| … | |
… | |
| 790 | |
790 | |
| 791 | rsachallenge chg; |
791 | rsachallenge chg; |
| 792 | rsa_cache.gen (pkt->id, chg); |
792 | rsa_cache.gen (pkt->id, chg); |
| 793 | rsa_encrypt (conf->rsa_key, chg, pkt->encr); |
793 | rsa_encrypt (conf->rsa_key, chg, pkt->encr); |
| 794 | |
794 | |
| 795 | slog (L_TRACE, "%s >> PT_AUTH_REQ [%s]", conf->nodename, (const char *)si); |
795 | slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si); |
| 796 | |
796 | |
| 797 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly |
797 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly |
| 798 | |
798 | |
| 799 | delete pkt; |
799 | delete pkt; |
| 800 | } |
800 | } |
| … | |
… | |
| 1051 | case vpn_packet::PT_AUTH_REQ: |
1051 | case vpn_packet::PT_AUTH_REQ: |
| 1052 | if (auth_rate_limiter.can (rsi)) |
1052 | if (auth_rate_limiter.can (rsi)) |
| 1053 | { |
1053 | { |
| 1054 | auth_req_packet *p = (auth_req_packet *) pkt; |
1054 | auth_req_packet *p = (auth_req_packet *) pkt; |
| 1055 | |
1055 | |
| 1056 | slog (L_TRACE, "%s << PT_AUTH_REQ(%s)", conf->nodename, p->initiate ? "initiate" : "reply"); |
1056 | slog (L_TRACE, "%s >> PT_AUTH_REQ(%s)", conf->nodename, p->initiate ? "initiate" : "reply"); |
| 1057 | |
1057 | |
| 1058 | if (p->chk_config () && !strncmp (p->magic, MAGIC, 8)) |
1058 | if (p->chk_config () && !strncmp (p->magic, MAGIC, 8)) |
| 1059 | { |
1059 | { |
| 1060 | if (p->prot_minor != PROTOCOL_MINOR) |
1060 | if (p->prot_minor != PROTOCOL_MINOR) |
| 1061 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
1061 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
| … | |
… | |
| 1101 | |
1101 | |
| 1102 | case vpn_packet::PT_AUTH_RES: |
1102 | case vpn_packet::PT_AUTH_RES: |
| 1103 | { |
1103 | { |
| 1104 | auth_res_packet *p = (auth_res_packet *)pkt; |
1104 | auth_res_packet *p = (auth_res_packet *)pkt; |
| 1105 | |
1105 | |
| 1106 | slog (L_TRACE, "%s << PT_AUTH_RES", conf->nodename); |
1106 | slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename); |
| 1107 | |
1107 | |
| 1108 | if (p->chk_config ()) |
1108 | if (p->chk_config ()) |
| 1109 | { |
1109 | { |
| 1110 | if (p->prot_minor != PROTOCOL_MINOR) |
1110 | if (p->prot_minor != PROTOCOL_MINOR) |
| 1111 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
1111 | slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), |
| … | |
… | |
| 1247 | if (p->id > 0 && p->id <= vpn->conns.size ()) |
1247 | if (p->id > 0 && p->id <= vpn->conns.size ()) |
| 1248 | { |
1248 | { |
| 1249 | connection *c = vpn->conns[p->id - 1]; |
1249 | connection *c = vpn->conns[p->id - 1]; |
| 1250 | conf->protocols = p->protocols; |
1250 | conf->protocols = p->protocols; |
| 1251 | |
1251 | |
| 1252 | slog (L_TRACE, "%s << PT_CONNECT_REQ(%s) [%d]", |
1252 | slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s) [%d]", |
| 1253 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, c->ictx && c->octx); |
1253 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, c->ictx && c->octx); |
| 1254 | |
1254 | |
| 1255 | if (c->ictx && c->octx) |
1255 | if (c->ictx && c->octx) |
| 1256 | { |
1256 | { |
| 1257 | // send connect_info packets to both sides, in case one is |
1257 | // send connect_info packets to both sides, in case one is |
| … | |
… | |
| 1281 | |
1281 | |
| 1282 | c->conf->protocols = p->protocols; |
1282 | c->conf->protocols = p->protocols; |
| 1283 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
1283 | protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); |
| 1284 | p->si.upgrade_protocol (protocol, c->conf); |
1284 | p->si.upgrade_protocol (protocol, c->conf); |
| 1285 | |
1285 | |
| 1286 | slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s) [%d]", |
1286 | slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s) [%d]", |
| 1287 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, |
1287 | conf->nodename, vpn->conns[p->id - 1]->conf->nodename, |
| 1288 | (const char *)p->si, !c->ictx && !c->octx); |
1288 | (const char *)p->si, !c->ictx && !c->octx); |
| 1289 | |
1289 | |
| 1290 | const sockinfo &dsi = forward_si (p->si); |
1290 | const sockinfo &dsi = forward_si (p->si); |
| 1291 | |
1291 | |
| … | |
… | |
| 1332 | |
1332 | |
| 1333 | void connection::send_connect_request (int id) |
1333 | void connection::send_connect_request (int id) |
| 1334 | { |
1334 | { |
| 1335 | connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); |
1335 | connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); |
| 1336 | |
1336 | |
| 1337 | slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s)", |
1337 | slog (L_TRACE, "%s << PT_CONNECT_REQ(%s)", |
| 1338 | conf->nodename, vpn->conns[id - 1]->conf->nodename); |
1338 | conf->nodename, vpn->conns[id - 1]->conf->nodename); |
| 1339 | p->hmac_set (octx); |
1339 | p->hmac_set (octx); |
| 1340 | send_vpn_packet (p, si); |
1340 | send_vpn_packet (p, si); |
| 1341 | |
1341 | |
| 1342 | delete p; |
1342 | delete p; |
