Merge remote-tracking branches 'dechamps/sptpsrestart' and 'dechamps/keychanged' into 1.1
This commit is contained in:
Guus Sliepen
commit
5c32bd1578
2 changed files with 39 additions and 13 deletions
|
|
@ -288,7 +288,14 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
|||
n->status.udppacket = false;
|
||||
|
||||
if(!result) {
|
||||
logger(DEBUG_TRAFFIC, LOG_ERR, "Got bad packet from %s (%s)", n->name, n->hostname);
|
||||
/* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
|
||||
so let's restart SPTPS in case that helps. But don't do that too often
|
||||
to prevent storms, and because that would make life a little too easy
|
||||
for external attackers trying to DoS us. */
|
||||
if(n->last_req_key < now.tv_sec - 10) {
|
||||
logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", n->name, n->hostname);
|
||||
send_req_key(n);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
|
@ -464,11 +471,17 @@ bool receive_tcppacket_sptps(connection_t *c, const char *data, int len) {
|
|||
|
||||
/* The packet is for us */
|
||||
|
||||
if(!from->status.validkey) {
|
||||
logger(DEBUG_PROTOCOL, LOG_ERR, "Got SPTPS packet from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
|
||||
if(!sptps_receive_data(&from->sptps, data, len)) {
|
||||
/* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
|
||||
so let's restart SPTPS in case that helps. But don't do that too often
|
||||
to prevent storms. */
|
||||
if(from->last_req_key < now.tv_sec - 10) {
|
||||
logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
|
||||
send_req_key(from);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
sptps_receive_data(&from->sptps, data, len);
|
||||
|
||||
send_mtu_info(myself, from, MTU);
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@
|
|||
static bool mykeyused = false;
|
||||
|
||||
void send_key_changed(void) {
|
||||
#ifndef DISABLE_LEGACY
|
||||
send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
|
||||
|
||||
/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
|
||||
|
|
@ -43,6 +44,7 @@ void send_key_changed(void) {
|
|||
for list_each(connection_t, c, connection_list)
|
||||
if(c->edge && c->node && c->node->status.reachable && !c->node->status.sptps)
|
||||
send_ans_key(c->node);
|
||||
#endif
|
||||
|
||||
/* Force key exchange for connections using SPTPS */
|
||||
|
||||
|
|
@ -107,9 +109,6 @@ bool send_req_key(node_t *to) {
|
|||
return true;
|
||||
}
|
||||
|
||||
if(to->sptps.label)
|
||||
logger(DEBUG_ALWAYS, LOG_DEBUG, "send_req_key(%s) called while sptps->label != NULL!", to->name);
|
||||
|
||||
char label[25 + strlen(myself->name) + strlen(to->name)];
|
||||
snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
|
||||
sptps_stop(&to->sptps);
|
||||
|
|
@ -148,11 +147,16 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, no
|
|||
try_tx(to, true);
|
||||
} else {
|
||||
/* The packet is for us */
|
||||
if(!from->status.validkey) {
|
||||
logger(DEBUG_PROTOCOL, LOG_ERR, "Got SPTPS_PACKET from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
|
||||
if(!sptps_receive_data(&from->sptps, buf, len)) {
|
||||
/* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
|
||||
so let's restart SPTPS in case that helps. But don't do that too often
|
||||
to prevent storms. */
|
||||
if(from->last_req_key < now.tv_sec - 10) {
|
||||
logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
|
||||
send_req_key(from);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
sptps_receive_data(&from->sptps, buf, len);
|
||||
send_mtu_info(myself, from, MTU);
|
||||
}
|
||||
|
||||
|
|
@ -428,9 +432,18 @@ bool ans_key_h(connection_t *c, const char *request) {
|
|||
if(from->status.sptps) {
|
||||
char buf[strlen(key)];
|
||||
int len = b64decode(key, buf, strlen(key));
|
||||
|
||||
if(!len || !sptps_receive_data(&from->sptps, buf, len))
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error processing SPTPS data from %s (%s)", from->name, from->hostname);
|
||||
if(!len || !sptps_receive_data(&from->sptps, buf, len)) {
|
||||
/* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
|
||||
so let's restart SPTPS in case that helps. But don't do that too often
|
||||
to prevent storms.
|
||||
Note that simply relying on handshake timeout is not enough, because
|
||||
that doesn't apply to key regeneration. */
|
||||
if(from->last_req_key < now.tv_sec - 10) {
|
||||
logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode handshake TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
|
||||
send_req_key(from);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
if(from->status.validkey) {
|
||||
if(*address && *port) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue