2 net_socket.c -- Handle various kinds of sockets.
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2018 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2009 Florian Forster <octo@verplant.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "address_cache.h"
27 #include "connection.h"
28 #include "control_common.h"
39 int addressfamily = AF_UNSPEC;
41 int seconds_till_retry = 5;
42 int udp_rcvbuf = 1024 * 1024;
43 int udp_sndbuf = 1024 * 1024;
44 int max_connection_burst = 10;
47 listen_socket_t listen_socket[MAXSOCKETS];
52 list_t *outgoing_list = NULL;
56 static void configure_tcp(connection_t *c) {
60 int flags = fcntl(c->socket, F_GETFL);
62 if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) {
63 logger(DEBUG_ALWAYS, LOG_ERR, "fcntl for %s fd %d: %s", c->hostname, c->socket, strerror(errno));
67 unsigned long arg = 1;
69 if(ioctlsocket(c->socket, FIONBIO, &arg) != 0) {
70 logger(DEBUG_ALWAYS, LOG_ERR, "ioctlsocket for %s fd %d: %s", c->hostname, c->socket, sockstrerror(sockerrno));
75 #if defined(TCP_NODELAY)
77 setsockopt(c->socket, IPPROTO_TCP, TCP_NODELAY, (void *)&option, sizeof(option));
80 #if defined(IP_TOS) && defined(IPTOS_LOWDELAY)
81 option = IPTOS_LOWDELAY;
82 setsockopt(c->socket, IPPROTO_IP, IP_TOS, (void *)&option, sizeof(option));
85 #if defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
86 option = IPTOS_LOWDELAY;
87 setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
93 setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
99 static bool bind_to_interface(int sd) {
102 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
105 #endif /* defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) */
107 if(!get_config_string(lookup_config(config_tree, "BindToInterface"), &iface)) {
111 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
112 memset(&ifr, 0, sizeof(ifr));
113 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
114 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
116 status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
119 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
120 sockstrerror(sockerrno));
124 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
126 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
132 static bool bind_to_address(connection_t *c) {
135 for(int i = 0; i < listen_sockets && listen_socket[i].bindto; i++) {
136 if(listen_socket[i].sa.sa.sa_family != c->address.sa.sa_family) {
151 sockaddr_t sa = listen_socket[s].sa;
153 if(sa.sa.sa_family == AF_INET) {
155 } else if(sa.sa.sa_family == AF_INET6) {
156 sa.in6.sin6_port = 0;
159 if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
160 logger(DEBUG_CONNECTIONS, LOG_WARNING, "Can't bind outgoing socket: %s", sockstrerror(sockerrno));
167 int setup_listen_socket(const sockaddr_t *sa) {
173 nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
176 logger(DEBUG_STATUS, LOG_ERR, "Creating metasocket failed: %s", sockstrerror(sockerrno));
181 fcntl(nfd, F_SETFD, FD_CLOEXEC);
184 /* Optimize TCP settings */
187 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
189 #if defined(IPV6_V6ONLY)
191 if(sa->sa.sa_family == AF_INET6) {
192 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
196 #warning IPV6_V6ONLY not defined
202 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
208 (lookup_config(config_tree, "BindToInterface"), &iface)) {
209 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
212 memset(&ifr, 0, sizeof(ifr));
213 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
214 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
216 if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
218 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
219 sockstrerror(sockerrno));
224 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
228 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
230 addrstr = sockaddr2hostname(sa);
231 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
238 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "listen", sockstrerror(sockerrno));
245 int setup_vpn_in_socket(const sockaddr_t *sa) {
250 nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
253 logger(DEBUG_ALWAYS, LOG_ERR, "Creating UDP socket failed: %s", sockstrerror(sockerrno));
258 fcntl(nfd, F_SETFD, FD_CLOEXEC);
263 int flags = fcntl(nfd, F_GETFL);
265 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) {
267 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl",
274 unsigned long arg = 1;
276 if(ioctlsocket(nfd, FIONBIO, &arg) != 0) {
278 logger(DEBUG_ALWAYS, LOG_ERR, "Call to `%s' failed: %s", "ioctlsocket", sockstrerror(sockerrno));
285 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
286 setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof(option));
288 if(udp_rcvbuf && setsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf, sizeof(udp_rcvbuf))) {
289 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, sockstrerror(sockerrno));
292 if(udp_sndbuf && setsockopt(nfd, SOL_SOCKET, SO_SNDBUF, (void *)&udp_sndbuf, sizeof(udp_sndbuf))) {
293 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, sockstrerror(sockerrno));
296 #if defined(IPV6_V6ONLY)
298 if(sa->sa.sa_family == AF_INET6) {
299 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
304 #if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
305 #define IP_DONTFRAGMENT IP_DONTFRAG
308 #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
310 if(myself->options & OPTION_PMTU_DISCOVERY) {
311 option = IP_PMTUDISC_DO;
312 setsockopt(nfd, IPPROTO_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
315 #elif defined(IP_DONTFRAGMENT)
317 if(myself->options & OPTION_PMTU_DISCOVERY) {
319 setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
324 #if defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
326 if(myself->options & OPTION_PMTU_DISCOVERY) {
327 option = IPV6_PMTUDISC_DO;
328 setsockopt(nfd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
331 #elif defined(IPV6_DONTFRAG)
333 if(myself->options & OPTION_PMTU_DISCOVERY) {
335 setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
343 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
348 if(!bind_to_interface(nfd)) {
353 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
355 addrstr = sockaddr2hostname(sa);
356 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/udp: %s", addrstr, sockstrerror(sockerrno));
362 } /* int setup_vpn_in_socket */
364 static void retry_outgoing_handler(void *data) {
365 setup_outgoing_connection(data, true);
368 void retry_outgoing(outgoing_t *outgoing) {
369 outgoing->timeout += 5;
371 if(outgoing->timeout > maxtimeout) {
372 outgoing->timeout = maxtimeout;
375 timeout_add(&outgoing->ev, retry_outgoing_handler, outgoing, &(struct timeval) {
376 outgoing->timeout, rand() % 100000
379 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Trying to re-establish outgoing connection in %d seconds", outgoing->timeout);
382 void finish_connecting(connection_t *c) {
383 logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
385 c->last_ping_time = now.tv_sec;
386 c->status.connecting = false;
391 static void do_outgoing_pipe(connection_t *c, const char *command) {
395 if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
396 logger(DEBUG_ALWAYS, LOG_ERR, "Could not create socketpair: %s", sockstrerror(sockerrno));
403 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Using proxy %s", command);
414 // Other filedescriptors should be closed automatically by CLOEXEC
419 sockaddr2str(&c->address, &host, &port);
420 setenv("REMOTEADDRESS", host, true);
421 setenv("REMOTEPORT", port, true);
422 setenv("NODE", c->name, true);
423 setenv("NAME", myself->name, true);
426 setenv("NETNAME", netname, true);
429 int result = system(command);
432 logger(DEBUG_ALWAYS, LOG_ERR, "Could not execute %s: %s", command, strerror(errno));
434 logger(DEBUG_ALWAYS, LOG_ERR, "%s exited with non-zero status %d", command, result);
441 logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
446 static void handle_meta_write(connection_t *c) {
447 if(c->outbuf.len <= c->outbuf.offset) {
451 ssize_t outlen = send(c->socket, c->outbuf.data + c->outbuf.offset, c->outbuf.len - c->outbuf.offset, 0);
454 if(!sockerrno || sockerrno == EPIPE) {
455 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname);
456 } else if(sockwouldblock(sockerrno)) {
457 logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes to %s (%s) would block", c->outbuf.len - c->outbuf.offset, c->name, c->hostname);
460 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not send %d bytes of data to %s (%s): %s", c->outbuf.len - c->outbuf.offset, c->name, c->hostname, sockstrerror(sockerrno));
463 terminate_connection(c, c->edge);
467 buffer_read(&c->outbuf, outlen);
470 io_set(&c->io, IO_READ);
474 static void handle_meta_io(void *data, int flags) {
475 connection_t *c = data;
477 if(c->status.connecting) {
479 The event loop does not protect against spurious events. Verify that we are actually connected
480 by issuing an empty send() call.
482 Note that the behavior of send() on potentially unconnected sockets differ between platforms:
483 +------------+-----------+-------------+-----------+
484 | Event | POSIX | Linux | Windows |
485 +------------+-----------+-------------+-----------+
486 | Spurious | ENOTCONN | EWOULDBLOCK | ENOTCONN |
487 | Failed | ENOTCONN | (cause) | ENOTCONN |
488 | Successful | (success) | (success) | (success) |
489 +------------+-----------+-------------+-----------+
491 if(send(c->socket, NULL, 0, 0) != 0) {
492 if(sockwouldblock(sockerrno)) {
498 if(!socknotconn(sockerrno)) {
499 socket_error = sockerrno;
501 socklen_t len = sizeof(socket_error);
502 getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&socket_error, &len);
506 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(socket_error));
507 terminate_connection(c, false);
513 c->status.connecting = false;
514 finish_connecting(c);
517 if(flags & IO_WRITE) {
518 handle_meta_write(c);
520 handle_meta_connection_data(c);
524 bool do_outgoing_connection(outgoing_t *outgoing) {
525 const sockaddr_t *sa;
526 struct addrinfo *proxyai = NULL;
530 sa = get_recent_address(outgoing->address_cache);
533 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name);
534 retry_outgoing(outgoing);
538 connection_t *c = new_connection();
539 c->outgoing = outgoing;
540 memcpy(&c->address, sa, SALEN(sa->sa));
541 c->hostname = sockaddr2hostname(&c->address);
543 logger(DEBUG_CONNECTIONS, LOG_INFO, "Trying to connect to %s (%s)", outgoing->node->name, c->hostname);
546 c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
548 } else if(proxytype == PROXY_EXEC) {
549 do_outgoing_pipe(c, proxyhost);
551 proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
558 logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
559 c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
563 if(c->socket == -1) {
564 logger(DEBUG_CONNECTIONS, LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno));
570 fcntl(c->socket, F_SETFD, FD_CLOEXEC);
573 if(proxytype != PROXY_EXEC) {
574 #if defined(IPV6_V6ONLY)
577 if(c->address.sa.sa_family == AF_INET6) {
578 setsockopt(c->socket, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
583 bind_to_interface(c->socket);
590 result = connect(c->socket, &c->address.sa, SALEN(c->address.sa));
591 } else if(proxytype == PROXY_EXEC) {
598 result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen);
599 freeaddrinfo(proxyai);
602 if(result == -1 && !sockinprogress(sockerrno)) {
603 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not connect to %s (%s): %s", outgoing->node->name, c->hostname, sockstrerror(sockerrno));
609 /* Now that there is a working socket, fill in the rest and register this connection. */
611 c->last_ping_time = time(NULL);
612 c->status.connecting = true;
613 c->name = xstrdup(outgoing->node->name);
614 #ifndef DISABLE_LEGACY
615 c->outcipher = myself->connection->outcipher;
616 c->outdigest = myself->connection->outdigest;
618 c->outmaclength = myself->connection->outmaclength;
619 c->outcompression = myself->connection->outcompression;
620 c->last_ping_time = now.tv_sec;
624 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ | IO_WRITE);
629 void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
631 timeout_del(&outgoing->ev);
633 node_t *n = outgoing->node;
636 logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name);
638 if(!n->connection->outgoing) {
639 n->connection->outgoing = outgoing;
646 if(!outgoing->address_cache) {
647 outgoing->address_cache = open_address_cache(n);
650 do_outgoing_connection(outgoing);
654 list_delete(outgoing_list, outgoing);
658 accept a new tcp connect and create a
661 void handle_new_meta_connection(void *data, int flags) {
663 listen_socket_t *l = data;
667 socklen_t len = sizeof(sa);
669 fd = accept(l->tcp.fd, &sa.sa, &len);
672 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
678 // Check if we get many connections from the same host
680 static sockaddr_t prev_sa;
682 if(!sockaddrcmp_noport(&sa, &prev_sa)) {
683 static int samehost_burst;
684 static int samehost_burst_time;
686 if(now.tv_sec - samehost_burst_time > samehost_burst) {
689 samehost_burst -= now.tv_sec - samehost_burst_time;
692 samehost_burst_time = now.tv_sec;
695 if(samehost_burst > max_connection_burst) {
701 memcpy(&prev_sa, &sa, sizeof(sa));
703 // Check if we get many connections from different hosts
705 static int connection_burst;
706 static int connection_burst_time;
708 if(now.tv_sec - connection_burst_time > connection_burst) {
709 connection_burst = 0;
711 connection_burst -= now.tv_sec - connection_burst_time;
714 connection_burst_time = now.tv_sec;
717 if(connection_burst >= max_connection_burst) {
718 connection_burst = max_connection_burst;
723 // Accept the new connection
725 c = new_connection();
726 c->name = xstrdup("<unknown>");
727 #ifndef DISABLE_LEGACY
728 c->outcipher = myself->connection->outcipher;
729 c->outdigest = myself->connection->outdigest;
731 c->outmaclength = myself->connection->outmaclength;
732 c->outcompression = myself->connection->outcompression;
735 c->hostname = sockaddr2hostname(&sa);
737 c->last_ping_time = now.tv_sec;
739 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
741 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
747 c->allow_request = ID;
752 accept a new UNIX socket connection
754 void handle_new_unix_connection(void *data, int flags) {
760 socklen_t len = sizeof(sa);
762 fd = accept(io->fd, &sa.sa, &len);
765 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
771 c = new_connection();
772 c->name = xstrdup("<control>");
774 c->hostname = xstrdup("localhost port unix");
776 c->last_ping_time = now.tv_sec;
778 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
780 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
784 c->allow_request = ID;
788 static void free_outgoing(outgoing_t *outgoing) {
789 timeout_del(&outgoing->ev);
791 if(outgoing->address_cache) {
792 close_address_cache(outgoing->address_cache);
798 void try_outgoing_connections(void) {
799 /* If there is no outgoing list yet, create one. Otherwise, mark all outgoings as deleted. */
802 outgoing_list = list_alloc((list_action_t)free_outgoing);
804 for list_each(outgoing_t, outgoing, outgoing_list) {
805 outgoing->timeout = -1;
809 /* Make sure there is one outgoing_t in the list for each ConnectTo. */
811 for(config_t *cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
813 get_config_string(cfg, &name);
815 if(!check_id(name)) {
816 logger(DEBUG_ALWAYS, LOG_ERR,
817 "Invalid name for outgoing connection in %s line %d",
818 cfg->file, cfg->line);
823 if(!strcmp(name, myself->name)) {
830 for list_each(outgoing_t, outgoing, outgoing_list) {
831 if(!strcmp(outgoing->node->name, name)) {
833 outgoing->timeout = 0;
839 outgoing_t *outgoing = xzalloc(sizeof(*outgoing));
840 node_t *n = lookup_node(name);
844 n->name = xstrdup(name);
849 list_insert_tail(outgoing_list, outgoing);
850 setup_outgoing_connection(outgoing, true);
854 /* Terminate any connections whose outgoing_t is to be deleted. */
856 for list_each(connection_t, c, connection_list) {
857 if(c->outgoing && c->outgoing->timeout == -1) {
859 logger(DEBUG_CONNECTIONS, LOG_INFO, "No more outgoing connection to %s", c->name);
860 terminate_connection(c, c->edge);
864 /* Delete outgoing_ts for which there is no ConnectTo. */
866 for list_each(outgoing_t, outgoing, outgoing_list)
867 if(outgoing->timeout == -1) {
868 list_delete_node(outgoing_list, node);