2 net_socket.c -- Handle various kinds of sockets.
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2009 Florian Forster <octo@verplant.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "address_cache.h"
27 #include "connection.h"
28 #include "control_common.h"
39 int addressfamily = AF_UNSPEC;
41 int seconds_till_retry = 5;
42 int udp_rcvbuf = 1024 * 1024;
43 int udp_sndbuf = 1024 * 1024;
44 int max_connection_burst = 100;
47 listen_socket_t listen_socket[MAXSOCKETS];
52 list_t *outgoing_list = NULL;
56 static void configure_tcp(connection_t *c) {
60 int flags = fcntl(c->socket, F_GETFL);
62 if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) {
63 logger(DEBUG_ALWAYS, LOG_ERR, "fcntl for %s fd %d: %s", c->hostname, c->socket, strerror(errno));
67 unsigned long arg = 1;
69 if(ioctlsocket(c->socket, FIONBIO, &arg) != 0) {
70 logger(DEBUG_ALWAYS, LOG_ERR, "ioctlsocket for %s fd %d: %s", c->hostname, c->socket, sockstrerror(sockerrno));
75 #if defined(TCP_NODELAY)
77 setsockopt(c->socket, IPPROTO_TCP, TCP_NODELAY, (void *)&option, sizeof(option));
80 #if defined(IP_TOS) && defined(IPTOS_LOWDELAY)
81 option = IPTOS_LOWDELAY;
82 setsockopt(c->socket, IPPROTO_IP, IP_TOS, (void *)&option, sizeof(option));
85 #if defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
86 option = IPTOS_LOWDELAY;
87 setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
93 setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
99 static bool bind_to_interface(int sd) {
102 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
105 #endif /* defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) */
107 if(!get_config_string(lookup_config(config_tree, "BindToInterface"), &iface)) {
111 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
112 memset(&ifr, 0, sizeof(ifr));
113 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
114 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
116 status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
119 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
120 sockstrerror(sockerrno));
124 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
125 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
131 static bool bind_to_address(connection_t *c) {
134 for(int i = 0; i < listen_sockets && listen_socket[i].bindto; i++) {
135 if(listen_socket[i].sa.sa.sa_family != c->address.sa.sa_family) {
150 sockaddr_t sa = listen_socket[s].sa;
152 if(sa.sa.sa_family == AF_INET) {
154 } else if(sa.sa.sa_family == AF_INET6) {
155 sa.in6.sin6_port = 0;
158 if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
159 logger(DEBUG_CONNECTIONS, LOG_WARNING, "Can't bind outgoing socket: %s", sockstrerror(sockerrno));
166 int setup_listen_socket(const sockaddr_t *sa) {
172 nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
175 logger(DEBUG_STATUS, LOG_ERR, "Creating metasocket failed: %s", sockstrerror(sockerrno));
180 fcntl(nfd, F_SETFD, FD_CLOEXEC);
183 /* Optimize TCP settings */
186 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
188 #if defined(IPV6_V6ONLY)
190 if(sa->sa.sa_family == AF_INET6) {
191 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
195 #warning IPV6_V6ONLY not defined
201 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
207 (lookup_config(config_tree, "BindToInterface"), &iface)) {
208 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
211 memset(&ifr, 0, sizeof(ifr));
212 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
214 if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
216 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
217 sockstrerror(sockerrno));
222 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
226 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
228 addrstr = sockaddr2hostname(sa);
229 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
236 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "listen", sockstrerror(sockerrno));
243 int setup_vpn_in_socket(const sockaddr_t *sa) {
248 nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
251 logger(DEBUG_ALWAYS, LOG_ERR, "Creating UDP socket failed: %s", sockstrerror(sockerrno));
256 fcntl(nfd, F_SETFD, FD_CLOEXEC);
261 int flags = fcntl(nfd, F_GETFL);
263 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) {
265 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl",
272 unsigned long arg = 1;
274 if(ioctlsocket(nfd, FIONBIO, &arg) != 0) {
276 logger(DEBUG_ALWAYS, LOG_ERR, "Call to `%s' failed: %s", "ioctlsocket", sockstrerror(sockerrno));
283 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
284 setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof(option));
286 if(udp_rcvbuf && setsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf, sizeof(udp_rcvbuf))) {
287 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, sockstrerror(sockerrno));
290 if(udp_sndbuf && setsockopt(nfd, SOL_SOCKET, SO_SNDBUF, (void *)&udp_sndbuf, sizeof(udp_sndbuf))) {
291 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, sockstrerror(sockerrno));
294 #if defined(IPV6_V6ONLY)
296 if(sa->sa.sa_family == AF_INET6) {
297 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
302 #if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
303 #define IP_DONTFRAGMENT IP_DONTFRAG
306 #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
308 if(myself->options & OPTION_PMTU_DISCOVERY) {
309 option = IP_PMTUDISC_DO;
310 setsockopt(nfd, IPPROTO_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
313 #elif defined(IP_DONTFRAGMENT)
315 if(myself->options & OPTION_PMTU_DISCOVERY) {
317 setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
322 #if defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
324 if(myself->options & OPTION_PMTU_DISCOVERY) {
325 option = IPV6_PMTUDISC_DO;
326 setsockopt(nfd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
329 #elif defined(IPV6_DONTFRAG)
331 if(myself->options & OPTION_PMTU_DISCOVERY) {
333 setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
341 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
346 if(!bind_to_interface(nfd)) {
351 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
353 addrstr = sockaddr2hostname(sa);
354 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/udp: %s", addrstr, sockstrerror(sockerrno));
360 } /* int setup_vpn_in_socket */
362 static void retry_outgoing_handler(void *data) {
363 setup_outgoing_connection(data, true);
366 void retry_outgoing(outgoing_t *outgoing) {
367 outgoing->timeout += 5;
369 if(outgoing->timeout > maxtimeout) {
370 outgoing->timeout = maxtimeout;
373 timeout_add(&outgoing->ev, retry_outgoing_handler, outgoing, &(struct timeval) {
374 outgoing->timeout, rand() % 100000
377 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Trying to re-establish outgoing connection in %d seconds", outgoing->timeout);
380 void finish_connecting(connection_t *c) {
381 logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
383 c->last_ping_time = now.tv_sec;
384 c->status.connecting = false;
389 static void do_outgoing_pipe(connection_t *c, char *command) {
393 if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
394 logger(DEBUG_ALWAYS, LOG_ERR, "Could not create socketpair: %s", sockstrerror(sockerrno));
401 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Using proxy %s", command);
412 // Other filedescriptors should be closed automatically by CLOEXEC
417 sockaddr2str(&c->address, &host, &port);
418 setenv("REMOTEADDRESS", host, true);
419 setenv("REMOTEPORT", port, true);
420 setenv("NODE", c->name, true);
421 setenv("NAME", myself->name, true);
424 setenv("NETNAME", netname, true);
427 int result = system(command);
430 logger(DEBUG_ALWAYS, LOG_ERR, "Could not execute %s: %s", command, strerror(errno));
432 logger(DEBUG_ALWAYS, LOG_ERR, "%s exited with non-zero status %d", command, result);
437 logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
442 static void handle_meta_write(connection_t *c) {
443 if(c->outbuf.len <= c->outbuf.offset) {
447 ssize_t outlen = send(c->socket, c->outbuf.data + c->outbuf.offset, c->outbuf.len - c->outbuf.offset, 0);
450 if(!sockerrno || sockerrno == EPIPE) {
451 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname);
452 } else if(sockwouldblock(sockerrno)) {
453 logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes to %s (%s) would block", c->outbuf.len - c->outbuf.offset, c->name, c->hostname);
456 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not send %d bytes of data to %s (%s): %s", c->outbuf.len - c->outbuf.offset, c->name, c->hostname, sockstrerror(sockerrno));
459 terminate_connection(c, c->edge);
463 buffer_read(&c->outbuf, outlen);
466 io_set(&c->io, IO_READ);
470 static void handle_meta_io(void *data, int flags) {
471 connection_t *c = data;
473 if(c->status.connecting) {
475 The event loop does not protect against spurious events. Verify that we are actually connected
476 by issuing an empty send() call.
478 Note that the behavior of send() on potentially unconnected sockets differ between platforms:
479 +------------+-----------+-------------+-----------+
480 | Event | POSIX | Linux | Windows |
481 +------------+-----------+-------------+-----------+
482 | Spurious | ENOTCONN | EWOULDBLOCK | ENOTCONN |
483 | Failed | ENOTCONN | (cause) | ENOTCONN |
484 | Successful | (success) | (success) | (success) |
485 +------------+-----------+-------------+-----------+
487 if(send(c->socket, NULL, 0, 0) != 0) {
488 if(sockwouldblock(sockerrno)) {
494 if(!socknotconn(sockerrno)) {
495 socket_error = sockerrno;
497 socklen_t len = sizeof(socket_error);
498 getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&socket_error, &len);
502 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(socket_error));
503 terminate_connection(c, false);
509 c->status.connecting = false;
510 finish_connecting(c);
513 if(flags & IO_WRITE) {
514 handle_meta_write(c);
516 handle_meta_connection_data(c);
520 bool do_outgoing_connection(outgoing_t *outgoing) {
521 const sockaddr_t *sa;
522 struct addrinfo *proxyai = NULL;
526 sa = get_recent_address(outgoing->address_cache);
529 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name);
530 retry_outgoing(outgoing);
534 connection_t *c = new_connection();
535 c->outgoing = outgoing;
536 memcpy(&c->address, sa, SALEN(sa->sa));
537 c->hostname = sockaddr2hostname(&c->address);
539 logger(DEBUG_CONNECTIONS, LOG_INFO, "Trying to connect to %s (%s)", outgoing->node->name, c->hostname);
542 c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
544 } else if(proxytype == PROXY_EXEC) {
545 do_outgoing_pipe(c, proxyhost);
547 proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
554 logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
555 c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
559 if(c->socket == -1) {
560 logger(DEBUG_CONNECTIONS, LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno));
566 fcntl(c->socket, F_SETFD, FD_CLOEXEC);
569 if(proxytype != PROXY_EXEC) {
570 #if defined(IPV6_V6ONLY)
573 if(c->address.sa.sa_family == AF_INET6) {
574 setsockopt(c->socket, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
579 bind_to_interface(c->socket);
586 result = connect(c->socket, &c->address.sa, SALEN(c->address.sa));
587 } else if(proxytype == PROXY_EXEC) {
594 result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen);
595 freeaddrinfo(proxyai);
598 if(result == -1 && !sockinprogress(sockerrno)) {
599 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not connect to %s (%s): %s", outgoing->node->name, c->hostname, sockstrerror(sockerrno));
605 /* Now that there is a working socket, fill in the rest and register this connection. */
607 c->last_ping_time = time(NULL);
608 c->status.connecting = true;
609 c->name = xstrdup(outgoing->node->name);
610 #ifndef DISABLE_LEGACY
611 c->outcipher = myself->connection->outcipher;
612 c->outdigest = myself->connection->outdigest;
614 c->outmaclength = myself->connection->outmaclength;
615 c->outcompression = myself->connection->outcompression;
616 c->last_ping_time = now.tv_sec;
620 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ | IO_WRITE);
625 void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
626 timeout_del(&outgoing->ev);
628 node_t *n = outgoing->node;
631 logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name);
633 if(!n->connection->outgoing) {
634 n->connection->outgoing = outgoing;
641 if(!outgoing->address_cache) {
642 outgoing->address_cache = open_address_cache(n);
645 do_outgoing_connection(outgoing);
649 list_delete(outgoing_list, outgoing);
653 accept a new tcp connect and create a
656 void handle_new_meta_connection(void *data, int flags) {
657 listen_socket_t *l = data;
661 socklen_t len = sizeof(sa);
663 fd = accept(l->tcp.fd, &sa.sa, &len);
666 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
672 // Check if we get many connections from the same host
674 static sockaddr_t prev_sa;
675 static int tarpit = -1;
682 if(!sockaddrcmp_noport(&sa, &prev_sa)) {
683 static int samehost_burst;
684 static int samehost_burst_time;
686 if(now.tv_sec - samehost_burst_time > samehost_burst) {
689 samehost_burst -= now.tv_sec - samehost_burst_time;
692 samehost_burst_time = now.tv_sec;
695 if(samehost_burst > max_connection_burst) {
701 memcpy(&prev_sa, &sa, sizeof(sa));
703 // Check if we get many connections from different hosts
705 static int connection_burst;
706 static int connection_burst_time;
708 if(now.tv_sec - connection_burst_time > connection_burst) {
709 connection_burst = 0;
711 connection_burst -= now.tv_sec - connection_burst_time;
714 connection_burst_time = now.tv_sec;
717 if(connection_burst >= max_connection_burst) {
718 connection_burst = max_connection_burst;
723 // Accept the new connection
725 c = new_connection();
726 c->name = xstrdup("<unknown>");
727 #ifndef DISABLE_LEGACY
728 c->outcipher = myself->connection->outcipher;
729 c->outdigest = myself->connection->outdigest;
731 c->outmaclength = myself->connection->outmaclength;
732 c->outcompression = myself->connection->outcompression;
735 c->hostname = sockaddr2hostname(&sa);
737 c->last_ping_time = now.tv_sec;
739 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
741 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
747 c->allow_request = ID;
753 accept a new UNIX socket connection
755 void handle_new_unix_connection(void *data, int flags) {
760 socklen_t len = sizeof(sa);
762 fd = accept(io->fd, &sa.sa, &len);
765 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
771 c = new_connection();
772 c->name = xstrdup("<control>");
774 c->hostname = xstrdup("localhost port unix");
776 c->last_ping_time = now.tv_sec;
778 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
780 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
784 c->allow_request = ID;
790 static void free_outgoing(outgoing_t *outgoing) {
791 timeout_del(&outgoing->ev);
793 if(outgoing->address_cache) {
794 close_address_cache(outgoing->address_cache);
800 void try_outgoing_connections(void) {
801 /* If there is no outgoing list yet, create one. Otherwise, mark all outgoings as deleted. */
804 outgoing_list = list_alloc((list_action_t)free_outgoing);
806 for list_each(outgoing_t, outgoing, outgoing_list) {
807 outgoing->timeout = -1;
811 /* Make sure there is one outgoing_t in the list for each ConnectTo. */
813 for(config_t *cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
815 get_config_string(cfg, &name);
817 if(!check_id(name)) {
818 logger(DEBUG_ALWAYS, LOG_ERR,
819 "Invalid name for outgoing connection in %s line %d",
820 cfg->file, cfg->line);
825 if(!strcmp(name, myself->name)) {
832 for list_each(outgoing_t, outgoing, outgoing_list) {
833 if(!strcmp(outgoing->node->name, name)) {
835 outgoing->timeout = 0;
841 outgoing_t *outgoing = xzalloc(sizeof(*outgoing));
842 node_t *n = lookup_node(name);
846 n->name = xstrdup(name);
851 list_insert_tail(outgoing_list, outgoing);
852 setup_outgoing_connection(outgoing, true);
856 /* Terminate any connections whose outgoing_t is to be deleted. */
858 for list_each(connection_t, c, connection_list) {
859 if(c->outgoing && c->outgoing->timeout == -1) {
861 logger(DEBUG_CONNECTIONS, LOG_INFO, "No more outgoing connection to %s", c->name);
862 terminate_connection(c, c->edge);
866 /* Delete outgoing_ts for which there is no ConnectTo. */
868 for list_each(outgoing_t, outgoing, outgoing_list)
869 if(outgoing->timeout == -1) {
870 list_delete_node(outgoing_list, node);
projects / tinc / blob