From: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon, 12 Jan 2015 13:43:32 +0000 (+0100)
Subject: Improve packet source detection.
X-Git-Tag: release-1.1pre12~207
X-Git-Url: https://www.tinc-vpn.org/git/browse?a=commitdiff_plain;h=a95e182d9ca54960383bfe3950b2b798e1f24f9e;hp=a95e182d9ca54960383bfe3950b2b798e1f24f9e;p=tinc

Improve packet source detection.

When no UDP communication has been done yet, tinc establishes a guess
for the UDP address+port of each node. However, when there are multiple nodes
behind a NAT, tinc will guess the exact same address+port combination
for them, because it doesn't know about the NAT mappings yet. So when
receiving a packet, don't trust that guess unless we have confirmed UDP
communication.

This ensures try_harder() is called in such cases. However, this
function was actually very inefficient, trying to verify packets
multiple times for nodes with multiple edges. Only call try_mac() at
most once per node.
---