2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/pem.h>
29 #include <openssl/hmac.h>
41 #include "connection.h"
58 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
61 static void send_udppacket(node_t *, vpn_packet_t *);
63 unsigned replaywin = 16;
64 bool localdiscovery = false;
66 #define MAX_SEQNO 1073741824
68 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
69 mtuprobes == 31: sleep pinginterval seconds
70 mtuprobes == 32: send 1 burst, sleep pingtimeout second
71 mtuprobes == 33: no response from other side, restart PMTU discovery process
73 Probes are sent in batches of three, with random sizes between the lower and
74 upper boundaries for the MTU thus far discovered.
76 In case local discovery is enabled, a fourth packet is added to each batch,
77 which will be broadcast to the local network.
80 static void send_mtu_probe_handler(void *data) {
86 if(!n->status.reachable || !n->status.validkey) {
87 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
92 if(n->mtuprobes > 32) {
95 timeout = pinginterval;
99 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
100 n->status.udp_confirmed = false;
106 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
107 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
111 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
112 if(n->minmtu > n->maxmtu)
113 n->minmtu = n->maxmtu;
115 n->maxmtu = n->minmtu;
117 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
121 if(n->mtuprobes == 31) {
122 timeout = pinginterval;
124 } else if(n->mtuprobes == 32) {
125 timeout = pingtimeout;
128 for(int i = 0; i < 3 + localdiscovery; i++) {
131 if(n->maxmtu <= n->minmtu)
134 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
140 memset(packet.data, 0, 14);
141 randomize(packet.data + 14, len - 14);
143 if(i >= 3 && n->mtuprobes <= 10)
144 packet.priority = -1;
148 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
150 send_udppacket(n, &packet);
154 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
157 void send_mtu_probe(node_t *n) {
158 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
159 send_mtu_probe_handler(n);
162 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
163 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
165 if(!packet->data[0]) {
166 /* It's a probe request, send back a reply */
170 /* Temporarily set udp_confirmed, so that the reply is sent
171 back exactly the way it came in. */
173 bool udp_confirmed = n->status.udp_confirmed;
174 n->status.udp_confirmed = true;
175 send_udppacket(n, packet);
176 n->status.udp_confirmed = udp_confirmed;
178 /* It's a valid reply: now we know bidirectional communication
179 is possible using the address and socket that the reply
182 n->status.udp_confirmed = true;
184 /* If we haven't established the PMTU yet, restart the discovery process. */
186 if(n->mtuprobes > 30) {
193 /* If applicable, raise the minimum supported MTU */
202 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
204 memcpy(dest, source, len);
206 } else if(level == 10) {
208 lzo_uint lzolen = MAXSIZE;
209 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
214 } else if(level < 10) {
216 unsigned long destlen = MAXSIZE;
217 if(compress2(dest, &destlen, source, len, level) == Z_OK)
224 lzo_uint lzolen = MAXSIZE;
225 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
235 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
237 memcpy(dest, source, len);
239 } else if(level > 9) {
241 lzo_uint lzolen = MAXSIZE;
242 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
250 unsigned long destlen = MAXSIZE;
251 if(uncompress(dest, &destlen, source, len) == Z_OK)
263 static void receive_packet(node_t *n, vpn_packet_t *packet) {
264 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
265 packet->len, n->name, n->hostname);
268 n->in_bytes += packet->len;
273 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
275 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
277 if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest))
280 return digest_verify(&n->indigest, &inpkt->seqno, inpkt->len - n->indigest.maclength, (const char *)&inpkt->seqno + inpkt->len - n->indigest.maclength);
283 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
284 vpn_packet_t pkt1, pkt2;
285 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
287 vpn_packet_t *outpkt = pkt[0];
290 if(n->status.sptps) {
291 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
295 if(!cipher_active(&n->incipher)) {
296 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
297 n->name, n->hostname);
301 /* Check packet length */
303 if(inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) {
304 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
305 n->name, n->hostname);
309 /* Check the message authentication code */
311 if(digest_active(&n->indigest)) {
312 inpkt->len -= n->indigest.maclength;
313 if(!digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
314 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
318 /* Decrypt the packet */
320 if(cipher_active(&n->incipher)) {
321 outpkt = pkt[nextpkt++];
324 if(!cipher_decrypt(&n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
325 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
329 outpkt->len = outlen;
333 /* Check the sequence number */
335 inpkt->len -= sizeof inpkt->seqno;
336 inpkt->seqno = ntohl(inpkt->seqno);
339 if(inpkt->seqno != n->received_seqno + 1) {
340 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
341 if(n->farfuture++ < replaywin >> 2) {
342 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
343 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
346 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
347 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
348 memset(n->late, 0, replaywin);
349 } else if (inpkt->seqno <= n->received_seqno) {
350 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
351 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
352 n->name, n->hostname, inpkt->seqno, n->received_seqno);
356 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
357 n->late[(i / 8) % replaywin] |= 1 << i % 8;
362 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
365 if(inpkt->seqno > n->received_seqno)
366 n->received_seqno = inpkt->seqno;
368 if(n->received_seqno > MAX_SEQNO)
371 /* Decompress the packet */
373 length_t origlen = inpkt->len;
375 if(n->incompression) {
376 outpkt = pkt[nextpkt++];
378 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
379 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
380 n->name, n->hostname);
386 origlen -= MTU/64 + 20;
391 if(!inpkt->data[12] && !inpkt->data[13])
392 mtu_probe_h(n, inpkt, origlen);
394 receive_packet(n, inpkt);
397 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
401 if(c->options & OPTION_TCPONLY)
404 outpkt.priority = -1;
405 memcpy(outpkt.data, buffer, len);
407 receive_packet(c->node, &outpkt);
410 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
411 if(!n->status.validkey) {
412 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
413 if(!n->status.waitingforkey)
415 else if(n->last_req_key + 10 < time(NULL)) {
416 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
417 sptps_stop(&n->sptps);
418 n->status.waitingforkey = false;
427 if(!(origpkt->data[12] | origpkt->data[13])) {
428 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
432 if(routing_mode == RMODE_ROUTER)
437 if(origpkt->len < offset)
442 if(n->outcompression) {
443 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
445 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
446 } else if(len < origpkt->len - offset) {
447 outpkt.len = len + offset;
449 type |= PKT_COMPRESSED;
453 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
457 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
462 /* If the UDP address is confirmed, use it. */
463 if(n->status.udp_confirmed)
466 /* Send every third packet to n->address; that could be set
467 to the node's reflexive UDP address discovered during key
476 /* Otherwise, address are found in edges to this node.
477 So we pick a random edge and a random socket. */
480 int j = rand() % n->edge_tree->count;
481 edge_t *candidate = NULL;
483 for splay_each(edge_t, e, n->edge_tree) {
485 candidate = e->reverse;
491 *sa = &candidate->address;
492 *sock = rand() % listen_sockets;
495 /* Make sure we have a suitable socket for the chosen address */
496 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
497 for(int i = 0; i < listen_sockets; i++) {
498 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
506 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
507 static sockaddr_t broadcast_ipv4 = {
509 .sin_family = AF_INET,
510 .sin_addr.s_addr = -1,
514 static sockaddr_t broadcast_ipv6 = {
516 .sin6_family = AF_INET6,
517 .sin6_addr.s6_addr[0x0] = 0xff,
518 .sin6_addr.s6_addr[0x1] = 0x02,
519 .sin6_addr.s6_addr[0xf] = 0x01,
523 *sock = rand() % listen_sockets;
525 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
526 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
527 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
528 *sa = &broadcast_ipv6;
530 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
531 *sa = &broadcast_ipv4;
535 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
536 vpn_packet_t pkt1, pkt2;
537 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
538 vpn_packet_t *inpkt = origpkt;
540 vpn_packet_t *outpkt;
541 int origlen = origpkt->len;
543 #if defined(SOL_IP) && defined(IP_TOS)
544 static int priority = 0;
546 int origpriority = origpkt->priority;
548 if(!n->status.reachable) {
549 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
554 return send_sptps_packet(n, origpkt);
556 /* Make sure we have a valid key */
558 if(!n->status.validkey) {
559 logger(DEBUG_TRAFFIC, LOG_INFO,
560 "No valid key known yet for %s (%s), forwarding via TCP",
561 n->name, n->hostname);
563 if(n->last_req_key + 10 <= now.tv_sec) {
565 n->last_req_key = now.tv_sec;
568 send_tcppacket(n->nexthop->connection, origpkt);
573 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
574 logger(DEBUG_TRAFFIC, LOG_INFO,
575 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
576 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
579 send_packet(n->nexthop, origpkt);
581 send_tcppacket(n->nexthop->connection, origpkt);
586 /* Compress the packet */
588 if(n->outcompression) {
589 outpkt = pkt[nextpkt++];
591 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
592 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
593 n->name, n->hostname);
600 /* Add sequence number */
602 inpkt->seqno = htonl(++(n->sent_seqno));
603 inpkt->len += sizeof inpkt->seqno;
605 /* Encrypt the packet */
607 if(cipher_active(&n->outcipher)) {
608 outpkt = pkt[nextpkt++];
611 if(!cipher_encrypt(&n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
612 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
616 outpkt->len = outlen;
620 /* Add the message authentication code */
622 if(digest_active(&n->outdigest)) {
623 digest_create(&n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
624 inpkt->len += digest_length(&n->outdigest);
627 /* Send the packet */
629 const sockaddr_t *sa;
632 /* Overloaded use of priority field: -1 means local broadcast */
634 if(origpriority == -1 && n->prevedge)
635 choose_broadcast_address(n, &sa, &sock);
637 choose_udp_address(n, &sa, &sock);
639 #if defined(SOL_IP) && defined(IP_TOS)
640 if(priorityinheritance && origpriority != priority
641 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
642 priority = origpriority;
643 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
644 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
645 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
649 if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
650 if(sockmsgsize(sockerrno)) {
651 if(n->maxmtu >= origlen)
652 n->maxmtu = origlen - 1;
653 if(n->mtu >= origlen)
654 n->mtu = origlen - 1;
656 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
660 origpkt->len = origlen;
663 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
666 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
668 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
669 char buf[len * 4 / 3 + 5];
670 b64encode(data, buf, len);
671 /* If no valid key is known yet, send the packets using ANS_KEY requests,
672 to ensure we get to learn the reflexive UDP address. */
673 if(!to->status.validkey)
674 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
676 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
679 /* Otherwise, send the packet via UDP */
681 const sockaddr_t *sa;
684 choose_udp_address(to, &sa, &sock);
686 if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
687 if(sockmsgsize(sockerrno)) {
688 if(to->maxmtu >= len)
689 to->maxmtu = len - 1;
693 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
701 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
702 node_t *from = handle;
704 if(type == SPTPS_HANDSHAKE) {
705 if(!from->status.validkey) {
706 from->status.validkey = true;
707 from->status.waitingforkey = false;
708 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
714 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
720 if(type == PKT_PROBE) {
722 memcpy(inpkt.data, data, len);
723 mtu_probe_h(from, &inpkt, len);
727 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
728 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
732 /* Check if we have the headers we need */
733 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
734 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
736 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
737 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
740 int offset = (type & PKT_MAC) ? 0 : 14;
741 if(type & PKT_COMPRESSED) {
742 len = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
746 inpkt.len = len + offset;
748 if(inpkt.len > MAXSIZE)
751 memcpy(inpkt.data + offset, data, len);
752 inpkt.len = len + offset;
755 /* Generate the Ethernet packet type if necessary */
757 switch(inpkt.data[14] >> 4) {
759 inpkt.data[12] = 0x08;
760 inpkt.data[13] = 0x00;
763 inpkt.data[12] = 0x86;
764 inpkt.data[13] = 0xDD;
767 logger(DEBUG_TRAFFIC, LOG_ERR,
768 "Unknown IP version %d while reading packet from %s (%s)",
769 inpkt.data[14] >> 4, from->name, from->hostname);
774 receive_packet(from, &inpkt);
779 send a packet to the given vpn ip.
781 void send_packet(node_t *n, vpn_packet_t *packet) {
786 memcpy(packet->data, mymac.x, ETH_ALEN);
788 n->out_bytes += packet->len;
789 devops.write(packet);
793 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
794 packet->len, n->name, n->hostname);
796 if(!n->status.reachable) {
797 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
798 n->name, n->hostname);
803 n->out_bytes += packet->len;
805 if(n->status.sptps) {
806 send_sptps_packet(n, packet);
810 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
813 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
814 n->name, via->name, n->via->hostname);
816 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
817 if(!send_tcppacket(via->connection, packet))
818 terminate_connection(via->connection, true);
820 send_udppacket(via, packet);
823 /* Broadcast a packet using the minimum spanning tree */
825 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
826 // Always give ourself a copy of the packet.
828 send_packet(myself, packet);
830 // In TunnelServer mode, do not forward broadcast packets.
831 // The MST might not be valid and create loops.
832 if(tunnelserver || broadcast_mode == BMODE_NONE)
835 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
836 packet->len, from->name, from->hostname);
838 switch(broadcast_mode) {
839 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
840 // This guarantees all nodes receive the broadcast packet, and
841 // usually distributes the sending of broadcast packets over all nodes.
843 for list_each(connection_t, c, connection_list)
844 if(c->status.active && c->status.mst && c != from->nexthop->connection)
845 send_packet(c->node, packet);
848 // In direct mode, we send copies to each node we know of.
849 // However, this only reaches nodes that can be reached in a single hop.
850 // We don't have enough information to forward broadcast packets in this case.
855 for splay_each(node_t, n, node_tree)
856 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
857 send_packet(n, packet);
865 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
868 static time_t last_hard_try = 0;
870 for splay_each(edge_t, e, edge_weight_tree) {
871 if(!e->to->status.reachable || e->to == myself)
874 if(sockaddrcmp_noport(from, &e->address)) {
875 if(last_hard_try == now.tv_sec)
880 if(!try_mac(e->to, pkt))
888 last_hard_try = now.tv_sec;
890 last_hard_try = now.tv_sec;
894 void handle_incoming_vpn_data(void *data, int flags) {
895 listen_socket_t *ls = data;
898 sockaddr_t from = {{0}};
899 socklen_t fromlen = sizeof from;
903 len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
905 if(len <= 0 || len > MAXSIZE) {
906 if(!sockwouldblock(sockerrno))
907 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
913 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
915 n = lookup_node_udp(&from);
918 n = try_harder(&from, &pkt);
920 update_node_udp(n, &from);
921 else if(debug_level >= DEBUG_PROTOCOL) {
922 hostname = sockaddr2hostname(&from);
923 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
931 n->sock = ls - listen_socket;
933 receive_udppacket(n, &pkt);
936 void handle_device_data(void *data, int flags) {
941 if(devops.read(&packet)) {
942 myself->in_packets++;
943 myself->in_bytes += packet.len;
944 route(myself, &packet);