if(n->status.sptps)
return sptps_verify_datagram(&n->sptps, DATA(inpkt), inpkt->len);
+#ifdef DISABLE_LEGACY
+ return false;
+#else
if(!digest_active(n->indigest) || inpkt->len < sizeof(seqno_t) + digest_length(n->indigest))
return false;
return digest_verify(n->indigest, SEQNO(inpkt), inpkt->len - digest_length(n->indigest), DATA(inpkt) + inpkt->len - digest_length(n->indigest));
+#endif
}
static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
return true;
}
+#ifdef DISABLE_LEGACY
+ return false;
+#else
if(!n->status.validkey) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
return false;
else
receive_packet(n, inpkt);
return true;
+#endif
}
void receive_tcppacket(connection_t *c, const char *buffer, int len) {
if(n->status.validkey)
return true;
+ /* If n is a TCP-only neighbor, we'll only use "cleartext" PACKET
+ messages anyway, so there's no need for SPTPS at all. */
+ if(n->connection && ((myself->options | n->options) & OPTION_TCPONLY))
+ return false;
+
logger(DEBUG_TRAFFIC, LOG_INFO, "No valid key known yet for %s (%s)", n->name, n->hostname);
if(!n->status.waitingforkey)
}
static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
- if (!try_sptps(n))
+ /* Note: condition order is as intended - even if we have a direct
+ metaconnection, we want to try SPTPS anyway as it's the only way to
+ get UDP going */
+ if(!try_sptps(n) && !n->connection)
return;
uint8_t type = 0;
}
}
- sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset);
+ /* If we have a direct metaconnection to n, and we can't use UDP, then
+ don't bother with SPTPS and just use a "plaintext" PACKET message.
+ We don't really care about end-to-end security since we're not
+ sending the message through any intermediate nodes. */
+ if(n->connection && origpkt->len > n->minmtu)
+ send_tcppacket(n->connection, origpkt);
+ else
+ sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset);
return;
}
if(n->status.sptps)
return send_sptps_packet(n, origpkt);
+#ifdef DISABLE_LEGACY
+ return;
+#else
/* Make sure we have a valid key */
if(!n->status.validkey) {
end:
origpkt->len = origlen;
+#endif
}
static bool send_sptps_data_priv(node_t *to, node_t *from, int type, const void *data, size_t len) {