From 6056f1c13bb37bf711dff9c25a6eaea99f14d31f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 10 Jan 2015 22:26:33 +0100 Subject: [PATCH] Remember whether we sent our key to another node. In tinc 1.0.x, this was tracked in node->inkey, however in tinc 1.1 we have an abstraction layer for the legacy cipher and digest, and we don't keep an explicit copy of the key around. We cannot use cipher_active() or digest_active(), since it is possible to set both to the null algorithm. So add a bit to node_status_t. --- src/net_packet.c | 2 +- src/net_setup.c | 2 ++ src/node.h | 3 ++- src/protocol_key.c | 2 ++ 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 4719288..c7c7285 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -302,7 +302,7 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) { #ifdef DISABLE_LEGACY return false; #else - if(!n->status.validkey) { + if(!n->status.validkey_in) { logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname); return false; } diff --git a/src/net_setup.c b/src/net_setup.c index 34320d8..1ae5edf 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -319,6 +319,8 @@ static void keyexpire_handler(void *data) { void regenerate_key(void) { logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys"); send_key_changed(); + for splay_each(node_t, n, node_tree) + n->status.validkey_in = false; } /* diff --git a/src/node.h b/src/node.h index 4f6232b..cd9e2d9 100644 --- a/src/node.h +++ b/src/node.h @@ -38,7 +38,8 @@ typedef struct node_status_t { unsigned int sptps:1; /* 1 if this node supports SPTPS */ unsigned int udp_confirmed:1; /* 1 if the address is one that we received UDP traffic on */ unsigned int send_locally:1; /* 1 if the next UDP packet should be sent on the local network */ - unsigned int unused:23; + unsigned int validkey_in; /* 1 if we have sent a valid key to him */ + unsigned int unused:22; } node_status_t; typedef struct node_t { diff --git a/src/protocol_key.c b/src/protocol_key.c index aaf0f33..d373858 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -303,6 +303,8 @@ bool send_ans_key(node_t *to) { to->received = 0; if(replaywin) memset(to->late, 0, replaywin); + to->status.validkey_in = true; + return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY, myself->name, to->name, key, cipher_get_nid(to->incipher), -- 2.25.1