chiark
/
gitweb
/
~ian
/
secnet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
test: udp-preload: Proof of concept wrapping
[secnet.git]
/
site.c
diff --git
a/site.c
b/site.c
index df0ab3a46433f41f3f506a00bae751f61cbd5dae..eb146e1baabd1c3e031c86b4960f2d7fd27d35b8 100644
(file)
--- a/
site.c
+++ b/
site.c
@@
-109,6
+109,8
@@
#define CASES_MSG3_KNOWN LABEL_MSG3: case LABEL_MSG3BIS
#define CASES_MSG3_KNOWN LABEL_MSG3: case LABEL_MSG3BIS
+struct msg;
+
int32_t site_max_start_pad = 4*4;
static cstring_t state_name(uint32_t state)
int32_t site_max_start_pad = 4*4;
static cstring_t state_name(uint32_t state)
@@
-394,15
+396,23
@@
static uint32_t event_log_priority(struct site *st, uint32_t event)
}
}
}
}
+static uint32_t slog_start(struct site *st, uint32_t event)
+{
+ uint32_t class=event_log_priority(st, event);
+ if (class) {
+ slilog_part(st->log,class,"%s: ",st->tunname);
+ }
+ return class;
+}
+
static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
FORMAT(printf,3,0);
static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
{
uint32_t class;
static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
FORMAT(printf,3,0);
static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
{
uint32_t class;
- class=
event_log_priority(st,
event);
+ class=
slog_start(st,
event);
if (class) {
if (class) {
- slilog_part(st->log,class,"%s: ",st->tunname);
vslilog_part(st->log,class,msg,ap);
slilog_part(st->log,class,"\n");
}
vslilog_part(st->log,class,msg,ap);
slilog_part(st->log,class,"\n");
}
@@
-457,7
+467,9
@@
static bool_t initiate_key_setup(struct site *st, cstring_t reason,
static void enter_state_run(struct site *st);
static bool_t enter_state_resolve(struct site *st);
static void decrement_resolving_count(struct site *st, int by);
static void enter_state_run(struct site *st);
static bool_t enter_state_resolve(struct site *st);
static void decrement_resolving_count(struct site *st, int by);
-static bool_t enter_new_state(struct site *st,uint32_t next);
+static bool_t enter_new_state(struct site *st,uint32_t next,
+ const struct msg *prompt
+ /* may be 0 for SENTMSG1 */);
static void enter_state_wait(struct site *st);
static void activate_new_key(struct site *st);
static void enter_state_wait(struct site *st);
static void activate_new_key(struct site *st);
@@
-611,7
+623,9
@@
static void append_string_xinfo_done(struct buffer_if *buf,
/* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
out using a transform of config data supplied by netlink */
/* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
out using a transform of config data supplied by netlink */
-static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
+static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what,
+ const struct msg *prompt
+ /* may be 0 for MSG1 */)
{
string_t dhpub;
unsigned minor;
{
string_t dhpub;
unsigned minor;
@@
-792,14
+806,21
@@
static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
return False;
}
return False;
}
-static bool_t
generate_msg1
(struct site *st)
+static bool_t
kex_init
(struct site *st)
{
st->random->generate(st->random->st,NONCELEN,st->localN);
{
st->random->generate(st->random->st,NONCELEN,st->localN);
- return generate_msg(st,LABEL_MSG1,"site:MSG1");
+ return True;
+}
+
+static bool_t generate_msg1(struct site *st, const struct msg *prompt_maybe_0)
+{
+ return
+ generate_msg(st,LABEL_MSG1,"site:MSG1",prompt_maybe_0);
}
static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
}
static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
- const struct comm_addr *src, struct msg *m)
+ const struct comm_addr *src,
+ const struct msg *m)
{
/* We've already determined we're in an appropriate state to
process an incoming MSG1, and that the MSG1 has correct values
{
/* We've already determined we're in an appropriate state to
process an incoming MSG1, and that the MSG1 has correct values
@@
-811,25
+832,26
@@
static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
return True;
}
return True;
}
-static bool_t generate_msg2(struct site *st)
+static bool_t generate_msg2(struct site *st,
+ const struct msg *prompt_may_be_null)
{
{
- st->random->generate(st->random->st,NONCELEN,st->localN);
-
return generate_msg(st,LABEL_MSG2,"site:MSG2"
);
+ return
+
generate_msg(st,LABEL_MSG2,"site:MSG2",prompt_may_be_null
);
}
static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
}
static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
- const struct comm_addr *src)
+ const struct comm_addr *src,
+ struct msg *m /* returned */)
{
{
- struct msg m;
cstring_t err;
cstring_t err;
- if (!unpick_msg(st,LABEL_MSG2,msg2,
&
m)) return False;
- if (!check_msg(st,LABEL_MSG2,
&
m,&err)) {
+ if (!unpick_msg(st,LABEL_MSG2,msg2,m)) return False;
+ if (!check_msg(st,LABEL_MSG2,m,&err)) {
slog(st,LOG_SEC,"msg2: %s",err);
return False;
}
slog(st,LOG_SEC,"msg2: %s",err);
return False;
}
- st->setup_session_id=m
.
source;
- st->remote_capabilities=m
.
remote_capabilities;
+ st->setup_session_id=m
->
source;
+ st->remote_capabilities=m
->
remote_capabilities;
/* Select the transform to use */
/* Select the transform to use */
@@
-860,11
+882,11
@@
kind##_found: \
#undef CHOOSE_CRYPTO
#undef CHOOSE_CRYPTO
- memcpy(st->remoteN,m
.
nR,NONCELEN);
+ memcpy(st->remoteN,m
->
nR,NONCELEN);
return True;
}
return True;
}
-static bool_t generate_msg3(struct site *st)
+static bool_t generate_msg3(struct site *st
, const struct msg *prompt
)
{
/* Now we have our nonce and their nonce. Think of a secret key,
and create message number 3. */
{
/* Now we have our nonce and their nonce. Think of a secret key,
and create message number 3. */
@@
-873,7
+895,7
@@
static bool_t generate_msg3(struct site *st)
(st->remote_capabilities & CAPAB_TRANSFORM_MASK)
? LABEL_MSG3BIS
: LABEL_MSG3,
(st->remote_capabilities & CAPAB_TRANSFORM_MASK)
? LABEL_MSG3BIS
: LABEL_MSG3,
- "site:MSG3");
+ "site:MSG3"
,prompt
);
}
static bool_t process_msg3_msg4(struct site *st, struct msg *m)
}
static bool_t process_msg3_msg4(struct site *st, struct msg *m)
@@
-892,9
+914,9
@@
static bool_t process_msg3_msg4(struct site *st, struct msg *m)
}
static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
}
static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
- const struct comm_addr *src, uint32_t msgtype)
+ const struct comm_addr *src, uint32_t msgtype,
+ struct msg *m /* returned */)
{
{
- struct msg m;
cstring_t err;
switch (msgtype) {
cstring_t err;
switch (msgtype) {
@@
-902,17
+924,17
@@
static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
default: assert(0);
}
default: assert(0);
}
- if (!unpick_msg(st,msgtype,msg3,
&
m)) return False;
- if (!check_msg(st,msgtype,
&
m,&err)) {
+ if (!unpick_msg(st,msgtype,msg3,m)) return False;
+ if (!check_msg(st,msgtype,m,&err)) {
slog(st,LOG_SEC,"msg3: %s",err);
return False;
}
slog(st,LOG_SEC,"msg3: %s",err);
return False;
}
- uint32_t capab_adv_late = m
.
remote_capabilities
+ uint32_t capab_adv_late = m
->
remote_capabilities
& ~st->remote_capabilities & st->early_capabilities;
if (capab_adv_late) {
slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
" %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
& ~st->remote_capabilities & st->early_capabilities;
if (capab_adv_late) {
slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
" %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
- capab_adv_late, st->remote_capabilities, m
.
remote_capabilities);
+ capab_adv_late, st->remote_capabilities, m
->
remote_capabilities);
return False;
}
return False;
}
@@
-921,11
+943,11
@@
static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
int i; \
for (i=0; i<st->n##kind##s; i++) { \
iface=st->kind##s[i]; \
int i; \
for (i=0; i<st->n##kind##s; i++) { \
iface=st->kind##s[i]; \
- if (iface->capab_bit == m
.capab_##kind##num)
\
+ if (iface->capab_bit == m
->capab_##kind##num)
\
goto kind##_found; \
} \
slog(st,LOG_SEC,"peer chose unknown-to-us " what " %d!", \
goto kind##_found; \
} \
slog(st,LOG_SEC,"peer chose unknown-to-us " what " %d!", \
- m
.capab_##kind##num);
\
+ m
->capab_##kind##num);
\
return False; \
kind##_found: \
st->chosen_##kind=iface; \
return False; \
kind##_found: \
st->chosen_##kind=iface; \
@@
-935,7
+957,7
@@
kind##_found: \
#undef CHOSE_CRYPTO
#undef CHOSE_CRYPTO
- if (!process_msg3_msg4(st,
&
m))
+ if (!process_msg3_msg4(st,m))
return False;
/* Update our idea of the remote site's capabilities, now that we've
return False;
/* Update our idea of the remote site's capabilities, now that we've
@@
-946,46
+968,46
@@
kind##_found: \
* doesn't change any of the bits we relied upon in the past, but it may
* also have set additional capability bits. We simply throw those away
* now, and use the authentic capabilities from this MSG3. */
* doesn't change any of the bits we relied upon in the past, but it may
* also have set additional capability bits. We simply throw those away
* now, and use the authentic capabilities from this MSG3. */
- st->remote_capabilities=m
.
remote_capabilities;
+ st->remote_capabilities=m
->
remote_capabilities;
/* Terminate their DH public key with a '0' */
/* Terminate their DH public key with a '0' */
- m
.pk[m.
pklen]=0;
+ m
->pk[m->
pklen]=0;
/* Invent our DH secret key */
st->random->generate(st->random->st,st->dh->len,st->dhsecret);
/* Generate the shared key and set up the transform */
/* Invent our DH secret key */
st->random->generate(st->random->st,st->dh->len,st->dhsecret);
/* Generate the shared key and set up the transform */
- if (!set_new_transform(st,m
.
pk)) return False;
+ if (!set_new_transform(st,m
->
pk)) return False;
return True;
}
return True;
}
-static bool_t generate_msg4(struct site *st)
+static bool_t generate_msg4(struct site *st
, const struct msg *prompt
)
{
/* We have both nonces, their public key and our private key. Generate
our public key, sign it and send it to them. */
{
/* We have both nonces, their public key and our private key. Generate
our public key, sign it and send it to them. */
- return generate_msg(st,LABEL_MSG4,"site:MSG4");
+ return generate_msg(st,LABEL_MSG4,"site:MSG4"
,prompt
);
}
static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
}
static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
- const struct comm_addr *src)
+ const struct comm_addr *src,
+ struct msg *m /* returned */)
{
{
- struct msg m;
cstring_t err;
cstring_t err;
- if (!unpick_msg(st,LABEL_MSG4,msg4,
&
m)) return False;
- if (!check_msg(st,LABEL_MSG4,
&
m,&err)) {
+ if (!unpick_msg(st,LABEL_MSG4,msg4,m)) return False;
+ if (!check_msg(st,LABEL_MSG4,m,&err)) {
slog(st,LOG_SEC,"msg4: %s",err);
return False;
}
slog(st,LOG_SEC,"msg4: %s",err);
return False;
}
- if (!process_msg3_msg4(st,
&
m))
+ if (!process_msg3_msg4(st,m))
return False;
/* Terminate their DH public key with a '0' */
return False;
/* Terminate their DH public key with a '0' */
- m
.pk[m.
pklen]=0;
+ m
->pk[m->
pklen]=0;
/* Generate the shared key and set up the transform */
/* Generate the shared key and set up the transform */
- if (!set_new_transform(st,m
.
pk)) return False;
+ if (!set_new_transform(st,m
->
pk)) return False;
return True;
}
return True;
}
@@
-1009,7
+1031,7
@@
static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
/* Leaves transformed part of buffer untouched */
}
/* Leaves transformed part of buffer untouched */
}
-static bool_t generate_msg5(struct site *st)
+static bool_t generate_msg5(struct site *st
, const struct msg *prompt
)
{
cstring_t transform_err;
{
cstring_t transform_err;
@@
-1075,7
+1097,7
@@
static void create_msg6(struct site *st, struct transform_inst_if *transform,
buf_prepend_uint32(&st->buffer,session_id);
}
buf_prepend_uint32(&st->buffer,session_id);
}
-static bool_t generate_msg6(struct site *st)
+static bool_t generate_msg6(struct site *st
, const struct msg *prompt
)
{
if (!is_transform_valid(st->new_transform))
return False;
{
if (!is_transform_valid(st->new_transform))
return False;
@@
-1352,7
+1374,7
@@
static void decrement_resolving_count(struct site *st, int by)
switch (st->state) {
case SITE_RESOLVE:
if (transport_compute_setupinit_peers(st,addrs,naddrs,0)) {
switch (st->state) {
case SITE_RESOLVE:
if (transport_compute_setupinit_peers(st,addrs,naddrs,0)) {
- enter_new_state(st,SITE_SENTMSG1);
+ enter_new_state(st,SITE_SENTMSG1
,0
);
} else {
/* Can't figure out who to try to to talk to */
slog(st,LOG_SETUP_INIT,
} else {
/* Can't figure out who to try to to talk to */
slog(st,LOG_SETUP_INIT,
@@
-1412,7
+1434,7
@@
static bool_t initiate_key_setup(struct site *st, cstring_t reason,
slog(st,LOG_SETUP_INIT,"resolving peer address(es)");
return enter_state_resolve(st);
} else if (transport_compute_setupinit_peers(st,0,0,prod_hint)) {
slog(st,LOG_SETUP_INIT,"resolving peer address(es)");
return enter_state_resolve(st);
} else if (transport_compute_setupinit_peers(st,0,0,prod_hint)) {
- return enter_new_state(st,SITE_SENTMSG1);
+ return enter_new_state(st,SITE_SENTMSG1
,0
);
}
slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
return False;
}
slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
return False;
@@
-1566,21
+1588,25
@@
static bool_t enter_state_resolve(struct site *st)
return ensure_resolving(st);
}
return ensure_resolving(st);
}
-static bool_t enter_new_state(struct site *st, uint32_t next)
+static bool_t enter_new_state(struct site *st, uint32_t next,
+ const struct msg *prompt
+ /* may be 0 for SENTMSG1 */)
{
{
- bool_t (*gen)(struct site *st);
+ bool_t (*gen)(struct site *st
, const struct msg *prompt
);
int r;
slog(st,LOG_STATE,"entering state %s",state_name(next));
switch(next) {
case SITE_SENTMSG1:
state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
int r;
slog(st,LOG_STATE,"entering state %s",state_name(next));
switch(next) {
case SITE_SENTMSG1:
state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
+ if (!kex_init(st)) return False;
gen=generate_msg1;
st->msg1_crossed_logged = False;
break;
case SITE_SENTMSG2:
state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
gen=generate_msg1;
st->msg1_crossed_logged = False;
break;
case SITE_SENTMSG2:
state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
+ if (!kex_init(st)) return False;
gen=generate_msg2;
break;
case SITE_SENTMSG3:
gen=generate_msg2;
break;
case SITE_SENTMSG3:
@@
-1611,7
+1637,7
@@
static bool_t enter_new_state(struct site *st, uint32_t next)
if (hacky_par_start_failnow()) return False;
if (hacky_par_start_failnow()) return False;
- r= gen(st) && send_msg(st);
+ r= gen(st
,prompt
) && send_msg(st);
hacky_par_end(&r,
st->setup_retries, st->setup_retry_interval,
hacky_par_end(&r,
st->setup_retries, st->setup_retry_interval,
@@
-1818,17
+1844,17
@@
static bool_t we_have_priority(struct site *st, const struct msg *m) {
static bool_t setup_late_msg_ok(struct site *st,
const struct buffer_if *buf_in,
uint32_t msgtype,
static bool_t setup_late_msg_ok(struct site *st,
const struct buffer_if *buf_in,
uint32_t msgtype,
- const struct comm_addr *source) {
+ const struct comm_addr *source,
+ struct msg *m /* returned */) {
/* For setup packets which seem from their type like they are
* late. Maybe they came via a different path. All we do is make
* a note of the sending address, iff they look like they are part
* of the current key setup attempt. */
/* For setup packets which seem from their type like they are
* late. Maybe they came via a different path. All we do is make
* a note of the sending address, iff they look like they are part
* of the current key setup attempt. */
- struct msg m;
- if (!named_for_us(st,buf_in,msgtype,&m))
+ if (!named_for_us(st,buf_in,msgtype,m))
/* named_for_us calls unpick_msg which gets the nonces */
return False;
/* named_for_us calls unpick_msg which gets the nonces */
return False;
- if (!consttime_memeq(m
.
nR,st->remoteN,NONCELEN) ||
- !consttime_memeq(m
.
nL,st->localN, NONCELEN))
+ if (!consttime_memeq(m
->
nR,st->remoteN,NONCELEN) ||
+ !consttime_memeq(m
->
nL,st->localN, NONCELEN))
/* spoof ? from stale run ? who knows */
return False;
transport_setup_msgok(st,source);
/* spoof ? from stale run ? who knows */
return False;
transport_setup_msgok(st,source);
@@
-1849,10
+1875,11
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
uint32_t dest=get_uint32(buf->start);
uint32_t msgtype=get_uint32(buf->start+8);
uint32_t dest=get_uint32(buf->start);
uint32_t msgtype=get_uint32(buf->start+8);
- struct msg named_msg;
+ struct msg msg;
+ /* initialised by named_for_us, or process_msgN for N!=1 */
if (msgtype==LABEL_MSG1) {
if (msgtype==LABEL_MSG1) {
- if (!named_for_us(st,buf,msgtype,&
named_
msg))
+ if (!named_for_us(st,buf,msgtype,&msg))
return False;
/* It's a MSG1 addressed to us. Decide what to do about it. */
dump_packet(st,buf,source,True,True);
return False;
/* It's a MSG1 addressed to us. Decide what to do about it. */
dump_packet(st,buf,source,True,True);
@@
-1860,9
+1887,9
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
st->state==SITE_WAIT) {
/* We should definitely process it */
transport_compute_setupinit_peers(st,0,0,source);
st->state==SITE_WAIT) {
/* We should definitely process it */
transport_compute_setupinit_peers(st,0,0,source);
- if (process_msg1(st,buf,source,&
named_
msg)) {
+ if (process_msg1(st,buf,source,&msg)) {
slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
- bool_t entered=enter_new_state(st,SITE_SENTMSG2);
+ bool_t entered=enter_new_state(st,SITE_SENTMSG2
,&msg
);
if (entered && st->addresses && st->local_mobile)
/* We must do this as the very last thing, because
the resolver callback might reenter us. */
if (entered && st->addresses && st->local_mobile)
/* We must do this as the very last thing, because
the resolver callback might reenter us. */
@@
-1876,7
+1903,7
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
/* We've just sent a message 1! They may have crossed on
the wire. If we have priority then we ignore the
incoming one, otherwise we process it as usual. */
/* We've just sent a message 1! They may have crossed on
the wire. If we have priority then we ignore the
incoming one, otherwise we process it as usual. */
- if (we_have_priority(st,&
named_
msg)) {
+ if (we_have_priority(st,&msg)) {
BUF_FREE(buf);
if (!st->msg1_crossed_logged++)
slog(st,LOG_SETUP_INIT,"crossed msg1s; we are higher "
BUF_FREE(buf);
if (!st->msg1_crossed_logged++)
slog(st,LOG_SETUP_INIT,"crossed msg1s; we are higher "
@@
-1885,10
+1912,10
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
} else {
slog(st,LOG_SETUP_INIT,"crossed msg1s; we are lower "
"priority => use incoming msg1");
} else {
slog(st,LOG_SETUP_INIT,"crossed msg1s; we are lower "
"priority => use incoming msg1");
- if (process_msg1(st,buf,source,&
named_
msg)) {
+ if (process_msg1(st,buf,source,&msg)) {
BUF_FREE(&st->buffer); /* Free our old message 1 */
transport_setup_msgok(st,source);
BUF_FREE(&st->buffer); /* Free our old message 1 */
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG2);
+ enter_new_state(st,SITE_SENTMSG2
,&msg
);
} else {
slog(st,LOG_ERROR,"failed to process an incoming "
"crossed msg1 (we have low priority)");
} else {
slog(st,LOG_ERROR,"failed to process an incoming "
"crossed msg1 (we have low priority)");
@@
-1898,7
+1925,7
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
}
} else if (st->state==SITE_SENTMSG2 ||
st->state==SITE_SENTMSG4) {
}
} else if (st->state==SITE_SENTMSG2 ||
st->state==SITE_SENTMSG4) {
- if (consttime_memeq(
named_
msg.nR,st->remoteN,NONCELEN)) {
+ if (consttime_memeq(msg.nR,st->remoteN,NONCELEN)) {
/* We are ahead in the protocol, but that msg1 had the
* peer's nonce so presumably it is from this key
* exchange run, via a slower route */
/* We are ahead in the protocol, but that msg1 had the
* peer's nonce so presumably it is from this key
* exchange run, via a slower route */
@@
-1916,7
+1943,7
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
return True;
}
if (msgtype==LABEL_PROD) {
return True;
}
if (msgtype==LABEL_PROD) {
- if (!named_for_us(st,buf,msgtype,&
named_
msg))
+ if (!named_for_us(st,buf,msgtype,&msg))
return False;
dump_packet(st,buf,source,True,True);
if (st->state!=SITE_RUN) {
return False;
dump_packet(st,buf,source,True,True);
if (st->state!=SITE_RUN) {
@@
-1957,12
+1984,12
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
if (st->state!=SITE_SENTMSG1) {
if ((st->state==SITE_SENTMSG3 ||
st->state==SITE_SENTMSG5) &&
if (st->state!=SITE_SENTMSG1) {
if ((st->state==SITE_SENTMSG3 ||
st->state==SITE_SENTMSG5) &&
- setup_late_msg_ok(st,buf,msgtype,source))
+ setup_late_msg_ok(st,buf,msgtype,source
,&msg
))
break;
slog(st,LOG_UNEXPECTED,"unexpected MSG2");
break;
slog(st,LOG_UNEXPECTED,"unexpected MSG2");
- } else if (process_msg2(st,buf,source)) {
+ } else if (process_msg2(st,buf,source
,&msg
)) {
transport_setup_msgok(st,source);
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG3);
+ enter_new_state(st,SITE_SENTMSG3
,&msg
);
} else {
slog(st,LOG_SEC,"invalid MSG2");
}
} else {
slog(st,LOG_SEC,"invalid MSG2");
}
@@
-1971,12
+1998,12
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
/* Setup packet: expected only in state SENTMSG2 */
if (st->state!=SITE_SENTMSG2) {
if ((st->state==SITE_SENTMSG4) &&
/* Setup packet: expected only in state SENTMSG2 */
if (st->state!=SITE_SENTMSG2) {
if ((st->state==SITE_SENTMSG4) &&
- setup_late_msg_ok(st,buf,msgtype,source))
+ setup_late_msg_ok(st,buf,msgtype,source
,&msg
))
break;
slog(st,LOG_UNEXPECTED,"unexpected MSG3");
break;
slog(st,LOG_UNEXPECTED,"unexpected MSG3");
- } else if (process_msg3(st,buf,source,msgtype)) {
+ } else if (process_msg3(st,buf,source,msgtype
,&msg
)) {
transport_setup_msgok(st,source);
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG4);
+ enter_new_state(st,SITE_SENTMSG4
,&msg
);
} else {
slog(st,LOG_SEC,"invalid MSG3");
}
} else {
slog(st,LOG_SEC,"invalid MSG3");
}
@@
-1985,12
+2012,12
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
/* Setup packet: expected only in state SENTMSG3 */
if (st->state!=SITE_SENTMSG3) {
if ((st->state==SITE_SENTMSG5) &&
/* Setup packet: expected only in state SENTMSG3 */
if (st->state!=SITE_SENTMSG3) {
if ((st->state==SITE_SENTMSG5) &&
- setup_late_msg_ok(st,buf,msgtype,source))
+ setup_late_msg_ok(st,buf,msgtype,source
,&msg
))
break;
slog(st,LOG_UNEXPECTED,"unexpected MSG4");
break;
slog(st,LOG_UNEXPECTED,"unexpected MSG4");
- } else if (process_msg4(st,buf,source)) {
+ } else if (process_msg4(st,buf,source
,&msg
)) {
transport_setup_msgok(st,source);
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG5);
+ enter_new_state(st,SITE_SENTMSG5
,&msg
);
} else {
slog(st,LOG_SEC,"invalid MSG4");
}
} else {
slog(st,LOG_SEC,"invalid MSG4");
}
@@
-2005,7
+2032,7
@@
static bool_t site_incoming(void *sst, struct buffer_if *buf,
if (st->state==SITE_SENTMSG4) {
if (process_msg5(st,buf,source,st->new_transform)) {
transport_setup_msgok(st,source);
if (st->state==SITE_SENTMSG4) {
if (process_msg5(st,buf,source,st->new_transform)) {
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_RUN);
+ enter_new_state(st,SITE_RUN
,&msg
);
} else {
slog(st,LOG_SEC,"invalid MSG5");
}
} else {
slog(st,LOG_SEC,"invalid MSG5");
}