[ViewVC] Diff of: cvs/gvpe/src/connection.C

Comparing gvpe/src/connection.C (file contents):
Revision 1.8 by pcg, Sun Apr 6 04:17:36 2003 UTC vs.
Revision 1.24 by pcg, Wed Oct 22 01:05:23 2003 UTC

…		…
1	/*	1	/*
2	connection.C -- manage a single connection	2	connection.C -- manage a single connection
		3	Copyright (C) 2003 Marc Lehmann <pcg@goof.com>
3		4
4	This program is free software; you can redistribute it and/or modify	5	This program is free software; you can redistribute it and/or modify
5	it under the terms of the GNU General Public License as published by	6	it under the terms of the GNU General Public License as published by
6	the Free Software Foundation; either version 2 of the License, or	7	the Free Software Foundation; either version 2 of the License, or
7	(at your option) any later version.	8	(at your option) any later version.
35	#include "slog.h"	36	#include "slog.h"
36	#include "device.h"	37	#include "device.h"
37	#include "vpn.h"	38	#include "vpn.h"
38	#include "connection.h"	39	#include "connection.h"
39		40
		41	#include "netcompat.h"
		42
40	#if !HAVE_RAND_PSEUDO_BYTES	43	#if !HAVE_RAND_PSEUDO_BYTES
41	# define RAND_pseudo_bytes RAND_bytes	44	# define RAND_pseudo_bytes RAND_bytes
42	#endif	45	#endif
43		46
44	#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic	47	#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic
…		…
147	}	150	}
148	}	151	}
149		152
150	//////////////////////////////////////////////////////////////////////////////	153	//////////////////////////////////////////////////////////////////////////////
151		154
152	void pkt_queue::put (tap_packet *p)	155	void pkt_queue::put (net_packet *p)
153	{	156	{
154	if (queue[i])	157	if (queue[i])
155	{	158	{
156	delete queue[i];	159	delete queue[i];
157	j = (j + 1) % QUEUEDEPTH;	160	j = (j + 1) % QUEUEDEPTH;
…		…
160	queue[i] = p;	163	queue[i] = p;
161		164
162	i = (i + 1) % QUEUEDEPTH;	165	i = (i + 1) % QUEUEDEPTH;
163	}	166	}
164		167
165	tap_packet *pkt_queue::get ()	168	net_packet *pkt_queue::get ()
166	{	169	{
167	tap_packet *p = queue[j];	170	net_packet *p = queue[j];
168		171
169	if (p)	172	if (p)
170	{	173	{
171	queue[j] = 0;	174	queue[j] = 0;
172	j = (j + 1) % QUEUEDEPTH;	175	j = (j + 1) % QUEUEDEPTH;
…		…
197	// only do action once every x seconds per host whole allowing bursts.	200	// only do action once every x seconds per host whole allowing bursts.
198	// this implementation ("splay list" ;) is inefficient,	201	// this implementation ("splay list" ;) is inefficient,
199	// but low on resources.	202	// but low on resources.
200	struct net_rate_limiter : list<net_rateinfo>	203	struct net_rate_limiter : list<net_rateinfo>
201	{	204	{
202	static const double ALPHA = 1. - 1. / 90.; // allow bursts	205	static const double ALPHA = 1. - 1. / 600.; // allow bursts
203	static const double CUTOFF = 20.; // one event every CUTOFF seconds	206	static const double CUTOFF = 10.; // one event every CUTOFF seconds
204	static const double EXPIRE = CUTOFF * 30.; // expire entries after this time	207	static const double EXPIRE = CUTOFF * 30.; // expire entries after this time
		208	static const double MAXDIF = CUTOFF * (1. / (1. - ALPHA)); // maximum diff /count value
205		209
206	bool can (const sockinfo &si) { return can((u32)si.host); }	210	bool can (const sockinfo &si) { return can((u32)si.host); }
207	bool can (u32 host);	211	bool can (u32 host);
208	};	212	};
209		213
210	net_rate_limiter auth_rate_limiter, reset_rate_limiter;	214	net_rate_limiter auth_rate_limiter, reset_rate_limiter;
211		215
…		…
225	{	229	{
226	net_rateinfo ri;	230	net_rateinfo ri;
227		231
228	ri.host = host;	232	ri.host = host;
229	ri.pcnt = 1.;	233	ri.pcnt = 1.;
230	ri.diff = CUTOFF * (1. / (1. - ALPHA));	234	ri.diff = MAXDIF;
231	ri.last = NOW;	235	ri.last = NOW;
232		236
233	push_front (ri);	237	push_front (ri);
234		238
235	return true;	239	return true;
…		…
242	ri.pcnt = ri.pcnt * ALPHA;	246	ri.pcnt = ri.pcnt * ALPHA;
243	ri.diff = ri.diff * ALPHA + (NOW - ri.last);	247	ri.diff = ri.diff * ALPHA + (NOW - ri.last);
244		248
245	ri.last = NOW;	249	ri.last = NOW;
246		250
		251	double dif = ri.diff / ri.pcnt;
		252
247	bool send = ri.diff / ri.pcnt > CUTOFF;	253	bool send = dif > CUTOFF;
248		254
		255	if (dif > MAXDIF)
		256	{
		257	ri.pcnt = 1.;
		258	ri.diff = MAXDIF;
		259	}
249	if (send)	260	else if (send)
250	ri.pcnt++;	261	ri.pcnt++;
251		262
252	push_front (ri);	263	push_front (ri);
253		264
254	return send;	265	return send;
…		…
467	set_hdr (type, dst);	478	set_hdr (type, dst);
468	}	479	}
469		480
470	bool config_packet::chk_config () const	481	bool config_packet::chk_config () const
471	{	482	{
472	return prot_major == PROTOCOL_MAJOR	483	if (prot_major != PROTOCOL_MAJOR)
473	&& randsize == RAND_SIZE	484	slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR);
474	&& hmaclen == HMACLENGTH	485	else if (randsize != RAND_SIZE)
475	&& flags == curflags ()	486	slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
		487	else if (hmaclen != HMACLENGTH)
		488	slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
		489	else if (flags != curflags ())
		490	slog (L_WARN, _("flag mismatch (remote %x <=> local %x)"), flags, curflags ());
476	&& challengelen == sizeof (rsachallenge)	491	else if (challengelen != sizeof (rsachallenge))
		492	slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
477	&& cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))	493	else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
		494	slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
478	&& digest_nid == htonl (EVP_MD_type (RSA_HASH))	495	else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
		496	slog (L_WARN, _("digest mismatch (remote %x <=> local %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
479	&& hmac_nid == htonl (EVP_MD_type (DIGEST));	497	else if (hmac_nid != htonl (EVP_MD_type (DIGEST)))
		498	slog (L_WARN, _("hmac mismatch (remote %x <=> local %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
		499	else
		500	return true;
		501
		502	return false;
480	}	503	}
481		504
482	struct auth_req_packet : config_packet	505	struct auth_req_packet : config_packet
483	{	506	{
484	char magic[8];	507	char magic[8];
…		…
544	len = sizeof (*this) - sizeof (net_packet);	567	len = sizeof (*this) - sizeof (net_packet);
545	}	568	}
546	};	569	};
547		570
548	/////////////////////////////////////////////////////////////////////////////	571	/////////////////////////////////////////////////////////////////////////////
		572
		573	void
		574	connection::connection_established ()
		575	{
		576	if (ictx && octx)
		577	{
		578	connectmode = conf->connectmode;
		579
		580	rekey.start (NOW + ::conf.rekey);
		581	keepalive.start (NOW + ::conf.keepalive);
		582
		583	// send queued packets
		584	if (ictx && octx)
		585	{
		586	while (tap_packet p = (tap_packet )data_queue.get ())
		587	{
		588	send_data_packet (p);
		589	delete p;
		590	}
		591
		592	while (vpn_packet p = (vpn_packet )vpn_queue.get ())
		593	{
		594	send_vpn_packet (p, si, IPTOS_RELIABILITY);
		595	delete p;
		596	}
		597	}
		598	}
		599	else
		600	{
		601	retry_cnt = 0;
		602	establish_connection.start (NOW + 5);
		603	keepalive.reset ();
		604	rekey.reset ();
		605	}
		606	}
549		607
550	void	608	void
551	connection::reset_si ()	609	connection::reset_si ()
552	{	610	{
553	protocol = best_protocol (THISNODE->protocols & conf->protocols);	611	protocol = best_protocol (THISNODE->protocols & conf->protocols);
…		…
580		638
581	return si;	639	return si;
582	}	640	}
583		641
584	void	642	void
		643	connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
		644	{
		645	if (!vpn->send_vpn_packet (pkt, si, tos))
		646	reset_connection ();
		647	}
		648
		649	void
585	connection::send_ping (const sockinfo &si, u8 pong)	650	connection::send_ping (const sockinfo &si, u8 pong)
586	{	651	{
587	ping_packet *pkt = new ping_packet;	652	ping_packet *pkt = new ping_packet;
588		653
589	pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);	654	pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
590	vpn->send_vpn_packet (pkt, si, IPTOS_LOWDELAY);	655	send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
591		656
592	delete pkt;	657	delete pkt;
593	}	658	}
594		659
595	void	660	void
…		…
598	if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)	663	if (reset_rate_limiter.can (si) && connectmode != conf_node::C_DISABLED)
599	{	664	{
600	config_packet *pkt = new config_packet;	665	config_packet *pkt = new config_packet;
601		666
602	pkt->setup (vpn_packet::PT_RESET, conf->id);	667	pkt->setup (vpn_packet::PT_RESET, conf->id);
603	vpn->send_vpn_packet (pkt, si, IPTOS_MINCOST);	668	send_vpn_packet (pkt, si, IPTOS_MINCOST);
604		669
605	delete pkt;	670	delete pkt;
606	}	671	}
607	}	672	}
608		673
…		…
610	connection::send_auth_request (const sockinfo &si, bool initiate)	675	connection::send_auth_request (const sockinfo &si, bool initiate)
611	{	676	{
612	auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);	677	auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
613		678
614	rsachallenge chg;	679	rsachallenge chg;
615
616	rsa_cache.gen (pkt->id, chg);	680	rsa_cache.gen (pkt->id, chg);
617		681	rsa_encrypt (conf->rsa_key, chg, pkt->encr);
618	if (0 > RSA_public_encrypt (sizeof chg,
619	(unsigned char )&chg, (unsigned char )&pkt->encr,
620	conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
621	fatal ("RSA_public_encrypt error");
622		682
623	slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);	683	slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si);
624		684
625	vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY \| IPTOS_LOWDELAY); // rsa is very very costly	685	send_vpn_packet (pkt, si, IPTOS_RELIABILITY \| IPTOS_LOWDELAY); // rsa is very very costly
626
627		686
628	delete pkt;	687	delete pkt;
629	}	688	}
630		689
631	void	690	void
…		…
639		698
640	pkt->hmac_set (octx);	699	pkt->hmac_set (octx);
641		700
642	slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si);	701	slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si);
643		702
644	vpn->send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly	703	send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
645		704
646	delete pkt;	705	delete pkt;
647	}	706	}
648		707
649	void	708	void
…		…
653	conf->id, rid, (const char *)rsi);	712	conf->id, rid, (const char *)rsi);
654		713
655	connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);	714	connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
656		715
657	r->hmac_set (octx);	716	r->hmac_set (octx);
658	vpn->send_vpn_packet (r, si);	717	send_vpn_packet (r, si);
659		718
660	delete r;	719	delete r;
661	}	720	}
662		721
663	void	722	void
…		…
677	w.at = NOW + retry_int;	736	w.at = NOW + retry_int;
678		737
679	reset_si ();	738	reset_si ();
680		739
681	if (si.prot && !si.host)	740	if (si.prot && !si.host)
682	vpn->connect_request (conf->id);	741	vpn->send_connect_request (conf->id);
683	else	742	else
684	{	743	{
685	const sockinfo &dsi = forward_si (si);	744	const sockinfo &dsi = forward_si (si);
686		745
687	if (dsi.valid () && auth_rate_limiter.can (dsi))	746	if (dsi.valid () && auth_rate_limiter.can (dsi))
…		…
737	reset_connection ();	796	reset_connection ();
738	establish_connection ();	797	establish_connection ();
739	}	798	}
740		799
741	void	800	void
742	connection::send_data_packet (tap_packet *pkt, bool broadcast)	801	connection::send_data_packet (tap_packet *pkt)
743	{	802	{
744	vpndata_packet *p = new vpndata_packet;	803	vpndata_packet *p = new vpndata_packet;
745	int tos = 0;	804	int tos = 0;
746		805
747	if (conf->inherit_tos	806	// I am not hilarious about peeking into packets, but so be it.
748	&& (pkt)[12] == 0x08 && (pkt)[13] == 0x00 // IP	807	if (conf->inherit_tos && pkt->is_ipv4 ())
749	&& ((*pkt)[14] & 0xf0) == 0x40) // IPv4
750	tos = (*pkt)[15] & IPTOS_TOS_MASK;	808	tos = (*pkt)[15] & IPTOS_TOS_MASK;
751		809
752	p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs	810	p->setup (this, conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
753	vpn->send_vpn_packet (p, si, tos);	811	send_vpn_packet (p, si, tos);
754		812
755	delete p;	813	delete p;
756		814
757	if (oseqno > MAX_SEQNO)	815	if (oseqno > MAX_SEQNO)
758	rekey ();	816	rekey ();
759	}	817	}
760		818
761	void	819	void
762	connection::inject_data_packet (tap_packet *pkt, bool broadcast)	820	connection::inject_data_packet (tap_packet pkt, bool broadcast/TODO DDD*/)
763	{	821	{
764	if (ictx && octx)	822	if (ictx && octx)
765	send_data_packet (pkt, broadcast);	823	send_data_packet (pkt);
766	else	824	else
767	{	825	{
768	if (!broadcast)//DDDD	826	if (!broadcast)//DDDD
769	queue.put (new tap_packet (*pkt));	827	data_queue.put (new tap_packet (*pkt));
770		828
771	establish_connection ();	829	establish_connection ();
772	}	830	}
773	}	831	}
774		832
775	void connection::inject_vpn_packet (vpn_packet *pkt, int tos)	833	void connection::inject_vpn_packet (vpn_packet *pkt, int tos)
776	{	834	{
777	if (ictx && octx)	835	if (ictx && octx)
778	vpn->send_vpn_packet (pkt, si, tos);	836	send_vpn_packet (pkt, si, tos);
779	else	837	else
		838	{
		839	vpn_queue.put (new vpn_packet (*pkt));
		840
780	establish_connection ();	841	establish_connection ();
		842	}
781	}	843	}
782		844
783	void	845	void
784	connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)	846	connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
785	{	847	{
…		…
841	if (p->initiate)	903	if (p->initiate)
842	send_auth_request (rsi, false);	904	send_auth_request (rsi, false);
843		905
844	rsachallenge k;	906	rsachallenge k;
845		907
846	if (0 > RSA_private_decrypt (sizeof (p->encr),	908	if (!rsa_decrypt (::conf.rsa_key, p->encr, k))
847	(unsigned char )&p->encr, (unsigned char )&k,	909	{
848	::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
849	slog (L_ERR, _("%s(%s): challenge illegal or corrupted"),	910	slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
850	conf->nodename, (const char *)rsi);	911	conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
		912	break;
		913	}
851	else	914	else
852	{	915	{
853	retry_cnt = 0;
854	establish_connection.start (NOW + 8); //? ;)
855	keepalive.reset ();
856	rekey.reset ();
857
858	delete ictx;
859	ictx = 0;
860
861	delete octx;	916	delete octx;
862		917
863	octx = new crypto_ctx (k, 1);	918	octx = new crypto_ctx (k, 1);
864	oseqno = ntohl ((u32 )&k[CHG_SEQNO]) & 0x7fffffff;	919	oseqno = ntohl ((u32 )&k[CHG_SEQNO]) & 0x7fffffff;
865		920
866	conf->protocols = p->protocols;	921	conf->protocols = p->protocols;
		922
867	send_auth_response (rsi, p->id, k);	923	send_auth_response (rsi, p->id, k);
		924
		925	connection_established ();
868		926
869	break;	927	break;
870	}	928	}
871	}	929	}
		930	else
		931	slog (L_WARN, _("%s(%s): protocol mismatch"),
		932	conf->nodename, (const char *)rsi);
872		933
873	send_reset (rsi);	934	send_reset (rsi);
874	}	935	}
875		936
876	break;	937	break;
…		…
889	PROTOCOL_MINOR, conf->nodename, p->prot_minor);	950	PROTOCOL_MINOR, conf->nodename, p->prot_minor);
890		951
891	rsachallenge chg;	952	rsachallenge chg;
892		953
893	if (!rsa_cache.find (p->id, chg))	954	if (!rsa_cache.find (p->id, chg))
		955	{
894	slog (L_ERR, _("%s(%s): unrequested auth response"),	956	slog (L_ERR, _("%s(%s): unrequested auth response ignored"),
895	conf->nodename, (const char *)rsi);	957	conf->nodename, (const char *)rsi);
		958	break;
		959	}
896	else	960	else
897	{	961	{
898	crypto_ctx *cctx = new crypto_ctx (chg, 0);	962	crypto_ctx *cctx = new crypto_ctx (chg, 0);
899		963
900	if (!p->hmac_chk (cctx))	964	if (!p->hmac_chk (cctx))
		965	{
901	slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n"	966	slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n"
902	"could be an attack, or just corruption or an synchronization error"),	967	"could be an attack, or just corruption or an synchronization error"),
903	conf->nodename, (const char *)rsi);	968	conf->nodename, (const char *)rsi);
		969	break;
		970	}
904	else	971	else
905	{	972	{
906	rsaresponse h;	973	rsaresponse h;
907		974
908	rsa_hash (p->id, chg, h);	975	rsa_hash (p->id, chg, h);
…		…
916	iseqno.reset (ntohl ((u32 )&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid	983	iseqno.reset (ntohl ((u32 )&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
917		984
918	si = rsi;	985	si = rsi;
919	protocol = rsi.prot;	986	protocol = rsi.prot;
920		987
921	rekey.start (NOW + ::conf.rekey);	988	connection_established ();
922	keepalive.start (NOW + ::conf.keepalive);
923
924	// send queued packets
925	while (tap_packet *p = queue.get ())
926	{
927	send_data_packet (p);
928	delete p;
929	}
930
931	connectmode = conf->connectmode;
932		989
933	slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"),	990	slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"),
934	conf->nodename, (const char *)rsi,	991	conf->nodename, (const char *)rsi,
935	p->prot_major, p->prot_minor);	992	p->prot_major, p->prot_minor);
936		993
…		…
962		1019
963	if (ictx && octx)	1020	if (ictx && octx)
964	{	1021	{
965	vpndata_packet p = (vpndata_packet )pkt;	1022	vpndata_packet p = (vpndata_packet )pkt;
966		1023
967	if (rsi == si)	1024	if (!p->hmac_chk (ictx))
		1025	slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
		1026	"could be an attack, or just corruption or an synchronization error"),
		1027	conf->nodename, (const char *)rsi);
		1028	else
968	{	1029	{
969	if (!p->hmac_chk (ictx))
970	slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
971	"could be an attack, or just corruption or an synchronization error"),
972	conf->nodename, (const char *)rsi);
973	else	1030	u32 seqno;
		1031	tap_packet *d = p->unpack (this, seqno);
		1032
		1033	if (iseqno.recv_ok (seqno))
974	{	1034	{
975	u32 seqno;	1035	vpn->tap->send (d);
976	tap_packet *d = p->unpack (this, seqno);
977		1036
978	if (iseqno.recv_ok (seqno))	1037	if (si != rsi)
979	{	1038	{
980	vpn->tap->send (d);	1039	// fast re-sync on connection changes, useful especially for tcp/ip
981
982	if (p->dst () == 0) // re-broadcast
983	for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
984	{
985	connection c = i;
986
987	if (c->conf != THISNODE && c->conf != conf)
988	c->inject_data_packet (d);
989	}
990
991	delete d;
992
993	break;	1040	si = rsi;
		1041
		1042	slog (L_INFO, _("%s(%s): socket address changed to %s"),
		1043	conf->nodename, (const char )si, (const char )rsi);
994	}	1044	}
		1045
		1046	delete d;
		1047
		1048	break;
995	}	1049	}
996	}	1050	}
997	else
998	slog (L_ERR, _("received data packet from unknown source %s"), (const char *)rsi);
999	}	1051	}
1000		1052
1001	send_reset (rsi);	1053	send_reset (rsi);
1002	break;	1054	break;
1003		1055
…		…
1018	// send connect_info packets to both sides, in case one is	1070	// send connect_info packets to both sides, in case one is
1019	// behind a nat firewall (or both ;)	1071	// behind a nat firewall (or both ;)
1020	c->send_connect_info (conf->id, si, conf->protocols);	1072	c->send_connect_info (conf->id, si, conf->protocols);
1021	send_connect_info (c->conf->id, c->si, c->conf->protocols);	1073	send_connect_info (c->conf->id, c->si, c->conf->protocols);
1022	}	1074	}
		1075	else
		1076	c->establish_connection ();
1023	}	1077	}
1024		1078
1025	break;	1079	break;
1026		1080
1027	case vpn_packet::PT_CONNECT_INFO:	1081	case vpn_packet::PT_CONNECT_INFO:
…		…
1067	\|\| THISNODE->connectmode != conf_node::C_ONDEMAND)	1121	\|\| THISNODE->connectmode != conf_node::C_ONDEMAND)
1068	{	1122	{
1069	send_ping (si);	1123	send_ping (si);
1070	w.at = NOW + 5;	1124	w.at = NOW + 5;
1071	}	1125	}
		1126	else if (NOW < last_activity + ::conf.keepalive + 10)
		1127	// hold ondemand connections implicitly a few seconds longer
		1128	// should delete octx, though, or something like that ;)
		1129	w.at = last_activity + ::conf.keepalive + 10;
1072	else	1130	else
1073	reset_connection ();	1131	reset_connection ();
1074	}	1132	}
1075		1133
1076	void connection::connect_request (int id)	1134	void connection::send_connect_request (int id)
1077	{	1135	{
1078	connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);	1136	connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);
1079		1137
1080	slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);	1138	slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id);
1081	p->hmac_set (octx);	1139	p->hmac_set (octx);
1082	vpn->send_vpn_packet (p, si);	1140	send_vpn_packet (p, si);
1083		1141
1084	delete p;	1142	delete p;
1085	}	1143	}
1086		1144
1087	void connection::script_node ()	1145	void connection::script_node ()

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/connection.C (file contents): Revision 1.8 by pcg, Sun Apr 6 04:17:36 2003 UTC vs. Revision 1.24 by pcg, Wed Oct 22 01:05:23 2003 UTC

Diff Legend

Comparing gvpe/src/connection.C (file contents):
Revision 1.8 by pcg, Sun Apr 6 04:17:36 2003 UTC vs.
Revision 1.24 by pcg, Wed Oct 22 01:05:23 2003 UTC