2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include "connection.h"
52 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
55 static void send_udppacket(node_t *, vpn_packet_t *);
57 unsigned replaywin = 16;
58 bool localdiscovery = false;
60 #define MAX_SEQNO 1073741824
62 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
63 mtuprobes == 31: sleep pinginterval seconds
64 mtuprobes == 32: send 1 burst, sleep pingtimeout second
65 mtuprobes == 33: no response from other side, restart PMTU discovery process
67 Probes are sent in batches of at least three, with random sizes between the
68 lower and upper boundaries for the MTU thus far discovered.
70 After the initial discovery, a fourth packet is added to each batch with a
71 size larger than the currently known PMTU, to test if the PMTU has increased.
73 In case local discovery is enabled, another packet is added to each batch,
74 which will be broadcast to the local network.
78 static void send_mtu_probe_handler(void *data) {
84 if(!n->status.reachable || !n->status.validkey) {
85 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
90 if(n->mtuprobes > 32) {
93 timeout = pinginterval;
97 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
98 n->status.udp_confirmed = false;
104 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
105 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
109 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
110 if(n->minmtu > n->maxmtu)
111 n->minmtu = n->maxmtu;
113 n->maxmtu = n->minmtu;
115 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
119 if(n->mtuprobes == 31) {
120 timeout = pinginterval;
122 } else if(n->mtuprobes == 32) {
123 timeout = pingtimeout;
126 for(int i = 0; i < 4 + localdiscovery; i++) {
130 if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
133 } else if(n->maxmtu <= n->minmtu) {
136 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
143 memset(packet.data, 0, 14);
144 randomize(packet.data + 14, len - 14);
146 if(i >= 4 && n->mtuprobes <= 10)
147 packet.priority = -1;
151 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
153 send_udppacket(n, &packet);
156 n->probe_counter = 0;
157 gettimeofday(&n->probe_time, NULL);
159 /* Calculate the packet loss of incoming traffic by comparing the rate of
160 packets received to the rate with which the sequence number has increased.
163 if(n->received > n->prev_received)
164 n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
166 n->packetloss = n->received_seqno <= n->prev_received_seqno;
168 n->prev_received_seqno = n->received_seqno;
169 n->prev_received = n->received;
172 timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
175 void send_mtu_probe(node_t *n) {
176 timeout_add(&n->mtutimeout, send_mtu_probe_handler, n, &(struct timeval){1, 0});
177 send_mtu_probe_handler(n);
180 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
181 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
183 if(!packet->data[0]) {
184 /* It's a probe request, send back a reply */
188 /* Temporarily set udp_confirmed, so that the reply is sent
189 back exactly the way it came in. */
191 bool udp_confirmed = n->status.udp_confirmed;
192 n->status.udp_confirmed = true;
193 send_udppacket(n, packet);
194 n->status.udp_confirmed = udp_confirmed;
196 /* It's a valid reply: now we know bidirectional communication
197 is possible using the address and socket that the reply
200 n->status.udp_confirmed = true;
202 /* If we haven't established the PMTU yet, restart the discovery process. */
204 if(n->mtuprobes > 30) {
205 if (len == n->maxmtu + 8) {
206 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
218 /* If applicable, raise the minimum supported MTU */
225 /* Calculate RTT and bandwidth.
226 The RTT is the time between the MTU probe burst was sent and the first
227 reply is received. The bandwidth is measured using the time between the
228 arrival of the first and third probe reply.
231 struct timeval now, diff;
232 gettimeofday(&now, NULL);
233 timersub(&now, &n->probe_time, &diff);
236 if(n->probe_counter == 1) {
237 n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
239 } else if(n->probe_counter == 3) {
240 n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
241 logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
246 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
248 memcpy(dest, source, len);
250 } else if(level == 10) {
252 lzo_uint lzolen = MAXSIZE;
253 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
258 } else if(level < 10) {
260 unsigned long destlen = MAXSIZE;
261 if(compress2(dest, &destlen, source, len, level) == Z_OK)
268 lzo_uint lzolen = MAXSIZE;
269 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
279 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
281 memcpy(dest, source, len);
283 } else if(level > 9) {
285 lzo_uint lzolen = MAXSIZE;
286 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
294 unsigned long destlen = MAXSIZE;
295 if(uncompress(dest, &destlen, source, len) == Z_OK)
307 static void receive_packet(node_t *n, vpn_packet_t *packet) {
308 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
309 packet->len, n->name, n->hostname);
312 n->in_bytes += packet->len;
317 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
319 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
321 if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest))
324 return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
327 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
328 vpn_packet_t pkt1, pkt2;
329 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
331 vpn_packet_t *outpkt = pkt[0];
334 if(n->status.sptps) {
335 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
339 if(!cipher_active(n->incipher)) {
340 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
341 n->name, n->hostname);
345 /* Check packet length */
347 if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) {
348 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
349 n->name, n->hostname);
353 /* Check the message authentication code */
355 if(digest_active(n->indigest)) {
356 inpkt->len -= digest_length(n->indigest);
357 if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
358 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
362 /* Decrypt the packet */
364 if(cipher_active(n->incipher)) {
365 outpkt = pkt[nextpkt++];
368 if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
369 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
373 outpkt->len = outlen;
377 /* Check the sequence number */
379 inpkt->len -= sizeof inpkt->seqno;
380 inpkt->seqno = ntohl(inpkt->seqno);
383 if(inpkt->seqno != n->received_seqno + 1) {
384 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
385 if(n->farfuture++ < replaywin >> 2) {
386 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
387 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
390 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
391 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
392 memset(n->late, 0, replaywin);
393 } else if (inpkt->seqno <= n->received_seqno) {
394 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
395 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
396 n->name, n->hostname, inpkt->seqno, n->received_seqno);
400 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
401 n->late[(i / 8) % replaywin] |= 1 << i % 8;
406 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
409 if(inpkt->seqno > n->received_seqno)
410 n->received_seqno = inpkt->seqno;
414 if(n->received_seqno > MAX_SEQNO)
417 /* Decompress the packet */
419 length_t origlen = inpkt->len;
421 if(n->incompression) {
422 outpkt = pkt[nextpkt++];
424 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
425 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
426 n->name, n->hostname);
432 origlen -= MTU/64 + 20;
437 if(!inpkt->data[12] && !inpkt->data[13])
438 mtu_probe_h(n, inpkt, origlen);
440 receive_packet(n, inpkt);
443 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
446 if(len > sizeof outpkt.data)
450 if(c->options & OPTION_TCPONLY)
453 outpkt.priority = -1;
454 memcpy(outpkt.data, buffer, len);
456 receive_packet(c->node, &outpkt);
459 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
460 if(!n->status.validkey) {
461 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
462 if(!n->status.waitingforkey)
464 else if(n->last_req_key + 10 < now.tv_sec) {
465 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
466 sptps_stop(&n->sptps);
467 n->status.waitingforkey = false;
476 if(!(origpkt->data[12] | origpkt->data[13])) {
477 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
481 if(routing_mode == RMODE_ROUTER)
486 if(origpkt->len < offset)
491 if(n->outcompression) {
492 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
494 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
495 } else if(len < origpkt->len - offset) {
496 outpkt.len = len + offset;
498 type |= PKT_COMPRESSED;
502 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
506 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
511 /* If the UDP address is confirmed, use it. */
512 if(n->status.udp_confirmed)
515 /* Send every third packet to n->address; that could be set
516 to the node's reflexive UDP address discovered during key
525 /* Otherwise, address are found in edges to this node.
526 So we pick a random edge and a random socket. */
529 int j = rand() % n->edge_tree->count;
530 edge_t *candidate = NULL;
532 for splay_each(edge_t, e, n->edge_tree) {
534 candidate = e->reverse;
540 *sa = &candidate->address;
541 *sock = rand() % listen_sockets;
544 /* Make sure we have a suitable socket for the chosen address */
545 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
546 for(int i = 0; i < listen_sockets; i++) {
547 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
555 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
556 static sockaddr_t broadcast_ipv4 = {
558 .sin_family = AF_INET,
559 .sin_addr.s_addr = -1,
563 static sockaddr_t broadcast_ipv6 = {
565 .sin6_family = AF_INET6,
566 .sin6_addr.s6_addr[0x0] = 0xff,
567 .sin6_addr.s6_addr[0x1] = 0x02,
568 .sin6_addr.s6_addr[0xf] = 0x01,
572 *sock = rand() % listen_sockets;
574 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
575 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
576 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
577 *sa = &broadcast_ipv6;
579 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
580 *sa = &broadcast_ipv4;
584 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
585 vpn_packet_t pkt1, pkt2;
586 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
587 vpn_packet_t *inpkt = origpkt;
589 vpn_packet_t *outpkt;
590 int origlen = origpkt->len;
592 #if defined(SOL_IP) && defined(IP_TOS)
593 static int priority = 0;
595 int origpriority = origpkt->priority;
597 if(!n->status.reachable) {
598 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
603 return send_sptps_packet(n, origpkt);
605 /* Make sure we have a valid key */
607 if(!n->status.validkey) {
608 logger(DEBUG_TRAFFIC, LOG_INFO,
609 "No valid key known yet for %s (%s), forwarding via TCP",
610 n->name, n->hostname);
612 if(n->last_req_key + 10 <= now.tv_sec) {
614 n->last_req_key = now.tv_sec;
617 send_tcppacket(n->nexthop->connection, origpkt);
622 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
623 logger(DEBUG_TRAFFIC, LOG_INFO,
624 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
625 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
628 send_packet(n->nexthop, origpkt);
630 send_tcppacket(n->nexthop->connection, origpkt);
635 /* Compress the packet */
637 if(n->outcompression) {
638 outpkt = pkt[nextpkt++];
640 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
641 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
642 n->name, n->hostname);
649 /* Add sequence number */
651 inpkt->seqno = htonl(++(n->sent_seqno));
652 inpkt->len += sizeof inpkt->seqno;
654 /* Encrypt the packet */
656 if(cipher_active(n->outcipher)) {
657 outpkt = pkt[nextpkt++];
660 if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
661 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
665 outpkt->len = outlen;
669 /* Add the message authentication code */
671 if(digest_active(n->outdigest)) {
672 digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
673 inpkt->len += digest_length(n->outdigest);
676 /* Send the packet */
678 const sockaddr_t *sa;
681 /* Overloaded use of priority field: -1 means local broadcast */
683 if(origpriority == -1 && n->prevedge)
684 choose_broadcast_address(n, &sa, &sock);
686 choose_udp_address(n, &sa, &sock);
688 #if defined(SOL_IP) && defined(IP_TOS)
689 if(priorityinheritance && origpriority != priority
690 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
691 priority = origpriority;
692 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
693 if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
694 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
698 if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
699 if(sockmsgsize(sockerrno)) {
700 if(n->maxmtu >= origlen)
701 n->maxmtu = origlen - 1;
702 if(n->mtu >= origlen)
703 n->mtu = origlen - 1;
705 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
709 origpkt->len = origlen;
712 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
715 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
717 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
718 char buf[len * 4 / 3 + 5];
719 b64encode(data, buf, len);
720 /* If no valid key is known yet, send the packets using ANS_KEY requests,
721 to ensure we get to learn the reflexive UDP address. */
722 if(!to->status.validkey)
723 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
725 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
728 /* Otherwise, send the packet via UDP */
730 const sockaddr_t *sa;
733 choose_udp_address(to, &sa, &sock);
735 if(sendto(listen_socket[sock].udp.fd, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
736 if(sockmsgsize(sockerrno)) {
737 if(to->maxmtu >= len)
738 to->maxmtu = len - 1;
742 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
750 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
751 node_t *from = handle;
753 if(type == SPTPS_HANDSHAKE) {
754 if(!from->status.validkey) {
755 from->status.validkey = true;
756 from->status.waitingforkey = false;
757 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
763 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
769 if(type == PKT_PROBE) {
771 memcpy(inpkt.data, data, len);
772 mtu_probe_h(from, &inpkt, len);
776 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
777 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
781 /* Check if we have the headers we need */
782 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
783 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
785 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
786 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
789 int offset = (type & PKT_MAC) ? 0 : 14;
790 if(type & PKT_COMPRESSED) {
791 length_t ulen = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
795 inpkt.len = ulen + offset;
797 if(inpkt.len > MAXSIZE)
800 memcpy(inpkt.data + offset, data, len);
801 inpkt.len = len + offset;
804 /* Generate the Ethernet packet type if necessary */
806 switch(inpkt.data[14] >> 4) {
808 inpkt.data[12] = 0x08;
809 inpkt.data[13] = 0x00;
812 inpkt.data[12] = 0x86;
813 inpkt.data[13] = 0xDD;
816 logger(DEBUG_TRAFFIC, LOG_ERR,
817 "Unknown IP version %d while reading packet from %s (%s)",
818 inpkt.data[14] >> 4, from->name, from->hostname);
823 receive_packet(from, &inpkt);
828 send a packet to the given vpn ip.
830 void send_packet(node_t *n, vpn_packet_t *packet) {
835 memcpy(packet->data, mymac.x, ETH_ALEN);
837 n->out_bytes += packet->len;
838 devops.write(packet);
842 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
843 packet->len, n->name, n->hostname);
845 if(!n->status.reachable) {
846 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
847 n->name, n->hostname);
852 n->out_bytes += packet->len;
854 if(n->status.sptps) {
855 send_sptps_packet(n, packet);
859 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
862 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
863 n->name, via->name, n->via->hostname);
865 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
866 if(!send_tcppacket(via->connection, packet))
867 terminate_connection(via->connection, true);
869 send_udppacket(via, packet);
872 /* Broadcast a packet using the minimum spanning tree */
874 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
875 // Always give ourself a copy of the packet.
877 send_packet(myself, packet);
879 // In TunnelServer mode, do not forward broadcast packets.
880 // The MST might not be valid and create loops.
881 if(tunnelserver || broadcast_mode == BMODE_NONE)
884 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
885 packet->len, from->name, from->hostname);
887 switch(broadcast_mode) {
888 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
889 // This guarantees all nodes receive the broadcast packet, and
890 // usually distributes the sending of broadcast packets over all nodes.
892 for list_each(connection_t, c, connection_list)
893 if(c->status.active && c->status.mst && c != from->nexthop->connection)
894 send_packet(c->node, packet);
897 // In direct mode, we send copies to each node we know of.
898 // However, this only reaches nodes that can be reached in a single hop.
899 // We don't have enough information to forward broadcast packets in this case.
904 for splay_each(node_t, n, node_tree)
905 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
906 send_packet(n, packet);
914 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
917 static time_t last_hard_try = 0;
919 for splay_each(edge_t, e, edge_weight_tree) {
920 if(!e->to->status.reachable || e->to == myself)
923 if(sockaddrcmp_noport(from, &e->address)) {
924 if(last_hard_try == now.tv_sec)
929 if(!try_mac(e->to, pkt))
937 last_hard_try = now.tv_sec;
939 last_hard_try = now.tv_sec;
943 void handle_incoming_vpn_data(void *data, int flags) {
944 listen_socket_t *ls = data;
947 sockaddr_t from = {{0}};
948 socklen_t fromlen = sizeof from;
952 len = recvfrom(ls->udp.fd, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
954 if(len <= 0 || len > MAXSIZE) {
955 if(!sockwouldblock(sockerrno))
956 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
962 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
964 n = lookup_node_udp(&from);
967 n = try_harder(&from, &pkt);
969 update_node_udp(n, &from);
970 else if(debug_level >= DEBUG_PROTOCOL) {
971 hostname = sockaddr2hostname(&from);
972 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
980 n->sock = ls - listen_socket;
982 receive_udppacket(n, &pkt);
985 void handle_device_data(void *data, int flags) {
990 if(devops.read(&packet)) {
991 myself->in_packets++;
992 myself->in_bytes += packet.len;
993 route(myself, &packet);