2 net_socket.c -- Handle various kinds of sockets.
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2018 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2009 Florian Forster <octo@verplant.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "address_cache.h"
27 #include "connection.h"
38 int addressfamily = AF_UNSPEC;
40 int seconds_till_retry = 5;
41 int udp_rcvbuf = 1024 * 1024;
42 int udp_sndbuf = 1024 * 1024;
43 bool udp_rcvbuf_warnings;
44 bool udp_sndbuf_warnings;
45 int max_connection_burst = 10;
48 listen_socket_t listen_socket[MAXSOCKETS];
54 static void free_outgoing(outgoing_t *outgoing) {
55 timeout_del(&outgoing->ev);
59 list_t outgoing_list = {
63 .delete = (list_action_t)free_outgoing,
68 static void configure_tcp(connection_t *c) {
72 int flags = fcntl(c->socket, F_GETFL);
74 if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) {
75 logger(DEBUG_ALWAYS, LOG_ERR, "fcntl for %s fd %d: %s", c->hostname, c->socket, strerror(errno));
79 unsigned long arg = 1;
81 if(ioctlsocket(c->socket, FIONBIO, &arg) != 0) {
82 logger(DEBUG_ALWAYS, LOG_ERR, "ioctlsocket for %s fd %d: %s", c->hostname, c->socket, sockstrerror(sockerrno));
87 #if defined(TCP_NODELAY)
89 setsockopt(c->socket, IPPROTO_TCP, TCP_NODELAY, (void *)&option, sizeof(option));
92 #if defined(IP_TOS) && defined(IPTOS_LOWDELAY)
93 option = IPTOS_LOWDELAY;
94 setsockopt(c->socket, IPPROTO_IP, IP_TOS, (void *)&option, sizeof(option));
97 #if defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
98 option = IPTOS_LOWDELAY;
99 setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
105 setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
111 static bool bind_to_interface(int sd) {
114 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
117 #endif /* defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) */
119 if(!get_config_string(lookup_config(&config_tree, "BindToInterface"), &iface)) {
123 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
124 memset(&ifr, 0, sizeof(ifr));
125 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
126 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
128 status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
131 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
132 sockstrerror(sockerrno));
136 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
138 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
144 static bool bind_to_address(connection_t *c) {
147 for(int i = 0; i < listen_sockets && listen_socket[i].bindto; i++) {
148 if(listen_socket[i].sa.sa.sa_family != c->address.sa.sa_family) {
163 sockaddr_t sa = listen_socket[s].sa;
165 if(sa.sa.sa_family == AF_INET) {
167 } else if(sa.sa.sa_family == AF_INET6) {
168 sa.in6.sin6_port = 0;
171 if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
172 logger(DEBUG_CONNECTIONS, LOG_WARNING, "Can't bind outgoing socket: %s", sockstrerror(sockerrno));
179 int setup_listen_socket(const sockaddr_t *sa) {
185 nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
188 logger(DEBUG_STATUS, LOG_ERR, "Creating metasocket failed: %s", sockstrerror(sockerrno));
193 fcntl(nfd, F_SETFD, FD_CLOEXEC);
196 /* Optimize TCP settings */
199 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
201 #if defined(IPV6_V6ONLY)
203 if(sa->sa.sa_family == AF_INET6) {
204 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
208 #warning IPV6_V6ONLY not defined
214 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
220 (lookup_config(&config_tree, "BindToInterface"), &iface)) {
221 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
224 memset(&ifr, 0, sizeof(ifr));
225 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
226 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
228 if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
230 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
231 sockstrerror(sockerrno));
236 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
240 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
242 addrstr = sockaddr2hostname(sa);
243 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
250 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "listen", sockstrerror(sockerrno));
257 static void set_udp_buffer(int nfd, int type, const char *name, int size, bool warnings) {
262 if(setsockopt(nfd, SOL_SOCKET, type, (void *)&size, sizeof(size))) {
263 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP %s to %i: %s", name, size, sockstrerror(sockerrno));
271 // The system may cap the requested buffer size.
272 // Read back the value and check if it is now as requested.
274 socklen_t optlen = sizeof(actual);
276 if(getsockopt(nfd, SOL_SOCKET, type, (void *)&actual, &optlen)) {
277 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP %s: %s", name, sockstrerror(sockerrno));
278 } else if(optlen != sizeof(actual)) {
279 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP %s: unexpected returned optlen %d", name, (int)optlen);
280 } else if(actual < size) {
281 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP %s to %i, the system set it to %i instead", name, size, actual);
286 int setup_vpn_in_socket(const sockaddr_t *sa) {
291 nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
294 logger(DEBUG_ALWAYS, LOG_ERR, "Creating UDP socket failed: %s", sockstrerror(sockerrno));
299 fcntl(nfd, F_SETFD, FD_CLOEXEC);
304 int flags = fcntl(nfd, F_GETFL);
306 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) {
308 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl",
315 unsigned long arg = 1;
317 if(ioctlsocket(nfd, FIONBIO, &arg) != 0) {
319 logger(DEBUG_ALWAYS, LOG_ERR, "Call to `%s' failed: %s", "ioctlsocket", sockstrerror(sockerrno));
326 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
327 setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof(option));
329 set_udp_buffer(nfd, SO_RCVBUF, "SO_RCVBUF", udp_rcvbuf, udp_rcvbuf_warnings);
330 set_udp_buffer(nfd, SO_SNDBUF, "SO_SNDBUF", udp_sndbuf, udp_sndbuf_warnings);
332 #if defined(IPV6_V6ONLY)
334 if(sa->sa.sa_family == AF_INET6) {
335 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
340 #if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
341 #define IP_DONTFRAGMENT IP_DONTFRAG
344 #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
346 if(myself->options & OPTION_PMTU_DISCOVERY) {
347 option = IP_PMTUDISC_DO;
348 setsockopt(nfd, IPPROTO_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
351 #elif defined(IP_DONTFRAGMENT)
353 if(myself->options & OPTION_PMTU_DISCOVERY) {
355 setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
360 #if defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
362 if(myself->options & OPTION_PMTU_DISCOVERY) {
363 option = IPV6_PMTUDISC_DO;
364 setsockopt(nfd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
367 #elif defined(IPV6_DONTFRAG)
369 if(myself->options & OPTION_PMTU_DISCOVERY) {
371 setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
379 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
384 if(!bind_to_interface(nfd)) {
389 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
391 addrstr = sockaddr2hostname(sa);
392 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/udp: %s", addrstr, sockstrerror(sockerrno));
398 } /* int setup_vpn_in_socket */
400 static void retry_outgoing_handler(void *data) {
401 setup_outgoing_connection(data, true);
404 void retry_outgoing(outgoing_t *outgoing) {
405 outgoing->timeout += 5;
407 if(outgoing->timeout > maxtimeout) {
408 outgoing->timeout = maxtimeout;
411 timeout_add(&outgoing->ev, retry_outgoing_handler, outgoing, &(struct timeval) {
412 outgoing->timeout, jitter()
415 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Trying to re-establish outgoing connection in %d seconds", outgoing->timeout);
418 void finish_connecting(connection_t *c) {
419 logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
421 c->last_ping_time = now.tv_sec;
422 c->status.connecting = false;
427 static void do_outgoing_pipe(connection_t *c, const char *command) {
431 if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
432 logger(DEBUG_ALWAYS, LOG_ERR, "Could not create socketpair: %s", sockstrerror(sockerrno));
439 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Using proxy %s", command);
450 // Other filedescriptors should be closed automatically by CLOEXEC
455 sockaddr2str(&c->address, &host, &port);
456 setenv("REMOTEADDRESS", host, true);
457 setenv("REMOTEPORT", port, true);
458 setenv("NODE", c->name, true);
459 setenv("NAME", myself->name, true);
462 setenv("NETNAME", netname, true);
465 int result = system(command);
468 logger(DEBUG_ALWAYS, LOG_ERR, "Could not execute %s: %s", command, strerror(errno));
470 logger(DEBUG_ALWAYS, LOG_ERR, "%s exited with non-zero status %d", command, result);
477 logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
482 static void handle_meta_write(connection_t *c) {
483 if(c->outbuf.len <= c->outbuf.offset) {
487 ssize_t outlen = send(c->socket, c->outbuf.data + c->outbuf.offset, c->outbuf.len - c->outbuf.offset, 0);
490 if(!sockerrno || sockerrno == EPIPE) {
491 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname);
492 } else if(sockwouldblock(sockerrno)) {
493 logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes to %s (%s) would block", c->outbuf.len - c->outbuf.offset, c->name, c->hostname);
496 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not send %d bytes of data to %s (%s): %s", c->outbuf.len - c->outbuf.offset, c->name, c->hostname, sockstrerror(sockerrno));
499 terminate_connection(c, c->edge);
503 buffer_read(&c->outbuf, outlen);
506 io_set(&c->io, IO_READ);
510 static void handle_meta_io(void *data, int flags) {
511 connection_t *c = data;
513 if(c->status.connecting) {
515 The event loop does not protect against spurious events. Verify that we are actually connected
516 by issuing an empty send() call.
518 Note that the behavior of send() on potentially unconnected sockets differ between platforms:
519 +------------+-----------+-------------+-----------+
520 | Event | POSIX | Linux | Windows |
521 +------------+-----------+-------------+-----------+
522 | Spurious | ENOTCONN | EWOULDBLOCK | ENOTCONN |
523 | Failed | ENOTCONN | (cause) | ENOTCONN |
524 | Successful | (success) | (success) | (success) |
525 +------------+-----------+-------------+-----------+
527 if(send(c->socket, NULL, 0, 0) != 0) {
528 if(sockwouldblock(sockerrno)) {
534 if(!socknotconn(sockerrno)) {
535 socket_error = sockerrno;
537 socklen_t len = sizeof(socket_error);
538 getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&socket_error, &len);
542 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(socket_error));
543 terminate_connection(c, false);
549 c->status.connecting = false;
550 finish_connecting(c);
553 if(flags & IO_WRITE) {
554 handle_meta_write(c);
556 handle_meta_connection_data(c);
560 bool do_outgoing_connection(outgoing_t *outgoing) {
561 const sockaddr_t *sa;
562 struct addrinfo *proxyai = NULL;
566 sa = get_recent_address(outgoing->node->address_cache);
569 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name);
570 retry_outgoing(outgoing);
574 connection_t *c = new_connection();
575 c->outgoing = outgoing;
576 memcpy(&c->address, sa, SALEN(sa->sa));
577 c->hostname = sockaddr2hostname(&c->address);
579 logger(DEBUG_CONNECTIONS, LOG_INFO, "Trying to connect to %s (%s)", outgoing->node->name, c->hostname);
582 c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
584 } else if(proxytype == PROXY_EXEC) {
585 do_outgoing_pipe(c, proxyhost);
587 proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
594 logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
595 c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
599 if(c->socket == -1) {
600 logger(DEBUG_CONNECTIONS, LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno));
606 fcntl(c->socket, F_SETFD, FD_CLOEXEC);
609 if(proxytype != PROXY_EXEC) {
610 #if defined(IPV6_V6ONLY)
613 if(c->address.sa.sa_family == AF_INET6) {
614 setsockopt(c->socket, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
619 bind_to_interface(c->socket);
626 result = connect(c->socket, &c->address.sa, SALEN(c->address.sa));
627 } else if(proxytype == PROXY_EXEC) {
634 result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen);
635 freeaddrinfo(proxyai);
638 if(result == -1 && !sockinprogress(sockerrno)) {
639 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not connect to %s (%s): %s", outgoing->node->name, c->hostname, sockstrerror(sockerrno));
645 /* Now that there is a working socket, fill in the rest and register this connection. */
647 c->last_ping_time = time(NULL);
648 c->status.connecting = true;
649 c->name = xstrdup(outgoing->node->name);
650 #ifndef DISABLE_LEGACY
651 c->outcipher = myself->connection->outcipher;
652 c->outdigest = myself->connection->outdigest;
654 c->outmaclength = myself->connection->outmaclength;
655 c->outcompression = myself->connection->outcompression;
656 c->last_ping_time = now.tv_sec;
660 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ | IO_WRITE);
665 void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
667 timeout_del(&outgoing->ev);
669 node_t *n = outgoing->node;
671 if(!n->address_cache) {
672 n->address_cache = open_address_cache(n);
676 logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name);
678 if(!n->connection->outgoing) {
679 n->connection->outgoing = outgoing;
686 do_outgoing_connection(outgoing);
690 list_delete(&outgoing_list, outgoing);
694 accept a new tcp connect and create a
697 void handle_new_meta_connection(void *data, int flags) {
699 listen_socket_t *l = data;
703 socklen_t len = sizeof(sa);
705 fd = accept(l->tcp.fd, &sa.sa, &len);
708 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
714 // Check if we get many connections from the same host
716 static sockaddr_t prev_sa;
718 if(!sockaddrcmp_noport(&sa, &prev_sa)) {
719 static time_t samehost_burst;
720 static time_t samehost_burst_time;
722 if(now.tv_sec - samehost_burst_time > samehost_burst) {
725 samehost_burst -= now.tv_sec - samehost_burst_time;
728 samehost_burst_time = now.tv_sec;
731 if(samehost_burst > max_connection_burst) {
737 memcpy(&prev_sa, &sa, sizeof(sa));
739 // Check if we get many connections from different hosts
741 static time_t connection_burst;
742 static time_t connection_burst_time;
744 if(now.tv_sec - connection_burst_time > connection_burst) {
745 connection_burst = 0;
747 connection_burst -= now.tv_sec - connection_burst_time;
750 connection_burst_time = now.tv_sec;
753 if(connection_burst >= max_connection_burst) {
754 connection_burst = max_connection_burst;
759 // Accept the new connection
761 c = new_connection();
762 c->name = xstrdup("<unknown>");
763 #ifndef DISABLE_LEGACY
764 c->outcipher = myself->connection->outcipher;
765 c->outdigest = myself->connection->outdigest;
767 c->outmaclength = myself->connection->outmaclength;
768 c->outcompression = myself->connection->outcompression;
771 c->hostname = sockaddr2hostname(&sa);
773 c->last_ping_time = now.tv_sec;
775 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
777 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
783 c->allow_request = ID;
788 accept a new UNIX socket connection
790 void handle_new_unix_connection(void *data, int flags) {
796 socklen_t len = sizeof(sa);
798 fd = accept(io->fd, &sa.sa, &len);
801 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
807 c = new_connection();
808 c->name = xstrdup("<control>");
810 c->hostname = xstrdup("localhost port unix");
812 c->last_ping_time = now.tv_sec;
814 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
816 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
820 c->allow_request = ID;
824 void try_outgoing_connections(void) {
825 /* If there is no outgoing list yet, create one. Otherwise, mark all outgoings as deleted. */
827 for list_each(outgoing_t, outgoing, &outgoing_list) {
828 outgoing->timeout = -1;
831 /* Make sure there is one outgoing_t in the list for each ConnectTo. */
833 for(config_t *cfg = lookup_config(&config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(&config_tree, cfg)) {
835 get_config_string(cfg, &name);
837 if(!check_id(name)) {
838 logger(DEBUG_ALWAYS, LOG_ERR,
839 "Invalid name for outgoing connection in %s line %d",
840 cfg->file, cfg->line);
845 if(!strcmp(name, myself->name)) {
852 for list_each(outgoing_t, outgoing, &outgoing_list) {
853 if(!strcmp(outgoing->node->name, name)) {
855 outgoing->timeout = 0;
861 outgoing_t *outgoing = xzalloc(sizeof(*outgoing));
862 node_t *n = lookup_node(name);
866 n->name = xstrdup(name);
873 list_insert_tail(&outgoing_list, outgoing);
874 setup_outgoing_connection(outgoing, true);
878 /* Terminate any connections whose outgoing_t is to be deleted. */
880 for list_each(connection_t, c, &connection_list) {
881 if(c->outgoing && c->outgoing->timeout == -1) {
883 logger(DEBUG_CONNECTIONS, LOG_INFO, "No more outgoing connection to %s", c->name);
884 terminate_connection(c, c->edge);
888 /* Delete outgoing_ts for which there is no ConnectTo. */
890 for list_each(outgoing_t, outgoing, &outgoing_list)
891 if(outgoing->timeout == -1) {
892 list_delete_node(&outgoing_list, node);
projects / tinc / blob