X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=308a64f6796007685878338c92bab2e9d52063ff;hp=e62bb8dc122b519097a0d1cac913fff312d31aec;hb=013fcb0e9f9c0222f4f63ddf42a2f25bfc4a5546;hpb=cea3d8f3056d3c6aaaef473443240b8470c8ea2d diff --git a/src/net.c b/src/net.c index e62bb8dc..308a64f6 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.54 2000/10/29 10:39:06 guus Exp $ + $Id: net.c,v 1.35.4.57 2000/11/02 22:05:35 zarq Exp $ */ #include "config.h" @@ -111,7 +111,9 @@ int xsend(conn_list_t *cl, vpn_packet_t *inpkt) cp outpkt.len = inpkt->len; - EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey); + /* Encrypt the packet */ + + EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad + 2; @@ -146,8 +148,11 @@ int xrecv(vpn_packet_t *inpkt) EVP_CIPHER_CTX ctx; cp outpkt.len = inpkt->len; - EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); - EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); + + /* Decrypt the packet */ + + EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len); + EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8); EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad; @@ -156,6 +161,10 @@ cp memcpy(&outpkt, inpkt, outlen); */ + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"), + outpkt.len, outlen); + /* Fix mac address */ memcpy(outpkt.data, mymac.net.mac.address.x, 6); @@ -448,20 +457,23 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { - syslog(LOG_ERR, _("setsockopt: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); return -1; } if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one))) { - syslog(LOG_ERR, _("setsockopt: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("fcntl: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); return -1; } @@ -491,7 +503,8 @@ cp if(listen(nfd, 3)) { - syslog(LOG_ERR, _("listen: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "listen"); return -1; } cp @@ -516,14 +529,16 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { - syslog(LOG_ERR, _("setsockopt: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("fcntl: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); return -1; } @@ -770,10 +785,12 @@ cp /* Generate packet encryption key */ - myself->cipher_pkttype = EVP_bf_cbc(); + myself->cipher_pkttype = EVP_bf_cfb(); + + myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; - myself->cipher_pktkey = (char *)xmalloc(64); - RAND_bytes(myself->cipher_pktkey, 64); + myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength); + RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); if(!(cfg = get_config_val(config, keyexpire))) keylifetime = 3600; @@ -849,7 +866,6 @@ cp if(!fork()) { - execl(scriptname, NULL); if(errno != ENOENT) @@ -985,7 +1001,8 @@ cp if(getpeername(sfd, &ci, &len) < 0) { - syslog(LOG_ERR, _("Error: getpeername: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "getpeername"); return NULL; } @@ -1041,6 +1058,7 @@ int handle_incoming_vpn_data() vpn_packet_t pkt; int x, l = sizeof(x); struct sockaddr from; + int lenin; socklen_t fromlen = sizeof(from); cp if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) @@ -1055,18 +1073,17 @@ cp return -1; } - if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0) + if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return -1; } -/* + if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len, - from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]); + syslog(LOG_DEBUG, _("Received packet of %d bytes"), lenin); } -*/ + cp return xrecv(&pkt); } @@ -1362,7 +1379,7 @@ cp if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Regenerating symmetric key")); - RAND_bytes(myself->cipher_pktkey, 64); + RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); send_key_changed(myself, NULL); keyexpires = time(NULL) + keylifetime; }