AS_HELP_STRING([--enable-vde], [enable support for Virtual Distributed Ethernet]),
[ AS_IF([test "x$enable_vde" = "xyes"],
[ AC_CHECK_HEADERS(libvdeplug_dyn.h, [], [AC_MSG_ERROR([VDE plug header files not found.]); break])
+ AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl"], [AC_MSG_ERROR([VDE plug depends on libdl.]); break])
AC_DEFINE(ENABLE_VDE, 1, [Support for VDE])
vde=true
],
}
static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
- vpn_packet_t pkt1, pkt2;
- vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
- int nextpkt = 0;
- size_t outlen;
- pkt1.offset = DEFAULT_PACKET_OFFSET;
- pkt2.offset = DEFAULT_PACKET_OFFSET;
-
if(n->status.sptps) {
if(!n->sptps.state) {
if(!n->status.waitingforkey) {
#ifdef DISABLE_LEGACY
return false;
#else
+ vpn_packet_t pkt1, pkt2;
+ vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
+ int nextpkt = 0;
+ size_t outlen;
+ pkt1.offset = DEFAULT_PACKET_OFFSET;
+ pkt2.offset = DEFAULT_PACKET_OFFSET;
if(!n->status.validkey_in) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
}
static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
- vpn_packet_t pkt1, pkt2;
- vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
- vpn_packet_t *inpkt = origpkt;
- int nextpkt = 0;
- vpn_packet_t *outpkt;
- int origlen = origpkt->len;
- size_t outlen;
- int origpriority = origpkt->priority;
-
- pkt1.offset = DEFAULT_PACKET_OFFSET;
- pkt2.offset = DEFAULT_PACKET_OFFSET;
-
if(!n->status.reachable) {
logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
return;
#ifdef DISABLE_LEGACY
return;
#else
+ vpn_packet_t pkt1, pkt2;
+ vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
+ vpn_packet_t *inpkt = origpkt;
+ int nextpkt = 0;
+ vpn_packet_t *outpkt;
+ int origlen = origpkt->len;
+ size_t outlen;
+ int origpriority = origpkt->priority;
+
+ pkt1.offset = DEFAULT_PACKET_OFFSET;
+ pkt2.offset = DEFAULT_PACKET_OFFSET;
+
/* Make sure we have a valid key */
if(!n->status.validkey) {
}
#endif
+#ifndef DISABLE_LEGACY
static timeout_t keyexpire_timeout;
static void keyexpire_handler(void *data) {
keylifetime, rand() % 100000
});
}
+#endif
void regenerate_key(void) {
logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys");
Configure node_t myself and set up the local sockets (listen only)
*/
static bool setup_myself(void) {
- char *name, *hostname, *cipher, *digest, *type;
+ char *name, *hostname, *type;
char *address = NULL;
bool port_specified = false;
#ifndef DISABLE_LEGACY
/* Generate packet encryption key */
+ char *cipher;
+
if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) {
cipher = xstrdup("aes-256-cbc");
}
return false;
}
+ char *digest;
+
if(!get_config_string(lookup_config(config_tree, "Digest"), &digest)) {
digest = xstrdup("sha256");
}
close(random_fd);
}
-void randomize(void *out, size_t outlen) {
+void randomize(void *vout, size_t outlen) {
+ char *out = vout;
+
while(outlen) {
size_t len = read(random_fd, out, outlen);
}
}
+#ifndef DISABLE_LEGACY
bool send_metakey(connection_t *c) {
-#ifdef DISABLE_LEGACY
- return false;
-#else
-
if(!myself->connection->rsa) {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname);
return false;
c->status.encryptout = true;
return result;
-#endif
}
bool metakey_h(connection_t *c, const char *request) {
-#ifdef DISABLE_LEGACY
- return false;
-#else
-
if(!myself->connection->rsa) {
return false;
}
c->allow_request = CHALLENGE;
return send_challenge(c);
-#endif
}
bool send_challenge(connection_t *c) {
-#ifdef DISABLE_LEGACY
- return false;
-#else
const size_t len = rsa_size(c->rsa);
char buffer[len * 2 + 1];
/* Send the challenge */
return send_request(c, "%d %s", CHALLENGE, buffer);
-#endif
}
bool challenge_h(connection_t *c, const char *request) {
-#ifdef DISABLE_LEGACY
- return false;
-#else
-
if(!myself->connection->rsa) {
return false;
}
} else {
return true;
}
-
-#endif
}
bool send_chal_reply(connection_t *c) {
}
bool chal_reply_h(connection_t *c, const char *request) {
-#ifdef DISABLE_LEGACY
- return false;
-#else
char hishash[MAX_STRING_SIZE];
if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) {
}
return send_ack(c);
-#endif
}
static bool send_upgrade(connection_t *c) {
-#ifdef DISABLE_LEGACY
- return false;
-#else
/* Special case when protocol_minor is 1: the other end is Ed25519 capable,
* but doesn't know our key yet. So send it now. */
bool result = send_request(c, "%d %s", ACK, pubkey);
free(pubkey);
return result;
-#endif
}
+#else
+bool send_metakey(connection_t *c) {
+ (void)c;
+ return false;
+}
+
+bool metakey_h(connection_t *c, const char *request) {
+ (void)c;
+ (void)request;
+ return false;
+}
+
+bool send_challenge(connection_t *c) {
+ (void)c;
+ return false;
+}
+
+bool challenge_h(connection_t *c, const char *request) {
+ (void)c;
+ (void)request;
+ return false;
+}
+
+bool send_chal_reply(connection_t *c) {
+ (void)c;
+ return false;
+}
+
+bool chal_reply_h(connection_t *c, const char *request) {
+ (void)c;
+ (void)request;
+ return false;
+}
+
+static bool send_upgrade(connection_t *c) {
+ (void)c;
+ return false;
+}
+#endif
bool send_ack(connection_t *c) {
if(c->protocol_minor == 1) {
#include "utils.h"
#include "xalloc.h"
+#ifndef DISABLE_LEGACY
static bool mykeyused = false;
+#endif
void send_key_changed(void) {
#ifndef DISABLE_LEGACY
static int cmd_generate_keys(int argc, char *argv[]) {
#ifdef DISABLE_LEGACY
+ (void)argv;
if(argc > 1) {
#else
projects / tinc / commitdiff