3 Copyright (C) 1998-2005 Ivo Timmermans,
4 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
5 2006 Scott Lamb <slamb@slamb.org>
6 2010 Brandon Black <blblack@gmail.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 #include "connection.h"
47 static io_t device_io
;
54 proxytype_t proxytype
;
56 bool disablebuggypeers
;
58 char *scriptinterpreter
;
59 char *scriptextension
;
61 bool node_read_ecdsa_public_key(node_t
*n
) {
62 if(ecdsa_active(n
->ecdsa
))
65 splay_tree_t
*config_tree
;
70 init_configuration(&config_tree
);
71 if(!read_host_config(config_tree
, n
->name
))
74 /* First, check for simple ECDSAPublicKey statement */
76 if(get_config_string(lookup_config(config_tree
, "ECDSAPublicKey"), &p
)) {
77 n
->ecdsa
= ecdsa_set_base64_public_key(p
);
82 /* Else, check for ECDSAPublicKeyFile statement and read it */
84 if(!get_config_string(lookup_config(config_tree
, "ECDSAPublicKeyFile"), &pubname
))
85 xasprintf(&pubname
, "%s" SLASH
"hosts" SLASH
"%s", confbase
, n
->name
);
87 fp
= fopen(pubname
, "r");
92 n
->ecdsa
= ecdsa_read_pem_public_key(fp
);
96 exit_configuration(&config_tree
);
101 bool read_ecdsa_public_key(connection_t
*c
) {
102 if(ecdsa_active(c
->ecdsa
))
109 if(!c
->config_tree
) {
110 init_configuration(&c
->config_tree
);
111 if(!read_host_config(c
->config_tree
, c
->name
))
115 /* First, check for simple ECDSAPublicKey statement */
117 if(get_config_string(lookup_config(c
->config_tree
, "ECDSAPublicKey"), &p
)) {
118 c
->ecdsa
= ecdsa_set_base64_public_key(p
);
123 /* Else, check for ECDSAPublicKeyFile statement and read it */
125 if(!get_config_string(lookup_config(c
->config_tree
, "ECDSAPublicKeyFile"), &fname
))
126 xasprintf(&fname
, "%s" SLASH
"hosts" SLASH
"%s", confbase
, c
->name
);
128 fp
= fopen(fname
, "r");
131 logger(DEBUG_ALWAYS
, LOG_ERR
, "Error reading ECDSA public key file `%s': %s",
132 fname
, strerror(errno
));
137 c
->ecdsa
= ecdsa_read_pem_public_key(fp
);
141 logger(DEBUG_ALWAYS
, LOG_ERR
, "Parsing ECDSA public key file `%s' failed.", fname
);
146 bool read_rsa_public_key(connection_t
*c
) {
147 if(ecdsa_active(c
->ecdsa
))
154 /* First, check for simple PublicKey statement */
156 if(get_config_string(lookup_config(c
->config_tree
, "PublicKey"), &n
)) {
157 c
->rsa
= rsa_set_hex_public_key(n
, "FFFF");
162 /* Else, check for PublicKeyFile statement and read it */
164 if(!get_config_string(lookup_config(c
->config_tree
, "PublicKeyFile"), &fname
))
165 xasprintf(&fname
, "%s" SLASH
"hosts" SLASH
"%s", confbase
, c
->name
);
167 fp
= fopen(fname
, "r");
170 logger(DEBUG_ALWAYS
, LOG_ERR
, "Error reading RSA public key file `%s': %s", fname
, strerror(errno
));
175 c
->rsa
= rsa_read_pem_public_key(fp
);
179 logger(DEBUG_ALWAYS
, LOG_ERR
, "Reading RSA public key file `%s' failed: %s", fname
, strerror(errno
));
184 static bool read_ecdsa_private_key(void) {
188 /* Check for PrivateKeyFile statement and read it */
190 if(!get_config_string(lookup_config(config_tree
, "ECDSAPrivateKeyFile"), &fname
))
191 xasprintf(&fname
, "%s" SLASH
"ecdsa_key.priv", confbase
);
193 fp
= fopen(fname
, "r");
196 logger(DEBUG_ALWAYS
, LOG_ERR
, "Error reading ECDSA private key file `%s': %s", fname
, strerror(errno
));
198 logger(DEBUG_ALWAYS
, LOG_INFO
, "Create an ECDSA keypair with `tinc -n %s generate-ecdsa-keys'.", netname
?: ".");
203 #if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
206 if(fstat(fileno(fp
), &s
)) {
207 logger(DEBUG_ALWAYS
, LOG_ERR
, "Could not stat ECDSA private key file `%s': %s'", fname
, strerror(errno
));
212 if(s
.st_mode
& ~0100700)
213 logger(DEBUG_ALWAYS
, LOG_WARNING
, "Warning: insecure file permissions for ECDSA private key file `%s'!", fname
);
216 myself
->connection
->ecdsa
= ecdsa_read_pem_private_key(fp
);
219 if(!myself
->connection
->ecdsa
)
220 logger(DEBUG_ALWAYS
, LOG_ERR
, "Reading ECDSA private key file `%s' failed: %s", fname
, strerror(errno
));
222 return myself
->connection
->ecdsa
;
225 static bool read_invitation_key(void) {
230 ecdsa_free(invitation_key
);
231 invitation_key
= NULL
;
234 xasprintf(&fname
, "%s" SLASH
"invitations" SLASH
"ecdsa_key.priv", confbase
);
236 fp
= fopen(fname
, "r");
239 invitation_key
= ecdsa_read_pem_private_key(fp
);
242 logger(DEBUG_ALWAYS
, LOG_ERR
, "Reading ECDSA private key file `%s' failed: %s", fname
, strerror(errno
));
246 return invitation_key
;
249 static bool read_rsa_private_key(void) {
254 /* First, check for simple PrivateKey statement */
256 if(get_config_string(lookup_config(config_tree
, "PrivateKey"), &d
)) {
257 if(!get_config_string(lookup_config(config_tree
, "PublicKey"), &n
)) {
258 logger(DEBUG_ALWAYS
, LOG_ERR
, "PrivateKey used but no PublicKey found!");
262 myself
->connection
->rsa
= rsa_set_hex_private_key(n
, "FFFF", d
);
265 return myself
->connection
->rsa
;
268 /* Else, check for PrivateKeyFile statement and read it */
270 if(!get_config_string(lookup_config(config_tree
, "PrivateKeyFile"), &fname
))
271 xasprintf(&fname
, "%s" SLASH
"rsa_key.priv", confbase
);
273 fp
= fopen(fname
, "r");
276 logger(DEBUG_ALWAYS
, LOG_ERR
, "Error reading RSA private key file `%s': %s",
277 fname
, strerror(errno
));
282 #if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
285 if(fstat(fileno(fp
), &s
)) {
286 logger(DEBUG_ALWAYS
, LOG_ERR
, "Could not stat RSA private key file `%s': %s'", fname
, strerror(errno
));
291 if(s
.st_mode
& ~0100700)
292 logger(DEBUG_ALWAYS
, LOG_WARNING
, "Warning: insecure file permissions for RSA private key file `%s'!", fname
);
295 myself
->connection
->rsa
= rsa_read_pem_private_key(fp
);
298 if(!myself
->connection
->rsa
)
299 logger(DEBUG_ALWAYS
, LOG_ERR
, "Reading RSA private key file `%s' failed: %s", fname
, strerror(errno
));
301 return myself
->connection
->rsa
;
304 static timeout_t keyexpire_timeout
;
306 static void keyexpire_handler(void *data
) {
308 timeout_set(data
, &(struct timeval
){keylifetime
, rand() % 100000});
311 void regenerate_key(void) {
312 logger(DEBUG_STATUS
, LOG_INFO
, "Expiring symmetric keys");
317 Read Subnets from all host config files
319 void load_all_subnets(void) {
324 xasprintf(&dname
, "%s" SLASH
"hosts", confbase
);
325 dir
= opendir(dname
);
327 logger(DEBUG_ALWAYS
, LOG_ERR
, "Could not open %s: %s", dname
, strerror(errno
));
332 while((ent
= readdir(dir
))) {
333 if(!check_id(ent
->d_name
))
336 node_t
*n
= lookup_node(ent
->d_name
);
337 #ifdef _DIRENT_HAVE_D_TYPE
338 //if(ent->d_type != DT_REG)
342 splay_tree_t
*config_tree
;
343 init_configuration(&config_tree
);
344 read_config_options(config_tree
, ent
->d_name
);
345 read_host_config(config_tree
, ent
->d_name
);
349 n
->name
= xstrdup(ent
->d_name
);
353 for(config_t
*cfg
= lookup_config(config_tree
, "Subnet"); cfg
; cfg
= lookup_config_next(config_tree
, cfg
)) {
356 if(!get_config_subnet(cfg
, &s
))
359 if((s2
= lookup_subnet(n
, s
))) {
366 exit_configuration(&config_tree
);
372 void load_all_nodes(void) {
377 xasprintf(&dname
, "%s" SLASH
"hosts", confbase
);
378 dir
= opendir(dname
);
380 logger(DEBUG_ALWAYS
, LOG_ERR
, "Could not open %s: %s", dname
, strerror(errno
));
385 while((ent
= readdir(dir
))) {
386 if(!check_id(ent
->d_name
))
389 node_t
*n
= lookup_node(ent
->d_name
);
394 n
->name
= xstrdup(ent
->d_name
);
402 char *get_name(void) {
405 get_config_string(lookup_config(config_tree
, "Name"), &name
);
411 char *envname
= getenv(name
+ 1);
412 char hostname
[32] = "";
414 if(strcmp(name
+ 1, "HOST")) {
415 logger(DEBUG_ALWAYS
, LOG_ERR
, "Invalid Name: environment variable %s does not exist\n", name
+ 1);
418 if(gethostname(hostname
, sizeof hostname
) || !*hostname
) {
419 logger(DEBUG_ALWAYS
, LOG_ERR
, "Could not get hostname: %s\n", strerror(errno
));
426 name
= xstrdup(envname
);
427 for(char *c
= name
; *c
; c
++)
432 if(!check_id(name
)) {
433 logger(DEBUG_ALWAYS
, LOG_ERR
, "Invalid name for myself!");
441 bool setup_myself_reloadable(void) {
447 char *address
= NULL
;
451 free(scriptinterpreter
);
452 scriptinterpreter
= NULL
;
453 get_config_string(lookup_config(config_tree
, "ScriptsInterpreter"), &scriptinterpreter
);
456 free(scriptextension
);
457 if(!get_config_string(lookup_config(config_tree
, "ScriptsExtension"), &scriptextension
))
458 scriptextension
= xstrdup("");
460 get_config_string(lookup_config(config_tree
, "Proxy"), &proxy
);
462 if((space
= strchr(proxy
, ' ')))
465 if(!strcasecmp(proxy
, "none")) {
466 proxytype
= PROXY_NONE
;
467 } else if(!strcasecmp(proxy
, "socks4")) {
468 proxytype
= PROXY_SOCKS4
;
469 } else if(!strcasecmp(proxy
, "socks4a")) {
470 proxytype
= PROXY_SOCKS4A
;
471 } else if(!strcasecmp(proxy
, "socks5")) {
472 proxytype
= PROXY_SOCKS5
;
473 } else if(!strcasecmp(proxy
, "http")) {
474 proxytype
= PROXY_HTTP
;
475 } else if(!strcasecmp(proxy
, "exec")) {
476 proxytype
= PROXY_EXEC
;
478 logger(DEBUG_ALWAYS
, LOG_ERR
, "Unknown proxy type %s!", proxy
);
488 if(!space
|| !*space
) {
489 logger(DEBUG_ALWAYS
, LOG_ERR
, "Argument expected for proxy type exec!");
492 proxyhost
= xstrdup(space
);
500 if(space
&& (space
= strchr(space
, ' ')))
501 *space
++ = 0, proxyport
= space
;
502 if(space
&& (space
= strchr(space
, ' ')))
503 *space
++ = 0, proxyuser
= space
;
504 if(space
&& (space
= strchr(space
, ' ')))
505 *space
++ = 0, proxypass
= space
;
506 if(!proxyhost
|| !*proxyhost
|| !proxyport
|| !*proxyport
) {
507 logger(DEBUG_ALWAYS
, LOG_ERR
, "Host and port argument expected for proxy!");
510 proxyhost
= xstrdup(proxyhost
);
511 proxyport
= xstrdup(proxyport
);
512 if(proxyuser
&& *proxyuser
)
513 proxyuser
= xstrdup(proxyuser
);
514 if(proxypass
&& *proxypass
)
515 proxypass
= xstrdup(proxypass
);
522 if(get_config_bool(lookup_config(config_tree
, "IndirectData"), &choice
) && choice
)
523 myself
->options
|= OPTION_INDIRECT
;
525 if(get_config_bool(lookup_config(config_tree
, "TCPOnly"), &choice
) && choice
)
526 myself
->options
|= OPTION_TCPONLY
;
528 if(myself
->options
& OPTION_TCPONLY
)
529 myself
->options
|= OPTION_INDIRECT
;
531 get_config_bool(lookup_config(config_tree
, "DirectOnly"), &directonly
);
532 get_config_bool(lookup_config(config_tree
, "LocalDiscovery"), &localdiscovery
);
534 memset(&localdiscovery_address
, 0, sizeof localdiscovery_address
);
535 if(get_config_string(lookup_config(config_tree
, "LocalDiscoveryAddress"), &address
)) {
536 struct addrinfo
*ai
= str2addrinfo(address
, myport
, SOCK_DGRAM
);
540 memcpy(&localdiscovery_address
, ai
->ai_addr
, ai
->ai_addrlen
);
544 if(get_config_string(lookup_config(config_tree
, "Mode"), &rmode
)) {
545 if(!strcasecmp(rmode
, "router"))
546 routing_mode
= RMODE_ROUTER
;
547 else if(!strcasecmp(rmode
, "switch"))
548 routing_mode
= RMODE_SWITCH
;
549 else if(!strcasecmp(rmode
, "hub"))
550 routing_mode
= RMODE_HUB
;
552 logger(DEBUG_ALWAYS
, LOG_ERR
, "Invalid routing mode!");
558 if(get_config_string(lookup_config(config_tree
, "Forwarding"), &fmode
)) {
559 if(!strcasecmp(fmode
, "off"))
560 forwarding_mode
= FMODE_OFF
;
561 else if(!strcasecmp(fmode
, "internal"))
562 forwarding_mode
= FMODE_INTERNAL
;
563 else if(!strcasecmp(fmode
, "kernel"))
564 forwarding_mode
= FMODE_KERNEL
;
566 logger(DEBUG_ALWAYS
, LOG_ERR
, "Invalid forwarding mode!");
573 get_config_bool(lookup_config(config_tree
, "PMTUDiscovery"), &choice
);
575 myself
->options
|= OPTION_PMTU_DISCOVERY
;
578 get_config_bool(lookup_config(config_tree
, "ClampMSS"), &choice
);
580 myself
->options
|= OPTION_CLAMP_MSS
;
582 get_config_bool(lookup_config(config_tree
, "PriorityInheritance"), &priorityinheritance
);
583 get_config_bool(lookup_config(config_tree
, "DecrementTTL"), &decrement_ttl
);
584 if(get_config_string(lookup_config(config_tree
, "Broadcast"), &bmode
)) {
585 if(!strcasecmp(bmode
, "no"))
586 broadcast_mode
= BMODE_NONE
;
587 else if(!strcasecmp(bmode
, "yes") || !strcasecmp(bmode
, "mst"))
588 broadcast_mode
= BMODE_MST
;
589 else if(!strcasecmp(bmode
, "direct"))
590 broadcast_mode
= BMODE_DIRECT
;
592 logger(DEBUG_ALWAYS
, LOG_ERR
, "Invalid broadcast mode!");
598 #if !defined(SOL_IP) || !defined(IP_TOS)
599 if(priorityinheritance
)
600 logger(DEBUG_ALWAYS
, LOG_WARNING
, "%s not supported on this platform", "PriorityInheritance");
603 if(!get_config_int(lookup_config(config_tree
, "MACExpire"), &macexpire
))
606 if(get_config_int(lookup_config(config_tree
, "MaxTimeout"), &maxtimeout
)) {
607 if(maxtimeout
<= 0) {
608 logger(DEBUG_ALWAYS
, LOG_ERR
, "Bogus maximum timeout!");
614 if(get_config_string(lookup_config(config_tree
, "AddressFamily"), &afname
)) {
615 if(!strcasecmp(afname
, "IPv4"))
616 addressfamily
= AF_INET
;
617 else if(!strcasecmp(afname
, "IPv6"))
618 addressfamily
= AF_INET6
;
619 else if(!strcasecmp(afname
, "any"))
620 addressfamily
= AF_UNSPEC
;
622 logger(DEBUG_ALWAYS
, LOG_ERR
, "Invalid address family!");
628 get_config_bool(lookup_config(config_tree
, "Hostnames"), &hostnames
);
630 if(!get_config_int(lookup_config(config_tree
, "KeyExpire"), &keylifetime
))
633 get_config_int(lookup_config(config_tree
, "AutoConnect"), &autoconnect
);
637 get_config_bool(lookup_config(config_tree
, "DisableBuggyPeers"), &disablebuggypeers
);
639 read_invitation_key();
645 Add listening sockets.
647 static bool add_listen_address(char *address
, bool bindto
) {
651 char *space
= strchr(address
, ' ');
657 if(!strcmp(address
, "*"))
661 struct addrinfo
*ai
, hint
= {0};
662 hint
.ai_family
= addressfamily
;
663 hint
.ai_socktype
= SOCK_STREAM
;
664 hint
.ai_protocol
= IPPROTO_TCP
;
665 hint
.ai_flags
= AI_PASSIVE
;
667 int err
= getaddrinfo(address
&& *address
? address
: NULL
, port
, &hint
, &ai
);
671 logger(DEBUG_ALWAYS
, LOG_ERR
, "System call `%s' failed: %s", "getaddrinfo", err
== EAI_SYSTEM
? strerror(err
) : gai_strerror(err
));
675 for(struct addrinfo
*aip
= ai
; aip
; aip
= aip
->ai_next
) {
676 // Ignore duplicate addresses
679 for(int i
= 0; i
< listen_sockets
; i
++)
680 if(!memcmp(&listen_socket
[i
].sa
, aip
->ai_addr
, aip
->ai_addrlen
)) {
688 if(listen_sockets
>= MAXSOCKETS
) {
689 logger(DEBUG_ALWAYS
, LOG_ERR
, "Too many listening sockets");
693 int tcp_fd
= setup_listen_socket((sockaddr_t
*) aip
->ai_addr
);
698 int udp_fd
= setup_vpn_in_socket((sockaddr_t
*) aip
->ai_addr
);
705 io_add(&listen_socket
[listen_sockets
].tcp
, handle_new_meta_connection
, &listen_socket
[listen_sockets
], tcp_fd
, IO_READ
);
706 io_add(&listen_socket
[listen_sockets
].udp
, handle_incoming_vpn_data
, &listen_socket
[listen_sockets
], udp_fd
, IO_READ
);
708 if(debug_level
>= DEBUG_CONNECTIONS
) {
709 char *hostname
= sockaddr2hostname((sockaddr_t
*) aip
->ai_addr
);
710 logger(DEBUG_CONNECTIONS
, LOG_NOTICE
, "Listening on %s", hostname
);
714 listen_socket
[listen_sockets
].bindto
= bindto
;
715 memcpy(&listen_socket
[listen_sockets
].sa
, aip
->ai_addr
, aip
->ai_addrlen
);
724 Configure node_t myself and set up the local sockets (listen only)
726 static bool setup_myself(void) {
727 char *name
, *hostname
, *cipher
, *digest
, *type
;
728 char *address
= NULL
;
729 bool port_specified
= false;
731 if(!(name
= get_name())) {
732 logger(DEBUG_ALWAYS
, LOG_ERR
, "Name for tinc daemon required!");
737 myself
->connection
= new_connection();
739 myself
->connection
->name
= xstrdup(name
);
740 read_host_config(config_tree
, name
);
742 if(!get_config_string(lookup_config(config_tree
, "Port"), &myport
))
743 myport
= xstrdup("655");
745 port_specified
= true;
747 myself
->connection
->options
= 0;
748 myself
->connection
->protocol_major
= PROT_MAJOR
;
749 myself
->connection
->protocol_minor
= PROT_MINOR
;
751 myself
->options
|= PROT_MINOR
<< 24;
753 if(!get_config_bool(lookup_config(config_tree
, "ExperimentalProtocol"), &experimental
)) {
754 experimental
= read_ecdsa_private_key();
756 logger(DEBUG_ALWAYS
, LOG_WARNING
, "Support for SPTPS disabled.");
758 if(experimental
&& !read_ecdsa_private_key())
762 if(!read_rsa_private_key())
765 /* Ensure myport is numeric */
768 struct addrinfo
*ai
= str2addrinfo("localhost", myport
, SOCK_DGRAM
);
770 if(!ai
|| !ai
->ai_addr
)
773 memcpy(&sa
, ai
->ai_addr
, ai
->ai_addrlen
);
774 sockaddr2str(&sa
, NULL
, &myport
);
777 /* Read in all the subnets specified in the host configuration file */
779 for(config_t
*cfg
= lookup_config(config_tree
, "Subnet"); cfg
; cfg
= lookup_config_next(config_tree
, cfg
)) {
782 if(!get_config_subnet(cfg
, &subnet
))
785 subnet_add(myself
, subnet
);
788 /* Check some options */
790 if(!setup_myself_reloadable())
793 get_config_bool(lookup_config(config_tree
, "StrictSubnets"), &strictsubnets
);
794 get_config_bool(lookup_config(config_tree
, "TunnelServer"), &tunnelserver
);
795 strictsubnets
|= tunnelserver
;
797 if(get_config_int(lookup_config(config_tree
, "MaxConnectionBurst"), &max_connection_burst
)) {
798 if(max_connection_burst
<= 0) {
799 logger(DEBUG_ALWAYS
, LOG_ERR
, "MaxConnectionBurst cannot be negative!");
804 if(get_config_int(lookup_config(config_tree
, "UDPRcvBuf"), &udp_rcvbuf
)) {
805 if(udp_rcvbuf
<= 0) {
806 logger(DEBUG_ALWAYS
, LOG_ERR
, "UDPRcvBuf cannot be negative!");
811 if(get_config_int(lookup_config(config_tree
, "UDPSndBuf"), &udp_sndbuf
)) {
812 if(udp_sndbuf
<= 0) {
813 logger(DEBUG_ALWAYS
, LOG_ERR
, "UDPSndBuf cannot be negative!");
819 if(get_config_int(lookup_config(config_tree
, "ReplayWindow"), &replaywin_int
)) {
820 if(replaywin_int
< 0) {
821 logger(DEBUG_ALWAYS
, LOG_ERR
, "ReplayWindow cannot be negative!");
824 replaywin
= (unsigned)replaywin_int
;
825 sptps_replaywin
= replaywin
;
828 /* Generate packet encryption key */
830 if(!get_config_string(lookup_config(config_tree
, "Cipher"), &cipher
))
831 cipher
= xstrdup("blowfish");
833 if(!strcasecmp(cipher
, "none")) {
834 myself
->incipher
= NULL
;
835 } else if(!(myself
->incipher
= cipher_open_by_name(cipher
))) {
836 logger(DEBUG_ALWAYS
, LOG_ERR
, "Unrecognized cipher type!");
842 timeout_add(&keyexpire_timeout
, keyexpire_handler
, &keyexpire_timeout
, &(struct timeval
){keylifetime
, rand() % 100000});
844 /* Check if we want to use message authentication codes... */
847 get_config_int(lookup_config(config_tree
, "MACLength"), &maclength
);
850 logger(DEBUG_ALWAYS
, LOG_ERR
, "Bogus MAC length!");
854 if(!get_config_string(lookup_config(config_tree
, "Digest"), &digest
))
855 digest
= xstrdup("sha1");
857 if(!strcasecmp(digest
, "none")) {
858 myself
->indigest
= NULL
;
859 } else if(!(myself
->indigest
= digest_open_by_name(digest
, maclength
))) {
860 logger(DEBUG_ALWAYS
, LOG_ERR
, "Unrecognized digest type!");
868 if(get_config_int(lookup_config(config_tree
, "Compression"), &myself
->incompression
)) {
869 if(myself
->incompression
< 0 || myself
->incompression
> 11) {
870 logger(DEBUG_ALWAYS
, LOG_ERR
, "Bogus compression level!");
874 myself
->incompression
= 0;
876 myself
->connection
->outcompression
= 0;
880 myself
->nexthop
= myself
;
881 myself
->via
= myself
;
882 myself
->status
.reachable
= true;
883 myself
->last_state_change
= now
.tv_sec
;
884 myself
->status
.sptps
= experimental
;
898 if(get_config_string(lookup_config(config_tree
, "DeviceType"), &type
)) {
899 if(!strcasecmp(type
, "dummy"))
900 devops
= dummy_devops
;
901 else if(!strcasecmp(type
, "raw_socket"))
902 devops
= raw_socket_devops
;
903 else if(!strcasecmp(type
, "multicast"))
904 devops
= multicast_devops
;
906 else if(!strcasecmp(type
, "uml"))
910 else if(!strcasecmp(type
, "vde"))
919 io_add(&device_io
, handle_device_data
, NULL
, device_fd
, IO_READ
);
923 if(!do_detach
&& getenv("LISTEN_FDS")) {
927 listen_sockets
= atoi(getenv("LISTEN_FDS"));
929 unsetenv("LISTEN_FDS");
932 if(listen_sockets
> MAXSOCKETS
) {
933 logger(DEBUG_ALWAYS
, LOG_ERR
, "Too many listening sockets");
937 for(int i
= 0; i
< listen_sockets
; i
++) {
939 if(getsockname(i
+ 3, &sa
.sa
, &salen
) < 0) {
940 logger(DEBUG_ALWAYS
, LOG_ERR
, "Could not get address of listen fd %d: %s", i
+ 3, sockstrerror(errno
));
945 fcntl(i
+ 3, F_SETFD
, FD_CLOEXEC
);
948 int udp_fd
= setup_vpn_in_socket(&sa
);
952 io_add(&listen_socket
[i
].tcp
, (io_cb_t
)handle_new_meta_connection
, &listen_socket
[i
], i
+ 3, IO_READ
);
953 io_add(&listen_socket
[i
].udp
, (io_cb_t
)handle_incoming_vpn_data
, &listen_socket
[i
], udp_fd
, IO_READ
);
955 if(debug_level
>= DEBUG_CONNECTIONS
) {
956 hostname
= sockaddr2hostname(&sa
);
957 logger(DEBUG_CONNECTIONS
, LOG_NOTICE
, "Listening on %s", hostname
);
961 memcpy(&listen_socket
[i
].sa
, &sa
, salen
);
967 for(config_t
*cfg
= lookup_config(config_tree
, "BindToAddress"); cfg
; cfg
= lookup_config_next(config_tree
, cfg
)) {
969 get_config_string(cfg
, &address
);
970 if(!add_listen_address(address
, true))
974 for(config_t
*cfg
= lookup_config(config_tree
, "ListenAddress"); cfg
; cfg
= lookup_config_next(config_tree
, cfg
)) {
976 get_config_string(cfg
, &address
);
977 if(!add_listen_address(address
, false))
982 if(!add_listen_address(address
, NULL
))
986 if(!listen_sockets
) {
987 logger(DEBUG_ALWAYS
, LOG_ERR
, "Unable to create any listening socket!");
991 /* If no Port option was specified, set myport to the port used by the first listening socket. */
993 if(!port_specified
) {
995 socklen_t salen
= sizeof sa
;
996 if(!getsockname(listen_socket
[0].udp
.fd
, &sa
.sa
, &salen
)) {
998 sockaddr2str(&sa
, NULL
, &myport
);
1000 myport
= xstrdup("655");
1004 xasprintf(&myself
->hostname
, "MYSELF port %s", myport
);
1005 myself
->connection
->hostname
= xstrdup(myself
->hostname
);
1009 last_config_check
= now
.tv_sec
;
1017 bool setup_network(void) {
1024 if(get_config_int(lookup_config(config_tree
, "PingInterval"), &pinginterval
)) {
1025 if(pinginterval
< 1) {
1026 pinginterval
= 86400;
1031 if(!get_config_int(lookup_config(config_tree
, "PingTimeout"), &pingtimeout
))
1033 if(pingtimeout
< 1 || pingtimeout
> pinginterval
)
1034 pingtimeout
= pinginterval
;
1036 if(!get_config_int(lookup_config(config_tree
, "MaxOutputBufferSize"), &maxoutbufsize
))
1037 maxoutbufsize
= 10 * MTU
;
1045 /* Run tinc-up script to further initialize the tap interface */
1047 char *envp
[5] = {NULL
};
1048 xasprintf(&envp
[0], "NETNAME=%s", netname
? : "");
1049 xasprintf(&envp
[1], "DEVICE=%s", device
? : "");
1050 xasprintf(&envp
[2], "INTERFACE=%s", iface
? : "");
1051 xasprintf(&envp
[3], "NAME=%s", myself
->name
);
1053 execute_script("tinc-up", envp
);
1055 for(int i
= 0; i
< 4; i
++)
1058 /* Run subnet-up scripts for our own subnets */
1060 subnet_update(myself
, NULL
, true);
1066 close all open network connections
1068 void close_network_connections(void) {
1069 for(list_node_t
*node
= connection_list
->head
, *next
; node
; node
= next
) {
1071 connection_t
*c
= node
->data
;
1072 /* Keep control connections open until the end, so they know when we really terminated */
1073 if(c
->status
.control
)
1076 terminate_connection(c
, false);
1080 list_delete_list(outgoing_list
);
1082 if(myself
&& myself
->connection
) {
1083 subnet_update(myself
, NULL
, false);
1084 terminate_connection(myself
->connection
, false);
1085 free_connection(myself
->connection
);
1088 for(int i
= 0; i
< listen_sockets
; i
++) {
1089 io_del(&listen_socket
[i
].tcp
);
1090 io_del(&listen_socket
[i
].udp
);
1091 close(listen_socket
[i
].tcp
.fd
);
1092 close(listen_socket
[i
].udp
.fd
);
1095 char *envp
[5] = {NULL
};
1096 xasprintf(&envp
[0], "NETNAME=%s", netname
? : "");
1097 xasprintf(&envp
[1], "DEVICE=%s", device
? : "");
1098 xasprintf(&envp
[2], "INTERFACE=%s", iface
? : "");
1099 xasprintf(&envp
[3], "NAME=%s", myself
->name
);
1107 execute_script("tinc-down", envp
);
1109 if(myport
) free(myport
);
1111 for(int i
= 0; i
< 4; i
++)