--- gvpe/src/connection.C	2003/10/14 03:22:09	1.19
+++ gvpe/src/connection.C	2003/10/22 01:05:23	1.24
@@ -1,5 +1,6 @@
 /*
     connection.C -- manage a single connection
+    Copyright (C) 2003 Marc Lehmann <pcg@goof.com>
  
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -37,22 +38,7 @@
 #include "vpn.h"
 #include "connection.h"
 
-#include <sys/socket.h>
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
-#include <arpa/inet.h>
-#include <net/if.h>
-#ifdef HAVE_NETINET_IN_SYSTM_H
-# include <netinet/in_systm.h>
-#endif
-#ifdef HAVE_NETINET_IP_H
-# include <netinet/ip.h>
-#endif
-
-#ifndef IPTOS_TOS_MASK
-# define IPTOS_TOS_MASK (IPTOS_LOWDELAY | IPTOS_THROUGHPUT | IPTOS_RELIABILITY | IPTOS_MINCOST)
-#endif
+#include "netcompat.h"
 
 #if !HAVE_RAND_PSEUDO_BYTES
 # define  RAND_pseudo_bytes RAND_bytes
@@ -495,21 +481,21 @@
 bool config_packet::chk_config () const
 {
   if (prot_major != PROTOCOL_MAJOR)
-    slog (L_WARN, _("major version mismatch (%d <=> %d)"), prot_major, PROTOCOL_MAJOR);
+    slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
   else if (randsize != RAND_SIZE)
-    slog (L_WARN, _("rand size mismatch (%d <=> %d)"), randsize, RAND_SIZE);
+    slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
   else if (hmaclen != HMACLENGTH)
-    slog (L_WARN, _("hmac length mismatch (%d <=> %d)"), hmaclen, HMACLENGTH);
+    slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
   else if (flags != curflags ())
-    slog (L_WARN, _("flag mismatch (%x <=> %x)"), flags, curflags ());
+    slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
   else if (challengelen != sizeof (rsachallenge))
-    slog (L_WARN, _("challenge length mismatch (%d <=> %d)"), challengelen, sizeof (rsachallenge));
+    slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
   else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
-    slog (L_WARN, _("cipher mismatch (%x <=> %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
+    slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
   else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
-    slog (L_WARN, _("digest mismatch (%x <=> %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
+    slog (L_WARN, _("digest mismatch (remote %x <=> local %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
   else if (hmac_nid != htonl (EVP_MD_type (DIGEST)))
-    slog (L_WARN, _("hmac mismatch (%x <=> %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
+    slog (L_WARN, _("hmac mismatch (remote %x <=> local %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
   else
     return true;
 
@@ -691,13 +677,8 @@
   auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
 
   rsachallenge chg;
-
   rsa_cache.gen (pkt->id, chg);
-
-  if (0 > RSA_public_encrypt (sizeof chg,
-                              (unsigned char *)&chg, (unsigned char *)&pkt->encr,
-                              conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
-    fatal ("RSA_public_encrypt error");
+  rsa_encrypt (conf->rsa_key, chg, pkt->encr);
 
   slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
 
@@ -817,18 +798,16 @@
 }
 
 void
-connection::send_data_packet (tap_packet *pkt, bool broadcast)
+connection::send_data_packet (tap_packet *pkt)
 {
   vpndata_packet *p = new vpndata_packet;
   int tos = 0;
 
   // I am not hilarious about peeking into packets, but so be it.
-  if (conf->inherit_tos
-      && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
-      && ((*pkt)[14] & 0xf0) == 0x40)             // IPv4
+  if (conf->inherit_tos && pkt->is_ipv4 ())
     tos = (*pkt)[15] & IPTOS_TOS_MASK;
 
-  p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
+  p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
   send_vpn_packet (p, si, tos);
 
   delete p;
@@ -838,10 +817,10 @@
 }
 
 void
-connection::inject_data_packet (tap_packet *pkt, bool broadcast)
+connection::inject_data_packet (tap_packet *pkt, bool broadcast/*TODO DDD*/)
 {
   if (ictx && octx)
-    send_data_packet (pkt, broadcast);
+    send_data_packet (pkt);
   else
     {
       if (!broadcast)//DDDD
@@ -926,11 +905,12 @@
 
                 rsachallenge k;
 
-                if (0 > RSA_private_decrypt (sizeof (p->encr),
-                                             (unsigned char *)&p->encr, (unsigned char *)&k,
-                                             ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
-                  slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
-                        conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
+                if (!rsa_decrypt (::conf.rsa_key, p->encr, k))
+                  {
+                    slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
+                          conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
+                    break;
+                  }
                 else
                   {
                     delete octx;
@@ -1054,15 +1034,6 @@
                   {
                     vpn->tap->send (d);
 
-                    if (p->dst () == 0) // re-broadcast
-                      for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
-                        {
-                          connection *c = *i;
-
-                          if (c->conf != THISNODE && c->conf != conf)
-                            c->inject_data_packet (d);
-                        }
-
                     if (si != rsi)
                       {
                         // fast re-sync on connection changes, useful especially for tcp/ip