From 8c8b506da9ce578fe6e6e406a91bbd21af13f7a3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 11 Apr 2020 17:25:53 +0200 Subject: [PATCH] Also renew SPTPS keys for meta-connections. --- src/connection.h | 1 + src/net.c | 10 ++++++++++ src/protocol_auth.c | 1 + 3 files changed, 12 insertions(+) diff --git a/src/connection.h b/src/connection.h index 25e122d0..5160422b 100644 --- a/src/connection.h +++ b/src/connection.h @@ -67,6 +67,7 @@ typedef struct connection_t { int tcplen; /* length of incoming TCPpacket */ int allow_request; /* defined if there's only one request possible */ time_t last_ping_time; /* last time we saw some activity from the other end or pinged them */ + time_t last_key_renewal; /* last time we renewed the SPTPS key */ struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ diff --git a/src/net.c b/src/net.c index d80df2fd..2ee8aee4 100644 --- a/src/net.c +++ b/src/net.c @@ -123,6 +123,16 @@ static void timeout_handler(event_loop_t *loop, void *data) { } } + if(c->status.active && c->last_key_renewal + 3600 < mesh->loop.now.tv_sec) { + if(!sptps_force_kex(&c->sptps)) { + logger(mesh, MESHLINK_ERROR, "SPTPS key renewal for connection with %s failed", c->name); + terminate_connection(mesh, c, true); + continue; + } else { + c->last_key_renewal = mesh->loop.now.tv_sec; + } + } + if(c->last_ping_time + pingtimeout <= mesh->loop.now.tv_sec) { if(c->status.active) { if(c->status.pinged) { diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 5632c5a2..c17d9e82 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -365,6 +365,7 @@ bool ack_h(meshlink_handle_t *mesh, connection_t *c, const char *request) { /* Activate this connection */ c->allow_request = ALL; + c->last_key_renewal = mesh->loop.now.tv_sec; c->status.active = true; logger(mesh, MESHLINK_INFO, "Connection with %s activated", c->name); -- 2.39.5