- EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
- EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
- /* FIXME: grok DecryptFinal
- EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad);
- */
-
- add_mac_addresses(&outpkt);
-
- if(write(tap_fd, outpkt.data, outpkt.len) < 0)
- syslog(LOG_ERR, _("Can't write to tap device: %m"));
- else
- total_tap_out += outpkt.len;
+
+ /* Decrypt the packet */
+
+ EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
+ EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
+ EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
+ outlen += outpad;
+
+/* Bypass
+ outlen = outpkt.len+2;
+ memcpy(&outpkt, inpkt, outlen);
+*/
+
+ if(debug_lvl >= DEBUG_TRAFFIC)
+ syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
+ outpkt.len, outlen);
+
+ /* Fix mac address */
+
+ memcpy(outpkt.data, mymac.net.mac.address.x, 6);
+
+ if(taptype == TAP_TYPE_TUNTAP)
+ {
+ if(write(tap_fd, outpkt.data, outpkt.len) < 0)
+ syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
+ else
+ total_tap_out += outpkt.len;
+ }
+ else /* ethertap */
+ {
+ if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
+ syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
+ else
+ total_tap_out += outpkt.len + 2;
+ }