2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include "connection.h"
52 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
55 static void send_udppacket(node_t *, vpn_packet_t *);
57 unsigned replaywin = 16;
58 bool localdiscovery = false;
59 sockaddr_t localdiscovery_address;
61 #define MAX_SEQNO 1073741824
63 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
64 mtuprobes == 31: sleep pinginterval seconds
65 mtuprobes == 32: send 1 burst, sleep pingtimeout second
66 mtuprobes == 33: no response from other side, restart PMTU discovery process
68 Probes are sent in batches of at least three, with random sizes between the
69 lower and upper boundaries for the MTU thus far discovered.
71 After the initial discovery, a fourth packet is added to each batch with a
72 size larger than the currently known PMTU, to test if the PMTU has increased.
74 In case local discovery is enabled, another packet is added to each batch,
75 which will be broadcast to the local network.
79 static void send_mtu_probe_handler(void *data) {
85 if(!n->status.reachable || !n->status.validkey) {
86 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
91 if(n->mtuprobes > 32) {
94 timeout = pinginterval;
98 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
99 n->status.udp_confirmed = false;
105 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
106 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
110 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
111 if(n->minmtu > n->maxmtu)
112 n->minmtu = n->maxmtu;
114 n->maxmtu = n->minmtu;
116 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
120 if(n->mtuprobes == 31) {
121 timeout = pinginterval;
123 } else if(n->mtuprobes == 32) {
124 timeout = pingtimeout;
127 for(int i = 0; i < 4 + localdiscovery; i++) {
131 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
134 } else if(n->maxmtu <= n->minmtu) {
137 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
144 memset(packet.data, 0, 14);
145 randomize(packet.data + 14, len - 14);
147 if(i >= 4 && n->mtuprobes <= 10)
148 packet.priority = -1;
152 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
154 send_udppacket(n, &packet);
157 n->probe_counter = 0;
158 gettimeofday(&n->probe_time, NULL);
160 /* Calculate the packet loss of incoming traffic by comparing the rate of
161 packets received to the rate with which the sequence number has increased.
164 if(n->received > n->prev_received)
165 n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
167 n->packetloss = n->received_seqno <= n->prev_received_seqno;
169 n->prev_received_seqno = n->received_seqno;
170 n->prev_received = n->received;
173 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
176 void send_mtu_probe(node_t *n) {
177 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
178 send_mtu_probe_handler(n);
181 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
182 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
184 if(!packet->data[0]) {
185 /* It's a probe request, send back a reply */
189 /* Temporarily set udp_confirmed, so that the reply is sent
190 back exactly the way it came in. */
192 bool udp_confirmed = n->status.udp_confirmed;
193 n->status.udp_confirmed = true;
194 send_udppacket(n, packet);
195 n->status.udp_confirmed = udp_confirmed;
197 /* It's a valid reply: now we know bidirectional communication
198 is possible using the address and socket that the reply
201 n->status.udp_confirmed = true;
203 /* If we haven't established the PMTU yet, restart the discovery process. */
205 if(n->mtuprobes > 30) {
206 if (len == n->maxmtu + 8) {
207 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
219 /* If applicable, raise the minimum supported MTU */
226 /* Calculate RTT and bandwidth.
227 The RTT is the time between the MTU probe burst was sent and the first
228 reply is received. The bandwidth is measured using the time between the
229 arrival of the first and third probe reply.
232 struct timeval now, diff;
233 gettimeofday(&now, NULL);
234 timersub(&now, &n->probe_time, &diff);
237 if(n->probe_counter == 1) {
238 n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
240 } else if(n->probe_counter == 3) {
241 n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
242 logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
247 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
249 memcpy(dest, source, len);
251 } else if(level == 10) {
253 lzo_uint lzolen = MAXSIZE;
254 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
259 } else if(level < 10) {
261 unsigned long destlen = MAXSIZE;
262 if(compress2(dest, &destlen, source, len, level) == Z_OK)
269 lzo_uint lzolen = MAXSIZE;
270 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
280 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
282 memcpy(dest, source, len);
284 } else if(level > 9) {
286 lzo_uint lzolen = MAXSIZE;
287 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
295 unsigned long destlen = MAXSIZE;
296 if(uncompress(dest, &destlen, source, len) == Z_OK)
308 static void receive_packet(node_t *n, vpn_packet_t *packet) {
309 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
310 packet->len, n->name, n->hostname);
313 n->in_bytes += packet->len;
318 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
320 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
322 if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest))
325 return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
328 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
329 vpn_packet_t pkt1, pkt2;
330 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
332 vpn_packet_t *outpkt = pkt[0];
335 if(n->status.sptps) {
336 if(!n->sptps.state) {
337 if(!n->status.waitingforkey) {
338 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
341 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
345 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
349 if(!cipher_active(n->incipher)) {
350 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
354 /* Check packet length */
356 if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) {
357 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
358 n->name, n->hostname);
362 /* Check the message authentication code */
364 if(digest_active(n->indigest)) {
365 inpkt->len -= digest_length(n->indigest);
366 if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
367 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
371 /* Decrypt the packet */
373 if(cipher_active(n->incipher)) {
374 outpkt = pkt[nextpkt++];
377 if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
378 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
382 outpkt->len = outlen;
386 /* Check the sequence number */
388 inpkt->len -= sizeof inpkt->seqno;
389 inpkt->seqno = ntohl(inpkt->seqno);
392 if(inpkt->seqno != n->received_seqno + 1) {
393 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
394 if(n->farfuture++ < replaywin >> 2) {
395 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
396 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
399 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
400 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
401 memset(n->late, 0, replaywin);
402 } else if (inpkt->seqno <= n->received_seqno) {
403 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
404 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
405 n->name, n->hostname, inpkt->seqno, n->received_seqno);
409 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
410 n->late[(i / 8) % replaywin] |= 1 << i % 8;
415 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
418 if(inpkt->seqno > n->received_seqno)
419 n->received_seqno = inpkt->seqno;
423 if(n->received_seqno > MAX_SEQNO)
426 /* Decompress the packet */
428 length_t origlen = inpkt->len;
430 if(n->incompression) {
431 outpkt = pkt[nextpkt++];
433 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
434 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
435 n->name, n->hostname);
441 origlen -= MTU/64 + 20;
446 if(!inpkt->data[12] && !inpkt->data[13])
447 mtu_probe_h(n, inpkt, origlen);
449 receive_packet(n, inpkt);
452 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
455 if(len > sizeof outpkt.data)
459 if(c->options & OPTION_TCPONLY)
462 outpkt.priority = -1;
463 memcpy(outpkt.data, buffer, len);
465 receive_packet(c->node, &outpkt);
468 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
469 if(!n->status.validkey) {
470 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
471 if(!n->status.waitingforkey)
473 else if(n->last_req_key + 10 < now.tv_sec) {
474 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
475 sptps_stop(&n->sptps);
476 n->status.waitingforkey = false;
485 if(!(origpkt->data[12] | origpkt->data[13])) {
486 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
490 if(routing_mode == RMODE_ROUTER)
495 if(origpkt->len < offset)
500 if(n->outcompression) {
501 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
503 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
504 } else if(len < origpkt->len - offset) {
505 outpkt.len = len + offset;
507 type |= PKT_COMPRESSED;
511 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
515 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
520 /* If the UDP address is confirmed, use it. */
521 if(n->status.udp_confirmed)
524 /* Send every third packet to n->address; that could be set
525 to the node's reflexive UDP address discovered during key
534 /* Otherwise, address are found in edges to this node.
535 So we pick a random edge and a random socket. */
538 int j = rand() % n->edge_tree->count;
539 edge_t *candidate = NULL;
541 for splay_each(edge_t, e, n->edge_tree) {
543 candidate = e->reverse;
549 *sa = &candidate->address;
550 *sock = rand() % listen_sockets;
553 /* Make sure we have a suitable socket for the chosen address */
554 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
555 for(int i = 0; i < listen_sockets; i++) {
556 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
564 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
565 static sockaddr_t broadcast_ipv4 = {
567 .sin_family = AF_INET,
568 .sin_addr.s_addr = -1,
572 static sockaddr_t broadcast_ipv6 = {
574 .sin6_family = AF_INET6,
575 .sin6_addr.s6_addr[0x0] = 0xff,
576 .sin6_addr.s6_addr[0x1] = 0x02,
577 .sin6_addr.s6_addr[0xf] = 0x01,
581 *sock = rand() % listen_sockets;
583 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
584 if(localdiscovery_address.sa.sa_family == AF_INET6) {
585 localdiscovery_address.in6.sin6_port = n->prevedge->address.in.sin_port;
586 *sa = &localdiscovery_address;
588 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
589 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
590 *sa = &broadcast_ipv6;
593 if(localdiscovery_address.sa.sa_family == AF_INET) {
594 localdiscovery_address.in.sin_port = n->prevedge->address.in.sin_port;
595 *sa = &localdiscovery_address;
597 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
598 *sa = &broadcast_ipv4;
603 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
604 vpn_packet_t pkt1, pkt2;
605 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
606 vpn_packet_t *inpkt = origpkt;
608 vpn_packet_t *outpkt;
609 int origlen = origpkt->len;
611 #if defined(SOL_IP) && defined(IP_TOS)
612 static int priority = 0;
614 int origpriority = origpkt->priority;
616 if(!n->status.reachable) {
617 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
622 return send_sptps_packet(n, origpkt);
624 /* Make sure we have a valid key */
626 if(!n->status.validkey) {
627 logger(DEBUG_TRAFFIC, LOG_INFO,
628 "No valid key known yet for %s (%s), forwarding via TCP",
629 n->name, n->hostname);
631 if(n->last_req_key + 10 <= now.tv_sec) {
633 n->last_req_key = now.tv_sec;
636 send_tcppacket(n->nexthop->connection, origpkt);
641 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
642 logger(DEBUG_TRAFFIC, LOG_INFO,
643 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
644 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
647 send_packet(n->nexthop, origpkt);
649 send_tcppacket(n->nexthop->connection, origpkt);
654 /* Compress the packet */
656 if(n->outcompression) {
657 outpkt = pkt[nextpkt++];
659 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
660 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
661 n->name, n->hostname);
668 /* Add sequence number */
670 inpkt->seqno = htonl(++(n->sent_seqno));
671 inpkt->len += sizeof inpkt->seqno;
673 /* Encrypt the packet */
675 if(cipher_active(n->outcipher)) {
676 outpkt = pkt[nextpkt++];
679 if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
680 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
684 outpkt->len = outlen;
688 /* Add the message authentication code */
690 if(digest_active(n->outdigest)) {
691 if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) {
692 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
696 inpkt->len += digest_length(n->outdigest);
699 /* Send the packet */
701 const sockaddr_t *sa;
704 /* Overloaded use of priority field: -1 means local broadcast */
706 if(origpriority == -1 && n->prevedge)
707 choose_broadcast_address(n, &sa, &sock);
709 choose_udp_address(n, &sa, &sock);
711 #if defined(SOL_IP) && defined(IP_TOS)
712 if(priorityinheritance && origpriority != priority
713 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
714 priority = origpriority;
715 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
716 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
717 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
721 if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
722 if(sockmsgsize(sockerrno)) {
723 if(n->maxmtu >= origlen)
724 n->maxmtu = origlen - 1;
725 if(n->mtu >= origlen)
726 n->mtu = origlen - 1;
728 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
732 origpkt->len = origlen;
735 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
738 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
740 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
741 char buf[len * 4 / 3 + 5];
742 b64encode(data, buf, len);
743 /* If no valid key is known yet, send the packets using ANS_KEY requests,
744 to ensure we get to learn the reflexive UDP address. */
745 if(!to->status.validkey)
746 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
748 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
751 /* Otherwise, send the packet via UDP */
753 const sockaddr_t *sa;
756 choose_udp_address(to, &sa, &sock);
758 if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
759 if(sockmsgsize(sockerrno)) {
760 if(to->maxmtu >= len)
761 to->maxmtu = len - 1;
765 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
773 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
774 node_t *from = handle;
776 if(type == SPTPS_HANDSHAKE) {
777 if(!from->status.validkey) {
778 from->status.validkey = true;
779 from->status.waitingforkey = false;
780 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
786 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
792 if(type == PKT_PROBE) {
794 memcpy(inpkt.data, data, len);
795 mtu_probe_h(from, &inpkt, len);
799 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
800 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
804 /* Check if we have the headers we need */
805 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
806 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
808 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
809 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
812 int offset = (type & PKT_MAC) ? 0 : 14;
813 if(type & PKT_COMPRESSED) {
814 length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
818 inpkt.len = ulen + offset;
820 if(inpkt.len > MAXSIZE)
823 memcpy(inpkt.data + offset, data, len);
824 inpkt.len = len + offset;
827 /* Generate the Ethernet packet type if necessary */
829 switch(inpkt.data[14] >> 4) {
831 inpkt.data[12] = 0x08;
832 inpkt.data[13] = 0x00;
835 inpkt.data[12] = 0x86;
836 inpkt.data[13] = 0xDD;
839 logger(DEBUG_TRAFFIC, LOG_ERR,
840 "Unknown IP version %d while reading packet from %s (%s)",
841 inpkt.data[14] >> 4, from->name, from->hostname);
846 receive_packet(from, &inpkt);
851 send a packet to the given vpn ip.
853 void send_packet(node_t *n, vpn_packet_t *packet) {
858 memcpy(packet->data, mymac.x, ETH_ALEN);
860 n->out_bytes += packet->len;
861 devops.write(packet);
865 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
866 packet->len, n->name, n->hostname);
868 if(!n->status.reachable) {
869 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
870 n->name, n->hostname);
875 n->out_bytes += packet->len;
877 if(n->status.sptps) {
878 send_sptps_packet(n, packet);
882 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
885 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
886 n->name, via->name, n->via->hostname);
888 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
889 if(!send_tcppacket(via->connection, packet))
890 terminate_connection(via->connection, true);
892 send_udppacket(via, packet);
895 /* Broadcast a packet using the minimum spanning tree */
897 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
898 // Always give ourself a copy of the packet.
900 send_packet(myself, packet);
902 // In TunnelServer mode, do not forward broadcast packets.
903 // The MST might not be valid and create loops.
904 if(tunnelserver || broadcast_mode == BMODE_NONE)
907 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
908 packet->len, from->name, from->hostname);
910 switch(broadcast_mode) {
911 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
912 // This guarantees all nodes receive the broadcast packet, and
913 // usually distributes the sending of broadcast packets over all nodes.
915 for list_each(connection_t, c, connection_list)
916 if(c->status.active && c->status.mst && c != from->nexthop->connection)
917 send_packet(c->node, packet);
920 // In direct mode, we send copies to each node we know of.
921 // However, this only reaches nodes that can be reached in a single hop.
922 // We don't have enough information to forward broadcast packets in this case.
927 for splay_each(node_t, n, node_tree)
928 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
929 send_packet(n, packet);
937 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
940 static time_t last_hard_try = 0;
942 for splay_each(edge_t, e, edge_weight_tree) {
943 if(!e->to->status.reachable || e->to == myself)
946 if(sockaddrcmp_noport(from, &e->address)) {
947 if(last_hard_try == now.tv_sec)
952 if(!try_mac(e->to, pkt))
960 last_hard_try = now.tv_sec;
962 last_hard_try = now.tv_sec;
966 void handle_incoming_vpn_data(void *data, int flags) {
967 listen_socket_t *ls = data;
970 sockaddr_t from = {{0}};
971 socklen_t fromlen = sizeof from;
975 len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
977 if(len <= 0 || len > MAXSIZE) {
978 if(!sockwouldblock(sockerrno))
979 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
985 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
987 n = lookup_node_udp(&from);
990 n = try_harder(&from, &pkt);
992 update_node_udp(n, &from);
993 else if(debug_level >= DEBUG_PROTOCOL) {
994 hostname = sockaddr2hostname(&from);
995 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1003 n->sock = ls - listen_socket;
1005 receive_udppacket(n, &pkt);
1008 void handle_device_data(void *data, int flags) {
1009 vpn_packet_t packet;
1011 packet.priority = 0;
1013 if(devops.read(&packet)) {
1014 myself->in_packets++;
1015 myself->in_bytes += packet.len;
1016 route(myself, &packet);