lagertonne/tinc
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Wiki Activity

Import Upstream version 1.0.17

Browse source
This commit is contained in:
Guus Sliepen 2019-08-26 13:44:41 +02:00
parent bb1aebd963
commit b9a1c8df12
61 changed files with 3238 additions and 1255 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/Makefile.am
View file

@ -2,11 +2,20 @@
sbin_PROGRAMS = tincd
EXTRA_DIST = linux/device.c bsd/device.c solaris/device.c cygwin/device.c mingw/device.c mingw/common.h raw_socket/device.c uml_socket/device.c
EXTRA_DIST = linux/device.c bsd/device.c solaris/device.c cygwin/device.c mingw/device.c mingw/common.h
tincd_SOURCES = conf.c connection.c edge.c event.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \
net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \
protocol_key.c protocol_subnet.c route.c subnet.c tincd.c
protocol_key.c protocol_subnet.c route.c subnet.c tincd.c \
dummy_device.c raw_socket_device.c
if UML
tincd_SOURCES += uml_device.c
endif
if VDE
tincd_SOURCES += vde_device.c
endif
if TUNEMU
tincd_SOURCES += bsd/tunemu.c

51
src/Makefile.in
View file

@ -1,9 +1,9 @@
# Makefile.in generated by automake 1.11.1 from Makefile.am.
# Makefile.in generated by automake 1.11.3 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -36,8 +36,10 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
sbin_PROGRAMS = tincd$(EXEEXT)
@TUNEMU_TRUE@am__append_1 = bsd/tunemu.c
@TUNEMU_TRUE@am__append_2 = -lpcap
@UML_TRUE@am__append_1 = uml_device.c
@VDE_TRUE@am__append_2 = vde_device.c
@TUNEMU_TRUE@am__append_3 = bsd/tunemu.c
@TUNEMU_TRUE@am__append_4 = -lpcap
subdir = src
DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in
@ -47,7 +49,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@ -57,8 +59,11 @@ am__tincd_SOURCES_DIST = conf.c connection.c edge.c event.c graph.c \
logger.c meta.c net.c net_packet.c net_setup.c net_socket.c \
netutl.c node.c process.c protocol.c protocol_auth.c \
protocol_edge.c protocol_misc.c protocol_key.c \
protocol_subnet.c route.c subnet.c tincd.c bsd/tunemu.c
@TUNEMU_TRUE@am__objects_1 = tunemu.$(OBJEXT)
protocol_subnet.c route.c subnet.c tincd.c dummy_device.c \
raw_socket_device.c uml_device.c vde_device.c bsd/tunemu.c
@UML_TRUE@am__objects_1 = uml_device.$(OBJEXT)
@VDE_TRUE@am__objects_2 = vde_device.$(OBJEXT)
@TUNEMU_TRUE@am__objects_3 = tunemu.$(OBJEXT)
am_tincd_OBJECTS = conf.$(OBJEXT) connection.$(OBJEXT) edge.$(OBJEXT) \
event.$(OBJEXT) graph.$(OBJEXT) logger.$(OBJEXT) \
meta.$(OBJEXT) net.$(OBJEXT) net_packet.$(OBJEXT) \
@ -67,7 +72,9 @@ am_tincd_OBJECTS = conf.$(OBJEXT) connection.$(OBJEXT) edge.$(OBJEXT) \
protocol_auth.$(OBJEXT) protocol_edge.$(OBJEXT) \
protocol_misc.$(OBJEXT) protocol_key.$(OBJEXT) \
protocol_subnet.$(OBJEXT) route.$(OBJEXT) subnet.$(OBJEXT) \
tincd.$(OBJEXT) $(am__objects_1)
tincd.$(OBJEXT) dummy_device.$(OBJEXT) \
raw_socket_device.$(OBJEXT) $(am__objects_1) $(am__objects_2) \
$(am__objects_3)
nodist_tincd_OBJECTS = device.$(OBJEXT)
tincd_OBJECTS = $(am_tincd_OBJECTS) $(nodist_tincd_OBJECTS)
tincd_DEPENDENCIES = $(top_builddir)/lib/libvpn.a
@ -113,7 +120,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@ $(am__append_2)
LIBS = @LIBS@ $(am__append_4)
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
@ -183,12 +190,13 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = linux/device.c bsd/device.c solaris/device.c cygwin/device.c mingw/device.c mingw/common.h raw_socket/device.c uml_socket/device.c
EXTRA_DIST = linux/device.c bsd/device.c solaris/device.c cygwin/device.c mingw/device.c mingw/common.h
tincd_SOURCES = conf.c connection.c edge.c event.c graph.c logger.c \
meta.c net.c net_packet.c net_setup.c net_socket.c netutl.c \
node.c process.c protocol.c protocol_auth.c protocol_edge.c \
protocol_misc.c protocol_key.c protocol_subnet.c route.c \
subnet.c tincd.c $(am__append_1)
subnet.c tincd.c dummy_device.c raw_socket_device.c \
$(am__append_1) $(am__append_2) $(am__append_3)
nodist_tincd_SOURCES = device.c
DEFAULT_INCLUDES =
noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h logger.h meta.h net.h netutl.h node.h process.h \
@ -269,7 +277,7 @@ uninstall-sbinPROGRAMS:
clean-sbinPROGRAMS:
-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
tincd$(EXEEXT): $(tincd_OBJECTS) $(tincd_DEPENDENCIES)
tincd$(EXEEXT): $(tincd_OBJECTS) $(tincd_DEPENDENCIES) $(EXTRA_tincd_DEPENDENCIES)
@rm -f tincd$(EXEEXT)
$(LINK) $(tincd_OBJECTS) $(tincd_LDADD) $(LIBS)
@ -282,6 +290,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connection.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/device.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dummy_device.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/edge.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/event.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/graph.Po@am__quote@
@ -300,10 +309,13 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol_key.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol_misc.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol_subnet.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/raw_socket_device.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/route.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/subnet.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tincd.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tunemu.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uml_device.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vde_device.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@ -435,10 +447,15 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:

24
src/bsd/device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- Interaction BSD tun/tap device
Copyright (C) 2001-2005 Ivo Timmermans,
2001-2011 Guus Sliepen <guus@tinc-vpn.org>
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
This program is free software; you can redistribute it and/or modify
@ -58,7 +58,7 @@ static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
static device_type_t device_type = DEVICE_TYPE_TUN;
#endif
bool setup_device(void) {
static bool setup_device(void) {
char *type;
if(!get_config_string(lookup_config(config_tree, "Device"), &device))
@ -106,6 +106,10 @@ bool setup_device(void) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
#endif
switch(device_type) {
default:
device_type = DEVICE_TYPE_TUN;
@ -175,7 +179,7 @@ bool setup_device(void) {
return true;
}
void close_device(void) {
static void close_device(void) {
switch(device_type) {
#ifdef HAVE_TUNEMU
case DEVICE_TYPE_TUNEMU:
@ -190,7 +194,7 @@ void close_device(void) {
free(iface);
}
bool read_packet(vpn_packet_t *packet) {
static bool read_packet(vpn_packet_t *packet) {
int lenin;
switch(device_type) {
@ -282,7 +286,7 @@ bool read_packet(vpn_packet_t *packet) {
return true;
}
bool write_packet(vpn_packet_t *packet) {
static bool write_packet(vpn_packet_t *packet) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s",
packet->len, device_info);
@ -351,8 +355,16 @@ bool write_packet(vpn_packet_t *packet) {
return true;
}
void dump_device_stats(void) {
static void dump_device_stats(void) {
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t os_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};

108
src/conf.c
View file

@ -2,7 +2,7 @@
conf.c -- configuration code
Copyright (C) 1998 Robert van der Meulen
1998-2005 Ivo Timmermans
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2010-2011 Julien Muchembled <jm@jmuchemb.eu>
2000 Cris van Pelt
@ -400,6 +400,70 @@ bool read_connection_config(connection_t *c) {
return x;
}
static void disable_old_keys(const char *filename) {
char tmpfile[PATH_MAX] = "";
char buf[1024];
bool disabled = false;
FILE *r, *w;
r = fopen(filename, "r");
if(!r)
return;
snprintf(tmpfile, sizeof tmpfile, "%s.tmp", filename);
w = fopen(tmpfile, "w");
while(fgets(buf, sizeof buf, r)) {
if(!strncmp(buf, "-----BEGIN RSA", 14)) {
buf[11] = 'O';
buf[12] = 'L';
buf[13] = 'D';
disabled = true;
}
else if(!strncmp(buf, "-----END RSA", 12)) {
buf[ 9] = 'O';
buf[10] = 'L';
buf[11] = 'D';
disabled = true;
}
if(w && fputs(buf, w) < 0) {
disabled = false;
break;
}
}
if(w)
fclose(w);
fclose(r);
if(!w && disabled) {
fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n");
return;
}
if(disabled) {
#ifdef HAVE_MINGW
// We cannot atomically replace files on Windows.
char bakfile[PATH_MAX] = "";
snprintf(bakfile, sizeof bakfile, "%s.bak", filename);
if(rename(filename, bakfile) || rename(tmpfile, filename)) {
rename(bakfile, filename);
#else
if(rename(tmpfile, filename)) {
#endif
fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n");
} else {
#ifdef HAVE_MINGW
unlink(bakfile);
#endif
fprintf(stderr, "Warning: old key(s) found and disabled.\n");
}
}
unlink(tmpfile);
}
FILE *ask_and_open(const char *filename, const char *what) {
FILE *r;
char *directory;
@ -447,9 +511,11 @@ FILE *ask_and_open(const char *filename, const char *what) {
umask(0077); /* Disallow everything for group and other */
disable_old_keys(fn);
/* Open it first to keep the inode busy */
r = fopen(fn, "r+") ?: fopen(fn, "w+");
r = fopen(fn, "a");
if(!r) {
fprintf(stderr, "Error opening file `%s': %s\n",
@ -460,42 +526,4 @@ FILE *ask_and_open(const char *filename, const char *what) {
return r;
}
bool disable_old_keys(FILE *f) {
char buf[100];
long pos;
bool disabled = false;
rewind(f);
pos = ftell(f);
if(pos < 0)
return false;
while(fgets(buf, sizeof buf, f)) {
if(!strncmp(buf, "-----BEGIN RSA", 14)) {
buf[11] = 'O';
buf[12] = 'L';
buf[13] = 'D';
if(fseek(f, pos, SEEK_SET))
break;
if(fputs(buf, f) <= 0)
break;
disabled = true;
}
else if(!strncmp(buf, "-----END RSA", 12)) {
buf[ 9] = 'O';
buf[10] = 'L';
buf[11] = 'D';
if(fseek(f, pos, SEEK_SET))
break;
if(fputs(buf, f) <= 0)
break;
disabled = true;
}
pos = ftell(f);
if(pos < 0)
break;
}
return disabled;
}

3
src/conf.h
View file

@ -1,7 +1,7 @@
/*
conf.h -- header for conf.c
Copyright (C) 1998-2005 Ivo Timmermans
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -63,6 +63,5 @@ extern bool read_server_config(void);
extern bool read_connection_config(struct connection_t *);
extern FILE *ask_and_open(const char *, const char *);
extern bool is_safe_path(const char *);
extern bool disable_old_keys(FILE *);
#endif /* __TINC_CONF_H__ */

12
src/connection.c
View file

@ -1,6 +1,6 @@
/*
connection.c -- connection list management
Copyright (C) 2000-2009 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
2000-2005 Ivo Timmermans
2008 Max Rijevski <maksuf@gmail.com>
@ -29,7 +29,7 @@
#include "xalloc.h"
avl_tree_t *connection_tree; /* Meta connections */
connection_t *broadcast;
connection_t *everyone;
static int connection_compare(const connection_t *a, const connection_t *b) {
return a < b ? -1 : a == b ? 0 : 1;
@ -37,14 +37,14 @@ static int connection_compare(const connection_t *a, const connection_t *b) {
void init_connections(void) {
connection_tree = avl_alloc_tree((avl_compare_t) connection_compare, (avl_action_t) free_connection);
broadcast = new_connection();
broadcast->name = xstrdup("everyone");
broadcast->hostname = xstrdup("BROADCAST");
everyone = new_connection();
everyone->name = xstrdup("everyone");
everyone->hostname = xstrdup("BROADCAST");
}
void exit_connections(void) {
avl_delete_tree(connection_tree);
free_connection(broadcast);
free_connection(everyone);
}
connection_t *new_connection(void) {

4
src/connection.h
View file

@ -1,6 +1,6 @@
/*
connection.h -- header for connection.c
Copyright (C) 2000-2010 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
2000-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify
@ -101,7 +101,7 @@ typedef struct connection_t {
} connection_t;
extern avl_tree_t *connection_tree;
extern connection_t *broadcast;
extern connection_t *everyone;
extern void init_connections(void);
extern void exit_connections(void);

20
src/cygwin/device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- Interaction with Windows tap driver in a Cygwin environment
Copyright (C) 2002-2005 Ivo Timmermans,
2002-2009 Guus Sliepen <guus@tinc-vpn.org>
2002-2011 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -45,7 +45,7 @@ static uint64_t device_total_out = 0;
static pid_t reader_pid;
static int sp[2];
bool setup_device(void) {
static bool setup_device(void) {
HKEY key, key2;
int i, err;
@ -214,7 +214,7 @@ bool setup_device(void) {
return true;
}
void close_device(void) {
static void close_device(void) {
close(sp[0]);
close(sp[1]);
CloseHandle(device_handle);
@ -225,7 +225,7 @@ void close_device(void) {
free(iface);
}
bool read_packet(vpn_packet_t *packet) {
static bool read_packet(vpn_packet_t *packet) {
int lenin;
if((lenin = read(sp[0], packet->data, MTU)) <= 0) {
@ -244,7 +244,7 @@ bool read_packet(vpn_packet_t *packet) {
return true;
}
bool write_packet(vpn_packet_t *packet) {
static bool write_packet(vpn_packet_t *packet) {
long lenout;
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s",
@ -260,8 +260,16 @@ bool write_packet(vpn_packet_t *packet) {
return true;
}
void dump_device_stats(void) {
static void dump_device_stats(void) {
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t os_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};

23
src/device.h
View file

@ -1,7 +1,7 @@
/*
net.h -- generic header for device.c
device.h -- generic header for device.c
Copyright (C) 2001-2005 Ivo Timmermans
2001-2006 Guus Sliepen <guus@tinc-vpn.org>
2001-2011 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -28,10 +28,19 @@ extern char *device;
extern char *iface;
extern bool setup_device(void);
extern void close_device(void);
extern bool read_packet(struct vpn_packet_t *);
extern bool write_packet(struct vpn_packet_t *);
extern void dump_device_stats(void);
typedef struct devops_t {
bool (*setup)(void);
void (*close)(void);
bool (*read)(struct vpn_packet_t *);
bool (*write)(struct vpn_packet_t *);
void (*dump_stats)(void);
} devops_t;
extern const devops_t os_devops;
extern const devops_t dummy_devops;
extern const devops_t raw_socket_devops;
extern const devops_t uml_devops;
extern const devops_t vde_devops;
extern devops_t devops;
#endif /* __TINC_DEVICE_H__ */

62
src/dummy_device.c Normal file
View file

@ -0,0 +1,62 @@
/*
device.c -- Dummy device
Copyright (C) 2011 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
#include "device.h"
#include "logger.h"
#include "net.h"
static char *device_info = "dummy device";
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
static bool setup_device(void) {
device = "dummy";
iface = "dummy";
logger(LOG_INFO, "%s (%s) is a %s", device, iface, device_info);
return true;
}
static void close_device(void) {
}
static bool read_packet(vpn_packet_t *packet) {
return false;
}
static bool write_packet(vpn_packet_t *packet) {
device_total_out += packet->len;
return true;
}
static void dump_device_stats(void) {
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t dummy_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};

4
src/graph.c
View file

@ -1,6 +1,6 @@
/*
graph.c -- graph algorithms
Copyright (C) 2001-2011 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
2001-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify
@ -174,6 +174,7 @@ static void sssp_bfs(void) {
myself->status.visited = true;
myself->status.indirect = false;
myself->nexthop = myself;
myself->prevedge = NULL;
myself->via = myself;
list_insert_head(todo_list, myself);
@ -214,6 +215,7 @@ static void sssp_bfs(void) {
e->to->status.visited = true;
e->to->status.indirect = indirect;
e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop;
e->to->prevedge = e;
e->to->via = indirect ? n->via : e->to;
e->to->options = e->options;

2
src/graph.h
View file

@ -1,6 +1,6 @@
/*
graph.h -- header for graph.c
Copyright (C) 2001-2006 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
2001-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify

36
src/linux/device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- Interaction with Linux ethertap and tun/tap device
Copyright (C) 2001-2005 Ivo Timmermans,
2001-2009 Guus Sliepen <guus@tinc-vpn.org>
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -45,13 +45,14 @@ int device_fd = -1;
static device_type_t device_type;
char *device = NULL;
char *iface = NULL;
static char *type = NULL;
static char ifrname[IFNAMSIZ];
static char *device_info;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
bool setup_device(void) {
static bool setup_device(void) {
struct ifreq ifr;
bool t1q = false;
@ -72,11 +73,23 @@ bool setup_device(void) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
#endif
#ifdef HAVE_LINUX_IF_TUN_H
/* Ok now check if this is an old ethertap or a new tun/tap thingie */
memset(&ifr, 0, sizeof(ifr));
if(routing_mode == RMODE_ROUTER) {
get_config_string(lookup_config(config_tree, "DeviceType"), &type);
if(type && strcasecmp(type, "tun") && strcasecmp(type, "tap")) {
logger(LOG_ERR, "Unknown device type %s!", type);
return false;
}
if((type && !strcasecmp(type, "tun")) || (!type && routing_mode == RMODE_ROUTER)) {
ifr.ifr_flags = IFF_TUN;
device_type = DEVICE_TYPE_TUN;
device_info = "Linux tun/tap device (tun mode)";
@ -121,14 +134,15 @@ bool setup_device(void) {
return true;
}
void close_device(void) {
static void close_device(void) {
close(device_fd);
free(type);
free(device);
free(iface);
}
bool read_packet(vpn_packet_t *packet) {
static bool read_packet(vpn_packet_t *packet) {
int lenin;
switch(device_type) {
@ -175,7 +189,7 @@ bool read_packet(vpn_packet_t *packet) {
return true;
}
bool write_packet(vpn_packet_t *packet) {
static bool write_packet(vpn_packet_t *packet) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s",
packet->len, device_info);
@ -211,8 +225,16 @@ bool write_packet(vpn_packet_t *packet) {
return true;
}
void dump_device_stats(void) {
static void dump_device_stats(void) {
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t os_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};

18
src/mingw/device.c
View file

@ -83,7 +83,7 @@ static DWORD WINAPI tapreader(void *bla) {
}
}
bool setup_device(void) {
static bool setup_device(void) {
HKEY key, key2;
int i;
@ -210,18 +210,18 @@ bool setup_device(void) {
return true;
}
void close_device(void) {
static void close_device(void) {
CloseHandle(device_handle);
free(device);
free(iface);
}
bool read_packet(vpn_packet_t *packet) {
static bool read_packet(vpn_packet_t *packet) {
return false;
}
bool write_packet(vpn_packet_t *packet) {
static bool write_packet(vpn_packet_t *packet) {
long lenout;
OVERLAPPED overlapped = {0};
@ -238,8 +238,16 @@ bool write_packet(vpn_packet_t *packet) {
return true;
}
void dump_device_stats(void) {
static void dump_device_stats(void) {
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t os_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};

18
src/net.c
View file

@ -1,7 +1,7 @@
/*
net.c -- most of the network code
Copyright (C) 1998-2005 Ivo Timmermans,
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2011 Loïc Grenié <loic.grenie@gmail.com>
@ -75,7 +75,7 @@ static void purge(void) {
for(snode = n->subnet_tree->head; snode; snode = snext) {
snext = snode->next;
s = snode->data;
send_del_subnet(broadcast, s);
send_del_subnet(everyone, s);
if(!strictsubnets)
subnet_del(n, s);
}
@ -84,7 +84,7 @@ static void purge(void) {
enext = enode->next;
e = enode->data;
if(!tunnelserver)
send_del_edge(broadcast, e);
send_del_edge(everyone, e);
edge_del(e);
}
}
@ -183,7 +183,7 @@ void terminate_connection(connection_t *c, bool report) {
if(c->edge) {
if(report && !tunnelserver)
send_del_edge(broadcast, c->edge);
send_del_edge(everyone, c->edge);
edge_del(c->edge);
@ -198,7 +198,7 @@ void terminate_connection(connection_t *c, bool report) {
e = lookup_edge(c->node, myself);
if(e) {
if(!tunnelserver)
send_del_edge(broadcast, e);
send_del_edge(everyone, e);
edge_del(e);
}
}
@ -289,7 +289,7 @@ static void check_network_activity(fd_set * readset, fd_set * writeset) {
/* check input from kernel */
if(device_fd >= 0 && FD_ISSET(device_fd, readset)) {
if(read_packet(&packet)) {
if(devops.read(&packet)) {
errors = 0;
packet.priority = 0;
route(myself, &packet);
@ -343,7 +343,7 @@ static void check_network_activity(fd_set * readset, fd_set * writeset) {
for(i = 0; i < listen_sockets; i++) {
if(FD_ISSET(listen_socket[i].udp, readset))
handle_incoming_vpn_data(listen_socket[i].udp);
handle_incoming_vpn_data(i);
if(FD_ISSET(listen_socket[i].tcp, readset))
handle_new_meta_connection(listen_socket[i].tcp);
@ -576,14 +576,14 @@ int main_loop(void) {
next = node->next;
subnet = node->data;
if(subnet->expires == 1) {
send_del_subnet(broadcast, subnet);
send_del_subnet(everyone, subnet);
if(subnet->owner->status.reachable)
subnet_update(subnet->owner, subnet, false);
subnet_del(subnet->owner, subnet);
} else if(subnet->expires == -1) {
subnet->expires = 0;
} else {
send_add_subnet(broadcast, subnet);
send_add_subnet(everyone, subnet);
if(subnet->owner->status.reachable)
subnet_update(subnet->owner, subnet, true);
}

3
src/net.h
View file

@ -1,7 +1,7 @@
/*
net.h -- header for net.c
Copyright (C) 1998-2005 Ivo Timmermans
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -107,6 +107,7 @@ extern int maxoutbufsize;
extern int seconds_till_retry;
extern int addressfamily;
extern unsigned replaywin;
extern bool localdiscovery;
extern listen_socket_t listen_socket[MAXSOCKETS];
extern int listen_sockets;

78
src/net_packet.c
View file

@ -1,7 +1,7 @@
/*
net_packet.c -- Handles in- and outgoing VPN packets
Copyright (C) 1998-2005 Ivo Timmermans,
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2010 Timothy Redaelli <timothy@redaelli.eu>
2010 Brandon Black <blblack@gmail.com>
@ -61,13 +61,21 @@ static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999
static void send_udppacket(node_t *, vpn_packet_t *);
unsigned replaywin = 16;
bool localdiscovery = false;
#define MAX_SEQNO 1073741824
// mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
// mtuprobes == 31: sleep pinginterval seconds
// mtuprobes == 32: send 1 burst, sleep pingtimeout second
// mtuprobes == 33: no response from other side, restart PMTU discovery process
/* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
mtuprobes == 31: sleep pinginterval seconds
mtuprobes == 32: send 1 burst, sleep pingtimeout second
mtuprobes == 33: no response from other side, restart PMTU discovery process
Probes are sent in batches of three, with random sizes between the lower and
upper boundaries for the MTU thus far discovered.
In case local discovery is enabled, a fourth packet is added to each batch,
which will be broadcast to the local network.
*/
void send_mtu_probe(node_t *n) {
vpn_packet_t packet;
@ -118,7 +126,7 @@ void send_mtu_probe(node_t *n) {
timeout = pingtimeout;
}
for(i = 0; i < 3; i++) {
for(i = 0; i < 3 + localdiscovery; i++) {
if(n->maxmtu <= n->minmtu)
len = n->maxmtu;
else
@ -130,7 +138,10 @@ void send_mtu_probe(node_t *n) {
memset(packet.data, 0, 14);
RAND_pseudo_bytes(packet.data + 14, len - 14);
packet.len = len;
packet.priority = 0;
if(i >= 3 && n->mtuprobes <= 10)
packet.priority = -1;
else
packet.priority = 0;
ifdebug(TRAFFIC) logger(LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
@ -389,7 +400,6 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
static int priority = 0;
#endif
int origpriority;
int sock;
if(!n->status.reachable) {
ifdebug(TRAFFIC) logger(LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
@ -476,33 +486,58 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
/* Determine which socket we have to use */
for(sock = 0; sock < listen_sockets; sock++)
if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family)
break;
if(sock >= listen_sockets)
sock = 0; /* If none is available, just use the first and hope for the best. */
if(n->address.sa.sa_family != listen_socket[n->sock].sa.sa.sa_family) {
for(int sock = 0; sock < listen_sockets; sock++) {
if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) {
n->sock = sock;
break;
}
}
}
/* Send the packet */
struct sockaddr *sa;
socklen_t sl;
int sock;
/* Overloaded use of priority field: -1 means local broadcast */
if(origpriority == -1 && n->prevedge) {
struct sockaddr_in in;
in.sin_family = AF_INET;
in.sin_addr.s_addr = -1;
in.sin_port = n->prevedge->address.in.sin_port;
sa = (struct sockaddr *)&in;
sl = sizeof in;
sock = 0;
} else {
if(origpriority == -1)
origpriority = 0;
sa = &(n->address.sa);
sl = SALEN(n->address.sa);
sock = n->sock;
}
#if defined(SOL_IP) && defined(IP_TOS)
if(priorityinheritance && origpriority != priority
&& listen_socket[sock].sa.sa.sa_family == AF_INET) {
&& listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
priority = origpriority;
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
if(setsockopt(listen_socket[sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
}
#endif
if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa)) < 0 && !sockwouldblock(sockerrno)) {
if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, sa, sl) < 0 && !sockwouldblock(sockerrno)) {
if(sockmsgsize(sockerrno)) {
if(n->maxmtu >= origlen)
n->maxmtu = origlen - 1;
if(n->mtu >= origlen)
n->mtu = origlen - 1;
} else
logger(LOG_ERR, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
ifdebug(TRAFFIC) logger(LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
}
end:
@ -518,7 +553,7 @@ void send_packet(const node_t *n, vpn_packet_t *packet) {
if(n == myself) {
if(overwrite_mac)
memcpy(packet->data, mymac.x, ETH_ALEN);
write_packet(packet);
devops.write(packet);
return;
}
@ -599,6 +634,7 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
if(hard)
last_hard_try = now;
last_hard_try = now;
return n;
}
@ -609,7 +645,7 @@ void handle_incoming_vpn_data(int sock) {
socklen_t fromlen = sizeof(from);
node_t *n;
pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
pkt.len = recvfrom(listen_socket[sock].udp, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
if(pkt.len < 0) {
if(!sockwouldblock(sockerrno))
@ -635,5 +671,7 @@ void handle_incoming_vpn_data(int sock) {
return;
}
n->sock = sock;
receive_udppacket(n, &pkt);
}

132
src/net_setup.c
View file

@ -1,7 +1,7 @@
/*
net_setup.c -- Setup.
Copyright (C) 1998-2005 Ivo Timmermans,
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2010 Brandon Black <blblack@gmail.com>
@ -45,6 +45,7 @@
#include "xalloc.h"
char *myport;
devops_t devops;
bool read_rsa_public_key(connection_t *c) {
FILE *fp;
@ -113,11 +114,14 @@ bool read_rsa_public_key(connection_t *c) {
xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
fp = fopen(fname, "r");
if(fp) {
c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
fclose(fp);
if(!fp) {
logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
free(fname);
return false;
}
c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
fclose(fp);
free(fname);
if(c->rsa_key)
@ -128,12 +132,15 @@ bool read_rsa_public_key(connection_t *c) {
xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
fp = fopen(fname, "r");
if(fp) {
c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
// RSA_blinding_on(c->rsa_key, NULL);
fclose(fp);
if(!fp) {
logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
free(fname);
return false;
}
c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
// RSA_blinding_on(c->rsa_key, NULL);
fclose(fp);
free(fname);
if(c->rsa_key)
@ -214,7 +221,6 @@ void load_all_subnets(void) {
config_t *cfg;
subnet_t *s, *s2;
node_t *n;
bool result;
xasprintf(&dname, "%s/hosts", confbase);
dir = opendir(dname);
@ -236,10 +242,9 @@ void load_all_subnets(void) {
xasprintf(&fname, "%s/hosts/%s", confbase, ent->d_name);
init_configuration(&config_tree);
result = read_config_file(config_tree, fname);
read_config_options(config_tree, ent->d_name);
read_config_file(config_tree, fname);
free(fname);
if(!result)
continue;
if(!n) {
n = new_node();
@ -270,7 +275,7 @@ void load_all_subnets(void) {
static bool setup_myself(void) {
config_t *cfg;
subnet_t *subnet;
char *name, *hostname, *mode, *afname, *cipher, *digest;
char *name, *hostname, *mode, *afname, *cipher, *digest, *type;
char *fname = NULL;
char *address = NULL;
char *envp[5];
@ -349,6 +354,7 @@ static bool setup_myself(void) {
get_config_bool(lookup_config(config_tree, "DirectOnly"), &directonly);
get_config_bool(lookup_config(config_tree, "StrictSubnets"), &strictsubnets);
get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
get_config_bool(lookup_config(config_tree, "LocalDiscovery"), &localdiscovery);
strictsubnets |= tunnelserver;
if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) {
@ -390,6 +396,8 @@ static bool setup_myself(void) {
myself->options |= OPTION_CLAMP_MSS;
get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
get_config_bool(lookup_config(config_tree, "DecrementTTL"), &decrement_ttl);
get_config_bool(lookup_config(config_tree, "Broadcast"), &broadcast);
#if !defined(SOL_IP) || !defined(IP_TOS)
if(priorityinheritance)
@ -533,7 +541,24 @@ static bool setup_myself(void) {
/* Open device */
if(!setup_device())
devops = os_devops;
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
if(!strcasecmp(type, "dummy"))
devops = dummy_devops;
else if(!strcasecmp(type, "raw_socket"))
devops = raw_socket_devops;
#ifdef ENABLE_UML
else if(!strcasecmp(type, "uml"))
devops = uml_devops;
#endif
#ifdef ENABLE_VDE
else if(!strcasecmp(type, "vde"))
devops = vde_devops;
#endif
}
if(!devops.setup())
return false;
/* Run tinc-up script to further initialize the tap interface */
@ -554,47 +579,58 @@ static bool setup_myself(void) {
/* Open sockets */
get_config_string(lookup_config(config_tree, "BindToAddress"), &address);
hint.ai_family = addressfamily;
hint.ai_socktype = SOCK_STREAM;
hint.ai_protocol = IPPROTO_TCP;
hint.ai_flags = AI_PASSIVE;
err = getaddrinfo(address, myport, &hint, &ai);
if(err || !ai) {
logger(LOG_ERR, "System call `%s' failed: %s", "getaddrinfo",
gai_strerror(err));
return false;
}
listen_sockets = 0;
cfg = lookup_config(config_tree, "BindToAddress");
for(aip = ai; aip; aip = aip->ai_next) {
listen_socket[listen_sockets].tcp =
setup_listen_socket((sockaddr_t *) aip->ai_addr);
do {
get_config_string(cfg, &address);
if(cfg)
cfg = lookup_config_next(config_tree, cfg);
if(listen_socket[listen_sockets].tcp < 0)
continue;
hint.ai_family = addressfamily;
hint.ai_socktype = SOCK_STREAM;
hint.ai_protocol = IPPROTO_TCP;
hint.ai_flags = AI_PASSIVE;
listen_socket[listen_sockets].udp =
setup_vpn_in_socket((sockaddr_t *) aip->ai_addr);
err = getaddrinfo(address, myport, &hint, &ai);
free(address);
if(listen_socket[listen_sockets].udp < 0)
continue;
ifdebug(CONNECTIONS) {
hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr);
logger(LOG_NOTICE, "Listening on %s", hostname);
free(hostname);
if(err || !ai) {
logger(LOG_ERR, "System call `%s' failed: %s", "getaddrinfo",
gai_strerror(err));
return false;
}
memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen);
listen_sockets++;
}
for(aip = ai; aip; aip = aip->ai_next) {
if(listen_sockets >= MAXSOCKETS) {
logger(LOG_ERR, "Too many listening sockets");
return false;
}
freeaddrinfo(ai);
listen_socket[listen_sockets].tcp =
setup_listen_socket((sockaddr_t *) aip->ai_addr);
if(listen_socket[listen_sockets].tcp < 0)
continue;
listen_socket[listen_sockets].udp =
setup_vpn_in_socket((sockaddr_t *) aip->ai_addr);
if(listen_socket[listen_sockets].udp < 0)
continue;
ifdebug(CONNECTIONS) {
hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr);
logger(LOG_NOTICE, "Listening on %s", hostname);
free(hostname);
}
memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen);
listen_sockets++;
}
freeaddrinfo(ai);
} while(cfg);
if(listen_sockets)
logger(LOG_NOTICE, "Ready");
@ -696,7 +732,7 @@ void close_network_connections(void) {
for(i = 0; i < 4; i++)
free(envp[i]);
close_device();
devops.close();
return;
}

75
src/net_socket.c
View file

@ -1,7 +1,7 @@
/*
net_socket.c -- Handle various kinds of sockets.
Copyright (C) 1998-2005 Ivo Timmermans,
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2009 Florian Forster <octo@verplant.org>
@ -34,8 +34,6 @@
#include "utils.h"
#include "xalloc.h"
#include <assert.h>
/* Needed on Mac OS/X */
#ifndef SOL_TCP
#define SOL_TCP IPPROTO_TCP
@ -110,63 +108,6 @@ static bool bind_to_interface(int sd) {
return true;
}
static bool bind_to_address(connection_t *c) {
char *node;
struct addrinfo *ai_list;
struct addrinfo *ai_ptr;
struct addrinfo ai_hints;
int status;
assert(c != NULL);
assert(c->socket >= 0);
node = NULL;
if(!get_config_string(lookup_config(config_tree, "BindToAddress"),
&node))
return true;
assert(node != NULL);
memset(&ai_hints, 0, sizeof(ai_hints));
ai_hints.ai_family = c->address.sa.sa_family;
/* We're called from `do_outgoing_connection' only. */
ai_hints.ai_socktype = SOCK_STREAM;
ai_hints.ai_protocol = IPPROTO_TCP;
ai_list = NULL;
status = getaddrinfo(node, /* service = */ NULL,
&ai_hints, &ai_list);
if(status) {
free(node);
logger(LOG_WARNING, "Error looking up %s port %s: %s",
node, "any", gai_strerror(status));
return false;
}
assert(ai_list != NULL);
status = -1;
for(ai_ptr = ai_list; ai_ptr != NULL; ai_ptr = ai_ptr->ai_next) {
status = bind(c->socket,
ai_list->ai_addr, ai_list->ai_addrlen);
if(!status)
break;
}
if(status) {
logger(LOG_ERR, "Can't bind to %s/tcp: %s", node, sockstrerror(sockerrno));
} else ifdebug(CONNECTIONS) {
logger(LOG_DEBUG, "Successfully bound outgoing "
"TCP socket to %s", node);
}
free(node);
freeaddrinfo(ai_list);
return status ? false : true;
}
int setup_listen_socket(const sockaddr_t *sa) {
int nfd;
char *addrstr;
@ -180,6 +121,10 @@ int setup_listen_socket(const sockaddr_t *sa) {
return -1;
}
#ifdef FD_CLOEXEC
fcntl(nfd, F_SETFD, FD_CLOEXEC);
#endif
/* Optimize TCP settings */
option = 1;
@ -238,6 +183,10 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
return -1;
}
#ifdef FD_CLOEXEC
fcntl(nfd, F_SETFD, FD_CLOEXEC);
#endif
#ifdef O_NONBLOCK
{
int flags = fcntl(nfd, F_GETFL);
@ -262,6 +211,7 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
option = 1;
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof(option));
if(udp_rcvbuf && setsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf, sizeof(udp_rcvbuf)))
logger(LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, strerror(errno));
@ -410,6 +360,10 @@ begin:
c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
#ifdef FD_CLOEXEC
fcntl(c->socket, F_SETFD, FD_CLOEXEC);
#endif
if(c->socket == -1) {
ifdebug(CONNECTIONS) logger(LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno));
goto begin;
@ -422,7 +376,6 @@ begin:
#endif
bind_to_interface(c->socket);
bind_to_address(c);
/* Optimize TCP settings */

4
src/node.h
View file

@ -1,6 +1,6 @@
/*
node.h -- header for node.c
Copyright (C) 2001-2010 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
2001-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify
@ -40,6 +40,7 @@ typedef struct node_t {
char *name; /* name of this node */
uint32_t options; /* options turned on for this node */
int sock; /* Socket to use for outgoing UDP packets */
sockaddr_t address; /* his real (internet) ip to send UDP packets to */
char *hostname; /* the hostname of its real ip */
@ -66,6 +67,7 @@ typedef struct node_t {
int outcompression; /* Compressionlevel, 0 = no compression */
struct node_t *nexthop; /* nearest node from us to him */
struct edge_t *prevedge; /* nearest node from him to us */
struct node_t *via; /* next hop for UDP packets */
avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */

2
src/process.c
View file

@ -511,7 +511,7 @@ static RETSIGTYPE sigusr1_handler(int a) {
}
static RETSIGTYPE sigusr2_handler(int a) {
dump_device_stats();
devops.dump_stats();
dump_nodes();
dump_edges();
dump_subnets();

4
src/protocol.c
View file

@ -1,7 +1,7 @@
/*
protocol.c -- handle the meta-protocol, basic functions
Copyright (C) 1999-2005 Ivo Timmermans,
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -96,7 +96,7 @@ bool send_request(connection_t *c, const char *format, ...) {
buffer[len++] = '\n';
if(c == broadcast) {
if(c == everyone) {
broadcast_meta(NULL, buffer, len);
return true;
} else

4
src/protocol_auth.c
View file

@ -1,7 +1,7 @@
/*
protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans,
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -575,7 +575,7 @@ bool ack_h(connection_t *c) {
if(tunnelserver)
send_add_edge(c, c->edge);
else
send_add_edge(broadcast, c->edge);
send_add_edge(everyone, c->edge);
/* Run MST and SSSP algorithms */

4
src/protocol_edge.c
View file

@ -1,7 +1,7 @@
/*
protocol_edge.c -- handle the meta-protocol, edges
Copyright (C) 1999-2005 Ivo Timmermans,
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2009 Michael Tokarev <mjt@corpit.ru>
This program is free software; you can redistribute it and/or modify
@ -254,7 +254,7 @@ bool del_edge_h(connection_t *c) {
e = lookup_edge(to, myself);
if(e) {
if(!tunnelserver)
send_del_edge(broadcast, e);
send_del_edge(everyone, e);
edge_del(e);
}
}

6
src/protocol_key.c
View file

@ -1,7 +1,7 @@
/*
protocol_key.c -- handle the meta-protocol, key exchange
Copyright (C) 1999-2005 Ivo Timmermans,
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -40,7 +40,7 @@ void send_key_changed(void) {
avl_node_t *node;
connection_t *c;
send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name);
send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
@ -242,8 +242,6 @@ bool ans_key_h(connection_t *c) {
/* Update our copy of the origin's packet key */
from->outkey = xrealloc(from->outkey, strlen(key) / 2);
from->outkey = xstrdup(key);
from->outkeylength = strlen(key) / 2;
hex2bin(key, from->outkey, from->outkeylength);

47
src/raw_socket/device.c → src/raw_socket_device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- raw socket
Copyright (C) 2002-2005 Ivo Timmermans,
2002-2009 Guus Sliepen <guus@tinc-vpn.org>
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -20,7 +20,9 @@
#include "system.h"
#ifdef HAVE_NETPACKET_PACKET_H
#include <netpacket/packet.h>
#endif
#include "conf.h"
#include "device.h"
@ -30,16 +32,13 @@
#include "route.h"
#include "xalloc.h"
int device_fd = -1;
char *device = NULL;
char *iface = NULL;
static char ifrname[IFNAMSIZ];
#if defined(PF_PACKET) && defined(ETH_P_ALL) && defined(AF_PACKET)
static char *device_info;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
bool setup_device(void) {
static bool setup_device(void) {
struct ifreq ifr;
struct sockaddr_ll sa;
@ -57,6 +56,10 @@ bool setup_device(void) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
#endif
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) {
@ -81,14 +84,14 @@ bool setup_device(void) {
return true;
}
void close_device(void) {
static void close_device(void) {
close(device_fd);
free(device);
free(iface);
}
bool read_packet(vpn_packet_t *packet) {
static bool read_packet(vpn_packet_t *packet) {
int lenin;
if((lenin = read(device_fd, packet->data, MTU)) <= 0) {
@ -107,7 +110,7 @@ bool read_packet(vpn_packet_t *packet) {
return true;
}
bool write_packet(vpn_packet_t *packet) {
static bool write_packet(vpn_packet_t *packet) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s",
packet->len, device_info);
@ -122,8 +125,32 @@ bool write_packet(vpn_packet_t *packet) {
return true;
}
void dump_device_stats(void) {
static void dump_device_stats(void) {
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t raw_socket_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};
#else
static bool not_supported(void) {
logger(LOG_ERR, "Raw socket device not supported on this platform");
return false;
}
const devops_t raw_socket_devops = {
.setup = not_supported,
.close = NULL,
.read = NULL,
.write = NULL,
.dump_stats = NULL,
};
#endif

76
src/route.c
View file

@ -1,7 +1,7 @@
/*
route.c -- routing
Copyright (C) 2000-2005 Ivo Timmermans,
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -34,10 +34,12 @@
rmode_t routing_mode = RMODE_ROUTER;
fmode_t forwarding_mode = FMODE_INTERNAL;
bool decrement_ttl = true;
bool directonly = false;
bool priorityinheritance = false;
int macexpire = 600;
bool overwrite_mac = false;
bool broadcast = true;
mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}};
/* Sizes of various headers */
@ -80,13 +82,14 @@ static bool ratelimit(int frequency) {
static int count = 0;
if(lasttime == now) {
if(++count > frequency)
if(count >= frequency)
return true;
} else {
lasttime = now;
count = 0;
}
count++;
return false;
}
@ -397,6 +400,11 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) {
packet->priority = packet->data[15];
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
if(via == source) {
ifdebug(TRAFFIC) logger(LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname);
return;
}
if(directonly && subnet->owner != via)
return route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_ANO);
@ -422,11 +430,11 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) {
if(!checklength(source, packet, ether_size + ip_size))
return;
if(((packet->data[30] & 0xf0) == 0xe0) || (
if(broadcast && (((packet->data[30] & 0xf0) == 0xe0) || (
packet->data[30] == 255 &&
packet->data[31] == 255 &&
packet->data[32] == 255 &&
packet->data[33] == 255))
packet->data[33] == 255)))
broadcast_packet(source, packet);
else
route_ipv4_unicast(source, packet);
@ -549,6 +557,11 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
if(via == source) {
ifdebug(TRAFFIC) logger(LOG_ERR, "Routing loop for packet from %s (%s)!", source->name, source->hostname);
return;
}
if(directonly && subnet->owner != via)
return route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);
@ -714,7 +727,7 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) {
return;
}
if(packet->data[38] == 255)
if(broadcast && packet->data[38] == 255)
broadcast_packet(source, packet);
else
route_ipv6_unicast(source, packet);
@ -804,7 +817,8 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
subnet = lookup_subnet_mac(NULL, &dest);
if(!subnet) {
broadcast_packet(source, packet);
if(broadcast)
broadcast_packet(source, packet);
return;
}
@ -846,6 +860,52 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
send_packet(subnet->owner, packet);
}
static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) {
uint16_t type = packet->data[12] << 8 | packet->data[13];
switch (type) {
case ETH_P_IP:
if(!checklength(source, packet, 14 + 32))
return false;
if(packet->data[22] < 1) {
if(packet->data[25] != IPPROTO_ICMP || packet->data[46] != ICMP_TIME_EXCEEDED)
route_ipv4_unreachable(source, packet, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL);
return false;
}
uint16_t old = packet->data[22] << 8 | packet->data[23];
packet->data[22]--;
uint16_t new = packet->data[22] << 8 | packet->data[23];
uint32_t checksum = packet->data[24] << 8 | packet->data[25];
checksum += old + (~new & 0xFFFF);
while(checksum >> 16)
checksum = (checksum & 0xFFFF) + (checksum >> 16);
packet->data[24] = checksum >> 8;
packet->data[25] = checksum & 0xff;
return true;
case ETH_P_IPV6:
if(!checklength(source, packet, 14 + 40))
return false;
if(packet->data[21] < 1) {
if(packet->data[20] != IPPROTO_ICMPV6 || packet->data[54] != ICMP6_TIME_EXCEEDED)
route_ipv6_unreachable(source, packet, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT);
return false;
}
packet->data[21]--;
return true;
default:
return true;
}
}
void route(node_t *source, vpn_packet_t *packet) {
if(forwarding_mode == FMODE_KERNEL && source != myself) {
send_packet(myself, packet);
@ -855,6 +915,10 @@ void route(node_t *source, vpn_packet_t *packet) {
if(!checklength(source, packet, ether_size))
return;
if(decrement_ttl && source != myself)
if(!do_decrement_ttl(source, packet))
return;
switch (routing_mode) {
case RMODE_ROUTER:
{

4
src/route.h
View file

@ -1,7 +1,7 @@
/*
route.h -- header file for route.c
Copyright (C) 2000-2005 Ivo Timmermans
2000-2006 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -38,8 +38,10 @@ typedef enum fmode_t {
extern rmode_t routing_mode;
extern fmode_t forwarding_mode;
extern bool decrement_ttl;
extern bool directonly;
extern bool overwrite_mac;
extern bool broadcast;
extern bool priorityinheritance;
extern int macexpire;

34
src/solaris/device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- Interaction with Solaris tun device
Copyright (C) 2001-2005 Ivo Timmermans,
2001-2011 Guus Sliepen <guus@tinc-vpn.org>
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -35,7 +35,7 @@
#define DEFAULT_DEVICE "/dev/tun"
int device_fd = -1;
int ip_fd = -1, if_fd = -1;
static int ip_fd = -1, if_fd = -1;
char *device = NULL;
char *iface = NULL;
static char *device_info = NULL;
@ -43,7 +43,7 @@ static char *device_info = NULL;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
bool setup_device(void) {
static bool setup_device(void) {
int ppa;
char *ptr;
@ -55,6 +55,10 @@ bool setup_device(void) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
#endif
ppa = 0;
ptr = device;
@ -67,6 +71,10 @@ bool setup_device(void) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(ip_fd, F_SETFD, FD_CLOEXEC);
#endif
/* Assign a new PPA and get its unit number. */
if((ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0) {
logger(LOG_ERR, "Can't assign new interface: %s", strerror(errno));
@ -79,6 +87,10 @@ bool setup_device(void) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(if_fd, F_SETFD, FD_CLOEXEC);
#endif
if(ioctl(if_fd, I_PUSH, "ip") < 0) {
logger(LOG_ERR, "Can't push IP module: %s", strerror(errno));
return false;
@ -105,7 +117,7 @@ bool setup_device(void) {
return true;
}
void close_device(void) {
static void close_device(void) {
close(if_fd);
close(ip_fd);
close(device_fd);
@ -114,7 +126,7 @@ void close_device(void) {
free(iface);
}
bool read_packet(vpn_packet_t *packet) {
static bool read_packet(vpn_packet_t *packet) {
int lenin;
if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) {
@ -149,7 +161,7 @@ bool read_packet(vpn_packet_t *packet) {
return true;
}
bool write_packet(vpn_packet_t *packet) {
static bool write_packet(vpn_packet_t *packet) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s",
packet->len, device_info);
@ -164,8 +176,16 @@ bool write_packet(vpn_packet_t *packet) {
return true;
}
void dump_device_stats(void) {
static void dump_device_stats(void) {
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t os_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};

2
src/subnet.c
View file

@ -468,6 +468,8 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
// 4 and 5 are reserved for SUBNET and WEIGHT
xasprintf(&envp[6], "REMOTEADDRESS=%s", address);
xasprintf(&envp[7], "REMOTEPORT=%s", port);
free(port);
free(address);
}
name = up ? "subnet-up" : "subnet-down";

47
src/tincd.c
View file

@ -1,7 +1,7 @@
/*
tincd.c -- the main file for tincd
Copyright (C) 1998-2005 Ivo Timmermans
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2008 Max Rijevski <maksuf@gmail.com>
2009 Michael Tokarev <mjt@tls.msk.ru>
2010 Julien Muchembled <jm@jmuchemb.eu>
@ -114,6 +114,7 @@ static struct option const long_options[] = {
{"user", required_argument, NULL, 'U'},
{"logfile", optional_argument, NULL, 4},
{"pidfile", required_argument, NULL, 5},
{"option", required_argument, NULL, 'o'},
{NULL, 0, NULL, 0}
};
@ -129,20 +130,20 @@ static void usage(bool status) {
program_name);
else {
printf("Usage: %s [option]...\n\n", program_name);
printf(" -c, --config=DIR Read configuration options from DIR.\n"
" -D, --no-detach Don't fork and detach.\n"
" -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
" -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n"
" -n, --net=NETNAME Connect to net NETNAME.\n"
" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
" -L, --mlock Lock tinc into main memory.\n"
" --logfile[=FILENAME] Write log entries to a logfile.\n"
" --pidfile=FILENAME Write PID to FILENAME.\n"
" -o [HOST.]KEY=VALUE Set global/host configuration value.\n"
" -R, --chroot chroot to NET dir at startup.\n"
" -U, --user=USER setuid to given USER at startup.\n"
" --help Display this help and exit.\n"
" --version Output version information and exit.\n\n");
printf(" -c, --config=DIR Read configuration options from DIR.\n"
" -D, --no-detach Don't fork and detach.\n"
" -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
" -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n"
" -n, --net=NETNAME Connect to net NETNAME.\n"
" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
" -L, --mlock Lock tinc into main memory.\n"
" --logfile[=FILENAME] Write log entries to a logfile.\n"
" --pidfile=FILENAME Write PID to FILENAME.\n"
" -o, --option=[HOST.]KEY=VALUE Set global/host configuration value.\n"
" -R, --chroot chroot to NET dir at startup.\n"
" -U, --user=USER setuid to given USER at startup.\n"
" --help Display this help and exit.\n"
" --version Output version information and exit.\n\n");
printf("Report bugs to tinc@tinc-vpn.org.\n");
}
}
@ -361,9 +362,6 @@ static bool keygen(int bits) {
if(!f)
return false;
if(disable_old_keys(f))
fprintf(stderr, "Warning: old key(s) found and disabled.\n");
#ifdef HAVE_FCHMOD
/* Make it unreadable for others. */
fchmod(fileno(f), 0600);
@ -384,9 +382,6 @@ static bool keygen(int bits) {
if(!f)
return false;
if(disable_old_keys(f))
fprintf(stderr, "Warning: old key(s) found and disabled.\n");
fputc('\n', f);
PEM_write_RSAPublicKey(f, rsa_key);
fclose(f);
@ -523,7 +518,7 @@ int main(int argc, char **argv) {
if(show_version) {
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
VERSION, __DATE__, __TIME__, PROT_CURRENT);
printf("Copyright (C) 1998-2011 Ivo Timmermans, Guus Sliepen and others.\n"
printf("Copyright (C) 1998-2012 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
"and you are welcome to redistribute it under certain conditions;\n"
@ -586,6 +581,7 @@ int main2(int argc, char **argv) {
InitializeCriticalSection(&mutex);
EnterCriticalSection(&mutex);
#endif
char *priority = NULL;
if(!detach())
return 1;
@ -612,8 +608,6 @@ int main2(int argc, char **argv) {
/* Change process priority */
char *priority = 0;
if(get_config_string(lookup_config(config_tree, "ProcessPriority"), &priority)) {
if(!strcasecmp(priority, "Normal")) {
if (setpriority(NORMAL_PRIORITY_CLASS) != 0) {
@ -650,7 +644,7 @@ int main2(int argc, char **argv) {
/* Shutdown properly. */
ifdebug(CONNECTIONS)
dump_device_stats();
devops.dump_stats();
close_network_connections();
@ -661,6 +655,8 @@ end:
remove_pid(pidfilename);
#endif
free(priority);
EVP_cleanup();
ENGINE_cleanup();
CRYPTO_cleanup_all_ex_data();
@ -668,6 +664,7 @@ end:
ERR_free_strings();
exit_configuration(&config_tree);
list_free(cmdline_conf);
free_names();
return status;

46
src/uml_socket/device.c → src/uml_device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- UML network socket
Copyright (C) 2002-2005 Ivo Timmermans,
2002-2009 Guus Sliepen <guus@tinc-vpn.org>
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -28,19 +28,17 @@
#include "logger.h"
#include "utils.h"
#include "route.h"
#include "xalloc.h"
int device_fd = -1;
static int listen_fd = -1;
static int request_fd = -1;
static int data_fd = -1;
static int write_fd = -1;
static int state = 0;
char *device = NULL;
char *iface = NULL;
static char *device_info;
extern char *identname;
extern bool running;
extern volatile bool running;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
@ -56,7 +54,7 @@ static struct request {
static struct sockaddr_un data_sun;
bool setup_device(void) {
static bool setup_device(void) {
struct sockaddr_un listen_sun;
static const int one = 1;
struct {
@ -79,6 +77,10 @@ bool setup_device(void) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(write_fd, F_SETFD, FD_CLOEXEC);
#endif
setsockopt(write_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof one);
if(fcntl(write_fd, F_SETFL, O_NONBLOCK) < 0) {
@ -93,6 +95,10 @@ bool setup_device(void) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(data_fd, F_SETFD, FD_CLOEXEC);
#endif
setsockopt(data_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof one);
if(fcntl(data_fd, F_SETFL, O_NONBLOCK) < 0) {
@ -120,6 +126,10 @@ bool setup_device(void) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
#endif
setsockopt(listen_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof one);
if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) {
@ -169,13 +179,13 @@ void close_device(void) {
if(iface) free(iface);
}
bool read_packet(vpn_packet_t *packet) {
static bool read_packet(vpn_packet_t *packet) {
int lenin;
switch(state) {
case 0: {
struct sockaddr sa;
int salen = sizeof sa;
socklen_t salen = sizeof sa;
request_fd = accept(listen_fd, &sa, &salen);
if(request_fd < 0) {
@ -183,6 +193,10 @@ bool read_packet(vpn_packet_t *packet) {
return false;
}
#ifdef FD_CLOEXEC
fcntl(request_fd, F_SETFD, FD_CLOEXEC);
#endif
if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) {
logger(LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
running = false;
@ -244,10 +258,14 @@ bool read_packet(vpn_packet_t *packet) {
return true;
}
default:
logger(LOG_ERR, "Invalid value for state variable in " __FILE__);
abort();
}
}
bool write_packet(vpn_packet_t *packet) {
static bool write_packet(vpn_packet_t *packet) {
if(state != 2) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Dropping packet of %d bytes to %s: not connected to UML yet",
packet->len, device_info);
@ -271,8 +289,16 @@ bool write_packet(vpn_packet_t *packet) {
return true;
}
void dump_device_stats(void) {
static void dump_device_stats(void) {
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t uml_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};

143
src/vde_device.c Normal file
View file

@ -0,0 +1,143 @@
/*
device.c -- VDE plug
Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
#include <libvdeplug_dyn.h>
#include "conf.h"
#include "device.h"
#include "net.h"
#include "logger.h"
#include "utils.h"
#include "route.h"
#include "xalloc.h"
static struct vdepluglib plug;
static struct vdeconn *conn = NULL;
static int port = 0;
static char *group = NULL;
static char *device_info;
extern char *identname;
extern volatile bool running;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
static bool setup_device(void) {
libvdeplug_dynopen(plug);
if(!plug.dl_handle) {
logger(LOG_ERR, "Could not open libvdeplug library!");
return false;
}
if(!get_config_string(lookup_config(config_tree, "Device"), &device))
xasprintf(&device, LOCALSTATEDIR "/run/vde.ctl");
get_config_string(lookup_config(config_tree, "Interface"), &iface);
get_config_int(lookup_config(config_tree, "VDEPort"), &port);
get_config_string(lookup_config(config_tree, "VDEGroup"), &group);
device_info = "VDE socket";
struct vde_open_args args = {
.port = port,
.group = group,
.mode = 0700,
};
conn = plug.vde_open(device, identname, &args);
if(!conn) {
logger(LOG_ERR, "Could not open VDE socket %s", device);
return false;
}
device_fd = plug.vde_datafd(conn);
#ifdef FD_CLOEXEC
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
#endif
logger(LOG_INFO, "%s is a %s", device, device_info);
if(routing_mode == RMODE_ROUTER)
overwrite_mac = true;
return true;
}
static void close_device(void) {
if(conn)
plug.vde_close(conn);
if(plug.dl_handle)
libvdeplug_dynclose(plug);
free(device);
free(iface);
}
static bool read_packet(vpn_packet_t *packet) {
int lenin = plug.vde_recv(conn, packet->data, MTU, 0);
if(lenin <= 0) {
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
running = false;
return false;
}
packet->len = lenin;
device_total_in += packet->len;
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Read packet of %d bytes from %s", packet->len, device_info);
return true;
}
static bool write_packet(vpn_packet_t *packet) {
if(plug.vde_send(conn, packet->data, packet->len, 0) < 0) {
if(errno != EINTR && errno != EAGAIN) {
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
running = false;
}
return false;
}
device_total_out += packet->len;
return true;
}
static void dump_device_stats(void) {
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t vde_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};