2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
33 #include "address_cache.h"
36 #include "connection.h"
53 #define MAX(a, b) ((a) > (b) ? (a) : (b))
56 /* The minimum size of a probe is 14 bytes, but since we normally use CBC mode
57 encryption, we can add a few extra random bytes without increasing the
58 resulting packet size. */
59 #define MIN_PROBE_SIZE 18
63 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
66 static void send_udppacket(node_t *, vpn_packet_t *);
68 unsigned replaywin = 32;
69 bool localdiscovery = true;
70 bool udp_discovery = true;
71 int udp_discovery_keepalive_interval = 10;
72 int udp_discovery_interval = 2;
73 int udp_discovery_timeout = 30;
75 #define MAX_SEQNO 1073741824
77 static void try_fix_mtu(node_t *n) {
78 if(n->mtuprobes < 0) {
82 if(n->mtuprobes == 20 || n->minmtu >= n->maxmtu) {
83 if(n->minmtu > n->maxmtu) {
84 n->minmtu = n->maxmtu;
86 n->maxmtu = n->minmtu;
90 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
95 static void udp_probe_timeout_handler(void *data) {
98 if(!n->status.udp_confirmed) {
102 logger(DEBUG_TRAFFIC, LOG_INFO, "Too much time has elapsed since last UDP ping response from %s (%s), stopping UDP communication", n->name, n->hostname);
103 n->status.udp_confirmed = false;
110 static void send_udp_probe_reply(node_t *n, vpn_packet_t *packet, length_t len) {
111 if(!n->status.sptps && !n->status.validkey) {
112 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP probe reply to %s (%s) but we don't have his key yet", n->name, n->hostname);
116 /* Type 2 probe replies were introduced in protocol 17.3 */
117 if((n->options >> 24) >= 3) {
119 uint16_t len16 = htons(len);
120 memcpy(DATA(packet) + 1, &len16, 2);
121 packet->len = MIN_PROBE_SIZE;
122 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 2 probe reply length %u to %s (%s)", len, n->name, n->hostname);
125 /* Legacy protocol: n won't understand type 2 probe replies. */
127 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending type 1 probe reply length %u to %s (%s)", len, n->name, n->hostname);
130 /* Temporarily set udp_confirmed, so that the reply is sent
131 back exactly the way it came in. */
133 bool udp_confirmed = n->status.udp_confirmed;
134 n->status.udp_confirmed = true;
135 send_udppacket(n, packet);
136 n->status.udp_confirmed = udp_confirmed;
139 static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
140 if(!DATA(packet)[0]) {
141 logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
142 return send_udp_probe_reply(n, packet, len);
145 if(DATA(packet)[0] == 2) {
146 // It's a type 2 probe reply, use the length field inside the packet
148 memcpy(&len16, DATA(packet) + 1, 2);
152 logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s)", DATA(packet)[0], len, n->name, n->hostname);
154 /* It's a valid reply: now we know bidirectional communication
155 is possible using the address and socket that the reply
157 if(!n->status.udp_confirmed) {
158 n->status.udp_confirmed = true;
159 fprintf(stderr, "Updating address cache...\n");
160 if (!n->address_cache)
161 n->address_cache = open_address_cache(n);
162 reset_address_cache(n->address_cache, &n->address);
165 // Reset the UDP ping timer.
166 n->udp_ping_sent = now;
169 timeout_del(&n->udp_ping_timeout);
170 timeout_add(&n->udp_ping_timeout, &udp_probe_timeout_handler, n, &(struct timeval) {
171 udp_discovery_timeout, 0
175 if(len > n->maxmtu) {
176 logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
179 /* Set mtuprobes to 1 so that try_mtu() doesn't reset maxmtu */
182 } else if(n->mtuprobes < 0 && len == n->maxmtu) {
183 /* We got a maxmtu sized packet, confirming the PMTU is still valid. */
185 n->mtu_ping_sent = now;
188 /* If applicable, raise the minimum supported MTU */
190 if(n->minmtu < len) {
196 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
198 memcpy(dest, source, len);
200 } else if(level == 10) {
202 lzo_uint lzolen = MAXSIZE;
203 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
208 } else if(level < 10) {
210 unsigned long destlen = MAXSIZE;
212 if(compress2(dest, &destlen, source, len, level) == Z_OK) {
219 lzo_uint lzolen = MAXSIZE;
220 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
230 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
232 memcpy(dest, source, len);
234 } else if(level > 9) {
236 lzo_uint lzolen = MAXSIZE;
238 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) {
247 unsigned long destlen = MAXSIZE;
249 if(uncompress(dest, &destlen, source, len) == Z_OK) {
263 static void receive_packet(node_t *n, vpn_packet_t *packet) {
264 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
265 packet->len, n->name, n->hostname);
268 n->in_bytes += packet->len;
273 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
274 if(n->status.sptps) {
275 return sptps_verify_datagram(&n->sptps, DATA(inpkt), inpkt->len);
278 #ifdef DISABLE_LEGACY
282 if(!n->status.validkey_in || !digest_active(n->indigest) || inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
286 return digest_verify(n->indigest, inpkt->data, inpkt->len - digest_length(n->indigest), inpkt->data + inpkt->len - digest_length(n->indigest));
290 static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
291 vpn_packet_t pkt1, pkt2;
292 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
295 pkt1.offset = DEFAULT_PACKET_OFFSET;
296 pkt2.offset = DEFAULT_PACKET_OFFSET;
298 if(n->status.sptps) {
299 if(!n->sptps.state) {
300 if(!n->status.waitingforkey) {
301 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
304 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
310 n->status.udppacket = true;
311 bool result = sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len);
312 n->status.udppacket = false;
315 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
316 so let's restart SPTPS in case that helps. But don't do that too often
317 to prevent storms, and because that would make life a little too easy
318 for external attackers trying to DoS us. */
319 if(n->last_req_key < now.tv_sec - 10) {
320 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", n->name, n->hostname);
330 #ifdef DISABLE_LEGACY
334 if(!n->status.validkey_in) {
335 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
339 /* Check packet length */
341 if(inpkt->len < sizeof(seqno_t) + digest_length(n->indigest)) {
342 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
343 n->name, n->hostname);
347 /* It's a legacy UDP packet, the data starts after the seqno */
349 inpkt->offset += sizeof(seqno_t);
351 /* Check the message authentication code */
353 if(digest_active(n->indigest)) {
354 inpkt->len -= digest_length(n->indigest);
356 if(!digest_verify(n->indigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
357 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
362 /* Decrypt the packet */
364 if(cipher_active(n->incipher)) {
365 vpn_packet_t *outpkt = pkt[nextpkt++];
368 if(!cipher_decrypt(n->incipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
369 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
373 outpkt->len = outlen;
377 /* Check the sequence number */
380 memcpy(&seqno, SEQNO(inpkt), sizeof(seqno));
381 seqno = ntohl(seqno);
382 inpkt->len -= sizeof(seqno);
385 if(seqno != n->received_seqno + 1) {
386 if(seqno >= n->received_seqno + replaywin * 8) {
387 if(n->farfuture++ < replaywin >> 2) {
388 logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
389 n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture);
393 logger(DEBUG_TRAFFIC, LOG_WARNING, "Lost %d packets from %s (%s)",
394 seqno - n->received_seqno - 1, n->name, n->hostname);
395 memset(n->late, 0, replaywin);
396 } else if(seqno <= n->received_seqno) {
397 if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) {
398 logger(DEBUG_TRAFFIC, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
399 n->name, n->hostname, seqno, n->received_seqno);
403 for(int i = n->received_seqno + 1; i < seqno; i++) {
404 n->late[(i / 8) % replaywin] |= 1 << i % 8;
410 n->late[(seqno / 8) % replaywin] &= ~(1 << seqno % 8);
413 if(seqno > n->received_seqno) {
414 n->received_seqno = seqno;
419 if(n->received_seqno > MAX_SEQNO) {
423 /* Decompress the packet */
425 length_t origlen = inpkt->len;
427 if(n->incompression) {
428 vpn_packet_t *outpkt = pkt[nextpkt++];
430 if((outpkt->len = uncompress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->incompression)) < 0) {
431 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
432 n->name, n->hostname);
438 origlen -= MTU / 64 + 20;
441 if(inpkt->len > n->maxrecentlen) {
442 n->maxrecentlen = inpkt->len;
447 if(!DATA(inpkt)[12] && !DATA(inpkt)[13]) {
448 udp_probe_h(n, inpkt, origlen);
450 receive_packet(n, inpkt);
457 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
459 outpkt.offset = DEFAULT_PACKET_OFFSET;
461 if(len > sizeof(outpkt.data) - outpkt.offset) {
467 if(c->options & OPTION_TCPONLY) {
470 outpkt.priority = -1;
473 memcpy(DATA(&outpkt), buffer, len);
475 receive_packet(c->node, &outpkt);
478 bool receive_tcppacket_sptps(connection_t *c, const char *data, int len) {
479 if(len < sizeof(node_id_t) + sizeof(node_id_t)) {
480 logger(DEBUG_PROTOCOL, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname);
484 node_t *to = lookup_node_id((node_id_t *)data);
485 data += sizeof(node_id_t);
486 len -= sizeof(node_id_t);
489 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown destination ID", c->name, c->hostname);
493 node_t *from = lookup_node_id((node_id_t *)data);
494 data += sizeof(node_id_t);
495 len -= sizeof(node_id_t);
498 logger(DEBUG_PROTOCOL, LOG_ERR, "Got TCP SPTPS packet from %s (%s) with unknown source ID", c->name, c->hostname);
502 if(!to->status.reachable) {
503 /* This can happen in the form of a race condition
504 if the node just became unreachable. */
505 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay TCP packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
509 /* Help the sender reach us over UDP.
510 Note that we only do this if we're the destination or the static relay;
511 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
512 if(to->via == myself) {
513 send_udp_info(myself, from);
516 /* If we're not the final recipient, relay the packet. */
519 send_sptps_data(to, from, 0, data, len);
524 /* The packet is for us */
526 if(!sptps_receive_data(&from->sptps, data, len)) {
527 /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
528 so let's restart SPTPS in case that helps. But don't do that too often
529 to prevent storms. */
530 if(from->last_req_key < now.tv_sec - 10) {
531 logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
538 send_mtu_info(myself, from, MTU);
542 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
543 if(!n->status.validkey && !n->connection) {
550 if((!(DATA(origpkt)[12] | DATA(origpkt)[13])) && (n->sptps.outstate)) {
551 sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len);
555 if(routing_mode == RMODE_ROUTER) {
561 if(origpkt->len < offset) {
567 if(n->outcompression) {
569 int len = compress_packet(DATA(&outpkt) + offset, DATA(origpkt) + offset, origpkt->len - offset, n->outcompression);
572 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
573 } else if(len < origpkt->len - offset) {
574 outpkt.len = len + offset;
576 type |= PKT_COMPRESSED;
580 /* If we have a direct metaconnection to n, and we can't use UDP, then
581 don't bother with SPTPS and just use a "plaintext" PACKET message.
582 We don't really care about end-to-end security since we're not
583 sending the message through any intermediate nodes. */
584 if(n->connection && origpkt->len > n->minmtu) {
585 send_tcppacket(n->connection, origpkt);
587 sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset);
593 static void adapt_socket(const sockaddr_t *sa, int *sock) {
594 /* Make sure we have a suitable socket for the chosen address */
595 if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) {
596 for(int i = 0; i < listen_sockets; i++) {
597 if(listen_socket[i].sa.sa.sa_family == sa->sa.sa_family) {
605 static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) {
610 /* If the UDP address is confirmed, use it. */
611 if(n->status.udp_confirmed) {
615 /* Send every third packet to n->address; that could be set
616 to the node's reflexive UDP address discovered during key
626 /* Otherwise, address are found in edges to this node.
627 So we pick a random edge and a random socket. */
630 int j = rand() % n->edge_tree->count;
631 edge_t *candidate = NULL;
633 for splay_each(edge_t, e, n->edge_tree) {
635 candidate = e->reverse;
641 *sa = &candidate->address;
642 *sock = rand() % listen_sockets;
645 adapt_socket(*sa, sock);
648 static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) {
651 /* Pick one of the edges from this node at random, then use its local address. */
654 int j = rand() % n->edge_tree->count;
655 edge_t *candidate = NULL;
657 for splay_each(edge_t, e, n->edge_tree) {
664 if(candidate && candidate->local_address.sa.sa_family) {
665 *sa = &candidate->local_address;
666 *sock = rand() % listen_sockets;
667 adapt_socket(*sa, sock);
671 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
672 vpn_packet_t pkt1, pkt2;
673 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
674 vpn_packet_t *inpkt = origpkt;
676 vpn_packet_t *outpkt;
677 int origlen = origpkt->len;
679 int origpriority = origpkt->priority;
681 pkt1.offset = DEFAULT_PACKET_OFFSET;
682 pkt2.offset = DEFAULT_PACKET_OFFSET;
684 if(!n->status.reachable) {
685 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
689 if(n->status.sptps) {
690 return send_sptps_packet(n, origpkt);
693 #ifdef DISABLE_LEGACY
696 /* Make sure we have a valid key */
698 if(!n->status.validkey) {
699 logger(DEBUG_TRAFFIC, LOG_INFO,
700 "No valid key known yet for %s (%s), forwarding via TCP",
701 n->name, n->hostname);
702 send_tcppacket(n->nexthop->connection, origpkt);
706 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (DATA(inpkt)[12] | DATA(inpkt)[13])) {
707 logger(DEBUG_TRAFFIC, LOG_INFO,
708 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
709 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
711 if(n != n->nexthop) {
712 send_packet(n->nexthop, origpkt);
714 send_tcppacket(n->nexthop->connection, origpkt);
720 /* Compress the packet */
722 if(n->outcompression) {
723 outpkt = pkt[nextpkt++];
725 if((outpkt->len = compress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->outcompression)) < 0) {
726 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
727 n->name, n->hostname);
734 /* Add sequence number */
736 seqno_t seqno = htonl(++(n->sent_seqno));
737 memcpy(SEQNO(inpkt), &seqno, sizeof(seqno));
738 inpkt->len += sizeof(seqno);
740 /* Encrypt the packet */
742 if(cipher_active(n->outcipher)) {
743 outpkt = pkt[nextpkt++];
746 if(!cipher_encrypt(n->outcipher, SEQNO(inpkt), inpkt->len, SEQNO(outpkt), &outlen, true)) {
747 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
751 outpkt->len = outlen;
755 /* Add the message authentication code */
757 if(digest_active(n->outdigest)) {
758 if(!digest_create(n->outdigest, SEQNO(inpkt), inpkt->len, SEQNO(inpkt) + inpkt->len)) {
759 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
763 inpkt->len += digest_length(n->outdigest);
766 /* Send the packet */
768 const sockaddr_t *sa = NULL;
771 if(n->status.send_locally) {
772 choose_local_address(n, &sa, &sock);
776 choose_udp_address(n, &sa, &sock);
779 if(priorityinheritance && origpriority != listen_socket[sock].priority) {
780 listen_socket[sock].priority = origpriority;
782 switch(sa->sa.sa_family) {
786 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", origpriority);
788 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IP, IP_TOS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
789 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
794 #if defined(IPV6_TCLASS)
797 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", origpriority);
799 if(setsockopt(listen_socket[sock].udp.fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&origpriority, sizeof(origpriority))) { /* SO_PRIORITY doesn't seem to work */
800 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", sockstrerror(sockerrno));
811 if(sendto(listen_socket[sock].udp.fd, (void *)SEQNO(inpkt), inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
812 if(sockmsgsize(sockerrno)) {
813 if(n->maxmtu >= origlen) {
814 n->maxmtu = origlen - 1;
817 if(n->mtu >= origlen) {
818 n->mtu = origlen - 1;
823 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
828 origpkt->len = origlen;
832 bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_t len) {
833 node_t *relay = (to->via != myself && (type == PKT_PROBE || (len - SPTPS_DATAGRAM_OVERHEAD) <= to->via->minmtu)) ? to->via : to->nexthop;
834 bool direct = from == myself && to == relay;
835 bool relay_supported = (relay->options >> 24) >= 4;
836 bool tcponly = (myself->options | relay->options) & OPTION_TCPONLY;
838 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU. */
840 if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
841 if(type != SPTPS_HANDSHAKE && (to->nexthop->connection->options >> 24) >= 7) {
842 char buf[len + sizeof(to->id) + sizeof(from->id)];
844 memcpy(buf_ptr, &to->id, sizeof(to->id));
845 buf_ptr += sizeof(to->id);
846 memcpy(buf_ptr, &from->id, sizeof(from->id));
847 buf_ptr += sizeof(from->id);
848 memcpy(buf_ptr, data, len);
849 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (TCP)", from->name, from->hostname, to->name, to->hostname, to->nexthop->name, to->nexthop->hostname);
850 return send_sptps_tcppacket(to->nexthop->connection, buf, sizeof(buf));
853 char buf[len * 4 / 3 + 5];
854 b64encode(data, buf, len);
856 /* If this is a handshake packet, use ANS_KEY instead of REQ_KEY, for two reasons:
857 - We don't want intermediate nodes to switch to UDP to relay these packets;
858 - ANS_KEY allows us to learn the reflexive UDP address. */
859 if(type == SPTPS_HANDSHAKE) {
860 to->incompression = myself->incompression;
861 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
863 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, from->name, to->name, SPTPS_PACKET, buf);
869 if(relay_supported) {
870 overhead += sizeof(to->id) + sizeof(from->id);
873 char buf[len + overhead];
876 if(relay_supported) {
878 /* Inform the recipient that this packet was sent directly. */
879 node_id_t nullid = {};
880 memcpy(buf_ptr, &nullid, sizeof(nullid));
881 buf_ptr += sizeof(nullid);
883 memcpy(buf_ptr, &to->id, sizeof(to->id));
884 buf_ptr += sizeof(to->id);
887 memcpy(buf_ptr, &from->id, sizeof(from->id));
888 buf_ptr += sizeof(from->id);
892 /* TODO: if this copy turns out to be a performance concern, change sptps_send_record() to add some "pre-padding" to the buffer and use that instead */
893 memcpy(buf_ptr, data, len);
896 const sockaddr_t *sa = NULL;
899 if(relay->status.send_locally) {
900 choose_local_address(relay, &sa, &sock);
904 choose_udp_address(relay, &sa, &sock);
907 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (UDP)", from->name, from->hostname, to->name, to->hostname, relay->name, relay->hostname);
909 if(sendto(listen_socket[sock].udp.fd, buf, buf_ptr - buf, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
910 if(sockmsgsize(sockerrno)) {
911 // Compensate for SPTPS overhead
912 len -= SPTPS_DATAGRAM_OVERHEAD;
914 if(relay->maxmtu >= len) {
915 relay->maxmtu = len - 1;
918 if(relay->mtu >= len) {
919 relay->mtu = len - 1;
924 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", relay->name, relay->hostname, sockstrerror(sockerrno));
932 bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len) {
933 node_t *from = handle;
935 if(type == SPTPS_HANDSHAKE) {
936 if(!from->status.validkey) {
937 from->status.validkey = true;
938 from->status.waitingforkey = false;
939 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) successful", from->name, from->hostname);
946 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
951 inpkt.offset = DEFAULT_PACKET_OFFSET;
954 if(type == PKT_PROBE) {
955 if(!from->status.udppacket) {
956 logger(DEBUG_ALWAYS, LOG_ERR, "Got SPTPS PROBE packet from %s (%s) via TCP", from->name, from->hostname);
961 memcpy(DATA(&inpkt), data, len);
963 if(inpkt.len > from->maxrecentlen) {
964 from->maxrecentlen = inpkt.len;
967 udp_probe_h(from, &inpkt, len);
971 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
972 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
976 /* Check if we have the headers we need */
977 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
978 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
980 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
981 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
984 int offset = (type & PKT_MAC) ? 0 : 14;
986 if(type & PKT_COMPRESSED) {
987 length_t ulen = uncompress_packet(DATA(&inpkt) + offset, (const uint8_t *)data, len, from->incompression);
992 inpkt.len = ulen + offset;
995 if(inpkt.len > MAXSIZE) {
999 memcpy(DATA(&inpkt) + offset, data, len);
1000 inpkt.len = len + offset;
1003 /* Generate the Ethernet packet type if necessary */
1005 switch(DATA(&inpkt)[14] >> 4) {
1007 DATA(&inpkt)[12] = 0x08;
1008 DATA(&inpkt)[13] = 0x00;
1012 DATA(&inpkt)[12] = 0x86;
1013 DATA(&inpkt)[13] = 0xDD;
1017 logger(DEBUG_TRAFFIC, LOG_ERR,
1018 "Unknown IP version %d while reading packet from %s (%s)",
1019 DATA(&inpkt)[14] >> 4, from->name, from->hostname);
1024 if(from->status.udppacket && inpkt.len > from->maxrecentlen) {
1025 from->maxrecentlen = inpkt.len;
1028 receive_packet(from, &inpkt);
1032 // This function tries to get SPTPS keys, if they aren't already known.
1033 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if the keys are available.
1034 static void try_sptps(node_t *n) {
1035 if(n->status.validkey) {
1039 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
1041 if(!n->status.waitingforkey) {
1043 } else if(n->last_req_key + 10 < now.tv_sec) {
1044 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
1045 sptps_stop(&n->sptps);
1046 n->status.waitingforkey = false;
1053 static void send_udp_probe_packet(node_t *n, int len) {
1054 vpn_packet_t packet;
1055 packet.offset = DEFAULT_PACKET_OFFSET;
1056 memset(DATA(&packet), 0, 14);
1057 randomize(DATA(&packet) + 14, len - 14);
1059 packet.priority = 0;
1061 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending UDP probe length %d to %s (%s)", len, n->name, n->hostname);
1063 send_udppacket(n, &packet);
1066 // This function tries to establish a UDP tunnel to a node so that packets can be sent.
1067 // If a tunnel is already established, it makes sure it stays up.
1068 // This function makes no guarantees - it is up to the caller to check the node's state to figure out if UDP is usable.
1069 static void try_udp(node_t *n) {
1070 if(!udp_discovery) {
1074 /* Send gratuitous probe replies to 1.1 nodes. */
1076 if((n->options >> 24) >= 3 && n->status.udp_confirmed) {
1077 struct timeval ping_tx_elapsed;
1078 timersub(&now, &n->udp_reply_sent, &ping_tx_elapsed);
1080 if(ping_tx_elapsed.tv_sec >= udp_discovery_keepalive_interval - 1) {
1081 n->udp_reply_sent = now;
1083 if(n->maxrecentlen) {
1085 pkt.len = n->maxrecentlen;
1086 pkt.offset = DEFAULT_PACKET_OFFSET;
1087 memset(DATA(&pkt), 0, 14);
1088 randomize(DATA(&pkt) + 14, MIN_PROBE_SIZE - 14);
1089 send_udp_probe_reply(n, &pkt, pkt.len);
1090 n->maxrecentlen = 0;
1097 struct timeval ping_tx_elapsed;
1098 timersub(&now, &n->udp_ping_sent, &ping_tx_elapsed);
1100 int interval = n->status.udp_confirmed ? udp_discovery_keepalive_interval : udp_discovery_interval;
1102 if(ping_tx_elapsed.tv_sec >= interval) {
1103 send_udp_probe_packet(n, MIN_PROBE_SIZE);
1104 n->udp_ping_sent = now;
1106 if(localdiscovery && !n->status.udp_confirmed && n->prevedge) {
1107 n->status.send_locally = true;
1108 send_udp_probe_packet(n, MIN_PROBE_SIZE);
1109 n->status.send_locally = false;
1114 static length_t choose_initial_maxmtu(node_t *n) {
1119 const sockaddr_t *sa = NULL;
1121 choose_udp_address(n, &sa, &sockindex);
1127 sock = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
1130 logger(DEBUG_TRAFFIC, LOG_ERR, "Creating MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1134 if(connect(sock, &sa->sa, SALEN(sa->sa))) {
1135 logger(DEBUG_TRAFFIC, LOG_ERR, "Connecting MTU assessment socket for %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1141 socklen_t ip_mtu_len = sizeof(ip_mtu);
1143 if(getsockopt(sock, IPPROTO_IP, IP_MTU, &ip_mtu, &ip_mtu_len)) {
1144 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) failed: %s", n->name, n->hostname, sockstrerror(sockerrno));
1151 /* getsockopt(IP_MTU) returns the MTU of the physical interface.
1152 We need to remove various overheads to get to the tinc MTU. */
1153 length_t mtu = ip_mtu;
1154 mtu -= (sa->sa.sa_family == AF_INET6) ? sizeof(struct ip6_hdr) : sizeof(struct ip);
1157 if(n->status.sptps) {
1158 mtu -= SPTPS_DATAGRAM_OVERHEAD;
1160 if((n->options >> 24) >= 4) {
1161 mtu -= sizeof(node_id_t) + sizeof(node_id_t);
1164 #ifndef DISABLE_LEGACY
1166 mtu -= digest_length(n->outdigest);
1168 /* Now it's tricky. We use CBC mode, so the length of the
1169 encrypted payload must be a multiple of the blocksize. The
1170 sequence number is also part of the encrypted payload, so we
1171 must account for it after correcting for the blocksize.
1172 Furthermore, the padding in the last block must be at least
1175 length_t blocksize = cipher_blocksize(n->outcipher);
1188 logger(DEBUG_TRAFFIC, LOG_ERR, "getsockopt(IP_MTU) on %s (%s) returned absurdly small value: %d", n->name, n->hostname, ip_mtu);
1196 logger(DEBUG_TRAFFIC, LOG_INFO, "Using system-provided maximum tinc MTU for %s (%s): %hd", n->name, n->hostname, mtu);
1206 /* This function tries to determines the MTU of a node.
1207 By calling this function repeatedly, n->minmtu will be progressively
1208 increased, and at some point, n->mtu will be fixed to n->minmtu. If the MTU
1209 is already fixed, this function checks if it can be increased.
1212 static void try_mtu(node_t *n) {
1213 if(!(n->options & OPTION_PMTU_DISCOVERY)) {
1217 if(udp_discovery && !n->status.udp_confirmed) {
1218 n->maxrecentlen = 0;
1225 /* mtuprobes == 0..19: initial discovery, send bursts with 1 second interval, mtuprobes++
1226 mtuprobes == 20: fix MTU, and go to -1
1227 mtuprobes == -1: send one maxmtu and one maxmtu+1 probe every pinginterval
1228 mtuprobes ==-2..-3: send one maxmtu probe every second
1229 mtuprobes == -4: maxmtu no longer valid, reset minmtu and maxmtu and go to 0 */
1231 struct timeval elapsed;
1232 timersub(&now, &n->mtu_ping_sent, &elapsed);
1234 if(n->mtuprobes >= 0) {
1235 if(n->mtuprobes != 0 && elapsed.tv_sec == 0 && elapsed.tv_usec < 333333) {
1239 if(n->mtuprobes < -1) {
1240 if(elapsed.tv_sec < 1) {
1244 if(elapsed.tv_sec < pinginterval) {
1250 n->mtu_ping_sent = now;
1254 if(n->mtuprobes < -3) {
1255 /* We lost three MTU probes, restart discovery */
1256 logger(DEBUG_TRAFFIC, LOG_INFO, "Decrease in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
1261 if(n->mtuprobes < 0) {
1262 /* After the initial discovery, we only send one maxmtu and one
1263 maxmtu+1 probe to detect PMTU increases. */
1264 send_udp_probe_packet(n, n->maxmtu);
1266 if(n->mtuprobes == -1 && n->maxmtu + 1 < MTU) {
1267 send_udp_probe_packet(n, n->maxmtu + 1);
1272 /* Before initial discovery begins, set maxmtu to the most likely value.
1273 If it's underestimated, we will correct it after initial discovery. */
1274 if(n->mtuprobes == 0) {
1275 n->maxmtu = choose_initial_maxmtu(n);
1279 /* Decreasing the number of probes per cycle might make the algorithm react faster to lost packets,
1280 but it will typically increase convergence time in the no-loss case. */
1281 const length_t probes_per_cycle = 8;
1283 /* This magic value was determined using math simulations.
1284 It will result in a 1329-byte first probe, followed (if there was a reply) by a 1407-byte probe.
1285 Since 1407 is just below the range of tinc MTUs over typical networks,
1286 this fine-tuning allows tinc to cover a lot of ground very quickly.
1287 This fine-tuning is only valid for maxmtu = MTU; if maxmtu is smaller,
1288 then it's better to use a multiplier of 1. Indeed, this leads to an interesting scenario
1289 if choose_initial_maxmtu() returns the actual MTU value - it will get confirmed with one single probe. */
1290 const float multiplier = (n->maxmtu == MTU) ? 0.97 : 1;
1292 const float cycle_position = probes_per_cycle - (n->mtuprobes % probes_per_cycle) - 1;
1293 const length_t minmtu = MAX(n->minmtu, 512);
1294 const float interval = n->maxmtu - minmtu;
1296 /* The core of the discovery algorithm is this exponential.
1297 It produces very large probes early in the cycle, and then it very quickly decreases the probe size.
1298 This reflects the fact that in the most difficult cases, we don't get any feedback for probes that
1299 are too large, and therefore we need to concentrate on small offsets so that we can quickly converge
1300 on the precise MTU as we are approaching it.
1301 The last probe of the cycle is always 1 byte in size - this is to make sure we'll get at least one
1302 reply per cycle so that we can make progress. */
1303 const length_t offset = powf(interval, multiplier * cycle_position / (probes_per_cycle - 1));
1305 length_t maxmtu = n->maxmtu;
1306 send_udp_probe_packet(n, minmtu + offset);
1308 /* If maxmtu changed, it means the probe was rejected by the system because it was too large.
1309 In that case, we recalculate with the new maxmtu and try again. */
1310 if(n->mtuprobes < 0 || maxmtu == n->maxmtu) {
1315 if(n->mtuprobes >= 0) {
1321 /* These functions try to establish a tunnel to a node (or its relay) so that
1322 packets can be sent (e.g. exchange keys).
1323 If a tunnel is already established, it tries to improve it (e.g. by trying
1324 to establish a UDP tunnel instead of TCP). This function makes no
1325 guarantees - it is up to the caller to check the node's state to figure out
1326 if TCP and/or UDP is usable. By calling this function repeatedly, the
1327 tunnel is gradually improved until we hit the wall imposed by the underlying
1328 network environment. It is recommended to call this function every time a
1329 packet is sent (or intended to be sent) to a node, so that the tunnel keeps
1330 improving as packets flow, and then gracefully downgrades itself as it goes
1334 static void try_tx_sptps(node_t *n, bool mtu) {
1335 /* If n is a TCP-only neighbor, we'll only use "cleartext" PACKET
1336 messages anyway, so there's no need for SPTPS at all. */
1338 if(n->connection && ((myself->options | n->options) & OPTION_TCPONLY)) {
1342 /* Otherwise, try to do SPTPS authentication with n if necessary. */
1346 /* Do we need to statically relay packets? */
1348 node_t *via = (n->via == myself) ? n->nexthop : n->via;
1350 /* If we do have a static relay, try everything with that one instead, if it supports relaying. */
1353 if((via->options >> 24) < 4) {
1357 return try_tx(via, mtu);
1360 /* Otherwise, try to establish UDP connectivity. */
1368 /* If we don't have UDP connectivity (yet), we need to use a dynamic relay (nexthop)
1369 while we try to establish direct connectivity. */
1371 if(!n->status.udp_confirmed && n != n->nexthop && (n->nexthop->options >> 24) >= 4) {
1372 try_tx(n->nexthop, mtu);
1376 static void try_tx_legacy(node_t *n, bool mtu) {
1377 /* Does he have our key? If not, send one. */
1379 if(!n->status.validkey_in) {
1383 /* Check if we already have a key, or request one. */
1385 if(!n->status.validkey) {
1386 if(n->last_req_key + 10 <= now.tv_sec) {
1388 n->last_req_key = now.tv_sec;
1401 void try_tx(node_t *n, bool mtu) {
1402 if(!n->status.reachable) {
1406 if(n->status.sptps) {
1407 try_tx_sptps(n, mtu);
1409 try_tx_legacy(n, mtu);
1413 void send_packet(node_t *n, vpn_packet_t *packet) {
1414 // If it's for myself, write it to the tun/tap device.
1418 memcpy(DATA(packet), mymac.x, ETH_ALEN);
1419 // Use an arbitrary fake source address.
1420 memcpy(DATA(packet) + ETH_ALEN, DATA(packet), ETH_ALEN);
1421 DATA(packet)[ETH_ALEN * 2 - 1] ^= 0xFF;
1425 n->out_bytes += packet->len;
1426 devops.write(packet);
1430 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)", packet->len, n->name, n->hostname);
1432 // If the node is not reachable, drop it.
1434 if(!n->status.reachable) {
1435 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable", n->name, n->hostname);
1439 // Keep track of packet statistics.
1442 n->out_bytes += packet->len;
1444 // Check if it should be sent as an SPTPS packet.
1446 if(n->status.sptps) {
1447 send_sptps_packet(n, packet);
1452 // Determine which node to actually send it to.
1454 node_t *via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
1457 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)", n->name, via->name, n->via->hostname);
1460 // Try to send via UDP, unless TCP is forced.
1462 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
1463 if(!send_tcppacket(via->connection, packet)) {
1464 terminate_connection(via->connection, true);
1470 send_udppacket(via, packet);
1474 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
1475 // Always give ourself a copy of the packet.
1476 if(from != myself) {
1477 send_packet(myself, packet);
1480 // In TunnelServer mode, do not forward broadcast packets.
1481 // The MST might not be valid and create loops.
1482 if(tunnelserver || broadcast_mode == BMODE_NONE) {
1486 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
1487 packet->len, from->name, from->hostname);
1489 switch(broadcast_mode) {
1490 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
1491 // This guarantees all nodes receive the broadcast packet, and
1492 // usually distributes the sending of broadcast packets over all nodes.
1494 for list_each(connection_t, c, connection_list)
1495 if(c->edge && c->status.mst && c != from->nexthop->connection) {
1496 send_packet(c->node, packet);
1501 // In direct mode, we send copies to each node we know of.
1502 // However, this only reaches nodes that can be reached in a single hop.
1503 // We don't have enough information to forward broadcast packets in this case.
1505 if(from != myself) {
1509 for splay_each(node_t, n, node_tree)
1510 if(n->status.reachable && n != myself && ((n->via == myself && n->nexthop == n) || n->via == n)) {
1511 send_packet(n, packet);
1521 /* We got a packet from some IP address, but we don't know who sent it. Try to
1522 verify the message authentication code against all active session keys.
1523 Since this is actually an expensive operation, we only do a full check once
1524 a minute, the rest of the time we only check against nodes for which we know
1525 an IP address that matches the one from the packet. */
1527 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
1528 node_t *match = NULL;
1530 static time_t last_hard_try = 0;
1532 for splay_each(node_t, n, node_tree) {
1533 if(!n->status.reachable || n == myself) {
1537 if(!n->status.validkey_in && !(n->status.sptps && n->sptps.instate)) {
1543 for splay_each(edge_t, e, n->edge_tree) {
1548 if(!sockaddrcmp_noport(from, &e->reverse->address)) {
1555 if(last_hard_try == now.tv_sec) {
1562 if(!try_mac(n, pkt)) {
1571 last_hard_try = now.tv_sec;
1577 static void handle_incoming_vpn_packet(listen_socket_t *ls, vpn_packet_t *pkt, sockaddr_t *addr) {
1579 node_id_t nullid = {};
1581 bool direct = false;
1583 sockaddrunmap(addr); /* Some braindead IPv6 implementations do stupid things. */
1585 // Try to figure out who sent this packet.
1587 node_t *n = lookup_node_udp(addr);
1589 if(n && !n->status.udp_confirmed) {
1590 n = NULL; // Don't believe it if we don't have confirmation yet.
1594 // It might be from a 1.1 node, which might have a source ID in the packet.
1595 pkt->offset = 2 * sizeof(node_id_t);
1596 from = lookup_node_id(SRCID(pkt));
1598 if(from && !memcmp(DSTID(pkt), &nullid, sizeof(nullid)) && from->status.sptps) {
1599 if(sptps_verify_datagram(&from->sptps, DATA(pkt), pkt->len - 2 * sizeof(node_id_t))) {
1609 n = try_harder(addr, pkt);
1615 if(debug_level >= DEBUG_PROTOCOL) {
1616 hostname = sockaddr2hostname(addr);
1617 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
1626 if(n->status.sptps) {
1627 bool relay_enabled = (n->options >> 24) >= 4;
1630 pkt->offset = 2 * sizeof(node_id_t);
1631 pkt->len -= pkt->offset;
1634 if(!memcmp(DSTID(pkt), &nullid, sizeof(nullid)) || !relay_enabled) {
1639 from = lookup_node_id(SRCID(pkt));
1640 to = lookup_node_id(DSTID(pkt));
1644 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from %s (%s) with unknown source and/or destination ID", n->name, n->hostname);
1648 if(!to->status.reachable) {
1649 /* This can happen in the form of a race condition
1650 if the node just became unreachable. */
1651 logger(DEBUG_TRAFFIC, LOG_WARNING, "Cannot relay packet from %s (%s) because the destination, %s (%s), is unreachable", from->name, from->hostname, to->name, to->hostname);
1655 /* The packet is supposed to come from the originator or its static relay
1656 (i.e. with no dynamic relays in between).
1657 If it did not, "help" the static relay by sending it UDP info.
1658 Note that we only do this if we're the destination or the static relay;
1659 otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
1661 if(n != from->via && to->via == myself) {
1662 send_udp_info(myself, from);
1665 /* If we're not the final recipient, relay the packet. */
1668 send_sptps_data(to, from, 0, DATA(pkt), pkt->len);
1677 if(!receive_udppacket(from, pkt)) {
1681 n->sock = ls - listen_socket;
1683 if(direct && sockaddrcmp(addr, &n->address)) {
1684 update_node_udp(n, addr);
1687 /* If the packet went through a relay, help the sender find the appropriate MTU
1688 through the relay path. */
1691 send_mtu_info(myself, n, MTU);
1695 void handle_incoming_vpn_data(void *data, int flags) {
1696 listen_socket_t *ls = data;
1698 #ifdef HAVE_RECVMMSG
1700 static int num = MAX_MSG;
1701 static vpn_packet_t pkt[MAX_MSG];
1702 static sockaddr_t addr[MAX_MSG];
1703 static struct mmsghdr msg[MAX_MSG];
1704 static struct iovec iov[MAX_MSG];
1706 for(int i = 0; i < num; i++) {
1709 iov[i] = (struct iovec) {
1710 .iov_base = DATA(&pkt[i]),
1714 msg[i].msg_hdr = (struct msghdr) {
1715 .msg_name = &addr[i].sa,
1716 .msg_namelen = sizeof(addr)[i],
1722 num = recvmmsg(ls->udp.fd, msg, MAX_MSG, MSG_DONTWAIT, NULL);
1725 if(!sockwouldblock(sockerrno)) {
1726 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1732 for(int i = 0; i < num; i++) {
1733 pkt[i].len = msg[i].msg_len;
1735 if(pkt[i].len <= 0 || pkt[i].len > MAXSIZE) {
1739 handle_incoming_vpn_packet(ls, &pkt[i], &addr[i]);
1744 sockaddr_t addr = {};
1745 socklen_t addrlen = sizeof(addr);
1748 int len = recvfrom(ls->udp.fd, (void *)DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen);
1750 if(len <= 0 || len > MAXSIZE) {
1751 if(!sockwouldblock(sockerrno)) {
1752 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
1760 handle_incoming_vpn_packet(ls, &pkt, &addr);
1764 void handle_device_data(void *data, int flags) {
1765 vpn_packet_t packet;
1766 packet.offset = DEFAULT_PACKET_OFFSET;
1767 packet.priority = 0;
1768 static int errors = 0;
1770 if(devops.read(&packet)) {
1772 myself->in_packets++;
1773 myself->in_bytes += packet.len;
1774 route(myself, &packet);
1776 usleep(errors * 50000);
1780 logger(DEBUG_ALWAYS, LOG_ERR, "Too many errors from %s, exiting!", device);