--- gvpe/src/connection.C	2003/10/14 15:48:15	1.20
+++ gvpe/src/connection.C	2004/01/17 14:08:57	1.26
@@ -1,5 +1,6 @@
 /*
     connection.C -- manage a single connection
+    Copyright (C) 2003-2004 Marc Lehmann <pcg@goof.com>
  
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -22,6 +23,8 @@
 # include "lzf/lzf.h"
 }
 
+#include <cassert>
+
 #include <list>
 
 #include <openssl/rand.h>
@@ -135,11 +138,9 @@
 
 void rsa_cache::cleaner_cb (time_watcher &w)
 {
-  if (empty ())
-    w.at = TSTAMP_CANCEL;
-  else
+  if (!empty ())
     {
-      w.at = NOW + RSA_TTL;
+      w.start (NOW + RSA_TTL);
 
       for (iterator i = begin (); i != end (); )
         if (i->expire <= NOW)
@@ -480,21 +481,21 @@
 bool config_packet::chk_config () const
 {
   if (prot_major != PROTOCOL_MAJOR)
-    slog (L_WARN, _("major version mismatch (%d <=> %d)"), prot_major, PROTOCOL_MAJOR);
+    slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
   else if (randsize != RAND_SIZE)
-    slog (L_WARN, _("rand size mismatch (%d <=> %d)"), randsize, RAND_SIZE);
+    slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
   else if (hmaclen != HMACLENGTH)
-    slog (L_WARN, _("hmac length mismatch (%d <=> %d)"), hmaclen, HMACLENGTH);
+    slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
   else if (flags != curflags ())
-    slog (L_WARN, _("flag mismatch (%x <=> %x)"), flags, curflags ());
+    slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
   else if (challengelen != sizeof (rsachallenge))
-    slog (L_WARN, _("challenge length mismatch (%d <=> %d)"), challengelen, sizeof (rsachallenge));
+    slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
   else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
-    slog (L_WARN, _("cipher mismatch (%x <=> %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
+    slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
   else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
-    slog (L_WARN, _("digest mismatch (%x <=> %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
+    slog (L_WARN, _("digest mismatch (remote %x <=> local %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
   else if (hmac_nid != htonl (EVP_MD_type (DIGEST)))
-    slog (L_WARN, _("hmac mismatch (%x <=> %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
+    slog (L_WARN, _("hmac mismatch (remote %x <=> local %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
   else
     return true;
 
@@ -599,8 +600,8 @@
     {
       retry_cnt = 0;
       establish_connection.start (NOW + 5);
-      keepalive.reset ();
-      rekey.reset ();
+      keepalive.stop ();
+      rekey.stop ();
     }
 }
 
@@ -676,13 +677,8 @@
   auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
 
   rsachallenge chg;
-
   rsa_cache.gen (pkt->id, chg);
-
-  if (0 > RSA_public_encrypt (sizeof chg,
-                              (unsigned char *)&chg, (unsigned char *)&pkt->encr,
-                              conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
-    fatal ("RSA_public_encrypt error");
+  rsa_encrypt (conf->rsa_key, chg, pkt->encr);
 
   slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
 
@@ -726,18 +722,18 @@
 void
 connection::establish_connection_cb (time_watcher &w)
 {
-  if (ictx || conf == THISNODE
-      || connectmode == conf_node::C_NEVER
-      || connectmode == conf_node::C_DISABLED)
-    w.at = TSTAMP_CANCEL;
-  else if (w.at <= NOW)
+  if (!ictx
+      && conf != THISNODE
+      && connectmode != conf_node::C_NEVER
+      && connectmode != conf_node::C_DISABLED
+      && NOW > w.at)
     {
       double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6;
 
       if (retry_int < 3600 * 8)
         retry_cnt++;
 
-      w.at = NOW + retry_int;
+      w.start (NOW + retry_int);
 
       reset_si ();
 
@@ -778,9 +774,9 @@
   last_activity = 0;
   retry_cnt = 0;
 
-  rekey.reset ();
-  keepalive.reset ();
-  establish_connection.reset ();
+  rekey.stop ();
+  keepalive.stop ();
+  establish_connection.stop ();
 }
 
 void
@@ -795,25 +791,21 @@
 void
 connection::rekey_cb (time_watcher &w)
 {
-  w.at = TSTAMP_CANCEL;
-
   reset_connection ();
   establish_connection ();
 }
 
 void
-connection::send_data_packet (tap_packet *pkt, bool broadcast)
+connection::send_data_packet (tap_packet *pkt)
 {
   vpndata_packet *p = new vpndata_packet;
   int tos = 0;
 
   // I am not hilarious about peeking into packets, but so be it.
-  if (conf->inherit_tos
-      && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
-      && ((*pkt)[14] & 0xf0) == 0x40)             // IPv4
+  if (conf->inherit_tos && pkt->is_ipv4 ())
     tos = (*pkt)[15] & IPTOS_TOS_MASK;
 
-  p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
+  p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
   send_vpn_packet (p, si, tos);
 
   delete p;
@@ -823,10 +815,10 @@
 }
 
 void
-connection::inject_data_packet (tap_packet *pkt, bool broadcast)
+connection::inject_data_packet (tap_packet *pkt, bool broadcast/*TODO DDD*/)
 {
   if (ictx && octx)
-    send_data_packet (pkt, broadcast);
+    send_data_packet (pkt);
   else
     {
       if (!broadcast)//DDDD
@@ -911,11 +903,12 @@
 
                 rsachallenge k;
 
-                if (0 > RSA_private_decrypt (sizeof (p->encr),
-                                             (unsigned char *)&p->encr, (unsigned char *)&k,
-                                             ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
-                  slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
-                        conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
+                if (!rsa_decrypt (::conf.rsa_key, p->encr, k))
+                  {
+                    slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
+                          conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
+                    break;
+                  }
                 else
                   {
                     delete octx;
@@ -1039,15 +1032,6 @@
                   {
                     vpn->tap->send (d);
 
-                    if (p->dst () == 0) // re-broadcast
-                      for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
-                        {
-                          connection *c = *i;
-
-                          if (c->conf != THISNODE && c->conf != conf)
-                            c->inject_data_packet (d);
-                        }
-
                     if (si != rsi)
                       {
                         // fast re-sync on connection changes, useful especially for tcp/ip
@@ -1130,17 +1114,17 @@
       establish_connection ();
     }
   else if (NOW < last_activity + ::conf.keepalive)
-    w.at = last_activity + ::conf.keepalive;
+    w.start (last_activity + ::conf.keepalive);
   else if (conf->connectmode != conf_node::C_ONDEMAND
            || THISNODE->connectmode != conf_node::C_ONDEMAND)
     {
       send_ping (si);
-      w.at = NOW + 5;
+      w.start (NOW + 5);
     }
   else if (NOW < last_activity + ::conf.keepalive + 10)
     // hold ondemand connections implicitly a few seconds longer
     // should delete octx, though, or something like that ;)
-    w.at = last_activity + ::conf.keepalive + 10;
+    w.start (last_activity + ::conf.keepalive + 10);
   else
     reset_connection ();
 }