X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=c46c14cfbd02675316f6d8c53f253c6581bead87;hb=9bb230f30f665779eb89dcce077a15360ec50be1;hp=abde7772c40aedcd8f8dcb050ae3755b354cba01;hpb=daf65919d1ccc40f6c11f3f723f325de9021c422;p=tinc diff --git a/src/protocol_key.c b/src/protocol_key.c index abde7772..c46c14cf 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -1,7 +1,7 @@ /* protocol_key.c -- handle the meta-protocol, key exchange Copyright (C) 1999-2005 Ivo Timmermans, - 2000-2013 Guus Sliepen + 2000-2014 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -87,7 +87,7 @@ bool key_changed_h(connection_t *c, const char *request) { return true; } -static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data, size_t len) { +static bool send_initial_sptps_data(void *handle, uint8_t type, const void *data, size_t len) { node_t *to = handle; to->sptps.send_data = send_sptps_data; char buf[len * 4 / 3 + 5]; @@ -236,6 +236,13 @@ bool req_key_h(connection_t *c, const char *request) { return true; } + /* If this is a SPTPS packet, see if sending UDP info helps. + Note that we only do this if we're the destination or the static relay; + otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */ + + if(experimental && (reqno == REQ_KEY || reqno == REQ_SPTPS) && to->via == myself) + send_udp_info(myself, from); + /* Check if this key request is for us */ if(to == myself) { /* Yes */ @@ -255,6 +262,7 @@ bool req_key_h(connection_t *c, const char *request) { return true; } + /* TODO: forwarding SPTPS packets in this way is inefficient because we send them over TCP without checking for UDP connectivity */ send_request(to->nexthop->connection, "%s", request); } @@ -265,6 +273,9 @@ bool send_ans_key(node_t *to) { if(to->status.sptps) abort(); +#ifdef DISABLE_LEGACY + return false; +#else size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1; char key[keylen * 2 + 1]; @@ -299,12 +310,15 @@ bool send_ans_key(node_t *to) { to->received = 0; if(replaywin) memset(to->late, 0, replaywin); + to->status.validkey_in = true; + return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY, myself->name, to->name, key, cipher_get_nid(to->incipher), digest_get_nid(to->indigest), (int)digest_length(to->indigest), to->incompression); +#endif } bool ans_key_h(connection_t *c, const char *request) { @@ -370,9 +384,11 @@ bool ans_key_h(connection_t *c, const char *request) { return send_request(to->nexthop->connection, "%s", request); } +#ifndef DISABLE_LEGACY /* Don't use key material until every check has passed. */ cipher_close(from->outcipher); digest_close(from->outdigest); +#endif from->status.validkey = false; if(compression < 0 || compression > 11) { @@ -397,14 +413,15 @@ bool ans_key_h(connection_t *c, const char *request) { sockaddr_t sa = str2sockaddr(address, port); update_node_udp(from, &sa); } - - if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY)) - send_mtu_probe(from); } return true; } +#ifdef DISABLE_LEGACY + logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses legacy protocol!", from->name, from->hostname); + return false; +#else /* Check and lookup cipher and digest algorithms */ if(cipher) { @@ -455,8 +472,6 @@ bool ans_key_h(connection_t *c, const char *request) { update_node_udp(from, &sa); } - if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY)) - send_mtu_probe(from); - return true; +#endif }