| 1 | /* |
1 | /* |
| 2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
| 3 | Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
| 4 | |
4 | |
| 5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
| 6 | |
6 | |
| 7 | GVPE is free software; you can redistribute it and/or modify |
7 | GVPE is free software; you can redistribute it and/or modify it |
| 8 | it under the terms of the GNU General Public License as published by |
8 | under the terms of the GNU General Public License as published by the |
| 9 | the Free Software Foundation; either version 2 of the License, or |
9 | Free Software Foundation; either version 3 of the License, or (at your |
| 10 | (at your option) any later version. |
10 | option) any later version. |
| 11 | |
11 | |
| 12 | This program is distributed in the hope that it will be useful, |
12 | This program is distributed in the hope that it will be useful, but |
| 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General |
| 15 | GNU General Public License for more details. |
15 | Public License for more details. |
| 16 | |
16 | |
| 17 | You should have received a copy of the GNU General Public License |
17 | You should have received a copy of the GNU General Public License along |
| 18 | along with gvpe; if not, write to the Free Software |
18 | with this program; if not, see <http://www.gnu.org/licenses/>. |
| 19 | Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
19 | |
|
|
20 | Additional permission under GNU GPL version 3 section 7 |
|
|
21 | |
|
|
22 | If you modify this Program, or any covered work, by linking or |
|
|
23 | combining it with the OpenSSL project's OpenSSL library (or a modified |
|
|
24 | version of that library), containing parts covered by the terms of the |
|
|
25 | OpenSSL or SSLeay licenses, the licensors of this Program grant you |
|
|
26 | additional permission to convey the resulting work. Corresponding |
|
|
27 | Source for a non-source form of such a combination shall include the |
|
|
28 | source code for the parts of OpenSSL used as well as that of the |
|
|
29 | covered work. |
| 20 | */ |
30 | */ |
| 21 | |
31 | |
| 22 | #include "config.h" |
32 | #include "config.h" |
| 23 | |
33 | |
| 24 | #include <list> |
34 | #include <list> |
| … | |
… | |
| 46 | |
56 | |
| 47 | vpn network; // THE vpn (bad design...) |
57 | vpn network; // THE vpn (bad design...) |
| 48 | |
58 | |
| 49 | ///////////////////////////////////////////////////////////////////////////// |
59 | ///////////////////////////////////////////////////////////////////////////// |
| 50 | |
60 | |
|
|
61 | static void inline |
|
|
62 | set_tos (int fd, int &tos_prev, int tos) |
|
|
63 | { |
|
|
64 | #if defined(SOL_IP) && defined(IP_TOS) |
|
|
65 | if (tos_prev == tos) |
|
|
66 | return; |
|
|
67 | |
|
|
68 | tos_prev = tos; |
|
|
69 | setsockopt (fd, SOL_IP, IP_TOS, &tos, sizeof tos); |
|
|
70 | #endif |
|
|
71 | } |
|
|
72 | |
| 51 | void |
73 | void |
| 52 | vpn::script_init_env () |
74 | vpn::script_init_env () |
| 53 | { |
75 | { |
| 54 | // the tunnel device mtu should be the physical mtu - overhead |
76 | // the tunnel device mtu should be the physical mtu - overhead |
| 55 | // the tricky part is rounding to the cipher key blocksize |
77 | // the tricky part is rounding to the cipher key blocksize |
| … | |
… | |
| 58 | mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round |
80 | mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round |
| 59 | mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again |
81 | mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again |
| 60 | |
82 | |
| 61 | char *env; |
83 | char *env; |
| 62 | asprintf (&env, "CONFBASE=%s", confbase); putenv (env); |
84 | asprintf (&env, "CONFBASE=%s", confbase); putenv (env); |
| 63 | asprintf (&env, "NODENAME=%s", THISNODE->nodename); putenv (env); |
|
|
| 64 | asprintf (&env, "NODEID=%d", THISNODE->id); putenv (env); |
|
|
| 65 | asprintf (&env, "IFNAME=%s", tap->interface ()); putenv (env); |
85 | asprintf (&env, "IFNAME=%s", tap->interface ()); putenv (env); |
| 66 | asprintf (&env, "IFTYPE=%s", IFTYPE); putenv (env); |
86 | asprintf (&env, "IFTYPE=%s", IFTYPE); putenv (env); |
| 67 | asprintf (&env, "IFSUBTYPE=%s", IFSUBTYPE); putenv (env); |
87 | asprintf (&env, "IFSUBTYPE=%s", IFSUBTYPE); putenv (env); |
| 68 | asprintf (&env, "MTU=%d", mtu); putenv (env); |
88 | asprintf (&env, "MTU=%d", mtu); putenv (env); |
| 69 | asprintf (&env, "MAC=%02x:%02x:%02x:%02x:%02x:%02x", |
89 | asprintf (&env, "NODES=%d", conns.size ()); putenv (env); |
| 70 | 0xfe, 0xfd, 0x80, 0x00, THISNODE->id >> 8, |
90 | asprintf (&env, "NODEID=%d", THISNODE->id); putenv (env); |
| 71 | THISNODE->id & 0xff); putenv (env); |
|
|
| 72 | |
91 | |
| 73 | // TODO: info for other nodes, maybe? |
92 | conns [THISNODE->id - 1]->script_init_env (""); |
| 74 | } |
|
|
| 75 | |
93 | |
|
|
94 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
|
|
95 | { |
|
|
96 | char ext[16]; |
|
|
97 | snprintf (ext, 16, "_%d", (*c)->conf->id); |
|
|
98 | (*c)->script_init_env (ext); |
|
|
99 | } |
|
|
100 | } |
|
|
101 | |
|
|
102 | inline const char * |
| 76 | const char *vpn::script_if_init () |
103 | vpn::script_if_init () |
| 77 | { |
104 | { |
| 78 | script_init_env (); |
105 | script_init_env (); |
| 79 | |
106 | |
| 80 | return tap->if_up (); |
107 | return tap->if_up (); |
| 81 | } |
108 | } |
| 82 | |
109 | |
|
|
110 | inline const char * |
| 83 | const char *vpn::script_if_up () |
111 | vpn::script_if_up () |
| 84 | { |
112 | { |
| 85 | script_init_env (); |
113 | script_init_env (); |
| 86 | |
114 | |
| 87 | char *filename; |
115 | char *filename; |
| 88 | asprintf (&filename, |
116 | asprintf (&filename, |
| … | |
… | |
| 94 | } |
122 | } |
| 95 | |
123 | |
| 96 | int |
124 | int |
| 97 | vpn::setup () |
125 | vpn::setup () |
| 98 | { |
126 | { |
|
|
127 | ipv4_tos = -1; |
| 99 | ipv4_fd = -1; |
128 | ipv4_fd = -1; |
| 100 | |
129 | |
| 101 | if (THISNODE->protocols & PROT_IPv4 && ::conf.ip_proto) |
130 | if (THISNODE->protocols & PROT_IPv4 && ::conf.ip_proto) |
| 102 | { |
131 | { |
| 103 | ipv4_fd = socket (PF_INET, SOCK_RAW, ::conf.ip_proto); |
132 | ipv4_fd = socket (PF_INET, SOCK_RAW, ::conf.ip_proto); |
| 104 | |
133 | |
| 105 | if (ipv4_fd < 0) |
134 | if (ipv4_fd < 0) |
| 106 | return -1; |
135 | return -1; |
| 107 | |
136 | |
| 108 | fcntl (ipv4_fd, F_SETFL, O_NONBLOCK); |
137 | fcntl (ipv4_fd, F_SETFL, O_NONBLOCK); |
|
|
138 | fcntl (ipv4_fd, F_SETFD, FD_CLOEXEC); |
| 109 | |
139 | |
| 110 | #if defined(SOL_IP) && defined(IP_MTU_DISCOVER) |
140 | #if defined(SOL_IP) && defined(IP_MTU_DISCOVER) |
| 111 | // this I really consider a linux bug. I am neither connected |
141 | // this I really consider a linux bug. I am neither connected |
| 112 | // nor do I fragment myself. Linux still sets DF and doesn't |
142 | // nor do I fragment myself. Linux still sets DF and doesn't |
| 113 | // fragment for me sometimes. |
143 | // fragment for me sometimes. |
| … | |
… | |
| 123 | { |
153 | { |
| 124 | slog (L_ERR, _("can't bind ipv4 socket on %s: %s"), (const char *)si, strerror (errno)); |
154 | slog (L_ERR, _("can't bind ipv4 socket on %s: %s"), (const char *)si, strerror (errno)); |
| 125 | exit (EXIT_FAILURE); |
155 | exit (EXIT_FAILURE); |
| 126 | } |
156 | } |
| 127 | |
157 | |
| 128 | ipv4_ev_watcher.start (ipv4_fd, EVENT_READ); |
158 | ipv4_ev_watcher.start (ipv4_fd, EV_READ); |
| 129 | } |
159 | } |
| 130 | |
160 | |
|
|
161 | udpv4_tos = -1; |
| 131 | udpv4_fd = -1; |
162 | udpv4_fd = -1; |
| 132 | |
163 | |
| 133 | if (THISNODE->protocols & PROT_UDPv4 && THISNODE->udp_port) |
164 | if (THISNODE->protocols & PROT_UDPv4 && THISNODE->udp_port) |
| 134 | { |
165 | { |
| 135 | udpv4_fd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP); |
166 | udpv4_fd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP); |
| 136 | |
167 | |
| 137 | if (udpv4_fd < 0) |
168 | if (udpv4_fd < 0) |
| 138 | return -1; |
169 | return -1; |
| 139 | |
170 | |
| 140 | fcntl (udpv4_fd, F_SETFL, O_NONBLOCK); |
171 | fcntl (udpv4_fd, F_SETFL, O_NONBLOCK); |
|
|
172 | fcntl (udpv4_fd, F_SETFD, FD_CLOEXEC); |
| 141 | |
173 | |
| 142 | // standard daemon practise... |
174 | // standard daemon practise... |
| 143 | { |
175 | { |
| 144 | int oval = 1; |
176 | int oval = 1; |
| 145 | setsockopt (udpv4_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval); |
177 | setsockopt (udpv4_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval); |
| … | |
… | |
| 161 | { |
193 | { |
| 162 | slog (L_ERR, _("can't bind udpv4 on %s: %s"), (const char *)si, strerror (errno)); |
194 | slog (L_ERR, _("can't bind udpv4 on %s: %s"), (const char *)si, strerror (errno)); |
| 163 | exit (EXIT_FAILURE); |
195 | exit (EXIT_FAILURE); |
| 164 | } |
196 | } |
| 165 | |
197 | |
| 166 | udpv4_ev_watcher.start (udpv4_fd, EVENT_READ); |
198 | udpv4_ev_watcher.start (udpv4_fd, EV_READ); |
| 167 | } |
199 | } |
| 168 | |
200 | |
|
|
201 | icmpv4_tos = -1; |
| 169 | icmpv4_fd = -1; |
202 | icmpv4_fd = -1; |
| 170 | |
203 | |
| 171 | #if ENABLE_ICMP |
204 | #if ENABLE_ICMP |
| 172 | if (THISNODE->protocols & PROT_ICMPv4) |
205 | if (THISNODE->protocols & PROT_ICMPv4) |
| 173 | { |
206 | { |
| 174 | icmpv4_fd = socket (PF_INET, SOCK_RAW, IPPROTO_ICMP); |
207 | icmpv4_fd = socket (PF_INET, SOCK_RAW, IPPROTO_ICMP); |
| 175 | |
208 | |
| 176 | if (icmpv4_fd < 0) |
209 | if (icmpv4_fd < 0) |
| 177 | return -1; |
210 | return -1; |
| 178 | |
211 | |
| 179 | fcntl (icmpv4_fd, F_SETFL, O_NONBLOCK); |
212 | fcntl (icmpv4_fd, F_SETFL, O_NONBLOCK); |
|
|
213 | fcntl (icmpv4_fd, F_SETFD, FD_CLOEXEC); |
| 180 | |
214 | |
| 181 | #ifdef ICMP_FILTER |
215 | #ifdef ICMP_FILTER |
| 182 | { |
216 | { |
| 183 | icmp_filter oval; |
217 | icmp_filter oval; |
| 184 | oval.data = 0xffffffff; |
218 | oval.data = 0xffffffff; |
| … | |
… | |
| 193 | // this I really consider a linux bug. I am neither connected |
227 | // this I really consider a linux bug. I am neither connected |
| 194 | // nor do I fragment myself. Linux still sets DF and doesn't |
228 | // nor do I fragment myself. Linux still sets DF and doesn't |
| 195 | // fragment for me sometimes. |
229 | // fragment for me sometimes. |
| 196 | { |
230 | { |
| 197 | int oval = IP_PMTUDISC_DONT; |
231 | int oval = IP_PMTUDISC_DONT; |
| 198 | setsockopt (udpv4_fd, SOL_IP, IP_MTU_DISCOVER, &oval, sizeof oval); |
232 | setsockopt (icmpv4_fd, SOL_IP, IP_MTU_DISCOVER, &oval, sizeof oval); |
| 199 | } |
233 | } |
| 200 | #endif |
234 | #endif |
| 201 | |
235 | |
| 202 | sockinfo si (THISNODE, PROT_ICMPv4); |
236 | sockinfo si (THISNODE, PROT_ICMPv4); |
| 203 | |
237 | |
| … | |
… | |
| 205 | { |
239 | { |
| 206 | slog (L_ERR, _("can't bind icmpv4 on %s: %s"), (const char *)si, strerror (errno)); |
240 | slog (L_ERR, _("can't bind icmpv4 on %s: %s"), (const char *)si, strerror (errno)); |
| 207 | exit (EXIT_FAILURE); |
241 | exit (EXIT_FAILURE); |
| 208 | } |
242 | } |
| 209 | |
243 | |
| 210 | icmpv4_ev_watcher.start (icmpv4_fd, EVENT_READ); |
244 | icmpv4_ev_watcher.start (icmpv4_fd, EV_READ); |
| 211 | } |
245 | } |
| 212 | #endif |
246 | #endif |
| 213 | |
247 | |
| 214 | tcpv4_fd = -1; |
248 | tcpv4_fd = -1; |
| 215 | |
249 | |
| … | |
… | |
| 220 | |
254 | |
| 221 | if (tcpv4_fd < 0) |
255 | if (tcpv4_fd < 0) |
| 222 | return -1; |
256 | return -1; |
| 223 | |
257 | |
| 224 | fcntl (tcpv4_fd, F_SETFL, O_NONBLOCK); |
258 | fcntl (tcpv4_fd, F_SETFL, O_NONBLOCK); |
|
|
259 | fcntl (tcpv4_fd, F_SETFD, FD_CLOEXEC); |
| 225 | |
260 | |
| 226 | // standard daemon practise... |
261 | // standard daemon practise... |
| 227 | { |
262 | { |
| 228 | int oval = 1; |
263 | int oval = 1; |
| 229 | setsockopt (tcpv4_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval); |
264 | setsockopt (tcpv4_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval); |
| … | |
… | |
| 241 | { |
276 | { |
| 242 | slog (L_ERR, _("can't listen tcpv4 on %s: %s"), (const char *)si, strerror (errno)); |
277 | slog (L_ERR, _("can't listen tcpv4 on %s: %s"), (const char *)si, strerror (errno)); |
| 243 | exit (EXIT_FAILURE); |
278 | exit (EXIT_FAILURE); |
| 244 | } |
279 | } |
| 245 | |
280 | |
| 246 | tcpv4_ev_watcher.start (tcpv4_fd, EVENT_READ); |
281 | tcpv4_ev_watcher.start (tcpv4_fd, EV_READ); |
| 247 | } |
282 | } |
| 248 | #endif |
283 | #endif |
|
|
284 | |
|
|
285 | dnsv4_tos = -1; |
|
|
286 | dnsv4_fd = -1; |
| 249 | |
287 | |
| 250 | #if ENABLE_DNS |
288 | #if ENABLE_DNS |
| 251 | if (THISNODE->protocols & PROT_DNSv4) |
289 | if (THISNODE->protocols & PROT_DNSv4) |
| 252 | { |
290 | { |
| 253 | dns_forwarder.set (::conf.dns_forw_host, ::conf.dns_forw_port, PROT_DNSv4); |
291 | dns_forwarder.set (::conf.dns_forw_host, ::conf.dns_forw_port, PROT_DNSv4); |
| … | |
… | |
| 255 | dnsv4_fd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP); |
293 | dnsv4_fd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP); |
| 256 | |
294 | |
| 257 | if (dnsv4_fd < 0) |
295 | if (dnsv4_fd < 0) |
| 258 | return -1; |
296 | return -1; |
| 259 | |
297 | |
|
|
298 | fcntl (dnsv4_fd, F_SETFL, O_NONBLOCK); |
|
|
299 | fcntl (dnsv4_fd, F_SETFD, FD_CLOEXEC); |
|
|
300 | |
| 260 | #if defined(SOL_IP) && defined(IP_MTU_DISCOVER) |
301 | # if defined(SOL_IP) && defined(IP_MTU_DISCOVER) |
| 261 | // this I really consider a linux bug. I am neither connected |
302 | // this I really consider a linux bug. I am neither connected |
| 262 | // nor do I fragment myself. Linux still sets DF and doesn't |
303 | // nor do I fragment myself. Linux still sets DF and doesn't |
| 263 | // fragment for me sometimes. |
304 | // fragment for me sometimes. |
| 264 | { |
305 | { |
| 265 | int oval = IP_PMTUDISC_DONT; |
306 | int oval = IP_PMTUDISC_DONT; |
| 266 | setsockopt (udpv4_fd, SOL_IP, IP_MTU_DISCOVER, &oval, sizeof oval); |
307 | setsockopt (dnsv4_fd, SOL_IP, IP_MTU_DISCOVER, &oval, sizeof oval); |
| 267 | } |
308 | } |
| 268 | #endif |
309 | # endif |
| 269 | |
310 | |
| 270 | // standard daemon practise... |
311 | // standard daemon practise... |
| 271 | { |
312 | { |
| 272 | int oval = 1; |
313 | int oval = 1; |
| 273 | setsockopt (dnsv4_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval); |
314 | setsockopt (dnsv4_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval); |
| … | |
… | |
| 281 | { |
322 | { |
| 282 | slog (L_ERR, _("can't bind dnsv4 on %s: %s"), (const char *)si, strerror (errno)); |
323 | slog (L_ERR, _("can't bind dnsv4 on %s: %s"), (const char *)si, strerror (errno)); |
| 283 | exit (EXIT_FAILURE); |
324 | exit (EXIT_FAILURE); |
| 284 | } |
325 | } |
| 285 | |
326 | |
| 286 | dnsv4_ev_watcher.start (dnsv4_fd, EVENT_READ); |
327 | dnsv4_ev_watcher.start (dnsv4_fd, EV_READ); |
| 287 | } |
328 | } |
| 288 | #endif |
329 | #endif |
|
|
330 | |
|
|
331 | ///////////////////////////////////////////////////////////////////////////// |
|
|
332 | |
|
|
333 | reconnect_all (); |
|
|
334 | |
|
|
335 | ///////////////////////////////////////////////////////////////////////////// |
| 289 | |
336 | |
| 290 | tap = new tap_device (); |
337 | tap = new tap_device (); |
| 291 | if (!tap) //D this, of course, never catches |
338 | if (!tap) //D this, of course, never catches |
| 292 | { |
339 | { |
| 293 | slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname); |
340 | slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname); |
| 294 | exit (EXIT_FAILURE); |
341 | exit (EXIT_FAILURE); |
| 295 | } |
342 | } |
| 296 | |
343 | |
|
|
344 | fcntl (tap->fd, F_SETFD, FD_CLOEXEC); |
|
|
345 | |
|
|
346 | run_script_cb cb; |
|
|
347 | cb.set<vpn, &vpn::script_if_init> (this); |
|
|
348 | |
| 297 | if (tap->if_up () && |
349 | if (tap->if_up () && |
| 298 | !run_script (run_script_cb (this, &vpn::script_if_init), true)) |
350 | !run_script (cb, true)) |
| 299 | { |
351 | { |
| 300 | slog (L_ERR, _("interface initialization command '%s' failed, exiting."), |
352 | slog (L_ERR, _("interface initialization command '%s' failed, exiting."), |
| 301 | tap->if_up ()); |
353 | tap->if_up ()); |
| 302 | exit (EXIT_FAILURE); |
354 | exit (EXIT_FAILURE); |
| 303 | } |
355 | } |
| 304 | |
356 | |
| 305 | if (!run_script (run_script_cb (this, &vpn::script_if_up), true)) |
357 | cb.set<vpn, &vpn::script_if_up> (this); |
|
|
358 | if (!run_script (cb, true)) |
| 306 | { |
359 | { |
| 307 | slog (L_ERR, _("if-up command execution failed, exiting.")); |
360 | slog (L_ERR, _("if-up command execution failed, exiting.")); |
| 308 | exit (EXIT_FAILURE); |
361 | exit (EXIT_FAILURE); |
| 309 | } |
362 | } |
| 310 | |
363 | |
| 311 | tap_ev_watcher.start (tap->fd, EVENT_READ); |
364 | tap_ev_watcher.start (tap->fd, EV_READ); |
| 312 | |
|
|
| 313 | reconnect_all (); |
|
|
| 314 | |
365 | |
| 315 | return 0; |
366 | return 0; |
| 316 | } |
367 | } |
| 317 | |
368 | |
| 318 | bool |
369 | bool |
| 319 | vpn::send_ipv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
370 | vpn::send_ipv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
| 320 | { |
371 | { |
| 321 | #if defined(SOL_IP) && defined(IP_TOS) |
372 | set_tos (ipv4_fd, ipv4_tos, tos); |
| 322 | setsockopt (ipv4_fd, SOL_IP, IP_TOS, &tos, sizeof tos); |
|
|
| 323 | #endif |
|
|
| 324 | sendto (ipv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); |
373 | sendto (ipv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); |
| 325 | |
374 | |
| 326 | return true; |
375 | return true; |
| 327 | } |
376 | } |
| 328 | |
377 | |
| … | |
… | |
| 351 | |
400 | |
| 352 | #if ENABLE_ICMP |
401 | #if ENABLE_ICMP |
| 353 | bool |
402 | bool |
| 354 | vpn::send_icmpv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
403 | vpn::send_icmpv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
| 355 | { |
404 | { |
| 356 | #if defined(SOL_IP) && defined(IP_TOS) |
|
|
| 357 | setsockopt (icmpv4_fd, SOL_IP, IP_TOS, &tos, sizeof tos); |
|
|
| 358 | #endif |
|
|
| 359 | |
|
|
| 360 | pkt->unshift_hdr (4); |
405 | pkt->unshift_hdr (4); |
| 361 | |
406 | |
| 362 | icmp_header *hdr = (icmp_header *)&((*pkt)[0]); |
407 | icmp_header *hdr = (icmp_header *)&((*pkt)[0]); |
| 363 | hdr->type = ::conf.icmp_type; |
408 | hdr->type = ::conf.icmp_type; |
| 364 | hdr->code = 255; |
409 | hdr->code = 255; |
| 365 | hdr->checksum = 0; |
410 | hdr->checksum = 0; |
| 366 | hdr->checksum = ipv4_checksum ((u16 *)hdr, pkt->len); |
411 | hdr->checksum = ipv4_checksum ((u16 *)hdr, pkt->len); |
| 367 | |
412 | |
|
|
413 | set_tos (icmpv4_fd, icmpv4_tos, tos); |
| 368 | sendto (icmpv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); |
414 | sendto (icmpv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); |
| 369 | |
415 | |
| 370 | return true; |
416 | return true; |
| 371 | } |
417 | } |
| 372 | #endif |
418 | #endif |
| 373 | |
419 | |
| 374 | bool |
420 | bool |
| 375 | vpn::send_udpv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
421 | vpn::send_udpv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) |
| 376 | { |
422 | { |
| 377 | #if defined(SOL_IP) && defined(IP_TOS) |
423 | set_tos (udpv4_fd, udpv4_tos, tos); |
| 378 | setsockopt (udpv4_fd, SOL_IP, IP_TOS, &tos, sizeof tos); |
|
|
| 379 | #endif |
|
|
| 380 | sendto (udpv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); |
424 | sendto (udpv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); |
| 381 | |
425 | |
| 382 | return true; |
426 | return true; |
| 383 | } |
427 | } |
| 384 | |
428 | |
| … | |
… | |
| 395 | { |
439 | { |
| 396 | // broadcast, this is ugly, but due to the security policy |
440 | // broadcast, this is ugly, but due to the security policy |
| 397 | // we have to connect to all hosts... |
441 | // we have to connect to all hosts... |
| 398 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
442 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
| 399 | if ((*c)->conf != THISNODE) |
443 | if ((*c)->conf != THISNODE) |
| 400 | (*c)->inject_data_packet (pkt, true); |
444 | (*c)->inject_data_packet (pkt); |
| 401 | } |
445 | } |
| 402 | } |
446 | } |
| 403 | |
447 | |
| 404 | void |
448 | void |
| 405 | vpn::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
449 | vpn::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
| … | |
… | |
| 446 | { |
490 | { |
| 447 | switch (si.prot) |
491 | switch (si.prot) |
| 448 | { |
492 | { |
| 449 | case PROT_IPv4: |
493 | case PROT_IPv4: |
| 450 | return send_ipv4_packet (pkt, si, tos); |
494 | return send_ipv4_packet (pkt, si, tos); |
|
|
495 | |
| 451 | case PROT_UDPv4: |
496 | case PROT_UDPv4: |
| 452 | return send_udpv4_packet (pkt, si, tos); |
497 | return send_udpv4_packet (pkt, si, tos); |
|
|
498 | |
| 453 | #if ENABLE_TCP |
499 | #if ENABLE_TCP |
| 454 | case PROT_TCPv4: |
500 | case PROT_TCPv4: |
| 455 | return send_tcpv4_packet (pkt, si, tos); |
501 | return send_tcpv4_packet (pkt, si, tos); |
| 456 | #endif |
502 | #endif |
| 457 | #if ENABLE_ICMP |
503 | #if ENABLE_ICMP |
| … | |
… | |
| 460 | #endif |
506 | #endif |
| 461 | #if ENABLE_DNS |
507 | #if ENABLE_DNS |
| 462 | case PROT_DNSv4: |
508 | case PROT_DNSv4: |
| 463 | return send_dnsv4_packet (pkt, si, tos); |
509 | return send_dnsv4_packet (pkt, si, tos); |
| 464 | #endif |
510 | #endif |
| 465 | |
|
|
| 466 | default: |
511 | default: |
| 467 | slog (L_CRIT, _("%s: FATAL: trying to send packet with unsupported protocol"), (const char *)si); |
512 | slog (L_CRIT, _("%s: FATAL: trying to send packet with unsupported protocol"), (const char *)si); |
| 468 | } |
513 | } |
| 469 | |
514 | |
| 470 | return false; |
515 | return false; |
| 471 | } |
516 | } |
| 472 | |
517 | |
| 473 | void |
518 | inline void |
| 474 | vpn::ipv4_ev (io_watcher &w, short revents) |
519 | vpn::ipv4_ev (ev::io &w, int revents) |
| 475 | { |
520 | { |
| 476 | if (revents & EVENT_READ) |
521 | if (revents & EV_READ) |
| 477 | { |
522 | { |
| 478 | vpn_packet *pkt = new vpn_packet; |
523 | vpn_packet *pkt = new vpn_packet; |
| 479 | struct sockaddr_in sa; |
524 | struct sockaddr_in sa; |
| 480 | socklen_t sa_len = sizeof (sa); |
525 | socklen_t sa_len = sizeof (sa); |
| 481 | int len; |
526 | int len; |
| … | |
… | |
| 509 | exit (EXIT_FAILURE); |
554 | exit (EXIT_FAILURE); |
| 510 | } |
555 | } |
| 511 | } |
556 | } |
| 512 | |
557 | |
| 513 | #if ENABLE_ICMP |
558 | #if ENABLE_ICMP |
| 514 | void |
559 | inline void |
| 515 | vpn::icmpv4_ev (io_watcher &w, short revents) |
560 | vpn::icmpv4_ev (ev::io &w, int revents) |
| 516 | { |
561 | { |
| 517 | if (revents & EVENT_READ) |
562 | if (revents & EV_READ) |
| 518 | { |
563 | { |
| 519 | vpn_packet *pkt = new vpn_packet; |
564 | vpn_packet *pkt = new vpn_packet; |
| 520 | struct sockaddr_in sa; |
565 | struct sockaddr_in sa; |
| 521 | socklen_t sa_len = sizeof (sa); |
566 | socklen_t sa_len = sizeof (sa); |
| 522 | int len; |
567 | int len; |
| … | |
… | |
| 557 | exit (EXIT_FAILURE); |
602 | exit (EXIT_FAILURE); |
| 558 | } |
603 | } |
| 559 | } |
604 | } |
| 560 | #endif |
605 | #endif |
| 561 | |
606 | |
| 562 | void |
607 | inline void |
| 563 | vpn::udpv4_ev (io_watcher &w, short revents) |
608 | vpn::udpv4_ev (ev::io &w, int revents) |
| 564 | { |
609 | { |
| 565 | if (revents & EVENT_READ) |
610 | if (revents & EV_READ) |
| 566 | { |
611 | { |
| 567 | vpn_packet *pkt = new vpn_packet; |
612 | vpn_packet *pkt = new vpn_packet; |
| 568 | struct sockaddr_in sa; |
613 | struct sockaddr_in sa; |
| 569 | socklen_t sa_len = sizeof (sa); |
614 | socklen_t sa_len = sizeof (sa); |
| 570 | int len; |
615 | int len; |
| … | |
… | |
| 594 | revents); |
639 | revents); |
| 595 | exit (EXIT_FAILURE); |
640 | exit (EXIT_FAILURE); |
| 596 | } |
641 | } |
| 597 | } |
642 | } |
| 598 | |
643 | |
| 599 | void |
644 | inline void |
| 600 | vpn::tap_ev (io_watcher &w, short revents) |
645 | vpn::tap_ev (ev::io &w, int revents) |
| 601 | { |
646 | { |
| 602 | if (revents & EVENT_READ) |
647 | if (revents & EV_READ) |
| 603 | { |
648 | { |
| 604 | /* process data */ |
649 | /* process data */ |
| 605 | tap_packet *pkt; |
650 | tap_packet *pkt; |
| 606 | |
651 | |
| 607 | pkt = tap->recv (); |
652 | pkt = tap->recv (); |
| … | |
… | |
| 636 | } |
681 | } |
| 637 | else |
682 | else |
| 638 | abort (); |
683 | abort (); |
| 639 | } |
684 | } |
| 640 | |
685 | |
| 641 | void |
686 | inline void |
| 642 | vpn::event_cb (time_watcher &w) |
687 | vpn::event_cb (ev::timer &w, int) |
| 643 | { |
688 | { |
| 644 | if (events) |
689 | if (events) |
| 645 | { |
690 | { |
| 646 | if (events & EVENT_SHUTDOWN) |
691 | if (events & EVENT_SHUTDOWN) |
| 647 | { |
692 | { |
| … | |
… | |
| 731 | slog (L_NOTICE, _("node %s (id %d)"), conf->nodename, conf->id); |
776 | slog (L_NOTICE, _("node %s (id %d)"), conf->nodename, conf->id); |
| 732 | slog (L_NOTICE, _(" connectmode %d (%d) / sockaddr %s / minor %d"), |
777 | slog (L_NOTICE, _(" connectmode %d (%d) / sockaddr %s / minor %d"), |
| 733 | connectmode, conf->connectmode, (const char *)si, (int)prot_minor); |
778 | connectmode, conf->connectmode, (const char *)si, (int)prot_minor); |
| 734 | slog (L_NOTICE, _(" ictx/octx %08lx/%08lx / oseqno %d / retry_cnt %d"), |
779 | slog (L_NOTICE, _(" ictx/octx %08lx/%08lx / oseqno %d / retry_cnt %d"), |
| 735 | (long)ictx, (long)octx, (int)oseqno, (int)retry_cnt); |
780 | (long)ictx, (long)octx, (int)oseqno, (int)retry_cnt); |
| 736 | slog (L_NOTICE, _(" establish_conn %ld / rekey %ld / keepalive %ld"), |
|
|
| 737 | (long)(establish_connection.at), (long)(rekey.at), (long)(keepalive.at)); |
|
|
| 738 | } |
781 | } |
| 739 | |
782 | |
| 740 | void |
783 | void |
| 741 | vpn::dump_status () |
784 | vpn::dump_status () |
| 742 | { |
785 | { |
| 743 | slog (L_NOTICE, _("BEGIN status dump (%ld)"), (long)NOW); |
786 | slog (L_NOTICE, _("BEGIN status dump (%ld)"), (long)ev_now ()); |
| 744 | |
787 | |
| 745 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
788 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
| 746 | (*c)->dump_status (); |
789 | (*c)->dump_status (); |
| 747 | |
790 | |
| 748 | slog (L_NOTICE, _("END status dump")); |
791 | slog (L_NOTICE, _("END status dump")); |
| 749 | } |
792 | } |
| 750 | |
793 | |
| 751 | vpn::vpn (void) |
794 | vpn::vpn (void) |
|
|
795 | { |
| 752 | : event (this, &vpn::event_cb) |
796 | event .set<vpn, &vpn::event_cb > (this); |
| 753 | , udpv4_ev_watcher (this, &vpn::udpv4_ev) |
797 | udpv4_ev_watcher .set<vpn, &vpn::udpv4_ev > (this); |
| 754 | , ipv4_ev_watcher (this, &vpn::ipv4_ev) |
798 | ipv4_ev_watcher .set<vpn, &vpn::ipv4_ev > (this); |
| 755 | #if ENABLE_TCP |
799 | #if ENABLE_TCP |
| 756 | , tcpv4_ev_watcher (this, &vpn::tcpv4_ev) |
800 | tcpv4_ev_watcher .set<vpn, &vpn::tcpv4_ev > (this); |
| 757 | #endif |
801 | #endif |
| 758 | #if ENABLE_ICMP |
802 | #if ENABLE_ICMP |
| 759 | , icmpv4_ev_watcher(this, &vpn::icmpv4_ev) |
803 | icmpv4_ev_watcher.set<vpn, &vpn::icmpv4_ev> (this); |
| 760 | #endif |
804 | #endif |
| 761 | #if ENABLE_DNS |
805 | #if ENABLE_DNS |
| 762 | , dnsv4_ev_watcher (this, &vpn::dnsv4_ev) |
806 | dnsv4_ev_watcher .set<vpn, &vpn::dnsv4_ev > (this); |
| 763 | #endif |
807 | #endif |
| 764 | , tap_ev_watcher (this, &vpn::tap_ev) |
808 | tap_ev_watcher .set<vpn, &vpn::tap_ev > (this); |
| 765 | { |
|
|
| 766 | } |
809 | } |
| 767 | |
810 | |
| 768 | vpn::~vpn () |
811 | vpn::~vpn () |
| 769 | { |
812 | { |
| 770 | } |
813 | } |
