X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fmeta.c;h=e3f2999885f21320378f25f83c876b04401a8969;hb=a5c6c6ea1ab657d83a4d8b064ac9bfa9c16adf63;hp=afc98ab2f94cb2ae5c9878bded7838f7f5e4b652;hpb=2c6b2d70e6640f39563ad7bb0aa0ba87f883848c;p=tinc

diff --git a/src/meta.c b/src/meta.c
index afc98ab2..e3f29998 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -21,6 +21,8 @@
 
 #include "system.h"
 
+#include <assert.h>
+
 #include "cipher.h"
 #include "connection.h"
 #include "logger.h"
@@ -28,6 +30,7 @@
 #include "net.h"
 #include "protocol.h"
 #include "utils.h"
+#include "proxy.h"
 
 #ifndef MIN
 static ssize_t MIN(ssize_t x, ssize_t y) {
@@ -56,8 +59,8 @@ bool send_meta(connection_t *c, const void *buffer, size_t length) {
 		abort();
 	}
 
-	logger(DEBUG_META, LOG_DEBUG, "Sending %zu bytes of metadata to %s (%s)",
-	       length, c->name, c->hostname);
+	logger(DEBUG_META, LOG_DEBUG, "Sending %lu bytes of metadata to %s (%s)",
+	       (unsigned long)length, c->name, c->hostname);
 
 	if(c->protocol_minor >= 2) {
 		return sptps_send_record(&c->sptps, 0, buffer, length);
@@ -68,17 +71,16 @@ bool send_meta(connection_t *c, const void *buffer, size_t length) {
 #ifdef DISABLE_LEGACY
 		return false;
 #else
+		assert(c->legacy);
 
-		if(length > c->outbudget) {
+		if(!decrease_budget(&c->legacy->out, length)) {
 			logger(DEBUG_META, LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname);
 			return false;
-		} else {
-			c->outbudget -= length;
 		}
 
 		size_t outlen = length;
 
-		if(!cipher_encrypt(c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
+		if(!cipher_encrypt(&c->legacy->out.cipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting metadata to %s (%s)",
 			       c->name, c->hostname);
 			return false;
@@ -100,8 +102,8 @@ void send_meta_raw(connection_t *c, const void *buffer, size_t length) {
 		abort();
 	}
 
-	logger(DEBUG_META, LOG_DEBUG, "Sending %zu bytes of raw metadata to %s (%s)",
-	       length, c->name, c->hostname);
+	logger(DEBUG_META, LOG_DEBUG, "Sending %lu bytes of raw metadata to %s (%s)",
+	       (unsigned long)length, c->name, c->hostname);
 
 	buffer_add(&c->outbuf, buffer, length);
 
@@ -109,7 +111,7 @@ void send_meta_raw(connection_t *c, const void *buffer, size_t length) {
 }
 
 void broadcast_meta(connection_t *from, const char *buffer, size_t length) {
-	for list_each(connection_t, c, connection_list)
+	for list_each(connection_t, c, &connection_list)
 		if(c != from && c->edge) {
 			send_meta(c, buffer, length);
 		}
@@ -248,17 +250,16 @@ bool receive_meta(connection_t *c) {
 #ifdef DISABLE_LEGACY
 			return false;
 #else
+			assert(c->legacy);
 
-			if((size_t)inlen > c->inbudget) {
+			if(!decrease_budget(&c->legacy->in, (size_t) inlen)) {
 				logger(DEBUG_META, LOG_ERR, "Byte limit exceeded for decryption from %s (%s)", c->name, c->hostname);
 				return false;
-			} else {
-				c->inbudget -= inlen;
 			}
 
 			size_t outlen = inlen;
 
-			if(!cipher_decrypt(c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || (size_t)inlen != outlen) {
+			if(!cipher_decrypt(&c->legacy->in.cipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || (size_t)inlen != outlen) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting metadata from %s (%s)",
 				       c->name, c->hostname);
 				return false;
@@ -279,33 +280,8 @@ bool receive_meta(connection_t *c) {
 				}
 
 				if(!c->node) {
-					if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
-						if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
-							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
-						} else {
-							logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
-							return false;
-						}
-					} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
-						if(tcpbuffer[0] != 5) {
-							logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
-							return false;
-						}
-
-						if(tcpbuffer[1] == (char)0xff) {
-							logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
-							return false;
-						}
-
-						if(tcpbuffer[2] != 5) {
-							logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
-							return false;
-						}
-
-						if(tcpbuffer[3] == 0) {
-							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
-						} else {
-							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
+					if(c->outgoing && c->allow_request == ID && (proxytype == PROXY_SOCKS4 || proxytype == PROXY_SOCKS5)) {
+						if(!check_socks_resp(proxytype, tcpbuffer, c->tcplen)) {
 							return false;
 						}
 					} else {