projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use global "now" in try_udp() and try_mtu().
[tinc]
/
src
/
protocol_key.c
diff --git
a/src/protocol_key.c
b/src/protocol_key.c
index
abde777
..
aaf0f33
100644
(file)
--- a/
src/protocol_key.c
+++ b/
src/protocol_key.c
@@
-1,7
+1,7
@@
/*
protocol_key.c -- handle the meta-protocol, key exchange
Copyright (C) 1999-2005 Ivo Timmermans,
/*
protocol_key.c -- handle the meta-protocol, key exchange
Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-201
3
Guus Sliepen <guus@tinc-vpn.org>
+ 2000-201
4
Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@
-87,7
+87,7
@@
bool key_changed_h(connection_t *c, const char *request) {
return true;
}
return true;
}
-static bool send_initial_sptps_data(void *handle, uint8_t type, const
char
*data, size_t len) {
+static bool send_initial_sptps_data(void *handle, uint8_t type, const
void
*data, size_t len) {
node_t *to = handle;
to->sptps.send_data = send_sptps_data;
char buf[len * 4 / 3 + 5];
node_t *to = handle;
to->sptps.send_data = send_sptps_data;
char buf[len * 4 / 3 + 5];
@@
-255,6
+255,7
@@
bool req_key_h(connection_t *c, const char *request) {
return true;
}
return true;
}
+ /* TODO: forwarding SPTPS packets in this way is inefficient because we send them over TCP without checking for UDP connectivity */
send_request(to->nexthop->connection, "%s", request);
}
send_request(to->nexthop->connection, "%s", request);
}
@@
-265,6
+266,9
@@
bool send_ans_key(node_t *to) {
if(to->status.sptps)
abort();
if(to->status.sptps)
abort();
+#ifdef DISABLE_LEGACY
+ return false;
+#else
size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1;
char key[keylen * 2 + 1];
size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1;
char key[keylen * 2 + 1];
@@
-305,6
+309,7
@@
bool send_ans_key(node_t *to) {
digest_get_nid(to->indigest),
(int)digest_length(to->indigest),
to->incompression);
digest_get_nid(to->indigest),
(int)digest_length(to->indigest),
to->incompression);
+#endif
}
bool ans_key_h(connection_t *c, const char *request) {
}
bool ans_key_h(connection_t *c, const char *request) {
@@
-370,9
+375,11
@@
bool ans_key_h(connection_t *c, const char *request) {
return send_request(to->nexthop->connection, "%s", request);
}
return send_request(to->nexthop->connection, "%s", request);
}
+#ifndef DISABLE_LEGACY
/* Don't use key material until every check has passed. */
cipher_close(from->outcipher);
digest_close(from->outdigest);
/* Don't use key material until every check has passed. */
cipher_close(from->outcipher);
digest_close(from->outdigest);
+#endif
from->status.validkey = false;
if(compression < 0 || compression > 11) {
from->status.validkey = false;
if(compression < 0 || compression > 11) {
@@
-397,14
+404,15
@@
bool ans_key_h(connection_t *c, const char *request) {
sockaddr_t sa = str2sockaddr(address, port);
update_node_udp(from, &sa);
}
sockaddr_t sa = str2sockaddr(address, port);
update_node_udp(from, &sa);
}
-
- if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
- send_mtu_probe(from);
}
return true;
}
}
return true;
}
+#ifdef DISABLE_LEGACY
+ logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%) uses legacy protocol!", from->name, from->hostname);
+ return false;
+#else
/* Check and lookup cipher and digest algorithms */
if(cipher) {
/* Check and lookup cipher and digest algorithms */
if(cipher) {
@@
-455,8
+463,6
@@
bool ans_key_h(connection_t *c, const char *request) {
update_node_udp(from, &sa);
}
update_node_udp(from, &sa);
}
- if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
- send_mtu_probe(from);
-
return true;
return true;
+#endif
}
}