ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.4 by pcg, Wed Apr 2 21:02:25 2003 UTC vs.
Revision 1.13 by pcg, Fri Aug 8 07:52:26 2003 UTC

147 } 147 }
148} 148}
149 149
150////////////////////////////////////////////////////////////////////////////// 150//////////////////////////////////////////////////////////////////////////////
151 151
152void pkt_queue::put (tap_packet *p) 152void pkt_queue::put (net_packet *p)
153{ 153{
154 if (queue[i]) 154 if (queue[i])
155 { 155 {
156 delete queue[i]; 156 delete queue[i];
157 j = (j + 1) % QUEUEDEPTH; 157 j = (j + 1) % QUEUEDEPTH;
160 queue[i] = p; 160 queue[i] = p;
161 161
162 i = (i + 1) % QUEUEDEPTH; 162 i = (i + 1) % QUEUEDEPTH;
163} 163}
164 164
165tap_packet *pkt_queue::get () 165net_packet *pkt_queue::get ()
166{ 166{
167 tap_packet *p = queue[j]; 167 net_packet *p = queue[j];
168 168
169 if (p) 169 if (p)
170 { 170 {
171 queue[j] = 0; 171 queue[j] = 0;
172 j = (j + 1) % QUEUEDEPTH; 172 j = (j + 1) % QUEUEDEPTH;
197// only do action once every x seconds per host whole allowing bursts. 197// only do action once every x seconds per host whole allowing bursts.
198// this implementation ("splay list" ;) is inefficient, 198// this implementation ("splay list" ;) is inefficient,
199// but low on resources. 199// but low on resources.
200struct net_rate_limiter : list<net_rateinfo> 200struct net_rate_limiter : list<net_rateinfo>
201{ 201{
202 static const double ALPHA = 1. - 1. / 90.; // allow bursts 202 static const double ALPHA = 1. - 1. / 180.; // allow bursts
203 static const double CUTOFF = 20.; // one event every CUTOFF seconds 203 static const double CUTOFF = 10.; // one event every CUTOFF seconds
204 static const double EXPIRE = CUTOFF * 30.; // expire entries after this time 204 static const double EXPIRE = CUTOFF * 30.; // expire entries after this time
205 static const double MAXDIF = CUTOFF * (1. / (1. - ALPHA)); // maximum diff /count value
205 206
206 bool can (const sockinfo &si) { return can((u32)si.host); } 207 bool can (const sockinfo &si) { return can((u32)si.host); }
207 bool can (u32 host); 208 bool can (u32 host);
208}; 209};
209 210
225 { 226 {
226 net_rateinfo ri; 227 net_rateinfo ri;
227 228
228 ri.host = host; 229 ri.host = host;
229 ri.pcnt = 1.; 230 ri.pcnt = 1.;
230 ri.diff = CUTOFF * (1. / (1. - ALPHA)); 231 ri.diff = MAXDIF;
231 ri.last = NOW; 232 ri.last = NOW;
232 233
233 push_front (ri); 234 push_front (ri);
234 235
235 return true; 236 return true;
242 ri.pcnt = ri.pcnt * ALPHA; 243 ri.pcnt = ri.pcnt * ALPHA;
243 ri.diff = ri.diff * ALPHA + (NOW - ri.last); 244 ri.diff = ri.diff * ALPHA + (NOW - ri.last);
244 245
245 ri.last = NOW; 246 ri.last = NOW;
246 247
248 double dif = ri.diff / ri.pcnt;
249
247 bool send = ri.diff / ri.pcnt > CUTOFF; 250 bool send = dif > CUTOFF;
248 251
252 if (dif > MAXDIF)
253 {
254 ri.pcnt = 1.;
255 ri.diff = MAXDIF;
256 }
249 if (send) 257 else if (send)
250 ri.pcnt++; 258 ri.pcnt++;
251 259
252 push_front (ri); 260 push_front (ri);
253 261
254 return send; 262 return send;
285 hmac_gen (ctx); 293 hmac_gen (ctx);
286 294
287 return !memcmp (hmac, hmac_digest, HMACLENGTH); 295 return !memcmp (hmac, hmac_digest, HMACLENGTH);
288} 296}
289 297
290void vpn_packet::set_hdr (ptype type, unsigned int dst) 298void vpn_packet::set_hdr (ptype type_, unsigned int dst)
291{ 299{
292 this->type = type; 300 type = type_;
293 301
294 int src = THISNODE->id; 302 int src = THISNODE->id;
295 303
296 src1 = src; 304 src1 = src;
297 srcdst = ((src >> 8) << 4) | (dst >> 8); 305 srcdst = ((src >> 8) << 4) | (dst >> 8);
546}; 554};
547 555
548///////////////////////////////////////////////////////////////////////////// 556/////////////////////////////////////////////////////////////////////////////
549 557
550void 558void
559connection::connection_established ()
560{
561 if (ictx && octx)
562 {
563 connectmode = conf->connectmode;
564
565 rekey.start (NOW + ::conf.rekey);
566 keepalive.start (NOW + ::conf.keepalive);
567
568 // send queued packets
569 if (ictx && octx)
570 {
571 while (tap_packet *p = (tap_packet *)data_queue.get ())
572 {
573 send_data_packet (p);
574 delete p;
575 }
576
577 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
578 {
579 send_vpn_packet (p, si, IPTOS_RELIABILITY);
580 delete p;
581 }
582 }
583 }
584 else
585 {
586 retry_cnt = 0;
587 establish_connection.start (NOW + 5);
588 keepalive.reset ();
589 rekey.reset ();
590 }
591}
592
593void
551connection::reset_dstaddr () 594connection::reset_si ()
552{ 595{
553 si.set (conf);
554}
555
556void
557connection::send_ping (const sockinfo &si, u8 pong)
558{
559 ping_packet *pkt = new ping_packet;
560
561 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
562 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
563
564 delete pkt;
565}
566
567void
568connection::send_reset (const sockinfo &si)
569{
570 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
571 {
572 config_packet *pkt = new config_packet;
573
574 pkt->setup (vpn_packet::PT_RESET, conf->id);
575 send_vpn_packet (pkt, si, IPTOS_MINCOST);
576
577 delete pkt;
578 }
579}
580
581void
582connection::send_auth_request (const sockinfo &si, bool initiate)
583{
584 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
585
586 protocol = best_protocol (THISNODE->protocols & conf->protocols); 596 protocol = best_protocol (THISNODE->protocols & conf->protocols);
587 597
588 // mask out protocols we cannot establish 598 // mask out protocols we cannot establish
589 if (!conf->udp_port) protocol &= ~PROT_UDPv4; 599 if (!conf->udp_port) protocol &= ~PROT_UDPv4;
590 if (!conf->tcp_port) protocol &= ~PROT_TCPv4; 600 if (!conf->tcp_port) protocol &= ~PROT_TCPv4;
591 601
592 if (protocol) 602 si.set (conf, protocol);
603}
604
605// ensure sockinfo is valid, forward if necessary
606const sockinfo &
607connection::forward_si (const sockinfo &si) const
608{
609 if (!si.valid ())
610 {
611 connection *r = vpn->find_router ();
612
613 if (r)
614 {
615 slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s"),
616 conf->nodename, r->conf->nodename);
617 return r->si;
618 }
619 else
620 slog (L_DEBUG, _("%s: node unreachable, no common protocol"),
621 conf->nodename);
593 { 622 }
594 rsachallenge chg;
595 623
596 rsa_cache.gen (pkt->id, chg); 624 return si;
625}
597 626
598 if (0 > RSA_public_encrypt (sizeof chg, 627void
599 (unsigned char *)&chg, (unsigned char *)&pkt->encr, 628connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
600 conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) 629{
601 fatal ("RSA_public_encrypt error"); 630 if (!vpn->send_vpn_packet (pkt, si, tos))
631 reset_connection ();
632}
602 633
603 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); 634void
635connection::send_ping (const sockinfo &si, u8 pong)
636{
637 ping_packet *pkt = new ping_packet;
604 638
605 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly 639 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
640 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
641
642 delete pkt;
643}
644
645void
646connection::send_reset (const sockinfo &si)
647{
648 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
649 {
650 config_packet *pkt = new config_packet;
651
652 pkt->setup (vpn_packet::PT_RESET, conf->id);
653 send_vpn_packet (pkt, si, IPTOS_MINCOST);
606 654
607 delete pkt; 655 delete pkt;
608 } 656 }
609 else 657}
610 ; // silently fail 658
659void
660connection::send_auth_request (const sockinfo &si, bool initiate)
661{
662 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
663
664 rsachallenge chg;
665
666 rsa_cache.gen (pkt->id, chg);
667
668 if (0 > RSA_public_encrypt (sizeof chg,
669 (unsigned char *)&chg, (unsigned char *)&pkt->encr,
670 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
671 fatal ("RSA_public_encrypt error");
672
673 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
674
675 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
676
677 delete pkt;
611} 678}
612 679
613void 680void
614connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg) 681connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg)
615{ 682{
656 if (retry_int < 3600 * 8) 723 if (retry_int < 3600 * 8)
657 retry_cnt++; 724 retry_cnt++;
658 725
659 w.at = NOW + retry_int; 726 w.at = NOW + retry_int;
660 727
661 if (conf->hostname) 728 reset_si ();
729
730 if (si.prot && !si.host)
731 vpn->send_connect_request (conf->id);
732 else
662 { 733 {
663 reset_dstaddr (); 734 const sockinfo &dsi = forward_si (si);
735
664 if (si.host && auth_rate_limiter.can (si)) 736 if (dsi.valid () && auth_rate_limiter.can (dsi))
665 { 737 {
666 if (retry_cnt < 4) 738 if (retry_cnt < 4)
667 send_auth_request (si, true); 739 send_auth_request (dsi, true);
668 else 740 else
669 send_ping (si, 0); 741 send_ping (dsi, 0);
670 } 742 }
671 } 743 }
672 else
673 vpn->connect_request (conf->id);
674 } 744 }
675} 745}
676 746
677void 747void
678connection::reset_connection () 748connection::reset_connection ()
721connection::send_data_packet (tap_packet *pkt, bool broadcast) 791connection::send_data_packet (tap_packet *pkt, bool broadcast)
722{ 792{
723 vpndata_packet *p = new vpndata_packet; 793 vpndata_packet *p = new vpndata_packet;
724 int tos = 0; 794 int tos = 0;
725 795
796 // I am not hilarious about peeking into packets, but so be it.
726 if (conf->inherit_tos 797 if (conf->inherit_tos
727 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP 798 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
728 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4 799 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
729 tos = (*pkt)[15] & IPTOS_TOS_MASK; 800 tos = (*pkt)[15] & IPTOS_TOS_MASK;
730 801
743 if (ictx && octx) 814 if (ictx && octx)
744 send_data_packet (pkt, broadcast); 815 send_data_packet (pkt, broadcast);
745 else 816 else
746 { 817 {
747 if (!broadcast)//DDDD 818 if (!broadcast)//DDDD
748 queue.put (new tap_packet (*pkt)); 819 data_queue.put (new tap_packet (*pkt));
820
821 establish_connection ();
822 }
823}
824
825void connection::inject_vpn_packet (vpn_packet *pkt, int tos)
826{
827 if (ictx && octx)
828 send_vpn_packet (pkt, si, tos);
829 else
830 {
831 vpn_queue.put (new vpn_packet (*pkt));
749 832
750 establish_connection (); 833 establish_connection ();
751 } 834 }
752} 835}
753 836
819 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING)) 902 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
820 slog (L_ERR, _("%s(%s): challenge illegal or corrupted"), 903 slog (L_ERR, _("%s(%s): challenge illegal or corrupted"),
821 conf->nodename, (const char *)rsi); 904 conf->nodename, (const char *)rsi);
822 else 905 else
823 { 906 {
824 retry_cnt = 0;
825 establish_connection.set (NOW + 8); //? ;)
826 keepalive.reset ();
827 rekey.reset ();
828
829 delete ictx;
830 ictx = 0;
831
832 delete octx; 907 delete octx;
833 908
834 octx = new crypto_ctx (k, 1); 909 octx = new crypto_ctx (k, 1);
835 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; 910 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
836 911
837 conf->protocols = p->protocols; 912 conf->protocols = p->protocols;
913
838 send_auth_response (rsi, p->id, k); 914 send_auth_response (rsi, p->id, k);
915
916 connection_established ();
839 917
840 break; 918 break;
841 } 919 }
842 } 920 }
843 921
860 PROTOCOL_MINOR, conf->nodename, p->prot_minor); 938 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
861 939
862 rsachallenge chg; 940 rsachallenge chg;
863 941
864 if (!rsa_cache.find (p->id, chg)) 942 if (!rsa_cache.find (p->id, chg))
943 {
865 slog (L_ERR, _("%s(%s): unrequested auth response"), 944 slog (L_ERR, _("%s(%s): unrequested auth response"),
866 conf->nodename, (const char *)rsi); 945 conf->nodename, (const char *)rsi);
946 break;
947 }
867 else 948 else
868 { 949 {
869 crypto_ctx *cctx = new crypto_ctx (chg, 0); 950 crypto_ctx *cctx = new crypto_ctx (chg, 0);
870 951
871 if (!p->hmac_chk (cctx)) 952 if (!p->hmac_chk (cctx))
885 delete ictx; ictx = cctx; 966 delete ictx; ictx = cctx;
886 967
887 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid 968 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
888 969
889 si = rsi; 970 si = rsi;
971 protocol = rsi.prot;
890 972
891 rekey.set (NOW + ::conf.rekey); 973 connection_established ();
892 keepalive.set (NOW + ::conf.keepalive);
893 974
894 // send queued packets
895 while (tap_packet *p = queue.get ())
896 {
897 send_data_packet (p);
898 delete p;
899 }
900
901 connectmode = conf->connectmode;
902
903 slog (L_INFO, _("%s(%s): %s connection established, protocol version %d.%d"), 975 slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"),
904 conf->nodename, (const char *)rsi, 976 conf->nodename, (const char *)rsi,
905 strprotocol (protocol),
906 p->prot_major, p->prot_minor); 977 p->prot_major, p->prot_minor);
907 978
908 if (::conf.script_node_up) 979 if (::conf.script_node_up)
909 run_script (run_script_cb (this, &connection::script_node_up), false); 980 run_script (run_script_cb (this, &connection::script_node_up), false);
910 981
933 1004
934 if (ictx && octx) 1005 if (ictx && octx)
935 { 1006 {
936 vpndata_packet *p = (vpndata_packet *)pkt; 1007 vpndata_packet *p = (vpndata_packet *)pkt;
937 1008
938 if (rsi == si) 1009 if (!p->hmac_chk (ictx))
1010 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
1011 "could be an attack, or just corruption or an synchronization error"),
1012 conf->nodename, (const char *)rsi);
1013 else
939 { 1014 {
940 if (!p->hmac_chk (ictx))
941 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
942 "could be an attack, or just corruption or an synchronization error"),
943 conf->nodename, (const char *)rsi);
944 else 1015 u32 seqno;
1016 tap_packet *d = p->unpack (this, seqno);
1017
1018 if (iseqno.recv_ok (seqno))
945 { 1019 {
946 u32 seqno; 1020 vpn->tap->send (d);
947 tap_packet *d = p->unpack (this, seqno);
948 1021
949 if (iseqno.recv_ok (seqno)) 1022 if (p->dst () == 0) // re-broadcast
1023 for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
1024 {
1025 connection *c = *i;
1026
1027 if (c->conf != THISNODE && c->conf != conf)
1028 c->inject_data_packet (d);
1029 }
1030
1031 if (si != rsi)
950 { 1032 {
951 vpn->tap->send (d); 1033 // fast re-sync on conneciton changes, useful especially for tcp/ip
952
953 if (p->dst () == 0) // re-broadcast
954 for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
955 {
956 connection *c = *i;
957
958 if (c->conf != THISNODE && c->conf != conf)
959 c->inject_data_packet (d);
960 }
961
962 delete d;
963
964 break; 1034 si = rsi;
1035
1036 slog (L_INFO, _("%s(%s): socket address changed to %s"),
1037 conf->nodename, (const char *)si, (const char *)rsi);
965 } 1038 }
1039
1040 delete d;
1041
1042 break;
966 } 1043 }
967 } 1044 }
968 else
969 slog (L_ERR, _("received data packet from unknown source %s"), (const char *)rsi);
970 } 1045 }
971 1046
972 send_reset (rsi); 1047 send_reset (rsi);
973 break; 1048 break;
974 1049
976 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) 1051 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
977 { 1052 {
978 connect_req_packet *p = (connect_req_packet *) pkt; 1053 connect_req_packet *p = (connect_req_packet *) pkt;
979 1054
980 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything 1055 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
1056 connection *c = vpn->conns[p->id - 1];
981 conf->protocols = p->protocols; 1057 conf->protocols = p->protocols;
982 connection *c = vpn->conns[p->id - 1];
983 1058
984 slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n", 1059 slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n",
985 conf->id, p->id, c->ictx && c->octx); 1060 conf->id, p->id, c->ictx && c->octx);
986 1061
987 if (c->ictx && c->octx) 1062 if (c->ictx && c->octx)
989 // send connect_info packets to both sides, in case one is 1064 // send connect_info packets to both sides, in case one is
990 // behind a nat firewall (or both ;) 1065 // behind a nat firewall (or both ;)
991 c->send_connect_info (conf->id, si, conf->protocols); 1066 c->send_connect_info (conf->id, si, conf->protocols);
992 send_connect_info (c->conf->id, c->si, c->conf->protocols); 1067 send_connect_info (c->conf->id, c->si, c->conf->protocols);
993 } 1068 }
1069 else
1070 c->establish_connection ();
994 } 1071 }
995 1072
996 break; 1073 break;
997 1074
998 case vpn_packet::PT_CONNECT_INFO: 1075 case vpn_packet::PT_CONNECT_INFO:
999 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) 1076 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1000 { 1077 {
1001 connect_info_packet *p = (connect_info_packet *) pkt; 1078 connect_info_packet *p = (connect_info_packet *) pkt;
1002 1079
1003 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything 1080 assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
1004 conf->protocols = p->protocols; 1081
1005 connection *c = vpn->conns[p->id - 1]; 1082 connection *c = vpn->conns[p->id - 1];
1083
1084 c->conf->protocols = p->protocols;
1085 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1086 p->si.upgrade_protocol (protocol, c->conf);
1006 1087
1007 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", 1088 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
1008 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); 1089 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
1009 1090
1091 const sockinfo &dsi = forward_si (p->si);
1092
1093 if (dsi.valid ())
1010 c->send_auth_request (p->si, true); 1094 c->send_auth_request (dsi, true);
1011 } 1095 }
1012 1096
1013 break; 1097 break;
1014 1098
1015 default: 1099 default:
1031 || THISNODE->connectmode != conf_node::C_ONDEMAND) 1115 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1032 { 1116 {
1033 send_ping (si); 1117 send_ping (si);
1034 w.at = NOW + 5; 1118 w.at = NOW + 5;
1035 } 1119 }
1120 else if (NOW < last_activity + ::conf.keepalive + 10)
1121 // hold ondemand connections implicitly a few seconds longer
1122 // should delete octx, though, or something like that ;)
1123 w.at = last_activity + ::conf.keepalive + 10;
1036 else 1124 else
1037 reset_connection (); 1125 reset_connection ();
1038} 1126}
1039 1127
1040void connection::connect_request (int id) 1128void connection::send_connect_request (int id)
1041{ 1129{
1042 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); 1130 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);
1043 1131
1044 slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id); 1132 slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);
1045 p->hmac_set (octx); 1133 p->hmac_set (octx);
1075 putenv ("STATE=down"); 1163 putenv ("STATE=down");
1076 1164
1077 return ::conf.script_node_up ? ::conf.script_node_down : "node-down"; 1165 return ::conf.script_node_up ? ::conf.script_node_down : "node-down";
1078} 1166}
1079 1167
1080// send a vpn packet out to other hosts
1081void
1082connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
1083{
1084 switch (protocol)
1085 {
1086 case PROT_IPv4:
1087 vpn->send_ipv4_packet (pkt, si, tos);
1088 break;
1089
1090 case PROT_UDPv4:
1091 vpn->send_udpv4_packet (pkt, si, tos);
1092 break;
1093
1094 case PROT_TCPv4:
1095 vpn->send_tcpv4_packet (pkt, si, tos);
1096 break;
1097 }
1098}
1099
1100connection::connection(struct vpn *vpn_) 1168connection::connection(struct vpn *vpn_)
1101: vpn(vpn_) 1169: vpn(vpn_)
1102, rekey (this, &connection::rekey_cb) 1170, rekey (this, &connection::rekey_cb)
1103, keepalive (this, &connection::keepalive_cb) 1171, keepalive (this, &connection::keepalive_cb)
1104, establish_connection (this, &connection::establish_connection_cb) 1172, establish_connection (this, &connection::establish_connection_cb)

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines