X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=ebc46f32ae3bf57559ecb0d90938d7e8390e66f8;hb=63daebcd1ec2975c0c2ad8e0ee0fced33b1fbbf0;hp=fcb748f4ea9ee998d555ac5d8f1c0e8ecd5da333;hpb=b23bf132838156d2fe5a18d50a2b5e068ae18ec3;p=tinc diff --git a/src/protocol_key.c b/src/protocol_key.c index fcb748f4..ebc46f32 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -124,6 +124,11 @@ bool send_req_key(node_t *to) { static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, int reqno) { switch(reqno) { case REQ_PUBKEY: { + if(!node_read_ecdsa_public_key(from)) { + /* Request their key *before* we send our key back. Otherwise the first SPTPS packet from them will get dropped. */ + logger(DEBUG_PROTOCOL, LOG_DEBUG, "Preemptively requesting Ed25519 key for %s (%s)", from->name, from->hostname); + send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY); + } char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa); send_request(from->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, from->name, ANS_PUBKEY, pubkey); free(pubkey); @@ -250,6 +255,7 @@ bool req_key_h(connection_t *c, const char *request) { return true; } + /* TODO: forwarding SPTPS packets in this way is inefficient because we send them over TCP without checking for UDP connectivity */ send_request(to->nexthop->connection, "%s", request); } @@ -393,7 +399,9 @@ bool ans_key_h(connection_t *c, const char *request) { update_node_udp(from, &sa); } - if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY)) + /* Don't send probes if we can't send UDP packets directly to that node. + TODO: the indirect (via) condition can change at any time as edges are added and removed, so this should probably be moved to graph.c. */ + if((from->via == myself || from->via == from) && from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY)) send_mtu_probe(from); }