--- gvpe/src/connection.C	2004/02/08 07:24:25	1.31
+++ gvpe/src/connection.C	2004/10/12 12:06:06	1.39
@@ -204,10 +204,10 @@
 // but low on resources.
 struct net_rate_limiter : list<net_rateinfo>
 {
-  static const double ALPHA  = 1. - 1. / 600.; // allow bursts
-  static const double CUTOFF = 10.;            // one event every CUTOFF seconds
-  static const double EXPIRE = CUTOFF * 30.;   // expire entries after this time
-  static const double MAXDIF = CUTOFF * (1. / (1. - ALPHA)); // maximum diff /count value
+# define NRL_ALPHA  (1. - 1. / 600.)     // allow bursts
+# define NRL_CUTOFF 10.                  // one event every CUTOFF seconds
+# define NRL_EXPIRE (NRL_CUTOFF * 30.)   // expire entries after this time
+# define NRL_MAXDIF (NRL_CUTOFF * (1. / (1. - NRL_ALPHA))) // maximum diff /count value
 
   bool can (const sockinfo &si) { return can((u32)si.host); }
   bool can (u32 host);
@@ -222,7 +222,7 @@
   for (i = begin (); i != end (); )
     if (i->host == host)
       break;
-    else if (i->last < NOW - EXPIRE)
+    else if (i->last < NOW - NRL_EXPIRE)
       i = erase (i);
     else
       i++;
@@ -233,7 +233,7 @@
 
       ri.host = host;
       ri.pcnt = 1.;
-      ri.diff = MAXDIF;
+      ri.diff = NRL_MAXDIF;
       ri.last = NOW;
 
       push_front (ri);
@@ -245,19 +245,19 @@
       net_rateinfo ri (*i);
       erase (i);
 
-      ri.pcnt = ri.pcnt * ALPHA;
-      ri.diff = ri.diff * ALPHA + (NOW - ri.last);
+      ri.pcnt = ri.pcnt * NRL_ALPHA;
+      ri.diff = ri.diff * NRL_ALPHA + (NOW - ri.last);
 
       ri.last = NOW;
 
       double dif = ri.diff / ri.pcnt;
 
-      bool send = dif > CUTOFF;
+      bool send = dif > NRL_CUTOFF;
 
-      if (dif > MAXDIF)
+      if (dif > NRL_MAXDIF)
         {
           ri.pcnt = 1.;
-          ri.diff = MAXDIF;
+          ri.diff = NRL_MAXDIF;
         }
       else if (send)
         ri.pcnt++;
@@ -458,10 +458,19 @@
 
   void setup (ptype type, int dst);
   bool chk_config () const;
-};
 
-#define FEATURES ((ENABLE_COMPRESSION ? FEATURE_COMPRESSION : 0) \
-                | (ENABLE_ROHC        ? FEATURE_ROHC        : 0))
+  static u8 get_features ()
+  {
+    u8 f = 0;
+#if ENABLE_COMPRESSION
+    f |= FEATURE_COMPRESSION;
+#endif
+#if ENABLE_ROHC
+    f |= FEATURE_ROHC;
+#endif
+    return f;
+  }
+};
 
 void config_packet::setup (ptype type, int dst)
 {
@@ -471,7 +480,7 @@
   hmaclen = HMACLENGTH;
   flags = ENABLE_COMPRESSION ? 0x81 : 0x80;
   challengelen = sizeof (rsachallenge);
-  features = FEATURES;
+  features = get_features ();
 
   cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
   digest_nid = htonl (EVP_MD_type (RSA_HASH));
@@ -582,7 +591,9 @@
     {
       connectmode = conf->connectmode;
 
-      rekey.start (NOW + ::conf.rekey);
+      // make sure rekeying timeouts are slightly asymmetric
+      rekey.start (NOW + ::conf.rekey
+                   + (conf->id > THISNODE->id ? 10 : 0));
       keepalive.start (NOW + ::conf.keepalive);
 
       // send queued packets
@@ -735,8 +746,10 @@
     {
       double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6;
 
-      if (retry_int < 3600 * 8)
+      if (retry_int < conf->max_retry)
         retry_cnt++;
+      else
+        retry_int = conf->max_retry;
 
       w.start (NOW + retry_int);
 
@@ -774,7 +787,7 @@
   delete ictx; ictx = 0;
   delete octx; octx = 0;
 
-  si.host= 0;
+  si.host = 0;
 
   last_activity = 0;
   retry_cnt = 0;
@@ -925,7 +938,7 @@
                     if (p->flags & 1) p->features |= FEATURE_COMPRESSION;
 
                     conf->protocols = p->protocols;
-                    features = p->features & FEATURES;
+                    features = p->features & config_packet::get_features ();
 
                     send_auth_response (rsi, p->id, k);
 
@@ -1049,11 +1062,10 @@
                         slog (L_INFO, _("%s(%s): socket address changed to %s"),
                               conf->nodename, (const char *)si, (const char *)rsi);
                       }
-
-                    delete d;
-
-                    break;
                   }
+
+                delete d;
+                break;
               }
           }
 
@@ -1088,23 +1100,24 @@
       case vpn_packet::PT_CONNECT_INFO:
         if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
           {
-            connect_info_packet *p = (connect_info_packet *) pkt;
-
-            assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
+            connect_info_packet *p = (connect_info_packet *)pkt;
 
-            connection *c = vpn->conns[p->id - 1];
+            if (p->id > 0 && p->id <= vpn->conns.size ()) // hmac-auth does not mean we accept anything
+              {
+                connection *c = vpn->conns[p->id - 1];
 
-            c->conf->protocols = p->protocols;
-            protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
-            p->si.upgrade_protocol (protocol, c->conf);
+                c->conf->protocols = p->protocols;
+                protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
+                p->si.upgrade_protocol (protocol, c->conf);
 
-            slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
-                           conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
+                slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
+                               conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
 
-            const sockinfo &dsi = forward_si (p->si);
+                const sockinfo &dsi = forward_si (p->si);
 
-            if (dsi.valid ())
-              c->send_auth_request (dsi, true);
+                if (dsi.valid ())
+                  c->send_auth_request (dsi, true);
+              }
           }
 
         break;