/*
protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2009 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2010 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "splay_tree.h"
#include "conf.h"
#include "connection.h"
+#include "control.h"
+#include "control_common.h"
#include "crypto.h"
#include "edge.h"
#include "graph.h"
bool send_id(connection_t *c) {
gettimeofday(&c->start, NULL);
- return send_request(c, "%d %s %d", ID, myself->connection->name,
- myself->connection->protocol_version);
+ return send_request(c, "%d %s %d.%d", ID, myself->connection->name,
+ myself->connection->protocol_major, myself->connection->protocol_minor);
}
bool id_h(connection_t *c, char *request) {
char name[MAX_STRING_SIZE];
- if(sscanf(request, "%*d " MAX_STRING " %d", name, &c->protocol_version) != 2) {
+ if(sscanf(request, "%*d " MAX_STRING " %d.%d", name, &c->protocol_major, &c->protocol_minor) < 2) {
logger(LOG_ERR, "Got bad %s from %s (%s)", "ID", c->name,
c->hostname);
return false;
}
+ /* Check if this is a control connection */
+
+ if(name[0] == '^' && !strcmp(name + 1, controlcookie)) {
+ c->status.control = true;
+ c->allow_request = CONTROL;
+ c->last_ping_time = time(NULL) + 3600;
+ return send_request(c, "%d %d %d", ACK, TINC_CTL_VERSION_CURRENT, getpid());
+ }
+
/* Check if identity is a valid name */
if(!check_id(name)) {
/* Check if version matches */
- if(c->protocol_version != myself->connection->protocol_version) {
- logger(LOG_ERR, "Peer %s (%s) uses incompatible version %d",
- c->name, c->hostname, c->protocol_version);
+ if(c->protocol_major != myself->connection->protocol_major) {
+ logger(LOG_ERR, "Peer %s (%s) uses incompatible version %d.%d",
+ c->name, c->hostname, c->protocol_major, c->protocol_minor);
return false;
}
bool challenge_h(connection_t *c, char *request) {
char buffer[MAX_STRING_SIZE];
size_t len = rsa_size(&myself->connection->rsa);
- size_t digestlen = digest_length(&c->outdigest);
+ size_t digestlen = digest_length(&c->indigest);
char digest[digestlen];
if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) {
/* Check if the length of the hash is all right */
if(strlen(hishash) != digest_length(&c->outdigest) * 2) {
- logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, _("wrong challenge reply length"));
+ logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
return false;
}
/* Verify the hash */
if(!digest_verify(&c->outdigest, c->hischallenge, rsa_size(&c->rsa), hishash)) {
- logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, _("wrong challenge reply"));
+ logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
return false;
}
if(myself->options & OPTION_PMTU_DISCOVERY)
c->options |= OPTION_PMTU_DISCOVERY;
+ choice = myself->options & OPTION_CLAMP_MSS;
+ get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice);
+ if(choice)
+ c->options |= OPTION_CLAMP_MSS;
+
get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
- return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options);
+ return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, c->options);
}
static void send_everything(connection_t *c) {
bool ack_h(connection_t *c, char *request) {
char hisport[MAX_STRING_SIZE];
- char *hisaddress, *dummy;
+ char *hisaddress;
int weight, mtu;
- long int options;
+ uint32_t options;
node_t *n;
+ bool choice;
- if(sscanf(request, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) {
+ if(sscanf(request, "%*d " MAX_STRING " %d %x", hisport, &weight, &options) != 3) {
logger(LOG_ERR, "Got bad %s from %s (%s)", "ACK", c->name,
c->hostname);
return false;
if(get_config_int(lookup_config(c->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
n->mtu = mtu;
- if(get_config_int(lookup_config(myself->connection->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
+ if(get_config_int(lookup_config(config_tree, "PMTU"), &mtu) && mtu < n->mtu)
n->mtu = mtu;
+ if(get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice)) {
+ if(choice)
+ c->options |= OPTION_CLAMP_MSS;
+ else
+ c->options &= ~OPTION_CLAMP_MSS;
+ }
+
+ if(c->protocol_minor > 0)
+ c->node->status.ecdh = true;
+
/* Activate this connection */
c->allow_request = ALL;
c->edge = new_edge();
c->edge->from = myself;
c->edge->to = n;
- sockaddr2str(&c->address, &hisaddress, &dummy);
+ sockaddr2str(&c->address, &hisaddress, NULL);
c->edge->address = str2sockaddr(hisaddress, hisport);
free(hisaddress);
- free(dummy);
c->edge->weight = (weight + c->estimated_weight) / 2;
c->edge->connection = c;
c->edge->options = c->options;