--- gvpe/src/connection.C	2004/01/29 19:22:05	1.30
+++ gvpe/src/connection.C	2004/07/25 18:11:40	1.38
@@ -204,10 +204,10 @@
 // but low on resources.
 struct net_rate_limiter : list<net_rateinfo>
 {
-  static const double ALPHA  = 1. - 1. / 600.; // allow bursts
-  static const double CUTOFF = 10.;            // one event every CUTOFF seconds
-  static const double EXPIRE = CUTOFF * 30.;   // expire entries after this time
-  static const double MAXDIF = CUTOFF * (1. / (1. - ALPHA)); // maximum diff /count value
+# define NRL_ALPHA  (1. - 1. / 600.)     // allow bursts
+# define NRL_CUTOFF 10.                  // one event every CUTOFF seconds
+# define NRL_EXPIRE (NRL_CUTOFF * 30.)   // expire entries after this time
+# define NRL_MAXDIF (NRL_CUTOFF * (1. / (1. - NRL_ALPHA))) // maximum diff /count value
 
   bool can (const sockinfo &si) { return can((u32)si.host); }
   bool can (u32 host);
@@ -222,7 +222,7 @@
   for (i = begin (); i != end (); )
     if (i->host == host)
       break;
-    else if (i->last < NOW - EXPIRE)
+    else if (i->last < NOW - NRL_EXPIRE)
       i = erase (i);
     else
       i++;
@@ -233,7 +233,7 @@
 
       ri.host = host;
       ri.pcnt = 1.;
-      ri.diff = MAXDIF;
+      ri.diff = NRL_MAXDIF;
       ri.last = NOW;
 
       push_front (ri);
@@ -245,19 +245,19 @@
       net_rateinfo ri (*i);
       erase (i);
 
-      ri.pcnt = ri.pcnt * ALPHA;
-      ri.diff = ri.diff * ALPHA + (NOW - ri.last);
+      ri.pcnt = ri.pcnt * NRL_ALPHA;
+      ri.diff = ri.diff * NRL_ALPHA + (NOW - ri.last);
 
       ri.last = NOW;
 
       double dif = ri.diff / ri.pcnt;
 
-      bool send = dif > CUTOFF;
+      bool send = dif > NRL_CUTOFF;
 
-      if (dif > MAXDIF)
+      if (dif > NRL_MAXDIF)
         {
           ri.pcnt = 1.;
-          ri.diff = MAXDIF;
+          ri.diff = NRL_MAXDIF;
         }
       else if (send)
         ri.pcnt++;
@@ -337,17 +337,20 @@
 
 #if ENABLE_COMPRESSION
   u8 cdata[MAX_MTU];
-  u32 cl;
 
-  cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
-  if (cl)
+  if (conn->features & ENABLE_COMPRESSION)
     {
-      type = PT_DATA_COMPRESSED;
-      d = cdata;
-      l = cl + 2;
+      u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
 
-      d[0] = cl >> 8;
-      d[1] = cl;
+      if (cl)
+        {
+          type = PT_DATA_COMPRESSED;
+          d = cdata;
+          l = cl + 2;
+
+          d[0] = cl >> 8;
+          d[1] = cl;
+        }
     }
 #endif
 
@@ -450,17 +453,23 @@
   // field comes before this data, so peers with other
   // hmacs simply will not work.
   u8 prot_major, prot_minor, randsize, hmaclen;
-  u8 flags, challengelen, pad2, pad3;
+  u8 flags, challengelen, features, pad3;
   u32 cipher_nid, digest_nid, hmac_nid;
 
-  const u8 curflags () const
-  {
-    return 0x80
-           | (ENABLE_COMPRESSION ? 0x01 : 0x00);
-  }
-
   void setup (ptype type, int dst);
   bool chk_config () const;
+
+  static u8 get_features ()
+  {
+    u8 f = 0;
+#if ENABLE_COMPRESSION
+    f |= FEATURE_COMPRESSION;
+#endif
+#if ENABLE_ROHC
+    f |= FEATURE_ROHC;
+#endif
+    return f;
+  }
 };
 
 void config_packet::setup (ptype type, int dst)
@@ -469,8 +478,9 @@
   prot_minor = PROTOCOL_MINOR;
   randsize = RAND_SIZE;
   hmaclen = HMACLENGTH;
-  flags = curflags ();
+  flags = ENABLE_COMPRESSION ? 0x81 : 0x80;
   challengelen = sizeof (rsachallenge);
+  features = get_features ();
 
   cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
   digest_nid = htonl (EVP_MD_type (RSA_HASH));
@@ -488,8 +498,10 @@
     slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
   else if (hmaclen != HMACLENGTH)
     slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
+#if 0 // this implementation should handle all flag settings
   else if (flags != curflags ())
     slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
+#endif
   else if (challengelen != sizeof (rsachallenge))
     slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
   else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
@@ -579,7 +591,9 @@
     {
       connectmode = conf->connectmode;
 
-      rekey.start (NOW + ::conf.rekey);
+      // make sure rekeying timeouts are slightly asymmetric
+      rekey.start (NOW + ::conf.rekey
+                   + (conf->id > THISNODE->id ? 10 : 0));
       keepalive.start (NOW + ::conf.keepalive);
 
       // send queued packets
@@ -732,8 +746,10 @@
     {
       double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6;
 
-      if (retry_int < 3600 * 8)
+      if (retry_int < conf->max_retry)
         retry_cnt++;
+      else
+        retry_int = conf->max_retry;
 
       w.start (NOW + retry_int);
 
@@ -771,7 +787,7 @@
   delete ictx; ictx = 0;
   delete octx; octx = 0;
 
-  si.host= 0;
+  si.host = 0;
 
   last_activity = 0;
   retry_cnt = 0;
@@ -918,7 +934,11 @@
                     octx   = new crypto_ctx (k, 1);
                     oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
 
+                    // compatibility code, remove when no longer required
+                    if (p->flags & 1) p->features |= FEATURE_COMPRESSION;
+
                     conf->protocols = p->protocols;
+                    features = p->features & config_packet::get_features ();
 
                     send_auth_response (rsi, p->id, k);
 
@@ -1042,11 +1062,10 @@
                         slog (L_INFO, _("%s(%s): socket address changed to %s"),
                               conf->nodename, (const char *)si, (const char *)rsi);
                       }
-
-                    delete d;
-
-                    break;
                   }
+
+                delete d;
+                break;
               }
           }