along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net_packet.c,v 1.1.2.39 2003/08/22 11:18:42 guus Exp $
+ $Id: net_packet.c,v 1.1.2.43 2003/10/11 12:16:12 guus Exp $
*/
#include "system.h"
#include <openssl/rand.h>
+#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
cp();
+ /* Check packet length */
+
+ if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) {
+ ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"),
+ n->name, n->hostname);
+ return;
+ }
+
/* Check the message authentication code */
if(myself->digest && myself->maclength) {
if(myself->cipher) {
outpkt = pkt[nextpkt++];
-// EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key,
-// myself->key + myself->cipher->key_len);
- EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL);
- EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
- (char *) &inpkt->seqno, inpkt->len);
- EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
+ if(!EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL)
+ || !EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen,
+ (char *) &inpkt->seqno, inpkt->len)
+ || !EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+ ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"),
+ n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return;
+ }
outpkt->len = outlen + outpad;
inpkt = outpkt;
outpkt = pkt[nextpkt++];
if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, myself->compression)) < 0) {
- logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"),
- n->name, n->hostname);
+ ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"),
+ n->name, n->hostname);
return;
}
inpkt = outpkt;
}
+ if(n->connection)
+ n->connection->last_ping_time = now;
+
receive_packet(n, inpkt);
}
outpkt = pkt[nextpkt++];
if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->compression)) < 0) {
- logger(LOG_ERR, _("Error while compressing packet to %s (%s)"),
+ ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while compressing packet to %s (%s)"),
n->name, n->hostname);
return;
}
if(n->cipher) {
outpkt = pkt[nextpkt++];
-// EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len);
- EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL);
- EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
- (char *) &inpkt->seqno, inpkt->len);
- EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad);
+ if(!EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL)
+ || !EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen,
+ (char *) &inpkt->seqno, inpkt->len)
+ || !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) {
+ ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"),
+ n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
+ return;
+ }
outpkt->len = outlen + outpad;
inpkt = outpkt;
packet->len, from->name, from->hostname);
for(node = connection_tree->head; node; node = node->next) {
- c = (connection_t *) node->data;
+ c = node->data;
if(c->status.active && c->status.mst && c != from->nexthop->connection)
send_packet(c->node, packet);
for(node = n->queue->head; node; node = next) {
next = node->next;
- send_udppacket(n, (vpn_packet_t *) node->data);
+ send_udppacket(n, node->data);
list_delete_node(n->queue, node);
}
}
pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen);
- if(pkt.len <= 0) {
+ if(pkt.len < 0) {
logger(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno));
return;
}
return;
}
- if(n->connection)
- n->connection->last_ping_time = now;
-
receive_udppacket(n, &pkt);
}