2 net_socket.c -- Handle various kinds of sockets.
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2018 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2009 Florian Forster <octo@verplant.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "address_cache.h"
27 #include "connection.h"
37 int addressfamily = AF_UNSPEC;
39 int seconds_till_retry = 5;
40 int udp_rcvbuf = 1024 * 1024;
41 int udp_sndbuf = 1024 * 1024;
42 bool udp_rcvbuf_warnings;
43 bool udp_sndbuf_warnings;
44 int max_connection_burst = 10;
47 listen_socket_t listen_socket[MAXSOCKETS];
53 static void free_outgoing(outgoing_t *outgoing) {
54 timeout_del(&outgoing->ev);
58 list_t outgoing_list = {
62 .delete = (list_action_t)free_outgoing,
67 static void configure_tcp(connection_t *c) {
71 int flags = fcntl(c->socket, F_GETFL);
73 if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) {
74 logger(DEBUG_ALWAYS, LOG_ERR, "fcntl for %s fd %d: %s", c->hostname, c->socket, strerror(errno));
78 unsigned long arg = 1;
80 if(ioctlsocket(c->socket, FIONBIO, &arg) != 0) {
81 logger(DEBUG_ALWAYS, LOG_ERR, "ioctlsocket for %s fd %d: %s", c->hostname, c->socket, sockstrerror(sockerrno));
86 #if defined(TCP_NODELAY)
88 setsockopt(c->socket, IPPROTO_TCP, TCP_NODELAY, (void *)&option, sizeof(option));
91 #if defined(IP_TOS) && defined(IPTOS_LOWDELAY)
92 option = IPTOS_LOWDELAY;
93 setsockopt(c->socket, IPPROTO_IP, IP_TOS, (void *)&option, sizeof(option));
96 #if defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
97 option = IPTOS_LOWDELAY;
98 setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
104 setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
110 static bool bind_to_interface(int sd) {
113 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
116 #endif /* defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) */
118 if(!get_config_string(lookup_config(&config_tree, "BindToInterface"), &iface)) {
122 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
123 memset(&ifr, 0, sizeof(ifr));
124 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
125 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
127 status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
130 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
131 sockstrerror(sockerrno));
135 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
137 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
143 static bool bind_to_address(connection_t *c) {
146 for(int i = 0; i < listen_sockets && listen_socket[i].bindto; i++) {
147 if(listen_socket[i].sa.sa.sa_family != c->address.sa.sa_family) {
162 sockaddr_t sa = listen_socket[s].sa;
164 if(sa.sa.sa_family == AF_INET) {
166 } else if(sa.sa.sa_family == AF_INET6) {
167 sa.in6.sin6_port = 0;
170 if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
171 logger(DEBUG_CONNECTIONS, LOG_WARNING, "Can't bind outgoing socket: %s", sockstrerror(sockerrno));
178 int setup_listen_socket(const sockaddr_t *sa) {
184 nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
187 logger(DEBUG_STATUS, LOG_ERR, "Creating metasocket failed: %s", sockstrerror(sockerrno));
192 fcntl(nfd, F_SETFD, FD_CLOEXEC);
195 /* Optimize TCP settings */
198 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
200 #if defined(IPV6_V6ONLY)
202 if(sa->sa.sa_family == AF_INET6) {
203 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
207 #warning IPV6_V6ONLY not defined
213 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
219 (lookup_config(&config_tree, "BindToInterface"), &iface)) {
220 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
223 memset(&ifr, 0, sizeof(ifr));
224 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
225 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
227 if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
229 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
230 sockstrerror(sockerrno));
235 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
239 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
241 addrstr = sockaddr2hostname(sa);
242 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
249 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "listen", sockstrerror(sockerrno));
256 static void set_udp_buffer(int nfd, int type, const char *name, int size, bool warnings) {
261 if(setsockopt(nfd, SOL_SOCKET, type, (void *)&size, sizeof(size))) {
262 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP %s to %i: %s", name, size, sockstrerror(sockerrno));
270 // The system may cap the requested buffer size.
271 // Read back the value and check if it is now as requested.
273 socklen_t optlen = sizeof(actual);
275 if(getsockopt(nfd, SOL_SOCKET, type, (void *)&actual, &optlen)) {
276 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP %s: %s", name, sockstrerror(sockerrno));
277 } else if(optlen != sizeof(actual)) {
278 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP %s: unexpected returned optlen %d", name, (int)optlen);
279 } else if(actual < size) {
280 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP %s to %i, the system set it to %i instead", name, size, actual);
285 int setup_vpn_in_socket(const sockaddr_t *sa) {
290 nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
293 logger(DEBUG_ALWAYS, LOG_ERR, "Creating UDP socket failed: %s", sockstrerror(sockerrno));
298 fcntl(nfd, F_SETFD, FD_CLOEXEC);
303 int flags = fcntl(nfd, F_GETFL);
305 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) {
307 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl",
314 unsigned long arg = 1;
316 if(ioctlsocket(nfd, FIONBIO, &arg) != 0) {
318 logger(DEBUG_ALWAYS, LOG_ERR, "Call to `%s' failed: %s", "ioctlsocket", sockstrerror(sockerrno));
325 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
326 setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof(option));
328 set_udp_buffer(nfd, SO_RCVBUF, "SO_RCVBUF", udp_rcvbuf, udp_rcvbuf_warnings);
329 set_udp_buffer(nfd, SO_SNDBUF, "SO_SNDBUF", udp_sndbuf, udp_sndbuf_warnings);
331 #if defined(IPV6_V6ONLY)
333 if(sa->sa.sa_family == AF_INET6) {
334 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
339 #if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
340 #define IP_DONTFRAGMENT IP_DONTFRAG
343 #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
345 if(myself->options & OPTION_PMTU_DISCOVERY) {
346 option = IP_PMTUDISC_DO;
347 setsockopt(nfd, IPPROTO_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
350 #elif defined(IP_DONTFRAGMENT)
352 if(myself->options & OPTION_PMTU_DISCOVERY) {
354 setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
359 #if defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
361 if(myself->options & OPTION_PMTU_DISCOVERY) {
362 option = IPV6_PMTUDISC_DO;
363 setsockopt(nfd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
366 #elif defined(IPV6_DONTFRAG)
368 if(myself->options & OPTION_PMTU_DISCOVERY) {
370 setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
378 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
383 if(!bind_to_interface(nfd)) {
388 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
390 addrstr = sockaddr2hostname(sa);
391 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/udp: %s", addrstr, sockstrerror(sockerrno));
397 } /* int setup_vpn_in_socket */
399 static void retry_outgoing_handler(void *data) {
400 setup_outgoing_connection(data, true);
403 void retry_outgoing(outgoing_t *outgoing) {
404 outgoing->timeout += 5;
406 if(outgoing->timeout > maxtimeout) {
407 outgoing->timeout = maxtimeout;
410 timeout_add(&outgoing->ev, retry_outgoing_handler, outgoing, &(struct timeval) {
411 outgoing->timeout, rand() % 100000
414 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Trying to re-establish outgoing connection in %d seconds", outgoing->timeout);
417 void finish_connecting(connection_t *c) {
418 logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
420 c->last_ping_time = now.tv_sec;
421 c->status.connecting = false;
426 static void do_outgoing_pipe(connection_t *c, const char *command) {
430 if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
431 logger(DEBUG_ALWAYS, LOG_ERR, "Could not create socketpair: %s", sockstrerror(sockerrno));
438 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Using proxy %s", command);
449 // Other filedescriptors should be closed automatically by CLOEXEC
454 sockaddr2str(&c->address, &host, &port);
455 setenv("REMOTEADDRESS", host, true);
456 setenv("REMOTEPORT", port, true);
457 setenv("NODE", c->name, true);
458 setenv("NAME", myself->name, true);
461 setenv("NETNAME", netname, true);
464 int result = system(command);
467 logger(DEBUG_ALWAYS, LOG_ERR, "Could not execute %s: %s", command, strerror(errno));
469 logger(DEBUG_ALWAYS, LOG_ERR, "%s exited with non-zero status %d", command, result);
476 logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
481 static void handle_meta_write(connection_t *c) {
482 if(c->outbuf.len <= c->outbuf.offset) {
486 ssize_t outlen = send(c->socket, c->outbuf.data + c->outbuf.offset, c->outbuf.len - c->outbuf.offset, 0);
489 if(!sockerrno || sockerrno == EPIPE) {
490 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname);
491 } else if(sockwouldblock(sockerrno)) {
492 logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes to %s (%s) would block", c->outbuf.len - c->outbuf.offset, c->name, c->hostname);
495 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not send %d bytes of data to %s (%s): %s", c->outbuf.len - c->outbuf.offset, c->name, c->hostname, sockstrerror(sockerrno));
498 terminate_connection(c, c->edge);
502 buffer_read(&c->outbuf, outlen);
505 io_set(&c->io, IO_READ);
509 static void handle_meta_io(void *data, int flags) {
510 connection_t *c = data;
512 if(c->status.connecting) {
514 The event loop does not protect against spurious events. Verify that we are actually connected
515 by issuing an empty send() call.
517 Note that the behavior of send() on potentially unconnected sockets differ between platforms:
518 +------------+-----------+-------------+-----------+
519 | Event | POSIX | Linux | Windows |
520 +------------+-----------+-------------+-----------+
521 | Spurious | ENOTCONN | EWOULDBLOCK | ENOTCONN |
522 | Failed | ENOTCONN | (cause) | ENOTCONN |
523 | Successful | (success) | (success) | (success) |
524 +------------+-----------+-------------+-----------+
526 if(send(c->socket, NULL, 0, 0) != 0) {
527 if(sockwouldblock(sockerrno)) {
533 if(!socknotconn(sockerrno)) {
534 socket_error = sockerrno;
536 socklen_t len = sizeof(socket_error);
537 getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&socket_error, &len);
541 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(socket_error));
542 terminate_connection(c, false);
548 c->status.connecting = false;
549 finish_connecting(c);
552 if(flags & IO_WRITE) {
553 handle_meta_write(c);
555 handle_meta_connection_data(c);
559 bool do_outgoing_connection(outgoing_t *outgoing) {
560 const sockaddr_t *sa;
561 struct addrinfo *proxyai = NULL;
565 sa = get_recent_address(outgoing->node->address_cache);
568 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name);
569 retry_outgoing(outgoing);
573 connection_t *c = new_connection();
574 c->outgoing = outgoing;
575 memcpy(&c->address, sa, SALEN(sa->sa));
576 c->hostname = sockaddr2hostname(&c->address);
578 logger(DEBUG_CONNECTIONS, LOG_INFO, "Trying to connect to %s (%s)", outgoing->node->name, c->hostname);
581 c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
583 } else if(proxytype == PROXY_EXEC) {
584 do_outgoing_pipe(c, proxyhost);
586 proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
593 logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
594 c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
598 if(c->socket == -1) {
599 logger(DEBUG_CONNECTIONS, LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno));
605 fcntl(c->socket, F_SETFD, FD_CLOEXEC);
608 if(proxytype != PROXY_EXEC) {
609 #if defined(IPV6_V6ONLY)
612 if(c->address.sa.sa_family == AF_INET6) {
613 setsockopt(c->socket, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
618 bind_to_interface(c->socket);
625 result = connect(c->socket, &c->address.sa, SALEN(c->address.sa));
626 } else if(proxytype == PROXY_EXEC) {
633 result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen);
634 freeaddrinfo(proxyai);
637 if(result == -1 && !sockinprogress(sockerrno)) {
638 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not connect to %s (%s): %s", outgoing->node->name, c->hostname, sockstrerror(sockerrno));
644 /* Now that there is a working socket, fill in the rest and register this connection. */
646 c->last_ping_time = time(NULL);
647 c->status.connecting = true;
648 c->name = xstrdup(outgoing->node->name);
649 #ifndef DISABLE_LEGACY
650 c->outcipher = myself->connection->outcipher;
651 c->outdigest = myself->connection->outdigest;
653 c->outmaclength = myself->connection->outmaclength;
654 c->outcompression = myself->connection->outcompression;
655 c->last_ping_time = now.tv_sec;
659 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ | IO_WRITE);
664 void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
666 timeout_del(&outgoing->ev);
668 node_t *n = outgoing->node;
670 if(!n->address_cache) {
671 n->address_cache = open_address_cache(n);
675 logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name);
677 if(!n->connection->outgoing) {
678 n->connection->outgoing = outgoing;
685 do_outgoing_connection(outgoing);
689 list_delete(&outgoing_list, outgoing);
693 accept a new tcp connect and create a
696 void handle_new_meta_connection(void *data, int flags) {
698 listen_socket_t *l = data;
702 socklen_t len = sizeof(sa);
704 fd = accept(l->tcp.fd, &sa.sa, &len);
707 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
713 // Check if we get many connections from the same host
715 static sockaddr_t prev_sa;
717 if(!sockaddrcmp_noport(&sa, &prev_sa)) {
718 static time_t samehost_burst;
719 static time_t samehost_burst_time;
721 if(now.tv_sec - samehost_burst_time > samehost_burst) {
724 samehost_burst -= now.tv_sec - samehost_burst_time;
727 samehost_burst_time = now.tv_sec;
730 if(samehost_burst > max_connection_burst) {
736 memcpy(&prev_sa, &sa, sizeof(sa));
738 // Check if we get many connections from different hosts
740 static time_t connection_burst;
741 static time_t connection_burst_time;
743 if(now.tv_sec - connection_burst_time > connection_burst) {
744 connection_burst = 0;
746 connection_burst -= now.tv_sec - connection_burst_time;
749 connection_burst_time = now.tv_sec;
752 if(connection_burst >= max_connection_burst) {
753 connection_burst = max_connection_burst;
758 // Accept the new connection
760 c = new_connection();
761 c->name = xstrdup("<unknown>");
762 #ifndef DISABLE_LEGACY
763 c->outcipher = myself->connection->outcipher;
764 c->outdigest = myself->connection->outdigest;
766 c->outmaclength = myself->connection->outmaclength;
767 c->outcompression = myself->connection->outcompression;
770 c->hostname = sockaddr2hostname(&sa);
772 c->last_ping_time = now.tv_sec;
774 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
776 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
782 c->allow_request = ID;
787 accept a new UNIX socket connection
789 void handle_new_unix_connection(void *data, int flags) {
795 socklen_t len = sizeof(sa);
797 fd = accept(io->fd, &sa.sa, &len);
800 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
806 c = new_connection();
807 c->name = xstrdup("<control>");
809 c->hostname = xstrdup("localhost port unix");
811 c->last_ping_time = now.tv_sec;
813 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
815 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
819 c->allow_request = ID;
823 void try_outgoing_connections(void) {
824 /* If there is no outgoing list yet, create one. Otherwise, mark all outgoings as deleted. */
826 for list_each(outgoing_t, outgoing, &outgoing_list) {
827 outgoing->timeout = -1;
830 /* Make sure there is one outgoing_t in the list for each ConnectTo. */
832 for(config_t *cfg = lookup_config(&config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
834 get_config_string(cfg, &name);
836 if(!check_id(name)) {
837 logger(DEBUG_ALWAYS, LOG_ERR,
838 "Invalid name for outgoing connection in %s line %d",
839 cfg->file, cfg->line);
844 if(!strcmp(name, myself->name)) {
851 for list_each(outgoing_t, outgoing, &outgoing_list) {
852 if(!strcmp(outgoing->node->name, name)) {
854 outgoing->timeout = 0;
860 outgoing_t *outgoing = xzalloc(sizeof(*outgoing));
861 node_t *n = lookup_node(name);
865 n->name = xstrdup(name);
872 list_insert_tail(&outgoing_list, outgoing);
873 setup_outgoing_connection(outgoing, true);
877 /* Terminate any connections whose outgoing_t is to be deleted. */
879 for list_each(connection_t, c, &connection_list) {
880 if(c->outgoing && c->outgoing->timeout == -1) {
882 logger(DEBUG_CONNECTIONS, LOG_INFO, "No more outgoing connection to %s", c->name);
883 terminate_connection(c, c->edge);
887 /* Delete outgoing_ts for which there is no ConnectTo. */
889 for list_each(outgoing_t, outgoing, &outgoing_list)
890 if(outgoing->timeout == -1) {
891 list_delete_node(&outgoing_list, node);
projects / tinc / blob