X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_packet.c;h=724eaa33e06ac3a3a524b99214502c8818748c1d;hp=7c51ad6388989b79ba4c30ac67173e401eab158c;hb=bc9e78250ef6fb5169d03565b7d8d9caf309eb98;hpb=5eca9520d93bced1275d45e5e2a933d69354cd6d diff --git a/src/net_packet.c b/src/net_packet.c index 7c51ad63..724eaa33 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.24 2002/09/15 14:55:53 guus Exp $ + $Id: net_packet.c,v 1.1.2.27 2003/04/18 21:18:36 guus Exp $ */ #include "config.h" @@ -80,6 +80,7 @@ int keylifetime = 0; int keyexpires = 0; +EVP_CIPHER_CTX packet_ctx; #define MAX_SEQNO 1073741824 @@ -93,8 +94,8 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; char hmac[EVP_MAX_MD_SIZE]; + int i; cp(); @@ -118,12 +119,12 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->cipher) { outpkt = pkt[nextpkt++]; - EVP_DecryptInit(&ctx, myself->cipher, myself->key, + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); - EVP_DecryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); - + EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); + outpkt->len = outlen + outpad; inpkt = outpkt; } @@ -133,16 +134,26 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) inpkt->len -= sizeof(inpkt->seqno); inpkt->seqno = ntohl(inpkt->seqno); - if(inpkt->seqno <= n->received_seqno) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, - _("Got late or replayed packet from %s (%s), seqno %d"), - n->name, n->hostname, inpkt->seqno); - return; + if(inpkt->seqno != n->received_seqno + 1) { + if(inpkt->seqno >= n->received_seqno + sizeof(n->late) * 8) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_WARNING, _("Lost %d packets from %s (%s)"), + inpkt->seqno - n->received_seqno - 1, n->name, n->hostname); + + memset(n->late, 0, sizeof(n->late)); + } else if (inpkt->seqno <= n->received_seqno) { + if(inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8 || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) { + syslog(LOG_WARNING, _("Got late or replayed packet from %s (%s), seqno %d, last received %d"), + n->name, n->hostname, inpkt->seqno, n->received_seqno, n->late[(inpkt->seqno / 8) % sizeof(n->late)]); + } else + for(i = n->received_seqno + 1; i < inpkt->seqno; i++) + n->late[(inpkt->seqno / 8) % sizeof(n->late)] |= 1 << i % 8; + } } - + n->received_seqno = inpkt->seqno; - + n->late[(n->received_seqno / 8) % sizeof(n->late)] &= ~(1 << n->received_seqno % 8); + if(n->received_seqno > MAX_SEQNO) keyexpires = 0; @@ -196,7 +207,6 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) int origlen; int outlen, outpad; long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; vpn_packet_t *copy; static int priority = 0; int origpriority; @@ -260,10 +270,10 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->cipher) { outpkt = pkt[nextpkt++]; - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len); + EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); - EVP_EncryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); + EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); outpkt->len = outlen + outpad; inpkt = outpkt; @@ -295,7 +305,7 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); - if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ + if(setsockopt(listen_socket[sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); }