2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/pem.h>
29 #include <openssl/hmac.h>
41 #include "connection.h"
58 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
61 static void send_udppacket(node_t *, vpn_packet_t *);
63 unsigned replaywin = 16;
64 bool localdiscovery = false;
66 #define MAX_SEQNO 1073741824
68 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
69 mtuprobes == 31: sleep pinginterval seconds
70 mtuprobes == 32: send 1 burst, sleep pingtimeout second
71 mtuprobes == 33: no response from other side, restart PMTU discovery process
73 Probes are sent in batches of three, with random sizes between the lower and
74 upper boundaries for the MTU thus far discovered.
76 In case local discovery is enabled, a fourth packet is added to each batch,
77 which will be broadcast to the local network.
80 static void send_mtu_probe_handler(int fd, short events, void *data) {
88 if(!n->status.reachable || !n->status.validkey) {
89 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
94 if(n->mtuprobes > 32) {
97 timeout = pinginterval;
101 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
107 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
108 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
112 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
113 if(n->minmtu > n->maxmtu)
114 n->minmtu = n->maxmtu;
116 n->maxmtu = n->minmtu;
118 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
122 if(n->mtuprobes == 31) {
123 timeout = pinginterval;
125 } else if(n->mtuprobes == 32) {
126 timeout = pingtimeout;
129 for(i = 0; i < 3 + localdiscovery; i++) {
130 if(n->maxmtu <= n->minmtu)
133 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
138 memset(packet.data, 0, 14);
139 randomize(packet.data + 14, len - 14);
141 if(i >= 3 && n->mtuprobes <= 10)
142 packet.priority = -1;
146 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
148 send_udppacket(n, &packet);
152 event_add(&n->mtuevent, &(struct timeval){timeout, 0});
155 void send_mtu_probe(node_t *n) {
156 if(!timeout_initialized(&n->mtuevent))
157 timeout_set(&n->mtuevent, send_mtu_probe_handler, n);
158 send_mtu_probe_handler(0, 0, n);
161 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
162 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
164 if(!packet->data[0]) {
166 send_udppacket(n, packet);
168 if(n->mtuprobes > 30) {
182 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
184 memcpy(dest, source, len);
186 } else if(level == 10) {
188 lzo_uint lzolen = MAXSIZE;
189 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
194 } else if(level < 10) {
196 unsigned long destlen = MAXSIZE;
197 if(compress2(dest, &destlen, source, len, level) == Z_OK)
204 lzo_uint lzolen = MAXSIZE;
205 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
215 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
217 memcpy(dest, source, len);
219 } else if(level > 9) {
221 lzo_uint lzolen = MAXSIZE;
222 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
230 unsigned long destlen = MAXSIZE;
231 if(uncompress(dest, &destlen, source, len) == Z_OK)
243 static void receive_packet(node_t *n, vpn_packet_t *packet) {
244 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
245 packet->len, n->name, n->hostname);
248 n->in_bytes += packet->len;
253 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
255 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
257 if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest))
260 return digest_verify(&n->indigest, &inpkt->seqno, inpkt->len - n->indigest.maclength, (const char *)&inpkt->seqno + inpkt->len - n->indigest.maclength);
263 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
264 vpn_packet_t pkt1, pkt2;
265 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
267 vpn_packet_t *outpkt = pkt[0];
270 if(n->status.sptps) {
271 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
275 if(!cipher_active(&n->incipher)) {
276 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
277 n->name, n->hostname);
281 /* Check packet length */
283 if(inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) {
284 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
285 n->name, n->hostname);
289 /* Check the message authentication code */
291 if(digest_active(&n->indigest)) {
292 inpkt->len -= n->indigest.maclength;
293 if(!digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
294 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
298 /* Decrypt the packet */
300 if(cipher_active(&n->incipher)) {
301 outpkt = pkt[nextpkt++];
304 if(!cipher_decrypt(&n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
305 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
309 outpkt->len = outlen;
313 /* Check the sequence number */
315 inpkt->len -= sizeof inpkt->seqno;
316 inpkt->seqno = ntohl(inpkt->seqno);
319 if(inpkt->seqno != n->received_seqno + 1) {
320 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
321 if(n->farfuture++ < replaywin >> 2) {
322 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
323 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
326 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
327 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
328 memset(n->late, 0, replaywin);
329 } else if (inpkt->seqno <= n->received_seqno) {
330 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
331 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
332 n->name, n->hostname, inpkt->seqno, n->received_seqno);
336 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
337 n->late[(i / 8) % replaywin] |= 1 << i % 8;
342 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
345 if(inpkt->seqno > n->received_seqno)
346 n->received_seqno = inpkt->seqno;
348 if(n->received_seqno > MAX_SEQNO)
351 /* Decompress the packet */
353 length_t origlen = inpkt->len;
355 if(n->incompression) {
356 outpkt = pkt[nextpkt++];
358 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
359 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
360 n->name, n->hostname);
366 origlen -= MTU/64 + 20;
371 if(!inpkt->data[12] && !inpkt->data[13])
372 mtu_probe_h(n, inpkt, origlen);
374 receive_packet(n, inpkt);
377 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
381 if(c->options & OPTION_TCPONLY)
384 outpkt.priority = -1;
385 memcpy(outpkt.data, buffer, len);
387 receive_packet(c->node, &outpkt);
390 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
391 if(!n->status.validkey) {
392 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
393 if(!n->status.waitingforkey)
395 else if(n->last_req_key + 10 < time(NULL)) {
396 sptps_stop(&n->sptps);
397 n->status.waitingforkey = false;
406 if(!(origpkt->data[12] | origpkt->data[13])) {
407 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
411 if(routing_mode == RMODE_ROUTER)
416 if(origpkt->len < offset)
421 if(n->outcompression) {
422 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
424 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
425 } else if(len < origpkt->len - offset) {
426 outpkt.len = len + offset;
428 type |= PKT_COMPRESSED;
432 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
436 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
437 vpn_packet_t pkt1, pkt2;
438 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
439 vpn_packet_t *inpkt = origpkt;
441 vpn_packet_t *outpkt;
442 int origlen = origpkt->len;
444 #if defined(SOL_IP) && defined(IP_TOS)
445 static int priority = 0;
447 int origpriority = origpkt->priority;
449 if(!n->status.reachable) {
450 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
455 return send_sptps_packet(n, origpkt);
457 /* Make sure we have a valid key */
459 if(!n->status.validkey) {
460 time_t now = time(NULL);
462 logger(DEBUG_TRAFFIC, LOG_INFO,
463 "No valid key known yet for %s (%s), forwarding via TCP",
464 n->name, n->hostname);
466 if(n->last_req_key + 10 <= now) {
468 n->last_req_key = now;
471 send_tcppacket(n->nexthop->connection, origpkt);
476 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
477 logger(DEBUG_TRAFFIC, LOG_INFO,
478 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
479 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
482 send_packet(n->nexthop, origpkt);
484 send_tcppacket(n->nexthop->connection, origpkt);
489 /* Compress the packet */
491 if(n->outcompression) {
492 outpkt = pkt[nextpkt++];
494 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
495 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
496 n->name, n->hostname);
503 /* Add sequence number */
505 inpkt->seqno = htonl(++(n->sent_seqno));
506 inpkt->len += sizeof inpkt->seqno;
508 /* Encrypt the packet */
510 if(cipher_active(&n->outcipher)) {
511 outpkt = pkt[nextpkt++];
514 if(!cipher_encrypt(&n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
515 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
519 outpkt->len = outlen;
523 /* Add the message authentication code */
525 if(digest_active(&n->outdigest)) {
526 digest_create(&n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
527 inpkt->len += digest_length(&n->outdigest);
530 /* Determine which socket we have to use */
532 if(n->address.sa.sa_family != listen_socket[n->sock].sa.sa.sa_family) {
533 for(int sock = 0; sock < listen_sockets; sock++) {
534 if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) {
541 /* Send the packet */
547 /* Overloaded use of priority field: -1 means local broadcast */
549 if(origpriority == -1 && n->prevedge) {
550 struct sockaddr_in in;
551 in.sin_family = AF_INET;
552 in.sin_addr.s_addr = -1;
553 in.sin_port = n->prevedge->address.in.sin_port;
554 sa = (struct sockaddr *)∈
558 if(origpriority == -1)
561 sa = &(n->address.sa);
562 sl = SALEN(n->address.sa);
566 #if defined(SOL_IP) && defined(IP_TOS)
567 if(priorityinheritance && origpriority != priority
568 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
569 priority = origpriority;
570 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
571 if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
572 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
576 if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, sa, sl) < 0 && !sockwouldblock(sockerrno)) {
577 if(sockmsgsize(sockerrno)) {
578 if(n->maxmtu >= origlen)
579 n->maxmtu = origlen - 1;
580 if(n->mtu >= origlen)
581 n->mtu = origlen - 1;
583 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
587 origpkt->len = origlen;
590 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
593 if(type >= SPTPS_HANDSHAKE
594 || ((myself->options | to->options) & OPTION_TCPONLY)
595 || (type != PKT_PROBE && len > to->minmtu)) {
596 char buf[len * 4 / 3 + 5];
597 b64encode(data, buf, len);
598 if(!to->status.validkey)
599 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
601 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, type >= SPTPS_HANDSHAKE ? REQ_SPTPS : REQ_PACKET, buf);
604 /* Send the packet */
610 sa = &(to->address.sa);
611 sl = SALEN(to->address.sa);
614 if(sendto(listen_socket[sock].udp, data, len, 0, sa, sl) < 0 && !sockwouldblock(sockerrno)) {
615 if(sockmsgsize(sockerrno)) {
616 if(to->maxmtu >= len)
617 to->maxmtu = len - 1;
621 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
629 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
630 node_t *from = handle;
632 if(type == SPTPS_HANDSHAKE) {
633 from->status.validkey = true;
634 from->status.waitingforkey = false;
635 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
640 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
646 if(type == PKT_PROBE) {
648 memcpy(inpkt.data, data, len);
649 mtu_probe_h(from, &inpkt, len);
653 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
654 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
658 /* Check if we have the headers we need */
659 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
660 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
662 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
663 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
666 int offset = (type & PKT_MAC) ? 0 : 14;
667 if(type & PKT_COMPRESSED) {
668 len = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
672 inpkt.len = len + offset;
674 if(inpkt.len > MAXSIZE)
677 memcpy(inpkt.data + offset, data, len);
678 inpkt.len = len + offset;
681 /* Generate the Ethernet packet type if necessary */
683 switch(inpkt.data[14] >> 4) {
685 inpkt.data[12] = 0x08;
686 inpkt.data[13] = 0x00;
689 inpkt.data[12] = 0x86;
690 inpkt.data[13] = 0xDD;
693 logger(DEBUG_TRAFFIC, LOG_ERR,
694 "Unknown IP version %d while reading packet from %s (%s)",
695 inpkt.data[14] >> 4, from->name, from->hostname);
700 receive_packet(from, &inpkt);
705 send a packet to the given vpn ip.
707 void send_packet(node_t *n, vpn_packet_t *packet) {
712 memcpy(packet->data, mymac.x, ETH_ALEN);
714 n->out_bytes += packet->len;
715 devops.write(packet);
719 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
720 packet->len, n->name, n->hostname);
722 if(!n->status.reachable) {
723 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
724 n->name, n->hostname);
729 n->out_bytes += packet->len;
731 if(n->status.sptps) {
732 send_sptps_packet(n, packet);
736 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
739 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
740 n->name, via->name, n->via->hostname);
742 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
743 if(!send_tcppacket(via->connection, packet))
744 terminate_connection(via->connection, true);
746 send_udppacket(via, packet);
749 /* Broadcast a packet using the minimum spanning tree */
751 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
752 // Always give ourself a copy of the packet.
754 send_packet(myself, packet);
756 // In TunnelServer mode, do not forward broadcast packets.
757 // The MST might not be valid and create loops.
758 if(tunnelserver || broadcast_mode == BMODE_NONE)
761 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
762 packet->len, from->name, from->hostname);
764 switch(broadcast_mode) {
765 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
766 // This guarantees all nodes receive the broadcast packet, and
767 // usually distributes the sending of broadcast packets over all nodes.
769 for(list_node_t *node = connection_list->head, *next; node; node = next) {
771 connection_t *c = node->data;
773 if(c->status.active && c->status.mst && c != from->nexthop->connection)
774 send_packet(c->node, packet);
778 // In direct mode, we send copies to each node we know of.
779 // However, this only reaches nodes that can be reached in a single hop.
780 // We don't have enough information to forward broadcast packets in this case.
785 for(splay_node_t *node = node_tree->head; node; node = node->next) {
786 node_t *n = node->data;
788 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
789 send_packet(n, packet);
798 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
803 static time_t last_hard_try = 0;
804 time_t now = time(NULL);
806 for(node = edge_weight_tree->head; node; node = node->next) {
809 if(!e->to->status.reachable || e->to == myself)
812 if(sockaddrcmp_noport(from, &e->address)) {
813 if(last_hard_try == now)
818 if(!try_mac(e->to, pkt))
832 void handle_incoming_vpn_data(int sock, short events, void *data) {
835 sockaddr_t from = {{0}};
836 socklen_t fromlen = sizeof from;
840 len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
842 if(len <= 0 || len > MAXSIZE) {
843 if(!sockwouldblock(sockerrno))
844 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
850 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
852 n = lookup_node_udp(&from);
855 n = try_harder(&from, &pkt);
857 update_node_udp(n, &from);
858 else if(debug_level >= DEBUG_PROTOCOL) {
859 hostname = sockaddr2hostname(&from);
860 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
868 n->sock = (intptr_t)data;
870 receive_udppacket(n, &pkt);
873 void handle_device_data(int sock, short events, void *data) {
878 if(devops.read(&packet)) {
879 myself->in_packets++;
880 myself->in_bytes += packet.len;
881 route(myself, &packet);