… | |
… | |
881 | delete ictx; ictx = cctx; |
881 | delete ictx; ictx = cctx; |
882 | |
882 | |
883 | iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid |
883 | iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid |
884 | |
884 | |
885 | si = rsi; |
885 | si = rsi; |
|
|
886 | protocol = rsi.prot; |
886 | |
887 | |
887 | rekey.start (NOW + ::conf.rekey); |
888 | rekey.start (NOW + ::conf.rekey); |
888 | keepalive.start (NOW + ::conf.keepalive); |
889 | keepalive.start (NOW + ::conf.keepalive); |
889 | |
890 | |
890 | // send queued packets |
891 | // send queued packets |
… | |
… | |
894 | delete p; |
895 | delete p; |
895 | } |
896 | } |
896 | |
897 | |
897 | connectmode = conf->connectmode; |
898 | connectmode = conf->connectmode; |
898 | |
899 | |
899 | slog (L_INFO, _("%s(%s): %s connection established, protocol version %d.%d"), |
900 | slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"), |
900 | conf->nodename, (const char *)rsi, |
901 | conf->nodename, (const char *)rsi, |
901 | strprotocol (protocol), |
|
|
902 | p->prot_major, p->prot_minor); |
902 | p->prot_major, p->prot_minor); |
903 | |
903 | |
904 | if (::conf.script_node_up) |
904 | if (::conf.script_node_up) |
905 | run_script (run_script_cb (this, &connection::script_node_up), false); |
905 | run_script (run_script_cb (this, &connection::script_node_up), false); |
906 | |
906 | |
… | |
… | |
972 | if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) |
972 | if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) |
973 | { |
973 | { |
974 | connect_req_packet *p = (connect_req_packet *) pkt; |
974 | connect_req_packet *p = (connect_req_packet *) pkt; |
975 | |
975 | |
976 | assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything |
976 | assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything |
|
|
977 | connection *c = vpn->conns[p->id - 1]; |
977 | conf->protocols = p->protocols; |
978 | conf->protocols = p->protocols; |
978 | connection *c = vpn->conns[p->id - 1]; |
|
|
979 | |
979 | |
980 | slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n", |
980 | slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n", |
981 | conf->id, p->id, c->ictx && c->octx); |
981 | conf->id, p->id, c->ictx && c->octx); |
982 | |
982 | |
983 | if (c->ictx && c->octx) |
983 | if (c->ictx && c->octx) |
… | |
… | |
995 | if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) |
995 | if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) |
996 | { |
996 | { |
997 | connect_info_packet *p = (connect_info_packet *) pkt; |
997 | connect_info_packet *p = (connect_info_packet *) pkt; |
998 | |
998 | |
999 | assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything |
999 | assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything |
1000 | conf->protocols = p->protocols; |
1000 | |
1001 | connection *c = vpn->conns[p->id - 1]; |
1001 | connection *c = vpn->conns[p->id - 1]; |
|
|
1002 | |
|
|
1003 | c->conf->protocols = p->protocols; |
|
|
1004 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
|
|
1005 | p->si.upgrade_protocol (protocol, c->conf); |
1002 | |
1006 | |
1003 | slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", |
1007 | slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", |
1004 | conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); |
1008 | conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); |
|
|
1009 | //slog (L_ERR, "%d PROTOCL(C%x,T%x,0S%x,S%x,P%x,SP%x)", |
|
|
1010 | // p->id, c->conf->protocols, THISNODE->protocols, p->si.supported_protocols(0), p->si.supported_protocols (c->conf), |
|
|
1011 | // protocol, p->si.prot); |
1005 | |
1012 | |
1006 | c->send_auth_request (p->si, true); |
1013 | c->send_auth_request (p->si, true); |
1007 | } |
1014 | } |
1008 | |
1015 | |
1009 | break; |
1016 | break; |