[ViewVC] Diff of: cvs/gvpe/src/conf.C

Comparing gvpe/src/conf.C (file contents):
Revision 1.12 by pcg, Mon Apr 7 01:12:56 2003 UTC vs.
Revision 1.22 by pcg, Thu Jan 29 18:55:10 2004 UTC

 /*
     conf.c -- configuration code
-    Copyright (C) 1998 Robert van der Meulen
+    Copyright (C) 2003-2004 Marc Lehmann <pcg@goof.com>
-                  1998-2002 Ivo Timmermans <ivo@o2w.nl>
-                  2000-2002 Guus Sliepen <guus@sliepen.eu.org>
-		  2000 Cris van Pelt <tribbel@arise.dhs.org>
-                  2003 Marc Lehmann <pcg@goof.com>
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
     the Free Software Foundation; either version 2 of the License, or
     (at your option) any later version.
 #include <netdb.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
-#include <netinet/in.h>
+#include "netcompat.h"
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/bn.h>
 #include "gettext.h"
 #include "conf.h"
 #include "slog.h"
 struct configuration conf;
 u8 best_protocol (u8 protset)
 {
-  if (protset & PROT_IPv4 ) return PROT_IPv4;
+  if (protset & PROT_IPv4  ) return PROT_IPv4;
+  if (protset & PROT_ICMPv4) return PROT_ICMPv4;
-  if (protset & PROT_UDPv4) return PROT_UDPv4;
+  if (protset & PROT_UDPv4 ) return PROT_UDPv4;
-  if (protset & PROT_TCPv4) return PROT_TCPv4;
+  if (protset & PROT_TCPv4 ) return PROT_TCPv4;
   return 0;
 }
 const char *strprotocol (u8 protocol)
 {
-  if (protocol & PROT_IPv4 ) return "rawip";
+  if (protocol & PROT_IPv4  ) return "rawip";
+  if (protocol & PROT_ICMPv4) return "icmp";
-  if (protocol & PROT_UDPv4) return "udp";
+  if (protocol & PROT_UDPv4 ) return "udp";
-  if (protocol & PROT_TCPv4) return "tcp";
+  if (protocol & PROT_TCPv4 ) return "tcp";
   return "<unknown>";
 }
 void
 void configuration::init ()
 {
   memset (this, 0, sizeof (*this));
+  mtu       = DEFAULT_MTU;
   rekey     = DEFAULT_REKEY;
   keepalive = DEFAULT_KEEPALIVE;
   llevel    = L_INFO;
   ip_proto  = IPPROTO_GRE;
+#if ENABLE_ICMP
+  icmp_type = ICMP_ECHOREPLY;
+#endif
   default_node.udp_port    = DEFAULT_UDPPORT;
   default_node.tcp_port    = DEFAULT_UDPPORT;
   default_node.connectmode = conf_node::C_ALWAYS;
   default_node.compress    = true;
               else
                 slog (L_WARN, "'%s': %s, at '%s' line %d", val, UNKNOWN_LOGLEVEL, fname, line);
             }
           else if (!strcmp (var, "ip-proto"))
             ip_proto = atoi (val);
+          else if (!strcmp (var, "icmp-type"))
+            {
+#if ENABLE_ICMP
+              icmp_type = atoi (val);
+#endif
+            }
           // per config
           else if (!strcmp (var, "node"))
             {
               default_node.id++;
                     if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
                       {
                         ERR_load_RSA_strings (); ERR_load_PEM_strings ();
                         slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
-                        exit (1);
+                        exit (EXIT_FAILURE);
                       }
-                    RSA_blinding_on (node->rsa_key, 0);
+                    require (RSA_blinding_on (node->rsa_key, 0));
                     fclose (f);
                   }
                 else
                   {
                     slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
                     if (need_keys)
-                      exit (1);
+                      exit (EXIT_FAILURE);
                   }
                 free (fname);
               }
             script_if_up = strdup (val);
           else if (!strcmp (var, "node-up"))
             script_node_up = strdup (val);
           else if (!strcmp (var, "node-down"))
             script_node_down = strdup (val);
+          else if (!strcmp (var, "http-proxy-host"))
+            {
 #if ENABLE_HTTP_PROXY
-          else if (!strcmp (var, "http-proxy-host"))
-            proxy_host = strdup (val);
+              proxy_host = strdup (val);
+#endif
+            }
           else if (!strcmp (var, "http-proxy-port"))
+            {
+#if ENABLE_HTTP_PROXY
-            proxy_port = atoi (val);
+              proxy_port = atoi (val);
+#endif
+            }
           else if (!strcmp (var, "http-proxy-auth"))
+            {
+#if ENABLE_HTTP_PROXY
-            proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val));
+              proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val));
 #endif
+            }
           /* node-specific, non-defaultable */
           else if (node != &default_node && !strcmp (var, "hostname"))
             {
               free (node->hostname);
             {
 #if ENABLE_TCP
               u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) | v;
 #endif
             }
+          else if (!strcmp (var, "enable-icmp"))
+            {
+#if ENABLE_ICMP
+              u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) | v;
+#endif
+            }
           else if (!strcmp (var, "enable-udp"))
             {
               u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) | v;
             }
           else if (!strcmp (var, "enable-rawip"))
       fclose (f);
     }
   else
     {
       slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
-      exit (1);
+      exit (EXIT_FAILURE);
     }
   free (fname);
   fname = config_filename (prikeyfile, "hostkey");
       if (!PEM_read_RSAPrivateKey (f, &rsa_key, NULL, NULL))
         {
           ERR_load_RSA_strings (); ERR_load_PEM_strings ();
           slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
-          exit (1);
+          exit (EXIT_FAILURE);
         }
-      RSA_blinding_on (rsa_key, 0);
+      require (RSA_blinding_on (rsa_key, 0));
       fclose (f);
     }
   else
     {
       slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));
       if (need_keys)
-        exit (1);
+        exit (EXIT_FAILURE);
     }
+  if (need_keys && rsa_key && thisnode && thisnode->rsa_key)
+    if (BN_cmp (rsa_key->n, thisnode->rsa_key->n) != 0
+        || BN_cmp (rsa_key->e, thisnode->rsa_key->e) != 0)
+      {
+        slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
+        exit (EXIT_FAILURE);
+      }
   free (fname);
 }
 char *configuration::config_filename (const char *name, const char *dflt)
   printf (_("MTU:                %d\n"), mtu);
   printf (_("rekeying interval:  %d\n"), rekey);
   printf (_("keepalive interval: %d\n"), keepalive);
   printf (_("interface:          %s\n"), ifname);
   printf (_("primary rsa key:    %s\n"), prikeyfile ? prikeyfile : "<default>");
-  printf (_("rsa key size:       %d\n"), rsa_key ? RSA_size (rsa_key) : -1);
+  printf (_("rsa key size:       %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1);
   printf ("\n");
   printf ("%4s  %-17s %s %-8.8s  %-10.10s  %s\n",
           _("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Host:Port"));

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/conf.C (file contents): Revision 1.12 by pcg, Mon Apr 7 01:12:56 2003 UTC vs. Revision 1.22 by pcg, Thu Jan 29 18:55:10 2004 UTC

Diff Legend

Comparing gvpe/src/conf.C (file contents):
Revision 1.12 by pcg, Mon Apr 7 01:12:56 2003 UTC vs.
Revision 1.22 by pcg, Thu Jan 29 18:55:10 2004 UTC