}
return false;
}
- inpkt->offset += 2 * sizeof(node_id_t);
n->status.udppacket = true;
- bool result = sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len - 2 * sizeof(node_id_t));
+ bool result = sptps_receive_data(&n->sptps, DATA(inpkt), inpkt->len);
n->status.udppacket = false;
if(!result) {
- logger(DEBUG_TRAFFIC, LOG_ERR, "Got bad packet from %s (%s)", n->name, n->hostname);
+ /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
+ so let's restart SPTPS in case that helps. But don't do that too often
+ to prevent storms, and because that would make life a little too easy
+ for external attackers trying to DoS us. */
+ if(n->last_req_key < now.tv_sec - 10) {
+ logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", n->name, n->hostname);
+ send_req_key(n);
+ }
return false;
}
return true;
/* The packet is for us */
- if(!from->status.validkey) {
- logger(DEBUG_PROTOCOL, LOG_ERR, "Got SPTPS packet from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
+ if(!sptps_receive_data(&from->sptps, data, len)) {
+ /* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
+ so let's restart SPTPS in case that helps. But don't do that too often
+ to prevent storms. */
+ if(from->last_req_key < now.tv_sec - 10) {
+ logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode raw TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
+ send_req_key(from);
+ }
return true;
}
- sptps_receive_data(&from->sptps, data, len);
+
send_mtu_info(myself, from, MTU);
return true;
}
/* Send it via TCP if it is a handshake packet, TCPOnly is in use, this is a relay packet that the other node cannot understand, or this packet is larger than the MTU. */
if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) {
- if((from != myself || to->status.validkey) && (to->nexthop->connection->options >> 24) >= 7) {
+ if(type != SPTPS_HANDSHAKE && (to->nexthop->connection->options >> 24) >= 7) {
char buf[len + sizeof to->id + sizeof from->id]; char* buf_ptr = buf;
memcpy(buf_ptr, &to->id, sizeof to->id); buf_ptr += sizeof to->id;
memcpy(buf_ptr, &from->id, sizeof from->id); buf_ptr += sizeof from->id;
char buf[len * 4 / 3 + 5];
b64encode(data, buf, len);
- /* If no valid key is known yet, send the packets using ANS_KEY requests,
- to ensure we get to learn the reflexive UDP address. */
- if(from == myself && !to->status.validkey) {
+ /* If this is a handshake packet, use ANS_KEY instead of REQ_KEY, for two reasons:
+ - We don't want intermediate nodes to switch to UDP to relay these packets;
+ - ANS_KEY allows us to learn the reflexive UDP address. */
+ if(type == SPTPS_HANDSHAKE) {
to->incompression = myself->incompression;
return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, from->name, to->name, buf, to->incompression);
} else {
if(!n->status.reachable || n == myself)
continue;
- if((n->status.sptps && !n->sptps.instate) || !n->status.validkey_in)
+ if(!n->status.validkey_in && !(n->status.sptps && n->sptps.instate))
continue;
bool soft = false;
return;
}
+ pkt.offset = 0;
+
if(n->status.sptps) {
- pkt.offset = 2 * sizeof(node_id_t);
+ bool relay_enabled = (n->options >> 24) >= 4;
+ if (relay_enabled) {
+ pkt.offset = 2 * sizeof(node_id_t);
+ pkt.len -= pkt.offset;
+ }
- if(!memcmp(DSTID(&pkt), &nullid, sizeof nullid)) {
+ if(!memcmp(DSTID(&pkt), &nullid, sizeof nullid) || !relay_enabled) {
direct = true;
from = n;
to = myself;
/* If we're not the final recipient, relay the packet. */
if(to != myself) {
- send_sptps_data(to, from, 0, DATA(&pkt), pkt.len - 2 * sizeof(node_id_t));
+ send_sptps_data(to, from, 0, DATA(&pkt), pkt.len);
try_tx_sptps(to, true);
return;
}
from = n;
}
- pkt.offset = 0;
if(!receive_udppacket(from, &pkt))
return;