X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_packet.c;h=0021aabb691bf26bed1d1a6e5ee1f2788c86057d;hb=6fcfe763aa54e0522e726dc088b23d24899794d8;hp=8bf399f1fdbcd04396a826afea508880105a0d87;hpb=0209f12d27d29f3aedc09b228bd289305851c75d;p=tinc

diff --git a/src/net_packet.c b/src/net_packet.c
index 8bf399f1..0021aabb 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -97,10 +97,16 @@ static void udp_probe_timeout_handler(void *data) {
 
 static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
 	if(!DATA(packet)[0]) {
-		logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
-
 		/* It's a probe request, send back a reply */
 
+		if(!n->status.sptps && !n->status.validkey) {
+			// But not if we don't have his key.
+			logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request from %s (%s) but we don't have his key yet", n->name, n->hostname);
+			return;
+		}
+
+		logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
+
 		/* Type 2 probe replies were introduced in protocol 17.3 */
 		if ((n->options >> 24) >= 3) {
 			uint8_t *data = DATA(packet);
@@ -110,7 +116,7 @@ static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
 			gettimeofday(&now, NULL);
 			uint32_t sec = htonl(now.tv_sec); memcpy(data, &sec, 4); data += 4;
 			uint32_t usec = htonl(now.tv_usec); memcpy(data, &usec, 4); data += 4;
-			packet->len -= 10;
+			packet->len = 14; // Minimum size for any probe packet.
 		} else {
 			/* Legacy protocol: n won't understand type 2 probe replies. */
 			DATA(packet)[0] = 1;
@@ -1111,6 +1117,11 @@ static void try_tx_sptps(node_t *n) {
 }
 
 static void try_tx_legacy(node_t *n) {
+	/* Does he have our key? If not, send one. */
+
+	if(!n->status.validkey_in)
+		send_ans_key(n);
+
 	/* Check if we already have a key, or request one. */
 
 	if(!n->status.validkey) {