--- gvpe/src/connection.C 2003/04/02 05:15:00 1.3 +++ gvpe/src/connection.C 2003/04/05 02:32:40 1.6 @@ -87,7 +87,7 @@ struct rsa_cache : list { - void cleaner_cb (tstamp &ts); time_watcher cleaner; + void cleaner_cb (time_watcher &w); time_watcher cleaner; bool find (const rsaid &id, rsachallenge &chg) { @@ -131,13 +131,13 @@ } rsa_cache; -void rsa_cache::cleaner_cb (tstamp &ts) +void rsa_cache::cleaner_cb (time_watcher &w) { if (empty ()) - ts = TSTAMP_CANCEL; + w.at = TSTAMP_CANCEL; else { - ts = NOW + RSA_TTL; + w.at = NOW + RSA_TTL; for (iterator i = begin (); i != end (); ) if (i->expire <= NOW) @@ -287,9 +287,9 @@ return !memcmp (hmac, hmac_digest, HMACLENGTH); } -void vpn_packet::set_hdr (ptype type, unsigned int dst) +void vpn_packet::set_hdr (ptype type_, unsigned int dst) { - this->type = type; + type = type_; int src = THISNODE->id; @@ -550,7 +550,13 @@ void connection::reset_dstaddr () { - si.set (conf); + protocol = best_protocol (THISNODE->protocols & conf->protocols); + + // mask out protocols we cannot establish + if (!conf->udp_port) protocol &= ~PROT_UDPv4; + if (!conf->tcp_port) protocol &= ~PROT_TCPv4; + + si.set (conf, protocol); } void @@ -559,7 +565,7 @@ ping_packet *pkt = new ping_packet; pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); - send_vpn_packet (pkt, si, IPTOS_LOWDELAY); + vpn->send_vpn_packet (pkt, si, IPTOS_LOWDELAY); delete pkt; } @@ -572,7 +578,7 @@ config_packet *pkt = new config_packet; pkt->setup (vpn_packet::PT_RESET, conf->id); - send_vpn_packet (pkt, si, IPTOS_MINCOST); + vpn->send_vpn_packet (pkt, si, IPTOS_MINCOST); delete pkt; } @@ -583,31 +589,20 @@ { auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols); - protocol = best_protocol (THISNODE->protocols & conf->protocols); + rsachallenge chg; - // mask out protocols we cannot establish - if (!conf->udp_port) protocol &= ~PROT_UDPv4; - if (!conf->tcp_port) protocol &= ~PROT_TCPv4; - - if (protocol) - { - rsachallenge chg; + rsa_cache.gen (pkt->id, chg); - rsa_cache.gen (pkt->id, chg); + if (0 > RSA_public_encrypt (sizeof chg, + (unsigned char *)&chg, (unsigned char *)&pkt->encr, + conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) + fatal ("RSA_public_encrypt error"); - if (0 > RSA_public_encrypt (sizeof chg, - (unsigned char *)&chg, (unsigned char *)&pkt->encr, - conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) - fatal ("RSA_public_encrypt error"); + slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); - slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); + vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly - send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly - - delete pkt; - } - else - ; // silently fail + delete pkt; } void @@ -623,7 +618,7 @@ slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si); - send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly + vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly delete pkt; } @@ -637,31 +632,32 @@ connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols); r->hmac_set (octx); - send_vpn_packet (r, si); + vpn->send_vpn_packet (r, si); delete r; } void -connection::establish_connection_cb (tstamp &ts) +connection::establish_connection_cb (time_watcher &w) { if (ictx || conf == THISNODE || connectmode == conf_node::C_NEVER || connectmode == conf_node::C_DISABLED) - ts = TSTAMP_CANCEL; - else if (ts <= NOW) + w.at = TSTAMP_CANCEL; + else if (w.at <= NOW) { double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6; if (retry_int < 3600 * 8) retry_cnt++; - ts = NOW + retry_int; + w.at = NOW + retry_int; if (conf->hostname) { reset_dstaddr (); - if (si.host && auth_rate_limiter.can (si)) + + if (si.valid () && auth_rate_limiter.can (si)) { if (retry_cnt < 4) send_auth_request (si, true); @@ -709,9 +705,9 @@ } void -connection::rekey_cb (tstamp &ts) +connection::rekey_cb (time_watcher &w) { - ts = TSTAMP_CANCEL; + w.at = TSTAMP_CANCEL; reset_connection (); establish_connection (); @@ -729,7 +725,7 @@ tos = (*pkt)[15] & IPTOS_TOS_MASK; p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs - send_vpn_packet (p, si, tos); + vpn->send_vpn_packet (p, si, tos); delete p; @@ -822,7 +818,7 @@ else { retry_cnt = 0; - establish_connection.set (NOW + 8); //? ;) + establish_connection.start (NOW + 8); //? ;) keepalive.reset (); rekey.reset (); @@ -888,8 +884,8 @@ si = rsi; - rekey.set (NOW + ::conf.rekey); - keepalive.set (NOW + ::conf.keepalive); + rekey.start (NOW + ::conf.rekey); + keepalive.start (NOW + ::conf.keepalive); // send queued packets while (tap_packet *p = queue.get ()) @@ -1018,7 +1014,7 @@ } } -void connection::keepalive_cb (tstamp &ts) +void connection::keepalive_cb (time_watcher &w) { if (NOW >= last_activity + ::conf.keepalive + 30) { @@ -1026,12 +1022,12 @@ establish_connection (); } else if (NOW < last_activity + ::conf.keepalive) - ts = last_activity + ::conf.keepalive; + w.at = last_activity + ::conf.keepalive; else if (conf->connectmode != conf_node::C_ONDEMAND || THISNODE->connectmode != conf_node::C_ONDEMAND) { send_ping (si); - ts = NOW + 5; + w.at = NOW + 5; } else reset_connection (); @@ -1043,7 +1039,7 @@ slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id); p->hmac_set (octx); - send_vpn_packet (p, si); + vpn->send_vpn_packet (p, si); delete p; } @@ -1077,26 +1073,6 @@ return ::conf.script_node_up ? ::conf.script_node_down : "node-down"; } -// send a vpn packet out to other hosts -void -connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos) -{ - switch (protocol) - { - case PROT_IPv4: - vpn->send_ipv4_packet (pkt, si, tos); - break; - - case PROT_UDPv4: - vpn->send_udpv4_packet (pkt, si, tos); - break; - - case PROT_TCPv4: - vpn->send_tcpv4_packet (pkt, si, tos); - break; - } -} - connection::connection(struct vpn *vpn_) : vpn(vpn_) , rekey (this, &connection::rekey_cb)