2 net_socket.c -- Handle various kinds of sockets.
3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2009 Florian Forster <octo@verplant.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "address_cache.h"
27 #include "connection.h"
28 #include "control_common.h"
39 int addressfamily = AF_UNSPEC;
41 int seconds_till_retry = 5;
42 int udp_rcvbuf = 1024 * 1024;
43 int udp_sndbuf = 1024 * 1024;
44 int max_connection_burst = 10;
47 listen_socket_t listen_socket[MAXSOCKETS];
52 list_t *outgoing_list = NULL;
56 static void configure_tcp(connection_t *c) {
60 int flags = fcntl(c->socket, F_GETFL);
62 if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) {
63 logger(DEBUG_ALWAYS, LOG_ERR, "fcntl for %s fd %d: %s", c->hostname, c->socket, strerror(errno));
67 unsigned long arg = 1;
69 if(ioctlsocket(c->socket, FIONBIO, &arg) != 0) {
70 logger(DEBUG_ALWAYS, LOG_ERR, "ioctlsocket for %s fd %d: %s", c->hostname, c->socket, sockstrerror(sockerrno));
75 #if defined(TCP_NODELAY)
77 setsockopt(c->socket, IPPROTO_TCP, TCP_NODELAY, (void *)&option, sizeof(option));
80 #if defined(IP_TOS) && defined(IPTOS_LOWDELAY)
81 option = IPTOS_LOWDELAY;
82 setsockopt(c->socket, IPPROTO_IP, IP_TOS, (void *)&option, sizeof(option));
85 #if defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
86 option = IPTOS_LOWDELAY;
87 setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
93 setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
99 static bool bind_to_interface(int sd) {
102 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
105 #endif /* defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) */
107 if(!get_config_string(lookup_config(config_tree, "BindToInterface"), &iface)) {
111 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
112 memset(&ifr, 0, sizeof(ifr));
113 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
114 ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
116 status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
119 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
120 sockstrerror(sockerrno));
124 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
125 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
131 static bool bind_to_address(connection_t *c) {
134 for(int i = 0; i < listen_sockets && listen_socket[i].bindto; i++) {
135 if(listen_socket[i].sa.sa.sa_family != c->address.sa.sa_family) {
150 sockaddr_t sa = listen_socket[s].sa;
152 if(sa.sa.sa_family == AF_INET) {
154 } else if(sa.sa.sa_family == AF_INET6) {
155 sa.in6.sin6_port = 0;
158 if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
159 logger(DEBUG_CONNECTIONS, LOG_WARNING, "Can't bind outgoing socket: %s", sockstrerror(sockerrno));
166 int setup_listen_socket(const sockaddr_t *sa) {
172 nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
175 logger(DEBUG_STATUS, LOG_ERR, "Creating metasocket failed: %s", sockstrerror(sockerrno));
180 fcntl(nfd, F_SETFD, FD_CLOEXEC);
183 /* Optimize TCP settings */
186 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
188 #if defined(IPV6_V6ONLY)
190 if(sa->sa.sa_family == AF_INET6) {
191 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
195 #warning IPV6_V6ONLY not defined
201 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
207 (lookup_config(config_tree, "BindToInterface"), &iface)) {
208 #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
211 memset(&ifr, 0, sizeof(ifr));
212 strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
214 if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
216 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
217 sockstrerror(sockerrno));
222 logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
226 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
228 addrstr = sockaddr2hostname(sa);
229 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
236 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "listen", sockstrerror(sockerrno));
243 int setup_vpn_in_socket(const sockaddr_t *sa) {
248 nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
251 logger(DEBUG_ALWAYS, LOG_ERR, "Creating UDP socket failed: %s", sockstrerror(sockerrno));
256 fcntl(nfd, F_SETFD, FD_CLOEXEC);
261 int flags = fcntl(nfd, F_GETFL);
263 if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) {
265 logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl",
272 unsigned long arg = 1;
274 if(ioctlsocket(nfd, FIONBIO, &arg) != 0) {
276 logger(DEBUG_ALWAYS, LOG_ERR, "Call to `%s' failed: %s", "ioctlsocket", sockstrerror(sockerrno));
283 setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
284 setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof(option));
286 if(udp_rcvbuf && setsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf, sizeof(udp_rcvbuf))) {
287 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, sockstrerror(sockerrno));
290 if(udp_sndbuf && setsockopt(nfd, SOL_SOCKET, SO_SNDBUF, (void *)&udp_sndbuf, sizeof(udp_sndbuf))) {
291 logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, sockstrerror(sockerrno));
294 #if defined(IPV6_V6ONLY)
296 if(sa->sa.sa_family == AF_INET6) {
297 setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
302 #if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
303 #define IP_DONTFRAGMENT IP_DONTFRAG
306 #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
308 if(myself->options & OPTION_PMTU_DISCOVERY) {
309 option = IP_PMTUDISC_DO;
310 setsockopt(nfd, IPPROTO_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
313 #elif defined(IP_DONTFRAGMENT)
315 if(myself->options & OPTION_PMTU_DISCOVERY) {
317 setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
322 #if defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
324 if(myself->options & OPTION_PMTU_DISCOVERY) {
325 option = IPV6_PMTUDISC_DO;
326 setsockopt(nfd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
329 #elif defined(IPV6_DONTFRAG)
331 if(myself->options & OPTION_PMTU_DISCOVERY) {
333 setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
341 setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
346 if(!bind_to_interface(nfd)) {
351 if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
353 addrstr = sockaddr2hostname(sa);
354 logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/udp: %s", addrstr, sockstrerror(sockerrno));
360 } /* int setup_vpn_in_socket */
362 static void retry_outgoing_handler(void *data) {
363 setup_outgoing_connection(data, true);
366 void retry_outgoing(outgoing_t *outgoing) {
367 outgoing->timeout += 5;
369 if(outgoing->timeout > maxtimeout) {
370 outgoing->timeout = maxtimeout;
373 timeout_add(&outgoing->ev, retry_outgoing_handler, outgoing, &(struct timeval) {
374 outgoing->timeout, rand() % 100000
377 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Trying to re-establish outgoing connection in %d seconds", outgoing->timeout);
380 void finish_connecting(connection_t *c) {
381 logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
383 c->last_ping_time = now.tv_sec;
384 c->status.connecting = false;
389 static void do_outgoing_pipe(connection_t *c, char *command) {
393 if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
394 logger(DEBUG_ALWAYS, LOG_ERR, "Could not create socketpair: %s", sockstrerror(sockerrno));
401 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Using proxy %s", command);
412 // Other filedescriptors should be closed automatically by CLOEXEC
417 sockaddr2str(&c->address, &host, &port);
418 setenv("REMOTEADDRESS", host, true);
419 setenv("REMOTEPORT", port, true);
420 setenv("NODE", c->name, true);
421 setenv("NAME", myself->name, true);
424 setenv("NETNAME", netname, true);
427 int result = system(command);
430 logger(DEBUG_ALWAYS, LOG_ERR, "Could not execute %s: %s", command, strerror(errno));
432 logger(DEBUG_ALWAYS, LOG_ERR, "%s exited with non-zero status %d", command, result);
437 logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
442 static void handle_meta_write(connection_t *c) {
443 if(c->outbuf.len <= c->outbuf.offset) {
447 ssize_t outlen = send(c->socket, c->outbuf.data + c->outbuf.offset, c->outbuf.len - c->outbuf.offset, 0);
450 if(!sockerrno || sockerrno == EPIPE) {
451 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname);
452 } else if(sockwouldblock(sockerrno)) {
453 logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes to %s (%s) would block", c->outbuf.len - c->outbuf.offset, c->name, c->hostname);
456 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not send %d bytes of data to %s (%s): %s", c->outbuf.len - c->outbuf.offset, c->name, c->hostname, sockstrerror(sockerrno));
459 terminate_connection(c, c->edge);
463 buffer_read(&c->outbuf, outlen);
466 io_set(&c->io, IO_READ);
470 static void handle_meta_io(void *data, int flags) {
471 connection_t *c = data;
473 if(c->status.connecting) {
475 The event loop does not protect against spurious events. Verify that we are actually connected
476 by issuing an empty send() call.
478 Note that the behavior of send() on potentially unconnected sockets differ between platforms:
479 +------------+-----------+-------------+-----------+
480 | Event | POSIX | Linux | Windows |
481 +------------+-----------+-------------+-----------+
482 | Spurious | ENOTCONN | EWOULDBLOCK | ENOTCONN |
483 | Failed | ENOTCONN | (cause) | ENOTCONN |
484 | Successful | (success) | (success) | (success) |
485 +------------+-----------+-------------+-----------+
487 if(send(c->socket, NULL, 0, 0) != 0) {
488 if(sockwouldblock(sockerrno)) {
494 if(!socknotconn(sockerrno)) {
495 socket_error = sockerrno;
497 socklen_t len = sizeof(socket_error);
498 getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&socket_error, &len);
502 logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(socket_error));
503 terminate_connection(c, false);
509 c->status.connecting = false;
510 finish_connecting(c);
513 if(flags & IO_WRITE) {
514 handle_meta_write(c);
516 handle_meta_connection_data(c);
520 bool do_outgoing_connection(outgoing_t *outgoing) {
521 const sockaddr_t *sa;
522 struct addrinfo *proxyai = NULL;
526 sa = get_recent_address(outgoing->address_cache);
529 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name);
530 retry_outgoing(outgoing);
534 connection_t *c = new_connection();
535 c->outgoing = outgoing;
536 memcpy(&c->address, sa, SALEN(sa->sa));
537 c->hostname = sockaddr2hostname(&c->address);
539 logger(DEBUG_CONNECTIONS, LOG_INFO, "Trying to connect to %s (%s)", outgoing->node->name, c->hostname);
542 c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
544 } else if(proxytype == PROXY_EXEC) {
545 do_outgoing_pipe(c, proxyhost);
547 proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
554 logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
555 c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
559 if(c->socket == -1) {
560 logger(DEBUG_CONNECTIONS, LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno));
566 fcntl(c->socket, F_SETFD, FD_CLOEXEC);
569 if(proxytype != PROXY_EXEC) {
570 #if defined(IPV6_V6ONLY)
573 if(c->address.sa.sa_family == AF_INET6) {
574 setsockopt(c->socket, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
579 bind_to_interface(c->socket);
586 result = connect(c->socket, &c->address.sa, SALEN(c->address.sa));
587 } else if(proxytype == PROXY_EXEC) {
594 result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen);
595 freeaddrinfo(proxyai);
598 if(result == -1 && !sockinprogress(sockerrno)) {
599 logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not connect to %s (%s): %s", outgoing->node->name, c->hostname, sockstrerror(sockerrno));
605 /* Now that there is a working socket, fill in the rest and register this connection. */
607 c->last_ping_time = time(NULL);
608 c->status.connecting = true;
609 c->name = xstrdup(outgoing->node->name);
610 #ifndef DISABLE_LEGACY
611 c->outcipher = myself->connection->outcipher;
612 c->outdigest = myself->connection->outdigest;
614 c->outmaclength = myself->connection->outmaclength;
615 c->outcompression = myself->connection->outcompression;
616 c->last_ping_time = now.tv_sec;
620 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ | IO_WRITE);
625 void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
626 timeout_del(&outgoing->ev);
628 node_t *n = outgoing->node;
631 logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name);
633 if(!n->connection->outgoing) {
634 n->connection->outgoing = outgoing;
641 if(!outgoing->address_cache) {
642 outgoing->address_cache = open_address_cache(n);
645 do_outgoing_connection(outgoing);
649 list_delete(outgoing_list, outgoing);
653 accept a new tcp connect and create a
656 void handle_new_meta_connection(void *data, int flags) {
657 listen_socket_t *l = data;
661 socklen_t len = sizeof(sa);
663 fd = accept(l->tcp.fd, &sa.sa, &len);
666 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
672 // Check if we get many connections from the same host
674 static sockaddr_t prev_sa;
676 if(!sockaddrcmp_noport(&sa, &prev_sa)) {
677 static int samehost_burst;
678 static int samehost_burst_time;
680 if(now.tv_sec - samehost_burst_time > samehost_burst) {
683 samehost_burst -= now.tv_sec - samehost_burst_time;
686 samehost_burst_time = now.tv_sec;
689 if(samehost_burst > max_connection_burst) {
695 memcpy(&prev_sa, &sa, sizeof(sa));
697 // Check if we get many connections from different hosts
699 static int connection_burst;
700 static int connection_burst_time;
702 if(now.tv_sec - connection_burst_time > connection_burst) {
703 connection_burst = 0;
705 connection_burst -= now.tv_sec - connection_burst_time;
708 connection_burst_time = now.tv_sec;
711 if(connection_burst >= max_connection_burst) {
712 connection_burst = max_connection_burst;
717 // Accept the new connection
719 c = new_connection();
720 c->name = xstrdup("<unknown>");
721 #ifndef DISABLE_LEGACY
722 c->outcipher = myself->connection->outcipher;
723 c->outdigest = myself->connection->outdigest;
725 c->outmaclength = myself->connection->outmaclength;
726 c->outcompression = myself->connection->outcompression;
729 c->hostname = sockaddr2hostname(&sa);
731 c->last_ping_time = now.tv_sec;
733 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
735 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
741 c->allow_request = ID;
746 accept a new UNIX socket connection
748 void handle_new_unix_connection(void *data, int flags) {
753 socklen_t len = sizeof(sa);
755 fd = accept(io->fd, &sa.sa, &len);
758 logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
764 c = new_connection();
765 c->name = xstrdup("<control>");
767 c->hostname = xstrdup("localhost port unix");
769 c->last_ping_time = now.tv_sec;
771 logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
773 io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
777 c->allow_request = ID;
781 static void free_outgoing(outgoing_t *outgoing) {
782 timeout_del(&outgoing->ev);
784 if(outgoing->address_cache) {
785 close_address_cache(outgoing->address_cache);
791 void try_outgoing_connections(void) {
792 /* If there is no outgoing list yet, create one. Otherwise, mark all outgoings as deleted. */
795 outgoing_list = list_alloc((list_action_t)free_outgoing);
797 for list_each(outgoing_t, outgoing, outgoing_list) {
798 outgoing->timeout = -1;
802 /* Make sure there is one outgoing_t in the list for each ConnectTo. */
804 for(config_t *cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
806 get_config_string(cfg, &name);
808 if(!check_id(name)) {
809 logger(DEBUG_ALWAYS, LOG_ERR,
810 "Invalid name for outgoing connection in %s line %d",
811 cfg->file, cfg->line);
816 if(!strcmp(name, myself->name)) {
823 for list_each(outgoing_t, outgoing, outgoing_list) {
824 if(!strcmp(outgoing->node->name, name)) {
826 outgoing->timeout = 0;
832 outgoing_t *outgoing = xzalloc(sizeof(*outgoing));
833 node_t *n = lookup_node(name);
837 n->name = xstrdup(name);
842 list_insert_tail(outgoing_list, outgoing);
843 setup_outgoing_connection(outgoing, true);
847 /* Terminate any connections whose outgoing_t is to be deleted. */
849 for list_each(connection_t, c, connection_list) {
850 if(c->outgoing && c->outgoing->timeout == -1) {
852 logger(DEBUG_CONNECTIONS, LOG_INFO, "No more outgoing connection to %s", c->name);
853 terminate_connection(c, c->edge);
857 /* Delete outgoing_ts for which there is no ConnectTo. */
859 for list_each(outgoing_t, outgoing, outgoing_list)
860 if(outgoing->timeout == -1) {
861 list_delete_node(outgoing_list, node);