ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.6 by pcg, Sat Apr 5 02:32:40 2003 UTC vs.
Revision 1.8 by pcg, Sun Apr 6 04:17:36 2003 UTC

546}; 546};
547 547
548///////////////////////////////////////////////////////////////////////////// 548/////////////////////////////////////////////////////////////////////////////
549 549
550void 550void
551connection::reset_dstaddr () 551connection::reset_si ()
552{ 552{
553 protocol = best_protocol (THISNODE->protocols & conf->protocols); 553 protocol = best_protocol (THISNODE->protocols & conf->protocols);
554 554
555 // mask out protocols we cannot establish 555 // mask out protocols we cannot establish
556 if (!conf->udp_port) protocol &= ~PROT_UDPv4; 556 if (!conf->udp_port) protocol &= ~PROT_UDPv4;
557 if (!conf->tcp_port) protocol &= ~PROT_TCPv4; 557 if (!conf->tcp_port) protocol &= ~PROT_TCPv4;
558 558
559 si.set (conf, protocol); 559 si.set (conf, protocol);
560}
561
562// ensure sockinfo is valid, forward if necessary
563const sockinfo &
564connection::forward_si (const sockinfo &si) const
565{
566 if (!si.valid ())
567 {
568 connection *r = vpn->find_router ();
569
570 if (r)
571 {
572 slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s"),
573 conf->nodename, r->conf->nodename);
574 return r->si;
575 }
576 else
577 slog (L_DEBUG, _("%s: node unreachable, no common protocol"),
578 conf->nodename);
579 }
580
581 return si;
560} 582}
561 583
562void 584void
563connection::send_ping (const sockinfo &si, u8 pong) 585connection::send_ping (const sockinfo &si, u8 pong)
564{ 586{
598 conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) 620 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
599 fatal ("RSA_public_encrypt error"); 621 fatal ("RSA_public_encrypt error");
600 622
601 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); 623 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
602 624
603 vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly 625 vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
626
604 627
605 delete pkt; 628 delete pkt;
606} 629}
607 630
608void 631void
651 if (retry_int < 3600 * 8) 674 if (retry_int < 3600 * 8)
652 retry_cnt++; 675 retry_cnt++;
653 676
654 w.at = NOW + retry_int; 677 w.at = NOW + retry_int;
655 678
656 if (conf->hostname) 679 reset_si ();
680
681 if (si.prot && !si.host)
682 vpn->connect_request (conf->id);
683 else
657 { 684 {
658 reset_dstaddr (); 685 const sockinfo &dsi = forward_si (si);
659 686
660 if (si.valid () && auth_rate_limiter.can (si)) 687 if (dsi.valid () && auth_rate_limiter.can (dsi))
661 { 688 {
662 if (retry_cnt < 4) 689 if (retry_cnt < 4)
663 send_auth_request (si, true); 690 send_auth_request (dsi, true);
664 else 691 else
665 send_ping (si, 0); 692 send_ping (dsi, 0);
666 } 693 }
667 } 694 }
668 else
669 vpn->connect_request (conf->id);
670 } 695 }
671} 696}
672 697
673void 698void
674connection::reset_connection () 699connection::reset_connection ()
743 if (!broadcast)//DDDD 768 if (!broadcast)//DDDD
744 queue.put (new tap_packet (*pkt)); 769 queue.put (new tap_packet (*pkt));
745 770
746 establish_connection (); 771 establish_connection ();
747 } 772 }
773}
774
775void connection::inject_vpn_packet (vpn_packet *pkt, int tos)
776{
777 if (ictx && octx)
778 vpn->send_vpn_packet (pkt, si, tos);
779 else
780 establish_connection ();
748} 781}
749 782
750void 783void
751connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) 784connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
752{ 785{
881 delete ictx; ictx = cctx; 914 delete ictx; ictx = cctx;
882 915
883 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid 916 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
884 917
885 si = rsi; 918 si = rsi;
919 protocol = rsi.prot;
886 920
887 rekey.start (NOW + ::conf.rekey); 921 rekey.start (NOW + ::conf.rekey);
888 keepalive.start (NOW + ::conf.keepalive); 922 keepalive.start (NOW + ::conf.keepalive);
889 923
890 // send queued packets 924 // send queued packets
894 delete p; 928 delete p;
895 } 929 }
896 930
897 connectmode = conf->connectmode; 931 connectmode = conf->connectmode;
898 932
899 slog (L_INFO, _("%s(%s): %s connection established, protocol version %d.%d"), 933 slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"),
900 conf->nodename, (const char *)rsi, 934 conf->nodename, (const char *)rsi,
901 strprotocol (protocol),
902 p->prot_major, p->prot_minor); 935 p->prot_major, p->prot_minor);
903 936
904 if (::conf.script_node_up) 937 if (::conf.script_node_up)
905 run_script (run_script_cb (this, &connection::script_node_up), false); 938 run_script (run_script_cb (this, &connection::script_node_up), false);
906 939
972 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) 1005 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
973 { 1006 {
974 connect_req_packet *p = (connect_req_packet *) pkt; 1007 connect_req_packet *p = (connect_req_packet *) pkt;
975 1008
976 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything 1009 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
1010 connection *c = vpn->conns[p->id - 1];
977 conf->protocols = p->protocols; 1011 conf->protocols = p->protocols;
978 connection *c = vpn->conns[p->id - 1];
979 1012
980 slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n", 1013 slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n",
981 conf->id, p->id, c->ictx && c->octx); 1014 conf->id, p->id, c->ictx && c->octx);
982 1015
983 if (c->ictx && c->octx) 1016 if (c->ictx && c->octx)
995 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) 1028 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
996 { 1029 {
997 connect_info_packet *p = (connect_info_packet *) pkt; 1030 connect_info_packet *p = (connect_info_packet *) pkt;
998 1031
999 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything 1032 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
1000 conf->protocols = p->protocols; 1033
1001 connection *c = vpn->conns[p->id - 1]; 1034 connection *c = vpn->conns[p->id - 1];
1035
1036 c->conf->protocols = p->protocols;
1037 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1038 p->si.upgrade_protocol (protocol, c->conf);
1002 1039
1003 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", 1040 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
1004 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); 1041 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
1005 1042
1043 const sockinfo &dsi = forward_si (p->si);
1044
1045 if (dsi.valid ())
1006 c->send_auth_request (p->si, true); 1046 c->send_auth_request (dsi, true);
1007 } 1047 }
1008 1048
1009 break; 1049 break;
1010 1050
1011 default: 1051 default:

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines