2 net.c -- most of the network code
3 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
4 2000 Guus Sliepen <guus@sliepen.warande.net>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 $Id: net.c,v 1.35.4.66 2000/11/04 20:44:26 guus Exp $
25 #include <arpa/inet.h>
28 #include <linux/sockios.h>
31 #include <netinet/in.h>
35 #include <sys/signal.h>
36 #include <sys/socket.h>
38 #include <sys/types.h>
41 #include <sys/ioctl.h>
42 #include <openssl/rand.h>
43 #include <openssl/evp.h>
44 #include <openssl/err.h>
47 #include LINUX_IF_TUN_H
64 int taptype = TAP_TYPE_ETHERTAP;
66 int total_tap_out = 0;
67 int total_socket_in = 0;
68 int total_socket_out = 0;
70 config_t *upstreamcfg;
71 static int seconds_till_retry;
77 char *interface_name = NULL; /* Contains the name of the interface */
82 Execute the given script.
83 This function doesn't really belong here.
85 int execute_script(const char* name)
91 if((pid = fork()) < 0)
93 syslog(LOG_ERR, _("System call `%s' failed: %m"),
105 asprintf(&scriptname, "%s/%s", confbase, name);
106 asprintf(&s, "IFNAME=%s", interface_name);
112 asprintf(&s, "NETNAME=%s", netname);
121 if(chdir(confbase) < 0)
123 syslog(LOG_ERR, _("Couldn't chdir to `%s': %m"),
127 execl(scriptname, NULL);
128 /* No return on success */
130 if(errno != ENOENT) /* Ignore if the file does not exist */
131 syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname);
133 /* No need to free things */
137 int xsend(conn_list_t *cl, vpn_packet_t *inpkt)
143 outpkt.len = inpkt->len;
145 /* Encrypt the packet */
147 EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
148 EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
149 EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
150 outlen += outpad + 2;
153 outlen = outpkt.len + 2;
154 memcpy(&outpkt, inpkt, outlen);
157 if(debug_lvl >= DEBUG_TRAFFIC)
158 syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
159 outlen, cl->name, cl->hostname);
161 total_socket_out += outlen;
163 if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0)
165 syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
166 cl->name, cl->hostname);
173 int xrecv(vpn_packet_t *inpkt)
179 outpkt.len = inpkt->len;
181 /* Decrypt the packet */
183 EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
184 EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
185 EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
189 outlen = outpkt.len+2;
190 memcpy(&outpkt, inpkt, outlen);
193 if(debug_lvl >= DEBUG_TRAFFIC)
194 syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
197 /* Fix mac address */
199 memcpy(outpkt.data, mymac.net.mac.address.x, 6);
201 if(taptype == TAP_TYPE_TUNTAP)
203 if(write(tap_fd, outpkt.data, outpkt.len) < 0)
204 syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
206 total_tap_out += outpkt.len;
210 if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
211 syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
213 total_tap_out += outpkt.len + 2;
220 add the given packet of size s to the
221 queue q, be it the send or receive queue
223 void add_queue(packet_queue_t **q, void *packet, size_t s)
227 e = xmalloc(sizeof(*e));
228 e->packet = xmalloc(s);
229 memcpy(e->packet, packet, s);
233 *q = xmalloc(sizeof(**q));
234 (*q)->head = (*q)->tail = NULL;
237 e->next = NULL; /* We insert at the tail */
239 if((*q)->tail) /* Do we have a tail? */
241 (*q)->tail->next = e;
242 e->prev = (*q)->tail;
244 else /* No tail -> no head too */
254 /* Remove a queue element */
255 void del_queue(packet_queue_t **q, queue_element_t *e)
260 if(e->next) /* There is a successor, so we are not tail */
262 if(e->prev) /* There is a predecessor, so we are not head */
264 e->next->prev = e->prev;
265 e->prev->next = e->next;
267 else /* We are head */
269 e->next->prev = NULL;
270 (*q)->head = e->next;
273 else /* We are tail (or all alone!) */
275 if(e->prev) /* We are not alone :) */
277 e->prev->next = NULL;
278 (*q)->tail = e->prev;
292 flush a queue by calling function for
293 each packet, and removing it when that
294 returned a zero exit code
296 void flush_queue(conn_list_t *cl, packet_queue_t **pq,
297 int (*function)(conn_list_t*,void*))
299 queue_element_t *p, *next = NULL;
301 for(p = (*pq)->head; p != NULL; )
305 if(!function(cl, p->packet))
311 if(debug_lvl >= DEBUG_TRAFFIC)
312 syslog(LOG_DEBUG, _("Queue flushed"));
317 flush the send&recv queues
318 void because nothing goes wrong here, packets
319 remain in the queue if something goes wrong
321 void flush_queues(conn_list_t *cl)
326 if(debug_lvl >= DEBUG_TRAFFIC)
327 syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
328 cl->name, cl->hostname);
329 flush_queue(cl, &(cl->sq), xsend);
334 if(debug_lvl >= DEBUG_TRAFFIC)
335 syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
336 cl->name, cl->hostname);
337 flush_queue(cl, &(cl->rq), xrecv);
343 send a packet to the given vpn ip.
345 int send_packet(ip_t to, vpn_packet_t *packet)
350 if((subnet = lookup_subnet_ipv4(to)) == NULL)
352 if(debug_lvl >= DEBUG_TRAFFIC)
354 syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
365 if(debug_lvl >= DEBUG_TRAFFIC)
367 syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"),
374 /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
376 /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
378 if(!cl->status.dataopen)
379 if(setup_vpn_connection(cl) < 0)
381 syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
382 cl->name, cl->hostname);
386 if(!cl->status.validkey)
388 /* FIXME: Don't queue until everything else is fixed.
389 if(debug_lvl >= DEBUG_TRAFFIC)
390 syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
391 cl->name, cl->hostname);
392 add_queue(&(cl->sq), packet, packet->len + 2);
394 if(!cl->status.waitingforkey)
395 send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
399 if(!cl->status.active)
401 /* FIXME: Don't queue until everything else is fixed.
402 if(debug_lvl >= DEBUG_TRAFFIC)
403 syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
404 cl->name, cl->hostname);
405 add_queue(&(cl->sq), packet, packet->len + 2);
407 return 0; /* We don't want to mess up, do we? */
410 /* can we send it? can we? can we? huh? */
412 return xsend(cl, packet);
416 open the local ethertap device
418 int setup_tap_fd(void)
421 const char *tapfname;
426 if((cfg = get_config_val(config, tapdevice)))
427 tapfname = cfg->data.ptr;
430 tapfname = "/dev/misc/net/tun";
432 tapfname = "/dev/tap0";
435 if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0)
437 syslog(LOG_ERR, _("Could not open %s: %m"), tapfname);
443 /* Set default MAC address for ethertap devices */
445 taptype = TAP_TYPE_ETHERTAP;
446 mymac.type = SUBNET_MAC;
447 mymac.net.mac.address.x[0] = 0xfe;
448 mymac.net.mac.address.x[1] = 0xfd;
449 mymac.net.mac.address.x[2] = 0x00;
450 mymac.net.mac.address.x[3] = 0x00;
451 mymac.net.mac.address.x[4] = 0x00;
452 mymac.net.mac.address.x[5] = 0x00;
455 /* Ok now check if this is an old ethertap or a new tun/tap thingie */
456 memset(&ifr, 0, sizeof(ifr));
458 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
460 strncpy(ifr.ifr_name, netname, IFNAMSIZ);
462 if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr))
464 syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname);
465 taptype = TAP_TYPE_TUNTAP;
469 /* Add name of network interface to environment (for scripts) */
471 ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr);
472 interface_name = xmalloc(strlen(ifr.ifr_name));
473 strcpy(interface_name, ifr.ifr_name);
480 set up the socket that we listen on for incoming
483 int setup_listen_meta_socket(int port)
486 struct sockaddr_in a;
490 if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
492 syslog(LOG_ERR, _("Creating metasocket failed: %m"));
496 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
498 syslog(LOG_ERR, _("System call `%s' failed: %m"),
503 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)))
505 syslog(LOG_ERR, _("System call `%s' failed: %m"),
510 flags = fcntl(nfd, F_GETFL);
511 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
513 syslog(LOG_ERR, _("System call `%s' failed: %m"),
518 if((cfg = get_config_val(config, interface)))
520 if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr)))
522 syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr);
527 memset(&a, 0, sizeof(a));
528 a.sin_family = AF_INET;
529 a.sin_port = htons(port);
531 if((cfg = get_config_val(config, interfaceip)))
532 a.sin_addr.s_addr = htonl(cfg->data.ip->address);
534 a.sin_addr.s_addr = htonl(INADDR_ANY);
536 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
538 syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port);
544 syslog(LOG_ERR, _("System call `%s' failed: %m"),
553 setup the socket for incoming encrypted
556 int setup_vpn_in_socket(int port)
559 struct sockaddr_in a;
562 if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
564 syslog(LOG_ERR, _("Creating socket failed: %m"));
568 if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
570 syslog(LOG_ERR, _("System call `%s' failed: %m"),
575 flags = fcntl(nfd, F_GETFL);
576 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
578 syslog(LOG_ERR, _("System call `%s' failed: %m"),
583 memset(&a, 0, sizeof(a));
584 a.sin_family = AF_INET;
585 a.sin_port = htons(port);
586 a.sin_addr.s_addr = htonl(INADDR_ANY);
588 if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr)))
590 syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port);
598 setup an outgoing meta (tcp) socket
600 int setup_outgoing_meta_socket(conn_list_t *cl)
603 struct sockaddr_in a;
606 if(debug_lvl >= DEBUG_CONNECTIONS)
607 syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname);
609 if((cfg = get_config_val(cl->config, port)) == NULL)
612 cl->port = cfg->data.val;
614 cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
615 if(cl->meta_socket == -1)
617 syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"),
618 cl->hostname, cl->port);
622 a.sin_family = AF_INET;
623 a.sin_port = htons(cl->port);
624 a.sin_addr.s_addr = htonl(cl->address);
626 if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1)
628 syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port);
632 flags = fcntl(cl->meta_socket, F_GETFL);
633 if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0)
635 syslog(LOG_ERR, _("fcntl for %s port %d: %m"),
636 cl->hostname, cl->port);
640 if(debug_lvl >= DEBUG_CONNECTIONS)
641 syslog(LOG_INFO, _("Connected to %s port %hd"),
642 cl->hostname, cl->port);
650 setup an outgoing connection. It's not
651 necessary to also open an udp socket as
652 well, because the other host will initiate
653 an authentication sequence during which
654 we will do just that.
656 int setup_outgoing_connection(char *name)
664 syslog(LOG_ERR, _("Invalid name for outgoing connection"));
668 ncn = new_conn_list();
669 asprintf(&ncn->name, "%s", name);
671 if(read_host_config(ncn))
673 syslog(LOG_ERR, _("Error reading host configuration file for %s"));
678 if(!(cfg = get_config_val(ncn->config, address)))
680 syslog(LOG_ERR, _("No address specified for %s"));
685 if(!(h = gethostbyname(cfg->data.ptr)))
687 syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr);
692 ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
693 ncn->hostname = hostlookup(htonl(ncn->address));
695 if(setup_outgoing_meta_socket(ncn) < 0)
697 syslog(LOG_ERR, _("Could not set up a meta connection to %s"),
703 ncn->status.outgoing = 1;
704 ncn->buffer = xmalloc(MAXBUFSIZE);
706 ncn->last_ping_time = time(NULL);
716 Configure conn_list_t myself and set up the local sockets (listen only)
718 int setup_myself(void)
723 myself = new_conn_list();
725 asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */
727 myself->protocol_version = PROT_CURRENT;
729 if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */
731 syslog(LOG_ERR, _("Name for tinc daemon required!"));
735 asprintf(&myself->name, "%s", (char*)cfg->data.val);
737 if(check_id(myself->name))
739 syslog(LOG_ERR, _("Invalid name for myself!"));
743 if(!(cfg = get_config_val(config, privatekey)))
745 syslog(LOG_ERR, _("Private key for tinc daemon required!"));
750 myself->rsa_key = RSA_new();
751 BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
752 BN_hex2bn(&myself->rsa_key->e, "FFFF");
755 if(read_host_config(myself))
757 syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
761 if(!(cfg = get_config_val(myself->config, publickey)))
763 syslog(LOG_ERR, _("Public key for tinc daemon required!"));
768 BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
771 if(RSA_check_key(myself->rsa_key) != 1)
773 syslog(LOG_ERR, _("Invalid public/private keypair!"));
777 if(!(cfg = get_config_val(myself->config, port)))
780 myself->port = cfg->data.val;
782 if((cfg = get_config_val(myself->config, indirectdata)))
783 if(cfg->data.val == stupid_true)
784 myself->flags |= EXPORTINDIRECTDATA;
786 if((cfg = get_config_val(myself->config, tcponly)))
787 if(cfg->data.val == stupid_true)
788 myself->flags |= TCPONLY;
790 /* Read in all the subnets specified in the host configuration file */
792 for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next)
795 net->type = SUBNET_IPV4;
796 net->net.ipv4.address = cfg->data.ip->address;
797 net->net.ipv4.mask = cfg->data.ip->mask;
799 /* Teach newbies what subnets are... */
801 if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address)
803 syslog(LOG_ERR, _("Network address and subnet mask do not match!"));
807 subnet_add(myself, net);
810 if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0)
812 syslog(LOG_ERR, _("Unable to set up a listening socket!"));
816 if((myself->socket = setup_vpn_in_socket(myself->port)) < 0)
818 syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!"));
819 close(myself->meta_socket);
823 /* Generate packet encryption key */
825 myself->cipher_pkttype = EVP_bf_cfb();
827 myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
829 myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
830 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
832 if(!(cfg = get_config_val(config, keyexpire)))
835 keylifetime = cfg->data.val;
837 keyexpires = time(NULL) + keylifetime;
839 /* Activate ourselves */
841 myself->status.active = 1;
843 syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port);
849 sigalrm_handler(int a)
853 cfg = get_config_val(upstreamcfg, connectto);
855 if(!cfg && upstreamcfg == config)
856 /* No upstream IP given, we're listen only. */
861 upstreamcfg = cfg->next;
862 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
864 signal(SIGALRM, SIG_IGN);
867 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
870 signal(SIGALRM, sigalrm_handler);
871 upstreamcfg = config;
872 seconds_till_retry += 5;
873 if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */
874 seconds_till_retry = MAXTIMEOUT;
875 syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"),
877 alarm(seconds_till_retry);
882 setup all initial network connections
884 int setup_network_connections(void)
888 if((cfg = get_config_val(config, pingtimeout)) == NULL)
892 timeout = cfg->data.val;
899 if(setup_tap_fd() < 0)
902 if(setup_myself() < 0)
905 /* Run tinc-up script to further initialize the tap interface */
906 execute_script("tinc-up");
908 if(!(cfg = get_config_val(config, connectto)))
909 /* No upstream IP given, we're listen only. */
914 upstreamcfg = cfg->next;
915 if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */
917 cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */
920 signal(SIGALRM, sigalrm_handler);
921 upstreamcfg = config;
922 seconds_till_retry = MAXTIMEOUT;
923 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry);
924 alarm(seconds_till_retry);
930 close all open network connections
932 void close_network_connections(void)
936 for(p = conn_list; p != NULL; p = p->next)
938 p->status.active = 0;
939 terminate_connection(p);
943 if(myself->status.active)
945 close(myself->meta_socket);
946 close(myself->socket);
947 free_conn_list(myself);
953 /* Execute tinc-down script right after shutting down the interface */
954 execute_script("tinc-down");
958 syslog(LOG_NOTICE, _("Terminating"));
964 create a data (udp) socket
966 int setup_vpn_connection(conn_list_t *cl)
969 struct sockaddr_in a;
971 if(debug_lvl >= DEBUG_TRAFFIC)
972 syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname);
974 nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
977 syslog(LOG_ERR, _("Creating UDP socket failed: %m"));
981 a.sin_family = AF_INET;
982 a.sin_port = htons(cl->port);
983 a.sin_addr.s_addr = htonl(cl->address);
985 if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1)
987 syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"),
988 cl->hostname, cl->port);
992 flags = fcntl(nfd, F_GETFL);
993 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
995 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
996 cl->name, cl->hostname);
1001 cl->status.dataopen = 1;
1007 handle an incoming tcp connect call and open
1010 conn_list_t *create_new_connection(int sfd)
1013 struct sockaddr_in ci;
1014 int len = sizeof(ci);
1016 p = new_conn_list();
1018 if(getpeername(sfd, &ci, &len) < 0)
1020 syslog(LOG_ERR, _("System call `%s' failed: %m"),
1026 p->address = ntohl(ci.sin_addr.s_addr);
1027 p->hostname = hostlookup(ci.sin_addr.s_addr);
1028 p->meta_socket = sfd;
1030 p->buffer = xmalloc(MAXBUFSIZE);
1032 p->last_ping_time = time(NULL);
1034 if(debug_lvl >= DEBUG_CONNECTIONS)
1035 syslog(LOG_NOTICE, _("Connection from %s port %d"),
1036 p->hostname, htons(ci.sin_port));
1038 p->allow_request = ID;
1044 put all file descriptors in an fd_set array
1046 void build_fdset(fd_set *fs)
1052 for(p = conn_list; p != NULL; p = p->next)
1055 FD_SET(p->meta_socket, fs);
1056 if(p->status.dataopen)
1057 FD_SET(p->socket, fs);
1060 FD_SET(myself->meta_socket, fs);
1061 FD_SET(myself->socket, fs);
1067 receive incoming data from the listening
1068 udp socket and write it to the ethertap
1069 device after being decrypted
1071 int handle_incoming_vpn_data()
1074 int x, l = sizeof(x);
1075 struct sockaddr from;
1077 socklen_t fromlen = sizeof(from);
1079 if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
1081 syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"),
1082 __FILE__, __LINE__, myself->socket);
1087 syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x));
1091 if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen)) <= 0)
1093 syslog(LOG_ERR, _("Receiving packet failed: %m"));
1097 if(debug_lvl >= DEBUG_TRAFFIC)
1099 syslog(LOG_DEBUG, _("Received packet of %d bytes"), lenin);
1107 terminate a connection and notify the other
1108 end before closing the sockets
1110 void terminate_connection(conn_list_t *cl)
1115 if(cl->status.remove)
1118 cl->status.remove = 1;
1120 if(debug_lvl >= DEBUG_CONNECTIONS)
1121 syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
1122 cl->name, cl->hostname);
1127 close(cl->meta_socket);
1130 /* Find all connections that were lost because they were behind cl
1131 (the connection that was dropped). */
1134 for(p = conn_list; p != NULL; p = p->next)
1135 if((p->nexthop == cl) && (p != cl))
1136 terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */
1138 /* Inform others of termination if it was still active */
1140 if(cl->status.active)
1141 for(p = conn_list; p != NULL; p = p->next)
1142 if(p->status.meta && p->status.active && p!=cl)
1143 send_del_host(p, cl);
1145 /* Remove the associated subnets */
1147 for(s = cl->subnets; s; s = s->next)
1150 /* Check if this was our outgoing connection */
1152 if(cl->status.outgoing && cl->status.active)
1154 signal(SIGALRM, sigalrm_handler);
1155 seconds_till_retry = 5;
1156 alarm(seconds_till_retry);
1157 syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds"));
1162 cl->status.active = 0;
1167 Check if the other end is active.
1168 If we have sent packets, but didn't receive any,
1169 then possibly the other end is dead. We send a
1170 PING request over the meta connection. If the other
1171 end does not reply in time, we consider them dead
1172 and close the connection.
1174 int check_dead_connections(void)
1180 for(p = conn_list; p != NULL; p = p->next)
1182 if(p->status.active && p->status.meta)
1184 if(p->last_ping_time + timeout < now)
1186 if(p->status.pinged)
1188 if(debug_lvl >= DEBUG_PROTOCOL)
1189 syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
1190 p->name, p->hostname);
1191 p->status.timeout = 1;
1192 terminate_connection(p);
1206 accept a new tcp connect and create a
1209 int handle_new_meta_connection()
1212 struct sockaddr client;
1213 int nfd, len = sizeof(client);
1215 if((nfd = accept(myself->meta_socket, &client, &len)) < 0)
1217 syslog(LOG_ERR, _("Accepting a new connection failed: %m"));
1221 if(!(ncn = create_new_connection(nfd)))
1225 syslog(LOG_NOTICE, _("Closed attempted connection"));
1235 check all connections to see if anything
1236 happened on their sockets
1238 void check_network_activity(fd_set *f)
1241 int x, l = sizeof(x);
1243 for(p = conn_list; p != NULL; p = p->next)
1245 if(p->status.remove)
1248 if(p->status.dataopen)
1249 if(FD_ISSET(p->socket, f))
1252 The only thing that can happen to get us here is apparently an
1253 error on this outgoing(!) UDP socket that isn't immediate (i.e.
1254 something that will not trigger an error directly on send()).
1255 I've once got here when it said `No route to host'.
1257 getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
1258 syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
1259 p->name, p->hostname, strerror(x));
1260 terminate_connection(p);
1265 if(FD_ISSET(p->meta_socket, f))
1266 if(receive_meta(p) < 0)
1268 terminate_connection(p);
1273 if(FD_ISSET(myself->socket, f))
1274 handle_incoming_vpn_data();
1276 if(FD_ISSET(myself->meta_socket, f))
1277 handle_new_meta_connection();
1282 read, encrypt and send data that is
1283 available through the ethertap device
1285 void handle_tap_input(void)
1290 if(taptype == TAP_TYPE_TUNTAP)
1292 if((lenin = read(tap_fd, vp.data, MTU)) <= 0)
1294 syslog(LOG_ERR, _("Error while reading from tun/tap device: %m"));
1301 if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0)
1303 syslog(LOG_ERR, _("Error while reading from ethertap device: %m"));
1309 total_tap_in += lenin;
1313 if(debug_lvl >= DEBUG_TRAFFIC)
1314 syslog(LOG_WARNING, _("Received short packet from tap device"));
1318 if(debug_lvl >= DEBUG_TRAFFIC)
1320 syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len);
1323 send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp);
1328 this is where it all happens...
1330 void main_loop(void)
1335 time_t last_ping_check;
1338 last_ping_check = time(NULL);
1342 tv.tv_sec = timeout;
1348 if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0)
1350 if(errno != EINTR) /* because of alarm */
1352 syslog(LOG_ERR, _("Error while waiting for input: %m"));
1359 syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds"));
1361 close_network_connections();
1362 clear_config(&config);
1364 if(read_server_config())
1366 syslog(LOG_ERR, _("Unable to reread configuration file, exiting"));
1372 if(setup_network_connections())
1380 /* Let's check if everybody is still alive */
1382 if(last_ping_check + timeout < t)
1384 check_dead_connections();
1385 last_ping_check = time(NULL);
1387 /* Should we regenerate our key? */
1391 if(debug_lvl >= DEBUG_STATUS)
1392 syslog(LOG_INFO, _("Regenerating symmetric key"));
1394 RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
1395 send_key_changed(myself, NULL);
1396 keyexpires = time(NULL) + keylifetime;
1402 check_network_activity(&fset);
1404 /* local tap data */
1405 if(FD_ISSET(tap_fd, &fset))