X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=8cbec1be28a0883c79d9aba8fd77d709f0529238;hb=4989362300f800a6f407508f1e0127867cf80cba;hp=abde7772c40aedcd8f8dcb050ae3755b354cba01;hpb=daf65919d1ccc40f6c11f3f723f325de9021c422;p=tinc

diff --git a/src/protocol_key.c b/src/protocol_key.c
index abde7772..8cbec1be 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -1,7 +1,7 @@
 /*
     protocol_key.c -- handle the meta-protocol, key exchange
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -87,7 +87,7 @@ bool key_changed_h(connection_t *c, const char *request) {
 	return true;
 }
 
-static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
+static bool send_initial_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
 	node_t *to = handle;
 	to->sptps.send_data = send_sptps_data;
 	char buf[len * 4 / 3 + 5];
@@ -255,6 +255,7 @@ bool req_key_h(connection_t *c, const char *request) {
 			return true;
 		}
 
+		/* TODO: forwarding SPTPS packets in this way is inefficient because we send them over TCP without checking for UDP connectivity */
 		send_request(to->nexthop->connection, "%s", request);
 	}
 
@@ -265,6 +266,9 @@ bool send_ans_key(node_t *to) {
 	if(to->status.sptps)
 		abort();
 
+#ifdef DISABLE_LEGACY
+	return false;
+#else
 	size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1;
 	char key[keylen * 2 + 1];
 
@@ -299,12 +303,15 @@ bool send_ans_key(node_t *to) {
 	to->received = 0;
 	if(replaywin) memset(to->late, 0, replaywin);
 
+	to->status.validkey_in = true;
+
 	return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
 						myself->name, to->name, key,
 						cipher_get_nid(to->incipher),
 						digest_get_nid(to->indigest),
 						(int)digest_length(to->indigest),
 						to->incompression);
+#endif
 }
 
 bool ans_key_h(connection_t *c, const char *request) {
@@ -370,9 +377,11 @@ bool ans_key_h(connection_t *c, const char *request) {
 		return send_request(to->nexthop->connection, "%s", request);
 	}
 
+#ifndef DISABLE_LEGACY
 	/* Don't use key material until every check has passed. */
 	cipher_close(from->outcipher);
 	digest_close(from->outdigest);
+#endif
 	from->status.validkey = false;
 
 	if(compression < 0 || compression > 11) {
@@ -397,14 +406,15 @@ bool ans_key_h(connection_t *c, const char *request) {
 				sockaddr_t sa = str2sockaddr(address, port);
 				update_node_udp(from, &sa);
 			}
-
-			if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
-				send_mtu_probe(from);
 		}
 
 		return true;
 	}
 
+#ifdef DISABLE_LEGACY
+	logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses legacy protocol!", from->name, from->hostname);
+	return false;
+#else
 	/* Check and lookup cipher and digest algorithms */
 
 	if(cipher) {
@@ -455,8 +465,6 @@ bool ans_key_h(connection_t *c, const char *request) {
 		update_node_udp(from, &sa);
 	}
 
-	if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
-		send_mtu_probe(from);
-
 	return true;
+#endif
 }