--- gvpe/src/connection.C	2003/04/06 18:12:18	1.10
+++ gvpe/src/connection.C	2003/08/08 07:52:26	1.13
@@ -149,7 +149,7 @@
 
 //////////////////////////////////////////////////////////////////////////////
 
-void pkt_queue::put (tap_packet *p)
+void pkt_queue::put (net_packet *p)
 {
   if (queue[i])
     {
@@ -162,9 +162,9 @@
   i = (i + 1) % QUEUEDEPTH;
 }
 
-tap_packet *pkt_queue::get ()
+net_packet *pkt_queue::get ()
 {
-  tap_packet *p = queue[j];
+  net_packet *p = queue[j];
 
   if (p)
     {
@@ -567,11 +567,19 @@
 
       // send queued packets
       if (ictx && octx)
-        while (tap_packet *p = queue.get ())
-          {
-            send_data_packet (p);
-            delete p;
-          }
+        {
+          while (tap_packet *p = (tap_packet *)data_queue.get ())
+            {
+              send_data_packet (p);
+              delete p;
+            }
+
+          while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
+            {
+              send_vpn_packet (p, si, IPTOS_RELIABILITY);
+              delete p;
+            }
+        }
     }
   else
     {
@@ -785,6 +793,7 @@
   vpndata_packet *p = new vpndata_packet;
   int tos = 0;
 
+  // I am not hilarious about peeking into packets, but so be it.
   if (conf->inherit_tos
       && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
       && ((*pkt)[14] & 0xf0) == 0x40)             // IPv4
@@ -807,7 +816,7 @@
   else
     {
       if (!broadcast)//DDDD
-        queue.put (new tap_packet (*pkt));
+        data_queue.put (new tap_packet (*pkt));
 
       establish_connection ();
     }
@@ -818,7 +827,11 @@
   if (ictx && octx)
     send_vpn_packet (pkt, si, tos);
   else
-    establish_connection ();
+    {
+      vpn_queue.put (new vpn_packet (*pkt));
+
+      establish_connection ();
+    }
 }
 
 void
@@ -927,8 +940,11 @@
               rsachallenge chg;
 
               if (!rsa_cache.find (p->id, chg))
-                slog (L_ERR, _("%s(%s): unrequested auth response"),
-                      conf->nodename, (const char *)rsi);
+                {
+                  slog (L_ERR, _("%s(%s): unrequested auth response"),
+                        conf->nodename, (const char *)rsi);
+                  break;
+                }
               else
                 {
                   crypto_ctx *cctx = new crypto_ctx (chg, 0);
@@ -1050,6 +1066,8 @@
                 c->send_connect_info (conf->id, si, conf->protocols);
                 send_connect_info (c->conf->id, c->si, c->conf->protocols);
               }
+            else
+              c->establish_connection ();
           }
 
         break;
@@ -1099,6 +1117,10 @@
       send_ping (si);
       w.at = NOW + 5;
     }
+  else if (NOW < last_activity + ::conf.keepalive + 10)
+    // hold ondemand connections implicitly a few seconds longer
+    // should delete octx, though, or something like that ;)
+    w.at = last_activity + ::conf.keepalive + 10;
   else
     reset_connection ();
 }