ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.8 by pcg, Sun Apr 6 04:17:36 2003 UTC vs.
Revision 1.23 by pcg, Wed Oct 22 00:42:53 2003 UTC

1/* 1/*
2 connection.C -- manage a single connection 2 connection.C -- manage a single connection
3 Copyright (C) 2003 Marc Lehmann <pcg@goof.com>
3 4
4 This program is free software; you can redistribute it and/or modify 5 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by 6 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or 7 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version. 8 (at your option) any later version.
35#include "slog.h" 36#include "slog.h"
36#include "device.h" 37#include "device.h"
37#include "vpn.h" 38#include "vpn.h"
38#include "connection.h" 39#include "connection.h"
39 40
41#include "netcompat.h"
42
40#if !HAVE_RAND_PSEUDO_BYTES 43#if !HAVE_RAND_PSEUDO_BYTES
41# define RAND_pseudo_bytes RAND_bytes 44# define RAND_pseudo_bytes RAND_bytes
42#endif 45#endif
43 46
44#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic 47#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic
147 } 150 }
148} 151}
149 152
150////////////////////////////////////////////////////////////////////////////// 153//////////////////////////////////////////////////////////////////////////////
151 154
152void pkt_queue::put (tap_packet *p) 155void pkt_queue::put (net_packet *p)
153{ 156{
154 if (queue[i]) 157 if (queue[i])
155 { 158 {
156 delete queue[i]; 159 delete queue[i];
157 j = (j + 1) % QUEUEDEPTH; 160 j = (j + 1) % QUEUEDEPTH;
160 queue[i] = p; 163 queue[i] = p;
161 164
162 i = (i + 1) % QUEUEDEPTH; 165 i = (i + 1) % QUEUEDEPTH;
163} 166}
164 167
165tap_packet *pkt_queue::get () 168net_packet *pkt_queue::get ()
166{ 169{
167 tap_packet *p = queue[j]; 170 net_packet *p = queue[j];
168 171
169 if (p) 172 if (p)
170 { 173 {
171 queue[j] = 0; 174 queue[j] = 0;
172 j = (j + 1) % QUEUEDEPTH; 175 j = (j + 1) % QUEUEDEPTH;
197// only do action once every x seconds per host whole allowing bursts. 200// only do action once every x seconds per host whole allowing bursts.
198// this implementation ("splay list" ;) is inefficient, 201// this implementation ("splay list" ;) is inefficient,
199// but low on resources. 202// but low on resources.
200struct net_rate_limiter : list<net_rateinfo> 203struct net_rate_limiter : list<net_rateinfo>
201{ 204{
202 static const double ALPHA = 1. - 1. / 90.; // allow bursts 205 static const double ALPHA = 1. - 1. / 600.; // allow bursts
203 static const double CUTOFF = 20.; // one event every CUTOFF seconds 206 static const double CUTOFF = 10.; // one event every CUTOFF seconds
204 static const double EXPIRE = CUTOFF * 30.; // expire entries after this time 207 static const double EXPIRE = CUTOFF * 30.; // expire entries after this time
208 static const double MAXDIF = CUTOFF * (1. / (1. - ALPHA)); // maximum diff /count value
205 209
206 bool can (const sockinfo &si) { return can((u32)si.host); } 210 bool can (const sockinfo &si) { return can((u32)si.host); }
207 bool can (u32 host); 211 bool can (u32 host);
208}; 212};
209 213
210net_rate_limiter auth_rate_limiter, reset_rate_limiter; 214net_rate_limiter auth_rate_limiter, reset_rate_limiter;
211 215
225 { 229 {
226 net_rateinfo ri; 230 net_rateinfo ri;
227 231
228 ri.host = host; 232 ri.host = host;
229 ri.pcnt = 1.; 233 ri.pcnt = 1.;
230 ri.diff = CUTOFF * (1. / (1. - ALPHA)); 234 ri.diff = MAXDIF;
231 ri.last = NOW; 235 ri.last = NOW;
232 236
233 push_front (ri); 237 push_front (ri);
234 238
235 return true; 239 return true;
242 ri.pcnt = ri.pcnt * ALPHA; 246 ri.pcnt = ri.pcnt * ALPHA;
243 ri.diff = ri.diff * ALPHA + (NOW - ri.last); 247 ri.diff = ri.diff * ALPHA + (NOW - ri.last);
244 248
245 ri.last = NOW; 249 ri.last = NOW;
246 250
251 double dif = ri.diff / ri.pcnt;
252
247 bool send = ri.diff / ri.pcnt > CUTOFF; 253 bool send = dif > CUTOFF;
248 254
255 if (dif > MAXDIF)
256 {
257 ri.pcnt = 1.;
258 ri.diff = MAXDIF;
259 }
249 if (send) 260 else if (send)
250 ri.pcnt++; 261 ri.pcnt++;
251 262
252 push_front (ri); 263 push_front (ri);
253 264
254 return send; 265 return send;
467 set_hdr (type, dst); 478 set_hdr (type, dst);
468} 479}
469 480
470bool config_packet::chk_config () const 481bool config_packet::chk_config () const
471{ 482{
472 return prot_major == PROTOCOL_MAJOR 483 if (prot_major != PROTOCOL_MAJOR)
473 && randsize == RAND_SIZE 484 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
474 && hmaclen == HMACLENGTH 485 else if (randsize != RAND_SIZE)
475 && flags == curflags () 486 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
487 else if (hmaclen != HMACLENGTH)
488 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
489 else if (flags != curflags ())
490 slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
476 && challengelen == sizeof (rsachallenge) 491 else if (challengelen != sizeof (rsachallenge))
492 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
477 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER)) 493 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
494 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
478 && digest_nid == htonl (EVP_MD_type (RSA_HASH)) 495 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
496 slog (L_WARN, _("digest mismatch (remote %x <=> local %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
479 && hmac_nid == htonl (EVP_MD_type (DIGEST)); 497 else if (hmac_nid != htonl (EVP_MD_type (DIGEST)))
498 slog (L_WARN, _("hmac mismatch (remote %x <=> local %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
499 else
500 return true;
501
502 return false;
480} 503}
481 504
482struct auth_req_packet : config_packet 505struct auth_req_packet : config_packet
483{ 506{
484 char magic[8]; 507 char magic[8];
544 len = sizeof (*this) - sizeof (net_packet); 567 len = sizeof (*this) - sizeof (net_packet);
545 } 568 }
546}; 569};
547 570
548///////////////////////////////////////////////////////////////////////////// 571/////////////////////////////////////////////////////////////////////////////
572
573void
574connection::connection_established ()
575{
576 if (ictx && octx)
577 {
578 connectmode = conf->connectmode;
579
580 rekey.start (NOW + ::conf.rekey);
581 keepalive.start (NOW + ::conf.keepalive);
582
583 // send queued packets
584 if (ictx && octx)
585 {
586 while (tap_packet *p = (tap_packet *)data_queue.get ())
587 {
588 send_data_packet (p);
589 delete p;
590 }
591
592 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
593 {
594 send_vpn_packet (p, si, IPTOS_RELIABILITY);
595 delete p;
596 }
597 }
598 }
599 else
600 {
601 retry_cnt = 0;
602 establish_connection.start (NOW + 5);
603 keepalive.reset ();
604 rekey.reset ();
605 }
606}
549 607
550void 608void
551connection::reset_si () 609connection::reset_si ()
552{ 610{
553 protocol = best_protocol (THISNODE->protocols & conf->protocols); 611 protocol = best_protocol (THISNODE->protocols & conf->protocols);
580 638
581 return si; 639 return si;
582} 640}
583 641
584void 642void
643connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
644{
645 if (!vpn->send_vpn_packet (pkt, si, tos))
646 reset_connection ();
647}
648
649void
585connection::send_ping (const sockinfo &si, u8 pong) 650connection::send_ping (const sockinfo &si, u8 pong)
586{ 651{
587 ping_packet *pkt = new ping_packet; 652 ping_packet *pkt = new ping_packet;
588 653
589 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); 654 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
590 vpn->send_vpn_packet (pkt, si, IPTOS_LOWDELAY); 655 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
591 656
592 delete pkt; 657 delete pkt;
593} 658}
594 659
595void 660void
598 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED) 663 if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
599 { 664 {
600 config_packet *pkt = new config_packet; 665 config_packet *pkt = new config_packet;
601 666
602 pkt->setup (vpn_packet::PT_RESET, conf->id); 667 pkt->setup (vpn_packet::PT_RESET, conf->id);
603 vpn->send_vpn_packet (pkt, si, IPTOS_MINCOST); 668 send_vpn_packet (pkt, si, IPTOS_MINCOST);
604 669
605 delete pkt; 670 delete pkt;
606 } 671 }
607} 672}
608 673
620 conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) 685 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
621 fatal ("RSA_public_encrypt error"); 686 fatal ("RSA_public_encrypt error");
622 687
623 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); 688 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
624 689
625 vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly 690 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
626
627 691
628 delete pkt; 692 delete pkt;
629} 693}
630 694
631void 695void
639 703
640 pkt->hmac_set (octx); 704 pkt->hmac_set (octx);
641 705
642 slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si); 706 slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si);
643 707
644 vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly 708 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
645 709
646 delete pkt; 710 delete pkt;
647} 711}
648 712
649void 713void
653 conf->id, rid, (const char *)rsi); 717 conf->id, rid, (const char *)rsi);
654 718
655 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols); 719 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
656 720
657 r->hmac_set (octx); 721 r->hmac_set (octx);
658 vpn->send_vpn_packet (r, si); 722 send_vpn_packet (r, si);
659 723
660 delete r; 724 delete r;
661} 725}
662 726
663void 727void
677 w.at = NOW + retry_int; 741 w.at = NOW + retry_int;
678 742
679 reset_si (); 743 reset_si ();
680 744
681 if (si.prot && !si.host) 745 if (si.prot && !si.host)
682 vpn->connect_request (conf->id); 746 vpn->send_connect_request (conf->id);
683 else 747 else
684 { 748 {
685 const sockinfo &dsi = forward_si (si); 749 const sockinfo &dsi = forward_si (si);
686 750
687 if (dsi.valid () && auth_rate_limiter.can (dsi)) 751 if (dsi.valid () && auth_rate_limiter.can (dsi))
737 reset_connection (); 801 reset_connection ();
738 establish_connection (); 802 establish_connection ();
739} 803}
740 804
741void 805void
742connection::send_data_packet (tap_packet *pkt, bool broadcast) 806connection::send_data_packet (tap_packet *pkt)
743{ 807{
744 vpndata_packet *p = new vpndata_packet; 808 vpndata_packet *p = new vpndata_packet;
745 int tos = 0; 809 int tos = 0;
746 810
747 if (conf->inherit_tos 811 // I am not hilarious about peeking into packets, but so be it.
748 && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP 812 if (conf->inherit_tos && pkt->is_ipv4 ())
749 && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
750 tos = (*pkt)[15] & IPTOS_TOS_MASK; 813 tos = (*pkt)[15] & IPTOS_TOS_MASK;
751 814
752 p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs 815 p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
753 vpn->send_vpn_packet (p, si, tos); 816 send_vpn_packet (p, si, tos);
754 817
755 delete p; 818 delete p;
756 819
757 if (oseqno > MAX_SEQNO) 820 if (oseqno > MAX_SEQNO)
758 rekey (); 821 rekey ();
759} 822}
760 823
761void 824void
762connection::inject_data_packet (tap_packet *pkt, bool broadcast) 825connection::inject_data_packet (tap_packet *pkt, bool broadcast/*TODO DDD*/)
763{ 826{
764 if (ictx && octx) 827 if (ictx && octx)
765 send_data_packet (pkt, broadcast); 828 send_data_packet (pkt);
766 else 829 else
767 { 830 {
768 if (!broadcast)//DDDD 831 if (!broadcast)//DDDD
769 queue.put (new tap_packet (*pkt)); 832 data_queue.put (new tap_packet (*pkt));
770 833
771 establish_connection (); 834 establish_connection ();
772 } 835 }
773} 836}
774 837
775void connection::inject_vpn_packet (vpn_packet *pkt, int tos) 838void connection::inject_vpn_packet (vpn_packet *pkt, int tos)
776{ 839{
777 if (ictx && octx) 840 if (ictx && octx)
778 vpn->send_vpn_packet (pkt, si, tos); 841 send_vpn_packet (pkt, si, tos);
779 else 842 else
843 {
844 vpn_queue.put (new vpn_packet (*pkt));
845
780 establish_connection (); 846 establish_connection ();
847 }
781} 848}
782 849
783void 850void
784connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) 851connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
785{ 852{
844 rsachallenge k; 911 rsachallenge k;
845 912
846 if (0 > RSA_private_decrypt (sizeof (p->encr), 913 if (0 > RSA_private_decrypt (sizeof (p->encr),
847 (unsigned char *)&p->encr, (unsigned char *)&k, 914 (unsigned char *)&p->encr, (unsigned char *)&k,
848 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING)) 915 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
916 {
849 slog (L_ERR, _("%s(%s): challenge illegal or corrupted"), 917 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
850 conf->nodename, (const char *)rsi); 918 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
919 break;
920 }
851 else 921 else
852 { 922 {
853 retry_cnt = 0;
854 establish_connection.start (NOW + 8); //? ;)
855 keepalive.reset ();
856 rekey.reset ();
857
858 delete ictx;
859 ictx = 0;
860
861 delete octx; 923 delete octx;
862 924
863 octx = new crypto_ctx (k, 1); 925 octx = new crypto_ctx (k, 1);
864 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; 926 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
865 927
866 conf->protocols = p->protocols; 928 conf->protocols = p->protocols;
929
867 send_auth_response (rsi, p->id, k); 930 send_auth_response (rsi, p->id, k);
931
932 connection_established ();
868 933
869 break; 934 break;
870 } 935 }
871 } 936 }
937 else
938 slog (L_WARN, _("%s(%s): protocol mismatch"),
939 conf->nodename, (const char *)rsi);
872 940
873 send_reset (rsi); 941 send_reset (rsi);
874 } 942 }
875 943
876 break; 944 break;
889 PROTOCOL_MINOR, conf->nodename, p->prot_minor); 957 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
890 958
891 rsachallenge chg; 959 rsachallenge chg;
892 960
893 if (!rsa_cache.find (p->id, chg)) 961 if (!rsa_cache.find (p->id, chg))
962 {
894 slog (L_ERR, _("%s(%s): unrequested auth response"), 963 slog (L_ERR, _("%s(%s): unrequested auth response ignored"),
895 conf->nodename, (const char *)rsi); 964 conf->nodename, (const char *)rsi);
965 break;
966 }
896 else 967 else
897 { 968 {
898 crypto_ctx *cctx = new crypto_ctx (chg, 0); 969 crypto_ctx *cctx = new crypto_ctx (chg, 0);
899 970
900 if (!p->hmac_chk (cctx)) 971 if (!p->hmac_chk (cctx))
972 {
901 slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n" 973 slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n"
902 "could be an attack, or just corruption or an synchronization error"), 974 "could be an attack, or just corruption or an synchronization error"),
903 conf->nodename, (const char *)rsi); 975 conf->nodename, (const char *)rsi);
976 break;
977 }
904 else 978 else
905 { 979 {
906 rsaresponse h; 980 rsaresponse h;
907 981
908 rsa_hash (p->id, chg, h); 982 rsa_hash (p->id, chg, h);
916 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid 990 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
917 991
918 si = rsi; 992 si = rsi;
919 protocol = rsi.prot; 993 protocol = rsi.prot;
920 994
921 rekey.start (NOW + ::conf.rekey); 995 connection_established ();
922 keepalive.start (NOW + ::conf.keepalive);
923
924 // send queued packets
925 while (tap_packet *p = queue.get ())
926 {
927 send_data_packet (p);
928 delete p;
929 }
930
931 connectmode = conf->connectmode;
932 996
933 slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"), 997 slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"),
934 conf->nodename, (const char *)rsi, 998 conf->nodename, (const char *)rsi,
935 p->prot_major, p->prot_minor); 999 p->prot_major, p->prot_minor);
936 1000
962 1026
963 if (ictx && octx) 1027 if (ictx && octx)
964 { 1028 {
965 vpndata_packet *p = (vpndata_packet *)pkt; 1029 vpndata_packet *p = (vpndata_packet *)pkt;
966 1030
967 if (rsi == si) 1031 if (!p->hmac_chk (ictx))
1032 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
1033 "could be an attack, or just corruption or an synchronization error"),
1034 conf->nodename, (const char *)rsi);
1035 else
968 { 1036 {
969 if (!p->hmac_chk (ictx))
970 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
971 "could be an attack, or just corruption or an synchronization error"),
972 conf->nodename, (const char *)rsi);
973 else 1037 u32 seqno;
1038 tap_packet *d = p->unpack (this, seqno);
1039
1040 if (iseqno.recv_ok (seqno))
974 { 1041 {
975 u32 seqno; 1042 vpn->tap->send (d);
976 tap_packet *d = p->unpack (this, seqno);
977 1043
978 if (iseqno.recv_ok (seqno)) 1044 if (si != rsi)
979 { 1045 {
980 vpn->tap->send (d); 1046 // fast re-sync on connection changes, useful especially for tcp/ip
981
982 if (p->dst () == 0) // re-broadcast
983 for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
984 {
985 connection *c = *i;
986
987 if (c->conf != THISNODE && c->conf != conf)
988 c->inject_data_packet (d);
989 }
990
991 delete d;
992
993 break; 1047 si = rsi;
1048
1049 slog (L_INFO, _("%s(%s): socket address changed to %s"),
1050 conf->nodename, (const char *)si, (const char *)rsi);
994 } 1051 }
1052
1053 delete d;
1054
1055 break;
995 } 1056 }
996 } 1057 }
997 else
998 slog (L_ERR, _("received data packet from unknown source %s"), (const char *)rsi);
999 } 1058 }
1000 1059
1001 send_reset (rsi); 1060 send_reset (rsi);
1002 break; 1061 break;
1003 1062
1018 // send connect_info packets to both sides, in case one is 1077 // send connect_info packets to both sides, in case one is
1019 // behind a nat firewall (or both ;) 1078 // behind a nat firewall (or both ;)
1020 c->send_connect_info (conf->id, si, conf->protocols); 1079 c->send_connect_info (conf->id, si, conf->protocols);
1021 send_connect_info (c->conf->id, c->si, c->conf->protocols); 1080 send_connect_info (c->conf->id, c->si, c->conf->protocols);
1022 } 1081 }
1082 else
1083 c->establish_connection ();
1023 } 1084 }
1024 1085
1025 break; 1086 break;
1026 1087
1027 case vpn_packet::PT_CONNECT_INFO: 1088 case vpn_packet::PT_CONNECT_INFO:
1067 || THISNODE->connectmode != conf_node::C_ONDEMAND) 1128 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1068 { 1129 {
1069 send_ping (si); 1130 send_ping (si);
1070 w.at = NOW + 5; 1131 w.at = NOW + 5;
1071 } 1132 }
1133 else if (NOW < last_activity + ::conf.keepalive + 10)
1134 // hold ondemand connections implicitly a few seconds longer
1135 // should delete octx, though, or something like that ;)
1136 w.at = last_activity + ::conf.keepalive + 10;
1072 else 1137 else
1073 reset_connection (); 1138 reset_connection ();
1074} 1139}
1075 1140
1076void connection::connect_request (int id) 1141void connection::send_connect_request (int id)
1077{ 1142{
1078 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); 1143 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);
1079 1144
1080 slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id); 1145 slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);
1081 p->hmac_set (octx); 1146 p->hmac_set (octx);
1082 vpn->send_vpn_packet (p, si); 1147 send_vpn_packet (p, si);
1083 1148
1084 delete p; 1149 delete p;
1085} 1150}
1086 1151
1087void connection::script_node () 1152void connection::script_node ()

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines