2 net_packet.c -- Handles in- and outgoing VPN packets
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
5 2010 Timothy Redaelli <timothy@redaelli.eu>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/pem.h>
29 #include <openssl/hmac.h>
41 #include "connection.h"
58 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
61 static void send_udppacket(node_t *, vpn_packet_t *);
63 unsigned replaywin = 16;
64 bool localdiscovery = false;
66 #define MAX_SEQNO 1073741824
68 /* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
69 mtuprobes == 31: sleep pinginterval seconds
70 mtuprobes == 32: send 1 burst, sleep pingtimeout second
71 mtuprobes == 33: no response from other side, restart PMTU discovery process
73 Probes are sent in batches of three, with random sizes between the lower and
74 upper boundaries for the MTU thus far discovered.
76 In case local discovery is enabled, a fourth packet is added to each batch,
77 which will be broadcast to the local network.
80 static void send_mtu_probe_handler(int fd, short events, void *data) {
86 if(!n->status.reachable || !n->status.validkey) {
87 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send MTU probe to unreachable or rekeying node %s (%s)", n->name, n->hostname);
92 if(n->mtuprobes > 32) {
95 timeout = pinginterval;
99 logger(DEBUG_TRAFFIC, LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
100 n->status.udp_confirmed = false;
106 if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
107 logger(DEBUG_TRAFFIC, LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
111 if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
112 if(n->minmtu > n->maxmtu)
113 n->minmtu = n->maxmtu;
115 n->maxmtu = n->minmtu;
117 logger(DEBUG_TRAFFIC, LOG_INFO, "Fixing MTU of %s (%s) to %d after %d probes", n->name, n->hostname, n->mtu, n->mtuprobes);
121 if(n->mtuprobes == 31) {
122 timeout = pinginterval;
124 } else if(n->mtuprobes == 32) {
125 timeout = pingtimeout;
128 for(int i = 0; i < 3 + localdiscovery; i++) {
131 if(n->maxmtu <= n->minmtu)
134 len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
140 memset(packet.data, 0, 14);
141 randomize(packet.data + 14, len - 14);
143 if(i >= 3 && n->mtuprobes <= 10)
144 packet.priority = -1;
148 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
150 send_udppacket(n, &packet);
154 event_add(&n->mtuevent, &(struct timeval){timeout, rand() % 100000});
157 void send_mtu_probe(node_t *n) {
158 if(!timeout_initialized(&n->mtuevent))
159 timeout_set(&n->mtuevent, send_mtu_probe_handler, n);
160 send_mtu_probe_handler(0, 0, n);
163 static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
164 logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
166 if(!packet->data[0]) {
168 send_udppacket(n, packet);
170 n->status.udp_confirmed = true;
172 if(n->mtuprobes > 30) {
186 static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
188 memcpy(dest, source, len);
190 } else if(level == 10) {
192 lzo_uint lzolen = MAXSIZE;
193 lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
198 } else if(level < 10) {
200 unsigned long destlen = MAXSIZE;
201 if(compress2(dest, &destlen, source, len, level) == Z_OK)
208 lzo_uint lzolen = MAXSIZE;
209 lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
219 static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
221 memcpy(dest, source, len);
223 } else if(level > 9) {
225 lzo_uint lzolen = MAXSIZE;
226 if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
234 unsigned long destlen = MAXSIZE;
235 if(uncompress(dest, &destlen, source, len) == Z_OK)
247 static void receive_packet(node_t *n, vpn_packet_t *packet) {
248 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Received packet of %d bytes from %s (%s)",
249 packet->len, n->name, n->hostname);
252 n->in_bytes += packet->len;
257 static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
259 return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
261 if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest))
264 return digest_verify(&n->indigest, &inpkt->seqno, inpkt->len - n->indigest.maclength, (const char *)&inpkt->seqno + inpkt->len - n->indigest.maclength);
267 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
268 vpn_packet_t pkt1, pkt2;
269 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
271 vpn_packet_t *outpkt = pkt[0];
274 if(n->status.sptps) {
275 sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
279 if(!cipher_active(&n->incipher)) {
280 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
281 n->name, n->hostname);
285 /* Check packet length */
287 if(inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) {
288 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
289 n->name, n->hostname);
293 /* Check the message authentication code */
295 if(digest_active(&n->indigest)) {
296 inpkt->len -= n->indigest.maclength;
297 if(!digest_verify(&n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
298 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
302 /* Decrypt the packet */
304 if(cipher_active(&n->incipher)) {
305 outpkt = pkt[nextpkt++];
308 if(!cipher_decrypt(&n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
309 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
313 outpkt->len = outlen;
317 /* Check the sequence number */
319 inpkt->len -= sizeof inpkt->seqno;
320 inpkt->seqno = ntohl(inpkt->seqno);
323 if(inpkt->seqno != n->received_seqno + 1) {
324 if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
325 if(n->farfuture++ < replaywin >> 2) {
326 logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
327 n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
330 logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
331 inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
332 memset(n->late, 0, replaywin);
333 } else if (inpkt->seqno <= n->received_seqno) {
334 if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
335 logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
336 n->name, n->hostname, inpkt->seqno, n->received_seqno);
340 for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
341 n->late[(i / 8) % replaywin] |= 1 << i % 8;
346 n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
349 if(inpkt->seqno > n->received_seqno)
350 n->received_seqno = inpkt->seqno;
352 if(n->received_seqno > MAX_SEQNO)
355 /* Decompress the packet */
357 length_t origlen = inpkt->len;
359 if(n->incompression) {
360 outpkt = pkt[nextpkt++];
362 if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
363 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
364 n->name, n->hostname);
370 origlen -= MTU/64 + 20;
375 if(!inpkt->data[12] && !inpkt->data[13])
376 mtu_probe_h(n, inpkt, origlen);
378 receive_packet(n, inpkt);
381 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
385 if(c->options & OPTION_TCPONLY)
388 outpkt.priority = -1;
389 memcpy(outpkt.data, buffer, len);
391 receive_packet(c->node, &outpkt);
394 static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
395 if(!n->status.validkey) {
396 logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
397 if(!n->status.waitingforkey)
399 else if(n->last_req_key + 10 < time(NULL)) {
400 logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
401 sptps_stop(&n->sptps);
402 n->status.waitingforkey = false;
411 if(!(origpkt->data[12] | origpkt->data[13])) {
412 sptps_send_record(&n->sptps, PKT_PROBE, (char *)origpkt->data, origpkt->len);
416 if(routing_mode == RMODE_ROUTER)
421 if(origpkt->len < offset)
426 if(n->outcompression) {
427 int len = compress_packet(outpkt.data + offset, origpkt->data + offset, origpkt->len - offset, n->outcompression);
429 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)", n->name, n->hostname);
430 } else if(len < origpkt->len - offset) {
431 outpkt.len = len + offset;
433 type |= PKT_COMPRESSED;
437 sptps_send_record(&n->sptps, type, (char *)origpkt->data + offset, origpkt->len - offset);
441 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
442 vpn_packet_t pkt1, pkt2;
443 vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
444 vpn_packet_t *inpkt = origpkt;
446 vpn_packet_t *outpkt;
447 int origlen = origpkt->len;
449 #if defined(SOL_IP) && defined(IP_TOS)
450 static int priority = 0;
452 int origpriority = origpkt->priority;
454 if(!n->status.reachable) {
455 logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
460 return send_sptps_packet(n, origpkt);
462 /* Make sure we have a valid key */
464 if(!n->status.validkey) {
465 time_t now = time(NULL);
467 logger(DEBUG_TRAFFIC, LOG_INFO,
468 "No valid key known yet for %s (%s), forwarding via TCP",
469 n->name, n->hostname);
471 if(n->last_req_key + 10 <= now) {
473 n->last_req_key = now;
476 send_tcppacket(n->nexthop->connection, origpkt);
481 if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
482 logger(DEBUG_TRAFFIC, LOG_INFO,
483 "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
484 n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
487 send_packet(n->nexthop, origpkt);
489 send_tcppacket(n->nexthop->connection, origpkt);
494 /* Compress the packet */
496 if(n->outcompression) {
497 outpkt = pkt[nextpkt++];
499 if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
500 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
501 n->name, n->hostname);
508 /* Add sequence number */
510 inpkt->seqno = htonl(++(n->sent_seqno));
511 inpkt->len += sizeof inpkt->seqno;
513 /* Encrypt the packet */
515 if(cipher_active(&n->outcipher)) {
516 outpkt = pkt[nextpkt++];
519 if(!cipher_encrypt(&n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
520 logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
524 outpkt->len = outlen;
528 /* Add the message authentication code */
530 if(digest_active(&n->outdigest)) {
531 digest_create(&n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
532 inpkt->len += digest_length(&n->outdigest);
535 /* Send the packet */
539 sockaddr_t broadcast;
541 /* Overloaded use of priority field: -1 means local broadcast */
543 if(origpriority == -1 && n->prevedge) {
544 sock = rand() % listen_sockets;
545 memset(&broadcast, 0, sizeof broadcast);
546 if(listen_socket[sock].sa.sa.sa_family == AF_INET6) {
547 broadcast.in6.sin6_family = AF_INET6;
548 broadcast.in6.sin6_addr.s6_addr[0x0] = 0xff;
549 broadcast.in6.sin6_addr.s6_addr[0x1] = 0x02;
550 broadcast.in6.sin6_addr.s6_addr[0xf] = 0x01;
551 broadcast.in6.sin6_port = n->prevedge->address.in.sin_port;
552 broadcast.in6.sin6_scope_id = listen_socket[sock].sa.in6.sin6_scope_id;
554 broadcast.in.sin_family = AF_INET;
555 broadcast.in.sin_addr.s_addr = -1;
556 broadcast.in.sin_port = n->prevedge->address.in.sin_port;
560 if(origpriority == -1)
563 if(n->status.udp_confirmed) {
564 /* Address of this node is confirmed, so use it. */
568 /* Otherwise, go through the list of known addresses of
569 this node. The first address we try is always the
570 one in n->address; that could be set to the node's
571 reflexive UDP address discovered during key
572 exchange. The other known addresses are those found
573 in edges to this node. */
575 static unsigned int i;
577 edge_t *candidate = NULL;
580 for splay_each(edge_t, e, edge_weight_tree) {
584 if(!candidate || j == i)
593 sa = &candidate->address;
594 sock = rand() % listen_sockets;
603 /* Determine which socket we have to use */
605 if(sa->sa.sa_family != listen_socket[sock].sa.sa.sa_family)
606 for(sock = 0; sock < listen_sockets; sock++)
607 if(sa->sa.sa_family == listen_socket[sock].sa.sa.sa_family)
610 if(sock >= listen_sockets)
613 if(!n->status.udp_confirmed)
616 #if defined(SOL_IP) && defined(IP_TOS)
617 if(priorityinheritance && origpriority != priority
618 && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
619 priority = origpriority;
620 logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
621 if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
622 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
626 socklen_t sl = SALEN(n->address.sa);
628 if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, sl) < 0 && !sockwouldblock(sockerrno)) {
629 if(sockmsgsize(sockerrno)) {
630 if(n->maxmtu >= origlen)
631 n->maxmtu = origlen - 1;
632 if(n->mtu >= origlen)
633 n->mtu = origlen - 1;
635 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
639 origpkt->len = origlen;
642 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
645 /* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
647 if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
648 char buf[len * 4 / 3 + 5];
649 b64encode(data, buf, len);
650 /* If no valid key is known yet, send the packets using ANS_KEY requests,
651 to ensure we get to learn the reflexive UDP address. */
652 if(!to->status.validkey)
653 return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
655 return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
658 /* Otherwise, send the packet via UDP */
664 sa = &(to->address.sa);
665 sl = SALEN(to->address.sa);
668 if(sendto(listen_socket[sock].udp, data, len, 0, sa, sl) < 0 && !sockwouldblock(sockerrno)) {
669 if(sockmsgsize(sockerrno)) {
670 if(to->maxmtu >= len)
671 to->maxmtu = len - 1;
675 logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending UDP SPTPS packet to %s (%s): %s", to->name, to->hostname, sockstrerror(sockerrno));
683 bool receive_sptps_record(void *handle, uint8_t type, const char *data, uint16_t len) {
684 node_t *from = handle;
686 if(type == SPTPS_HANDSHAKE) {
687 if(!from->status.validkey) {
688 from->status.validkey = true;
689 from->status.waitingforkey = false;
690 logger(DEBUG_META, LOG_INFO, "SPTPS key exchange with %s (%s) succesful", from->name, from->hostname);
696 logger(DEBUG_ALWAYS, LOG_ERR, "Packet from %s (%s) larger than maximum supported size (%d > %d)", from->name, from->hostname, len, MTU);
702 if(type == PKT_PROBE) {
704 memcpy(inpkt.data, data, len);
705 mtu_probe_h(from, &inpkt, len);
709 if(type & ~(PKT_COMPRESSED | PKT_MAC)) {
710 logger(DEBUG_ALWAYS, LOG_ERR, "Unexpected SPTPS record type %d len %d from %s (%s)", type, len, from->name, from->hostname);
714 /* Check if we have the headers we need */
715 if(routing_mode != RMODE_ROUTER && !(type & PKT_MAC)) {
716 logger(DEBUG_TRAFFIC, LOG_ERR, "Received packet from %s (%s) without MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
718 } else if(routing_mode == RMODE_ROUTER && (type & PKT_MAC)) {
719 logger(DEBUG_TRAFFIC, LOG_WARNING, "Received packet from %s (%s) with MAC header (maybe Mode is not set correctly)", from->name, from->hostname);
722 int offset = (type & PKT_MAC) ? 0 : 14;
723 if(type & PKT_COMPRESSED) {
724 len = uncompress_packet(inpkt.data + offset, (const uint8_t *)data, len, from->incompression);
728 inpkt.len = len + offset;
730 if(inpkt.len > MAXSIZE)
733 memcpy(inpkt.data + offset, data, len);
734 inpkt.len = len + offset;
737 /* Generate the Ethernet packet type if necessary */
739 switch(inpkt.data[14] >> 4) {
741 inpkt.data[12] = 0x08;
742 inpkt.data[13] = 0x00;
745 inpkt.data[12] = 0x86;
746 inpkt.data[13] = 0xDD;
749 logger(DEBUG_TRAFFIC, LOG_ERR,
750 "Unknown IP version %d while reading packet from %s (%s)",
751 inpkt.data[14] >> 4, from->name, from->hostname);
756 receive_packet(from, &inpkt);
761 send a packet to the given vpn ip.
763 void send_packet(node_t *n, vpn_packet_t *packet) {
768 memcpy(packet->data, mymac.x, ETH_ALEN);
770 n->out_bytes += packet->len;
771 devops.write(packet);
775 logger(DEBUG_TRAFFIC, LOG_ERR, "Sending packet of %d bytes to %s (%s)",
776 packet->len, n->name, n->hostname);
778 if(!n->status.reachable) {
779 logger(DEBUG_TRAFFIC, LOG_INFO, "Node %s (%s) is not reachable",
780 n->name, n->hostname);
785 n->out_bytes += packet->len;
787 if(n->status.sptps) {
788 send_sptps_packet(n, packet);
792 via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
795 logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
796 n->name, via->name, n->via->hostname);
798 if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
799 if(!send_tcppacket(via->connection, packet))
800 terminate_connection(via->connection, true);
802 send_udppacket(via, packet);
805 /* Broadcast a packet using the minimum spanning tree */
807 void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
808 // Always give ourself a copy of the packet.
810 send_packet(myself, packet);
812 // In TunnelServer mode, do not forward broadcast packets.
813 // The MST might not be valid and create loops.
814 if(tunnelserver || broadcast_mode == BMODE_NONE)
817 logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
818 packet->len, from->name, from->hostname);
820 switch(broadcast_mode) {
821 // In MST mode, broadcast packets travel via the Minimum Spanning Tree.
822 // This guarantees all nodes receive the broadcast packet, and
823 // usually distributes the sending of broadcast packets over all nodes.
825 for list_each(connection_t, c, connection_list)
826 if(c->status.active && c->status.mst && c != from->nexthop->connection)
827 send_packet(c->node, packet);
830 // In direct mode, we send copies to each node we know of.
831 // However, this only reaches nodes that can be reached in a single hop.
832 // We don't have enough information to forward broadcast packets in this case.
837 for splay_each(node_t, n, node_tree)
838 if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
839 send_packet(n, packet);
847 static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
850 static time_t last_hard_try = 0;
851 time_t now = time(NULL);
853 for splay_each(edge_t, e, edge_weight_tree) {
854 if(!e->to->status.reachable || e->to == myself)
857 if(sockaddrcmp_noport(from, &e->address)) {
858 if(last_hard_try == now)
863 if(!try_mac(e->to, pkt))
877 void handle_incoming_vpn_data(int sock, short events, void *data) {
880 sockaddr_t from = {{0}};
881 socklen_t fromlen = sizeof from;
885 len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
887 if(len <= 0 || len > MAXSIZE) {
888 if(!sockwouldblock(sockerrno))
889 logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
895 sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */
897 n = lookup_node_udp(&from);
900 n = try_harder(&from, &pkt);
902 update_node_udp(n, &from);
903 else if(debug_level >= DEBUG_PROTOCOL) {
904 hostname = sockaddr2hostname(&from);
905 logger(DEBUG_PROTOCOL, LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
913 n->sock = (intptr_t)data;
915 receive_udppacket(n, &pkt);
918 void handle_device_data(int sock, short events, void *data) {
923 if(devops.read(&packet)) {
924 myself->in_packets++;
925 myself->in_bytes += packet.len;
926 route(myself, &packet);