2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/pem.h>
29 #include <openssl/hmac.h>
41 #include "connection.h"
58 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
61 static void send_udppacket(node_t *, vpn_packet_t *);
63 unsigned replaywin = 16;
64 bool localdiscovery = false;
66 #define MAX_SEQNO 1073741824
68 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
69 mtuprobes == 31: sleep pinginterval seconds
70 mtuprobes == 32: send 1 burst, sleep pingtimeout second
71 mtuprobes == 33: no response from other side, restart PMTU discovery process
73 Probes are sent in batches of three, with random sizes between the lower and
74 upper boundaries for the MTU thus far discovered.
76 In case local discovery is enabled, a fourth packet is added to each batch,
77 which will be broadcast to the local network.
80 static void send_mtu_probe_handler(int fd, short events, void *data) {
86 if(!n->status.reachable || !n->status.validkey) {
87 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
92 if(n->mtuprobes > 32) {
95 timeout = pinginterval;
99 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
100 n->status.udp_confirmed = false;
106 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
107 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
111 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
112 if(n->minmtu > n->maxmtu)
113 n->minmtu = n->maxmtu;
115 n->maxmtu = n->minmtu;
117 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
121 if(n->mtuprobes == 31) {
122 timeout = pinginterval;
124 } else if(n->mtuprobes == 32) {
125 timeout = pingtimeout;
128 for(int i = 0; i < 3 + localdiscovery; i++) {
131 if(n->maxmtu <= n->minmtu)
134 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
140 memset(packet.data, 0, 14);
141 randomize(packet.data + 14, len - 14);
143 if(i >= 3 && n->mtuprobes <= 10)
144 packet.priority = -1;
148 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
150 send_udppacket(n, &packet);
154 event_add(&n->mtuevent, &(struct timeval){timeout, rand() % 100000});
157 void send_mtu_probe(node_t *n) {
158 if(!timeout_initialized(&n->mtuevent))
159 timeout_set(&n->mtuevent, send_mtu_probe_handler, n);
160 send_mtu_probe_handler(0, 0, n);
163 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
164 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
166 if(!packet->data[0]) {
168 send_udppacket(n, packet);
170 n->status.udp_confirmed = true;
172 if(n->mtuprobes > 30) {
186 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
188 memcpy(dest, source, len);
190 } else if(level == 10) {
192 lzo_uint lzolen = MAXSIZE;
193 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
198 } else if(level < 10) {
200 unsigned long destlen = MAXSIZE;
201 if(compress2(dest, &destlen, source, len, level) == Z_OK)
208 lzo_uint lzolen = MAXSIZE;
209 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
219 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
221 memcpy(dest, source, len);
223 } else if(level > 9) {
225 lzo_uint lzolen = MAXSIZE;
226 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
234 unsigned long destlen = MAXSIZE;
235 if(uncompress(dest, &destlen, source, len) == Z_OK)
247 static void receive_packet(node_t *n, vpn_packet_t *packet) {
248 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
249 packet->len, n->name, n->hostname);
252 n->in_bytes += packet->len;
257 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
259 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
261 if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest))
264 return digest_verify(&n->indigest, &inpkt->seqno, inpkt->len - n->indigest.maclength, (const char *)&inpkt->seqno + inpkt->len - n->indigest.maclength);
267 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
268 vpn_packet_t pkt1, pkt2;
269 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
271 vpn_packet_t *outpkt = pkt[0];
274 if(n->status.sptps) {
275 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
279 if(!cipher_active(&n->incipher)) {
280 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
281 n->name, n->hostname);
285 /* Check packet length */
287 if(inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) {
288 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
289 n->name, n->hostname);
293 /* Check the message authentication code */
295 if(digest_active(&n->indigest)) {
296 inpkt->len -= n->indigest.maclength;
297 if(!digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
298 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
302 /* Decrypt the packet */
304 if(cipher_active(&n->incipher)) {
305 outpkt = pkt[nextpkt++];
308 if(!cipher_decrypt(&n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
309 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
313 outpkt->len = outlen;
317 /* Check the sequence number */
319 inpkt->len -= sizeof inpkt->seqno;
320 inpkt->seqno = ntohl(inpkt->seqno);
323 if(inpkt->seqno != n->received_seqno + 1) {
324 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
325 if(n->farfuture++ < replaywin >> 2) {
326 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
327 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
330 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
331 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
332 memset(n->late, 0, replaywin);
333 } else if (inpkt->seqno <= n->received_seqno) {
334 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
335 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
336 n->name, n->hostname, inpkt->seqno, n->received_seqno);
340 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
341 n->late[(i / 8) % replaywin] |= 1 << i % 8;
346 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
349 if(inpkt->seqno > n->received_seqno)
350 n->received_seqno = inpkt->seqno;
352 if(n->received_seqno > MAX_SEQNO)
355 /* Decompress the packet */
357 length_t origlen = inpkt->len;
359 if(n->incompression) {
360 outpkt = pkt[nextpkt++];
362 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
363 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
364 n->name, n->hostname);
370 origlen -= MTU/64 + 20;
375 if(!inpkt->data[12] && !inpkt->data[13])
376 mtu_probe_h(n, inpkt, origlen);
378 receive_packet(n, inpkt);
381 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
385 if(c->options & OPTION_TCPONLY)
388 outpkt.priority = -1;
389 memcpy(outpkt.data, buffer, len);
391 receive_packet(c->node, &outpkt);
394 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
395 if(!n->status.validkey) {
396 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
397 if(!n->status.waitingforkey)
399 else if(n->last_req_key + 10 < time(NULL)) {
400 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
401 sptps_stop(&n->sptps);
402 n->status.waitingforkey = false;
411 if(!(origpkt->data[12] | origpkt->data[13])) {
412 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
416 if(routing_mode == RMODE_ROUTER)
421 if(origpkt->len < offset)
426 if(n->outcompression) {
427 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
429 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
430 } else if(len < origpkt->len - offset) {
431 outpkt.len = len + offset;
433 type |= PKT_COMPRESSED;
437 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
441 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
446 /* If the UDP address is confirmed, use it. */
447 if(n->status.udp_confirmed)
450 /* Send every third packet to n->address; that could be set
451 to the node's reflexive UDP address discovered during key
460 /* Otherwise, address are found in edges to this node.
461 So we pick a random edge and a random socket. */
464 int j = rand() % n->edge_tree->count;
465 edge_t *candidate = NULL;
467 for splay_each(edge_t, e, n->edge_tree) {
469 candidate = e->reverse;
475 *sa = &candidate->address;
476 *sock = rand() % listen_sockets;
479 /* Make sure we have a suitable socket for the chosen address */
480 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
481 for(int i = 0; i < listen_sockets; i++) {
482 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
490 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
491 static sockaddr_t broadcast_ipv4 = {
493 .sin_family = AF_INET,
494 .sin_addr.s_addr = -1,
498 static sockaddr_t broadcast_ipv6 = {
500 .sin6_family = AF_INET6,
501 .sin6_addr.s6_addr[0x0] = 0xff,
502 .sin6_addr.s6_addr[0x1] = 0x02,
503 .sin6_addr.s6_addr[0xf] = 0x01,
507 *sock = rand() % listen_sockets;
509 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
510 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
511 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
512 *sa = &broadcast_ipv6;
514 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
515 *sa = &broadcast_ipv4;
519 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
520 vpn_packet_t pkt1, pkt2;
521 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
522 vpn_packet_t *inpkt = origpkt;
524 vpn_packet_t *outpkt;
525 int origlen = origpkt->len;
527 #if defined(SOL_IP) && defined(IP_TOS)
528 static int priority = 0;
530 int origpriority = origpkt->priority;
532 if(!n->status.reachable) {
533 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
538 return send_sptps_packet(n, origpkt);
540 /* Make sure we have a valid key */
542 if(!n->status.validkey) {
543 time_t now = time(NULL);
545 logger(DEBUG_TRAFFIC, LOG_INFO,
546 "No valid key known yet for %s (%s), forwarding via TCP",
547 n->name, n->hostname);
549 if(n->last_req_key + 10 <= now) {
551 n->last_req_key = now;
554 send_tcppacket(n->nexthop->connection, origpkt);
559 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
560 logger(DEBUG_TRAFFIC, LOG_INFO,
561 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
562 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
565 send_packet(n->nexthop, origpkt);
567 send_tcppacket(n->nexthop->connection, origpkt);
572 /* Compress the packet */
574 if(n->outcompression) {
575 outpkt = pkt[nextpkt++];
577 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
578 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
579 n->name, n->hostname);
586 /* Add sequence number */
588 inpkt->seqno = htonl(++(n->sent_seqno));
589 inpkt->len += sizeof inpkt->seqno;
591 /* Encrypt the packet */
593 if(cipher_active(&n->outcipher)) {
594 outpkt = pkt[nextpkt++];
597 if(!cipher_encrypt(&n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
598 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
602 outpkt->len = outlen;
606 /* Add the message authentication code */
608 if(digest_active(&n->outdigest)) {
609 digest_create(&n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
610 inpkt->len += digest_length(&n->outdigest);
613 /* Send the packet */
615 const sockaddr_t *sa;
618 /* Overloaded use of priority field: -1 means local broadcast */
620 if(origpriority == -1 && n->prevedge)
621 choose_broadcast_address(n, &sa, &sock);
623 choose_udp_address(n, &sa, &sock);
625 #if defined(SOL_IP) && defined(IP_TOS)
626 if(priorityinheritance && origpriority != priority
627 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
628 priority = origpriority;
629 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
630 if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
631 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
635 if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
636 if(sockmsgsize(sockerrno)) {
637 if(n->maxmtu >= origlen)
638 n->maxmtu = origlen - 1;
639 if(n->mtu >= origlen)
640 n->mtu = origlen - 1;
642 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
646 origpkt->len = origlen;
649 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
652 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
654 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
655 char buf[len * 4 / 3 + 5];
656 b64encode(data, buf, len);
657 /* If no valid key is known yet, send the packets using ANS_KEY requests,
658 to ensure we get to learn the reflexive UDP address. */
659 if(!to->status.validkey)
660 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
662 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
665 /* Otherwise, send the packet via UDP */
667 const sockaddr_t *sa;
670 choose_udp_address(to, &sa, &sock);
672 if(sendto(listen_socket[sock].udp, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
673 if(sockmsgsize(sockerrno)) {
674 if(to->maxmtu >= len)
675 to->maxmtu = len - 1;
679 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
687 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
688 node_t *from = handle;
690 if(type == SPTPS_HANDSHAKE) {
691 if(!from->status.validkey) {
692 from->status.validkey = true;
693 from->status.waitingforkey = false;
694 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
700 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
706 if(type == PKT_PROBE) {
708 memcpy(inpkt.data, data, len);
709 mtu_probe_h(from, &inpkt, len);
713 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
714 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
718 /* Check if we have the headers we need */
719 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
720 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
722 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
723 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
726 int offset = (type & PKT_MAC) ? 0 : 14;
727 if(type & PKT_COMPRESSED) {
728 len = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
732 inpkt.len = len + offset;
734 if(inpkt.len > MAXSIZE)
737 memcpy(inpkt.data + offset, data, len);
738 inpkt.len = len + offset;
741 /* Generate the Ethernet packet type if necessary */
743 switch(inpkt.data[14] >> 4) {
745 inpkt.data[12] = 0x08;
746 inpkt.data[13] = 0x00;
749 inpkt.data[12] = 0x86;
750 inpkt.data[13] = 0xDD;
753 logger(DEBUG_TRAFFIC, LOG_ERR,
754 "Unknown IP version %d while reading packet from %s (%s)",
755 inpkt.data[14] >> 4, from->name, from->hostname);
760 receive_packet(from, &inpkt);
765 send a packet to the given vpn ip.
767 void send_packet(node_t *n, vpn_packet_t *packet) {
772 memcpy(packet->data, mymac.x, ETH_ALEN);
774 n->out_bytes += packet->len;
775 devops.write(packet);
779 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
780 packet->len, n->name, n->hostname);
782 if(!n->status.reachable) {
783 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
784 n->name, n->hostname);
789 n->out_bytes += packet->len;
791 if(n->status.sptps) {
792 send_sptps_packet(n, packet);
796 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
799 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
800 n->name, via->name, n->via->hostname);
802 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
803 if(!send_tcppacket(via->connection, packet))
804 terminate_connection(via->connection, true);
806 send_udppacket(via, packet);
809 /* Broadcast a packet using the minimum spanning tree */
811 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
812 // Always give ourself a copy of the packet.
814 send_packet(myself, packet);
816 // In TunnelServer mode, do not forward broadcast packets.
817 // The MST might not be valid and create loops.
818 if(tunnelserver || broadcast_mode == BMODE_NONE)
821 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
822 packet->len, from->name, from->hostname);
824 switch(broadcast_mode) {
825 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
826 // This guarantees all nodes receive the broadcast packet, and
827 // usually distributes the sending of broadcast packets over all nodes.
829 for list_each(connection_t, c, connection_list)
830 if(c->status.active && c->status.mst && c != from->nexthop->connection)
831 send_packet(c->node, packet);
834 // In direct mode, we send copies to each node we know of.
835 // However, this only reaches nodes that can be reached in a single hop.
836 // We don't have enough information to forward broadcast packets in this case.
841 for splay_each(node_t, n, node_tree)
842 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
843 send_packet(n, packet);
851 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
854 static time_t last_hard_try = 0;
855 time_t now = time(NULL);
857 for splay_each(edge_t, e, edge_weight_tree) {
858 if(!e->to->status.reachable || e->to == myself)
861 if(sockaddrcmp_noport(from, &e->address)) {
862 if(last_hard_try == now)
867 if(!try_mac(e->to, pkt))
881 void handle_incoming_vpn_data(int sock, short events, void *data) {
884 sockaddr_t from = {{0}};
885 socklen_t fromlen = sizeof from;
889 len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
891 if(len <= 0 || len > MAXSIZE) {
892 if(!sockwouldblock(sockerrno))
893 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
899 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
901 n = lookup_node_udp(&from);
904 n = try_harder(&from, &pkt);
906 update_node_udp(n, &from);
907 else if(debug_level >= DEBUG_PROTOCOL) {
908 hostname = sockaddr2hostname(&from);
909 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
917 n->sock = (intptr_t)data;
919 receive_udppacket(n, &pkt);
922 void handle_device_data(int sock, short events, void *data) {
927 if(devops.read(&packet)) {
928 myself->in_packets++;
929 myself->in_bytes += packet.len;
930 route(myself, &packet);