ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.69 by pcg, Thu Aug 7 17:54:26 2008 UTC vs.
Revision 1.80 by pcg, Fri Aug 15 18:11:14 2008 UTC

30*/ 30*/
31 31
32#include "config.h" 32#include "config.h"
33 33
34#include <list> 34#include <list>
35#include <queue>
36#include <utility>
35 37
36#include <openssl/rand.h> 38#include <openssl/rand.h>
37#include <openssl/evp.h> 39#include <openssl/evp.h>
38#include <openssl/rsa.h> 40#include <openssl/rsa.h>
39#include <openssl/err.h> 41#include <openssl/err.h>
55#define ULTRA_FAST 1 57#define ULTRA_FAST 1
56#define HLOG 15 58#define HLOG 15
57#include "lzf/lzf.h" 59#include "lzf/lzf.h"
58#include "lzf/lzf_c.c" 60#include "lzf/lzf_c.c"
59#include "lzf/lzf_d.c" 61#include "lzf/lzf_d.c"
62
63//////////////////////////////////////////////////////////////////////////////
64
65static std::queue< std::pair<run_script_cb *, const char *> > rs_queue;
66static ev::child rs_child_ev;
67
68void // c++ requires external linkage here, apparently :(
69rs_child_cb (ev::child &w, int revents)
70{
71 w.stop ();
72
73 if (rs_queue.empty ())
74 return;
75
76 pid_t pid = run_script (*rs_queue.front ().first, false);
77 if (pid)
78 {
79 w.set (pid);
80 w.start ();
81 }
82 else
83 slog (L_WARN, rs_queue.front ().second);
84
85 delete rs_queue.front ().first;
86 rs_queue.pop ();
87}
88
89// despite the fancy name, this is quite a hack
90static void
91run_script_queued (run_script_cb *cb, const char *warnmsg)
92{
93 rs_queue.push (std::make_pair (cb, warnmsg));
94
95 if (!rs_child_ev.is_active ())
96 {
97 rs_child_ev.set<rs_child_cb> ();
98 rs_child_ev ();
99 }
100}
101
102//////////////////////////////////////////////////////////////////////////////
60 103
61struct crypto_ctx 104struct crypto_ctx
62{ 105{
63 EVP_CIPHER_CTX cctx; 106 EVP_CIPHER_CTX cctx;
64 HMAC_CTX hctx; 107 HMAC_CTX hctx;
629///////////////////////////////////////////////////////////////////////////// 672/////////////////////////////////////////////////////////////////////////////
630 673
631void 674void
632connection::connection_established () 675connection::connection_established ()
633{ 676{
634 slog (L_TRACE, _("%s: possible connection establish (ictx %d, octx %d)"), conf->nodename, !!ictx, !!octx); 677 slog (L_NOISE, _("%s: possible connection establish (ictx %d, octx %d)"), conf->nodename, !!ictx, !!octx);
635 678
636 if (ictx && octx) 679 if (ictx && octx)
637 { 680 {
638 // make sure rekeying timeouts are slightly asymmetric 681 // make sure rekeying timeouts are slightly asymmetric
639 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0); 682 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0);
653 { 696 {
654 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY); 697 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY);
655 delete p; 698 delete p;
656 } 699 }
657 } 700 }
701
702 vpn->connection_established (this);
658 } 703 }
659 else 704 else
660 { 705 {
661 retry_cnt = 0; 706 retry_cnt = 0;
662 establish_connection.start (5); 707 establish_connection.start (5);
666} 711}
667 712
668void 713void
669connection::reset_si () 714connection::reset_si ()
670{ 715{
716 if (vpn->can_direct (THISNODE, conf))
671 protocol = best_protocol (THISNODE->protocols & conf->protocols); 717 protocol = best_protocol (THISNODE->protocols & conf->connectable_protocols ());
672 718 else
673 // mask out protocols we cannot establish
674 if (!conf->udp_port) protocol &= ~PROT_UDPv4;
675 if (!conf->tcp_port) protocol &= ~PROT_TCPv4;
676 if (!conf->dns_port) protocol &= ~PROT_DNSv4;
677
678 if (protocol
679 && (!conf->can_direct (THISNODE)
680 || !THISNODE->can_direct (conf)))
681 { 719 {
682 slog (L_DEBUG, _("%s: direct connection denied"), conf->nodename); 720 slog (L_TRACE, _("%s: direct connection denied by config."), conf->nodename);
683 protocol = 0; 721 protocol = 0;
684 } 722 }
685 723
686 si.set (conf, protocol); 724 si.set (conf, protocol);
725
726 is_direct = si.valid ();
687} 727}
688 728
689// ensure sockinfo is valid, forward if necessary 729// ensure sockinfo is valid, forward if necessary
690const sockinfo & 730const sockinfo &
691connection::forward_si (const sockinfo &si) const 731connection::forward_si (const sockinfo &si) const
692{ 732{
693 if (!si.valid ()) 733 if (!si.valid ())
694 { 734 {
695 connection *r = vpn->find_router (); 735 connection *r = vpn->find_router_for (this);
696 736
697 if (r) 737 if (r)
698 { 738 {
699 slog (L_DEBUG, _("%s: no common protocol, trying indirectly through %s (%s)"), 739 slog (L_DEBUG, _("%s: no common protocol, trying to route through %s."),
700 conf->nodename, r->conf->nodename, (const char *)r->si); 740 conf->nodename, r->conf->nodename);
701 return r->si; 741 return r->si;
702 } 742 }
703 else 743 else
704 slog (L_DEBUG, _("%s: node unreachable, no common protocol"), 744 slog (L_DEBUG, _("%s: node unreachable, no common protocol or no router available."),
705 conf->nodename); 745 conf->nodename);
706 } 746 }
707 747
708 return si; 748 return si;
709} 749}
719connection::send_ping (const sockinfo &si, u8 pong) 759connection::send_ping (const sockinfo &si, u8 pong)
720{ 760{
721 ping_packet *pkt = new ping_packet; 761 ping_packet *pkt = new ping_packet;
722 762
723 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); 763 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
764
765 slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si);
766
724 send_vpn_packet (pkt, si, IPTOS_LOWDELAY); 767 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
725 768
726 delete pkt; 769 delete pkt;
727} 770}
728 771
747 790
748 rsachallenge chg; 791 rsachallenge chg;
749 rsa_cache.gen (pkt->id, chg); 792 rsa_cache.gen (pkt->id, chg);
750 rsa_encrypt (conf->rsa_key, chg, pkt->encr); 793 rsa_encrypt (conf->rsa_key, chg, pkt->encr);
751 794
752 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); 795 slog (L_TRACE, "%s >> PT_AUTH_REQ [%s]", conf->nodename, (const char *)si);
753 796
754 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly 797 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
755 798
756 delete pkt; 799 delete pkt;
757} 800}
765 808
766 rsa_hash (id, chg, pkt->response); 809 rsa_hash (id, chg, pkt->response);
767 810
768 pkt->hmac_set (octx); 811 pkt->hmac_set (octx);
769 812
770 slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)si); 813 slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si);
771 814
772 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly 815 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
773 816
774 delete pkt; 817 delete pkt;
775} 818}
776 819
777void 820void
778connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols) 821connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols)
779{ 822{
780 slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)", 823 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s)", conf->nodename,
781 conf->id, rid, (const char *)rsi); 824 vpn->conns[rid - 1]->conf->nodename, (const char *)rsi);
782 825
783 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols); 826 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
784 827
785 r->hmac_set (octx); 828 r->hmac_set (octx);
786 send_vpn_packet (r, si); 829 send_vpn_packet (r, si);
813 856
814 reset_si (); 857 reset_si ();
815 858
816 bool slow = si.prot & PROT_SLOW; 859 bool slow = si.prot & PROT_SLOW;
817 860
818 if (si.prot && !si.host) 861 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf))
819 { 862 {
820 slog (L_TRACE, _("%s: connection request (indirect)"), conf->nodename);
821 /*TODO*/ /* start the timer so we don't recurse endlessly */ 863 /*TODO*/ /* start the timer so we don't recurse endlessly */
822 w.start (1); 864 w.start (1);
823 vpn->send_connect_request (conf->id); 865 vpn->send_connect_request (this);
824 } 866 }
825 else 867 else
826 { 868 {
827 slog (L_TRACE, _("%s: connection request (direct)"), conf->nodename, !!ictx, !!octx); 869 if (si.valid ())
870 slog (L_DEBUG, _("%s: sending direct connection request to %s."),
871 conf->nodename, (const char *)si);
828 872
829 const sockinfo &dsi = forward_si (si); 873 const sockinfo &dsi = forward_si (si);
830 874
831 slow = slow || (dsi.prot & PROT_SLOW); 875 slow = slow || (dsi.prot & PROT_SLOW);
832 876
858 slog (L_INFO, _("%s(%s): connection lost"), 902 slog (L_INFO, _("%s(%s): connection lost"),
859 conf->nodename, (const char *)si); 903 conf->nodename, (const char *)si);
860 904
861 if (::conf.script_node_down) 905 if (::conf.script_node_down)
862 { 906 {
863 run_script_cb cb; 907 run_script_cb *cb = new run_script_cb;
864 cb.set<connection, &connection::script_node_down> (this); 908 cb->set<connection, &connection::script_node_down> (this);
865 if (!run_script (cb, false))
866 slog (L_WARN, _("node-down command execution failed, continuing.")); 909 run_script_queued (cb, _("node-down command execution failed, continuing."));
867 } 910 }
868 } 911 }
869 912
870 delete ictx; ictx = 0; 913 delete ictx; ictx = 0;
871 delete octx; octx = 0; 914 delete octx; octx = 0;
873 dnsv4_reset_connection (); 916 dnsv4_reset_connection ();
874#endif 917#endif
875 918
876 si.host = 0; 919 si.host = 0;
877 920
878 last_activity = 0; 921 last_activity = 0.;
922 //last_si_change = 0.;
879 retry_cnt = 0; 923 retry_cnt = 0;
880 924
881 rekey.stop (); 925 rekey.stop ();
882 keepalive.stop (); 926 keepalive.stop ();
883 establish_connection.stop (); 927 establish_connection.stop ();
890 send_reset (si); 934 send_reset (si);
891 935
892 reset_connection (); 936 reset_connection ();
893} 937}
894 938
939// poor-man's rekeying
895inline void 940inline void
896connection::rekey_cb (ev::timer &w, int revents) 941connection::rekey_cb (ev::timer &w, int revents)
897{ 942{
898 reset_connection (); 943 reset_connection ();
899 establish_connection (); 944 establish_connection ();
954void 999void
955connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) 1000connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
956{ 1001{
957 last_activity = ev_now (); 1002 last_activity = ev_now ();
958 1003
959 slog (L_NOISE, "<<%d received packet type %d from %d to %d", 1004 slog (L_NOISE, "%s >> received packet type %d from %d to %d.",
960 conf->id, pkt->typ (), pkt->src (), pkt->dst ()); 1005 conf->nodename, pkt->typ (), pkt->src (), pkt->dst ());
961 1006
962 if (connectmode == conf_node::C_DISABLED) 1007 if (connectmode == conf_node::C_DISABLED)
963 return; 1008 return;
964 1009
965 switch (pkt->typ ()) 1010 switch (pkt->typ ())
966 { 1011 {
967 case vpn_packet::PT_PING: 1012 case vpn_packet::PT_PING:
1013 slog (L_TRACE, "%s >> PT_PING", conf->nodename);
1014
968 // we send pings instead of auth packets after some retries, 1015 // we send pings instead of auth packets after some retries,
969 // so reset the retry counter and establish a connection 1016 // so reset the retry counter and establish a connection
970 // when we receive a ping. 1017 // when we receive a ping.
971 if (!ictx) 1018 if (!ictx)
972 { 1019 {
973 if (auth_rate_limiter.can (rsi)) 1020 if (auth_rate_limiter.can (rsi))
974 send_auth_request (rsi, true); 1021 send_auth_request (rsi, true);
975 } 1022 }
976 else 1023 else
1024 // we would love to change thre socket address here, but ping's aren't
1025 // authenticated, so we best ignore it.
977 send_ping (rsi, 1); // pong 1026 send_ping (rsi, 1); // pong
978 1027
979 break; 1028 break;
980 1029
981 case vpn_packet::PT_PONG: 1030 case vpn_packet::PT_PONG:
1031 slog (L_TRACE, "%s >> PT_PONG", conf->nodename);
982 break; 1032 break;
983 1033
984 case vpn_packet::PT_RESET: 1034 case vpn_packet::PT_RESET:
985 { 1035 {
986 reset_connection (); 1036 reset_connection ();
987 1037
988 config_packet *p = (config_packet *) pkt; 1038 config_packet *p = (config_packet *) pkt;
989 1039
990 if (!p->chk_config ()) 1040 if (!p->chk_config ())
991 { 1041 {
992 slog (L_WARN, _("%s(%s): protocol mismatch, disabling node"), 1042 slog (L_WARN, _("%s(%s): protocol mismatch, disabling node."),
993 conf->nodename, (const char *)rsi); 1043 conf->nodename, (const char *)rsi);
994 connectmode = conf_node::C_DISABLED; 1044 connectmode = conf_node::C_DISABLED;
995 } 1045 }
996 else if (connectmode == conf_node::C_ALWAYS) 1046 else if (connectmode == conf_node::C_ALWAYS)
997 establish_connection (); 1047 establish_connection ();
1001 case vpn_packet::PT_AUTH_REQ: 1051 case vpn_packet::PT_AUTH_REQ:
1002 if (auth_rate_limiter.can (rsi)) 1052 if (auth_rate_limiter.can (rsi))
1003 { 1053 {
1004 auth_req_packet *p = (auth_req_packet *) pkt; 1054 auth_req_packet *p = (auth_req_packet *) pkt;
1005 1055
1006 slog (L_TRACE, "<<%d PT_AUTH_REQ(%d)", conf->id, p->initiate); 1056 slog (L_TRACE, "%s << PT_AUTH_REQ(%s)", conf->nodename, p->initiate ? "initiate" : "reply");
1007 1057
1008 if (p->chk_config () && !strncmp (p->magic, MAGIC, 8)) 1058 if (p->chk_config () && !strncmp (p->magic, MAGIC, 8))
1009 { 1059 {
1010 if (p->prot_minor != PROTOCOL_MINOR) 1060 if (p->prot_minor != PROTOCOL_MINOR)
1011 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), 1061 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1039 1089
1040 break; 1090 break;
1041 } 1091 }
1042 } 1092 }
1043 else 1093 else
1044 slog (L_WARN, _("%s(%s): protocol mismatch"), 1094 slog (L_WARN, _("%s(%s): protocol mismatch."),
1045 conf->nodename, (const char *)rsi); 1095 conf->nodename, (const char *)rsi);
1046 1096
1047 send_reset (rsi); 1097 send_reset (rsi);
1048 } 1098 }
1049 1099
1050 break; 1100 break;
1051 1101
1052 case vpn_packet::PT_AUTH_RES: 1102 case vpn_packet::PT_AUTH_RES:
1053 { 1103 {
1054 auth_res_packet *p = (auth_res_packet *) pkt; 1104 auth_res_packet *p = (auth_res_packet *)pkt;
1055 1105
1056 slog (L_TRACE, "<<%d PT_AUTH_RES", conf->id); 1106 slog (L_TRACE, "%s << PT_AUTH_RES", conf->nodename);
1057 1107
1058 if (p->chk_config ()) 1108 if (p->chk_config ())
1059 { 1109 {
1060 if (p->prot_minor != PROTOCOL_MINOR) 1110 if (p->prot_minor != PROTOCOL_MINOR)
1061 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), 1111 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1064 1114
1065 rsachallenge chg; 1115 rsachallenge chg;
1066 1116
1067 if (!rsa_cache.find (p->id, chg)) 1117 if (!rsa_cache.find (p->id, chg))
1068 { 1118 {
1069 slog (L_ERR, _("%s(%s): unrequested auth response ignored"), 1119 slog (L_ERR, _("%s(%s): unrequested auth response, ignoring."),
1070 conf->nodename, (const char *)rsi); 1120 conf->nodename, (const char *)rsi);
1071 break; 1121 break;
1072 } 1122 }
1073 else 1123 else
1074 { 1124 {
1075 crypto_ctx *cctx = new crypto_ctx (chg, 0); 1125 crypto_ctx *cctx = new crypto_ctx (chg, 0);
1076 1126
1077 if (!p->hmac_chk (cctx)) 1127 if (!p->hmac_chk (cctx))
1078 { 1128 {
1079 slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n" 1129 slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n"
1080 "could be an attack, or just corruption or a synchronization error"), 1130 "could be an attack, or just corruption or a synchronization error."),
1081 conf->nodename, (const char *)rsi); 1131 conf->nodename, (const char *)rsi);
1082 break; 1132 break;
1083 } 1133 }
1084 else 1134 else
1085 { 1135 {
1096 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid 1146 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
1097 1147
1098 si = rsi; 1148 si = rsi;
1099 protocol = rsi.prot; 1149 protocol = rsi.prot;
1100 1150
1151 slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."),
1152 conf->nodename, (const char *)rsi,
1153 is_direct ? "direct" : "routed",
1154 p->prot_major, p->prot_minor);
1155
1101 connection_established (); 1156 connection_established ();
1102
1103 slog (L_INFO, _("%s(%s): connection established, protocol version %d.%d"),
1104 conf->nodename, (const char *)rsi,
1105 p->prot_major, p->prot_minor);
1106 1157
1107 if (::conf.script_node_up) 1158 if (::conf.script_node_up)
1108 { 1159 {
1109 run_script_cb cb; 1160 run_script_cb *cb = new run_script_cb;
1110 cb.set<connection, &connection::script_node_up> (this); 1161 cb->set<connection, &connection::script_node_up> (this);
1111 if (!run_script (cb, false))
1112 slog (L_WARN, _("node-up command execution failed, continuing.")); 1162 run_script_queued (cb, _("node-up command execution failed, continuing."));
1113 } 1163 }
1114 1164
1115 break; 1165 break;
1116 } 1166 }
1117 else 1167 else
1118 slog (L_ERR, _("%s(%s): sent and received challenge do not match"), 1168 slog (L_ERR, _("%s(%s): sent and received challenge do not match."),
1119 conf->nodename, (const char *)rsi); 1169 conf->nodename, (const char *)rsi);
1120 } 1170 }
1121 1171
1122 delete cctx; 1172 delete cctx;
1123 } 1173 }
1139 { 1189 {
1140 vpndata_packet *p = (vpndata_packet *)pkt; 1190 vpndata_packet *p = (vpndata_packet *)pkt;
1141 1191
1142 if (!p->hmac_chk (ictx)) 1192 if (!p->hmac_chk (ictx))
1143 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n" 1193 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
1144 "could be an attack, or just corruption or a synchronization error"), 1194 "could be an attack, or just corruption or a synchronization error."),
1145 conf->nodename, (const char *)rsi); 1195 conf->nodename, (const char *)rsi);
1146 else 1196 else
1147 { 1197 {
1148 u32 seqno; 1198 u32 seqno;
1149 tap_packet *d = p->unpack (this, seqno); 1199 tap_packet *d = p->unpack (this, seqno);
1200 int seqclass = iseqno.seqno_classify (seqno);
1150 1201
1151 if (iseqno.recv_ok (seqno)) 1202 if (seqclass == 0) // ok
1152 { 1203 {
1153 vpn->tap->send (d); 1204 vpn->tap->send (d);
1154 1205
1155 if (si != rsi) 1206 if (si != rsi)
1156 { 1207 {
1157 // fast re-sync on source address changes, useful especially for tcp/ip 1208 // fast re-sync on source address changes, useful especially for tcp/ip
1209 //if (last_si_change < ev_now () + 5.)
1158 si = rsi; 1210 // {
1159
1160 slog (L_INFO, _("%s(%s): socket address changed to %s"), 1211 slog (L_INFO, _("%s(%s): changing socket address to %s."),
1161 conf->nodename, (const char *)si, (const char *)rsi); 1212 conf->nodename, (const char *)si, (const char *)rsi);
1213
1214 si = rsi;
1215 // }
1216 //else
1217 // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."),
1218 // conf->nodename, (const char *)si, (const char *)rsi);
1162 } 1219 }
1220 }
1221 else if (seqclass == 1) // far history
1222 slog (L_ERR, _("received very old packet (received %08lx, expected %08lx). "
1223 "possible replay attack, or just packet duplication/delay, ignoring."), seqno, iseqno.seq + 1);
1224 else if (seqclass == 2) // in-window duplicate, happens often on wireless
1225 slog (L_DEBUG, _("received recent duplicated packet (received %08lx, expected %08lx). "
1226 "possible replay attack, or just packet duplication, ignoring."), seqno, iseqno.seq + 1);
1227 else if (seqclass == 3) // reset
1228 {
1229 slog (L_ERR, _("received out-of-sync (far future) packet (received %08lx, expected %08lx). "
1230 "probably just massive packet loss, sending reset."), seqno, iseqno.seq + 1);
1231 send_reset (rsi);
1163 } 1232 }
1164 1233
1165 delete d; 1234 delete d;
1166 break; 1235 break;
1167 } 1236 }
1178 if (p->id > 0 && p->id <= vpn->conns.size ()) 1247 if (p->id > 0 && p->id <= vpn->conns.size ())
1179 { 1248 {
1180 connection *c = vpn->conns[p->id - 1]; 1249 connection *c = vpn->conns[p->id - 1];
1181 conf->protocols = p->protocols; 1250 conf->protocols = p->protocols;
1182 1251
1183 slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]", 1252 slog (L_TRACE, "%s << PT_CONNECT_REQ(%s) [%d]",
1184 conf->id, p->id, c->ictx && c->octx); 1253 conf->nodename, vpn->conns[p->id - 1]->conf->nodename, c->ictx && c->octx);
1185 1254
1186 if (c->ictx && c->octx) 1255 if (c->ictx && c->octx)
1187 { 1256 {
1188 // send connect_info packets to both sides, in case one is 1257 // send connect_info packets to both sides, in case one is
1189 // behind a nat firewall (or both ;) 1258 // behind a nat firewall (or both ;)
1212 1281
1213 c->conf->protocols = p->protocols; 1282 c->conf->protocols = p->protocols;
1214 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); 1283 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1215 p->si.upgrade_protocol (protocol, c->conf); 1284 p->si.upgrade_protocol (protocol, c->conf);
1216 1285
1217 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", 1286 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s) [%d]",
1287 conf->nodename, vpn->conns[p->id - 1]->conf->nodename,
1218 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); 1288 (const char *)p->si, !c->ictx && !c->octx);
1219 1289
1220 const sockinfo &dsi = forward_si (p->si); 1290 const sockinfo &dsi = forward_si (p->si);
1221 1291
1222 if (dsi.valid ()) 1292 if (dsi.valid ())
1223 c->send_auth_request (dsi, true); 1293 c->send_auth_request (dsi, true);
1262 1332
1263void connection::send_connect_request (int id) 1333void connection::send_connect_request (int id)
1264{ 1334{
1265 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); 1335 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols);
1266 1336
1267 slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", conf->id, id); 1337 slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s)",
1338 conf->nodename, vpn->conns[id - 1]->conf->nodename);
1268 p->hmac_set (octx); 1339 p->hmac_set (octx);
1269 send_vpn_packet (p, si); 1340 send_vpn_packet (p, si);
1270 1341
1271 delete p; 1342 delete p;
1272} 1343}
1327connection::connection (struct vpn *vpn, conf_node *conf) 1398connection::connection (struct vpn *vpn, conf_node *conf)
1328: vpn(vpn), conf(conf), 1399: vpn(vpn), conf(conf),
1329#if ENABLE_DNS 1400#if ENABLE_DNS
1330 dns (0), 1401 dns (0),
1331#endif 1402#endif
1332 data_queue(conf->max_ttl, conf->max_queue), 1403 data_queue(conf->max_ttl, conf->max_queue + 1),
1333 vpn_queue(conf->max_ttl, conf->max_queue) 1404 vpn_queue(conf->max_ttl, conf->max_queue + 1)
1334{ 1405{
1335 rekey .set<connection, &connection::rekey_cb > (this); 1406 rekey .set<connection, &connection::rekey_cb > (this);
1336 keepalive .set<connection, &connection::keepalive_cb > (this); 1407 keepalive .set<connection, &connection::keepalive_cb > (this);
1337 establish_connection.set<connection, &connection::establish_connection_cb> (this); 1408 establish_connection.set<connection, &connection::establish_connection_cb> (this);
1338 1409

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines