From 7a71d48009e03ff1143a6e1084803f456a27c849 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 31 Jul 2012 21:43:49 +0200 Subject: [PATCH] Use a status bit to track which nodes use SPTPS. --- src/graph.c | 5 ++++- src/info.c | 2 ++ src/net_packet.c | 6 +++--- src/net_setup.c | 1 + src/node.h | 3 ++- src/protocol_auth.c | 2 +- src/protocol_key.c | 16 +++++++++------- 7 files changed, 22 insertions(+), 13 deletions(-) diff --git a/src/graph.c b/src/graph.c index 506b6df5..9da552e7 100644 --- a/src/graph.c +++ b/src/graph.c @@ -226,6 +226,9 @@ static void check_reachability(void) { n->name, n->hostname); } + if(experimental && OPTION_VERSION(n->options) >= 2) + n->status.sptps = true; + /* TODO: only clear status.validkey if node is unreachable? */ n->status.validkey = false; @@ -266,7 +269,7 @@ static void check_reachability(void) { if(!n->status.reachable) { update_node_udp(n, NULL); } else if(n->connection) { - if(experimental && OPTION_VERSION(n->options) >= 2) { + if(n->status.sptps) { if(n->connection->outgoing) send_req_key(n); } else { diff --git a/src/info.c b/src/info.c index eb0d395a..0ff56cde 100644 --- a/src/info.c +++ b/src/info.c @@ -104,6 +104,8 @@ static int info_node(int fd, const char *item) { printf(" reachable"); if(status.indirect) printf(" indirect"); + if(status.sptps) + printf(" sptps"); printf("\n"); printf("Options: "); if(options & OPTION_INDIRECT) diff --git a/src/net_packet.c b/src/net_packet.c index a744485f..4df8d975 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -252,7 +252,7 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) { } static bool try_mac(node_t *n, const vpn_packet_t *inpkt) { - if(experimental && OPTION_VERSION(n->options) >= 2) + if(n->status.sptps) return sptps_verify_datagram(&n->sptps, (char *)inpkt->data - 4, inpkt->len); if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) @@ -268,7 +268,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t *outpkt = pkt[0]; size_t outlen; - if(experimental && OPTION_VERSION(n->options) >= 2) { + if(n->status.sptps) { sptps_receive_data(&n->sptps, (char *)inpkt->data - 4, inpkt->len); return; } @@ -438,7 +438,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { return; } - if(experimental && OPTION_VERSION(n->options) >= 2) { + if(n->status.sptps) { uint8_t type = 0; if(!(inpkt->data[12] | inpkt->data[13])) type = PKT_PROBE; diff --git a/src/net_setup.c b/src/net_setup.c index bebde4d9..30ab0fa9 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -709,6 +709,7 @@ static bool setup_myself(void) { myself->nexthop = myself; myself->via = myself; myself->status.reachable = true; + myself->status.sptps = experimental; node_add(myself); graph(); diff --git a/src/node.h b/src/node.h index 23be3624..e7f1f62f 100644 --- a/src/node.h +++ b/src/node.h @@ -34,7 +34,8 @@ typedef struct node_status_t { unsigned int visited:1; /* 1 if this node has been visited by one of the graph algorithms */ unsigned int reachable:1; /* 1 if this node is reachable in the graph */ unsigned int indirect:1; /* 1 if this node is not directly reachable by us */ - unsigned int unused:26; + unsigned int sptps:1; /* 1 if this node supports SPTPS */ + unsigned int unused:25; } node_status_t; typedef struct node_t { diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 790d324d..88c62554 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -506,7 +506,7 @@ bool send_ack(connection_t *c) { get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight); - return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, (c->options & 0xffffff) | (PROT_MINOR << 24)); + return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, (c->options & 0xffffff) | (experimental ? (PROT_MINOR << 24) : 0)); } static void send_everything(connection_t *c) { diff --git a/src/protocol_key.c b/src/protocol_key.c index 98b934cb..bbe0239d 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -47,7 +47,7 @@ void send_key_changed(void) { for(node = connection_tree->head; node; node = node->next) { c = node->data; if(c->status.active && c->node && c->node->status.reachable) { - if(!experimental || OPTION_VERSION(c->node->options) < 2) + if(!c->node->status.sptps) send_ans_key(c->node); } } @@ -57,7 +57,7 @@ void send_key_changed(void) { if(experimental) { for(node = node_tree->head; node; node = node->next) { node_t *n = node->data; - if(n->status.reachable && n->status.validkey && OPTION_VERSION(n->options) >= 2) + if(n->status.reachable && n->status.validkey && n->status.sptps) sptps_force_kex(&n->sptps); } } @@ -84,7 +84,7 @@ bool key_changed_h(connection_t *c, const char *request) { return true; } - if(OPTION_VERSION(n->options) < 2) { + if(!n->status.sptps) { n->status.validkey = false; n->last_req_key = 0; } @@ -106,7 +106,7 @@ static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data } bool send_req_key(node_t *to) { - if(experimental && OPTION_VERSION(to->options) >= 2) { + if(to->status.sptps) { if(!node_read_ecdsa_public_key(to)) { logger(DEBUG_ALWAYS, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname); send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY); @@ -213,10 +213,12 @@ bool req_key_h(connection_t *c, const char *request) { /* Check if this key request is for us */ - if(to == myself) { /* Yes, send our own key back */ + if(to == myself) { /* Yes */ + /* Is this an extended REQ_KEY message? */ if(experimental && reqno) return req_key_ext_h(c, request, from, reqno); + /* No, just send our key back */ send_ans_key(from); } else { if(tunnelserver) @@ -235,7 +237,7 @@ bool req_key_h(connection_t *c, const char *request) { } bool send_ans_key(node_t *to) { - if(experimental && OPTION_VERSION(to->options) >= 2) + if(to->status.sptps) abort(); size_t keylen = cipher_keylength(&myself->incipher); @@ -329,7 +331,7 @@ bool ans_key_h(connection_t *c, const char *request) { /* SPTPS or old-style key exchange? */ - if(experimental && OPTION_VERSION(from->options) >= 2) { + if(from->status.sptps) { char buf[strlen(key)]; int len = b64decode(key, buf, strlen(key)); -- 2.20.1