}
return false;
}
- inpkt->offset += 2 * sizeof(node_id_t);
n->status.udppacket = true;
- bool result = sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len - 2 * sizeof(node_id_t));
+ bool result = sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len);
n->status.udppacket = false;
if(!result) {
- logger(DEBUG_TRAFFIC, LOG_ERR, "Got bad packet from %s (%s)", n->name, n->hostname);
+ /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
+ so let's restart SPTPS in case that helps. But don't do that too often
+ to prevent storms, and because that would make life a little too easy
+ for external attackers trying to DoS us. */
+ if(n->last_req_key < now.tv_sec - 10) {
+ logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", n->name, n->hostname);
+ send_req_key(n);
+ }
return false;
}
return true;
/* The packet is for us */
- if(!from->status.validkey) {
- logger(DEBUG_PROTOCOL, LOG_ERR, "Got SPTPS packet from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
+ if(!sptps_receive_data(&from->sptps, data, len)) {
+ /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
+ so let's restart SPTPS in case that helps. But don't do that too often
+ to prevent storms. */
+ if(from->last_req_key < now.tv_sec - 10) {
+ logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
+ send_req_key(from);
+ }
return true;
}
- sptps_receive_data(&from->sptps, data, len);
+
send_mtu_info(myself, from, MTU);
return true;
}
node_t *via = (n->via == myself) ? n->nexthop : n->via;
- /* If the static relay doesn't support SPTPS, everything goes via TCP anyway. */
+ /* If we do have a static relay, try everything with that one instead, if it supports relaying. */
- if((via->options >> 24) < 4)
- return;
-
- /* If we do have a static relay, try everything with that one instead. */
-
- if(via != n)
- return try_tx_sptps(via, mtu);
+ if(via != n) {
+ if((via->options >> 24) < 4)
+ return;
+ return try_tx(via, mtu);
+ }
/* Otherwise, try to establish UDP connectivity. */
while we try to establish direct connectivity. */
if(!n->status.udp_confirmed && n != n->nexthop && (n->nexthop->options >> 24) >= 4)
- try_tx_sptps(n->nexthop, mtu);
+ try_tx(n->nexthop, mtu);
}
static void try_tx_legacy(node_t *n, bool mtu) {
}
void try_tx(node_t *n, bool mtu) {
+ if(!n->status.reachable)
+ return;
if(n->status.sptps)
try_tx_sptps(n, mtu);
else
if(n->status.sptps) {
send_sptps_packet(n, packet);
- try_tx_sptps(n, true);
+ try_tx(n, true);
return;
}
}
send_udppacket(via, packet);
- try_tx_legacy(via, true);
+ try_tx(via, true);
}
void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
if(!n->status.reachable || n == myself)
continue;
- if((n->status.sptps && !n->sptps.instate) || !n->status.validkey_in)
+ if(!n->status.validkey_in && !(n->status.sptps && n->sptps.instate))
continue;
bool soft = false;
return;
}
+ pkt.offset = 0;
+
if(n->status.sptps) {
- pkt.offset = 2 * sizeof(node_id_t);
+ bool relay_enabled = (n->options >> 24) >= 4;
+ if (relay_enabled) {
+ pkt.offset = 2 * sizeof(node_id_t);
+ pkt.len -= pkt.offset;
+ }
- if(!memcmp(DSTID(&pkt), &nullid, sizeof nullid)) {
+ if(!memcmp(DSTID(&pkt), &nullid, sizeof nullid) || !relay_enabled) {
direct = true;
from = n;
to = myself;
/* If we're not the final recipient, relay the packet. */
if(to != myself) {
- send_sptps_data(to, from, 0, DATA(&pkt), pkt.len - 2 * sizeof(node_id_t));
- try_tx_sptps(to, true);
+ send_sptps_data(to, from, 0, DATA(&pkt), pkt.len);
+ try_tx(to, true);
return;
}
} else {
from = n;
}
- pkt.offset = 0;
if(!receive_udppacket(from, &pkt))
return;