| 1 | /* |
1 | /* |
| 2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
| 3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008,2010,2011 Marc Lehmann <gvpe@schmorp.de> |
| 4 | |
4 | |
| 5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
| 6 | |
6 | |
| 7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
| 8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
| … | |
… | |
| 135 | fcntl (fd, F_SETFL, O_NONBLOCK); |
135 | fcntl (fd, F_SETFL, O_NONBLOCK); |
| 136 | fcntl (fd, F_SETFD, FD_CLOEXEC); |
136 | fcntl (fd, F_SETFD, FD_CLOEXEC); |
| 137 | |
137 | |
| 138 | #ifdef SO_MARK |
138 | #ifdef SO_MARK |
| 139 | if (::conf.nfmark) |
139 | if (::conf.nfmark) |
| 140 | setsockopt (ipv4_fd, SOL_SOCKET, SO_MARK, &::conf.nfmark, sizeof ::conf.nfmark); |
140 | if (setsockopt (fd, SOL_SOCKET, SO_MARK, &::conf.nfmark, sizeof ::conf.nfmark)) |
|
|
141 | slog (L_WARN, _("unable to set nfmark on %s socket: %s"), strprotocol (prot), strerror (errno)); |
| 141 | #endif |
142 | #endif |
| 142 | |
143 | |
| 143 | return fd; |
144 | return fd; |
| 144 | } |
145 | } |
| 145 | |
146 | |
| … | |
… | |
| 520 | return send_ipv4_packet (pkt, si, tos); |
521 | return send_ipv4_packet (pkt, si, tos); |
| 521 | |
522 | |
| 522 | case PROT_UDPv4: |
523 | case PROT_UDPv4: |
| 523 | return send_udpv4_packet (pkt, si, tos); |
524 | return send_udpv4_packet (pkt, si, tos); |
| 524 | |
525 | |
| 525 | #if ENABLE_TCP |
526 | #if ENABLE_TCP |
| 526 | case PROT_TCPv4: |
527 | case PROT_TCPv4: |
| 527 | return send_tcpv4_packet (pkt, si, tos); |
528 | return send_tcpv4_packet (pkt, si, tos); |
| 528 | #endif |
529 | #endif |
| 529 | #if ENABLE_ICMP |
530 | #if ENABLE_ICMP |
| 530 | case PROT_ICMPv4: |
531 | case PROT_ICMPv4: |
| … | |
… | |
| 558 | if (len > 0) |
559 | if (len > 0) |
| 559 | { |
560 | { |
| 560 | pkt->len = len; |
561 | pkt->len = len; |
| 561 | |
562 | |
| 562 | // raw sockets deliver the ipv4 header, but don't expect it on sends |
563 | // raw sockets deliver the ipv4 header, but don't expect it on sends |
| 563 | pkt->skip_hdr (IP_OVERHEAD); |
564 | pkt->skip_ipv4_hdr (); |
| 564 | |
565 | |
| 565 | recv_vpn_packet (pkt, si); |
566 | recv_vpn_packet (pkt, si); |
| 566 | } |
567 | } |
| 567 | else |
568 | else |
| 568 | { |
569 | { |
| … | |
… | |
| 605 | if (hdr->type == ::conf.icmp_type |
606 | if (hdr->type == ::conf.icmp_type |
| 606 | && hdr->code == 255) |
607 | && hdr->code == 255) |
| 607 | { |
608 | { |
| 608 | // raw sockets deliver the ipv4, but don't expect it on sends |
609 | // raw sockets deliver the ipv4, but don't expect it on sends |
| 609 | // this is slow, but... |
610 | // this is slow, but... |
| 610 | pkt->skip_hdr (ICMP_OVERHEAD); |
611 | pkt->skip_ipv4_hdr (ICMP_OVERHEAD - IP_OVERHEAD); |
| 611 | |
612 | |
| 612 | recv_vpn_packet (pkt, si); |
613 | recv_vpn_packet (pkt, si); |
| 613 | } |
614 | } |
| 614 | } |
615 | } |
| 615 | else |
616 | else |
| … | |
… | |
| 757 | |
758 | |
| 758 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
759 | for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c) |
| 759 | (*c)->establish_connection (); |
760 | (*c)->establish_connection (); |
| 760 | } |
761 | } |
| 761 | |
762 | |
|
|
763 | bool |
| 762 | bool vpn::can_direct (conf_node *src, conf_node *dst) const |
764 | vpn::can_direct (conf_node *src, conf_node *dst) const |
| 763 | { |
765 | { |
| 764 | return src != dst |
766 | return src != dst |
| 765 | && src->may_direct (dst) |
767 | && src->may_direct (dst) |
| 766 | && dst->may_direct (src) |
768 | && dst->may_direct (src) |
| 767 | && (((src->protocols & dst->protocols) && src->connectmode == conf_node::C_ALWAYS) |
769 | && (((src->protocols & dst->protocols) && src->connectmode == conf_node::C_ALWAYS) |
| 768 | || (src->protocols & dst->connectable_protocols ())); |
770 | || (src->protocols & dst->connectable_protocols ())); |
| 769 | } |
771 | } |
| 770 | |
772 | |
| 771 | // only works for indirect and routed connections: find a router |
773 | // only works for indirect and routed connections: find a router |
| 772 | // from THISNODE to dst |
774 | // from THISNODE to dst |
|
|
775 | connection * |
| 773 | connection *vpn::find_router_for (const connection *dst) |
776 | vpn::find_router_for (const connection *dst) |
| 774 | { |
777 | { |
| 775 | connection *router = 0; |
778 | connection *router = 0; |
| 776 | |
779 | |
| 777 | // first try to find a router with a direct connection, route there |
780 | // first try to find a router with a direct connection, route there |
| 778 | // regardless of any other considerations. |
781 | // regardless of any other considerations. |
| … | |
… | |
| 817 | } |
820 | } |
| 818 | |
821 | |
| 819 | return router; |
822 | return router; |
| 820 | } |
823 | } |
| 821 | |
824 | |
|
|
825 | void |
| 822 | void vpn::connection_established (connection *c) |
826 | vpn::connection_established (connection *c) |
| 823 | { |
827 | { |
| 824 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
828 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
| 825 | { |
829 | { |
| 826 | connection *o = *i; |
830 | connection *o = *i; |
| 827 | |
831 | |
| … | |
… | |
| 835 | o->rekey (); |
839 | o->rekey (); |
| 836 | } |
840 | } |
| 837 | } |
841 | } |
| 838 | } |
842 | } |
| 839 | |
843 | |
|
|
844 | void |
| 840 | void vpn::send_connect_request (connection *c) |
845 | vpn::send_connect_request (connection *c) |
| 841 | { |
846 | { |
| 842 | connection *r = find_router_for (c); |
847 | connection *r = find_router_for (c); |
| 843 | |
848 | |
| 844 | if (r) |
849 | if (r) |
| 845 | { |
850 | { |
