mainloop.c
2
* OpenConnect (SSL + DTLS) VPN client
4
* Copyright © 2008-2011 Intel Corporation.
6
7
8
* Author: David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
9
* modify it under the terms of the GNU Lesser General Public License
10
* version 2.1, as published by the Free Software Foundation.
12
* This program is distributed in the hope that it will be useful, but
13
14
15
16
17
18
19
20
21
22
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to:
*
* Free Software Foundation, Inc.
* 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA
23
24
25
26
27
28
*/
#include <errno.h>
#include <poll.h>
#include <limits.h>
#include <sys/select.h>
29
#include <stdlib.h>
30
#include <signal.h>
31
#include <unistd.h>
32
#include <string.h>
34
#include "openconnect-internal.h"
36
void queue_packet(struct pkt **q, struct pkt *new)
37
38
39
40
{
while (*q)
q = &(*q)->next;
41
42
43
44
new->next = NULL;
*q = new;
}
45
int queue_new_packet(struct pkt **q, void *buf, int len)
47
48
struct pkt *new = malloc(sizeof(struct pkt) + len);
if (!new)
49
50
return -ENOMEM;
51
52
53
54
new->len = len;
new->next = NULL;
memcpy(new->data, buf, len);
queue_packet(q, new);
55
56
57
return 0;
}
58
int killed;
59
60
61
static void handle_sigint(int sig)
{
62
killed = sig;
65
int vpn_mainloop(struct openconnect_info *vpninfo)
67
68
69
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sa.sa_handler = handle_sigint;
71
sigaction(SIGTERM, &sa, NULL);
72
sigaction(SIGINT, &sa, NULL);
73
74
sigaction(SIGHUP, &sa, NULL);
75
while (!vpninfo->quit_reason) {
76
77
int did_work = 0;
int timeout = INT_MAX;
78
79
struct timeval tv;
fd_set rfds, wfds, efds;
81
#ifdef HAVE_DTLS
82
83
84
if (vpninfo->new_dtls_ssl)
dtls_try_handshake(vpninfo);
85
if (vpninfo->dtls_attempt_period && !vpninfo->dtls_ssl && !vpninfo->new_dtls_ssl &&
86
vpninfo->new_dtls_started + vpninfo->dtls_attempt_period < time(NULL)) {
87
vpn_progress(vpninfo, PRG_TRACE, _("Attempt new DTLS connection\n"));
88
89
90
connect_dtls_socket(vpninfo);
}
if (vpninfo->dtls_ssl)
91
did_work += dtls_mainloop(vpninfo, &timeout);
93
94
95
if (vpninfo->quit_reason)
break;
96
did_work += cstp_mainloop(vpninfo, &timeout);
97
98
if (vpninfo->quit_reason)
break;
99
100
101
/* Tun must be last because it will set/clear its bit
in the select_rfds according to the queue length */
102
103
104
105
106
107
108
109
110
111
112
113
114
115
did_work += tun_mainloop(vpninfo, &timeout);
if (vpninfo->quit_reason)
break;
if (killed) {
if (killed == SIGHUP)
vpninfo->quit_reason = "Client received SIGHUP";
else if (killed == SIGINT)
vpninfo->quit_reason = "Client received SIGINT";
else
vpninfo->quit_reason = "Client killed";
break;
}
116
117
118
if (did_work)
continue;
119
vpn_progress(vpninfo, PRG_TRACE,
120
_("No work to do; sleeping for %d ms...\n"), timeout);
121
122
123
124
125
memcpy(&rfds, &vpninfo->select_rfds, sizeof(rfds));
memcpy(&wfds, &vpninfo->select_wfds, sizeof(wfds));
memcpy(&efds, &vpninfo->select_efds, sizeof(efds));
tv.tv_sec = timeout / 1000;
126
tv.tv_usec = (timeout % 1000) * 1000;
127
128
select(vpninfo->select_nfds, &rfds, &wfds, &efds, &tv);
131
cstp_bye(vpninfo, vpninfo->quit_reason);
133
shutdown_tun(vpninfo);
134
135
return 0;
}
137
138
/* Called when the socket is unwritable, to get the deadline for DPD.
Returns 1 if DPD deadline has already arrived. */
139
int ka_stalled_action(struct keepalive_info *ka, int *timeout)
141
142
143
144
145
146
147
148
149
150
151
time_t due, now = time(NULL);
if (ka->rekey) {
due = ka->last_rekey + ka->rekey;
if (now >= due)
return KA_REKEY;
if (*timeout > (due - now) * 1000)
*timeout = (due - now) * 1000;
}
153
if (!ka->dpd)
154
return KA_NONE;
155
156
157
158
due = ka->last_rx + (2 * ka->dpd);
if (now > due)
159
return KA_DPD_DEAD;
160
161
162
163
if (*timeout > (due - now) * 1000)
*timeout = (due - now) * 1000;
164
return KA_NONE;
165
166
167
}
168
int keepalive_action(struct keepalive_info *ka, int *timeout)
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
{
time_t now = time(NULL);
if (ka->rekey) {
time_t due = ka->last_rekey + ka->rekey;
if (now >= due)
return KA_REKEY;
if (*timeout > (due - now) * 1000)
*timeout = (due - now) * 1000;
}
/* DPD is bidirectional -- PKT 3 out, PKT 4 back */
if (ka->dpd) {
time_t due = ka->last_rx + ka->dpd;
time_t overdue = ka->last_rx + (2 * ka->dpd);
/* Peer didn't respond */
if (now > overdue)
return KA_DPD_DEAD;
/* If we already have DPD outstanding, don't flood. Repeat by
all means, but only after half the DPD period. */
if (ka->last_dpd > ka->last_rx)
due = ka->last_dpd + ka->dpd / 2;
/* We haven't seen a packet from this host for $DPD seconds.
Prod it to see if it's still alive */
if (now >= due) {
ka->last_dpd = now;
return KA_DPD;
}
if (*timeout > (due - now) * 1000)
*timeout = (due - now) * 1000;
}
/* Keepalive is just client -> server */
if (ka->keepalive) {
time_t due = ka->last_tx + ka->keepalive;
/* If we haven't sent anything for $KEEPALIVE seconds, send a
dummy packet (which the server will discard) */
if (now >= due)
return KA_KEEPALIVE;
if (*timeout > (due - now) * 1000)
*timeout = (due - now) * 1000;
}
return KA_NONE;
}