3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2021 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include "connection.h"
29 #include "compression.h"
55 static io_t device_io;
57 bool device_standby = false;
59 char *proxyhost = NULL;
60 char *proxyport = NULL;
61 char *proxyuser = NULL;
62 char *proxypass = NULL;
64 proxytype_t proxytype;
66 bool disablebuggypeers;
68 char *scriptinterpreter;
69 char *scriptextension;
71 bool node_read_ecdsa_public_key(node_t *n) {
72 if(ecdsa_active(n->ecdsa)) {
81 init_configuration(&config);
83 if(!read_host_config(&config, n->name, true)) {
87 /* First, check for simple Ed25519PublicKey statement */
89 if(get_config_string(lookup_config(&config, "Ed25519PublicKey"), &p)) {
90 n->ecdsa = ecdsa_set_base64_public_key(p);
95 /* Else, check for Ed25519PublicKeyFile statement and read it */
97 if(!get_config_string(lookup_config(&config, "Ed25519PublicKeyFile"), &pubname)) {
98 xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, n->name);
101 fp = fopen(pubname, "r");
107 n->ecdsa = ecdsa_read_pem_public_key(fp);
111 splay_empty_tree(&config);
116 static bool read_invitation_key(void) {
118 char fname[PATH_MAX];
121 ecdsa_free(invitation_key);
122 invitation_key = NULL;
125 snprintf(fname, sizeof(fname), "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);
127 fp = fopen(fname, "r");
130 invitation_key = ecdsa_read_pem_private_key(fp);
133 if(!invitation_key) {
134 logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname);
138 return invitation_key;
141 #ifndef DISABLE_LEGACY
142 static timeout_t keyexpire_timeout;
144 static void keyexpire_handler(void *data) {
146 timeout_set(data, &(struct timeval) {
147 keylifetime, jitter()
152 void regenerate_key(void) {
153 logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys");
156 for splay_each(node_t, n, &node_tree) {
157 n->status.validkey_in = false;
161 void load_all_nodes(void) {
164 char dname[PATH_MAX];
166 snprintf(dname, sizeof(dname), "%s" SLASH "hosts", confbase);
167 dir = opendir(dname);
170 logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
174 while((ent = readdir(dir))) {
175 if(!check_id(ent->d_name)) {
179 node_t *n = lookup_node(ent->d_name);
182 init_configuration(&config);
183 read_config_options(&config, ent->d_name);
184 read_host_config(&config, ent->d_name, true);
187 n = new_node(ent->d_name);
192 for(config_t *cfg = lookup_config(&config, "Subnet"); cfg; cfg = lookup_config_next(&config, cfg)) {
195 if(!get_config_subnet(cfg, &s)) {
199 if((s2 = lookup_subnet(n, s))) {
208 if(lookup_config(&config, "Address")) {
209 n->status.has_address = true;
212 splay_empty_tree(&config);
218 char *get_name(void) {
222 get_config_string(lookup_config(&config_tree, "Name"), &name);
228 returned_name = replace_name(name);
230 return returned_name;
233 static void read_interpreter(void) {
234 char *interpreter = NULL;
235 get_config_string(lookup_config(&config_tree, "ScriptsInterpreter"), &interpreter);
237 if(!interpreter || (sandbox_can(START_PROCESSES, AFTER_SANDBOX) && sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX))) {
238 free(scriptinterpreter);
239 scriptinterpreter = interpreter;
243 if(!string_eq(interpreter, scriptinterpreter)) {
244 logger(DEBUG_ALWAYS, LOG_NOTICE, "Not changing ScriptsInterpreter because of sandbox.");
250 bool setup_myself_reloadable(void) {
253 free(scriptextension);
255 if(!get_config_string(lookup_config(&config_tree, "ScriptsExtension"), &scriptextension)) {
256 scriptextension = xstrdup("");
261 get_config_string(lookup_config(&config_tree, "Proxy"), &proxy);
266 if((space = strchr(proxy, ' '))) {
270 if(!strcasecmp(proxy, "none")) {
271 proxytype = PROXY_NONE;
272 } else if(!strcasecmp(proxy, "socks4")) {
273 proxytype = PROXY_SOCKS4;
274 } else if(!strcasecmp(proxy, "socks4a")) {
275 proxytype = PROXY_SOCKS4A;
276 } else if(!strcasecmp(proxy, "socks5")) {
277 proxytype = PROXY_SOCKS5;
278 } else if(!strcasecmp(proxy, "http")) {
279 proxytype = PROXY_HTTP;
280 } else if(!strcasecmp(proxy, "exec")) {
281 if(sandbox_can(START_PROCESSES, AFTER_SANDBOX)) {
282 proxytype = PROXY_EXEC;
284 logger(DEBUG_ALWAYS, LOG_ERR, "Cannot use exec proxies with current sandbox level.");
288 logger(DEBUG_ALWAYS, LOG_ERR, "Unknown proxy type %s!", proxy);
299 free_string(proxyuser);
302 free_string(proxypass);
311 if(!space || !*space) {
312 logger(DEBUG_ALWAYS, LOG_ERR, "Argument expected for proxy type exec!");
317 if(!sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX)) {
318 logger(DEBUG_ALWAYS, LOG_NOTICE, "Changed exec proxy may fail to work because of sandbox.");
321 proxyhost = xstrdup(space);
330 if(space && (space = strchr(space, ' '))) {
331 *space++ = 0, proxyport = space;
334 if(!proxyhost || !*proxyhost || !proxyport || !*proxyport) {
335 logger(DEBUG_ALWAYS, LOG_ERR, "Host and port argument expected for proxy!");
342 if(space && (space = strchr(space, ' '))) {
343 *space++ = 0, proxyuser = space;
346 if(space && (space = strchr(space, ' '))) {
347 *space++ = 0, proxypass = space;
350 proxyhost = xstrdup(proxyhost);
351 proxyport = xstrdup(proxyport);
353 if(proxyuser && *proxyuser) {
354 proxyuser = xstrdup(proxyuser);
357 if(proxypass && *proxypass) {
358 proxypass = xstrdup(proxypass);
369 if(get_config_bool(lookup_config(&config_tree, "IndirectData"), &choice) && choice) {
370 myself->options |= OPTION_INDIRECT;
373 if(get_config_bool(lookup_config(&config_tree, "TCPOnly"), &choice) && choice) {
374 myself->options |= OPTION_TCPONLY;
377 if(myself->options & OPTION_TCPONLY) {
378 myself->options |= OPTION_INDIRECT;
381 get_config_bool(lookup_config(&config_tree, "UDPDiscovery"), &udp_discovery);
382 get_config_int(lookup_config(&config_tree, "UDPDiscoveryKeepaliveInterval"), &udp_discovery_keepalive_interval);
383 get_config_int(lookup_config(&config_tree, "UDPDiscoveryInterval"), &udp_discovery_interval);
384 get_config_int(lookup_config(&config_tree, "UDPDiscoveryTimeout"), &udp_discovery_timeout);
386 get_config_int(lookup_config(&config_tree, "MTUInfoInterval"), &mtu_info_interval);
387 get_config_int(lookup_config(&config_tree, "UDPInfoInterval"), &udp_info_interval);
389 get_config_bool(lookup_config(&config_tree, "DirectOnly"), &directonly);
390 get_config_bool(lookup_config(&config_tree, "LocalDiscovery"), &localdiscovery);
394 if(get_config_string(lookup_config(&config_tree, "Mode"), &rmode)) {
395 if(!strcasecmp(rmode, "router")) {
396 routing_mode = RMODE_ROUTER;
397 } else if(!strcasecmp(rmode, "switch")) {
398 routing_mode = RMODE_SWITCH;
399 } else if(!strcasecmp(rmode, "hub")) {
400 routing_mode = RMODE_HUB;
402 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid routing mode!");
412 if(get_config_string(lookup_config(&config_tree, "Forwarding"), &fmode)) {
413 if(!strcasecmp(fmode, "off")) {
414 forwarding_mode = FMODE_OFF;
415 } else if(!strcasecmp(fmode, "internal")) {
416 forwarding_mode = FMODE_INTERNAL;
417 } else if(!strcasecmp(fmode, "kernel")) {
418 forwarding_mode = FMODE_KERNEL;
420 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid forwarding mode!");
428 choice = !(myself->options & OPTION_TCPONLY);
429 get_config_bool(lookup_config(&config_tree, "PMTUDiscovery"), &choice);
432 myself->options |= OPTION_PMTU_DISCOVERY;
436 get_config_bool(lookup_config(&config_tree, "ClampMSS"), &choice);
439 myself->options |= OPTION_CLAMP_MSS;
442 get_config_bool(lookup_config(&config_tree, "PriorityInheritance"), &priorityinheritance);
443 get_config_bool(lookup_config(&config_tree, "DecrementTTL"), &decrement_ttl);
447 if(get_config_string(lookup_config(&config_tree, "Broadcast"), &bmode)) {
448 if(!strcasecmp(bmode, "no")) {
449 broadcast_mode = BMODE_NONE;
450 } else if(!strcasecmp(bmode, "yes") || !strcasecmp(bmode, "mst")) {
451 broadcast_mode = BMODE_MST;
452 } else if(!strcasecmp(bmode, "direct")) {
453 broadcast_mode = BMODE_DIRECT;
455 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid broadcast mode!");
463 /* Delete all broadcast subnets before re-adding them */
465 for splay_each(subnet_t, s, &subnet_tree) {
467 splay_delete_node(&subnet_tree, node);
471 const char *const DEFAULT_BROADCAST_SUBNETS[] = { "ff:ff:ff:ff:ff:ff", "255.255.255.255", "224.0.0.0/4", "ff00::/8" };
473 for(size_t i = 0; i < sizeof(DEFAULT_BROADCAST_SUBNETS) / sizeof(*DEFAULT_BROADCAST_SUBNETS); i++) {
474 subnet_t *s = new_subnet();
476 if(!str2net(s, DEFAULT_BROADCAST_SUBNETS[i])) {
483 for(config_t *cfg = lookup_config(&config_tree, "BroadcastSubnet"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
486 if(!get_config_subnet(cfg, &s)) {
495 if(priorityinheritance) {
496 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv4 connections", "PriorityInheritance");
501 #if !defined(IPV6_TCLASS)
503 if(priorityinheritance) {
504 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv6 connections", "PriorityInheritance");
509 if(!get_config_int(lookup_config(&config_tree, "MACExpire"), &macexpire)) {
513 if(get_config_int(lookup_config(&config_tree, "MaxTimeout"), &maxtimeout)) {
514 if(maxtimeout <= 0) {
515 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus maximum timeout!");
524 if(get_config_string(lookup_config(&config_tree, "AddressFamily"), &afname)) {
525 if(!strcasecmp(afname, "IPv4")) {
526 addressfamily = AF_INET;
527 } else if(!strcasecmp(afname, "IPv6")) {
528 addressfamily = AF_INET6;
529 } else if(!strcasecmp(afname, "any")) {
530 addressfamily = AF_UNSPEC;
532 logger(DEBUG_ALWAYS, LOG_ERR, "Invalid address family!");
540 get_config_bool(lookup_config(&config_tree, "Hostnames"), &hostnames);
542 if(!get_config_int(lookup_config(&config_tree, "KeyExpire"), &keylifetime)) {
546 if(!get_config_bool(lookup_config(&config_tree, "AutoConnect"), &autoconnect)) {
550 get_config_bool(lookup_config(&config_tree, "DisableBuggyPeers"), &disablebuggypeers);
552 if(!get_config_int(lookup_config(&config_tree, "InvitationExpire"), &invitation_lifetime)) {
553 invitation_lifetime = 604800; // 1 week
556 read_invitation_key();
561 // Get the port that `from_fd` is listening on, and assign it to
562 // `sa` if `sa` has a dynamically allocated (zero) port.
563 static bool assign_static_port(sockaddr_t *sa, int from_fd) {
564 // We cannot get a port from a bad FD. Bail out.
569 int port = get_bound_port(from_fd);
575 // If the port is non-zero, don't reassign it as it's already static.
576 switch(sa->sa.sa_family) {
578 if(!sa->in.sin_port) {
579 sa->in.sin_port = htons(port);
585 if(!sa->in6.sin6_port) {
586 sa->in6.sin6_port = htons(port);
592 logger(DEBUG_ALWAYS, LOG_ERR, "Unknown address family 0x%x", sa->sa.sa_family);
597 typedef int (*bind_fn_t)(const sockaddr_t *);
599 static int bind_reusing_port(const sockaddr_t *sa, int from_fd, bind_fn_t setup) {
601 memcpy(&reuse_sa, sa, SALEN(sa->sa));
605 // Check if the address we've been passed here is using port 0.
606 // If it is, try to get an actual port from an already bound socket, and reuse it here.
607 if(assign_static_port(&reuse_sa, from_fd)) {
608 fd = setup(&reuse_sa);
611 // If we're binding to a hardcoded non-zero port, or no socket is listening yet,
612 // or binding failed, try the original address.
621 Add listening sockets.
623 static bool add_listen_address(char *address, bool bindto) {
624 char *port = myport.tcp;
627 char *space = strchr(address, ' ');
634 if(!strcmp(address, "*")) {
639 struct addrinfo *ai, hint = {0};
641 hint.ai_family = addressfamily;
643 hint.ai_socktype = SOCK_STREAM;
645 hint.ai_protocol = IPPROTO_TCP;
647 hint.ai_flags = AI_PASSIVE;
649 #if HAVE_DECL_RES_INIT
653 int err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
658 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "getaddrinfo", err == EAI_SYSTEM ? strerror(err) : gai_strerror(err));
662 for(struct addrinfo *aip = ai; aip; aip = aip->ai_next) {
663 // Ignore duplicate addresses
666 for(int i = 0; i < listen_sockets; i++)
667 if(!memcmp(&listen_socket[i].sa, aip->ai_addr, aip->ai_addrlen)) {
676 if(listen_sockets >= MAXSOCKETS) {
677 listen_sockets = MAXSOCKETS;
678 logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
683 const sockaddr_t *sa = (sockaddr_t *) aip->ai_addr;
684 int from_fd = listen_socket[0].tcp.fd;
686 // If we're binding to a dynamically allocated (zero) port, try to get the actual
687 // port of the first TCP socket, and use it for this one. If that succeeds, our
688 // tincd instance will use the same port for all addresses it listens on.
689 int tcp_fd = bind_reusing_port(sa, from_fd, setup_listen_socket);
695 // If we just successfully bound the first socket, use it for the UDP procedure below.
696 // Otherwise, keep using the socket we've obtained from listen_socket[0].
701 int udp_fd = bind_reusing_port(sa, from_fd, setup_vpn_in_socket);
708 listen_socket_t *sock = &listen_socket[listen_sockets];
709 io_add(&sock->tcp, handle_new_meta_connection, sock, tcp_fd, IO_READ);
710 io_add(&sock->udp, handle_incoming_vpn_data, sock, udp_fd, IO_READ);
712 if(debug_level >= DEBUG_CONNECTIONS) {
713 int tcp_port = get_bound_port(tcp_fd);
714 char *hostname = NULL;
715 sockaddr2str(sa, &hostname, NULL);
716 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s port %d", hostname, tcp_port);
720 sock->bindto = bindto;
721 memcpy(&sock->sa, aip->ai_addr, aip->ai_addrlen);
729 void device_enable(void) {
734 /* Run tinc-up script to further initialize the tap interface */
737 environment_init(&env);
738 execute_script("tinc-up", &env);
739 environment_exit(&env);
742 void device_disable(void) {
744 environment_init(&env);
745 execute_script("tinc-down", &env);
746 environment_exit(&env);
754 Configure node_t myself and set up the local sockets (listen only)
756 static bool setup_myself(void) {
758 char *address = NULL;
759 bool port_specified = false;
761 if(!(name = get_name())) {
762 logger(DEBUG_ALWAYS, LOG_ERR, "Name for tinc daemon required!");
766 myname = xstrdup(name);
767 myself = new_node(name);
768 myself->connection = new_connection();
769 myself->connection->name = name;
770 read_host_config(&config_tree, name, true);
772 if(!get_config_string(lookup_config(&config_tree, "Port"), &myport.tcp)) {
773 myport.tcp = xstrdup("655");
775 port_specified = true;
778 myport.udp = xstrdup(myport.tcp);
780 myself->connection->options = 0;
781 myself->connection->protocol_major = PROT_MAJOR;
782 myself->connection->protocol_minor = PROT_MINOR;
784 myself->options |= PROT_MINOR << 24;
786 #ifdef DISABLE_LEGACY
787 myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
788 experimental = myself->connection->ecdsa != NULL;
791 logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!");
797 if(!get_config_bool(lookup_config(&config_tree, "ExperimentalProtocol"), &experimental)) {
798 myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
799 experimental = myself->connection->ecdsa != NULL;
802 logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled.");
806 myself->connection->ecdsa = read_ecdsa_private_key(&config_tree, NULL);
808 if(!myself->connection->ecdsa) {
814 rsa_t *rsa = read_rsa_private_key(&config_tree, NULL);
817 myself->connection->legacy = new_legacy_ctx(rsa);
820 logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled.");
822 logger(DEBUG_ALWAYS, LOG_ERR, "No private keys available, cannot start tinc!");
829 /* Ensure myport is numeric */
830 if(!is_decimal(myport.tcp)) {
831 uint16_t port = service_to_port(myport.tcp);
838 myport.tcp = int_to_str(port);
841 myport.udp = xstrdup(myport.tcp);
844 /* Read in all the subnets specified in the host configuration file */
846 for(config_t *cfg = lookup_config(&config_tree, "Subnet"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
849 if(!get_config_subnet(cfg, &subnet)) {
853 subnet_add(myself, subnet);
856 /* Check some options */
858 if(!setup_myself_reloadable()) {
862 get_config_bool(lookup_config(&config_tree, "StrictSubnets"), &strictsubnets);
863 get_config_bool(lookup_config(&config_tree, "TunnelServer"), &tunnelserver);
864 strictsubnets |= tunnelserver;
866 if(get_config_int(lookup_config(&config_tree, "MaxConnectionBurst"), &max_connection_burst)) {
867 if(max_connection_burst <= 0) {
868 logger(DEBUG_ALWAYS, LOG_ERR, "MaxConnectionBurst cannot be negative!");
873 if(get_config_int(lookup_config(&config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
875 logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!");
879 udp_rcvbuf_warnings = true;
882 if(get_config_int(lookup_config(&config_tree, "UDPSndBuf"), &udp_sndbuf)) {
884 logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!");
888 udp_sndbuf_warnings = true;
891 get_config_int(lookup_config(&config_tree, "FWMark"), &fwmark);
895 logger(DEBUG_ALWAYS, LOG_ERR, "FWMark not supported on this platform!");
903 if(get_config_int(lookup_config(&config_tree, "ReplayWindow"), &replaywin_int)) {
904 if(replaywin_int < 0) {
905 logger(DEBUG_ALWAYS, LOG_ERR, "ReplayWindow cannot be negative!");
909 replaywin = (unsigned)replaywin_int;
910 sptps_replaywin = replaywin;
913 #ifndef DISABLE_LEGACY
914 /* Generate packet encryption key */
918 if(!get_config_string(lookup_config(&config_tree, "Cipher"), &cipher)) {
919 cipher = xstrdup("aes-256-cbc");
922 if(!strcasecmp(cipher, "none")) {
923 myself->incipher = NULL;
925 myself->incipher = cipher_alloc();
927 if(!cipher_open_by_name(myself->incipher, cipher)) {
928 logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
929 cipher_free(myself->incipher);
930 myself->incipher = NULL;
938 timeout_add(&keyexpire_timeout, keyexpire_handler, &keyexpire_timeout, &(struct timeval) {
939 keylifetime, jitter()
942 /* Check if we want to use message authentication codes... */
945 get_config_int(lookup_config(&config_tree, "MACLength"), &maclength);
948 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus MAC length!");
954 if(!get_config_string(lookup_config(&config_tree, "Digest"), &digest)) {
955 digest = xstrdup("sha256");
958 if(!strcasecmp(digest, "none")) {
959 myself->indigest = NULL;
961 myself->indigest = digest_alloc();
963 if(!digest_open_by_name(myself->indigest, digest, maclength)) {
964 logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
965 digest_free(myself->indigest);
966 myself->indigest = NULL;
976 int incompression = 0;
978 if(get_config_int(lookup_config(&config_tree, "Compression"), &incompression)) {
979 myself->incompression = incompression;
981 switch(myself->incompression) {
986 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
987 logger(DEBUG_ALWAYS, LOG_ERR, "LZ4 compression is unavailable on this node.");
991 case COMPRESS_LZO_HI:
992 case COMPRESS_LZO_LO:
996 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
997 logger(DEBUG_ALWAYS, LOG_ERR, "LZO compression is unavailable on this node.");
1001 case COMPRESS_ZLIB_9:
1002 case COMPRESS_ZLIB_8:
1003 case COMPRESS_ZLIB_7:
1004 case COMPRESS_ZLIB_6:
1005 case COMPRESS_ZLIB_5:
1006 case COMPRESS_ZLIB_4:
1007 case COMPRESS_ZLIB_3:
1008 case COMPRESS_ZLIB_2:
1009 case COMPRESS_ZLIB_1:
1013 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
1014 logger(DEBUG_ALWAYS, LOG_ERR, "ZLIB compression is unavailable on this node.");
1022 logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
1023 logger(DEBUG_ALWAYS, LOG_ERR, "Compression level %i is unrecognized by this node.", myself->incompression);
1027 myself->incompression = COMPRESS_NONE;
1032 myself->nexthop = myself;
1033 myself->via = myself;
1034 myself->status.reachable = true;
1035 myself->last_state_change = now.tv_sec;
1036 myself->status.sptps = experimental;
1047 if(get_config_string(lookup_config(&config_tree, "DeviceType"), &type)) {
1048 if(!strcasecmp(type, DEVICE_DUMMY)) {
1049 devops = dummy_devops;
1050 } else if(!strcasecmp(type, "raw_socket")) {
1051 devops = raw_socket_devops;
1052 } else if(!strcasecmp(type, "multicast")) {
1053 devops = multicast_devops;
1056 #ifdef HAVE_SYS_UN_H
1057 else if(!strcasecmp(type, "fd")) {
1063 else if(!strcasecmp(type, "uml")) {
1064 devops = uml_devops;
1069 else if(!strcasecmp(type, "vde")) {
1070 devops = vde_devops;
1077 get_config_bool(lookup_config(&config_tree, "DeviceStandby"), &device_standby);
1079 if(!devops.setup()) {
1083 if(device_fd >= 0) {
1084 io_add(&device_io, handle_device_data, NULL, device_fd, IO_READ);
1089 if(!do_detach && getenv("LISTEN_FDS")) {
1093 listen_sockets = atoi(getenv("LISTEN_FDS"));
1094 #ifdef HAVE_UNSETENV
1095 unsetenv("LISTEN_FDS");
1098 if(listen_sockets > MAXSOCKETS) {
1099 listen_sockets = MAXSOCKETS;
1100 logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
1104 for(int i = 0; i < listen_sockets; i++) {
1105 const int tcp_fd = i + 3;
1108 if(getsockname(tcp_fd, &sa.sa, &salen) < 0) {
1109 logger(DEBUG_ALWAYS, LOG_ERR, "Could not get address of listen fd %d: %s", tcp_fd, sockstrerror(sockerrno));
1114 fcntl(tcp_fd, F_SETFD, FD_CLOEXEC);
1117 int udp_fd = setup_vpn_in_socket(&sa);
1123 io_add(&listen_socket[i].tcp, (io_cb_t)handle_new_meta_connection, &listen_socket[i], tcp_fd, IO_READ);
1124 io_add(&listen_socket[i].udp, (io_cb_t)handle_incoming_vpn_data, &listen_socket[i], udp_fd, IO_READ);
1126 if(debug_level >= DEBUG_CONNECTIONS) {
1127 char *hostname = sockaddr2hostname(&sa);
1128 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s", hostname);
1132 memcpy(&listen_socket[i].sa, &sa, salen);
1138 for(config_t *cfg = lookup_config(&config_tree, "BindToAddress"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
1140 get_config_string(cfg, &address);
1142 if(!add_listen_address(address, true)) {
1147 for(config_t *cfg = lookup_config(&config_tree, "ListenAddress"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
1149 get_config_string(cfg, &address);
1151 if(!add_listen_address(address, false)) {
1157 if(!add_listen_address(address, NULL)) {
1162 if(!listen_sockets) {
1163 logger(DEBUG_ALWAYS, LOG_ERR, "Unable to create any listening socket!");
1167 /* If no Port option was specified, set myport to the port used by the first listening socket. */
1169 if(!port_specified || atoi(myport.tcp) == 0) {
1170 listen_socket_t *sock = &listen_socket[0];
1172 uint16_t tcp = get_bound_port(sock->tcp.fd);
1174 myport.tcp = int_to_str(tcp);
1176 uint16_t udp = get_bound_port(sock->udp.fd);
1178 myport.udp = int_to_str(udp);
1181 xasprintf(&myself->hostname, "MYSELF port %s", myport.tcp);
1182 myself->connection->hostname = xstrdup(myself->hostname);
1185 get_config_string(lookup_config(&config_tree, "UPnP"), &upnp);
1186 bool upnp_tcp = false;
1187 bool upnp_udp = false;
1190 if(!strcasecmp(upnp, "yes")) {
1191 upnp_tcp = upnp_udp = true;
1192 } else if(!strcasecmp(upnp, "udponly")) {
1199 if(upnp_tcp || upnp_udp) {
1200 #ifdef HAVE_MINIUPNPC
1201 upnp_init(upnp_tcp, upnp_udp);
1203 logger(DEBUG_ALWAYS, LOG_WARNING, "UPnP was requested, but tinc isn't built with miniupnpc support!");
1209 last_config_check = now.tv_sec;
1217 bool setup_network(void) {
1221 if(get_config_int(lookup_config(&config_tree, "PingInterval"), &pinginterval)) {
1222 if(pinginterval < 1) {
1223 pinginterval = 86400;
1229 if(!get_config_int(lookup_config(&config_tree, "PingTimeout"), &pingtimeout)) {
1233 if(pingtimeout < 1 || pingtimeout > pinginterval) {
1234 pingtimeout = pinginterval;
1237 if(!get_config_int(lookup_config(&config_tree, "MaxOutputBufferSize"), &maxoutbufsize)) {
1238 maxoutbufsize = 10 * MTU;
1241 if(!setup_myself()) {
1245 if(!init_control()) {
1249 if(!device_standby) {
1253 /* Run subnet-up scripts for our own subnets */
1255 subnet_update(myself, NULL, true);
1261 close all open network connections
1263 void close_network_connections(void) {
1264 for(list_node_t *node = connection_list.head, *next; node; node = next) {
1266 connection_t *c = node->data;
1268 /* Keep control connections open until the end, so they know when we really terminated */
1269 if(c->status.control) {
1274 terminate_connection(c, false);
1277 list_empty_list(&outgoing_list);
1279 if(myself && myself->connection) {
1280 subnet_update(myself, NULL, false);
1281 free_connection(myself->connection);
1284 for(int i = 0; i < listen_sockets; i++) {
1285 io_del(&listen_socket[i].tcp);
1286 io_del(&listen_socket[i].udp);
1287 closesocket(listen_socket[i].tcp.fd);
1288 closesocket(listen_socket[i].udp.fd);
1297 if(!device_standby) {
1304 if(device_fd >= 0) {
1314 free(scriptextension);
1315 free(scriptinterpreter);
projects / tinc / blob