Tons of "Failed to decrypt and verify packet"

Guus Sliepen guus at tinc-vpn.org
Mon Apr 7 21:58:04 CEST 2014


On Mon, Apr 07, 2014 at 02:36:10AM +0200, Julien Muchembled wrote:

> So I continued to bisect.
> Commit 0da0728 ("Use AES-256-GCM for the SPTPS protocol") is really the first bad commit.

Not unexpected. Thanks for doing the bisection!

> Le 04/07/14 01:50, Pedro Côrte-Real a écrit :
> > Looking at the code I see:
> > 
> > fd = accept(sock, &sa.sa, &len);
> > 
> > where len is actually sizeof(sa) and not sizeof(sa.sa). Is that correct?
> 
> I'd say it does not matter. But probably less confusing to change sizeof(sa) into sizeof(sa.sa)

There is actually a good reason for using sizeof(sa) here, and that is that
sizeof(sa.sa) is the same as sizeof(struct sockaddr), and that is actually not
guaranteed to be big enough to hold any type of address. The sockaddr_t is a
union of all possible struct sockaddr_* types, and is therefore always big
enough to hold whatever accept() or getsockname() might want to return.

See also: https://stackoverflow.com/questions/16010622/reasoning-behind-c-sockets-sockaddr-and-sockaddr-storage

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140407/557a4b81/attachment.sig>


More information about the tinc mailing list