ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.46 by pcg, Sat Mar 5 19:13:15 2005 UTC vs.
Revision 1.50 by pcg, Fri Mar 18 01:53:05 2005 UTC

28#include <openssl/rand.h> 28#include <openssl/rand.h>
29#include <openssl/evp.h> 29#include <openssl/evp.h>
30#include <openssl/rsa.h> 30#include <openssl/rsa.h>
31#include <openssl/err.h> 31#include <openssl/err.h>
32 32
33#include "gettext.h"
34
35#include "conf.h" 33#include "conf.h"
36#include "slog.h" 34#include "slog.h"
37#include "device.h" 35#include "device.h"
38#include "vpn.h" 36#include "vpn.h"
39#include "connection.h" 37#include "connection.h"
478{ 476{
479 prot_major = PROTOCOL_MAJOR; 477 prot_major = PROTOCOL_MAJOR;
480 prot_minor = PROTOCOL_MINOR; 478 prot_minor = PROTOCOL_MINOR;
481 randsize = RAND_SIZE; 479 randsize = RAND_SIZE;
482 hmaclen = HMACLENGTH; 480 hmaclen = HMACLENGTH;
483 flags = ENABLE_COMPRESSION ? 0x81 : 0x80; 481 flags = 0;
484 challengelen = sizeof (rsachallenge); 482 challengelen = sizeof (rsachallenge);
485 features = get_features (); 483 features = get_features ();
486 484
487 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER)); 485 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
488 digest_nid = htonl (EVP_MD_type (RSA_HASH)); 486 digest_nid = htonl (EVP_MD_type (RSA_HASH));
498 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR); 496 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
499 else if (randsize != RAND_SIZE) 497 else if (randsize != RAND_SIZE)
500 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE); 498 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
501 else if (hmaclen != HMACLENGTH) 499 else if (hmaclen != HMACLENGTH)
502 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH); 500 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
503#if 0 // this implementation should handle all flag settings
504 else if (flags != curflags ())
505 slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
506#endif
507 else if (challengelen != sizeof (rsachallenge)) 501 else if (challengelen != sizeof (rsachallenge))
508 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge)); 502 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
509 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER))) 503 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
510 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER)); 504 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
511 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH))) 505 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
745 && conf != THISNODE 739 && conf != THISNODE
746 && connectmode != conf_node::C_NEVER 740 && connectmode != conf_node::C_NEVER
747 && connectmode != conf_node::C_DISABLED 741 && connectmode != conf_node::C_DISABLED
748 && NOW > w.at) 742 && NOW > w.at)
749 { 743 {
750 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6; 744 w.at = TSTAMP_MAX; // first disable this watcher in case of recursion
751 745
752 if (retry_int < conf->max_retry) 746 double retry_int = double (retry_cnt & 3
753 retry_cnt++; 747 ? (retry_cnt & 3) + 1
754 else 748 : 1 << (retry_cnt >> 2));
755 retry_int = conf->max_retry;
756
757 w.start (NOW + retry_int);
758 749
759 reset_si (); 750 reset_si ();
751
752 bool slow = si.prot & PROT_SLOW;
760 753
761 if (si.prot && !si.host) 754 if (si.prot && !si.host)
762 vpn->send_connect_request (conf->id); 755 vpn->send_connect_request (conf->id);
763 else 756 else
764 { 757 {
765 const sockinfo &dsi = forward_si (si); 758 const sockinfo &dsi = forward_si (si);
759
760 slow = slow || (dsi.prot & PROT_SLOW);
766 761
767 if (dsi.valid () && auth_rate_limiter.can (dsi)) 762 if (dsi.valid () && auth_rate_limiter.can (dsi))
768 { 763 {
769 if (retry_cnt < 4) 764 if (retry_cnt < 4)
770 send_auth_request (dsi, true); 765 send_auth_request (dsi, true);
771 else 766 else
772 send_ping (dsi, 0); 767 send_ping (dsi, 0);
773 } 768 }
774 } 769 }
770
771 retry_int *= slow ? 8. : 0.7;
772
773 if (retry_int < conf->max_retry)
774 retry_cnt++;
775 else
776 retry_int = conf->max_retry;
777
778 w.start (NOW + retry_int);
775 } 779 }
776} 780}
777 781
778void 782void
779connection::reset_connection () 783connection::reset_connection ()
938 delete octx; 942 delete octx;
939 943
940 octx = new crypto_ctx (k, 1); 944 octx = new crypto_ctx (k, 1);
941 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; 945 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
942 946
943 // compatibility code, remove when no longer required
944 if (p->flags & 1) p->features |= FEATURE_COMPRESSION;
945
946 conf->protocols = p->protocols; 947 conf->protocols = p->protocols;
947 features = p->features & config_packet::get_features (); 948 features = p->features & config_packet::get_features ();
948 949
949 send_auth_response (rsi, p->id, k); 950 send_auth_response (rsi, p->id, k);
950 951

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines