2 net.c -- most of the network code
3 Copyright (C) 1998,99 Ivo Timmermans <zarq@iname.com>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #include <arpa/inet.h>
26 #include <netinet/in.h>
30 #include <sys/signal.h>
31 #include <sys/socket.h>
33 #include <sys/types.h>
50 int total_tap_out = 0;
51 int total_socket_in = 0;
52 int total_socket_out = 0;
54 time_t last_ping_time = 0;
56 /* The global list of existing connections */
57 conn_list_t *conn_list = NULL;
58 conn_list_t *myself = NULL;
61 strip off the MAC adresses of an ethernet frame
63 void strip_mac_addresses(vpn_packet_t *p)
65 unsigned char tmp[MAXSIZE];
67 memcpy(tmp, p->data, p->len);
69 memcpy(p->data, &tmp[12], p->len);
74 reassemble MAC addresses
76 void add_mac_addresses(vpn_packet_t *p)
78 unsigned char tmp[MAXSIZE];
80 memcpy(&tmp[12], p->data, p->len);
82 tmp[0] = tmp[6] = 0xfe;
83 tmp[1] = tmp[7] = 0xfd;
84 *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip));
85 *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26]));
86 memcpy(p->data, &tmp[0], p->len);
90 int xsend(conn_list_t *cl, void *packet)
95 do_encrypt((vpn_packet_t*)packet, &rp, cl->key);
96 rp.from = htonl(myself->vpn_ip);
97 rp.data.len = htons(rp.data.len);
98 rp.len = htons(rp.len);
101 syslog(LOG_ERR, "Sent %d bytes to %lx", ntohs(rp.len), cl->vpn_ip);
103 if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
105 syslog(LOG_ERR, "Error sending data: %m");
109 total_socket_out += r;
114 int xrecv(conn_list_t *cl, void *packet)
119 do_decrypt((real_packet_t*)packet, &vp, cl->key);
120 add_mac_addresses(&vp);
122 if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
123 syslog(LOG_ERR, "Can't write to tap device: %m");
125 total_tap_out += lenin;
131 add the given packet of size s to the
132 queue q, be it the send or receive queue
134 void add_queue(packet_queue_t **q, void *packet, size_t s)
139 syslog(LOG_DEBUG, "packet to queue: %d", s);
141 e = xmalloc(sizeof(*e));
142 e->packet = xmalloc(s);
143 memcpy(e->packet, packet, s);
147 *q = xmalloc(sizeof(**q));
148 (*q)->head = (*q)->tail = NULL;
151 e->next = NULL; /* We insert at the tail */
153 if((*q)->tail) /* Do we have a tail? */
155 (*q)->tail->next = e;
156 e->prev = (*q)->tail;
158 else /* No tail -> no head too */
168 /* Remove a queue element */
169 void del_queue(packet_queue_t **q, queue_element_t *e)
174 if(e->next) /* There is a successor, so we are not tail */
176 if(e->prev) /* There is a predecessor, so we are not head */
178 e->next->prev = e->prev;
179 e->prev->next = e->next;
181 else /* We are head */
183 e->next->prev = NULL;
184 (*q)->head = e->next;
187 else /* We are tail (or all alone!) */
189 if(e->prev) /* We are not alone :) */
191 e->prev->next = NULL;
192 (*q)->tail = e->prev;
206 flush a queue by calling function for
207 each packet, and removing it when that
208 returned a zero exit code
210 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
211 int (*function)(conn_list_t*,void*))
213 queue_element_t *p, *next = NULL;
215 for(p = (*pq)->head; p != NULL; )
219 if(!function(cl, p->packet))
226 syslog(LOG_DEBUG, "queue flushed");
231 flush the send&recv queues
232 void because nothing goes wrong here, packets
233 remain in the queue if something goes wrong
235 void flush_queues(conn_list_t *cl)
241 syslog(LOG_DEBUG, "Flushing send queue for " IP_ADDR_S,
242 IP_ADDR_V(cl->vpn_ip));
243 flush_queue(cl, &(cl->sq), xsend);
249 syslog(LOG_DEBUG, "Flushing receive queue for " IP_ADDR_S,
250 IP_ADDR_V(cl->vpn_ip));
251 flush_queue(cl, &(cl->rq), xrecv);
257 send a packet to the given vpn ip.
259 int send_packet(ip_t to, vpn_packet_t *packet)
263 if((cl = lookup_conn(to)) == NULL)
267 syslog(LOG_NOTICE, "trying to look up " IP_ADDR_S " in connection list failed.",
270 for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next);
272 { /* No open outgoing connection has been found. */
274 syslog(LOG_NOTICE, "There is no remote host I can send this packet to.");
279 if(my_key_expiry <= time(NULL))
282 if(!cl->status.dataopen)
283 if(setup_vpn_connection(cl) < 0)
286 if(!cl->status.validkey)
288 add_queue(&(cl->sq), packet, packet->len + 2);
289 if(!cl->status.waitingforkey)
290 send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
294 if(!cl->status.active)
296 add_queue(&(cl->sq), packet, packet->len + 2);
298 syslog(LOG_INFO, IP_ADDR_S " is not ready, queueing packet.", IP_ADDR_V(cl->vpn_ip));
299 return 0; /* We don't want to mess up, do we? */
302 /* can we send it? can we? can we? huh? */
304 return xsend(cl, packet);
307 int send_broadcast(conn_list_t *cl, vpn_packet_t *packet)
311 for(p = cl; p != NULL; p = p->next)
312 if(send_packet(p->real_ip, packet) < 0)
314 syslog(LOG_ERR, "Could not send a broadcast packet to %08lx (%08lx): %m",
315 p->vpn_ip, p->real_ip);
316 break; /* FIXME: should retry later, and send a ping over the metaconnection. */
323 open the local ethertap device
325 int setup_tap_fd(void)
328 const char *tapfname;
331 if((cfg = get_config_val(tapdevice)) == NULL)
332 tapfname = "/dev/tap0";
334 tapfname = cfg->data.ptr;
336 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
338 syslog(LOG_ERR, "Could not open %s: %m", tapfname);
348 set up the socket that we listen on for incoming
351 int setup_listen_meta_socket(int port)
354 struct sockaddr_in a;
357 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
359 syslog(LOG_ERR, "Creating metasocket failed: %m");
363 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
365 syslog(LOG_ERR, "setsockopt: %m");
369 flags = fcntl(nfd, F_GETFL);
370 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
372 syslog(LOG_ERR, "fcntl: %m");
376 memset(&a, 0, sizeof(a));
377 a.sin_family = AF_INET;
378 a.sin_port = htons(port);
379 a.sin_addr.s_addr = htonl(INADDR_ANY);
381 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
383 syslog(LOG_ERR, "Can't bind to port %hd/tcp: %m", port);
389 syslog(LOG_ERR, "listen: %m");
397 setup the socket for incoming encrypted
400 int setup_vpn_in_socket(int port)
403 struct sockaddr_in a;
406 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
408 syslog(LOG_ERR, "Creating socket failed: %m");
412 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
414 syslog(LOG_ERR, "setsockopt: %m");
418 flags = fcntl(nfd, F_GETFL);
419 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
421 syslog(LOG_ERR, "fcntl: %m");
425 memset(&a, 0, sizeof(a));
426 a.sin_family = AF_INET;
427 a.sin_port = htons(port);
428 a.sin_addr.s_addr = htonl(INADDR_ANY);
430 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
432 syslog(LOG_ERR, "Can't bind to port %hd/udp: %m", port);
440 setup an outgoing meta (tcp) socket
442 int setup_outgoing_meta_socket(conn_list_t *cl)
445 struct sockaddr_in a;
448 if((cfg = get_config_val(upstreamport)) == NULL)
451 cl->port = cfg->data.val;
453 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
454 if(cl->meta_socket == -1)
456 syslog(LOG_ERR, "Creating socket failed: %m");
460 a.sin_family = AF_INET;
461 a.sin_port = htons(cl->port);
462 a.sin_addr.s_addr = htonl(cl->real_ip);
464 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
466 syslog(LOG_ERR, IP_ADDR_S ":%d: %m", IP_ADDR_V(cl->real_ip), cl->port);
470 flags = fcntl(cl->meta_socket, F_GETFL);
471 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
473 syslog(LOG_ERR, "fcntl: %m");
477 cl->hostname = hostlookup(htonl(cl->real_ip));
479 syslog(LOG_INFO, "Connected to %s:%hd" , cl->hostname, cl->port);
485 setup an outgoing connection. It's not
486 necessary to also open an udp socket as
487 well, because the other host will initiate
488 an authentication sequence during which
489 we will do just that.
491 int setup_outgoing_connection(ip_t ip)
495 ncn = new_conn_list();
498 if(setup_outgoing_meta_socket(ncn) < 0)
500 syslog(LOG_ERR, "Could not set up a meta connection.");
501 free_conn_element(ncn);
505 ncn->status.meta = 1;
506 ncn->status.outgoing = 1;
507 ncn->next = conn_list;
514 set up the local sockets (listen only)
516 int setup_myself(void)
520 myself = new_conn_list();
522 if(!(cfg = get_config_val(myvpnip)))
524 syslog(LOG_ERR, "No value for my VPN IP given");
528 myself->vpn_ip = cfg->data.ip->ip;
529 myself->vpn_mask = cfg->data.ip->mask;
531 if(!(cfg = get_config_val(listenport)))
534 myself->port = cfg->data.val;
536 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
538 syslog(LOG_ERR, "Unable to set up a listening socket");
542 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
544 syslog(LOG_ERR, "Unable to set up an incoming vpn data socket");
545 close(myself->meta_socket);
549 myself->status.active = 1;
551 syslog(LOG_NOTICE, "Ready: listening on port %d.", myself->port);
557 setup all initial network connections
559 int setup_network_connections(void)
563 if((cfg = get_config_val(pingtimeout)) == NULL)
566 timeout = cfg->data.val;
568 if(setup_tap_fd() < 0)
571 if(setup_myself() < 0)
574 if((cfg = get_config_val(upstreamip)) == NULL)
575 /* No upstream IP given, we're listen only. */
578 if(setup_outgoing_connection(cfg->data.ip->ip))
585 sigalrm_handler(int a)
588 static int seconds_till_retry;
590 cfg = get_config_val(upstreamip);
592 if(!setup_outgoing_connection(cfg->data.ip->ip))
594 signal(SIGALRM, SIG_IGN);
595 seconds_till_retry = 5;
599 signal(SIGALRM, sigalrm_handler);
600 seconds_till_retry += 5;
601 alarm(seconds_till_retry);
602 syslog(LOG_ERR, "Still failed to connect to other. Will retry in %d seconds.",
609 close all open network connections
611 void close_network_connections(void)
615 for(p = conn_list; p != NULL; p = p->next)
617 if(p->status.dataopen)
619 shutdown(p->socket, 0); /* No more receptions */
625 shutdown(p->meta_socket, 0); /* No more receptions */
626 close(p->meta_socket);
631 if(myself->status.active)
633 close(myself->meta_socket);
634 close(myself->socket);
640 syslog(LOG_NOTICE, "Terminating.");
646 create a data (udp) socket
648 int setup_vpn_connection(conn_list_t *cl)
651 struct sockaddr_in a;
654 syslog(LOG_DEBUG, "Opening UDP socket to " IP_ADDR_S, IP_ADDR_V(cl->real_ip));
656 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
659 syslog(LOG_ERR, "Creating data socket failed: %m");
663 a.sin_family = AF_INET;
664 a.sin_port = htons(cl->port);
665 a.sin_addr.s_addr = htonl(cl->real_ip);
667 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
669 syslog(LOG_ERR, "Create connection to %08lx:%d failed: %m", ntohs(cl->real_ip),
674 flags = fcntl(nfd, F_GETFL);
675 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
677 syslog(LOG_ERR, "This is a bug: %s:%d: %d:%m", __FILE__, __LINE__, nfd);
682 cl->status.dataopen = 1;
688 handle an incoming tcp connect call and open
691 conn_list_t *create_new_connection(int sfd)
694 struct sockaddr_in ci;
695 int len = sizeof(ci);
699 if(getpeername(sfd, &ci, &len) < 0)
701 syslog(LOG_ERR, "Error: getpeername: %m");
705 p->hostname = hostlookup(ci.sin_addr.s_addr);
706 p->real_ip = ntohl(ci.sin_addr.s_addr);
707 p->meta_socket = sfd;
711 syslog(LOG_NOTICE, "Connection from %s:%d", p->hostname, htons(ci.sin_port));
713 if(send_basic_info(p) < 0)
723 put all file descriptors in an fd_set array
725 void build_fdset(fd_set *fs)
731 for(p = conn_list; p != NULL; p = p->next)
734 FD_SET(p->meta_socket, fs);
735 if(p->status.dataopen)
736 FD_SET(p->socket, fs);
739 FD_SET(myself->meta_socket, fs);
740 FD_SET(myself->socket, fs);
746 receive incoming data from the listening
747 udp socket and write it to the ethertap
748 device after being decrypted
750 int handle_incoming_vpn_data(conn_list_t *cl)
754 int x, l = sizeof(x);
757 if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
759 syslog(LOG_ERR, "This is a bug: %s:%d: %d:%m", __FILE__, __LINE__, cl->socket);
764 syslog(LOG_ERR, "Incoming data socket error: %s", sys_errlist[x]);
769 lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
772 syslog(LOG_ERR, "Receiving data failed: %m");
775 total_socket_in += lenin;
777 rp.data.len = ntohs(rp.data.len);
778 rp.len = ntohs(rp.len);
779 rp.from = ntohl(rp.from);
783 f = lookup_conn(rp.from);
785 syslog(LOG_DEBUG, "packet from " IP_ADDR_S " (len %d)",
786 IP_ADDR_V(rp.from), rp.len);
789 syslog(LOG_ERR, "Got packet from unknown source " IP_ADDR_S,
794 if(f->status.validkey)
798 add_queue(&(f->rq), &rp, rp.len);
799 if(!cl->status.waitingforkey)
800 send_key_request(rp.from);
803 if(my_key_expiry <= time(NULL))
811 terminate a connection and notify the other
812 end before closing the sockets
814 void terminate_connection(conn_list_t *cl)
817 if(cl->status.remove)
821 syslog(LOG_NOTICE, "Closing connection with %s.", cl->hostname);
823 if(cl->status.timeout)
825 else if(!cl->status.termreq)
830 close(cl->meta_socket);
832 if(cl->status.outgoing)
835 signal(SIGALRM, sigalrm_handler);
836 syslog(LOG_NOTICE, "Try to re-establish outgoing connection in 5 seconds.");
839 cl->status.remove = 1;
844 send out a ping request to all active
847 int send_broadcast_ping(void)
851 for(p = conn_list; p != NULL; p = p->next)
855 if(p->status.active && p->status.meta)
858 terminate_connection(p);
861 p->status.pinged = 1;
862 p->status.got_pong = 0;
867 last_ping_time = time(NULL);
873 end all connections that did not respond
874 to the ping probe in time
876 int check_dead_connections(void)
880 for(p = conn_list; p != NULL; p = p->next)
884 if(p->status.active && p->status.meta && p->status.pinged && !p->status.got_pong)
886 syslog(LOG_INFO, "%s (" IP_ADDR_S ") didn't respond to ping",
887 p->hostname, IP_ADDR_V(p->vpn_ip));
888 p->status.timeout = 1;
889 terminate_connection(p);
897 accept a new tcp connect and create a
900 int handle_new_meta_connection(conn_list_t *cl)
903 struct sockaddr client;
904 int nfd, len = sizeof(client);
906 if((nfd = accept(cl->meta_socket, &client, &len)) < 0)
908 syslog(LOG_ERR, "Accepting a new connection failed: %m");
912 if((ncn = create_new_connection(nfd)) == NULL)
916 syslog(LOG_NOTICE, "Closed attempted connection.");
920 ncn->status.meta = 1;
921 ncn->next = conn_list;
928 dispatch any incoming meta requests
930 int handle_incoming_meta_data(conn_list_t *cl)
932 int x, l = sizeof(x);
933 int request, oldlen, i;
936 if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
938 syslog(LOG_ERR, "This is a bug: %s:%d: %d:%m", __FILE__, __LINE__, cl->meta_socket);
943 syslog(LOG_ERR, "Metadata socket error: %s", sys_errlist[x]);
947 if(cl->buflen >= MAXBUFSIZE)
949 syslog(LOG_ERR, "Metadata read buffer full! Discarding contents.");
953 lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen);
957 syslog(LOG_ERR, "Metadata socket read error: %m");
968 for(i = oldlen; i < cl->buflen; i++)
970 if(cl->buffer[i] == '\n')
972 cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */
980 if(sscanf(cl->buffer, "%d", &request) == 1)
982 if(request_handlers[request] == NULL)
984 syslog(LOG_ERR, "Unknown request: %s", cl->buffer);
989 syslog(LOG_DEBUG, "Got request: %s", cl->buffer);
991 request_handlers[request](cl);
995 syslog(LOG_ERR, "Bogus data received: %s", cl->buffer);
998 cl->buflen -= cl->reqlen;
999 memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen);
1012 check all connections to see if anything
1013 happened on their sockets
1015 void check_network_activity(fd_set *f)
1018 int x, l = sizeof(x);
1020 for(p = conn_list; p != NULL; p = p->next)
1022 if(p->status.remove)
1025 if(p->status.dataopen)
1026 if(FD_ISSET(p->socket, f))
1029 The only thing that can happen to get us here is apparently an
1030 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1031 something that will not trigger an error directly on send()).
1032 I've once got here when it said `No route to host'.
1034 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1035 syslog(LOG_ERR, "Outgoing data socket error: %s", sys_errlist[x]);
1036 terminate_connection(p);
1041 if(FD_ISSET(p->meta_socket, f))
1042 if(handle_incoming_meta_data(p) < 0)
1044 terminate_connection(p);
1049 if(FD_ISSET(myself->socket, f))
1050 handle_incoming_vpn_data(myself);
1052 if(FD_ISSET(myself->meta_socket, f))
1053 handle_new_meta_connection(myself);
1058 read, encrypt and send data that is
1059 available through the ethertap device
1061 void handle_tap_input(void)
1065 int ether_type, lenin;
1067 memset(&vp, 0, sizeof(vp));
1068 if((lenin = read(tap_fd, &vp, MTU)) <= 0)
1070 syslog(LOG_ERR, "Error while reading from tapdevice: %m");
1074 total_tap_in += lenin;
1076 ether_type = ntohs(*((unsigned short*)(&vp.data[12])));
1077 if(ether_type != 0x0800)
1080 syslog(LOG_INFO, "Non-IP ethernet frame %04x from " MAC_ADDR_S,
1081 ether_type, MAC_ADDR_V(vp.data[6]));
1088 syslog(LOG_INFO, "Dropping short packet");
1092 from = ntohl(*((unsigned long*)(&vp.data[26])));
1093 to = ntohl(*((unsigned long*)(&vp.data[30])));
1096 syslog(LOG_DEBUG, "An IP packet (%04x) for " IP_ADDR_S " from " IP_ADDR_S,
1097 ether_type, IP_ADDR_V(to), IP_ADDR_V(from));
1099 syslog(LOG_DEBUG, MAC_ADDR_S " to " MAC_ADDR_S,
1100 MAC_ADDR_V(vp.data[0]), MAC_ADDR_V(vp.data[6]));
1102 vp.len = (length_t)lenin - 2;
1104 strip_mac_addresses(&vp);
1106 send_packet(to, &vp);
1111 this is where it all happens...
1113 void main_loop(void)
1119 last_ping_time = time(NULL);
1123 tv.tv_sec = timeout;
1129 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1131 if(errno == EINTR) /* because of alarm */
1133 syslog(LOG_ERR, "Error while waiting for input: %m");
1137 if(r == 0 || last_ping_time + timeout < time(NULL))
1138 /* Timeout... hm... something might be wrong. */
1140 check_dead_connections();
1141 send_broadcast_ping();
1145 check_network_activity(&fset);
1147 /* local tap data */
1148 if(FD_ISSET(tap_fd, &fset))
projects / tinc / blob