- vpn_packet_t pkt1, pkt2;
- vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2};
- int nextpkt = 0;
- vpn_packet_t *outpkt;
- int outlen, outpad;
- long int complen = MTU + 12;
- EVP_CIPHER_CTX ctx;
- vpn_packet_t *copy;
-cp
- if(!n->status.validkey)
- {
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
- n->name, n->hostname);
-
- /* Since packet is on the stack of handle_tap_input(),
- we have to make a copy of it first. */
-
- copy = xmalloc(sizeof(vpn_packet_t));
- memcpy(copy, inpkt, sizeof(vpn_packet_t));
-
- list_insert_tail(n->queue, copy);
-
- if(!n->status.waitingforkey)
- send_req_key(n->nexthop->connection, myself, n);
-
- return;
- }
-
- /* Compress the packet */
-
- if(n->compression)
- {
- outpkt = pkt[nextpkt++];
-
- if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK)
- {
- syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname);
- return;
- }
-
- outpkt->len = complen;
- inpkt = outpkt;
- }
-
- /* Add sequence number */
-
- inpkt->seqno = htonl(++(n->sent_seqno));
- inpkt->len += sizeof(inpkt->seqno);
-
- /* Encrypt the packet */
-
- if(n->cipher)
- {
- outpkt = pkt[nextpkt++];
-
- EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len);
- EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len);
- EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad);
-
- outpkt->len = outlen + outpad;
- inpkt = outpkt;
- }
-
- /* Add the message authentication code */
-
- if(n->digest && n->maclength)
- {
- HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen);
- inpkt->len += n->maclength;
- }
-
- /* Send the packet */
-
- if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), sizeof(sockaddr_t))) < 0)
- {
- syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"),
- n->name, n->hostname, strerror(errno));
- return;
- }
-cp
+ vpn_packet_t pkt1, pkt2;
+ vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
+ int nextpkt = 0;
+ vpn_packet_t *outpkt;
+ int origlen;
+ int outlen, outpad;
+ long int complen = MTU + 12;
+ vpn_packet_t *copy;
+ static int priority = 0;
+ int origpriority;
+ int sock;
+
+ cp();
+
+ /* Make sure we have a valid key */
+
+ if(!n->status.validkey) {
+ if(debug_lvl >= DEBUG_TRAFFIC)
+ syslog(LOG_INFO,
+ _("No valid key known yet for %s (%s), queueing packet"),
+ n->name, n->hostname);
+
+ /* Since packet is on the stack of handle_tap_input(), we have to make a copy of it first. */
+
+ copy = xmalloc(sizeof(vpn_packet_t));
+ memcpy(copy, inpkt, sizeof(vpn_packet_t));
+
+ list_insert_tail(n->queue, copy);
+
+ if(n->queue->count > MAXQUEUELENGTH)
+ list_delete_head(n->queue);
+
+ if(!n->status.waitingforkey)
+ send_req_key(n->nexthop->connection, myself, n);
+
+ n->status.waitingforkey = 1;
+
+ return;
+ }
+
+ origlen = inpkt->len;
+ origpriority = inpkt->priority;
+
+ /* Compress the packet */
+
+ if(n->compression) {
+ outpkt = pkt[nextpkt++];
+
+ if(compress2
+ (outpkt->data, &complen, inpkt->data, inpkt->len,
+ n->compression) != Z_OK) {
+ syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"),
+ n->name, n->hostname);
+ return;
+ }
+
+ outpkt->len = complen;
+ inpkt = outpkt;
+ }
+
+ /* Add sequence number */
+
+ inpkt->seqno = htonl(++(n->sent_seqno));
+ inpkt->len += sizeof(inpkt->seqno);
+
+ /* Encrypt the packet */
+
+ if(n->cipher) {
+ outpkt = pkt[nextpkt++];
+
+ EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len);
+ EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
+ (char *) &inpkt->seqno, inpkt->len);
+ EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
+
+ outpkt->len = outlen + outpad;
+ inpkt = outpkt;
+ }
+
+ /* Add the message authentication code */
+
+ if(n->digest && n->maclength) {
+ HMAC(n->digest, n->key, n->keylength, (char *) &inpkt->seqno,
+ inpkt->len, (char *) &inpkt->seqno + inpkt->len, &outlen);
+ inpkt->len += n->maclength;
+ }
+
+ /* Determine which socket we have to use */
+
+ for(sock = 0; sock < listen_sockets; sock++)
+ if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family)
+ break;
+
+ if(sock >= listen_sockets)
+ sock = 0; /* If none is available, just use the first and hope for the best. */
+
+ /* Send the packet */
+
+#if defined(SOL_IP) && defined(IP_TOS)
+ if(priorityinheritance && origpriority != priority
+ && listen_socket[sock].sa.sa.sa_family == AF_INET) {
+ priority = origpriority;
+ if(debug_lvl >= DEBUG_TRAFFIC)
+ syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"),
+ priority);
+ if(setsockopt(listen_socket[sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
+ syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt",
+ strerror(errno));
+ }
+#endif
+
+ if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) {
+ syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name,
+ n->hostname, strerror(errno));
+ return;
+ }
+
+ inpkt->len = origlen;