X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=cfa2f53ffe0ff36b759009f6779b68ecb65d66eb;hb=d28f33228635e78dac8f9e9bcaec92690f2ca10a;hp=abde7772c40aedcd8f8dcb050ae3755b354cba01;hpb=daf65919d1ccc40f6c11f3f723f325de9021c422;p=tinc

diff --git a/src/protocol_key.c b/src/protocol_key.c
index abde7772..cfa2f53f 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -1,7 +1,7 @@
 /*
     protocol_key.c -- handle the meta-protocol, key exchange
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -87,7 +87,7 @@ bool key_changed_h(connection_t *c, const char *request) {
 	return true;
 }
 
-static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
+static bool send_initial_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
 	node_t *to = handle;
 	to->sptps.send_data = send_sptps_data;
 	char buf[len * 4 / 3 + 5];
@@ -255,6 +255,7 @@ bool req_key_h(connection_t *c, const char *request) {
 			return true;
 		}
 
+		/* TODO: forwarding SPTPS packets in this way is inefficient because we send them over TCP without checking for UDP connectivity */
 		send_request(to->nexthop->connection, "%s", request);
 	}
 
@@ -265,6 +266,9 @@ bool send_ans_key(node_t *to) {
 	if(to->status.sptps)
 		abort();
 
+#ifdef DISABLE_LEGACY
+	return false;
+#else
 	size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1;
 	char key[keylen * 2 + 1];
 
@@ -305,6 +309,7 @@ bool send_ans_key(node_t *to) {
 						digest_get_nid(to->indigest),
 						(int)digest_length(to->indigest),
 						to->incompression);
+#endif
 }
 
 bool ans_key_h(connection_t *c, const char *request) {
@@ -370,9 +375,11 @@ bool ans_key_h(connection_t *c, const char *request) {
 		return send_request(to->nexthop->connection, "%s", request);
 	}
 
+#ifndef DISABLE_LEGACY
 	/* Don't use key material until every check has passed. */
 	cipher_close(from->outcipher);
 	digest_close(from->outdigest);
+#endif
 	from->status.validkey = false;
 
 	if(compression < 0 || compression > 11) {
@@ -398,13 +405,19 @@ bool ans_key_h(connection_t *c, const char *request) {
 				update_node_udp(from, &sa);
 			}
 
-			if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
+			/* Don't send probes if we can't send UDP packets directly to that node.
+			   TODO: the indirect (via) condition can change at any time as edges are added and removed, so this should probably be moved to graph.c. */
+			if((from->via == myself || from->via == from) && from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
 				send_mtu_probe(from);
 		}
 
 		return true;
 	}
 
+#ifdef DISABLE_LEGACY
+	logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%) uses legacy protocol!", from->name, from->hostname);
+	return false;
+#else
 	/* Check and lookup cipher and digest algorithms */
 
 	if(cipher) {
@@ -459,4 +472,5 @@ bool ans_key_h(connection_t *c, const char *request) {
 		send_mtu_probe(from);
 
 	return true;
+#endif
 }