X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=2c08dcf2460e8e175e4867f3e6a37d1098645a1e;hp=4ef654de4614e361ac620691d50d0b40bfb981c9;hb=7db1b999c82611d6c68a5d79b4754db19669d5c6;hpb=34f9e6cf2d6d2b81eb63f9f28963b447a2157740 diff --git a/src/net.c b/src/net.c index 4ef654de..2c08dcf2 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.102 2001/03/04 13:59:25 guus Exp $ + $Id: net.c,v 1.35.4.110 2001/05/28 08:56:57 guus Exp $ */ #include "config.h" @@ -26,8 +26,10 @@ #include #include #include -#include -#include +#ifdef HAVE_LINUX + #include + #include +#endif #include #include #include @@ -134,12 +136,12 @@ cp /* Encrypt the packet. */ - outpkt.len = inpkt->len; + RAND_bytes(inpkt->salt, sizeof(inpkt->salt)); EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); - EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); - EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad); - outlen += outpad + 2; + EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); + EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad); + outlen += outpad; total_socket_out += outlen; @@ -147,7 +149,7 @@ cp to.sin_addr.s_addr = htonl(cl->address); to.sin_port = htons(cl->port); - if((sendto(myself->socket, (char *) &(outpkt.len), outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) + if((sendto(myself->socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); @@ -172,14 +174,24 @@ void receive_udppacket(connection_t *cl, vpn_packet_t *inpkt) int outlen, outpad; EVP_CIPHER_CTX ctx; cp - outpkt.len = inpkt->len; - /* Decrypt the packet */ EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len); - EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8); - EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad); + EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len); + EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad); outlen += outpad; + outpkt.len = outlen - sizeof(outpkt.salt); + + receive_packet(cl, &outpkt); +cp +} + +void receive_tcppacket(connection_t *cl, char *buffer, int len) +{ + vpn_packet_t outpkt; +cp + outpkt.len = len; + memcpy(outpkt.data, buffer, len); receive_packet(cl, &outpkt); cp @@ -204,7 +216,7 @@ cp if(write(tap_fd, packet->data - 2, packet->len + 2) < 0) syslog(LOG_ERR, _("Can't write to ethertap device: %m")); else - total_tap_out += packet->len + 2; + total_tap_out += packet->len; } cp } @@ -286,7 +298,7 @@ cp { #ifdef HAVE_LINUX # ifdef HAVE_TUNTAP - tapfname = "/dev/misc/net/tun"; + tapfname = "/dev/net/tun"; # else tapfname = "/dev/tap0"; # endif @@ -373,6 +385,7 @@ cp option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); +#ifdef HAVE_LINUX setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; @@ -387,6 +400,7 @@ cp return -1; } } +#endif memset(&a, 0, sizeof(a)); a.sin_family = AF_INET; @@ -501,11 +515,12 @@ cp option = 1; setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); +#ifdef HAVE_LINUX setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; setsockopt(cl->meta_socket, SOL_IP, IP_TOS, &option, sizeof(option)); - +#endif /* Connect */ a.sin_family = AF_INET; @@ -576,7 +591,7 @@ cp return -1; } - ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0]))); + ncn->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); ncn->hostname = hostlookup(htonl(ncn->address)); if(setup_outgoing_meta_socket(ncn) < 0) @@ -806,7 +821,7 @@ cp myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength); - RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); + RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); if(!(cfg = get_config_val(config, config_keyexpire))) keylifetime = 3600; @@ -848,10 +863,21 @@ sigalrm_handler(int a) cp cfg = get_config_val(upstreamcfg, config_connectto); - if(!cfg && upstreamcfg == config) - /* No upstream IP given, we're listen only. */ - return; - + if(!cfg) + { + if(upstreamcfg == config) + { + /* No upstream IP given, we're listen only. */ + signal(SIGALRM, SIG_IGN); + return; + } + } + else + { + /* We previously tried all the ConnectTo lines. Now wrap back to the first. */ + cfg = get_config_val(config, config_connectto); + } + while(cfg) { upstreamcfg = cfg->next; @@ -1037,7 +1063,6 @@ void handle_incoming_vpn_data(void) { vpn_packet_t pkt; int x, l = sizeof(x); - int lenin; struct sockaddr_in from; socklen_t fromlen = sizeof(from); connection_t *cl; @@ -1054,7 +1079,7 @@ cp return; } - if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) + if((pkt.len = recvfrom(myself->socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return; @@ -1068,6 +1093,8 @@ cp return; } + cl->last_ping_time = time(NULL); + receive_udppacket(cl, &pkt); cp } @@ -1140,7 +1167,7 @@ cp syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds")); } - /* Inactivate */ + /* Deactivate */ cl->status.active = 0; cp @@ -1279,7 +1306,7 @@ cp vp.len = lenin - 2; } - total_tap_in += lenin; + total_tap_in += vp.len; if(lenin < 32) {