projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Don't forget to reconnect if outgoing connection fails during
[tinc]
/
src
/
net.c
diff --git
a/src/net.c
b/src/net.c
index
18e5951
..
ea2bb01
100644
(file)
--- a/
src/net.c
+++ b/
src/net.c
@@
-17,7
+17,7
@@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.9
2 2001/01/07 20:19:2
9 guus Exp $
+ $Id: net.c,v 1.35.4.9
8 2001/02/27 15:33:3
9 guus Exp $
*/
#include "config.h"
*/
#include "config.h"
@@
-112,7
+112,7
@@
int xsend(connection_t *cl, vpn_packet_t *inpkt)
cp
outpkt.len = inpkt->len;
cp
outpkt.len = inpkt->len;
- /* Encrypt the packet.
FIXME: we should use CBC, not CFB.
*/
+ /* Encrypt the packet. */
EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
@@
-202,6
+202,7
@@
int send_packet(ip_t to, vpn_packet_t *packet)
{
connection_t *cl;
subnet_t *subnet;
{
connection_t *cl;
subnet_t *subnet;
+ vpn_packet_t *copy;
cp
if((subnet = lookup_subnet_ipv4(&to)) == NULL)
{
cp
if((subnet = lookup_subnet_ipv4(&to)) == NULL)
{
@@
-242,7
+243,13
@@
cp
syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
cl->name, cl->hostname);
syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
cl->name, cl->hostname);
- list_insert_tail(cl->queue, packet);
+ /* Since packet is on the stack of handle_tap_input(),
+ we have to make a copy of it first. */
+
+ copy = xmalloc(sizeof(vpn_packet_t));
+ memcpy(copy, packet, sizeof(vpn_packet_t));
+
+ list_insert_tail(cl->queue, copy);
if(!cl->status.waitingforkey)
send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
if(!cl->status.waitingforkey)
send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
@@
-260,7
+267,7
@@
cp
void flush_queue(connection_t *cl)
{
list_node_t *node, *next;
void flush_queue(connection_t *cl)
{
list_node_t *node, *next;
-
+cp
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname);
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname);
@@
-270,6
+277,7
@@
void flush_queue(connection_t *cl)
xsend(cl, (vpn_packet_t *)node->data);
list_delete_node(cl->queue, node);
}
xsend(cl, (vpn_packet_t *)node->data);
list_delete_node(cl->queue, node);
}
+cp
}
/*
}
/*
@@
-610,17
+618,24
@@
int read_rsa_public_key(connection_t *cl)
{
config_t const *cfg;
FILE *fp;
{
config_t const *cfg;
FILE *fp;
+ char *fname;
void *result;
cp
if(!cl->rsa_key)
cl->rsa_key = RSA_new();
void *result;
cp
if(!cl->rsa_key)
cl->rsa_key = RSA_new();
+ /* First, check for simple PublicKey statement */
+
if((cfg = get_config_val(cl->config, config_publickey)))
{
BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
BN_hex2bn(&cl->rsa_key->e, "FFFF");
if((cfg = get_config_val(cl->config, config_publickey)))
{
BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
BN_hex2bn(&cl->rsa_key->e, "FFFF");
+ return 0;
}
}
- else if((cfg = get_config_val(cl->config, config_publickeyfile)))
+
+ /* Else, check for PublicKeyFile statement and read it */
+
+ if((cfg = get_config_val(cl->config, config_publickeyfile)))
{
if(is_safe_path(cfg->data.ptr))
{
{
if(is_safe_path(cfg->data.ptr))
{
@@
-638,17
+653,31
@@
cp
cfg->data.ptr);
return -1;
}
cfg->data.ptr);
return -1;
}
+ return 0;
}
else
return -1;
}
}
else
return -1;
}
- else
+
+ /* Else, check if a harnessed public key is in the config file */
+
+ asprintf(&fname, "%s/hosts/%s", confbase, cl->name);
+ if((fp = fopen(fname, "r")))
{
{
- syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
- return -1;
+ result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
+ fclose(fp);
+ free(fname);
+ if(result)
+ return 0;
}
}
+
+ free(fname);
+
+ /* Nothing worked. */
+
+ syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
cp
cp
- return
0
;
+ return
-1
;
}
int read_rsa_private_key(void)
}
int read_rsa_private_key(void)
@@
-787,7
+816,7
@@
cp
cp
/* Generate packet encryption key */
cp
/* Generate packet encryption key */
- myself->cipher_pkttype = EVP_bf_c
fb
();
+ myself->cipher_pkttype = EVP_bf_c
bc
();
myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
@@
-1032,6
+1061,7
@@
cp
{
syslog(LOG_ERR, _("System call `%s' failed: %m"),
"getpeername");
{
syslog(LOG_ERR, _("System call `%s' failed: %m"),
"getpeername");
+ close(sfd);
return NULL;
}
return NULL;
}
@@
-1141,37
+1171,40
@@
cp
if(cl->status.remove)
return;
if(cl->status.remove)
return;
- cl->status.remove = 1;
-
if(debug_lvl >= DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
cl->name, cl->hostname);
if(debug_lvl >= DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
cl->name, cl->hostname);
+ cl->status.remove = 1;
+
if(cl->socket)
close(cl->socket);
if(cl->status.meta)
close(cl->meta_socket);
if(cl->socket)
close(cl->socket);
if(cl->status.meta)
close(cl->meta_socket);
- /* Find all connections that were lost because they were behind cl
- (the connection that was dropped). */
-
if(cl->status.meta)
if(cl->status.meta)
- for(node = connection_tree->head; node; node = node->next)
- {
- p = (connection_t *)node->data;
- if(p->nexthop == cl && p != cl)
- terminate_connection(p);
- }
+ {
+
+ /* Find all connections that were lost because they were behind cl
+ (the connection that was dropped). */
- /* Inform others of termination if it was still active */
+ for(node = connection_tree->head; node; node = node->next)
+ {
+ p = (connection_t *)node->data;
+ if(p->nexthop == cl && p != cl)
+ terminate_connection(p);
+ }
- if(cl->status.active)
- for(node = connection_tree->head; node; node = node->next)
- {
- p = (connection_t *)node->data;
- if(p->status.meta && p->status.active && p!=cl)
- send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */
- }
+ /* Inform others of termination if it was still active */
+
+ if(cl->status.active)
+ for(node = connection_tree->head; node; node = node->next)
+ {
+ p = (connection_t *)node->data;
+ if(p->status.meta && p->status.active && p != cl)
+ send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */
+ }
+ }
/* Remove the associated subnets */
/* Remove the associated subnets */
@@
-1184,8
+1217,9
@@
cp
/* Check if this was our outgoing connection */
/* Check if this was our outgoing connection */
- if(cl->status.outgoing
&& cl->status.active
)
+ if(cl->status.outgoing)
{
{
+ cl->status.outgoing = 0;
signal(SIGALRM, sigalrm_handler);
seconds_till_retry = 5;
alarm(seconds_till_retry);
signal(SIGALRM, sigalrm_handler);
seconds_till_retry = 5;
alarm(seconds_till_retry);
@@
-1264,6
+1298,8
@@
cp
}
connection_add(ncn);
}
connection_add(ncn);
+
+ send_id(ncn);
cp
return 0;
}
cp
return 0;
}