| 1 | /* |
1 | /* |
| 2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
2 | vpn.C -- handle the protocol, encryption, handshaking etc. |
| 3 | Copyright (C) 2003-2008,2010,2011 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann <gvpe@schmorp.de> |
| 4 | |
4 | |
| 5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
| 6 | |
6 | |
| 7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
| 8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
| … | |
… | |
| 78 | { |
78 | { |
| 79 | // the tunnel device mtu should be the physical mtu - overhead |
79 | // the tunnel device mtu should be the physical mtu - overhead |
| 80 | // the tricky part is rounding to the cipher key blocksize |
80 | // the tricky part is rounding to the cipher key blocksize |
| 81 | int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - MAX_OVERHEAD; |
81 | int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - MAX_OVERHEAD; |
| 82 | mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion |
82 | mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion |
| 83 | mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round |
83 | mtu -= mtu % BLOCK_SIZE (CIPHER); // round |
| 84 | mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again |
84 | mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again |
| 85 | |
85 | |
| 86 | char *env; |
86 | char *env; |
| 87 | asprintf (&env, "CONFBASE=%s", confbase); putenv (env); |
87 | asprintf (&env, "CONFBASE=%s", confbase); putenv (env); |
| 88 | asprintf (&env, "IFNAME=%s", tap->interface ()); putenv (env); |
88 | asprintf (&env, "IFNAME=%s", tap->interface ()); putenv (env); |
| … | |
… | |
| 113 | inline const char * |
113 | inline const char * |
| 114 | vpn::script_if_up () |
114 | vpn::script_if_up () |
| 115 | { |
115 | { |
| 116 | script_init_env (); |
116 | script_init_env (); |
| 117 | |
117 | |
| 118 | char *filename; |
118 | return conf.config_filename (::conf.script_if_up, "if-up"); |
| 119 | asprintf (&filename, |
|
|
| 120 | "%s/%s", |
|
|
| 121 | confbase, |
|
|
| 122 | ::conf.script_if_up ? ::conf.script_if_up : "if-up"); |
|
|
| 123 | |
|
|
| 124 | return filename; |
|
|
| 125 | } |
119 | } |
| 126 | |
120 | |
| 127 | int |
121 | int |
| 128 | vpn::setup_socket (u8 prot, int family, int type, int proto) |
122 | vpn::setup_socket (u8 prot, int family, int type, int proto) |
| 129 | { |
123 | { |
| … | |
… | |
| 410 | return false; |
404 | return false; |
| 411 | } |
405 | } |
| 412 | |
406 | |
| 413 | if (mkdir (dir, 0700)) |
407 | if (mkdir (dir, 0700)) |
| 414 | { |
408 | { |
| 415 | slog (L_CRIT, _("unable to crate anonymous root directory.")); |
409 | slog (L_CRIT, _("unable to create anonymous root directory.")); |
| 416 | return false; |
410 | return false; |
| 417 | } |
411 | } |
| 418 | |
412 | |
| 419 | if (chdir (dir)) |
413 | if (chdir (dir)) |
| 420 | { |
414 | { |
| … | |
… | |
| 895 | { |
889 | { |
| 896 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
890 | for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i) |
| 897 | { |
891 | { |
| 898 | connection *o = *i; |
892 | connection *o = *i; |
| 899 | |
893 | |
| 900 | if (!o->is_direct |
|
|
| 901 | && o->si.valid () |
894 | if (o->si.valid () |
| 902 | && c->si != o->si |
895 | && c->si != o->si |
| 903 | && c == find_router_for (o)) |
896 | && c == find_router_for (o) |
|
|
897 | && !can_direct (THISNODE, o->conf)) |
| 904 | { |
898 | { |
| 905 | slog (L_DEBUG, _("%s: can now route packets via %s, re-keying connection."), |
899 | slog (L_DEBUG, _("%s: can now route packets via %s, re-keying connection."), |
| 906 | o->conf->nodename, c->conf->nodename); |
900 | o->conf->nodename, c->conf->nodename); |
| 907 | o->rekey (); |
901 | o->rekey (); |
| 908 | } |
902 | } |
