X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=src%2Fnet_setup.c;h=22a956151f03a520e49f10ffbe6d7af9e068f61d;hb=ddc6a81a854023e38b563f213aa9a449ee91add8;hp=65965908002540ab94340526771bb5d62cafc8bd;hpb=38c25d62c2bc76908bd95fb21c8f5e39ad269884;p=meshlink diff --git a/src/net_setup.c b/src/net_setup.c index 65965908..22a95615 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -32,7 +32,6 @@ #include "conf.h" #include "connection.h" #include "device.h" -#include "tevent.h" #include "graph.h" #include "logger.h" #include "net.h" @@ -209,6 +208,36 @@ bool read_rsa_private_key(void) return true; } +static struct event keyexpire_event; + +static void keyexpire_handler(int fd, short events, void *data) { + regenerate_key(); +} + +void regenerate_key() { + RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength); + + if(timeout_initialized(&keyexpire_event)) { + ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key")); + event_del(&keyexpire_event); + send_key_changed(broadcast, myself); + } else { + timeout_set(&keyexpire_event, keyexpire_handler, NULL); + } + + event_add(&keyexpire_event, &(struct timeval){keylifetime, 0}); + + if(myself->cipher) { + EVP_CIPHER_CTX_init(&packet_ctx); + if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); + abort(); + } + + } +} + /* Configure node_t myself and set up the local sockets (listen only) */ @@ -369,23 +398,11 @@ bool setup_myself(void) myself->connection->outcipher = EVP_bf_ofb(); myself->key = xmalloc(myself->keylength); - RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; - keyexpires = now + keylifetime; - - if(myself->cipher) { - EVP_CIPHER_CTX_init(&packet_ctx); - if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) { - logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), - myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); - return false; - } - - } - + regenerate_key(); /* Check if we want to use message authentication codes... */ if(get_config_string @@ -537,6 +554,11 @@ bool setup_myself(void) memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen); listen_sockets++; + + if(listen_sockets >= MAXSOCKETS) { + logger(LOG_WARNING, _("Maximum of %d listening sockets reached"), MAXSOCKETS); + break; + } } freeaddrinfo(ai); @@ -558,9 +580,6 @@ bool setup_network_connections(void) { cp(); - now = time(NULL); - - init_tevents(); init_connections(); init_subnets(); init_nodes(); @@ -623,6 +642,8 @@ void close_network_connections(void) } for(i = 0; i < listen_sockets; i++) { + event_del(&listen_socket[i].ev_tcp); + event_del(&listen_socket[i].ev_udp); close(listen_socket[i].tcp); close(listen_socket[i].udp); } @@ -638,7 +659,6 @@ void close_network_connections(void) exit_subnets(); exit_nodes(); exit_connections(); - exit_tevents(); execute_script("tinc-down", envp);