[ViewVC] Diff of: cvs/gvpe/src/connection.C

Comparing gvpe/src/connection.C (file contents):
Revision 1.7 by pcg, Sat Apr 5 17:54:22 2003 UTC vs.
Revision 1.24 by pcg, Wed Oct 22 01:05:23 2003 UTC

…		…
1	/*	1	/*
2	connection.C -- manage a single connection	2	connection.C -- manage a single connection
		3	Copyright (C) 2003 Marc Lehmann <pcg@goof.com>
3		4
4	This program is free software; you can redistribute it and/or modify	5	This program is free software; you can redistribute it and/or modify
5	it under the terms of the GNU General Public License as published by	6	it under the terms of the GNU General Public License as published by
6	the Free Software Foundation; either version 2 of the License, or	7	the Free Software Foundation; either version 2 of the License, or
7	(at your option) any later version.	8	(at your option) any later version.
35	#include "slog.h"	36	#include "slog.h"
36	#include "device.h"	37	#include "device.h"
37	#include "vpn.h"	38	#include "vpn.h"
38	#include "connection.h"	39	#include "connection.h"
39		40
		41	#include "netcompat.h"
		42
40	#if !HAVE_RAND_PSEUDO_BYTES	43	#if !HAVE_RAND_PSEUDO_BYTES
41	# define RAND_pseudo_bytes RAND_bytes	44	# define RAND_pseudo_bytes RAND_bytes
42	#endif	45	#endif
43		46
44	#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic	47	#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic
…		…
147	}	150	}
148	}	151	}
149		152
150	//////////////////////////////////////////////////////////////////////////////	153	//////////////////////////////////////////////////////////////////////////////
151		154
152	void pkt_queue::put (tap_packet *p)	155	void pkt_queue::put (net_packet *p)
153	{	156	{
154	if (queue[i])	157	if (queue[i])
155	{	158	{
156	delete queue[i];	159	delete queue[i];
157	j = (j + 1) % QUEUEDEPTH;	160	j = (j + 1) % QUEUEDEPTH;
…		…
160	queue[i] = p;	163	queue[i] = p;
161		164
162	i = (i + 1) % QUEUEDEPTH;	165	i = (i + 1) % QUEUEDEPTH;
163	}	166	}
164		167
165	tap_packet *pkt_queue::get ()	168	net_packet *pkt_queue::get ()
166	{	169	{
167	tap_packet *p = queue[j];	170	net_packet *p = queue[j];
168		171
169	if (p)	172	if (p)
170	{	173	{
171	queue[j] = 0;	174	queue[j] = 0;
172	j = (j + 1) % QUEUEDEPTH;	175	j = (j + 1) % QUEUEDEPTH;
…		…
197	// only do action once every x seconds per host whole allowing bursts.	200	// only do action once every x seconds per host whole allowing bursts.
198	// this implementation ("splay list" ;) is inefficient,	201	// this implementation ("splay list" ;) is inefficient,
199	// but low on resources.	202	// but low on resources.
200	struct net_rate_limiter : list<net_rateinfo>	203	struct net_rate_limiter : list<net_rateinfo>
201	{	204	{
202	static const double ALPHA = 1. - 1. / 90.; // allow bursts	205	static const double ALPHA = 1. - 1. / 600.; // allow bursts
203	static const double CUTOFF = 20.; // one event every CUTOFF seconds	206	static const double CUTOFF = 10.; // one event every CUTOFF seconds
204	static const double EXPIRE = CUTOFF * 30.; // expire entries after this time	207	static const double EXPIRE = CUTOFF * 30.; // expire entries after this time
		208	static const double MAXDIF = CUTOFF * (1. / (1. - ALPHA)); // maximum diff /count value
205		209
206	bool can (const sockinfo &si) { return can((u32)si.host); }	210	bool can (const sockinfo &si) { return can((u32)si.host); }
207	bool can (u32 host);	211	bool can (u32 host);
208	};	212	};
209		213
210	net_rate_limiter auth_rate_limiter, reset_rate_limiter;	214	net_rate_limiter auth_rate_limiter, reset_rate_limiter;
211		215
…		…
225	{	229	{
226	net_rateinfo ri;	230	net_rateinfo ri;
227		231
228	ri.host = host;	232	ri.host = host;
229	ri.pcnt = 1.;	233	ri.pcnt = 1.;
230	ri.diff = CUTOFF * (1. / (1. - ALPHA));	234	ri.diff = MAXDIF;
231	ri.last = NOW;	235	ri.last = NOW;
232		236
233	push_front (ri);	237	push_front (ri);
234		238
235	return true;	239	return true;
…		…
242	ri.pcnt = ri.pcnt * ALPHA;	246	ri.pcnt = ri.pcnt * ALPHA;
243	ri.diff = ri.diff * ALPHA + (NOW - ri.last);	247	ri.diff = ri.diff * ALPHA + (NOW - ri.last);
244		248
245	ri.last = NOW;	249	ri.last = NOW;
246		250
		251	double dif = ri.diff / ri.pcnt;
		252
247	bool send = ri.diff / ri.pcnt > CUTOFF;	253	bool send = dif > CUTOFF;
248		254
		255	if (dif > MAXDIF)
		256	{
		257	ri.pcnt = 1.;
		258	ri.diff = MAXDIF;
		259	}
249	if (send)	260	else if (send)
250	ri.pcnt++;	261	ri.pcnt++;
251		262
252	push_front (ri);	263	push_front (ri);
253		264
254	return send;	265	return send;
…		…
467	set_hdr (type, dst);	478	set_hdr (type, dst);
468	}	479	}
469		480
470	bool config_packet::chk_config () const	481	bool config_packet::chk_config () const
471	{	482	{
472	return prot_major == PROTOCOL_MAJOR	483	if (prot_major != PROTOCOL_MAJOR)
473	&& randsize == RAND_SIZE	484	slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
474	&& hmaclen == HMACLENGTH	485	else if (randsize != RAND_SIZE)
475	&& flags == curflags ()	486	slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
		487	else if (hmaclen != HMACLENGTH)
		488	slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
		489	else if (flags != curflags ())
		490	slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
476	&& challengelen == sizeof (rsachallenge)	491	else if (challengelen != sizeof (rsachallenge))
		492	slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
477	&& cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))	493	else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
		494	slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
478	&& digest_nid == htonl (EVP_MD_type (RSA_HASH))	495	else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
		496	slog (L_WARN, _("digest mismatch (remote %x <=> local %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
479	&& hmac_nid == htonl (EVP_MD_type (DIGEST));	497	else if (hmac_nid != htonl (EVP_MD_type (DIGEST)))
		498	slog (L_WARN, _("hmac mismatch (remote %x <=> local %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
		499	else
		500	return true;
		501
		502	return false;
480	}	503	}
481		504
482	struct auth_req_packet : config_packet	505	struct auth_req_packet : config_packet
483	{	506	{
484	char magic[8];	507	char magic[8];
…		…
546	};	569	};
547		570
548	/////////////////////////////////////////////////////////////////////////////	571	/////////////////////////////////////////////////////////////////////////////
549		572
550	void	573	void
		574	connection::connection_established ()
		575	{
		576	if (ictx && octx)
		577	{
		578	connectmode = conf->connectmode;
		579
		580	rekey.start (NOW + ::conf.rekey);
		581	keepalive.start (NOW + ::conf.keepalive);
		582
		583	// send queued packets
		584	if (ictx && octx)
		585	{
		586	while (tap_packet p = (tap_packet )data_queue.get ())
		587	{
		588	send_data_packet (p);
		589	delete p;
		590	}
		591
		592	while (vpn_packet p = (vpn_packet )vpn_queue.get ())
		593	{
		594	send_vpn_packet (p, si, IPTOS_RELIABILITY);
		595	delete p;
		596	}
		597	}
		598	}
		599	else
		600	{
		601	retry_cnt = 0;
		602	establish_connection.start (NOW + 5);
		603	keepalive.reset ();
		604	rekey.reset ();
		605	}
		606	}
		607
		608	void
551	connection::reset_dstaddr ()	609	connection::reset_si ()
552	{	610	{
553	protocol = best_protocol (THISNODE->protocols & conf->protocols);	611	protocol = best_protocol (THISNODE->protocols & conf->protocols);
554		612
555	// mask out protocols we cannot establish	613	// mask out protocols we cannot establish
556	if (!conf->udp_port) protocol &= ~PROT_UDPv4;	614	if (!conf->udp_port) protocol &= ~PROT_UDPv4;
557	if (!conf->tcp_port) protocol &= ~PROT_TCPv4;	615	if (!conf->tcp_port) protocol &= ~PROT_TCPv4;
558		616
559	si.set (conf, protocol);	617	si.set (conf, protocol);
560	}	618	}
561		619
		620	// ensure sockinfo is valid, forward if necessary
		621	const sockinfo &
		622	connection::forward_si (const sockinfo &si) const
		623	{
		624	if (!si.valid ())
		625	{
		626	connection *r = vpn->find_router ();
		627
		628	if (r)
		629	{
		630	slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s"),
		631	conf->nodename, r->conf->nodename);
		632	return r->si;
		633	}
		634	else
		635	slog (L_DEBUG, _("%s: node unreachable, no common protocol"),
		636	conf->nodename);
		637	}
		638
		639	return si;
		640	}
		641
		642	void
		643	connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
		644	{
		645	if (!vpn->send_vpn_packet (pkt, si, tos))
		646	reset_connection ();
		647	}
		648
562	void	649	void
563	connection::send_ping (const sockinfo &si, u8 pong)	650	connection::send_ping (const sockinfo &si, u8 pong)
564	{	651	{
565	ping_packet *pkt = new ping_packet;	652	ping_packet *pkt = new ping_packet;
566		653
567	pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);	654	pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
568	vpn->send_vpn_packet (pkt, si, IPTOS_LOWDELAY);	655	send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
569		656
570	delete pkt;	657	delete pkt;
571	}	658	}
572		659
573	void	660	void
…		…
576	if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)	663	if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
577	{	664	{
578	config_packet *pkt = new config_packet;	665	config_packet *pkt = new config_packet;
579		666
580	pkt->setup (vpn_packet::PT_RESET, conf->id);	667	pkt->setup (vpn_packet::PT_RESET, conf->id);
581	vpn->send_vpn_packet (pkt, si, IPTOS_MINCOST);	668	send_vpn_packet (pkt, si, IPTOS_MINCOST);
582		669
583	delete pkt;	670	delete pkt;
584	}	671	}
585	}	672	}
586		673
…		…
588	connection::send_auth_request (const sockinfo &si, bool initiate)	675	connection::send_auth_request (const sockinfo &si, bool initiate)
589	{	676	{
590	auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);	677	auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
591		678
592	rsachallenge chg;	679	rsachallenge chg;
593
594	rsa_cache.gen (pkt->id, chg);	680	rsa_cache.gen (pkt->id, chg);
595		681	rsa_encrypt (conf->rsa_key, chg, pkt->encr);
596	if (0 > RSA_public_encrypt (sizeof chg,
597	(unsigned char )&chg, (unsigned char )&pkt->encr,
598	conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
599	fatal ("RSA_public_encrypt error");
600		682
601	slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);	683	slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
602		684
603	vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly	685	send_vpn_packet (pkt, si, IPTOS_RELIABILITY \| IPTOS_LOWDELAY); // rsa is very very costly
604		686
605	delete pkt;	687	delete pkt;
606	}	688	}
607		689
608	void	690	void
…		…
616		698
617	pkt->hmac_set (octx);	699	pkt->hmac_set (octx);
618		700
619	slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si);	701	slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si);
620		702
621	vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly	703	send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
622		704
623	delete pkt;	705	delete pkt;
624	}	706	}
625		707
626	void	708	void
…		…
630	conf->id, rid, (const char *)rsi);	712	conf->id, rid, (const char *)rsi);
631		713
632	connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);	714	connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
633		715
634	r->hmac_set (octx);	716	r->hmac_set (octx);
635	vpn->send_vpn_packet (r, si);	717	send_vpn_packet (r, si);
636		718
637	delete r;	719	delete r;
638	}	720	}
639		721
640	void	722	void
…		…
651	if (retry_int < 3600 * 8)	733	if (retry_int < 3600 * 8)
652	retry_cnt++;	734	retry_cnt++;
653		735
654	w.at = NOW + retry_int;	736	w.at = NOW + retry_int;
655		737
656	if (conf->hostname)	738	reset_si ();
		739
		740	if (si.prot && !si.host)
		741	vpn->send_connect_request (conf->id);
		742	else
657	{	743	{
658	reset_dstaddr ();	744	const sockinfo &dsi = forward_si (si);
659		745
660	if (si.valid () && auth_rate_limiter.can (si))	746	if (dsi.valid () && auth_rate_limiter.can (dsi))
661	{	747	{
662	if (retry_cnt < 4)	748	if (retry_cnt < 4)
663	send_auth_request (si, true);	749	send_auth_request (dsi, true);
664	else	750	else
665	send_ping (si, 0);	751	send_ping (dsi, 0);
666	}	752	}
667	}	753	}
668	else
669	vpn->connect_request (conf->id);
670	}	754	}
671	}	755	}
672		756
673	void	757	void
674	connection::reset_connection ()	758	connection::reset_connection ()
…		…
712	reset_connection ();	796	reset_connection ();
713	establish_connection ();	797	establish_connection ();
714	}	798	}
715		799
716	void	800	void
717	connection::send_data_packet (tap_packet *pkt, bool broadcast)	801	connection::send_data_packet (tap_packet *pkt)
718	{	802	{
719	vpndata_packet *p = new vpndata_packet;	803	vpndata_packet *p = new vpndata_packet;
720	int tos = 0;	804	int tos = 0;
721		805
722	if (conf->inherit_tos	806	// I am not hilarious about peeking into packets, but so be it.
723	&& (pkt)[12] == 0x08 && (pkt)[13] == 0x00 // IP	807	if (conf->inherit_tos && pkt->is_ipv4 ())
724	&& ((*pkt)[14] & 0xf0) == 0x40) // IPv4
725	tos = (*pkt)[15] & IPTOS_TOS_MASK;	808	tos = (*pkt)[15] & IPTOS_TOS_MASK;
726		809
727	p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs	810	p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
728	vpn->send_vpn_packet (p, si, tos);	811	send_vpn_packet (p, si, tos);
729		812
730	delete p;	813	delete p;
731		814
732	if (oseqno > MAX_SEQNO)	815	if (oseqno > MAX_SEQNO)
733	rekey ();	816	rekey ();
734	}	817	}
735		818
736	void	819	void
737	connection::inject_data_packet (tap_packet *pkt, bool broadcast)	820	connection::inject_data_packet (tap_packet pkt, bool broadcast/TODO DDD*/)
738	{	821	{
739	if (ictx && octx)	822	if (ictx && octx)
740	send_data_packet (pkt, broadcast);	823	send_data_packet (pkt);
741	else	824	else
742	{	825	{
743	if (!broadcast)//DDDD	826	if (!broadcast)//DDDD
744	queue.put (new tap_packet (*pkt));	827	data_queue.put (new tap_packet (*pkt));
		828
		829	establish_connection ();
		830	}
		831	}
		832
		833	void connection::inject_vpn_packet (vpn_packet *pkt, int tos)
		834	{
		835	if (ictx && octx)
		836	send_vpn_packet (pkt, si, tos);
		837	else
		838	{
		839	vpn_queue.put (new vpn_packet (*pkt));
745		840
746	establish_connection ();	841	establish_connection ();
747	}	842	}
748	}	843	}
749		844
…		…
808	if (p->initiate)	903	if (p->initiate)
809	send_auth_request (rsi, false);	904	send_auth_request (rsi, false);
810		905
811	rsachallenge k;	906	rsachallenge k;
812		907
813	if (0 > RSA_private_decrypt (sizeof (p->encr),	908	if (!rsa_decrypt (::conf.rsa_key, p->encr, k))
814	(unsigned char )&p->encr, (unsigned char )&k,	909	{
815	::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
816	slog (L_ERR, _("%s(%s): challenge illegal or corrupted"),	910	slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
817	conf->nodename, (const char *)rsi);	911	conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
		912	break;
		913	}
818	else	914	else
819	{	915	{
820	retry_cnt = 0;
821	establish_connection.start (NOW + 8); //? ;)
822	keepalive.reset ();
823	rekey.reset ();
824
825	delete ictx;
826	ictx = 0;
827
828	delete octx;	916	delete octx;
829		917
830	octx = new crypto_ctx (k, 1);	918	octx = new crypto_ctx (k, 1);
831	oseqno = ntohl ((u32 )&k[CHG_SEQNO]) & 0x7fffffff;	919	oseqno = ntohl ((u32 )&k[CHG_SEQNO]) & 0x7fffffff;
832		920
833	conf->protocols = p->protocols;	921	conf->protocols = p->protocols;
		922
834	send_auth_response (rsi, p->id, k);	923	send_auth_response (rsi, p->id, k);
		924
		925	connection_established ();
835		926
836	break;	927	break;
837	}	928	}
838	}	929	}
		930	else
		931	slog (L_WARN, _("%s(%s): protocol mismatch"),
		932	conf->nodename, (const char *)rsi);
839		933
840	send_reset (rsi);	934	send_reset (rsi);
841	}	935	}
842		936
843	break;	937	break;
…		…
856	PROTOCOL_MINOR, conf->nodename, p->prot_minor);	950	PROTOCOL_MINOR, conf->nodename, p->prot_minor);
857		951
858	rsachallenge chg;	952	rsachallenge chg;
859		953
860	if (!rsa_cache.find (p->id, chg))	954	if (!rsa_cache.find (p->id, chg))
		955	{
861	slog (L_ERR, _("%s(%s): unrequested auth response"),	956	slog (L_ERR, _("%s(%s): unrequested auth response ignored"),
862	conf->nodename, (const char *)rsi);	957	conf->nodename, (const char *)rsi);
		958	break;
		959	}
863	else	960	else
864	{	961	{
865	crypto_ctx *cctx = new crypto_ctx (chg, 0);	962	crypto_ctx *cctx = new crypto_ctx (chg, 0);
866		963
867	if (!p->hmac_chk (cctx))	964	if (!p->hmac_chk (cctx))
		965	{
868	slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n"	966	slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n"
869	"could be an attack, or just corruption or an synchronization error"),	967	"could be an attack, or just corruption or an synchronization error"),
870	conf->nodename, (const char *)rsi);	968	conf->nodename, (const char *)rsi);
		969	break;
		970	}
871	else	971	else
872	{	972	{
873	rsaresponse h;	973	rsaresponse h;
874		974
875	rsa_hash (p->id, chg, h);	975	rsa_hash (p->id, chg, h);
…		…
883	iseqno.reset (ntohl ((u32 )&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid	983	iseqno.reset (ntohl ((u32 )&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
884		984
885	si = rsi;	985	si = rsi;
886	protocol = rsi.prot;	986	protocol = rsi.prot;
887		987
888	rekey.start (NOW + ::conf.rekey);	988	connection_established ();
889	keepalive.start (NOW + ::conf.keepalive);
890
891	// send queued packets
892	while (tap_packet *p = queue.get ())
893	{
894	send_data_packet (p);
895	delete p;
896	}
897
898	connectmode = conf->connectmode;
899		989
900	slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"),	990	slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"),
901	conf->nodename, (const char *)rsi,	991	conf->nodename, (const char *)rsi,
902	p->prot_major, p->prot_minor);	992	p->prot_major, p->prot_minor);
903		993
…		…
929		1019
930	if (ictx && octx)	1020	if (ictx && octx)
931	{	1021	{
932	vpndata_packet p = (vpndata_packet )pkt;	1022	vpndata_packet p = (vpndata_packet )pkt;
933		1023
934	if (rsi == si)	1024	if (!p->hmac_chk (ictx))
		1025	slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
		1026	"could be an attack, or just corruption or an synchronization error"),
		1027	conf->nodename, (const char *)rsi);
		1028	else
935	{	1029	{
936	if (!p->hmac_chk (ictx))
937	slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
938	"could be an attack, or just corruption or an synchronization error"),
939	conf->nodename, (const char *)rsi);
940	else	1030	u32 seqno;
		1031	tap_packet *d = p->unpack (this, seqno);
		1032
		1033	if (iseqno.recv_ok (seqno))
941	{	1034	{
942	u32 seqno;	1035	vpn->tap->send (d);
943	tap_packet *d = p->unpack (this, seqno);
944		1036
945	if (iseqno.recv_ok (seqno))	1037	if (si != rsi)
946	{	1038	{
947	vpn->tap->send (d);	1039	// fast re-sync on connection changes, useful especially for tcp/ip
948
949	if (p->dst () == 0) // re-broadcast
950	for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
951	{
952	connection c = i;
953
954	if (c->conf != THISNODE && c->conf != conf)
955	c->inject_data_packet (d);
956	}
957
958	delete d;
959
960	break;	1040	si = rsi;
		1041
		1042	slog (L_INFO, _("%s(%s): socket address changed to %s"),
		1043	conf->nodename, (const char )si, (const char )rsi);
961	}	1044	}
		1045
		1046	delete d;
		1047
		1048	break;
962	}	1049	}
963	}	1050	}
964	else
965	slog (L_ERR, _("received data packet from unknown source %s"), (const char *)rsi);
966	}	1051	}
967		1052
968	send_reset (rsi);	1053	send_reset (rsi);
969	break;	1054	break;
970		1055
…		…
985	// send connect_info packets to both sides, in case one is	1070	// send connect_info packets to both sides, in case one is
986	// behind a nat firewall (or both ;)	1071	// behind a nat firewall (or both ;)
987	c->send_connect_info (conf->id, si, conf->protocols);	1072	c->send_connect_info (conf->id, si, conf->protocols);
988	send_connect_info (c->conf->id, c->si, c->conf->protocols);	1073	send_connect_info (c->conf->id, c->si, c->conf->protocols);
989	}	1074	}
		1075	else
		1076	c->establish_connection ();
990	}	1077	}
991		1078
992	break;	1079	break;
993		1080
994	case vpn_packet::PT_CONNECT_INFO:	1081	case vpn_packet::PT_CONNECT_INFO:
…		…
1004	protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));	1091	protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1005	p->si.upgrade_protocol (protocol, c->conf);	1092	p->si.upgrade_protocol (protocol, c->conf);
1006		1093
1007	slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",	1094	slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
1008	conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);	1095	conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
1009	//slog (L_ERR, "%d PROTOCL(C%x,T%x,0S%x,S%x,P%x,SP%x)",
1010	// p->id, c->conf->protocols, THISNODE->protocols, p->si.supported_protocols(0), p->si.supported_protocols (c->conf),
1011	// protocol, p->si.prot);
1012		1096
		1097	const sockinfo &dsi = forward_si (p->si);
		1098
		1099	if (dsi.valid ())
1013	c->send_auth_request (p->si, true);	1100	c->send_auth_request (dsi, true);
1014	}	1101	}
1015		1102
1016	break;	1103	break;
1017		1104
1018	default:	1105	default:
…		…
1034	\|\| THISNODE->connectmode != conf_node::C_ONDEMAND)	1121	\|\| THISNODE->connectmode != conf_node::C_ONDEMAND)
1035	{	1122	{
1036	send_ping (si);	1123	send_ping (si);
1037	w.at = NOW + 5;	1124	w.at = NOW + 5;
1038	}	1125	}
		1126	else if (NOW < last_activity + ::conf.keepalive + 10)
		1127	// hold ondemand connections implicitly a few seconds longer
		1128	// should delete octx, though, or something like that ;)
		1129	w.at = last_activity + ::conf.keepalive + 10;
1039	else	1130	else
1040	reset_connection ();	1131	reset_connection ();
1041	}	1132	}
1042		1133
1043	void connection::connect_request (int id)	1134	void connection::send_connect_request (int id)
1044	{	1135	{
1045	connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);	1136	connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);
1046		1137
1047	slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);	1138	slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);
1048	p->hmac_set (octx);	1139	p->hmac_set (octx);
1049	vpn->send_vpn_packet (p, si);	1140	send_vpn_packet (p, si);
1050		1141
1051	delete p;	1142	delete p;
1052	}	1143	}
1053		1144
1054	void connection::script_node ()	1145	void connection::script_node ()

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/connection.C (file contents): Revision 1.7 by pcg, Sat Apr 5 17:54:22 2003 UTC vs. Revision 1.24 by pcg, Wed Oct 22 01:05:23 2003 UTC

Diff Legend

Comparing gvpe/src/connection.C (file contents):
Revision 1.7 by pcg, Sat Apr 5 17:54:22 2003 UTC vs.
Revision 1.24 by pcg, Wed Oct 22 01:05:23 2003 UTC