X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=266dbab7b7048199cc1d3bbae187d59846e7cab2;hp=3a5874913eb5fbb34fa69a616db11763ca834c72;hb=4f9dad0972ac0f665a1b6050b059bd52f93e6221;hpb=c426e981eeaed3fa4801221720ee8f74d40e9223

diff --git a/src/net.c b/src/net.c
index 3a587491..266dbab7 100644
--- a/src/net.c
+++ b/src/net.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net.c,v 1.35.4.103 2001/03/13 21:32:24 guus Exp $
+    $Id: net.c,v 1.35.4.111 2001/06/05 16:09:55 guus Exp $
 */
 
 #include "config.h"
@@ -26,8 +26,10 @@
 #include <fcntl.h>
 #include <netdb.h>
 #include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/tcp.h>
+#ifdef HAVE_LINUX
+ #include <netinet/ip.h>
+ #include <netinet/tcp.h>
+#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -102,8 +104,6 @@ static int seconds_till_retry;
 int keylifetime = 0;
 int keyexpires = 0;
 
-char *unknown = NULL;
-
 void send_udppacket(connection_t *cl, vpn_packet_t *inpkt)
 {
   vpn_packet_t outpkt;
@@ -134,12 +134,12 @@ cp
 
   /* Encrypt the packet. */
 
-  outpkt.len = inpkt->len;
+  RAND_bytes(inpkt->salt, sizeof(inpkt->salt));
 
   EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
-  EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
-  EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
-  outlen += outpad + 2;
+  EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt));
+  EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad);
+  outlen += outpad;
 
   total_socket_out += outlen;
 
@@ -147,7 +147,7 @@ cp
   to.sin_addr.s_addr = htonl(cl->address);
   to.sin_port = htons(cl->port);
 
-  if((sendto(myself->socket, (char *) &(outpkt.len), outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
+  if((sendto(myself->socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
     {
       syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
              cl->name, cl->hostname);
@@ -172,14 +172,24 @@ void receive_udppacket(connection_t *cl, vpn_packet_t *inpkt)
   int outlen, outpad;
   EVP_CIPHER_CTX ctx;
 cp
-  outpkt.len = inpkt->len;
-
   /* Decrypt the packet */
 
   EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
-  EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
-  EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
+  EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len);
+  EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad);
   outlen += outpad;
+  outpkt.len = outlen - sizeof(outpkt.salt);
+
+  receive_packet(cl, &outpkt);
+cp
+}
+
+void receive_tcppacket(connection_t *cl, char *buffer, int len)
+{
+  vpn_packet_t outpkt;
+cp
+  outpkt.len = len;
+  memcpy(outpkt.data, buffer, len);
 
   receive_packet(cl, &outpkt);
 cp
@@ -204,7 +214,7 @@ cp
       if(write(tap_fd, packet->data - 2, packet->len + 2) < 0)
         syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
       else
-        total_tap_out += packet->len + 2;
+        total_tap_out += packet->len;
     }
 cp
 }
@@ -249,6 +259,26 @@ cp
     send_udppacket(cl, packet);
 }
 
+/* Broadcast a packet to all active connections */
+
+void broadcast_packet(connection_t *from, vpn_packet_t *packet)
+{
+  avl_node_t *node;
+  connection_t *cl;
+cp
+  if(debug_lvl >= DEBUG_TRAFFIC)
+    syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"),
+	   packet->len, from->name, from->hostname);
+
+  for(node = connection_tree->head; node; node = node->next)
+    {
+      cl = (connection_t *)node->data;
+      if(cl->status.meta && cl != from)
+        send_packet(cl, packet);
+    }
+cp
+}
+
 void flush_queue(connection_t *cl)
 {
   list_node_t *node, *next;
@@ -286,7 +316,7 @@ cp
    {
 #ifdef HAVE_LINUX
 # ifdef HAVE_TUNTAP
-      tapfname = "/dev/misc/net/tun";
+      tapfname = "/dev/net/tun";
 # else
       tapfname = "/dev/tap0";
 # endif
@@ -373,6 +403,7 @@ cp
   option = 1;
   setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
   setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option));
+#ifdef HAVE_LINUX
   setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option));
 
   option = IPTOS_LOWDELAY;
@@ -387,6 +418,7 @@ cp
           return -1;
         }
     }
+#endif
 
   memset(&a, 0, sizeof(a));
   a.sin_family = AF_INET;
@@ -501,11 +533,12 @@ cp
 
   option = 1;
   setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option));
+#ifdef HAVE_LINUX
   setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option));
 
   option = IPTOS_LOWDELAY;
   setsockopt(cl->meta_socket, SOL_IP, IP_TOS, &option, sizeof(option));
-
+#endif
   /* Connect */
 
   a.sin_family = AF_INET;
@@ -576,7 +609,7 @@ cp
       return -1;
     }
 
-  ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
+  ncn->address = ntohl(*((ipv4_t*)(h->h_addr_list[0])));
   ncn->hostname = hostlookup(htonl(ncn->address));
 
   if(setup_outgoing_meta_socket(ncn) < 0)
@@ -716,7 +749,7 @@ int setup_myself(void)
 cp
   myself = new_connection();
 
-  asprintf(&myself->hostname, "MYSELF");
+  asprintf(&myself->hostname, _("MYSELF"));
   myself->options = 0;
   myself->protocol_version = PROT_CURRENT;
 
@@ -806,7 +839,7 @@ cp
   myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
 
   myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
-  RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
+  RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
 
   if(!(cfg = get_config_val(config, config_keyexpire)))
     keylifetime = 3600;
@@ -848,11 +881,19 @@ sigalrm_handler(int a)
 cp
   cfg = get_config_val(upstreamcfg, config_connectto);
 
-  if(!cfg && upstreamcfg == config)
+  if(!cfg)
     {
-      /* No upstream IP given, we're listen only. */
-      signal(SIGALRM, SIG_IGN);
-      return;
+      if(upstreamcfg == config)
+      {
+        /* No upstream IP given, we're listen only. */
+        signal(SIGALRM, SIG_IGN);
+        return;
+      }
+    }
+  else
+    {
+      /* We previously tried all the ConnectTo lines. Now wrap back to the first. */
+      cfg = get_config_val(config, config_connectto);
     }
     
   while(cfg)
@@ -988,7 +1029,7 @@ cp
       return NULL;
     }
 
-  p->name = unknown;
+  asprintf(&p->name, _("UNKNOWN"));
   p->address = ntohl(ci.sin_addr.s_addr);
   p->hostname = hostlookup(ci.sin_addr.s_addr);
   p->port = htons(ci.sin_port);				/* This one will be overwritten later */
@@ -1040,7 +1081,6 @@ void handle_incoming_vpn_data(void)
 {
   vpn_packet_t pkt;
   int x, l = sizeof(x);
-  int lenin;
   struct sockaddr_in from;
   socklen_t fromlen = sizeof(from);
   connection_t *cl;
@@ -1057,7 +1097,7 @@ cp
       return;
     }
 
-  if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0)
+  if((pkt.len = recvfrom(myself->socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0)
     {
       syslog(LOG_ERR, _("Receiving packet failed: %m"));
       return;
@@ -1071,6 +1111,8 @@ cp
       return;
     }
 
+  cl->last_ping_time = time(NULL);
+
   receive_udppacket(cl, &pkt);
 cp
 }
@@ -1143,7 +1185,7 @@ cp
       syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
     }
 
-  /* Inactivate */
+  /* Deactivate */
 
   cl->status.active = 0;
 cp
@@ -1282,7 +1324,7 @@ cp
       vp.len = lenin - 2;
     }
 
-  total_tap_in += lenin;
+  total_tap_in += vp.len;
 
   if(lenin < 32)
     {