From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun, 17 May 2015 19:07:45 +0000 (+0200)
Subject: Merge remote-tracking branches 'dechamps/sptpsrestart' and 'dechamps/keychanged'... 
X-Git-Tag: release-1.1pre12~154
X-Git-Url: https://www.tinc-vpn.org/git/browse?a=commitdiff_plain;h=5c32bd1578d59e005f634621d17ca96af32bb630;hp=-c;p=tinc

Merge remote-tracking branches 'dechamps/sptpsrestart' and 'dechamps/keychanged' into 1.1
---

5c32bd1578d59e005f634621d17ca96af32bb630
diff --combined src/protocol_key.c
index c183ac45,83851f23,6721aa44..b409a357
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@@@ -36,6 -36,6 -36,7 +36,7 @@@@
   static bool mykeyused = false;
   
   void send_key_changed(void) {
++ #ifndef DISABLE_LEGACY
   	send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
   
   	/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
@@@@ -43,6 -43,6 -44,7 +44,7 @@@@
   	for list_each(connection_t, c, connection_list)
   		if(c->edge && c->node && c->node->status.reachable && !c->node->status.sptps)
   			send_ans_key(c->node);
++ #endif
   
   	/* Force key exchange for connections using SPTPS */
   
@@@@ -107,9 -107,6 -109,9 +109,6 @@@@ bool send_req_key(node_t *to) 
   			return true;
   		}
   
- -		if(to->sptps.label)
- -			logger(DEBUG_ALWAYS, LOG_DEBUG, "send_req_key(%s) called while sptps->label != NULL!", to->name);
- -
   		char label[25 + strlen(myself->name) + strlen(to->name)];
   		snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
   		sptps_stop(&to->sptps);
@@@@ -148,11 -145,16 -150,11 +147,16 @@@@ static bool req_key_ext_h(connection_t 
   			try_tx(to, true);
   		} else {
   			/* The packet is for us */
- -			if(!from->status.validkey) {
- -				logger(DEBUG_PROTOCOL, LOG_ERR, "Got SPTPS_PACKET from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
+ +			if(!sptps_receive_data(&from->sptps, buf, len)) {
+ +				/* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
+ +				   so let's restart SPTPS in case that helps. But don't do that too often
+ +				   to prevent storms. */
+ +				if(from->last_req_key < now.tv_sec - 10) {
+ +					logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
+ +					send_req_key(from);
+ +				}
   				return true;
   			}
- -			sptps_receive_data(&from->sptps, buf, len);
   			send_mtu_info(myself, from, MTU);
   		}
   
@@@@ -428,9 -430,18 -430,9 +432,18 @@@@ bool ans_key_h(connection_t *c, const c
   	if(from->status.sptps) {
   		char buf[strlen(key)];
   		int len = b64decode(key, buf, strlen(key));
- -
- -		if(!len || !sptps_receive_data(&from->sptps, buf, len))
- -			logger(DEBUG_ALWAYS, LOG_ERR, "Error processing SPTPS data from %s (%s)", from->name, from->hostname);
+ +		if(!len || !sptps_receive_data(&from->sptps, buf, len)) {
+ +			/* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
+ +			   so let's restart SPTPS in case that helps. But don't do that too often
+ +			   to prevent storms.
+ +			   Note that simply relying on handshake timeout is not enough, because
+ +			   that doesn't apply to key regeneration. */
+ +			if(from->last_req_key < now.tv_sec - 10) {
+ +				logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode handshake TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
+ +				send_req_key(from);
+ +			}
+ +			return true;
+ +		}
   
   		if(from->status.validkey) {
   			if(*address && *port) {