Revert Martin Kihlgren's patch, it doesn't work the way it should.
authorGuus Sliepen <guus@tinc-vpn.org>
Sat, 20 Mar 2004 22:23:42 +0000 (22:23 +0000)
committerGuus Sliepen <guus@tinc-vpn.org>
Sat, 20 Mar 2004 22:23:42 +0000 (22:23 +0000)
src/graph.c
src/net.h
src/net_packet.c
src/net_setup.c
src/node.c
src/node.h

index 3870c7090db9bc70894bbc6be30716223974f573..3ed1d7213b3c7d35b3373eecdeaee9d3c03dbc55 100644 (file)
@@ -219,8 +219,25 @@ void sssp_bfs(void)
                                e->to->via = indirect ? n->via : e->to;
                                e->to->options = e->options;
 
-                               if(sockaddrcmp(&e->to->address, &e->address))
-                                       update_node_address(e->to, &e->address);
+                               if(sockaddrcmp(&e->to->address, &e->address)) {
+                                       node = avl_unlink(node_udp_tree, e->to);
+                                       sockaddrfree(&e->to->address);
+                                       sockaddrcpy(&e->to->address, &e->address);
+
+                                       if(e->to->hostname)
+                                               free(e->to->hostname);
+
+                                       e->to->hostname = sockaddr2hostname(&e->to->address);
+                                       avl_insert_node(node_udp_tree, node);
+
+                                       if(e->to->options & OPTION_PMTU_DISCOVERY) {
+                                               e->to->mtuprobes = 0;
+                                               e->to->minmtu = 0;
+                                               e->to->maxmtu = MTU;
+                                               if(e->to->status.validkey)
+                                                       send_mtu_probe(e->to);
+                                       }
+                               }
 
                                node = avl_alloc_node();
                                node->data = e->to;
index 90463eb225eaa8d708c5bce684b44d61911aa5d7..5b14553856ef52e8ffd890a380cbb6a5078e4036 100644 (file)
--- a/src/net.h
+++ b/src/net.h
@@ -122,7 +122,6 @@ extern listen_socket_t listen_socket[MAXSOCKETS];
 extern int listen_sockets;
 extern int keyexpires;
 extern int keylifetime;
-extern bool strictsource;
 extern bool do_prune;
 extern bool do_purge;
 extern char *myport;
index ae5a8402a7af159ad3873b877854c2b286a0c485..255453e9b5cd23ecd7c62599b78bbf495575db46 100644 (file)
@@ -54,7 +54,6 @@
 
 int keylifetime = 0;
 int keyexpires = 0;
-bool strictsource = true;
 EVP_CIPHER_CTX packet_ctx;
 static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
 
@@ -168,25 +167,6 @@ static void receive_packet(node_t *n, vpn_packet_t *packet)
        route(n, packet);
 }
 
-static bool authenticate_udppacket(node_t *n, vpn_packet_t *inpkt) {
-       char hmac[EVP_MAX_MD_SIZE];
-
-       if(inpkt->len < sizeof(inpkt->seqno) + (myself->digest ? myself->maclength : 0))
-               return false;
-
-       /* Check the message authentication code */
-
-       if(myself->digest && myself->maclength) {
-               HMAC(myself->digest, myself->key, myself->keylength,
-                        (char *) &inpkt->seqno, inpkt->len - myself->maclength, hmac, NULL);
-
-               if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - myself->maclength, myself->maclength))
-                       return false;
-       }
-
-       return true;
-}
-
 static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
 {
        vpn_packet_t pkt1, pkt2;
@@ -194,17 +174,32 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt)
        int nextpkt = 0;
        vpn_packet_t *outpkt = pkt[0];
        int outlen, outpad;
+       char hmac[EVP_MAX_MD_SIZE];
        int i;
 
        cp();
 
-       if(!authenticate_udppacket(n, inpkt)) {
-               ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
-                                          n->name, n->hostname);
+       /* Check packet length */
+
+       if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) {
+               ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"),
+                                       n->name, n->hostname);
                return;
        }
 
-       inpkt->len -= myself->digest ? myself->maclength : 0;
+       /* Check the message authentication code */
+
+       if(myself->digest && myself->maclength) {
+               inpkt->len -= myself->maclength;
+               HMAC(myself->digest, myself->key, myself->keylength,
+                        (char *) &inpkt->seqno, inpkt->len, hmac, NULL);
+
+               if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) {
+                       ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"),
+                                          n->name, n->hostname);
+                       return;
+               }
+       }
 
        /* Decrypt the packet */
 
@@ -488,7 +483,6 @@ void handle_incoming_vpn_data(int sock)
        sockaddr_t from;
        socklen_t fromlen = sizeof(from);
        node_t *n;
-       static time_t lasttime = 0;
 
        cp();
 
@@ -503,25 +497,10 @@ void handle_incoming_vpn_data(int sock)
 
        n = lookup_node_udp(&from);
 
-       if(!n && !strictsource && myself->digest && myself->maclength && lasttime != now) {
-               avl_node_t *node;
-
-               lasttime = now;
-
-               for(node = node_tree->head; node; node = node->next) {
-                       n = node->data;
-
-                       if(authenticate_udppacket(n, &pkt)) {
-                               update_node_address(n, &from);
-                               logger(LOG_DEBUG, _("Updated address of node %s to %s"), n->name, n->hostname);
-                               break;
-                       }
-               }
-       }
-
        if(!n) {
                hostname = sockaddr2hostname(&from);
-               logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname);
+               logger(LOG_WARNING, _("Received UDP packet from unknown source %s"),
+                          hostname);
                free(hostname);
                return;
        }
index 502e7b20b1dddc8a29f63ae78993f19677056707..aa2fbfbe9264b921b56553aca7fc150846c751e4 100644 (file)
@@ -343,8 +343,6 @@ bool setup_myself(void)
 
        get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames);
 
-       get_config_bool(lookup_config(config_tree, "StrictSource"), &strictsource);
-
        /* Generate packet encryption key */
 
        if(get_config_string
index a9b8858afb2866ef6077864e5970fa832b4927ae..351991611b2cd2a3d692213b6866cb50df7c4a25 100644 (file)
@@ -150,28 +150,6 @@ void node_del(node_t *n)
        avl_delete(node_udp_tree, n);
 }
 
-void update_node_address(node_t *n, const sockaddr_t *address) {
-       avl_node_t *node;
-
-       node = avl_unlink(node_udp_tree, n);
-       sockaddrfree(&n->address);
-       sockaddrcpy(&n->address, address);
-
-       if(n->hostname)
-               free(n->hostname);
-
-       n->hostname = sockaddr2hostname(&n->address);
-       avl_insert_node(node_udp_tree, node);
-
-       if(n->options & OPTION_PMTU_DISCOVERY) {
-               n->mtuprobes = 0;
-               n->minmtu = 0;
-               n->maxmtu = MTU;
-               if(n->status.validkey)
-                       send_mtu_probe(n);
-       }
-}
-
 node_t *lookup_node(char *name)
 {
        node_t n = {0};
index 935b9a31af7db176d031c5b599908321f9aa4196..dd9c7a12f1ace0858b1a24c28b91d3599fe8dd17 100644 (file)
@@ -90,7 +90,6 @@ extern node_t *new_node(void) __attribute__ ((__malloc__));
 extern void free_node(node_t *);
 extern void node_add(node_t *);
 extern void node_del(node_t *);
-extern void update_node_address(node_t *, const sockaddr_t *);
 extern node_t *lookup_node(char *);
 extern node_t *lookup_node_udp(const sockaddr_t *);
 extern void dump_nodes(void);