… | |
… | |
546 | }; |
546 | }; |
547 | |
547 | |
548 | ///////////////////////////////////////////////////////////////////////////// |
548 | ///////////////////////////////////////////////////////////////////////////// |
549 | |
549 | |
550 | void |
550 | void |
551 | connection::reset_dstaddr () |
551 | connection::reset_si () |
552 | { |
552 | { |
553 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
553 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
554 | |
554 | |
555 | // mask out protocols we cannot establish |
555 | // mask out protocols we cannot establish |
556 | if (!conf->udp_port) protocol &= ~PROT_UDPv4; |
556 | if (!conf->udp_port) protocol &= ~PROT_UDPv4; |
557 | if (!conf->tcp_port) protocol &= ~PROT_TCPv4; |
557 | if (!conf->tcp_port) protocol &= ~PROT_TCPv4; |
558 | |
558 | |
559 | si.set (conf, protocol); |
559 | si.set (conf, protocol); |
|
|
560 | } |
|
|
561 | |
|
|
562 | // ensure sockinfo is valid, forward if necessary |
|
|
563 | const sockinfo & |
|
|
564 | connection::forward_si (const sockinfo &si) const |
|
|
565 | { |
|
|
566 | if (!si.valid ()) |
|
|
567 | { |
|
|
568 | connection *r = vpn->find_router (); |
|
|
569 | |
|
|
570 | if (r) |
|
|
571 | { |
|
|
572 | slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s"), |
|
|
573 | conf->nodename, r->conf->nodename); |
|
|
574 | return r->si; |
|
|
575 | } |
|
|
576 | else |
|
|
577 | slog (L_DEBUG, _("%s: node unreachable, no common protocol"), |
|
|
578 | conf->nodename); |
|
|
579 | } |
|
|
580 | |
|
|
581 | return si; |
560 | } |
582 | } |
561 | |
583 | |
562 | void |
584 | void |
563 | connection::send_ping (const sockinfo &si, u8 pong) |
585 | connection::send_ping (const sockinfo &si, u8 pong) |
564 | { |
586 | { |
… | |
… | |
598 | conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) |
620 | conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) |
599 | fatal ("RSA_public_encrypt error"); |
621 | fatal ("RSA_public_encrypt error"); |
600 | |
622 | |
601 | slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); |
623 | slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); |
602 | |
624 | |
603 | vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly |
625 | vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly |
|
|
626 | |
604 | |
627 | |
605 | delete pkt; |
628 | delete pkt; |
606 | } |
629 | } |
607 | |
630 | |
608 | void |
631 | void |
… | |
… | |
651 | if (retry_int < 3600 * 8) |
674 | if (retry_int < 3600 * 8) |
652 | retry_cnt++; |
675 | retry_cnt++; |
653 | |
676 | |
654 | w.at = NOW + retry_int; |
677 | w.at = NOW + retry_int; |
655 | |
678 | |
656 | if (conf->hostname) |
679 | reset_si (); |
|
|
680 | |
|
|
681 | if (si.prot && !si.host) |
|
|
682 | vpn->connect_request (conf->id); |
|
|
683 | else |
657 | { |
684 | { |
658 | reset_dstaddr (); |
685 | const sockinfo &dsi = forward_si (si); |
659 | |
686 | |
660 | if (si.valid () && auth_rate_limiter.can (si)) |
687 | if (dsi.valid () && auth_rate_limiter.can (dsi)) |
661 | { |
688 | { |
662 | if (retry_cnt < 4) |
689 | if (retry_cnt < 4) |
663 | send_auth_request (si, true); |
690 | send_auth_request (dsi, true); |
664 | else |
691 | else |
665 | send_ping (si, 0); |
692 | send_ping (dsi, 0); |
666 | } |
693 | } |
667 | } |
694 | } |
668 | else |
|
|
669 | vpn->connect_request (conf->id); |
|
|
670 | } |
695 | } |
671 | } |
696 | } |
672 | |
697 | |
673 | void |
698 | void |
674 | connection::reset_connection () |
699 | connection::reset_connection () |
… | |
… | |
743 | if (!broadcast)//DDDD |
768 | if (!broadcast)//DDDD |
744 | queue.put (new tap_packet (*pkt)); |
769 | queue.put (new tap_packet (*pkt)); |
745 | |
770 | |
746 | establish_connection (); |
771 | establish_connection (); |
747 | } |
772 | } |
|
|
773 | } |
|
|
774 | |
|
|
775 | void connection::inject_vpn_packet (vpn_packet *pkt, int tos) |
|
|
776 | { |
|
|
777 | if (ictx && octx) |
|
|
778 | vpn->send_vpn_packet (pkt, si, tos); |
|
|
779 | else |
|
|
780 | establish_connection (); |
748 | } |
781 | } |
749 | |
782 | |
750 | void |
783 | void |
751 | connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
784 | connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) |
752 | { |
785 | { |
… | |
… | |
1004 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1037 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1005 | p->si.upgrade_protocol (protocol, c->conf); |
1038 | p->si.upgrade_protocol (protocol, c->conf); |
1006 | |
1039 | |
1007 | slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", |
1040 | slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", |
1008 | conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); |
1041 | conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); |
1009 | //slog (L_ERR, "%d PROTOCL(C%x,T%x,0S%x,S%x,P%x,SP%x)", |
|
|
1010 | // p->id, c->conf->protocols, THISNODE->protocols, p->si.supported_protocols(0), p->si.supported_protocols (c->conf), |
|
|
1011 | // protocol, p->si.prot); |
|
|
1012 | |
1042 | |
|
|
1043 | const sockinfo &dsi = forward_si (p->si); |
|
|
1044 | |
|
|
1045 | if (dsi.valid ()) |
1013 | c->send_auth_request (p->si, true); |
1046 | c->send_auth_request (dsi, true); |
1014 | } |
1047 | } |
1015 | |
1048 | |
1016 | break; |
1049 | break; |
1017 | |
1050 | |
1018 | default: |
1051 | default: |