2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/pem.h>
29 #include <openssl/hmac.h>
41 #include "connection.h"
58 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
61 static void send_udppacket(node_t *, vpn_packet_t *);
63 unsigned replaywin = 16;
64 bool localdiscovery = false;
66 #define MAX_SEQNO 1073741824
68 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
69 mtuprobes == 31: sleep pinginterval seconds
70 mtuprobes == 32: send 1 burst, sleep pingtimeout second
71 mtuprobes == 33: no response from other side, restart PMTU discovery process
73 Probes are sent in batches of three, with random sizes between the lower and
74 upper boundaries for the MTU thus far discovered.
76 In case local discovery is enabled, a fourth packet is added to each batch,
77 which will be broadcast to the local network.
80 static void send_mtu_probe_handler(int fd, short events, void *data) {
86 if(!n->status.reachable || !n->status.validkey) {
87 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
92 if(n->mtuprobes > 32) {
95 timeout = pinginterval;
99 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
100 n->status.udp_confirmed = false;
106 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
107 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
111 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
112 if(n->minmtu > n->maxmtu)
113 n->minmtu = n->maxmtu;
115 n->maxmtu = n->minmtu;
117 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
121 if(n->mtuprobes == 31) {
122 timeout = pinginterval;
124 } else if(n->mtuprobes == 32) {
125 timeout = pingtimeout;
128 for(int i = 0; i < 3 + localdiscovery; i++) {
131 if(n->maxmtu <= n->minmtu)
134 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
140 memset(packet.data, 0, 14);
141 randomize(packet.data + 14, len - 14);
143 if(i >= 3 && n->mtuprobes <= 10)
144 packet.priority = -1;
148 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
150 send_udppacket(n, &packet);
154 event_add(&n->mtuevent, &(struct timeval){timeout, rand() % 100000});
157 void send_mtu_probe(node_t *n) {
158 if(!timeout_initialized(&n->mtuevent))
159 timeout_set(&n->mtuevent, send_mtu_probe_handler, n);
160 send_mtu_probe_handler(0, 0, n);
163 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
164 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
166 if(!packet->data[0]) {
167 /* It's a probe request, send back a reply */
171 /* Temporarily set udp_confirmed, so that the reply is sent
172 back exactly the way it came in. */
174 bool udp_confirmed = n->status.udp_confirmed;
175 n->status.udp_confirmed = true;
176 send_udppacket(n, packet);
177 n->status.udp_confirmed = udp_confirmed;
179 /* It's a valid reply: now we know bidirectional communication
180 is possible using the address and socket that the reply
183 n->status.udp_confirmed = true;
185 /* If we haven't established the PMTU yet, restart the discovery process. */
187 if(n->mtuprobes > 30) {
194 /* If applicable, raise the minimum supported MTU */
203 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
205 memcpy(dest, source, len);
207 } else if(level == 10) {
209 lzo_uint lzolen = MAXSIZE;
210 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
215 } else if(level < 10) {
217 unsigned long destlen = MAXSIZE;
218 if(compress2(dest, &destlen, source, len, level) == Z_OK)
225 lzo_uint lzolen = MAXSIZE;
226 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
236 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
238 memcpy(dest, source, len);
240 } else if(level > 9) {
242 lzo_uint lzolen = MAXSIZE;
243 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
251 unsigned long destlen = MAXSIZE;
252 if(uncompress(dest, &destlen, source, len) == Z_OK)
264 static void receive_packet(node_t *n, vpn_packet_t *packet) {
265 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
266 packet->len, n->name, n->hostname);
269 n->in_bytes += packet->len;
274 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
276 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
278 if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest))
281 return digest_verify(&n->indigest, &inpkt->seqno, inpkt->len - n->indigest.maclength, (const char *)&inpkt->seqno + inpkt->len - n->indigest.maclength);
284 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
285 vpn_packet_t pkt1, pkt2;
286 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
288 vpn_packet_t *outpkt = pkt[0];
291 if(n->status.sptps) {
292 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
296 if(!cipher_active(&n->incipher)) {
297 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
298 n->name, n->hostname);
302 /* Check packet length */
304 if(inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) {
305 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
306 n->name, n->hostname);
310 /* Check the message authentication code */
312 if(digest_active(&n->indigest)) {
313 inpkt->len -= n->indigest.maclength;
314 if(!digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
315 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
319 /* Decrypt the packet */
321 if(cipher_active(&n->incipher)) {
322 outpkt = pkt[nextpkt++];
325 if(!cipher_decrypt(&n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
326 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
330 outpkt->len = outlen;
334 /* Check the sequence number */
336 inpkt->len -= sizeof inpkt->seqno;
337 inpkt->seqno = ntohl(inpkt->seqno);
340 if(inpkt->seqno != n->received_seqno + 1) {
341 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
342 if(n->farfuture++ < replaywin >> 2) {
343 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
344 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
347 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
348 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
349 memset(n->late, 0, replaywin);
350 } else if (inpkt->seqno <= n->received_seqno) {
351 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
352 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
353 n->name, n->hostname, inpkt->seqno, n->received_seqno);
357 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
358 n->late[(i / 8) % replaywin] |= 1 << i % 8;
363 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
366 if(inpkt->seqno > n->received_seqno)
367 n->received_seqno = inpkt->seqno;
369 if(n->received_seqno > MAX_SEQNO)
372 /* Decompress the packet */
374 length_t origlen = inpkt->len;
376 if(n->incompression) {
377 outpkt = pkt[nextpkt++];
379 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
380 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
381 n->name, n->hostname);
387 origlen -= MTU/64 + 20;
392 if(!inpkt->data[12] && !inpkt->data[13])
393 mtu_probe_h(n, inpkt, origlen);
395 receive_packet(n, inpkt);
398 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
402 if(c->options & OPTION_TCPONLY)
405 outpkt.priority = -1;
406 memcpy(outpkt.data, buffer, len);
408 receive_packet(c->node, &outpkt);
411 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
412 if(!n->status.validkey) {
413 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
414 if(!n->status.waitingforkey)
416 else if(n->last_req_key + 10 < time(NULL)) {
417 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
418 sptps_stop(&n->sptps);
419 n->status.waitingforkey = false;
428 if(!(origpkt->data[12] | origpkt->data[13])) {
429 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
433 if(routing_mode == RMODE_ROUTER)
438 if(origpkt->len < offset)
443 if(n->outcompression) {
444 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
446 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
447 } else if(len < origpkt->len - offset) {
448 outpkt.len = len + offset;
450 type |= PKT_COMPRESSED;
454 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
458 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
463 /* If the UDP address is confirmed, use it. */
464 if(n->status.udp_confirmed)
467 /* Send every third packet to n->address; that could be set
468 to the node's reflexive UDP address discovered during key
477 /* Otherwise, address are found in edges to this node.
478 So we pick a random edge and a random socket. */
481 int j = rand() % n->edge_tree->count;
482 edge_t *candidate = NULL;
484 for splay_each(edge_t, e, n->edge_tree) {
486 candidate = e->reverse;
492 *sa = &candidate->address;
493 *sock = rand() % listen_sockets;
496 /* Make sure we have a suitable socket for the chosen address */
497 if(listen_socket[*sock].sa.sa.sa_family != (*sa)->sa.sa_family) {
498 for(int i = 0; i < listen_sockets; i++) {
499 if(listen_socket[i].sa.sa.sa_family == (*sa)->sa.sa_family) {
507 static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int *sock) {
508 static sockaddr_t broadcast_ipv4 = {
510 .sin_family = AF_INET,
511 .sin_addr.s_addr = -1,
515 static sockaddr_t broadcast_ipv6 = {
517 .sin6_family = AF_INET6,
518 .sin6_addr.s6_addr[0x0] = 0xff,
519 .sin6_addr.s6_addr[0x1] = 0x02,
520 .sin6_addr.s6_addr[0xf] = 0x01,
524 *sock = rand() % listen_sockets;
526 if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
527 broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
528 broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
529 *sa = &broadcast_ipv6;
531 broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
532 *sa = &broadcast_ipv4;
536 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
537 vpn_packet_t pkt1, pkt2;
538 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
539 vpn_packet_t *inpkt = origpkt;
541 vpn_packet_t *outpkt;
542 int origlen = origpkt->len;
544 #if defined(SOL_IP) && defined(IP_TOS)
545 static int priority = 0;
547 int origpriority = origpkt->priority;
549 if(!n->status.reachable) {
550 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
555 return send_sptps_packet(n, origpkt);
557 /* Make sure we have a valid key */
559 if(!n->status.validkey) {
560 time_t now = time(NULL);
562 logger(DEBUG_TRAFFIC, LOG_INFO,
563 "No valid key known yet for %s (%s), forwarding via TCP",
564 n->name, n->hostname);
566 if(n->last_req_key + 10 <= now) {
568 n->last_req_key = now;
571 send_tcppacket(n->nexthop->connection, origpkt);
576 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
577 logger(DEBUG_TRAFFIC, LOG_INFO,
578 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
579 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
582 send_packet(n->nexthop, origpkt);
584 send_tcppacket(n->nexthop->connection, origpkt);
589 /* Compress the packet */
591 if(n->outcompression) {
592 outpkt = pkt[nextpkt++];
594 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
595 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
596 n->name, n->hostname);
603 /* Add sequence number */
605 inpkt->seqno = htonl(++(n->sent_seqno));
606 inpkt->len += sizeof inpkt->seqno;
608 /* Encrypt the packet */
610 if(cipher_active(&n->outcipher)) {
611 outpkt = pkt[nextpkt++];
614 if(!cipher_encrypt(&n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
615 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
619 outpkt->len = outlen;
623 /* Add the message authentication code */
625 if(digest_active(&n->outdigest)) {
626 digest_create(&n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
627 inpkt->len += digest_length(&n->outdigest);
630 /* Send the packet */
632 const sockaddr_t *sa;
635 /* Overloaded use of priority field: -1 means local broadcast */
637 if(origpriority == -1 && n->prevedge)
638 choose_broadcast_address(n, &sa, &sock);
640 choose_udp_address(n, &sa, &sock);
642 #if defined(SOL_IP) && defined(IP_TOS)
643 if(priorityinheritance && origpriority != priority
644 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
645 priority = origpriority;
646 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
647 if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
648 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
652 if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
653 if(sockmsgsize(sockerrno)) {
654 if(n->maxmtu >= origlen)
655 n->maxmtu = origlen - 1;
656 if(n->mtu >= origlen)
657 n->mtu = origlen - 1;
659 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
663 origpkt->len = origlen;
666 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
669 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
671 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
672 char buf[len * 4 / 3 + 5];
673 b64encode(data, buf, len);
674 /* If no valid key is known yet, send the packets using ANS_KEY requests,
675 to ensure we get to learn the reflexive UDP address. */
676 if(!to->status.validkey)
677 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
679 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
682 /* Otherwise, send the packet via UDP */
684 const sockaddr_t *sa;
687 choose_udp_address(to, &sa, &sock);
689 if(sendto(listen_socket[sock].udp, data, len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
690 if(sockmsgsize(sockerrno)) {
691 if(to->maxmtu >= len)
692 to->maxmtu = len - 1;
696 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
704 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
705 node_t *from = handle;
707 if(type == SPTPS_HANDSHAKE) {
708 if(!from->status.validkey) {
709 from->status.validkey = true;
710 from->status.waitingforkey = false;
711 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
717 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
723 if(type == PKT_PROBE) {
725 memcpy(inpkt.data, data, len);
726 mtu_probe_h(from, &inpkt, len);
730 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
731 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
735 /* Check if we have the headers we need */
736 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
737 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
739 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
740 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
743 int offset = (type & PKT_MAC) ? 0 : 14;
744 if(type & PKT_COMPRESSED) {
745 len = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
749 inpkt.len = len + offset;
751 if(inpkt.len > MAXSIZE)
754 memcpy(inpkt.data + offset, data, len);
755 inpkt.len = len + offset;
758 /* Generate the Ethernet packet type if necessary */
760 switch(inpkt.data[14] >> 4) {
762 inpkt.data[12] = 0x08;
763 inpkt.data[13] = 0x00;
766 inpkt.data[12] = 0x86;
767 inpkt.data[13] = 0xDD;
770 logger(DEBUG_TRAFFIC, LOG_ERR,
771 "Unknown IP version %d while reading packet from %s (%s)",
772 inpkt.data[14] >> 4, from->name, from->hostname);
777 receive_packet(from, &inpkt);
782 send a packet to the given vpn ip.
784 void send_packet(node_t *n, vpn_packet_t *packet) {
789 memcpy(packet->data, mymac.x, ETH_ALEN);
791 n->out_bytes += packet->len;
792 devops.write(packet);
796 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
797 packet->len, n->name, n->hostname);
799 if(!n->status.reachable) {
800 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
801 n->name, n->hostname);
806 n->out_bytes += packet->len;
808 if(n->status.sptps) {
809 send_sptps_packet(n, packet);
813 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
816 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
817 n->name, via->name, n->via->hostname);
819 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
820 if(!send_tcppacket(via->connection, packet))
821 terminate_connection(via->connection, true);
823 send_udppacket(via, packet);
826 /* Broadcast a packet using the minimum spanning tree */
828 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
829 // Always give ourself a copy of the packet.
831 send_packet(myself, packet);
833 // In TunnelServer mode, do not forward broadcast packets.
834 // The MST might not be valid and create loops.
835 if(tunnelserver || broadcast_mode == BMODE_NONE)
838 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
839 packet->len, from->name, from->hostname);
841 switch(broadcast_mode) {
842 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
843 // This guarantees all nodes receive the broadcast packet, and
844 // usually distributes the sending of broadcast packets over all nodes.
846 for list_each(connection_t, c, connection_list)
847 if(c->status.active && c->status.mst && c != from->nexthop->connection)
848 send_packet(c->node, packet);
851 // In direct mode, we send copies to each node we know of.
852 // However, this only reaches nodes that can be reached in a single hop.
853 // We don't have enough information to forward broadcast packets in this case.
858 for splay_each(node_t, n, node_tree)
859 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
860 send_packet(n, packet);
868 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
871 static time_t last_hard_try = 0;
872 time_t now = time(NULL);
874 for splay_each(edge_t, e, edge_weight_tree) {
875 if(!e->to->status.reachable || e->to == myself)
878 if(sockaddrcmp_noport(from, &e->address)) {
879 if(last_hard_try == now)
884 if(!try_mac(e->to, pkt))
898 void handle_incoming_vpn_data(int sock, short events, void *data) {
901 sockaddr_t from = {{0}};
902 socklen_t fromlen = sizeof from;
906 len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
908 if(len <= 0 || len > MAXSIZE) {
909 if(!sockwouldblock(sockerrno))
910 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
916 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
918 n = lookup_node_udp(&from);
921 n = try_harder(&from, &pkt);
923 update_node_udp(n, &from);
924 else if(debug_level >= DEBUG_PROTOCOL) {
925 hostname = sockaddr2hostname(&from);
926 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
934 n->sock = (intptr_t)data;
936 receive_udppacket(n, &pkt);
939 void handle_device_data(int sock, short events, void *data) {
944 if(devops.read(&packet)) {
945 myself->in_packets++;
946 myself->in_bytes += packet.len;
947 route(myself, &packet);