mainloop.c

   1 /*
   2  * OpenConnect (SSL + DTLS) VPN client
   3  *
   4  * Copyright © 2008 Intel Corporation.
   5  *
   6  * Author: David Woodhouse <dwmw2@infradead.org>
   7  *
   8  * This program is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * version 2.1, as published by the Free Software Foundation.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * Lesser General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Lesser General Public
  18  * License along with this library; if not, write to:
  19  *
  20  *   Free Software Foundation, Inc.
  21  *   51 Franklin Street, Fifth Floor,
  22  *   Boston, MA 02110-1301 USA
  23  */
  24
  25 #include <errno.h>
  26 #include <poll.h>
  27 #include <limits.h>
  28 #include <sys/select.h>
  29 #include <signal.h>
  30 #include <arpa/inet.h>
  31 #include <unistd.h>
  32 #include <string.h>
  33
  34 #include <openssl/ssl.h>
  35
  36 #include "openconnect.h"
  37
  38 void queue_packet(struct pkt **q, struct pkt *new)
  39 {
  40         while (*q)
  41                 q = &(*q)->next;
  42
  43         new->next = NULL;
  44         *q = new;
  45 }
  46
  47 int queue_new_packet(struct pkt **q, int type, void *buf, int len)
  48 {
  49         struct pkt *new = malloc(sizeof(struct pkt) + len);
  50         if (!new)
  51                 return -ENOMEM;
  52
  53         new->type = type;
  54         new->len = len;
  55         new->next = NULL;
  56         memcpy(new->data, buf, len);
  57         queue_packet(q, new);
  58         return 0;
  59 }
  60
  61 int killed;
  62
  63 static void handle_sigint(int sig)
  64 {
  65         killed = sig;
  66 }
  67
  68 int vpn_mainloop(struct openconnect_info *vpninfo)
  69 {
  70         struct sigaction sa;
  71         memset(&sa, 0, sizeof(sa));
  72         sa.sa_handler = handle_sigint;
  73
  74         sigaction(SIGTERM, &sa, NULL);
  75         sigaction(SIGINT, &sa, NULL);
  76         sigaction(SIGHUP, &sa, NULL);
  77
  78         while (!vpninfo->quit_reason) {
  79                 int did_work = 0;
  80                 int timeout = INT_MAX;
  81                 struct timeval tv;
  82                 fd_set rfds, wfds, efds;
  83
  84 #ifdef SSL_F_DTLS1_CONNECT
  85                 if (vpninfo->new_dtls_ssl)
  86                         dtls_try_handshake(vpninfo);
  87
  88                 if (vpninfo->dtls_attempt_period && !vpninfo->dtls_ssl && !vpninfo->new_dtls_ssl &&
  89                     vpninfo->new_dtls_started + vpninfo->dtls_attempt_period < time(NULL)) {
  90                         vpninfo->progress(vpninfo, PRG_TRACE, "Attempt new DTLS connection\n");
  91                         connect_dtls_socket(vpninfo);
  92                 }
  93                 if (vpninfo->dtls_ssl)
  94                         did_work += dtls_mainloop(vpninfo, &timeout);
  95 #endif
  96                 if (vpninfo->quit_reason)
  97                         break;
  98
  99                 did_work += cstp_mainloop(vpninfo, &timeout);
 100                 if (vpninfo->quit_reason)
 101                         break;
 102
 103                 /* Tun must be last because it will set/clear its bit
 104                    in the select_rfds according to the queue length */
 105                 did_work += tun_mainloop(vpninfo, &timeout);
 106                 if (vpninfo->quit_reason)
 107                         break;
 108
 109                 if (killed) {
 110                         if (killed == SIGHUP)
 111                                 vpninfo->quit_reason = "Client received SIGHUP";
 112                         else if (killed == SIGINT)
 113                                 vpninfo->quit_reason = "Client received SIGINT";
 114                         else
 115                                 vpninfo->quit_reason = "Client killed";
 116                         break;
 117                 }
 118
 119                 if (did_work)
 120                         continue;
 121
 122                 vpninfo->progress(vpninfo, PRG_TRACE,
 123                                   "Did no work; sleeping for %d ms...\n", timeout);
 124                 memcpy(&rfds, &vpninfo->select_rfds, sizeof(rfds));
 125                 memcpy(&wfds, &vpninfo->select_wfds, sizeof(wfds));
 126                 memcpy(&efds, &vpninfo->select_efds, sizeof(efds));
 127
 128                 tv.tv_sec = timeout / 1000;
 129                 tv.tv_usec = (timeout % 1000) * 1000;
 130
 131                 select(vpninfo->select_nfds, &rfds, &wfds, &efds, &tv);
 132         }
 133
 134         cstp_bye(vpninfo, vpninfo->quit_reason);
 135
 136         if (vpninfo->vpnc_script) {
 137                 if (vpninfo->script_tun) {
 138                         kill(vpninfo->script_tun, SIGHUP);
 139                         close(vpninfo->tun_fd);
 140                 } else {
 141                         setenv("TUNDEV", vpninfo->ifname, 1);
 142                         setenv("reason", "disconnect", 1);
 143                         system(vpninfo->vpnc_script);
 144                 }
 145         }
 146
 147         return 0;
 148 }
 149
 150 /* Called when the socket is unwritable, to get the deadline for DPD.
 151    Returns 1 if DPD deadline has already arrived. */
 152 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout)
 153 {
 154         time_t now, due;
 155
 156         if (!ka->dpd)
 157                 return 0;
 158
 159         time(&now);
 160         due = ka->last_rx + (2 * ka->dpd);
 161
 162         if (now > due)
 163                 return 1;
 164
 165         if (*timeout > (due - now) * 1000)
 166                 *timeout = (due - now) * 1000;
 167
 168         return 0;
 169 }
 170
 171
 172 int keepalive_action(struct keepalive_info *ka, int *timeout)
 173 {
 174         time_t now = time(NULL);
 175
 176         if (ka->rekey) {
 177                 time_t due = ka->last_rekey + ka->rekey;
 178
 179                 if (now >= due)
 180                         return KA_REKEY;
 181
 182                 if (*timeout > (due - now) * 1000)
 183                         *timeout = (due - now) * 1000;
 184         }
 185
 186         /* DPD is bidirectional -- PKT 3 out, PKT 4 back */
 187         if (ka->dpd) {
 188                 time_t due = ka->last_rx + ka->dpd;
 189                 time_t overdue = ka->last_rx + (2 * ka->dpd);
 190
 191                 /* Peer didn't respond */
 192                 if (now > overdue)
 193                         return KA_DPD_DEAD;
 194
 195                 /* If we already have DPD outstanding, don't flood. Repeat by
 196                    all means, but only after half the DPD period. */
 197                 if (ka->last_dpd > ka->last_rx)
 198                         due = ka->last_dpd + ka->dpd / 2;
 199
 200                 /* We haven't seen a packet from this host for $DPD seconds.
 201                    Prod it to see if it's still alive */
 202                 if (now >= due) {
 203                         ka->last_dpd = now;
 204                         return KA_DPD;
 205                 }
 206                 if (*timeout > (due - now) * 1000)
 207                         *timeout = (due - now) * 1000;
 208         }
 209
 210         /* Keepalive is just client -> server */
 211         if (ka->keepalive) {
 212                 time_t due = ka->last_tx + ka->keepalive;
 213
 214                 /* If we haven't sent anything for $KEEPALIVE seconds, send a
 215                    dummy packet (which the server will discard) */
 216                 if (now >= due)
 217                         return KA_KEEPALIVE;
 218
 219                 if (*timeout > (due - now) * 1000)
 220                         *timeout = (due - now) * 1000;
 221         }
 222
 223         return KA_NONE;
 224 }