--- gvpe/src/connection.C 2005/04/26 00:55:56 1.55 +++ gvpe/src/connection.C 2005/12/05 12:58:09 1.59 @@ -21,8 +21,6 @@ #include "config.h" -#include - #include #include @@ -468,6 +466,9 @@ #if ENABLE_ROHC f |= FEATURE_ROHC; #endif +#if ENABLE_BRIDGING + f |= FEATURE_BRIDGING; +#endif return f; } }; @@ -627,6 +628,14 @@ if (!conf->tcp_port) protocol &= ~PROT_TCPv4; if (!conf->dns_port) protocol &= ~PROT_DNSv4; + if (protocol + && (!conf->can_direct (THISNODE) + || !THISNODE->can_direct (conf))) + { + slog (L_DEBUG, _("%s: direct connection denied"), conf->nodename); + protocol = 0; + } + si.set (conf, protocol); } @@ -721,7 +730,7 @@ void connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols) { - slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n", + slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)", conf->id, rid, (const char *)rsi); connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols); @@ -850,7 +859,7 @@ send_data_packet (pkt); else { - if (!broadcast)//DDDD + if (!broadcast) data_queue.put (new tap_packet (*pkt)); establish_connection (); @@ -1065,7 +1074,7 @@ if (si != rsi) { - // fast re-sync on connection changes, useful especially for tcp/ip + // fast re-sync on source address changes, useful especially for tcp/ip si = rsi; slog (L_INFO, _("%s(%s): socket address changed to %s"), @@ -1086,22 +1095,28 @@ { connect_req_packet *p = (connect_req_packet *) pkt; - assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything - connection *c = vpn->conns[p->id - 1]; - conf->protocols = p->protocols; + if (p->id > 0 && p->id <= vpn->conns.size ()) + { + connection *c = vpn->conns[p->id - 1]; + conf->protocols = p->protocols; - slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n", - conf->id, p->id, c->ictx && c->octx); + slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]", + conf->id, p->id, c->ictx && c->octx); - if (c->ictx && c->octx) - { - // send connect_info packets to both sides, in case one is - // behind a nat firewall (or both ;) - c->send_connect_info (conf->id, si, conf->protocols); - send_connect_info (c->conf->id, c->si, c->conf->protocols); + if (c->ictx && c->octx) + { + // send connect_info packets to both sides, in case one is + // behind a nat firewall (or both ;) + c->send_connect_info (conf->id, si, conf->protocols); + send_connect_info (c->conf->id, c->si, c->conf->protocols); + } + else + c->establish_connection (); } else - c->establish_connection (); + slog (L_WARN, + _("received authenticated connection request from unknown node #%d, config file mismatch?"), + p->id); } break; @@ -1111,7 +1126,7 @@ { connect_info_packet *p = (connect_info_packet *)pkt; - if (p->id > 0 && p->id <= vpn->conns.size ()) // hmac-auth does not mean we accept anything + if (p->id > 0 && p->id <= vpn->conns.size ()) { connection *c = vpn->conns[p->id - 1]; @@ -1127,6 +1142,10 @@ if (dsi.valid ()) c->send_auth_request (dsi, true); } + else + slog (L_WARN, + _("received authenticated connection request from unknown node #%d, config file mismatch?"), + p->id); } break;