From: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue, 20 Jul 2021 19:14:23 +0000 (+0200)
Subject: Avoid trying to send an ANS_KEY request to unreachable nodes.
X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=ed070d754d1b5500b0ec3615ae342178cfd42efb;p=tinc

Avoid trying to send an ANS_KEY request to unreachable nodes.

We could have a REQ_KEY coming from a node that is not reachable; either
because DEL_EDGEs have overtaken the REQ_KEY, or perhaps if TunnelServer
is used and some nodes have a different view of reachability.

This might fix GitHub issue #247.
---

diff --git a/src/protocol_key.c b/src/protocol_key.c
index b93bec18..c15c4f6e 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -44,20 +44,22 @@ void send_key_changed(void) {
 
 	/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
 
-	for list_each(connection_t, c, connection_list)
+	for list_each(connection_t, c, connection_list) {
 		if(c->edge && c->node && c->node->status.reachable && !c->node->status.sptps) {
 			send_ans_key(c->node);
 		}
+	}
 
 #endif
 
 	/* Force key exchange for connections using SPTPS */
 
 	if(experimental) {
-		for splay_each(node_t, n, node_tree)
+		for splay_each(node_t, n, node_tree) {
 			if(n->status.reachable && n->status.validkey && n->status.sptps) {
 				sptps_force_kex(&n->sptps);
 			}
+		}
 	}
 }
 
@@ -295,6 +297,11 @@ bool req_key_h(connection_t *c, const char *request) {
 	/* Check if this key request is for us */
 
 	if(to == myself) {                      /* Yes */
+		if(!from->status.reachable) {
+			logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) origin %s which is not reachable",
+			       "REQ_KEY", c->name, c->hostname, from_name);
+		}
+
 		/* Is this an extended REQ_KEY message? */
 		if(experimental && reqno) {
 			return req_key_ext_h(c, request, from, to, reqno);