Handle packets encrypted via SPTPS that need to be forwarded via TCP.
authorGuus Sliepen <guus@tinc-vpn.org>
Sun, 7 Oct 2012 12:03:50 +0000 (14:03 +0200)
committerGuus Sliepen <guus@tinc-vpn.org>
Sun, 7 Oct 2012 12:03:50 +0000 (14:03 +0200)
src/net_packet.c
src/protocol.h
src/protocol_key.c

index 371632f..8439269 100644 (file)
@@ -398,6 +398,7 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
                        n->status.waitingforkey = false;
                        send_req_key(n);
                }
+               return;
        }
 
        uint8_t type = 0;
@@ -590,13 +591,15 @@ end:
 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
        node_t *to = handle;
 
-       if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY)) {
+       if(type >= SPTPS_HANDSHAKE
+                       || ((myself->options | to->options) & OPTION_TCPONLY)
+                       || (type != PKT_PROBE && len > to->minmtu)) {
                char buf[len * 4 / 3 + 5];
                b64encode(data, buf, len);
                if(!to->status.validkey)
                        return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
                else
-                       return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
+                       return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, type >= SPTPS_HANDSHAKE ? REQ_SPTPS : REQ_PACKET, buf);
        }
 
        /* Send the packet */
index 41f74ab..c16fdf8 100644 (file)
@@ -47,6 +47,7 @@ typedef enum request_t {
        CONTROL,
        REQ_PUBKEY, ANS_PUBKEY,
        REQ_SPTPS,
+       REQ_PACKET,
        LAST                                            /* Guardian for the highest request number */
 } request_t;
 
index 3e8d29a..f34a70d 100644 (file)
@@ -181,6 +181,22 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
                        return true;
                }
 
+               case REQ_PACKET: {
+                       if(!from->status.validkey) {
+                               logger(DEBUG_PROTOCOL, LOG_ERR, "Got REQ_PACKET from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
+                               return true;
+                       }
+
+                       char buf[MAX_STRING_SIZE];
+                       if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) {
+                               logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", from->name, from->hostname, "invalid SPTPS data");
+                               return true;
+                       }
+                       int len = b64decode(buf, buf, strlen(buf));
+                       sptps_receive_data(&from->sptps, buf, len);
+                       return true;
+               }
+
                default:
                        logger(DEBUG_ALWAYS, LOG_ERR, "Unknown extended REQ_KEY request from %s (%s): %s", from->name, from->hostname, request);
                        return true;