X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=dc2d65d0dc7190b38e8710e7d58292376f5027ce;hp=c3f89ca56feac6352aabbf6d8806fadd9497e18b;hb=37ed4265fa73d4c06c74362514d78c92029b2f05;hpb=e4f3d93ec62871d1ae11b460627aef0da1b23cd2 diff --git a/src/net.c b/src/net.c index c3f89ca5..dc2d65d0 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.105 2001/05/07 19:08:43 guus Exp $ + $Id: net.c,v 1.35.4.122 2001/07/20 13:54:19 guus Exp $ */ #include "config.h" @@ -26,8 +26,10 @@ #include #include #include -#include -#include +#ifdef HAVE_LINUX + #include + #include +#endif #include #include #include @@ -43,32 +45,24 @@ #include #include -#ifdef HAVE_OPENSSL_RAND_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_EVP_H -# include -#else -# include -#endif +#include +#include +#include -#ifdef HAVE_OPENSSL_ERR_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_PEM_H -# include -#else -# include +#ifndef HAVE_RAND_PSEUDO_BYTES +#define RAND_pseudo_bytes RAND_bytes #endif #ifdef HAVE_TUNTAP -#include LINUX_IF_TUN_H + #ifdef HAVE_LINUX + #ifdef LINUX_IF_TUN_H + #include LINUX_IF_TUN_H + #else + #include + #endif + #else + #include + #endif #endif #include @@ -97,13 +91,11 @@ int total_socket_in = 0; int total_socket_out = 0; config_t *upstreamcfg; -static int seconds_till_retry; +int seconds_till_retry = 5; int keylifetime = 0; int keyexpires = 0; -char *unknown = NULL; - void send_udppacket(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; @@ -134,7 +126,7 @@ cp /* Encrypt the packet. */ - RAND_bytes(inpkt->salt, sizeof(inpkt->salt)); + RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt)); EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); @@ -180,6 +172,19 @@ cp outlen += outpad; outpkt.len = outlen - sizeof(outpkt.salt); + total_socket_in += outlen; + + receive_packet(cl, &outpkt); +cp +} + +void receive_tcppacket(connection_t *cl, char *buffer, int len) +{ + vpn_packet_t outpkt; +cp + outpkt.len = len; + memcpy(outpkt.data, buffer, len); + receive_packet(cl, &outpkt); cp } @@ -203,7 +208,7 @@ cp if(write(tap_fd, packet->data - 2, packet->len + 2) < 0) syslog(LOG_ERR, _("Can't write to ethertap device: %m")); else - total_tap_out += packet->len + 2; + total_tap_out += packet->len; } cp } @@ -248,6 +253,26 @@ cp send_udppacket(cl, packet); } +/* Broadcast a packet to all active direct connections */ + +void broadcast_packet(connection_t *from, vpn_packet_t *packet) +{ + avl_node_t *node; + connection_t *cl; +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), + packet->len, from->name, from->hostname); + + for(node = connection_tree->head; node; node = node->next) + { + cl = (connection_t *)node->data; + if(cl->status.active && cl != from) + send_packet(cl, packet); + } +cp +} + void flush_queue(connection_t *cl) { list_node_t *node, *next; @@ -285,7 +310,7 @@ cp { #ifdef HAVE_LINUX # ifdef HAVE_TUNTAP - tapfname = "/dev/misc/net/tun"; + tapfname = "/dev/net/tun"; # else tapfname = "/dev/tap0"; # endif @@ -333,8 +358,7 @@ cp taptype = TAP_TYPE_TUNTAP; } #endif -#endif -#ifdef HAVE_FREEBSD +#else taptype = TAP_TYPE_TUNTAP; #endif cp @@ -372,6 +396,7 @@ cp option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); +#ifdef HAVE_LINUX setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; @@ -386,6 +411,7 @@ cp return -1; } } +#endif memset(&a, 0, sizeof(a)); a.sin_family = AF_INET; @@ -500,11 +526,12 @@ cp option = 1; setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); +#ifdef HAVE_LINUX setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; setsockopt(cl->meta_socket, SOL_IP, IP_TOS, &option, sizeof(option)); - +#endif /* Connect */ a.sin_family = AF_INET; @@ -541,7 +568,7 @@ cp */ int setup_outgoing_connection(char *name) { - connection_t *ncn; + connection_t *ncn, *old; struct hostent *h; config_t const *cfg; cp @@ -551,6 +578,16 @@ cp return -1; } + /* Make sure we don't make an outgoing connection to a host that is already in our connection list */ + + if((old = lookup_id(name))) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("We are already connected to %s."), name); + old->status.outgoing = 1; + return 0; + } + ncn = new_connection(); asprintf(&ncn->name, "%s", name); @@ -715,7 +752,7 @@ int setup_myself(void) cp myself = new_connection(); - asprintf(&myself->hostname, "MYSELF"); + asprintf(&myself->hostname, _("MYSELF")); myself->options = 0; myself->protocol_version = PROT_CURRENT; @@ -758,14 +795,6 @@ cp else myself->port = cfg->data.val; - if((cfg = get_config_val(myself->config, config_indirectdata))) - if(cfg->data.val == stupid_true) - myself->options |= OPTION_INDIRECT; - - if((cfg = get_config_val(myself->config, config_tcponly))) - if(cfg->data.val == stupid_true) - myself->options |= OPTION_TCPONLY; - /* Read in all the subnets specified in the host configuration file */ for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next) @@ -786,6 +815,48 @@ cp subnet_add(myself, net); } +cp + /* Check some options */ + + if((cfg = get_config_val(config, config_indirectdata))) + if(cfg->data.val == stupid_true) + myself->options |= OPTION_INDIRECT; + + if((cfg = get_config_val(config, config_tcponly))) + if(cfg->data.val == stupid_true) + myself->options |= OPTION_TCPONLY; + + if((cfg = get_config_val(myself->config, config_indirectdata))) + if(cfg->data.val == stupid_true) + myself->options |= OPTION_INDIRECT; + + if((cfg = get_config_val(myself->config, config_tcponly))) + if(cfg->data.val == stupid_true) + myself->options |= OPTION_TCPONLY; + + if(myself->options & OPTION_TCPONLY) + myself->options |= OPTION_INDIRECT; + + if((cfg = get_config_val(config, config_mode))) + { + if(!strcasecmp(cfg->data.ptr, "router")) + routing_mode = RMODE_ROUTER; + else if (!strcasecmp(cfg->data.ptr, "switch")) + routing_mode = RMODE_SWITCH; + else if (!strcasecmp(cfg->data.ptr, "hub")) + routing_mode = RMODE_HUB; + else + { + syslog(LOG_ERR, _("Invalid routing mode!")); + return -1; + } + } + else + routing_mode = RMODE_ROUTER; + +cp + /* Open sockets */ + if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); @@ -814,22 +885,6 @@ cp keyexpires = time(NULL) + keylifetime; cp - /* Check some options */ - - if((cfg = get_config_val(config, config_indirectdata))) - { - if(cfg->data.val == stupid_true) - myself->options |= OPTION_INDIRECT; - } - - if((cfg = get_config_val(config, config_tcponly))) - { - if(cfg->data.val == stupid_true) - myself->options |= OPTION_TCPONLY; - } - - if(myself->options & OPTION_TCPONLY) - myself->options |= OPTION_INDIRECT; /* Activate ourselves */ @@ -848,11 +903,13 @@ cp cfg = get_config_val(upstreamcfg, config_connectto); if(!cfg) - if(upstreamcfg == config) { - /* No upstream IP given, we're listen only. */ - signal(SIGALRM, SIG_IGN); - return; + if(upstreamcfg == config) + { + /* No upstream IP given, we're listen only. */ + signal(SIGALRM, SIG_IGN); + return; + } } else { @@ -963,11 +1020,10 @@ cp myself = NULL; } - close(tap_fd); - - /* Execute tinc-down script right after shutting down the interface */ execute_script("tinc-down"); + close(tap_fd); + destroy_connection_tree(); cp return; @@ -993,7 +1049,7 @@ cp return NULL; } - p->name = unknown; + asprintf(&p->name, _("UNKNOWN")); p->address = ntohl(ci.sin_addr.s_addr); p->hostname = hostlookup(ci.sin_addr.s_addr); p->port = htons(ci.sin_port); /* This one will be overwritten later */ @@ -1027,8 +1083,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.meta) - FD_SET(p->meta_socket, fs); + FD_SET(p->meta_socket, fs); } FD_SET(myself->meta_socket, fs); @@ -1067,7 +1122,7 @@ cp return; } - cl = lookup_connection(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + cl = lookup_active(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); if(!cl) { @@ -1075,6 +1130,8 @@ cp return; } + cl->last_ping_time = time(NULL); + receive_udppacket(cl, &pkt); cp } @@ -1105,11 +1162,10 @@ cp if(cl->status.meta) { - /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ - for(node = connection_tree->head; node; node = node->next) + for(node = active_tree->head; node; node = node->next) { p = (connection_t *)node->data; if(p->nexthop == cl && p != cl) @@ -1122,7 +1178,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.meta && p->status.active && p != cl) + if(p->status.active && p != cl) send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ } } @@ -1142,12 +1198,11 @@ cp { cl->status.outgoing = 0; signal(SIGALRM, sigalrm_handler); - seconds_till_retry = 5; alarm(seconds_till_retry); - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds")); + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); } - /* Inactivate */ + /* Deactivate */ cl->status.active = 0; cp @@ -1172,7 +1227,7 @@ cp for(node = connection_tree->head; node; node = node->next) { cl = (connection_t *)node->data; - if(cl->status.active && cl->status.meta) + if(cl->status.active) { if(cl->last_ping_time + timeout < now) { @@ -1244,13 +1299,12 @@ cp if(p->status.remove) return; - if(p->status.meta) - if(FD_ISSET(p->meta_socket, f)) - if(receive_meta(p) < 0) - { - terminate_connection(p); - return; - } + if(FD_ISSET(p->meta_socket, f)) + if(receive_meta(p) < 0) + { + terminate_connection(p); + return; + } } if(FD_ISSET(myself->meta_socket, f)) @@ -1286,7 +1340,7 @@ cp vp.len = lenin - 2; } - total_tap_in += lenin; + total_tap_in += vp.len; if(lenin < 32) { @@ -1371,7 +1425,7 @@ cp if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Regenerating symmetric key")); - RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); + RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); send_key_changed(myself, NULL); keyexpires = time(NULL) + keylifetime; }