+ if(!cl->status.validkey)
+ {
+ if(debug_lvl >= DEBUG_TRAFFIC)
+ syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
+ cl->name, cl->hostname);
+
+ /* Since packet is on the stack of handle_tap_input(),
+ we have to make a copy of it first. */
+
+ copy = xmalloc(sizeof(vpn_packet_t));
+ memcpy(copy, inpkt, sizeof(vpn_packet_t));
+
+ list_insert_tail(cl->queue, copy);
+
+ if(!cl->status.waitingforkey)
+ send_req_key(myself, cl);
+ return;
+ }
+
+ /* Encrypt the packet. */
+
+ RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt));
+
+ EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
+ EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt));
+ EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad);
+ outlen += outpad;
+
+ total_socket_out += outlen;
+
+ to.sin_family = AF_INET;
+ to.sin_addr.s_addr = htonl(cl->address);
+ to.sin_port = htons(cl->port);
+
+ if((sendto(myself->socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
+ {
+ syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
+ cl->name, cl->hostname);
+ return;
+ }