-int xrecv(connection_t *cl, vpn_packet_t *inpkt)
-{
- vpn_packet_t outpkt;
- int outlen, outpad;
- EVP_CIPHER_CTX ctx;
-cp
- outpkt.len = inpkt->len;
-
- /* Decrypt the packet */
-
- EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
- EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
- EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
- outlen += outpad;
-
-/* Bypass
- outlen = outpkt.len+2;
- memcpy(&outpkt, inpkt, outlen);
-*/
-
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"),
- outpkt.len);
-
- /* Fix mac address */
-
- memcpy(outpkt.data, mymac.net.mac.address.x, 6);
-
- if(taptype == TAP_TYPE_TUNTAP)
- {
- if(write(tap_fd, outpkt.data, outpkt.len) < 0)
- syslog(LOG_ERR, _("Can't write to tun/tap device: %m"));
- else
- total_tap_out += outpkt.len;
- }
- else /* ethertap */
- {
- if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0)
- syslog(LOG_ERR, _("Can't write to ethertap device: %m"));
- else
- total_tap_out += outpkt.len + 2;
- }
-cp
- return 0;
-}
-
-/*
- send a packet to the given vpn ip.
-*/
-int send_packet(ip_t to, vpn_packet_t *packet)
-{
- connection_t *cl;
- subnet_t *subnet;
-cp
- if((subnet = lookup_subnet_ipv4(&to)) == NULL)
- {
- if(debug_lvl >= DEBUG_TRAFFIC)
- {
- syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"),
- IP_ADDR_V(to));
- }
-
- return -1;
- }
-
- cl = subnet->owner;
-
- if(cl == myself)
- {
- if(debug_lvl >= DEBUG_TRAFFIC)
- {
- syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"),
- IP_ADDR_V(to));
- }
-
- return -1;
- }
-
- if(!cl->status.active)
- {
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_INFO, _("%s (%s) is not active, dropping packet"),
- cl->name, cl->hostname);
-
- return 0;
- }
-
- /* If we ourselves have indirectdata flag set, we should send only to our uplink! */
-
- /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */
-
- if(!cl->status.validkey)
- {
- if(debug_lvl >= DEBUG_TRAFFIC)
- syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"),
- cl->name, cl->hostname);
-
- list_insert_tail(cl->queue, packet);
-
- if(!cl->status.waitingforkey)
- send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */
- return 0;
- }
-
- /* can we send it? can we? can we? huh? */
-cp
- return xsend(cl, packet);
-}