2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include "connection.h"
52 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
55 static void send_udppacket(node_t *, vpn_packet_t *);
57 unsigned replaywin = 16;
58 bool localdiscovery = false;
60 #define MAX_SEQNO 1073741824
62 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
63 mtuprobes == 31: sleep pinginterval seconds
64 mtuprobes == 32: send 1 burst, sleep pingtimeout second
65 mtuprobes == 33: no response from other side, restart PMTU discovery process
67 Probes are sent in batches of at least three, with random sizes between the
68 lower and upper boundaries for the MTU thus far discovered.
70 After the initial discovery, a fourth packet is added to each batch with a
71 size larger than the currently known PMTU, to test if the PMTU has increased.
73 In case local discovery is enabled, another packet is added to each batch,
74 which will be broadcast to the local network.
78 static void send_mtu_probe_handler(void *data) {
84 if(!n->status.reachable || !n->status.validkey) {
85 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
90 if(n->mtuprobes > 32) {
93 timeout = pinginterval;
97 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
98 n->status.udp_confirmed = false;
104 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
105 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
109 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
110 if(n->minmtu > n->maxmtu)
111 n->minmtu = n->maxmtu;
113 n->maxmtu = n->minmtu;
115 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
119 if(n->mtuprobes == 31) {
120 timeout = pinginterval;
122 } else if(n->mtuprobes == 32) {
123 timeout = pingtimeout;
126 for(int i = 0; i < 4 + localdiscovery; i++) {
130 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
133 } else if(n->maxmtu <= n->minmtu) {
136 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
143 memset(packet.data, 0, 14);
144 randomize(packet.data + 14, len - 14);
146 if(i >= 4 && n->mtuprobes <= 10)
147 packet.priority = -1;
151 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
153 send_udppacket(n, &packet);
156 n->probe_counter = 0;
157 gettimeofday(&n->probe_time, NULL);
159 /* Calculate the packet loss of incoming traffic by comparing the rate of
160 packets received to the rate with which the sequence number has increased.
163 if(n->received > n->prev_received)
164 n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
166 n->packetloss = n->received_seqno <= n->prev_received_seqno;
168 n->prev_received_seqno = n->received_seqno;
169 n->prev_received = n->received;
172 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
175 void send_mtu_probe(node_t *n) {
176 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
177 send_mtu_probe_handler(n);
180 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
181 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
183 if(!packet->data[0]) {
184 /* It's a probe request, send back a reply */
188 /* Temporarily set udp_confirmed, so that the reply is sent
189 back exactly the way it came in. */
191 bool udp_confirmed = n->status.udp_confirmed;
192 n->status.udp_confirmed = true;
193 send_udppacket(n, packet);
194 n->status.udp_confirmed = udp_confirmed;
196 /* It's a valid reply: now we know bidirectional communication
197 is possible using the address and socket that the reply
200 n->status.udp_confirmed = true;
202 /* If we haven't established the PMTU yet, restart the discovery process. */
204 if(n->mtuprobes > 30) {
205 if (len == n->maxmtu + 8) {
206 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
218 /* If applicable, raise the minimum supported MTU */
225 /* Calculate RTT and bandwidth.
226 The RTT is the time between the MTU probe burst was sent and the first
227 reply is received. The bandwidth is measured using the time between the
228 arrival of the first and third probe reply.
231 struct timeval now, diff;
232 gettimeofday(&now, NULL);
233 timersub(&now, &n->probe_time, &diff);
236 if(n->probe_counter == 1) {
237 n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
239 } else if(n->probe_counter == 3) {
240 n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
241 logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
246 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
248 memcpy(dest, source, len);
250 } else if(level == 10) {
252 lzo_uint lzolen = MAXSIZE;
253 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
258 } else if(level < 10) {
260 unsigned long destlen = MAXSIZE;
261 if(compress2(dest, &destlen, source, len, level) == Z_OK)
268 lzo_uint lzolen = MAXSIZE;
269 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
279 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
281 memcpy(dest, source, len);
283 } else if(level > 9) {
285 lzo_uint lzolen = MAXSIZE;
286 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
294 unsigned long destlen = MAXSIZE;
295 if(uncompress(dest, &destlen, source, len) == Z_OK)
307 static void receive_packet(node_t *n, vpn_packet_t *packet) {
308 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
309 packet->len, n->name, n->hostname);
312 n->in_bytes += packet->len;
317 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
319 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
321 if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest))
324 return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
327 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
328 vpn_packet_t pkt1, pkt2;
329 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
331 vpn_packet_t *outpkt = pkt[0];
334 if(n->status.sptps) {
335 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
339 if(!cipher_active(n->incipher)) {
340 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
341 n->name, n->hostname);
345 /* Check packet length */
347 if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) {
348 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
349 n->name, n->hostname);
353 /* Check the message authentication code */
355 if(digest_active(n->indigest)) {
356 inpkt->len -= digest_length(n->indigest);
357 if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
358 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
362 /* Decrypt the packet */
364 if(cipher_active(n->incipher)) {
365 outpkt = pkt[nextpkt++];
368 if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
369 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
373 outpkt->len = outlen;
377 /* Check the sequence number */
379 inpkt->len -= sizeof inpkt->seqno;
380 inpkt->seqno = ntohl(inpkt->seqno);
383 if(inpkt->seqno != n->received_seqno + 1) {
384 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
385 if(n->farfuture++ < replaywin >> 2) {
386 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
387 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
390 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
391 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
392 memset(n->late, 0, replaywin);
393 } else if (inpkt->seqno <= n->received_seqno) {
394 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
395 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
396 n->name, n->hostname, inpkt->seqno, n->received_seqno);
400 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
401 n->late[(i / 8) % replaywin] |= 1 << i % 8;
406 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
409 if(inpkt->seqno > n->received_seqno)
410 n->received_seqno = inpkt->seqno;
414 if(n->received_seqno > MAX_SEQNO)
417 /* Decompress the packet */
419 length_t origlen = inpkt->len;
421 if(n->incompression) {
422 outpkt = pkt[nextpkt++];
424 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
425 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
426 n->name, n->hostname);
432 origlen -= MTU/64 + 20;
437 if(!inpkt->data[12] && !inpkt->data[13])
438 mtu_probe_h(n, inpkt, origlen);
440 receive_packet(n, inpkt);
443 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
446 if(len > sizeof outpkt.data)
450 if(c->options & OPTION_TCPONLY)
453 outpkt.priority = -1;
454 memcpy(outpkt.data, buffer, len);
456 receive_packet(c->node, &outpkt);
459 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
460 if(!n->status.validkey) {
461 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
462 if(!n->status.waitingforkey)
464 else if(n->last_req_key + 10 < now.tv_sec) {
465 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
466 sptps_stop(&n->sptps);
467 n->status.waitingforkey = false;
476 if(!(origpkt->data[12] | origpkt->data[13])) {
477 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
481 if(routing_mode == RMODE_ROUTER)
486 if(origpkt->len < offset)
491 if(n->outcompression) {
492 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
494 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
495 } else if(len < origpkt->len - offset) {
496 outpkt.len = len + offset;
498 type |= PKT_COMPRESSED;
502 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
506 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
511 /* If the UDP address is confirmed, use it. */
512 if(n->status.udp_confirmed)
515 /* Send every third packet to n->address; that could be set
516 to the node's reflexive UDP address discovered during key
525 /* Otherwise, address are found in edges to this node.
526 So we pick a random edge and a random socket. */
529 int j = rand() % n->edge_tree->count;
530 edge_t *candidate = NULL;
532 for splay_each(edge_t, e, n->edge_tree) {
534 candidate = e->reverse;
540 *sa = &candidate->address;
541 *sock = rand() % listen_sockets;
544 /* Make sure we have a suitable socket for the chosen address */
545 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
546 for(int i = 0; i < listen_sockets; i++) {
547 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
555 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
556 static sockaddr_t broadcast_ipv4 = {
558 .sin_family = AF_INET,
559 .sin_addr.s_addr = -1,
563 static sockaddr_t broadcast_ipv6 = {
565 .sin6_family = AF_INET6,
566 .sin6_addr.s6_addr[0x0] = 0xff,
567 .sin6_addr.s6_addr[0x1] = 0x02,
568 .sin6_addr.s6_addr[0xf] = 0x01,
572 *sock = rand() % listen_sockets;
574 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
575 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
576 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
577 *sa = &broadcast_ipv6;
579 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
580 *sa = &broadcast_ipv4;
584 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
585 vpn_packet_t pkt1, pkt2;
586 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
587 vpn_packet_t *inpkt = origpkt;
589 vpn_packet_t *outpkt;
590 int origlen = origpkt->len;
592 #if defined(SOL_IP) && defined(IP_TOS)
593 static int priority = 0;
595 int origpriority = origpkt->priority;
597 if(!n->status.reachable) {
598 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
603 return send_sptps_packet(n, origpkt);
605 /* Make sure we have a valid key */
607 if(!n->status.validkey) {
608 logger(DEBUG_TRAFFIC, LOG_INFO,
609 "No valid key known yet for %s (%s), forwarding via TCP",
610 n->name, n->hostname);
612 if(n->last_req_key + 10 <= now.tv_sec) {
614 n->last_req_key = now.tv_sec;
617 send_tcppacket(n->nexthop->connection, origpkt);
622 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
623 logger(DEBUG_TRAFFIC, LOG_INFO,
624 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
625 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
628 send_packet(n->nexthop, origpkt);
630 send_tcppacket(n->nexthop->connection, origpkt);
635 /* Compress the packet */
637 if(n->outcompression) {
638 outpkt = pkt[nextpkt++];
640 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
641 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
642 n->name, n->hostname);
649 /* Add sequence number */
651 inpkt->seqno = htonl(++(n->sent_seqno));
652 inpkt->len += sizeof inpkt->seqno;
654 /* Encrypt the packet */
656 if(cipher_active(n->outcipher)) {
657 outpkt = pkt[nextpkt++];
660 if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
661 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
665 outpkt->len = outlen;
669 /* Add the message authentication code */
671 if(digest_active(n->outdigest)) {
672 if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) {
673 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
677 inpkt->len += digest_length(n->outdigest);
680 /* Send the packet */
682 const sockaddr_t *sa;
685 /* Overloaded use of priority field: -1 means local broadcast */
687 if(origpriority == -1 && n->prevedge)
688 choose_broadcast_address(n, &sa, &sock);
690 choose_udp_address(n, &sa, &sock);
692 #if defined(SOL_IP) && defined(IP_TOS)
693 if(priorityinheritance && origpriority != priority
694 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
695 priority = origpriority;
696 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
697 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
698 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
702 if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
703 if(sockmsgsize(sockerrno)) {
704 if(n->maxmtu >= origlen)
705 n->maxmtu = origlen - 1;
706 if(n->mtu >= origlen)
707 n->mtu = origlen - 1;
709 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
713 origpkt->len = origlen;
716 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
719 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
721 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
722 char buf[len * 4 / 3 + 5];
723 b64encode(data, buf, len);
724 /* If no valid key is known yet, send the packets using ANS_KEY requests,
725 to ensure we get to learn the reflexive UDP address. */
726 if(!to->status.validkey)
727 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
729 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
732 /* Otherwise, send the packet via UDP */
734 const sockaddr_t *sa;
737 choose_udp_address(to, &sa, &sock);
739 if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
740 if(sockmsgsize(sockerrno)) {
741 if(to->maxmtu >= len)
742 to->maxmtu = len - 1;
746 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
754 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
755 node_t *from = handle;
757 if(type == SPTPS_HANDSHAKE) {
758 if(!from->status.validkey) {
759 from->status.validkey = true;
760 from->status.waitingforkey = false;
761 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
767 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
773 if(type == PKT_PROBE) {
775 memcpy(inpkt.data, data, len);
776 mtu_probe_h(from, &inpkt, len);
780 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
781 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
785 /* Check if we have the headers we need */
786 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
787 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
789 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
790 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
793 int offset = (type & PKT_MAC) ? 0 : 14;
794 if(type & PKT_COMPRESSED) {
795 length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
799 inpkt.len = ulen + offset;
801 if(inpkt.len > MAXSIZE)
804 memcpy(inpkt.data + offset, data, len);
805 inpkt.len = len + offset;
808 /* Generate the Ethernet packet type if necessary */
810 switch(inpkt.data[14] >> 4) {
812 inpkt.data[12] = 0x08;
813 inpkt.data[13] = 0x00;
816 inpkt.data[12] = 0x86;
817 inpkt.data[13] = 0xDD;
820 logger(DEBUG_TRAFFIC, LOG_ERR,
821 "Unknown IP version %d while reading packet from %s (%s)",
822 inpkt.data[14] >> 4, from->name, from->hostname);
827 receive_packet(from, &inpkt);
832 send a packet to the given vpn ip.
834 void send_packet(node_t *n, vpn_packet_t *packet) {
839 memcpy(packet->data, mymac.x, ETH_ALEN);
841 n->out_bytes += packet->len;
842 devops.write(packet);
846 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
847 packet->len, n->name, n->hostname);
849 if(!n->status.reachable) {
850 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
851 n->name, n->hostname);
856 n->out_bytes += packet->len;
858 if(n->status.sptps) {
859 send_sptps_packet(n, packet);
863 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
866 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
867 n->name, via->name, n->via->hostname);
869 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
870 if(!send_tcppacket(via->connection, packet))
871 terminate_connection(via->connection, true);
873 send_udppacket(via, packet);
876 /* Broadcast a packet using the minimum spanning tree */
878 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
879 // Always give ourself a copy of the packet.
881 send_packet(myself, packet);
883 // In TunnelServer mode, do not forward broadcast packets.
884 // The MST might not be valid and create loops.
885 if(tunnelserver || broadcast_mode == BMODE_NONE)
888 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
889 packet->len, from->name, from->hostname);
891 switch(broadcast_mode) {
892 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
893 // This guarantees all nodes receive the broadcast packet, and
894 // usually distributes the sending of broadcast packets over all nodes.
896 for list_each(connection_t, c, connection_list)
897 if(c->status.active && c->status.mst && c != from->nexthop->connection)
898 send_packet(c->node, packet);
901 // In direct mode, we send copies to each node we know of.
902 // However, this only reaches nodes that can be reached in a single hop.
903 // We don't have enough information to forward broadcast packets in this case.
908 for splay_each(node_t, n, node_tree)
909 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
910 send_packet(n, packet);
918 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
921 static time_t last_hard_try = 0;
923 for splay_each(edge_t, e, edge_weight_tree) {
924 if(!e->to->status.reachable || e->to == myself)
927 if(sockaddrcmp_noport(from, &e->address)) {
928 if(last_hard_try == now.tv_sec)
933 if(!try_mac(e->to, pkt))
941 last_hard_try = now.tv_sec;
943 last_hard_try = now.tv_sec;
947 void handle_incoming_vpn_data(void *data, int flags) {
948 listen_socket_t *ls = data;
951 sockaddr_t from = {{0}};
952 socklen_t fromlen = sizeof from;
956 len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
958 if(len <= 0 || len > MAXSIZE) {
959 if(!sockwouldblock(sockerrno))
960 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
966 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
968 n = lookup_node_udp(&from);
971 n = try_harder(&from, &pkt);
973 update_node_udp(n, &from);
974 else if(debug_level >= DEBUG_PROTOCOL) {
975 hostname = sockaddr2hostname(&from);
976 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
984 n->sock = ls - listen_socket;
986 receive_udppacket(n, &pkt);
989 void handle_device_data(void *data, int flags) {
994 if(devops.read(&packet)) {
995 myself->in_packets++;
996 myself->in_bytes += packet.len;
997 route(myself, &packet);
projects / tinc / blob