| 1 | /* |
1 | /* |
| 2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
| 3 | Copyright (C) 2003-2007 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
| 4 | |
4 | |
| 5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
| 6 | |
6 | |
| 7 | GVPE is free software; you can redistribute it and/or modify |
7 | GVPE is free software; you can redistribute it and/or modify it |
| 8 | it under the terms of the GNU General Public License as published by |
8 | under the terms of the GNU General Public License as published by the |
| 9 | the Free Software Foundation; either version 2 of the License, or |
9 | Free Software Foundation; either version 3 of the License, or (at your |
| 10 | (at your option) any later version. |
10 | option) any later version. |
| 11 | |
11 | |
| 12 | This program is distributed in the hope that it will be useful, |
12 | This program is distributed in the hope that it will be useful, but |
| 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General |
| 15 | GNU General Public License for more details. |
15 | Public License for more details. |
| 16 | |
16 | |
| 17 | You should have received a copy of the GNU General Public License |
17 | You should have received a copy of the GNU General Public License along |
| 18 | along with gvpe; if not, write to the Free Software |
18 | with this program; if not, see <http://www.gnu.org/licenses/>. |
| 19 | Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
19 | |
|
|
20 | Additional permission under GNU GPL version 3 section 7 |
|
|
21 | |
|
|
22 | If you modify this Program, or any covered work, by linking or |
|
|
23 | combining it with the OpenSSL project's OpenSSL library (or a modified |
|
|
24 | version of that library), containing parts covered by the terms of the |
|
|
25 | OpenSSL or SSLeay licenses, the licensors of this Program grant you |
|
|
26 | additional permission to convey the resulting work. Corresponding |
|
|
27 | Source for a non-source form of such a combination shall include the |
|
|
28 | source code for the parts of OpenSSL used as well as that of the |
|
|
29 | covered work. |
| 20 | */ |
30 | */ |
| 21 | |
31 | |
| 22 | #include "config.h" |
32 | #include "config.h" |
| 23 | |
33 | |
| 24 | #include <list> |
34 | #include <list> |
| … | |
… | |
| 87 | snprintf (ext, 16, "_%d", (*c)->conf->id); |
97 | snprintf (ext, 16, "_%d", (*c)->conf->id); |
| 88 | (*c)->script_init_env (ext); |
98 | (*c)->script_init_env (ext); |
| 89 | } |
99 | } |
| 90 | } |
100 | } |
| 91 | |
101 | |
|
|
102 | inline const char * |
| 92 | const char *vpn::script_if_init () |
103 | vpn::script_if_init () |
| 93 | { |
104 | { |
| 94 | script_init_env (); |
105 | script_init_env (); |
| 95 | |
106 | |
| 96 | return tap->if_up (); |
107 | return tap->if_up (); |
| 97 | } |
108 | } |
| 98 | |
109 | |
|
|
110 | inline const char * |
| 99 | const char *vpn::script_if_up () |
111 | vpn::script_if_up () |
| 100 | { |
112 | { |
| 101 | script_init_env (); |
113 | script_init_env (); |
| 102 | |
114 | |
| 103 | char *filename; |
115 | char *filename; |
| 104 | asprintf (&filename, |
116 | asprintf (&filename, |
| … | |
… | |
| 329 | exit (EXIT_FAILURE); |
341 | exit (EXIT_FAILURE); |
| 330 | } |
342 | } |
| 331 | |
343 | |
| 332 | fcntl (tap->fd, F_SETFD, FD_CLOEXEC); |
344 | fcntl (tap->fd, F_SETFD, FD_CLOEXEC); |
| 333 | |
345 | |
|
|
346 | run_script_cb cb; |
|
|
347 | cb.set<vpn, &vpn::script_if_init> (this); |
|
|
348 | |
| 334 | if (tap->if_up () && |
349 | if (tap->if_up () && |
| 335 | !run_script (run_script_cb (this, &vpn::script_if_init), true)) |
350 | !run_script (cb, true)) |
| 336 | { |
351 | { |
| 337 | slog (L_ERR, _("interface initialization command '%s' failed, exiting."), |
352 | slog (L_ERR, _("interface initialization command '%s' failed, exiting."), |
| 338 | tap->if_up ()); |
353 | tap->if_up ()); |
| 339 | exit (EXIT_FAILURE); |
354 | exit (EXIT_FAILURE); |
| 340 | } |
355 | } |
| 341 | |
356 | |
| 342 | if (!run_script (run_script_cb (this, &vpn::script_if_up), true)) |
357 | cb.set<vpn, &vpn::script_if_up> (this); |
|
|
358 | if (!run_script (cb, true)) |
| 343 | { |
359 | { |
| 344 | slog (L_ERR, _("if-up command execution failed, exiting.")); |
360 | slog (L_ERR, _("if-up command execution failed, exiting.")); |
| 345 | exit (EXIT_FAILURE); |
361 | exit (EXIT_FAILURE); |
| 346 | } |
362 | } |
| 347 | |
363 | |
| … | |
… | |
| 423 | { |
439 | { |
| 424 | // broadcast, this is ugly, but due to the security policy |
440 | // broadcast, this is ugly, but due to the security policy |
| 425 | // we have to connect to all hosts... |
441 | // we have to connect to all hosts... |
| 426 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
442 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
| 427 | if ((*c)->conf != THISNODE) |
443 | if ((*c)->conf != THISNODE) |
| 428 | (*c)->inject_data_packet (pkt, true); |
444 | (*c)->inject_data_packet (pkt); |
| 429 | } |
445 | } |
| 430 | } |
446 | } |
| 431 | |
447 | |
| 432 | void |
448 | void |
| 433 | vpn::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
449 | vpn::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
| … | |
… | |
| 497 | } |
513 | } |
| 498 | |
514 | |
| 499 | return false; |
515 | return false; |
| 500 | } |
516 | } |
| 501 | |
517 | |
| 502 | void |
518 | inline void |
| 503 | vpn::ipv4_ev (ev::io &w, int revents) |
519 | vpn::ipv4_ev (ev::io &w, int revents) |
| 504 | { |
520 | { |
| 505 | if (revents & EV_READ) |
521 | if (revents & EV_READ) |
| 506 | { |
522 | { |
| 507 | vpn_packet *pkt = new vpn_packet; |
523 | vpn_packet *pkt = new vpn_packet; |
| … | |
… | |
| 538 | exit (EXIT_FAILURE); |
554 | exit (EXIT_FAILURE); |
| 539 | } |
555 | } |
| 540 | } |
556 | } |
| 541 | |
557 | |
| 542 | #if ENABLE_ICMP |
558 | #if ENABLE_ICMP |
| 543 | void |
559 | inline void |
| 544 | vpn::icmpv4_ev (ev::io &w, int revents) |
560 | vpn::icmpv4_ev (ev::io &w, int revents) |
| 545 | { |
561 | { |
| 546 | if (revents & EV_READ) |
562 | if (revents & EV_READ) |
| 547 | { |
563 | { |
| 548 | vpn_packet *pkt = new vpn_packet; |
564 | vpn_packet *pkt = new vpn_packet; |
| … | |
… | |
| 586 | exit (EXIT_FAILURE); |
602 | exit (EXIT_FAILURE); |
| 587 | } |
603 | } |
| 588 | } |
604 | } |
| 589 | #endif |
605 | #endif |
| 590 | |
606 | |
| 591 | void |
607 | inline void |
| 592 | vpn::udpv4_ev (ev::io &w, int revents) |
608 | vpn::udpv4_ev (ev::io &w, int revents) |
| 593 | { |
609 | { |
| 594 | if (revents & EV_READ) |
610 | if (revents & EV_READ) |
| 595 | { |
611 | { |
| 596 | vpn_packet *pkt = new vpn_packet; |
612 | vpn_packet *pkt = new vpn_packet; |
| … | |
… | |
| 623 | revents); |
639 | revents); |
| 624 | exit (EXIT_FAILURE); |
640 | exit (EXIT_FAILURE); |
| 625 | } |
641 | } |
| 626 | } |
642 | } |
| 627 | |
643 | |
| 628 | void |
644 | inline void |
| 629 | vpn::tap_ev (ev::io &w, int revents) |
645 | vpn::tap_ev (ev::io &w, int revents) |
| 630 | { |
646 | { |
| 631 | if (revents & EV_READ) |
647 | if (revents & EV_READ) |
| 632 | { |
648 | { |
| 633 | /* process data */ |
649 | /* process data */ |
| … | |
… | |
| 665 | } |
681 | } |
| 666 | else |
682 | else |
| 667 | abort (); |
683 | abort (); |
| 668 | } |
684 | } |
| 669 | |
685 | |
| 670 | void |
686 | inline void |
| 671 | vpn::event_cb (ev::timer &w, int) |
687 | vpn::event_cb (ev::timer &w, int) |
| 672 | { |
688 | { |
| 673 | if (events) |
689 | if (events) |
| 674 | { |
690 | { |
| 675 | if (events & EVENT_SHUTDOWN) |
691 | if (events & EVENT_SHUTDOWN) |
| … | |
… | |
| 776 | |
792 | |
| 777 | slog (L_NOTICE, _("END status dump")); |
793 | slog (L_NOTICE, _("END status dump")); |
| 778 | } |
794 | } |
| 779 | |
795 | |
| 780 | vpn::vpn (void) |
796 | vpn::vpn (void) |
|
|
797 | { |
| 781 | : event (this, &vpn::event_cb) |
798 | event .set<vpn, &vpn::event_cb > (this); |
| 782 | , udpv4_ev_watcher (this, &vpn::udpv4_ev) |
799 | udpv4_ev_watcher .set<vpn, &vpn::udpv4_ev > (this); |
| 783 | , ipv4_ev_watcher (this, &vpn::ipv4_ev) |
800 | ipv4_ev_watcher .set<vpn, &vpn::ipv4_ev > (this); |
| 784 | #if ENABLE_TCP |
801 | #if ENABLE_TCP |
| 785 | , tcpv4_ev_watcher (this, &vpn::tcpv4_ev) |
802 | tcpv4_ev_watcher .set<vpn, &vpn::tcpv4_ev > (this); |
| 786 | #endif |
803 | #endif |
| 787 | #if ENABLE_ICMP |
804 | #if ENABLE_ICMP |
| 788 | , icmpv4_ev_watcher(this, &vpn::icmpv4_ev) |
805 | icmpv4_ev_watcher.set<vpn, &vpn::icmpv4_ev> (this); |
| 789 | #endif |
806 | #endif |
| 790 | #if ENABLE_DNS |
807 | #if ENABLE_DNS |
| 791 | , dnsv4_ev_watcher (this, &vpn::dnsv4_ev) |
808 | dnsv4_ev_watcher .set<vpn, &vpn::dnsv4_ev > (this); |
| 792 | #endif |
809 | #endif |
| 793 | , tap_ev_watcher (this, &vpn::tap_ev) |
810 | tap_ev_watcher .set<vpn, &vpn::tap_ev > (this); |
| 794 | { |
|
|
| 795 | } |
811 | } |
| 796 | |
812 | |
| 797 | vpn::~vpn () |
813 | vpn::~vpn () |
| 798 | { |
814 | { |
| 799 | } |
815 | } |
