X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_packet.c;h=4bbb2d6f16e560bd5911addf946b8ca379d713fc;hb=54127996ca4156668b6c7df3bb5d8f952dc598ad;hp=c2552619857c89f7f53df2a7d7c6a82f27ff6dea;hpb=9b9230a0a79c670b86f54fadd2807b864ff9d91f;p=tinc

diff --git a/src/net_packet.c b/src/net_packet.c
index c2552619..4bbb2d6f 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -56,6 +56,7 @@ static void send_udppacket(node_t *, vpn_packet_t *);
 
 unsigned replaywin = 16;
 bool localdiscovery = false;
+sockaddr_t localdiscovery_address;
 
 #define MAX_SEQNO 1073741824
 
@@ -332,13 +333,21 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
 	size_t outlen;
 
 	if(n->status.sptps) {
+		if(!n->sptps.state) {
+			if(!n->status.waitingforkey) {
+				logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
+				send_req_key(n);
+			} else {
+				logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
+			}
+			return;
+		}
 		sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
 		return;
 	}
 
 	if(!cipher_active(n->incipher)) {
-		logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet",
-					n->name, n->hostname);
+		logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
 		return;
 	}
 
@@ -572,12 +581,22 @@ static void choose_broadcast_address(const node_t *n, const sockaddr_t **sa, int
 	*sock = rand() % listen_sockets;
 
 	if(listen_socket[*sock].sa.sa.sa_family == AF_INET6) {
-		broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
-		broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
-		*sa = &broadcast_ipv6;
+		if(localdiscovery_address.sa.sa_family == AF_INET6) {
+			localdiscovery_address.in6.sin6_port = n->prevedge->address.in.sin_port;
+			*sa = &localdiscovery_address;
+		} else {
+			broadcast_ipv6.in6.sin6_port = n->prevedge->address.in.sin_port;
+			broadcast_ipv6.in6.sin6_scope_id = listen_socket[*sock].sa.in6.sin6_scope_id;
+			*sa = &broadcast_ipv6;
+		}
 	} else {
-		broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
-		*sa = &broadcast_ipv4;
+		if(localdiscovery_address.sa.sa_family == AF_INET) {
+			localdiscovery_address.in.sin_port = n->prevedge->address.in.sin_port;
+			*sa = &localdiscovery_address;
+		} else {
+			broadcast_ipv4.in.sin_port = n->prevedge->address.in.sin_port;
+			*sa = &broadcast_ipv4;
+		}
 	}
 }
 
@@ -669,7 +688,11 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
 	/* Add the message authentication code */
 
 	if(digest_active(n->outdigest)) {
-		digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len);
+		if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) {
+			logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
+			goto end;
+		}
+
 		inpkt->len += digest_length(n->outdigest);
 	}