Send broadcast packets using a random socket, and properly support IPv6.

[tinc] / src / protocol_key.c

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 8096af5..f2f317d 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -1,7 +1,7 @@
 /*
     protocol_key.c -- handle the meta-protocol, key exchange
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2009 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -34,17 +34,21 @@
 #include "utils.h"
 #include "xalloc.h"
 
-bool mykeyused = false;
+static bool mykeyused = false;
 
-bool send_key_changed() {
-       /* Only send this message if some other daemon requested our key previously.
-          This reduces unnecessary key_changed broadcasts.
-        */
+void send_key_changed(void) {
+       avl_node_t *node;
+       connection_t *c;
 
-       if(!mykeyused)
-               return true;
+       send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
+
+       /* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
 
-       return send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name);
+       for(node = connection_tree->head; node; node = node->next) {
+               c = node->data;
+               if(c->status.active && c->node && c->node->status.reachable)
+                       send_ans_key(c->node);
+       }
 }
 
 bool key_changed_h(connection_t *c) {
@@ -141,8 +145,6 @@ bool req_key_h(connection_t *c) {
 }
 
 bool send_ans_key(node_t *to) {
-       char *key;
-
        // Set key parameters
        to->incipher = myself->incipher;
        to->inkeylength = myself->inkeylength;
@@ -161,10 +163,10 @@ bool send_ans_key(node_t *to) {
        // Reset sequence number and late packet window
        mykeyused = true;
        to->received_seqno = 0;
-       memset(to->late, 0, sizeof(to->late));
+       if(replaywin) memset(to->late, 0, replaywin);
 
        // Convert to hexadecimal and send
-       key = alloca(2 * to->inkeylength + 1);
+       char key[2 * to->inkeylength + 1];
        bin2hex(to->inkey, key, to->inkeylength);
        key[to->inkeylength * 2] = '\0';
 
@@ -225,7 +227,7 @@ bool ans_key_h(connection_t *c) {
                        return true;
                }
 
-               if(!*address) {
+               if(!*address && from->address.sa.sa_family != AF_UNSPEC) {
                        char *address, *port;
                        ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
                        sockaddr2str(&from->address, &address, &port);
@@ -238,12 +240,16 @@ bool ans_key_h(connection_t *c) {
                return send_request(to->nexthop->connection, "%s", c->buffer);
        }
 
+       /* Don't use key material until every check has passed. */
+       from->status.validkey = false;
+
        /* Update our copy of the origin's packet key */
        from->outkey = xrealloc(from->outkey, strlen(key) / 2);
-
-       from->outkey = xstrdup(key);
        from->outkeylength = strlen(key) / 2;
-       hex2bin(key, from->outkey, from->outkeylength);
+       if(!hex2bin(key, from->outkey, from->outkeylength)) {
+               logger(LOG_ERR, "Got bad %s from %s(%s): %s", "ANS_KEY", from->name, from->hostname, "invalid key");
+               return true;
+       }
 
        /* Check and lookup cipher and digest algorithms */
 
@@ -308,7 +314,7 @@ bool ans_key_h(connection_t *c) {
                update_node_udp(from, &sa);
        }
 
-       if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
+       if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuevent)
                send_mtu_probe(from);
 
        return true;