Merge remote-tracking branches 'dechamps/sptpsrestart' and 'dechamps/keychanged'...

diff --combined src/protocol_key.c
index c183ac4,83851f2,6721aa4..b409a35
--- 1/src/protocol_key.c
--- 2/src/protocol_key.c
--- 3/src/protocol_key.c
+++ b/src/protocol_key.c
@@@@ -36,6 -36,6 -36,7 +36,7 @@@@
   static bool mykeyused = false;
   
   void send_key_changed(void) {
++ #ifndef DISABLE_LEGACY
        send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
   
        /* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
@@@@ -43,6 -43,6 -44,7 +44,7 @@@@
        for list_each(connection_t, c, connection_list)
                if(c->edge && c->node && c->node->status.reachable && !c->node->status.sptps)
                        send_ans_key(c->node);
++ #endif
   
        /* Force key exchange for connections using SPTPS */
   
@@@@ -107,9 -107,6 -109,9 +109,6 @@@@ bool send_req_key(node_t *to) 
                        return true;
                }
   
- -             if(to->sptps.label)
- -                     logger(DEBUG_ALWAYS, LOG_DEBUG, "send_req_key(%s) called while sptps->label != NULL!", to->name);
- -
                char label[25 + strlen(myself->name) + strlen(to->name)];
                snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
                sptps_stop(&to->sptps);
@@@@ -148,11 -145,16 -150,11 +147,16 @@@@ static bool req_key_ext_h(connection_t 
                        try_tx(to, true);
                } else {
                        /* The packet is for us */
- -                     if(!from->status.validkey) {
- -                             logger(DEBUG_PROTOCOL, LOG_ERR, "Got SPTPS_PACKET from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
+ +                     if(!sptps_receive_data(&from->sptps, buf, len)) {
+ +                             /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
+ +                                so let's restart SPTPS in case that helps. But don't do that too often
+ +                                to prevent storms. */
+ +                             if(from->last_req_key < now.tv_sec - 10) {
+ +                                     logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
+ +                                     send_req_key(from);
+ +                             }
                                return true;
                        }
- -                     sptps_receive_data(&from->sptps, buf, len);
                        send_mtu_info(myself, from, MTU);
                }
   
@@@@ -428,9 -430,18 -430,9 +432,18 @@@@ bool ans_key_h(connection_t *c, const c
        if(from->status.sptps) {
                char buf[strlen(key)];
                int len = b64decode(key, buf, strlen(key));
- -
- -             if(!len || !sptps_receive_data(&from->sptps, buf, len))
- -                     logger(DEBUG_ALWAYS, LOG_ERR, "Error processing SPTPS data from %s (%s)", from->name, from->hostname);
+ +             if(!len || !sptps_receive_data(&from->sptps, buf, len)) {
+ +                     /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
+ +                        so let's restart SPTPS in case that helps. But don't do that too often
+ +                        to prevent storms.
+ +                        Note that simply relying on handshake timeout is not enough, because
+ +                        that doesn't apply to key regeneration. */
+ +                     if(from->last_req_key < now.tv_sec - 10) {
+ +                             logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode handshake TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
+ +                             send_req_key(from);
+ +                     }
+ +                     return true;
+ +             }
   
                if(from->status.validkey) {
                        if(*address && *port) {