfd)) == NULL)
994 syslog(LOG_NOTICE, _("Closed attempted connection"));
998 ncn->status.meta = 1;
999 ncn->next = conn_list;
1006 dispatch any incoming meta requests
1008 int handle_incoming_meta_data(conn_list_t *cl)
1010 int x, l = sizeof(x);
1011 int request, oldlen, i;
1014 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1016 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->meta_socket);
1021 syslog(LOG_ERR, _("Metadata socket error: %s"), sys_errlist[x]);
1025 if(cl->buflen >= MAXBUFSIZE)
1027 syslog(LOG_ERR, _("Metadata read buffer overflow!"));
1031 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
1035 syslog(LOG_ERR, _("Metadata socket read error: %m"));
1039 oldlen = cl->buflen;
1040 cl->buflen += lenin;
1046 for(i = oldlen; i < cl->buflen; i++)
1048 if(cl->buffer[i] == '\n')
1050 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
1059 syslog(LOG_DEBUG, _("Got request from " IP_ADDR_S " (%s): %s"),
1060 IP_ADDR_V(cl->vpn_ip), cl->hostname, cl->buffer);
1061 if(sscanf(cl->buffer, "%d", &request) == 1)
1063 if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
1065 syslog(LOG_ERR, _("Unknown request from " IP_ADDR_S " (%s)"),
1066 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1070 if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
1072 syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S " (%s)"),
1073 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1079 syslog(LOG_ERR, _("Bogus data received from " IP_ADDR_S " (%s)"),
1080 IP_ADDR_V(cl->vpn_ip), cl->hostname);
1084 cl->buflen -= cl->reqlen;
1085 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1094 cl->last_ping_time = time(NULL);
1101 check all connections to see if anything
1102 happened on their sockets
1104 void check_network_activity(fd_set *f)
1107 int x, l = sizeof(x);
1109 for(p = conn_list; p != NULL; p = p->next)
1111 if(p->status.remove)
1114 if(p->status.dataopen)
1115 if(FD_ISSET(p->socket, f))
1118 The only thing that can happen to get us here is apparently an
1119 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1120 something that will not trigger an error directly on send()).
1121 I've once got here when it said `No route to host'.
1123 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1124 syslog(LOG_ERR, _("Outgoing data socket error: %s"), sys_errlist[x]);
1125 terminate_connection(p);
1130 if(FD_ISSET(p->meta_socket, f))
1131 if(handle_incoming_meta_data(p) < 0)
1133 terminate_connection(p);
1138 if(FD_ISSET(myself->socket, f))
1139 handle_incoming_vpn_data(myself);
1141 if(FD_ISSET(myself->meta_socket, f))
1142 handle_new_meta_connection(myself);
1147 read, encrypt and send data that is
1148 available through the ethertap device
1150 void handle_tap_input(void)
1154 int ether_type, lenin;
1156 memset(&vp, 0, sizeof(vp));
1157 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1159 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1163 total_tap_in += lenin;
1165 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1166 if(ether_type != 0x0800)
1169 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S),
1170 ether_type, MAC_ADDR_V(vp.data[6]));
1177 syslog(LOG_INFO, _("Dropping short packet"));
1181 from = ntohl(*((unsigned long*)(&vp.data[26])));
1182 to = ntohl(*((unsigned long*)(&vp.data[30])));
1184 vp.len = (length_t)lenin - 2;
1186 strip_mac_addresses(&vp);
1188 send_packet(to, &vp);
1193 this is where it all happens...
1195 void main_loop(void)
1200 time_t last_ping_check;
1202 last_ping_check = time(NULL);
1206 tv.tv_sec = timeout;
1212 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1214 if(errno == EINTR) /* because of alarm */
1216 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1220 if(last_ping_check + timeout < time(NULL))
1221 /* Let's check if everybody is still alive */
1223 check_dead_connections();
1224 last_ping_check = time(NULL);
1228 check_network_activity(&fset);
1230 /* local tap data */
1231 if(FD_ISSET(tap_fd, &fset))