From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun, 7 Oct 2012 12:03:50 +0000 (+0200)
Subject: Handle packets encrypted via SPTPS that need to be forwarded via TCP.
X-Git-Tag: release-1.1pre3~24
X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=c2a9ed9e98e3dc4218c74fff774ddfe654adfd72

Handle packets encrypted via SPTPS that need to be forwarded via TCP.
---

diff --git a/src/net_packet.c b/src/net_packet.c
index 371632fa..84392693 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -398,6 +398,7 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
 			n->status.waitingforkey = false;
 			send_req_key(n);
 		}
+		return;
 	}
 
 	uint8_t type = 0;
@@ -590,13 +591,15 @@ end:
 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
 	node_t *to = handle;
 
-	if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY)) {
+	if(type >= SPTPS_HANDSHAKE
+			|| ((myself->options | to->options) & OPTION_TCPONLY)
+			|| (type != PKT_PROBE && len > to->minmtu)) {
 		char buf[len * 4 / 3 + 5];
 		b64encode(data, buf, len);
 		if(!to->status.validkey)
 			return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
 		else
-			return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
+			return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, type >= SPTPS_HANDSHAKE ? REQ_SPTPS : REQ_PACKET, buf);
 	}
 
 	/* Send the packet */
diff --git a/src/protocol.h b/src/protocol.h
index 41f74ab4..c16fdf81 100644
--- a/src/protocol.h
+++ b/src/protocol.h
@@ -47,6 +47,7 @@ typedef enum request_t {
 	CONTROL,
 	REQ_PUBKEY, ANS_PUBKEY,
 	REQ_SPTPS,
+	REQ_PACKET,
 	LAST						/* Guardian for the highest request number */
 } request_t;
 
diff --git a/src/protocol_key.c b/src/protocol_key.c
index 3e8d29ad..f34a70da 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -181,6 +181,22 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
 			return true;
 		}
 
+		case REQ_PACKET: {
+			if(!from->status.validkey) {
+				logger(DEBUG_PROTOCOL, LOG_ERR, "Got REQ_PACKET from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
+				return true;
+			}
+
+			char buf[MAX_STRING_SIZE];
+			if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) {
+				logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", from->name, from->hostname, "invalid SPTPS data");
+				return true;
+			}
+			int len = b64decode(buf, buf, strlen(buf));
+			sptps_receive_data(&from->sptps, buf, len);
+			return true;
+		}
+
 		default:
 			logger(DEBUG_ALWAYS, LOG_ERR, "Unknown extended REQ_KEY request from %s (%s): %s", from->name, from->hostname, request);
 			return true;