1 | /* |
1 | /* |
2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
|
|
3 | Copyright (C) 2003 Marc Lehmann <pcg@goof.com> |
3 | |
4 | |
4 | This program is free software; you can redistribute it and/or modify |
5 | This program is free software; you can redistribute it and/or modify |
5 | it under the terms of the GNU General Public License as published by |
6 | it under the terms of the GNU General Public License as published by |
6 | the Free Software Foundation; either version 2 of the License, or |
7 | the Free Software Foundation; either version 2 of the License, or |
7 | (at your option) any later version. |
8 | (at your option) any later version. |
… | |
… | |
24 | #include <cstring> |
25 | #include <cstring> |
25 | #include <cstdio> |
26 | #include <cstdio> |
26 | |
27 | |
27 | #include <sys/types.h> |
28 | #include <sys/types.h> |
28 | #include <sys/socket.h> |
29 | #include <sys/socket.h> |
29 | #include <sys/poll.h> |
|
|
30 | #include <sys/wait.h> |
30 | #include <sys/wait.h> |
31 | #include <errno.h> |
31 | #include <errno.h> |
32 | #include <time.h> |
32 | #include <time.h> |
33 | #include <unistd.h> |
33 | #include <unistd.h> |
34 | #include <fcntl.h> |
34 | #include <fcntl.h> |
… | |
… | |
39 | #include "pidfile.h" |
39 | #include "pidfile.h" |
40 | |
40 | |
41 | #include "connection.h" |
41 | #include "connection.h" |
42 | #include "util.h" |
42 | #include "util.h" |
43 | #include "vpn.h" |
43 | #include "vpn.h" |
|
|
44 | |
|
|
45 | vpn network; // THE vpn (bad design...) |
44 | |
46 | |
45 | ///////////////////////////////////////////////////////////////////////////// |
47 | ///////////////////////////////////////////////////////////////////////////// |
46 | |
48 | |
47 | const char *vpn::script_if_up () |
49 | const char *vpn::script_if_up () |
48 | { |
50 | { |
… | |
… | |
336 | |
338 | |
337 | return true; |
339 | return true; |
338 | } |
340 | } |
339 | |
341 | |
340 | void |
342 | void |
|
|
343 | vpn::inject_data_packet (tap_packet *pkt, int dst) |
|
|
344 | { |
|
|
345 | if (dst) |
|
|
346 | { |
|
|
347 | // unicast |
|
|
348 | if (dst != THISNODE->id) |
|
|
349 | conns[dst - 1]->inject_data_packet (pkt); |
|
|
350 | } |
|
|
351 | else |
|
|
352 | { |
|
|
353 | // broadcast, this is ugly, but due to the security policy |
|
|
354 | // we have to connect to all hosts... |
|
|
355 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
|
|
356 | if ((*c)->conf != THISNODE) |
|
|
357 | (*c)->inject_data_packet (pkt, true); |
|
|
358 | } |
|
|
359 | } |
|
|
360 | |
|
|
361 | void |
341 | vpn::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
362 | vpn::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
342 | { |
363 | { |
343 | unsigned int src = pkt->src (); |
364 | unsigned int src = pkt->src (); |
344 | unsigned int dst = pkt->dst (); |
365 | unsigned int dst = pkt->dst (); |
345 | |
366 | |
… | |
… | |
359 | connection *c = conns[src - 1]; |
380 | connection *c = conns[src - 1]; |
360 | |
381 | |
361 | if (dst == 0) |
382 | if (dst == 0) |
362 | slog (L_WARN, _("%s(%s): received broadcast (protocol violation)"), |
383 | slog (L_WARN, _("%s(%s): received broadcast (protocol violation)"), |
363 | c->conf->nodename, (const char *)rsi); |
384 | c->conf->nodename, (const char *)rsi); |
364 | else if (dst != 0 && dst != THISNODE->id) |
385 | else if (dst != THISNODE->id) |
365 | { |
386 | { |
366 | if (THISNODE->routerprio) |
387 | if (THISNODE->routerprio) |
367 | // the tos setting gets lost here. who cares. |
388 | // the tos setting gets lost here. who cares. |
368 | conns[dst - 1]->inject_vpn_packet (pkt); |
389 | conns[dst - 1]->inject_vpn_packet (pkt); |
369 | else |
390 | else |
… | |
… | |
530 | /* process data */ |
551 | /* process data */ |
531 | tap_packet *pkt; |
552 | tap_packet *pkt; |
532 | |
553 | |
533 | pkt = tap->recv (); |
554 | pkt = tap->recv (); |
534 | |
555 | |
|
|
556 | if (!pkt) |
|
|
557 | return; |
|
|
558 | |
|
|
559 | if (pkt->len > 14) |
|
|
560 | { |
535 | int dst = mac2id (pkt->dst); |
561 | int dst = mac2id (pkt->dst); |
536 | int src = mac2id (pkt->src); |
562 | int src = mac2id (pkt->src); |
537 | |
563 | |
538 | if (src != THISNODE->id) |
564 | if (src != THISNODE->id) |
539 | { |
|
|
540 | slog (L_ERR, _("FATAL: tap packet not originating on current node received, exiting.")); |
|
|
541 | exit (1); |
|
|
542 | } |
|
|
543 | |
|
|
544 | if (dst == THISNODE->id) |
|
|
545 | { |
|
|
546 | slog (L_ERR, _("FATAL: tap packet destined for current node received, exiting.")); |
|
|
547 | exit (1); |
|
|
548 | } |
|
|
549 | |
|
|
550 | if (dst > conns.size ()) |
|
|
551 | slog (L_ERR, _("tap packet for unknown node %d received, ignoring."), dst); |
|
|
552 | else |
|
|
553 | { |
|
|
554 | if (dst) |
|
|
555 | { |
565 | { |
556 | // unicast |
566 | slog (L_ERR, _("FATAL: tap packet not originating on current node received, exiting.")); |
557 | if (dst != THISNODE->id) |
567 | exit (1); |
558 | conns[dst - 1]->inject_data_packet (pkt); |
|
|
559 | } |
568 | } |
|
|
569 | |
|
|
570 | if (dst == THISNODE->id) |
|
|
571 | { |
|
|
572 | slog (L_ERR, _("FATAL: tap packet destined for current node received, exiting.")); |
|
|
573 | exit (1); |
|
|
574 | } |
|
|
575 | |
|
|
576 | if (dst > conns.size ()) |
|
|
577 | slog (L_ERR, _("tap packet for unknown node %d received, ignoring."), dst); |
560 | else |
578 | else |
561 | { |
|
|
562 | // broadcast, this is ugly, but due to the security policy |
|
|
563 | // we have to connect to all hosts... |
|
|
564 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
|
|
565 | if ((*c)->conf != THISNODE) |
|
|
566 | (*c)->inject_data_packet (pkt); |
579 | inject_data_packet (pkt, dst); |
567 | } |
|
|
568 | } |
580 | } |
569 | |
581 | |
570 | delete pkt; |
582 | delete pkt; |
571 | } |
583 | } |
572 | else if (revents & (POLLHUP | POLLERR)) |
584 | else if (revents & (POLLHUP | POLLERR)) |