along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.103 2001/03/13 21:32:24 guus Exp $
+ $Id: net.c,v 1.35.4.105 2001/05/07 19:08:43 guus Exp $
*/
#include "config.h"
/* Encrypt the packet. */
- outpkt.len = inpkt->len;
+ RAND_bytes(inpkt->salt, sizeof(inpkt->salt));
EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
- EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
- EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
- outlen += outpad + 2;
+ EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt));
+ EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad);
+ outlen += outpad;
total_socket_out += outlen;
to.sin_addr.s_addr = htonl(cl->address);
to.sin_port = htons(cl->port);
- if((sendto(myself->socket, (char *) &(outpkt.len), outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
+ if((sendto(myself->socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0)
{
syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
cl->name, cl->hostname);
int outlen, outpad;
EVP_CIPHER_CTX ctx;
cp
- outpkt.len = inpkt->len;
-
/* Decrypt the packet */
EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
- EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
- EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
+ EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len);
+ EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad);
outlen += outpad;
+ outpkt.len = outlen - sizeof(outpkt.salt);
receive_packet(cl, &outpkt);
cp
return -1;
}
- ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0])));
+ ncn->address = ntohl(*((ipv4_t*)(h->h_addr_list[0])));
ncn->hostname = hostlookup(htonl(ncn->address));
if(setup_outgoing_meta_socket(ncn) < 0)
myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
- RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
+ RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
if(!(cfg = get_config_val(config, config_keyexpire)))
keylifetime = 3600;
cp
cfg = get_config_val(upstreamcfg, config_connectto);
- if(!cfg && upstreamcfg == config)
+ if(!cfg)
+ if(upstreamcfg == config)
{
/* No upstream IP given, we're listen only. */
signal(SIGALRM, SIG_IGN);
return;
}
+ else
+ {
+ /* We previously tried all the ConnectTo lines. Now wrap back to the first. */
+ cfg = get_config_val(config, config_connectto);
+ }
while(cfg)
{
{
vpn_packet_t pkt;
int x, l = sizeof(x);
- int lenin;
struct sockaddr_in from;
socklen_t fromlen = sizeof(from);
connection_t *cl;
return;
}
- if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0)
+ if((pkt.len = recvfrom(myself->socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0)
{
syslog(LOG_ERR, _("Receiving packet failed: %m"));
return;