2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.43 2000/10/21 11:52:06 guus Exp $
25 #include <arpa/inet.h>
29 #include <netinet/in.h>
33 #include <sys/signal.h>
34 #include <sys/socket.h>
36 #include <sys/types.h>
42 #include <linux/sockios.h>
43 #include LINUX_IF_TUN_H
61 int total_tap_out = 0;
62 int total_socket_in = 0;
63 int total_socket_out = 0;
65 int upstreamindex = 0;
66 static int seconds_till_retry;
71 strip off the MAC adresses of an ethernet frame
73 void strip_mac_addresses(vpn_packet_t *p)
76 memmove(p->data, p->data + 12, p->len -= 12);
81 reassemble MAC addresses
83 void add_mac_addresses(vpn_packet_t *p)
86 memcpy(p->data + 12, p->data, p->len);
88 p->data[0] = p->data[6] = 0xfe;
89 p->data[1] = p->data[7] = 0xfd;
90 /* Really evil pointer stuff just below! */
91 *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address));
92 *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26]));
96 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
101 outpkt.len = inpkt->len;
102 EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL);
103 EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
104 EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad);
107 if(debug_lvl >= DEBUG_TRAFFIC)
108 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
109 outlen, cl->name, cl->hostname);
111 total_socket_out += outlen;
115 if((send(cl->socket, (char *) &(outpkt.len), outlen + 2, 0)) < 0)
117 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
118 cl->name, cl->hostname);
125 int xrecv(vpn_packet_t *inpkt)
130 if(debug_lvl > DEBUG_TRAFFIC)
131 syslog(LOG_ERR, _("Receiving packet of %d bytes"),
134 outpkt.len = inpkt->len;
135 EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
136 EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
137 /* FIXME: grok DecryptFinal
138 EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
141 add_mac_addresses(&outpkt);
143 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
144 syslog(LOG_ERR, _("Can't write to tap device: %m"));
146 total_tap_out += outpkt.len;
152 add the given packet of size s to the
153 queue q, be it the send or receive queue
155 void add_queue(packet_queue_t **q, void *packet, size_t s)
159 e = xmalloc(sizeof(*e));
160 e->packet = xmalloc(s);
161 memcpy(e->packet, packet, s);
165 *q = xmalloc(sizeof(**q));
166 (*q)->head = (*q)->tail = NULL;
169 e->next = NULL; /* We insert at the tail */
171 if((*q)->tail) /* Do we have a tail? */
173 (*q)->tail->next = e;
174 e->prev = (*q)->tail;
176 else /* No tail -> no head too */
186 /* Remove a queue element */
187 void del_queue(packet_queue_t **q, queue_element_t *e)
192 if(e->next) /* There is a successor, so we are not tail */
194 if(e->prev) /* There is a predecessor, so we are not head */
196 e->next->prev = e->prev;
197 e->prev->next = e->next;
199 else /* We are head */
201 e->next->prev = NULL;
202 (*q)->head = e->next;
205 else /* We are tail (or all alone!) */
207 if(e->prev) /* We are not alone :) */
209 e->prev->next = NULL;
210 (*q)->tail = e->prev;
224 flush a queue by calling function for
225 each packet, and removing it when that
226 returned a zero exit code
228 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
229 int (*function)(conn_list_t*,void*))
231 queue_element_t *p, *next = NULL;
233 for(p = (*pq)->head; p != NULL; )
237 if(!function(cl, p->packet))
243 if(debug_lvl >= DEBUG_TRAFFIC)
244 syslog(LOG_DEBUG, _("Queue flushed"));
249 flush the send&recv queues
250 void because nothing goes wrong here, packets
251 remain in the queue if something goes wrong
253 void flush_queues(conn_list_t *cl)
258 if(debug_lvl >= DEBUG_TRAFFIC)
259 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
260 cl->name, cl->hostname);
261 flush_queue(cl, &(cl->sq), xsend);
266 if(debug_lvl >= DEBUG_TRAFFIC)
267 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
268 cl->name, cl->hostname);
269 flush_queue(cl, &(cl->rq), xrecv);
275 send a packet to the given vpn ip.
277 int send_packet(ip_t to, vpn_packet_t *packet)
281 if((cl = lookup_conn_list_ipv4(to)) == NULL)
283 if(debug_lvl >= DEBUG_TRAFFIC)
285 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
292 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
294 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
296 if(!cl->status.dataopen)
297 if(setup_vpn_connection(cl) < 0)
299 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
300 cl->name, cl->hostname);
304 if(!cl->status.validkey)
306 if(debug_lvl >= DEBUG_TRAFFIC)
307 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
308 cl->name, cl->hostname);
309 add_queue(&(cl->sq), packet, packet->len + 2);
310 if(!cl->status.waitingforkey)
311 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
315 if(!cl->status.active)
317 if(debug_lvl >= DEBUG_TRAFFIC)
318 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
319 cl->name, cl->hostname);
320 add_queue(&(cl->sq), packet, packet->len + 2);
321 return 0; /* We don't want to mess up, do we? */
324 /* can we send it? can we? can we? huh? */
326 return xsend(cl, packet);
330 open the local ethertap device
332 int setup_tap_fd(void)
335 const char *tapfname;
343 if((cfg = get_config_val(config, tapdevice)))
344 tapfname = cfg->data.ptr;
347 tapfname = "/dev/misc/net/tun";
349 tapfname = "/dev/tap0";
352 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
354 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
363 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
364 memset(&ifr, 0, sizeof(ifr));
366 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
368 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
370 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
372 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
375 if((cfg = get_config_val(config, tapsubnet)) == NULL)
376 syslog(LOG_INFO, _("tun/tap device will be left unconfigured"));
378 /* Setup inetaddr/netmask etc */;
382 /* Add name of network interface to environment (for scripts) */
384 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
385 asprintf(&envvar, "IFNAME=%s", ifr.ifr_name);
394 set up the socket that we listen on for incoming
397 int setup_listen_meta_socket(int port)
400 struct sockaddr_in a;
404 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
406 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
410 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
412 syslog(LOG_ERR, _("setsockopt: %m"));
416 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
418 syslog(LOG_ERR, _("setsockopt: %m"));
422 flags = fcntl(nfd, F_GETFL);
423 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
425 syslog(LOG_ERR, _("fcntl: %m"));
429 if((cfg = get_config_val(config, interface)))
431 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
433 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
438 memset(&a, 0, sizeof(a));
439 a.sin_family = AF_INET;
440 a.sin_port = htons(port);
442 if((cfg = get_config_val(config, interfaceip)))
443 a.sin_addr.s_addr = htonl(cfg->data.ip->ip);
445 a.sin_addr.s_addr = htonl(INADDR_ANY);
447 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
449 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
455 syslog(LOG_ERR, _("listen: %m"));
463 setup the socket for incoming encrypted
466 int setup_vpn_in_socket(int port)
469 struct sockaddr_in a;
472 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
474 syslog(LOG_ERR, _("Creating socket failed: %m"));
478 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
480 syslog(LOG_ERR, _("setsockopt: %m"));
484 flags = fcntl(nfd, F_GETFL);
485 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
487 syslog(LOG_ERR, _("fcntl: %m"));
491 memset(&a, 0, sizeof(a));
492 a.sin_family = AF_INET;
493 a.sin_port = htons(port);
494 a.sin_addr.s_addr = htonl(INADDR_ANY);
496 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
498 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
506 setup an outgoing meta (tcp) socket
508 int setup_outgoing_meta_socket(conn_list_t *cl)
511 struct sockaddr_in a;
514 if(debug_lvl >= DEBUG_CONNECTIONS)
515 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
517 if((cfg = get_config_val(cl->config, port)) == NULL)
520 cl->port = cfg->data.val;
522 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
523 if(cl->meta_socket == -1)
525 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
526 cl->hostname, cl->port);
530 a.sin_family = AF_INET;
531 a.sin_port = htons(cl->port);
532 a.sin_addr.s_addr = htonl(cl->address);
534 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
536 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
540 flags = fcntl(cl->meta_socket, F_GETFL);
541 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
543 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
544 cl->hostname, cl->port);
548 if(debug_lvl >= DEBUG_CONNECTIONS)
549 syslog(LOG_INFO, _("Connected to %s port %hd"),
550 cl->hostname, cl->port);
558 setup an outgoing connection. It's not
559 necessary to also open an udp socket as
560 well, because the other host will initiate
561 an authentication sequence during which
562 we will do just that.
564 int setup_outgoing_connection(char *name)
572 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
576 ncn = new_conn_list();
577 asprintf(&ncn->name, "%s", name);
579 if(read_host_config(ncn))
581 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
586 if(!(cfg = get_config_val(ncn->config, address)))
588 syslog(LOG_ERR, _("No address specified for %s"));
593 if(!(h = gethostbyname(cfg->data.ptr)))
595 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
600 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
601 ncn->hostname = hostlookup(htonl(ncn->address));
603 if(setup_outgoing_meta_socket(ncn) < 0)
605 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
611 ncn->status.outgoing = 1;
612 ncn->buffer = xmalloc(MAXBUFSIZE);
614 ncn->last_ping_time = time(NULL);
625 set up the local sockets (listen only)
627 int setup_myself(void)
631 myself = new_conn_list();
633 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
635 myself->protocol_version = PROT_CURRENT;
637 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
639 syslog(LOG_ERR, _("Name for tinc daemon required!"));
643 asprintf(&myself->name, "%s", (char*)cfg->data.val);
645 if(check_id(myself->name))
647 syslog(LOG_ERR, _("Invalid name for myself!"));
651 if(!(cfg = get_config_val(config, privatekey)))
653 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
658 myself->rsa_key = RSA_new();
659 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
660 BN_hex2bn(&myself->rsa_key->e, "FFFF");
663 if(read_host_config(myself))
665 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
669 if(!(cfg = get_config_val(myself->config, publickey)))
671 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
676 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
679 if(RSA_check_key(myself->rsa_key) != 1)
681 syslog(LOG_ERR, _("Invalid public/private keypair!"));
685 if(!(cfg = get_config_val(myself->config, port)))
688 myself->port = cfg->data.val;
690 if((cfg = get_config_val(myself->config, indirectdata)))
691 if(cfg->data.val == stupid_true)
692 myself->flags |= EXPORTINDIRECTDATA;
694 if((cfg = get_config_val(myself->config, tcponly)))
695 if(cfg->data.val == stupid_true)
696 myself->flags |= TCPONLY;
698 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
700 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
704 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
706 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
707 close(myself->meta_socket);
711 myself->status.active = 1;
713 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
719 sigalrm_handler(int a)
723 cfg = get_next_config_val(config, connectto, upstreamindex++);
725 if(!upstreamindex && !cfg)
726 /* No upstream IP given, we're listen only. */
731 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
733 signal(SIGALRM, SIG_IGN);
736 cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */
739 signal(SIGALRM, sigalrm_handler);
741 seconds_till_retry += 5;
742 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
743 seconds_till_retry = MAXTIMEOUT;
744 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
746 alarm(seconds_till_retry);
751 setup all initial network connections
753 int setup_network_connections(void)
758 if((cfg = get_config_val(config, pingtimeout)) == NULL)
761 timeout = cfg->data.val;
763 if(setup_tap_fd() < 0)
766 if(setup_myself() < 0)
769 /* Run tinc-up script to further initialize the tap interface */
771 asprintf(&scriptname, "%s/tinc-up", confbase);
776 execl(scriptname, NULL);
779 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
786 if((cfg = get_next_config_val(config, connectto, upstreamindex++)) == NULL)
787 /* No upstream IP given, we're listen only. */
792 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
794 cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */
797 signal(SIGALRM, sigalrm_handler);
799 seconds_till_retry = MAXTIMEOUT;
800 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
801 alarm(seconds_till_retry);
807 close all open network connections
809 void close_network_connections(void)
814 for(p = conn_list; p != NULL; p = p->next)
816 if(p->status.dataopen)
818 shutdown(p->socket, 0); /* No more receptions */
824 shutdown(p->meta_socket, 0); /* No more receptions */
825 close(p->meta_socket);
830 if(myself->status.active)
832 close(myself->meta_socket);
833 close(myself->socket);
836 /* Execute tinc-down script right before shutting down the interface */
838 asprintf(&scriptname, "%s/tinc-down", confbase);
842 execl(scriptname, NULL);
845 syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname);
855 syslog(LOG_NOTICE, _("Terminating"));
861 create a data (udp) socket
863 int setup_vpn_connection(conn_list_t *cl)
866 struct sockaddr_in a;
868 if(debug_lvl >= DEBUG_TRAFFIC)
869 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
871 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
874 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
878 a.sin_family = AF_INET;
879 a.sin_port = htons(cl->port);
880 a.sin_addr.s_addr = htonl(cl->address);
882 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
884 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
885 cl->hostname, cl->port);
889 flags = fcntl(nfd, F_GETFL);
890 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
892 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
893 cl->name, cl->hostname);
898 cl->status.dataopen = 1;
904 handle an incoming tcp connect call and open
907 conn_list_t *create_new_connection(int sfd)
910 struct sockaddr_in ci;
911 int len = sizeof(ci);
915 if(getpeername(sfd, &ci, &len) < 0)
917 syslog(LOG_ERR, _("Error: getpeername: %m"));
922 p->address = ntohl(ci.sin_addr.s_addr);
923 p->hostname = hostlookup(ci.sin_addr.s_addr);
924 p->meta_socket = sfd;
926 p->buffer = xmalloc(MAXBUFSIZE);
928 p->last_ping_time = time(NULL);
931 if(debug_lvl >= DEBUG_CONNECTIONS)
932 syslog(LOG_NOTICE, _("Connection from %s port %d"),
933 p->hostname, htons(ci.sin_port));
935 p->allow_request = ID;
941 put all file descriptors in an fd_set array
943 void build_fdset(fd_set *fs)
949 for(p = conn_list; p != NULL; p = p->next)
952 FD_SET(p->meta_socket, fs);
953 if(p->status.dataopen)
954 FD_SET(p->socket, fs);
957 FD_SET(myself->meta_socket, fs);
958 FD_SET(myself->socket, fs);
964 receive incoming data from the listening
965 udp socket and write it to the ethertap
966 device after being decrypted
968 int handle_incoming_vpn_data()
972 int x, l = sizeof(x);
974 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
976 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
977 __FILE__, __LINE__, myself->socket);
982 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
986 if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, NULL, NULL) <= 0)
988 syslog(LOG_ERR, _("Receiving packet failed: %m"));
997 terminate a connection and notify the other
998 end before closing the sockets
1000 void terminate_connection(conn_list_t *cl)
1005 if(cl->status.remove)
1008 if(debug_lvl >= DEBUG_CONNECTIONS)
1009 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1010 cl->name, cl->hostname);
1015 close(cl->meta_socket);
1017 cl->status.remove = 1;
1019 /* If this cl isn't active, don't send any DEL_HOSTs. */
1021 /* FIXME: reprogram this.
1022 if(cl->status.active)
1023 notify_others(cl,NULL,send_del_host);
1027 /* Find all connections that were lost because they were behind cl
1028 (the connection that was dropped). */
1030 for(p = conn_list; p != NULL; p = p->next)
1032 if((p->nexthop == cl) && (p != cl))
1034 if(cl->status.active && p->status.active)
1035 /* FIXME: reprogram this
1036 notify_others(p,cl,send_del_host);
1040 p->status.active = 0;
1041 p->status.remove = 1;
1045 cl->status.active = 0;
1047 if(cl->status.outgoing)
1049 signal(SIGALRM, sigalrm_handler);
1050 seconds_till_retry = 5;
1051 alarm(seconds_till_retry);
1052 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1058 Check if the other end is active.
1059 If we have sent packets, but didn't receive any,
1060 then possibly the other end is dead. We send a
1061 PING request over the meta connection. If the other
1062 end does not reply in time, we consider them dead
1063 and close the connection.
1065 int check_dead_connections(void)
1071 for(p = conn_list; p != NULL; p = p->next)
1073 if(p->status.remove)
1075 if(p->status.active && p->status.meta)
1077 if(p->last_ping_time + timeout < now)
1079 if(p->status.pinged && !p->status.got_pong)
1081 if(debug_lvl >= DEBUG_PROTOCOL)
1082 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1083 p->name, p->hostname);
1084 p->status.timeout = 1;
1085 terminate_connection(p);
1087 else if(p->want_ping)
1090 p->last_ping_time = now;
1091 p->status.pinged = 1;
1092 p->status.got_pong = 0;
1102 accept a new tcp connect and create a
1105 int handle_new_meta_connection()
1108 struct sockaddr client;
1109 int nfd, len = sizeof(client);
1111 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1113 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1117 if(!(ncn = create_new_connection(nfd)))
1121 syslog(LOG_NOTICE, _("Closed attempted connection"));
1125 ncn->status.meta = 1;
1126 ncn->next = conn_list;
1133 check all connections to see if anything
1134 happened on their sockets
1136 void check_network_activity(fd_set *f)
1139 int x, l = sizeof(x);
1141 for(p = conn_list; p != NULL; p = p->next)
1143 if(p->status.remove)
1146 if(p->status.dataopen)
1147 if(FD_ISSET(p->socket, f))
1150 The only thing that can happen to get us here is apparently an
1151 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1152 something that will not trigger an error directly on send()).
1153 I've once got here when it said `No route to host'.
1155 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1156 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1157 p->name, p->hostname, strerror(x));
1158 terminate_connection(p);
1163 if(FD_ISSET(p->meta_socket, f))
1164 if(receive_meta(p) < 0)
1166 terminate_connection(p);
1171 if(FD_ISSET(myself->socket, f))
1172 handle_incoming_vpn_data();
1174 if(FD_ISSET(myself->meta_socket, f))
1175 handle_new_meta_connection();
1180 read, encrypt and send data that is
1181 available through the ethertap device
1183 void handle_tap_input(void)
1187 int ether_type, lenin;
1189 memset(&vp, 0, sizeof(vp));
1193 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1195 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1202 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1204 syslog(LOG_ERR, _("Error while reading from tapdevice: %m"));
1210 total_tap_in += lenin;
1212 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1213 if(ether_type != 0x0800)
1215 if(debug_lvl >= DEBUG_TRAFFIC)
1216 syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6]));
1222 if(debug_lvl >= DEBUG_TRAFFIC)
1223 syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6]));
1227 from = ntohl(*((unsigned long*)(&vp.data[26])));
1228 to = ntohl(*((unsigned long*)(&vp.data[30])));
1230 send_packet(to, &vp);
1235 this is where it all happens...
1237 void main_loop(void)
1242 time_t last_ping_check;
1244 last_ping_check = time(NULL);
1248 tv.tv_sec = timeout;
1254 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1256 if(errno != EINTR) /* because of alarm */
1258 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1266 /* FIXME: reprogram this.
1268 syslog(LOG_INFO, _("Rereading configuration file"));
1269 close_network_connections();
1271 if(read_config_file(&config, configfilename))
1273 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1277 setup_network_connections();
1282 if(last_ping_check + timeout < time(NULL))
1283 /* Let's check if everybody is still alive */
1285 check_dead_connections();
1286 last_ping_check = time(NULL);
1291 check_network_activity(&fset);
1293 /* local tap data */
1294 if(FD_ISSET(tap_fd, &fset))