From 44a24f63acc70d19904e5540986b8301b3c9b882 Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun, 14 Oct 2012 14:33:54 +0200
Subject: [PATCH] Fix handling of initial datagram SPTPS packet.

Only the very first packet of an SPTPS session should be send with REQ_KEY,
this signals the peer to abort any previous session and start a new one as
well.
---
 src/net_packet.c   | 13 ++++++++-----
 src/protocol.h     |  1 -
 src/protocol_key.c | 18 +++++++++++-------
 3 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/net_packet.c b/src/net_packet.c
index f301aa22..c61bc60a 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -397,6 +397,7 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
 		if(!n->status.waitingforkey)
 			send_req_key(n);
 		else if(n->last_req_key + 10 < time(NULL)) {
+			logger(DEBUG_ALWAYS, LOG_DEBUG, "No key from %s after 10 seconds, restarting SPTPS", n->name);
 			sptps_stop(&n->sptps);
 			n->status.waitingforkey = false;
 			send_req_key(n);
@@ -631,18 +632,20 @@ end:
 bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
 	node_t *to = handle;
 
-	if(type >= SPTPS_HANDSHAKE
-			|| ((myself->options | to->options) & OPTION_TCPONLY)
-			|| (type != PKT_PROBE && len > to->minmtu)) {
+	/* Send it via TCP if it is a handshake packet, TCPOnly is in use, or this packet is larger than the MTU. */
+
+	if(type >= SPTPS_HANDSHAKE || ((myself->options | to->options) & OPTION_TCPONLY) || (type != PKT_PROBE && len > to->minmtu)) {
 		char buf[len * 4 / 3 + 5];
 		b64encode(data, buf, len);
+		/* If no valid key is known yet, send the packets using ANS_KEY requests,
+		   to ensure we get to learn the reflexive UDP address. */
 		if(!to->status.validkey)
 			return send_request(to->nexthop->connection, "%d %s %s %s -1 -1 -1 %d", ANS_KEY, myself->name, to->name, buf, myself->incompression);
 		else
-			return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, type >= SPTPS_HANDSHAKE ? REQ_SPTPS : REQ_PACKET, buf);
+			return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_SPTPS, buf);
 	}
 
-	/* Send the packet */
+	/* Otherwise, send the packet via UDP */
 
 	struct sockaddr *sa;
 	socklen_t sl;
diff --git a/src/protocol.h b/src/protocol.h
index 1211f9fe..9030ce5a 100644
--- a/src/protocol.h
+++ b/src/protocol.h
@@ -47,7 +47,6 @@ typedef enum request_t {
 	CONTROL,
 	REQ_PUBKEY, ANS_PUBKEY,
 	REQ_SPTPS,
-	REQ_PACKET,
 	LAST                                            /* Guardian for the highest request number */
 } request_t;
 
diff --git a/src/protocol_key.c b/src/protocol_key.c
index 082707d1..b54df3c8 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -102,6 +102,10 @@ bool send_req_key(node_t *to) {
 			send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY);
 			return true;
 		}
+
+		if(to->sptps.label)
+			logger(DEBUG_ALWAYS, LOG_DEBUG, "send_req_key(%s) called while sptps->label != NULL!", to->name);
+
 		char label[25 + strlen(myself->name) + strlen(to->name)];
 		snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
 		sptps_stop(&to->sptps);
@@ -149,17 +153,17 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
 				send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY);
 				return true;
 			}
-		}
 
-		case REQ_SPTPS: {
+			if(from->sptps.label)
+				logger(DEBUG_ALWAYS, LOG_DEBUG, "Got REQ_KEY from %s while we already started a SPTPS session!", from->name);
+
 			char buf[MAX_STRING_SIZE];
 			if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) {
-				logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", from->name, from->hostname, "invalid SPTPS data");
+				logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS_START", from->name, from->hostname, "invalid SPTPS data");
 				return true;
 			}
 			int len = b64decode(buf, buf, strlen(buf));
 
-
 			char label[25 + strlen(from->name) + strlen(myself->name)];
 			snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name);
 			sptps_stop(&from->sptps);
@@ -171,15 +175,15 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
 			return true;
 		}
 
-		case REQ_PACKET: {
+		case REQ_SPTPS: {
 			if(!from->status.validkey) {
-				logger(DEBUG_PROTOCOL, LOG_ERR, "Got REQ_PACKET from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
+				logger(DEBUG_PROTOCOL, LOG_ERR, "Got REQ_SPTPS from %s (%s) but we don't have a valid key yet", from->name, from->hostname);
 				return true;
 			}
 
 			char buf[MAX_STRING_SIZE];
 			if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) {
-				logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", from->name, from->hostname, "invalid SPTPS data");
+				logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS", from->name, from->hostname, "invalid SPTPS data");
 				return true;
 			}
 			int len = b64decode(buf, buf, strlen(buf));
-- 
2.20.1