along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.94 2001/01/13 16:36:21 guus Exp $
+ $Id: net.c,v 1.35.4.96 2001/02/25 16:34:17 guus Exp $
*/
#include "config.h"
cp
outpkt.len = inpkt->len;
- /* Encrypt the packet. FIXME: we should use CBC, not CFB. */
+ /* Encrypt the packet. */
EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
{
connection_t *cl;
subnet_t *subnet;
+ vpn_packet_t *copy;
cp
if((subnet = lookup_subnet_ipv4(&to)) == NULL)
{
syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
cl->name, cl->hostname);
- list_insert_tail(cl->queue, packet);
+ /* Since packet is on the stack of handle_tap_input(),
+ we have to make a copy of it first. */
+
+ copy = xmalloc(sizeof(vpn_packet_t));
+ memcpy(copy, packet, sizeof(vpn_packet_t));
+
+ list_insert_tail(cl->queue, copy);
if(!cl->status.waitingforkey)
send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
void flush_queue(connection_t *cl)
{
list_node_t *node, *next;
-
+cp
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname);
xsend(cl, (vpn_packet_t *)node->data);
list_delete_node(cl->queue, node);
}
+cp
}
/*
cp
/* Generate packet encryption key */
- myself->cipher_pkttype = EVP_bf_cfb();
+ myself->cipher_pkttype = EVP_bf_cbc();
myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
projects / tinc / blobdiff