chiark / gitweb /
~ian / secnet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Exit nonzero if any unknown options are provided on the command line.
[secnet.git] / site.c
diff --git a/site.c b/site.c
index 1a664ce30c0d6e52d5f3259e2579e746fb11bcd7..29efb25f9bd36e6cd79b376d651f0cdbea836027 100644 (file)
--- a/site.c
+++ b/site.c
@@ -1,17 +1,37 @@
 /* site.c - manage communication with a remote network site */
 
-#include <stdio.h>
-#include <sys/mman.h>
+/* The 'site' code doesn't know anything about the structure of the
+   packets it's transmitting.  In fact, under the new netlink
+   configuration scheme it doesn't need to know anything at all about
+   IP addresses, except how to contact its peer.  This means it could
+   potentially be used to tunnel other protocols too (IPv6, IPX, plain
+   old Ethernet frames) if appropriate netlink code can be written
+   (and that ought not to be too hard, eg. using the TUN/TAP device to
+   pretend to be an Ethernet interface).  */
+
+/* At some point in the future the netlink code will be asked for
+   configuration information to go in the PING/PONG packets at the end
+   of the key exchange. */
 
 #include "secnet.h"
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+#include <assert.h>
+#include <sys/socket.h>
+
+#include <sys/mman.h>
 #include "util.h"
+#include "unaligned.h"
+#include "magic.h"
 
 #define SETUP_BUFFER_LEN 2048
 
-#define DEFAULT_KEY_LIFETIME 15000
+#define DEFAULT_KEY_LIFETIME 3600000 /* One hour */
+#define DEFAULT_KEY_RENEGOTIATE_GAP 300000 /* Five minutes */
 #define DEFAULT_SETUP_RETRIES 5
-#define DEFAULT_SETUP_TIMEOUT 500
-#define DEFAULT_WAIT_TIME 10000
+#define DEFAULT_SETUP_TIMEOUT 2000
+#define DEFAULT_WAIT_TIME 20000
 
 /* Each site can be in one of several possible states. */
 
@@ -60,33 +80,22 @@
 #define SITE_SENTMSG5 7
 #define SITE_WAIT     8
 
-static string_t state_name(uint32_t state)
+static cstring_t state_name(uint32_t state)
 {
     switch (state) {
-    case 0: return "SITE_STOP";
-    case 1: return "SITE_RUN";
-    case 2: return "SITE_RESOLVE";
-    case 3: return "SITE_SENTMSG1";
-    case 4: return "SITE_SENTMSG2";
-    case 5: return "SITE_SENTMSG3";
-    case 6: return "SITE_SENTMSG4";
-    case 7: return "SITE_SENTMSG5";
-    case 8: return "SITE_WAIT";
+    case 0: return "STOP";
+    case 1: return "RUN";
+    case 2: return "RESOLVE";
+    case 3: return "SENTMSG1";
+    case 4: return "SENTMSG2";
+    case 5: return "SENTMSG3";
+    case 6: return "SENTMSG4";
+    case 7: return "SENTMSG5";
+    case 8: return "WAIT";
     default: return "*bad state*";
     }
 }
 
-#define LABEL_MSG0 0x00020200
-#define LABEL_MSG1 0x01010101
-#define LABEL_MSG2 0x02020202
-#define LABEL_MSG3 0x03030303
-#define LABEL_MSG4 0x04040404
-#define LABEL_MSG5 0x05050505
-#define LABEL_MSG6 0x06060606
-#define LABEL_MSG7 0x07070707
-#define LABEL_MSG8 0x08080808
-#define LABEL_MSG9 0x09090909
-
 #define NONCELEN 8
 
 #define LOG_UNEXPECTED    0x00000001
@@ -94,42 +103,63 @@ static string_t state_name(uint32_t state)
 #define LOG_SETUP_TIMEOUT 0x00000004
 #define LOG_ACTIVATE_KEY  0x00000008
 #define LOG_TIMEOUT_KEY   0x00000010
-#define LOG_SECURITY      0x00000020
+#define LOG_SEC           0x00000020
 #define LOG_STATE         0x00000040
 #define LOG_DROP          0x00000080
 #define LOG_DUMP          0x00000100
 #define LOG_ERROR         0x00000400
 
+static struct flagstr log_event_table[]={
+    { "unexpected", LOG_UNEXPECTED },
+    { "setup-init", LOG_SETUP_INIT },
+    { "setup-timeout", LOG_SETUP_TIMEOUT },
+    { "activate-key", LOG_ACTIVATE_KEY },
+    { "timeout-key", LOG_TIMEOUT_KEY },
+    { "security", LOG_SEC },
+    { "state-change", LOG_STATE },
+    { "packet-drop", LOG_DROP },
+    { "dump-packets", LOG_DUMP },
+    { "errors", LOG_ERROR },
+    { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
+      LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
+    { "all", 0xffffffff },
+    { NULL, 0 }
+};
+
 struct site {
     closure_t cl;
     struct site_if ops;
 /* configuration information */
     string_t localname;
     string_t remotename;
-    string_t tunname; /* localname<->remotename by default */
+    string_t tunname; /* localname<->remotename by default, used in logs */
     string_t address; /* DNS name for bootstrapping, optional */
-    int remoteport;
+    int remoteport; /* Port for bootstrapping, optional */
     struct netlink_if *netlink;
     struct comm_if *comm;
     struct resolver_if *resolver;
     struct log_if *log;
     struct random_if *random;
     struct rsaprivkey_if *privkey;
-    struct subnet_list remotenets;
     struct rsapubkey_if *pubkey;
     struct transform_if *transform;
     struct dh_if *dh;
     struct hash_if *hash;
-    void *netlink_cid;
 
-    uint32_t setup_retries; /* How many times to send setup packets */
-    uint32_t setup_timeout; /* Initial timeout for setup packets */
-    uint32_t wait_timeout; /* How long to wait if setup unsuccessful */
-    uint32_t key_lifetime; /* How long a key lasts once set up */
+    uint32_t index; /* Index of this site */
+    int32_t setup_retries; /* How many times to send setup packets */
+    int32_t setup_timeout; /* Initial timeout for setup packets */
+    int32_t wait_timeout; /* How long to wait if setup unsuccessful */
+    int32_t key_lifetime; /* How long a key lasts once set up */
+    int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
+                                     after this time, initiate a new
+                                     key exchange */
+    bool_t keepalive; /* Send keepalives to detect peer failure (not yet
+                        implemented) */
 
     uint8_t *setupsig; /* Expected signature of incoming MSG1 packets */
-    uint32_t setupsiglen; /* Allows us to discard packets quickly if
-                            they are not for us */
+    int32_t setupsiglen; /* Allows us to discard packets quickly if
+                           they are not for us */
     bool_t setup_priority; /* Do we have precedence if both sites emit
                              message 1 simultaneously? */
     uint32_t log_events;
@@ -138,104 +168,130 @@ struct site {
     uint32_t state;
     uint64_t now; /* Most recently seen time */
 
+    /* The currently established session */
     uint32_t remote_session_id;
     struct transform_inst_if *current_transform;
     bool_t current_valid;
     uint64_t current_key_timeout; /* End of life of current key */
+    uint64_t renegotiate_key_time; /* When we can negotiate a new key */
     struct sockaddr_in peer; /* Current address of peer */
     bool_t peer_valid; /* Peer address becomes invalid when key times out,
                          but only if we have a DNS name for our peer */
 
+    /* The current key setup protocol exchange.  We can only be
+       involved in one of these at a time.  There's a potential for
+       denial of service here (the attacker keeps sending a setup
+       packet; we keep trying to continue the exchange, and have to
+       timeout before we can listen for another setup packet); perhaps
+       we should keep a list of 'bad' sources for setup packets. */
     uint32_t setup_session_id;
     struct sockaddr_in setup_peer;
     uint8_t localN[NONCELEN]; /* Nonces for key exchange */
     uint8_t remoteN[NONCELEN];
     struct buffer_if buffer; /* Current outgoing key exchange packet */
-    uint32_t retries; /* Number of retries remaining */
+    int32_t retries; /* Number of retries remaining */
     uint64_t timeout; /* Timeout for current state */
     uint8_t *dhsecret;
     uint8_t *sharedsecret;
-
     struct transform_inst_if *new_transform; /* For key setup/verify */
 };
 
-static void slog(struct site *st, uint32_t event, string_t msg, ...)
+static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
 {
     va_list ap;
-    uint8_t buf[240];
+    char buf[240];
+    uint32_t class;
 
     va_start(ap,msg);
 
     if (event&st->log_events) {
-       vsnprintf(buf,240,msg,ap);
-       st->log->log(st->log->st,0,"%s: %s",st->tunname,buf);
+       switch(event) {
+       case LOG_UNEXPECTED: class=M_INFO; break;
+       case LOG_SETUP_INIT: class=M_INFO; break;
+       case LOG_SETUP_TIMEOUT: class=M_NOTICE; break;
+       case LOG_ACTIVATE_KEY: class=M_INFO; break;
+       case LOG_TIMEOUT_KEY: class=M_INFO; break;
+       case LOG_SEC: class=M_SECURITY; break;
+       case LOG_STATE: class=M_DEBUG; break;
+       case LOG_DROP: class=M_DEBUG; break;
+       case LOG_DUMP: class=M_DEBUG; break;
+       case LOG_ERROR: class=M_ERR; break;
+       default: class=M_ERR; break;
+       }
+
+       vsnprintf(buf,sizeof(buf),msg,ap);
+       st->log->log(st->log->st,class,"%s: %s",st->tunname,buf);
     }
     va_end(ap);
 }
 
+static void set_link_quality(struct site *st);
+static void delete_key(struct site *st, cstring_t reason, uint32_t loglevel);
+static bool_t initiate_key_setup(struct site *st, cstring_t reason);
 static void enter_state_run(struct site *st);
 static bool_t enter_state_resolve(struct site *st);
-static bool_t enter_state_sentmsg1(struct site *st);
-static bool_t enter_state_sentmsg2(struct site *st);
-static bool_t enter_state_sentmsg3(struct site *st);
-static bool_t enter_state_sentmsg4(struct site *st);
-static bool_t enter_state_sentmsg5(struct site *st);
+static bool_t enter_new_state(struct site *st,uint32_t next);
 static void enter_state_wait(struct site *st);
 
 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
 #define CHECK_TYPE(b,t) do { uint32_t type; \
     CHECK_AVAIL((b),4); \
-    type=*(uint32_t *)buf_unprepend((b),4); \
+    type=buf_unprepend_uint32((b)); \
     if (type!=(t)) return False; } while(0)
 
 struct msg {
     uint8_t *hashstart;
     uint32_t dest;
     uint32_t source;
-    uint32_t remlen;
+    int32_t remlen;
     uint8_t *remote;
-    uint32_t loclen;
+    int32_t loclen;
     uint8_t *local;
     uint8_t *nR;
     uint8_t *nL;
-    uint32_t pklen;
-    uint8_t *pk;
-    uint32_t hashlen;
-    uint32_t siglen;
-    uint8_t *sig;
+    int32_t pklen;
+    char *pk;
+    int32_t hashlen;
+    int32_t siglen;
+    char *sig;
 };
 
-/* Build any of msg1 to msg4. msg5 and msg6 are built from the inside out
-   using a transform. */
-static bool_t generate_msg(struct site *st, uint32_t type, string_t what)
+/* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
+   out using a transform of config data supplied by netlink */
+static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
 {
     void *hst;
-    uint8_t *hash=alloca(st->hash->len);
+    uint8_t *hash;
     string_t dhpub, sig;
 
     st->retries=st->setup_retries;
     BUF_ALLOC(&st->buffer,what);
     buffer_init(&st->buffer,0);
-    *(uint32_t *)buf_append(&st->buffer,4)=
-       (type==LABEL_MSG1?0:st->setup_session_id);
-    *(uint32_t *)buf_append(&st->buffer,4)=(uint32_t)st;
-    *(uint32_t *)buf_append(&st->buffer,4)=type;
+    buf_append_uint32(&st->buffer,
+       (type==LABEL_MSG1?0:st->setup_session_id));
+    buf_append_uint32(&st->buffer,st->index);
+    buf_append_uint32(&st->buffer,type);
     buf_append_string(&st->buffer,st->localname);
     buf_append_string(&st->buffer,st->remotename);
     memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
     if (type==LABEL_MSG1) return True;
     memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
     if (type==LABEL_MSG2) return True;
+
+    if (hacky_par_mid_failnow()) return False;
+
     dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
     buf_append_string(&st->buffer,dhpub);
     free(dhpub);
+    hash=safe_malloc(st->hash->len, "generate_msg");
     hst=st->hash->init();
     st->hash->update(hst,st->buffer.start,st->buffer.size);
     st->hash->final(hst,hash);
     sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
     buf_append_string(&st->buffer,sig);
     free(sig);
+    free(hash);
     return True;
 }
 
@@ -244,16 +300,16 @@ static bool_t unpick_msg(struct site *st, uint32_t type,
 {
     m->hashstart=msg->start;
     CHECK_AVAIL(msg,4);
-    m->dest=*(uint32_t *)buf_unprepend(msg,4);
+    m->dest=buf_unprepend_uint32(msg);
     CHECK_AVAIL(msg,4);
-    m->source=*(uint32_t *)buf_unprepend(msg,4);
+    m->source=buf_unprepend_uint32(msg);
     CHECK_TYPE(msg,type);
     CHECK_AVAIL(msg,2);
-    m->remlen=ntohs(*(uint16_t *)buf_unprepend(msg,2));
+    m->remlen=buf_unprepend_uint16(msg);
     CHECK_AVAIL(msg,m->remlen);
     m->remote=buf_unprepend(msg,m->remlen);
     CHECK_AVAIL(msg,2);
-    m->loclen=ntohs(*(uint16_t *)buf_unprepend(msg,2));
+    m->loclen=buf_unprepend_uint16(msg);
     CHECK_AVAIL(msg,m->loclen);
     m->local=buf_unprepend(msg,m->loclen);
     CHECK_AVAIL(msg,NONCELEN);
@@ -269,18 +325,48 @@ static bool_t unpick_msg(struct site *st, uint32_t type,
        return True;
     }
     CHECK_AVAIL(msg,2);
-    m->pklen=ntohs(*(uint16_t *)buf_unprepend(msg,2));
+    m->pklen=buf_unprepend_uint16(msg);
     CHECK_AVAIL(msg,m->pklen);
     m->pk=buf_unprepend(msg,m->pklen);
     m->hashlen=msg->start-m->hashstart;
     CHECK_AVAIL(msg,2);
-    m->siglen=ntohs(*(uint16_t *)buf_unprepend(msg,2));
+    m->siglen=buf_unprepend_uint16(msg);
     CHECK_AVAIL(msg,m->siglen);
     m->sig=buf_unprepend(msg,m->siglen);
     CHECK_EMPTY(msg);
     return True;
 }
 
+static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
+                       cstring_t *error)
+{
+    if (type==LABEL_MSG1) return True;
+
+    /* Check that the site names and our nonce have been sent
+       back correctly, and then store our peer's nonce. */ 
+    if (memcmp(m->remote,st->remotename,strlen(st->remotename)!=0)) {
+       *error="wrong remote site name";
+       return False;
+    }
+    if (memcmp(m->local,st->localname,strlen(st->localname)!=0)) {
+       *error="wrong local site name";
+       return False;
+    }
+    if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
+       *error="wrong locally-generated nonce";
+       return False;
+    }
+    if (type==LABEL_MSG2) return True;
+    if (memcmp(m->nR,st->remoteN,NONCELEN)!=0) {
+       *error="wrong remotely-generated nonce";
+       return False;
+    }
+    if (type==LABEL_MSG3) return True;
+    if (type==LABEL_MSG4) return True;
+    *error="unknown message type";
+    return False;
+}
+
 static bool_t generate_msg1(struct site *st)
 {
     st->random->generate(st->random->st,NONCELEN,st->localN);
@@ -298,9 +384,7 @@ static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
 
     if (!unpick_msg(st,LABEL_MSG1,msg1,&m)) return False;
 
-    /* XXX save src as our peer address here? */
     st->setup_peer=*src;
-
     st->setup_session_id=m.source;
     memcpy(st->remoteN,m.nR,NONCELEN);
     return True;
@@ -316,21 +400,11 @@ static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
                           struct sockaddr_in *src)
 {
     struct msg m;
+    cstring_t err;
 
     if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
-
-    /* Check that the site names and our nonce have been sent
-       back correctly, and then store our peer's nonce. */ 
-    if (memcmp(m.remote,st->remotename,strlen(st->remotename)!=0)) {
-       slog(st,LOG_SECURITY,"msg2: bad B (remote site name)");
-       return False;
-    }
-    if (memcmp(m.local,st->localname,strlen(st->localname)!=0)) {
-       slog(st,LOG_SECURITY,"msg2: bad A (local site name)");
-       return False;
-    }
-    if (memcmp(m.nL,st->localN,NONCELEN)!=0) {
-       slog(st,LOG_SECURITY,"msg2: bad nA (locally generated nonce)");
+    if (!check_msg(st,LABEL_MSG2,&m,&err)) {
+       slog(st,LOG_SEC,"msg2: %s",err);
        return False;
     }
     st->setup_session_id=m.source;
@@ -350,40 +424,29 @@ static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
                           struct sockaddr_in *src)
 {
     struct msg m;
-    uint8_t *hash=alloca(st->hash->len);
+    uint8_t *hash;
     void *hst;
+    cstring_t err;
 
     if (!unpick_msg(st,LABEL_MSG3,msg3,&m)) return False;
-
-    /* Check that the site names and nonces have been sent back
-       correctly */
-    if (memcmp(m.remote,st->remotename,strlen(st->remotename)!=0)) {
-       slog(st,LOG_SECURITY,"msg3: bad A (remote site name)");
+    if (!check_msg(st,LABEL_MSG3,&m,&err)) {
+       slog(st,LOG_SEC,"msg3: %s",err);
        return False;
     }
-    if (memcmp(m.local,st->localname,strlen(st->localname)!=0)) {
-       slog(st,LOG_SECURITY,"msg3: bad B (local site name)");
-       return False;
-    }
-    if (memcmp(m.nR,st->remoteN,NONCELEN)!=0) {
-       slog(st,LOG_SECURITY,"msg3: bad nA (remotely generated nonce)");
-       return False;
-    }
-    if (memcmp(m.nL,st->localN,NONCELEN)!=0) {
-       slog(st,LOG_SECURITY,"msg3: bad nB (locally generated nonce)");
-       return False;
-    }
-    
+
     /* Check signature and store g^x mod m */
+    hash=safe_malloc(st->hash->len, "process_msg3");
     hst=st->hash->init();
     st->hash->update(hst,m.hashstart,m.hashlen);
     st->hash->final(hst,hash);
     /* Terminate signature with a '0' - cheating, but should be ok */
     m.sig[m.siglen]=0;
     if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
-       slog(st,LOG_SECURITY,"msg3 signature failed check!");
+       slog(st,LOG_SEC,"msg3 signature failed check!");
+       free(hash);
        return False;
     }
+    free(hash);
 
     /* Terminate their DH public key with a '0' */
     m.pk[m.pklen]=0;
@@ -412,40 +475,29 @@ static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
                           struct sockaddr_in *src)
 {
     struct msg m;
-    uint8_t *hash=alloca(st->hash->len);
+    uint8_t *hash;
     void *hst;
+    cstring_t err;
 
     if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
-
-    /* Check that the site names and nonces have been sent back
-       correctly */
-    if (memcmp(m.remote,st->remotename,strlen(st->remotename)!=0)) {
-       slog(st,LOG_SECURITY,"msg4: bad B (remote site name)");
-       return False;
-    }
-    if (memcmp(m.local,st->localname,strlen(st->localname)!=0)) {
-       slog(st,LOG_SECURITY,"msg4: bad A (local site name)");
-       return False;
-    }
-    if (memcmp(m.nR,st->remoteN,NONCELEN)!=0) {
-       slog(st,LOG_SECURITY,"msg4: bad nB (remotely generated nonce)");
-       return False;
-    }
-    if (memcmp(m.nL,st->localN,NONCELEN)!=0) {
-       slog(st,LOG_SECURITY,"msg4: bad nA (locally generated nonce)");
+    if (!check_msg(st,LABEL_MSG4,&m,&err)) {
+       slog(st,LOG_SEC,"msg4: %s",err);
        return False;
     }
     
     /* Check signature and store g^x mod m */
+    hash=safe_malloc(st->hash->len, "process_msg4");
     hst=st->hash->init();
     st->hash->update(hst,m.hashstart,m.hashlen);
     st->hash->final(hst,hash);
     /* Terminate signature with a '0' - cheating, but should be ok */
     m.sig[m.siglen]=0;
     if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
-       slog(st,LOG_SECURITY,"msg4 signature failed check!");
+       slog(st,LOG_SEC,"msg4 signature failed check!");
+       free(hash);
        return False;
     }
+    free(hash);
 
     /* Terminate their DH public key with a '0' */
     m.pk[m.pklen]=0;
@@ -459,24 +511,6 @@ static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
     return True;
 }
 
-static bool_t generate_msg5(struct site *st)
-{
-    string_t transform_err;
-
-    BUF_ALLOC(&st->buffer,"site:MSG5");
-    /* We are going to add three words to the transformed message */
-    buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
-    *(uint32_t *)buf_append(&st->buffer,4)=LABEL_MSG5;
-    st->new_transform->forwards(st->new_transform->st,&st->buffer,
-                               &transform_err);
-    *(uint32_t *)buf_prepend(&st->buffer,4)=LABEL_MSG5;
-    *(uint32_t *)buf_prepend(&st->buffer,4)=(uint32_t)st;
-    *(uint32_t *)buf_prepend(&st->buffer,4)=st->setup_session_id;
-
-    st->retries=st->setup_retries;
-    return True;
-}
-
 struct msg0 {
     uint32_t dest;
     uint32_t source;
@@ -487,33 +521,58 @@ static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
                          struct msg0 *m)
 {
     CHECK_AVAIL(msg0,4);
-    m->dest=*(uint32_t *)buf_unprepend(msg0,4);
+    m->dest=buf_unprepend_uint32(msg0);
     CHECK_AVAIL(msg0,4);
-    m->source=*(uint32_t *)buf_unprepend(msg0,4);
+    m->source=buf_unprepend_uint32(msg0);
     CHECK_AVAIL(msg0,4);
-    m->type=*(uint32_t *)buf_unprepend(msg0,4);
+    m->type=buf_unprepend_uint32(msg0);
     return True;
     /* Leaves transformed part of buffer untouched */
 }
 
+static bool_t generate_msg5(struct site *st)
+{
+    cstring_t transform_err;
+
+    BUF_ALLOC(&st->buffer,"site:MSG5");
+    /* We are going to add four words to the message */
+    buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
+    /* Give the netlink code an opportunity to put its own stuff in the
+       message (configuration information, etc.) */
+    st->netlink->output_config(st->netlink->st,&st->buffer);
+    buf_prepend_uint32(&st->buffer,LABEL_MSG5);
+    st->new_transform->forwards(st->new_transform->st,&st->buffer,
+                               &transform_err);
+    buf_prepend_uint32(&st->buffer,LABEL_MSG5);
+    buf_prepend_uint32(&st->buffer,st->index);
+    buf_prepend_uint32(&st->buffer,st->setup_session_id);
+
+    st->retries=st->setup_retries;
+    return True;
+}
+
 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
                           struct sockaddr_in *src)
 {
     struct msg0 m;
-    string_t transform_err;
+    cstring_t transform_err;
 
     if (!unpick_msg0(st,msg5,&m)) return False;
 
     if (st->new_transform->reverse(st->new_transform->st,
                                   msg5,&transform_err)) {
        /* There's a problem */
-       slog(st,LOG_SECURITY,"process_msg5: transform: %s",transform_err);
+       slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
        return False;
     }
     /* Buffer should now contain untransformed PING packet data */
     CHECK_AVAIL(msg5,4);
-    if ((*(uint32_t *)buf_unprepend(msg5,4))!=LABEL_MSG5) {
-       slog(st,LOG_SECURITY,"MSG5/PING packet contained invalid data");
+    if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
+       slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
+       return False;
+    }
+    if (!st->netlink->check_config(st->netlink->st,msg5)) {
+       slog(st,LOG_SEC,"MSG5/PING packet contained bad netlink config");
        return False;
     }
     CHECK_EMPTY(msg5);
@@ -522,19 +581,22 @@ static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
 
 static bool_t generate_msg6(struct site *st)
 {
-    string_t transform_err;
+    cstring_t transform_err;
 
     BUF_ALLOC(&st->buffer,"site:MSG6");
-    /* We are going to add three words to the transformed message */
-    buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
-    *(uint32_t *)buf_append(&st->buffer,4)=LABEL_MSG6;
+    /* We are going to add four words to the message */
+    buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
+    /* Give the netlink code an opportunity to put its own stuff in the
+       message (configuration information, etc.) */
+    st->netlink->output_config(st->netlink->st,&st->buffer);
+    buf_prepend_uint32(&st->buffer,LABEL_MSG6);
     st->new_transform->forwards(st->new_transform->st,&st->buffer,
                                &transform_err);
-    *(uint32_t *)buf_prepend(&st->buffer,4)=LABEL_MSG6;
-    *(uint32_t *)buf_prepend(&st->buffer,4)=(uint32_t)st;
-    *(uint32_t *)buf_prepend(&st->buffer,4)=st->setup_session_id;
+    buf_prepend_uint32(&st->buffer,LABEL_MSG6);
+    buf_prepend_uint32(&st->buffer,st->index);
+    buf_prepend_uint32(&st->buffer,st->setup_session_id);
 
-    st->retries=1; /* Peer will retransmit MSG5 if necessary */
+    st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
     return True;
 }
 
@@ -542,20 +604,24 @@ static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
                           struct sockaddr_in *src)
 {
     struct msg0 m;
-    string_t transform_err;
+    cstring_t transform_err;
 
     if (!unpick_msg0(st,msg6,&m)) return False;
 
     if (st->new_transform->reverse(st->new_transform->st,
                                   msg6,&transform_err)) {
        /* There's a problem */
-       slog(st,LOG_SECURITY,"process_msg6: transform: %s",transform_err);
+       slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
        return False;
     }
     /* Buffer should now contain untransformed PING packet data */
     CHECK_AVAIL(msg6,4);
-    if ((*(uint32_t *)buf_unprepend(msg6,4))!=LABEL_MSG6) {
-       slog(st,LOG_SECURITY,"MSG6/PONG packet contained invalid data");
+    if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
+       slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
+       return False;
+    }
+    if (!st->netlink->check_config(st->netlink->st,msg6)) {
+       slog(st,LOG_SEC,"MSG6/PONG packet contained bad netlink config");
        return False;
     }
     CHECK_EMPTY(msg6);
@@ -566,17 +632,12 @@ static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
                           struct sockaddr_in *src)
 {
     struct msg0 m;
-    string_t transform_err;
+    cstring_t transform_err;
     uint32_t type;
 
     if (!st->current_valid) {
        slog(st,LOG_DROP,"incoming message but no current key -> dropping");
-       if (st->state==SITE_RUN) {
-           slog(st,LOG_SETUP_INIT|LOG_STATE,
-                "now initiating setup of new key");
-           return enter_state_resolve(st);
-       }
-       return False;
+       return initiate_key_setup(st,"incoming message but no current key");
     }
 
     if (!unpick_msg0(st,msg0,&m)) return False;
@@ -584,19 +645,25 @@ static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
     if (st->current_transform->reverse(st->current_transform->st,
                                       msg0,&transform_err)) {
        /* There's a problem */
-       slog(st,LOG_SECURITY,"transform: %s",transform_err);
-       return False;
+       slog(st,LOG_SEC,"transform: %s",transform_err);
+       return initiate_key_setup(st,"incoming message would not decrypt");
     }
     CHECK_AVAIL(msg0,4);
-    type=*(uint32_t *)buf_unprepend(msg0,4);
+    type=buf_unprepend_uint32(msg0);
     switch(type) {
+    case LABEL_MSG7:
+       /* We must forget about the current session. */
+       delete_key(st,"request from peer",LOG_SEC);
+       return True;
+       break;
     case LABEL_MSG9:
        /* Deliver to netlink layer */
-       st->netlink->deliver(st->netlink->st,st->netlink_cid,msg0);
+       st->netlink->deliver(st->netlink->st,msg0);
        return True;
        break;
     default:
-       slog(st,LOG_SECURITY,"incoming message of type %08x (unknown)",type);
+       slog(st,LOG_SEC,"incoming encrypted message of type %08x "
+            "(unknown)",type);
        break;
     }
     return False;
@@ -605,14 +672,14 @@ static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
 static void dump_packet(struct site *st, struct buffer_if *buf,
                        struct sockaddr_in *addr, bool_t incoming)
 {
-    uint32_t dest=*(uint32_t *)buf->start;
-    uint32_t source=*(uint32_t *)(buf->start+4);
-    uint32_t msgtype=*(uint32_t *)(buf->start+8);
+    uint32_t dest=ntohl(*(uint32_t *)buf->start);
+    uint32_t source=ntohl(*(uint32_t *)(buf->start+4));
+    uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8));
 
     if (st->log_events & LOG_DUMP)
-       log(st->log,0,"(%s,%s): %s: %08x<-%08x: %08x:",
-           st->localname,st->remotename,incoming?"incoming":"outgoing",
-           dest,source,msgtype);
+       slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
+              st->tunname,incoming?"incoming":"outgoing",
+              dest,source,msgtype);
 }
 
 static uint32_t site_status(void *st)
@@ -629,7 +696,8 @@ static bool_t send_msg(struct site *st)
        st->retries--;
        return True;
     } else {
-       slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet");
+       slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet "
+           "(in state %s)",state_name(st->state));
        enter_state_wait(st);
        return False;
     }
@@ -648,7 +716,7 @@ static void site_resolve_callback(void *sst, struct in_addr *address)
        st->setup_peer.sin_family=AF_INET;
        st->setup_peer.sin_port=htons(st->remoteport);
        st->setup_peer.sin_addr=*address;
-       enter_state_sentmsg1(st);
+       enter_new_state(st,SITE_SENTMSG1);
     } else {
        /* Resolution failed */
        slog(st,LOG_ERROR,"resolution of %s failed",st->address);
@@ -656,51 +724,101 @@ static void site_resolve_callback(void *sst, struct in_addr *address)
     }
 }
 
+static bool_t initiate_key_setup(struct site *st, cstring_t reason)
+{
+    if (st->state!=SITE_RUN) return False;
+    slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
+    if (st->address) {
+       slog(st,LOG_SETUP_INIT,"resolving peer address");
+       return enter_state_resolve(st);
+    } else if (st->peer_valid) {
+       slog(st,LOG_SETUP_INIT,"using old peer address");
+       st->setup_peer=st->peer;
+       return enter_new_state(st,SITE_SENTMSG1);
+    }
+    slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
+    return False;
+}
+
 static void activate_new_key(struct site *st)
 {
     struct transform_inst_if *t;
 
+    /* We have two transform instances, which we swap between active
+       and setup */
     t=st->current_transform;
     st->current_transform=st->new_transform;
     st->new_transform=t;
 
     t->delkey(t->st);
-    st->state=SITE_RUN;
     st->timeout=0;
     st->current_valid=True;
     st->current_key_timeout=st->now+st->key_lifetime;
+    st->renegotiate_key_time=st->now+st->key_renegotiate_time;
     st->peer=st->setup_peer;
     st->peer_valid=True;
     st->remote_session_id=st->setup_session_id;
 
     slog(st,LOG_ACTIVATE_KEY,"new key activated");
+    enter_state_run(st);
+}
+
+static void delete_key(struct site *st, cstring_t reason, uint32_t loglevel)
+{
+    if (st->current_valid) {
+       slog(st,loglevel,"session closed (%s)",reason);
+
+       st->current_valid=False;
+       st->current_transform->delkey(st->current_transform->st);
+       st->current_key_timeout=0;
+       set_link_quality(st);
+    }
 }
 
 static void state_assert(struct site *st, bool_t ok)
 {
-    if (!ok) fatal("state_assert\n");
+    if (!ok) fatal("site:state_assert");
 }
 
 static void enter_state_stop(struct site *st)
 {
     st->state=SITE_STOP;
     st->timeout=0;
-    st->current_transform->delkey(st->current_transform->st);
-    st->current_valid=False;
-    st->current_key_timeout=0;
-    
-    st->peer_valid=False;
-    
+    delete_key(st,"entering state STOP",LOG_TIMEOUT_KEY);
     st->new_transform->delkey(st->new_transform->st);
 }
 
+static void set_link_quality(struct site *st)
+{
+    uint32_t quality;
+    if (st->current_valid)
+       quality=LINK_QUALITY_UP;
+    else if (st->state==SITE_WAIT || st->state==SITE_STOP)
+       quality=LINK_QUALITY_DOWN;
+    else if (st->address)
+       quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
+    else if (st->peer_valid)
+       quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
+    else
+       quality=LINK_QUALITY_DOWN;
+
+    st->netlink->set_quality(st->netlink->st,quality);
+}
+
 static void enter_state_run(struct site *st)
 {
     slog(st,LOG_STATE,"entering state RUN");
     st->state=SITE_RUN;
     st->timeout=0;
-    st->netlink->set_delivery(st->netlink->st,st->netlink_cid,True);
-    /* XXX get rid of key setup data */
+
+    st->setup_session_id=0;
+    memset(&st->setup_peer,0,sizeof(st->setup_peer));
+    memset(st->localN,0,NONCELEN);
+    memset(st->remoteN,0,NONCELEN);
+    st->new_transform->delkey(st->new_transform->st);
+    memset(st->dhsecret,0,st->dh->len);
+    memset(st->sharedsecret,0,st->transform->keylen);
+    set_link_quality(st);
 }
 
 static bool_t enter_state_resolve(struct site *st)
@@ -713,97 +831,92 @@ static bool_t enter_state_resolve(struct site *st)
     return True;
 }
 
-static bool_t enter_state_sentmsg1(struct site *st)
+static bool_t enter_new_state(struct site *st, uint32_t next)
 {
-    state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
-    slog(st,LOG_STATE,"entering state SENTMSG1");
-    if (generate_msg1(st) && send_msg(st)) {
-       st->state=SITE_SENTMSG1;
-       return True;
+    bool_t (*gen)(struct site *st);
+    int r;
+
+    slog(st,LOG_STATE,"entering state %s",state_name(next));
+    switch(next) {
+    case SITE_SENTMSG1:
+       state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
+       gen=generate_msg1;
+       break;
+    case SITE_SENTMSG2:
+       state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
+                    st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
+       gen=generate_msg2;
+       break;
+    case SITE_SENTMSG3:
+       state_assert(st,st->state==SITE_SENTMSG1);
+       BUF_FREE(&st->buffer);
+       gen=generate_msg3;
+       break;
+    case SITE_SENTMSG4:
+       state_assert(st,st->state==SITE_SENTMSG2);
+       BUF_FREE(&st->buffer);
+       gen=generate_msg4;
+       break;
+    case SITE_SENTMSG5:
+       state_assert(st,st->state==SITE_SENTMSG3);
+       BUF_FREE(&st->buffer);
+       gen=generate_msg5;
+       break;
+    case SITE_RUN:
+       state_assert(st,st->state==SITE_SENTMSG4);
+       BUF_FREE(&st->buffer);
+       gen=generate_msg6;
+       break;
+    default:
+       gen=NULL;
+       fatal("enter_new_state(%s): invalid new state",state_name(next));
+       break;
     }
-    slog(st,LOG_ERROR,"error entering state SENTMSG1");
-    st->buffer.free=False; /* Can't tell which it was, but enter_state_wait()
-                             will do a BUF_FREE() */
-    enter_state_wait(st);
-    return False;
-}
 
-static bool_t enter_state_sentmsg2(struct site *st)
-{
-    state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
-                st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
-    slog(st,LOG_STATE,"entering state SENTMSG2");
-    if (generate_msg2(st) && send_msg(st)) {
-       st->state=SITE_SENTMSG2;
-       return True;
-    }
-    slog(st,LOG_ERROR,"error entering state SENTMSG2");
-    st->buffer.free=False;
-    enter_state_wait(st);
-    return False;
-}
+    if (hacky_par_start_failnow()) return False;
 
-static bool_t enter_state_sentmsg3(struct site *st)
-{
-    state_assert(st,st->state==SITE_SENTMSG1);
-    slog(st,LOG_STATE,"entering state SENTMSG3");
-    BUF_FREE(&st->buffer); /* Free message 1 */
-    if (generate_msg3(st) && send_msg(st)) {
-       st->state=SITE_SENTMSG3;
-       return True;
-    }
-    slog(st,LOG_ERROR,"error entering state SENTMSG3");
-    st->buffer.free=False;
-    enter_state_wait(st);
-    return False;
-}
+    r= gen(st) && send_msg(st);
 
-static bool_t enter_state_sentmsg4(struct site *st)
-{
-    state_assert(st,st->state==SITE_SENTMSG2);
-    slog(st,LOG_STATE,"entering state SENTMSG4");
-    BUF_FREE(&st->buffer); /* Free message 2 */
-    if (generate_msg4(st) && send_msg(st)) {
-       st->state=SITE_SENTMSG4;
+    hacky_par_end(&r,
+                 st->setup_retries, st->setup_timeout,
+                 send_msg, st);
+    
+    if (r) {
+       st->state=next;
+       if (next==SITE_RUN) {
+           BUF_FREE(&st->buffer); /* Never reused */
+           st->timeout=0; /* Never retransmit */
+           activate_new_key(st);
+       }
        return True;
     }
-    slog(st,LOG_ERROR,"error entering state SENTMSG4");
-    st->buffer.free=False;
+    slog(st,LOG_ERROR,"error entering state %s",state_name(next));
+    st->buffer.free=False; /* Unconditionally use the buffer; it may be
+                             in either state, and enter_state_wait() will
+                             do a BUF_FREE() */
     enter_state_wait(st);
     return False;
 }
 
-static bool_t enter_state_sentmsg5(struct site *st)
+/* msg7 tells our peer that we're about to forget our key */
+static bool_t send_msg7(struct site *st, cstring_t reason)
 {
-    state_assert(st,st->state==SITE_SENTMSG3);
-    slog(st,LOG_STATE,"entering state SENTMSG5");
-    BUF_FREE(&st->buffer); /* Free message 3 */
-
-    if (generate_msg5(st) && send_msg(st)) {
-       st->state=SITE_SENTMSG5;
-       return True;
-    }
-    slog(st,LOG_ERROR,"error entering state SENTMSG5");
-    st->buffer.free=False;
-    enter_state_wait(st);
-    
-    return False;
-}
+    cstring_t transform_err;
 
-static bool_t send_msg6(struct site *st)
-{
-    state_assert(st,st->state==SITE_SENTMSG4);
-    slog(st,LOG_STATE,"entering state RUN after sending msg6");
-    BUF_FREE(&st->buffer); /* Free message 4 */
-    if (generate_msg6(st) && send_msg(st)) {
-       BUF_FREE(&st->buffer); /* Never reused */
-       st->timeout=0; /* Never retransmit */
-       activate_new_key(st);
+    if (st->current_valid && st->peer_valid && st->buffer.free) {
+       BUF_ALLOC(&st->buffer,"site:MSG7");
+       buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
+       buf_append_uint32(&st->buffer,LABEL_MSG7);
+       buf_append_string(&st->buffer,reason);
+       st->current_transform->forwards(st->current_transform->st,
+                                       &st->buffer, &transform_err);
+       buf_prepend_uint32(&st->buffer,LABEL_MSG0);
+       buf_prepend_uint32(&st->buffer,st->index);
+       buf_prepend_uint32(&st->buffer,st->remote_session_id);
+       st->comm->sendmsg(st->comm->st,&st->buffer,&st->peer);
+       BUF_FREE(&st->buffer);
        return True;
     }
-    slog(st,LOG_ERROR,"error entering state RUN after sending msg6");
-    st->buffer.free=False;
-    enter_state_wait(st);
     return False;
 }
 
@@ -816,14 +929,24 @@ static void enter_state_wait(struct site *st)
     st->timeout=st->now+st->wait_timeout;
     st->state=SITE_WAIT;
     st->peer_valid=False;
-    st->netlink->set_delivery(st->netlink->st,st->netlink_cid,False);
+    set_link_quality(st);
     BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
     /* XXX Erase keys etc. */
 }
 
+static inline void site_settimeout(uint64_t timeout, int *timeout_io)
+{
+    if (timeout) {
+       int64_t offset=timeout-*now;
+       if (offset<0) offset=0;
+       if (offset>INT_MAX) offset=INT_MAX;
+       if (*timeout_io<0 || offset<*timeout_io)
+           *timeout_io=offset;
+    }
+}
+
 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
-                          int *timeout_io, const struct timeval *tv_now,
-                          uint64_t *now)
+                          int *timeout_io)
 {
     struct site *st=sst;
 
@@ -833,29 +956,24 @@ static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
     /* Work out when our next timeout is. The earlier of 'timeout' or
        'current_key_timeout'. A stored value of '0' indicates no timeout
        active. */
-    if (st->timeout && st->timeout-*now < *timeout_io) {
-       *timeout_io=st->timeout-*now;
-    }
-
-    if (st->current_key_timeout && st->current_key_timeout-*now < *timeout_io)
-       *timeout_io=st->current_key_timeout-*now;
+    site_settimeout(st->timeout, timeout_io);
+    site_settimeout(st->current_key_timeout, timeout_io);
 
     return 0; /* success */
 }
 
 /* NB site_afterpoll will be called before site_beforepoll is ever called */
-static void site_afterpoll(void *sst, struct pollfd *fds, int nfds,
-                          const struct timeval *tv_now, uint64_t *now)
+static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
 {
     struct site *st=sst;
 
     st->now=*now;
     if (st->timeout && *now>st->timeout) {
-       /* Do stuff */
        st->timeout=0;
-       if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5)
-           send_msg(st);
-       else if (st->state==SITE_WAIT) {
+       if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
+           if (!hacky_par_start_failnow())
+               send_msg(st);
+       } else if (st->state==SITE_WAIT) {
            enter_state_run(st);
        } else {
            slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
@@ -863,20 +981,17 @@ static void site_afterpoll(void *sst, struct pollfd *fds, int nfds,
        }
     }
     if (st->current_key_timeout && *now>st->current_key_timeout) {
-       slog(st,LOG_TIMEOUT_KEY,"maximum key life exceeded; session closed");
-       st->current_valid=False;
-       st->current_transform->delkey(st->current_transform->st);
-       st->current_key_timeout=0;
+       delete_key(st,"maximum key life exceeded",LOG_TIMEOUT_KEY);
     }
 }
 
 /* This function is called by the netlink device to deliver packets
    intended for the remote network. The packet is in "raw" wire
    format, but is guaranteed to be word-aligned. */
-static void site_outgoing(void *sst, void *cid, struct buffer_if *buf)
+static void site_outgoing(void *sst, struct buffer_if *buf)
 {
     struct site *st=sst;
-    string_t transform_err;
+    cstring_t transform_err;
     
     if (st->state==SITE_STOP) {
        BUF_FREE(buf);
@@ -887,29 +1002,25 @@ static void site_outgoing(void *sst, void *cid, struct buffer_if *buf)
        a valid key and a valid address to send it to. */
     if (st->current_valid && st->peer_valid) {
        /* Transform it and send it */
-       *(uint32_t *)buf_prepend(buf,4)=LABEL_MSG9;
-       st->current_transform->forwards(st->current_transform->st,
-                                       buf, &transform_err);
-       *(uint32_t *)buf_prepend(buf,4)=LABEL_MSG0;
-       *(uint32_t *)buf_prepend(buf,4)=(uint32_t)st;
-       *(uint32_t *)buf_prepend(buf,4)=st->remote_session_id;
-       st->comm->sendmsg(st->comm->st,buf,&st->peer);
+       if (buf->size>0) {
+           buf_prepend_uint32(buf,LABEL_MSG9);
+           st->current_transform->forwards(st->current_transform->st,
+                                           buf, &transform_err);
+           buf_prepend_uint32(buf,LABEL_MSG0);
+           buf_prepend_uint32(buf,st->index);
+           buf_prepend_uint32(buf,st->remote_session_id);
+           st->comm->sendmsg(st->comm->st,buf,&st->peer);
+       }
        BUF_FREE(buf);
+       /* See whether we should start negotiating a new key */
+       if (st->now > st->renegotiate_key_time)
+           initiate_key_setup(st,"outgoing packet in renegotiation window");
        return;
     }
 
-    if (st->state==SITE_RUN) {
-       BUF_FREE(buf); /* We throw the outgoing packet away */
-       slog(st,LOG_SETUP_INIT,"initiating key exchange");
-       enter_state_resolve(st);
-       return;
-    }
-
-    /* Otherwise we're in the middle of key setup or a wait - just
-       throw the outgoing packet away */
-    slog(st,LOG_DROP,"discarding outgoing packet");
+    slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
     BUF_FREE(buf);
-    return;
+    initiate_key_setup(st,"outgoing packet");
 }
 
 /* This function is called by the communication device to deliver
@@ -918,28 +1029,27 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf,
                            struct sockaddr_in *source)
 {
     struct site *st=sst;
-    uint32_t dest=*(uint32_t *)buf->start;
+    uint32_t dest=ntohl(*(uint32_t *)buf->start);
 
     if (dest==0) {
-       if (buf->size<(st->setupsiglen+8+NONCELEN)) return False;
        /* It could be for any site - it should have LABEL_MSG1 and
           might have our name and our peer's name in it */
+       if (buf->size<(st->setupsiglen+8+NONCELEN)) return False;
        if (memcmp(buf->start+8,st->setupsig,st->setupsiglen)==0) {
-           dump_packet(st,buf,source,True);
            /* It's addressed to us. Decide what to do about it. */
+           dump_packet(st,buf,source,True);
            if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
                st->state==SITE_WAIT) {
                /* We should definitely process it */
                if (process_msg1(st,buf,source)) {
                    slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
-                   enter_state_sentmsg2(st);
+                   enter_new_state(st,SITE_SENTMSG2);
                } else {
                    slog(st,LOG_ERROR,"failed to process incoming msg1");
                }
                BUF_FREE(buf);
                return True;
-           }
-           if (st->state==SITE_SENTMSG1) {
+           } else if (st->state==SITE_SENTMSG1) {
                /* We've just sent a message 1! They may have crossed on
                   the wire. If we have priority then we ignore the
                   incoming one, otherwise we process it as usual. */
@@ -953,7 +1063,7 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf,
                         "priority => use incoming msg1");
                    if (process_msg1(st,buf,source)) {
                        BUF_FREE(&st->buffer); /* Free our old message 1 */
-                       enter_state_sentmsg2(st);
+                       enter_new_state(st,SITE_SENTMSG2);
                    } else {
                        slog(st,LOG_ERROR,"failed to process an incoming "
                             "crossed msg1 (we have low priority)");
@@ -970,27 +1080,36 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf,
        }
        return False; /* Not for us. */
     }
-    if (dest==(uint32_t)st) {
-       uint32_t msgtype=*(uint32_t *)(buf->start+8);
+    if (dest==st->index) {
        /* Explicitly addressed to us */
+       uint32_t msgtype=ntohl(get_uint32(buf->start+8));
        if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
        switch (msgtype) {
+       case 0: /* NAK */
+           /* If the source is our current peer then initiate a key setup,
+              because our peer's forgotten the key */
+           if (get_uint32(buf->start+4)==st->remote_session_id) {
+               initiate_key_setup(st,"received a NAK");
+           } else {
+               slog(st,LOG_SEC,"bad incoming NAK");
+           }
+           break;
        case LABEL_MSG0:
            process_msg0(st,buf,source);
            break;
        case LABEL_MSG1:
            /* Setup packet: should not have been explicitly addressed
               to us */
-           slog(st,LOG_SECURITY,"incoming explicitly addressed msg1");
+           slog(st,LOG_SEC,"incoming explicitly addressed msg1");
            break;
        case LABEL_MSG2:
            /* Setup packet: expected only in state SENTMSG1 */
            if (st->state!=SITE_SENTMSG1) {
                slog(st,LOG_UNEXPECTED,"unexpected MSG2");
            } else if (process_msg2(st,buf,source))
-               enter_state_sentmsg3(st);
+               enter_new_state(st,SITE_SENTMSG3);
            else {
-               slog(st,LOG_SECURITY,"invalid MSG2");
+               slog(st,LOG_SEC,"invalid MSG2");
            }
            break;
        case LABEL_MSG3:
@@ -998,9 +1117,9 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf,
            if (st->state!=SITE_SENTMSG2) {
                slog(st,LOG_UNEXPECTED,"unexpected MSG3");
            } else if (process_msg3(st,buf,source))
-               enter_state_sentmsg4(st);
+               enter_new_state(st,SITE_SENTMSG4);
            else {
-               slog(st,LOG_SECURITY,"invalid MSG3");
+               slog(st,LOG_SEC,"invalid MSG3");
            }
            break;
        case LABEL_MSG4:
@@ -1008,9 +1127,9 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf,
            if (st->state!=SITE_SENTMSG3) {
                slog(st,LOG_UNEXPECTED,"unexpected MSG4");
            } else if (process_msg4(st,buf,source))
-               enter_state_sentmsg5(st);
+               enter_new_state(st,SITE_SENTMSG5);
            else {
-               slog(st,LOG_SECURITY,"invalid MSG4");
+               slog(st,LOG_SEC,"invalid MSG4");
            }
            break;
        case LABEL_MSG5:
@@ -1019,13 +1138,13 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf,
               and the new key has already been activated. In that
               case we should treat it as an ordinary PING packet. We
               can't pass it to process_msg5() because the
-              new_transform will now be null. XXX) */
+              new_transform will now be unkeyed. XXX) */
            if (st->state!=SITE_SENTMSG4) {
                slog(st,LOG_UNEXPECTED,"unexpected MSG5");
            } else if (process_msg5(st,buf,source)) {
-               send_msg6(st);
+               enter_new_state(st,SITE_RUN);
            } else {
-               slog(st,LOG_SECURITY,"invalid MSG5");
+               slog(st,LOG_SEC,"invalid MSG5");
            }
            break;
        case LABEL_MSG6:
@@ -1036,15 +1155,11 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf,
                BUF_FREE(&st->buffer); /* Free message 5 */
                activate_new_key(st);
            } else {
-               slog(st,LOG_SECURITY,"invalid MSG6");
+               slog(st,LOG_SEC,"invalid MSG6");
            }
            break;
-       case LABEL_MSG8:
-           /* NAK packet: enter state where we ping and check for response */
-           slog(st,LOG_ERROR,"received a NAK");
-           break;
        default:
-           slog(st,LOG_SECURITY,"received message of unknown type 0x%08x",
+           slog(st,LOG_SEC,"received message of unknown type 0x%08x",
                 msgtype);
            break;
        }
@@ -1062,9 +1177,18 @@ static void site_control(void *vst, bool_t run)
     else enter_state_stop(st);
 }
 
+static void site_phase_hook(void *sst, uint32_t newphase)
+{
+    struct site *st=sst;
+
+    /* The program is shutting down; tell our peer */
+    send_msg7(st,"shutting down");
+}
+
 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
                          list_t *args)
 {
+    static uint32_t index_sequence;
     struct site *st;
     item_t *item;
     dict_t *dict;
@@ -1085,20 +1209,30 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
        cfgfatal(loc,"site","parameter must be a dictionary\n");
     
     dict=item->data.dict;
-    st->netlink=find_cl_if(dict,"netlink",CL_NETLINK,True,"site",loc);
+    st->localname=dict_read_string(dict, "local-name", True, "site", loc);
+    st->remotename=dict_read_string(dict, "name", True, "site", loc);
+    /* Sanity check (which also allows the 'sites' file to include
+       site() closures for all sites including our own): refuse to
+       talk to ourselves */
+    if (strcmp(st->localname,st->remotename)==0) {
+       Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
+               st->localname);
+       free(st);
+       return NULL;
+    }
+    assert(index_sequence < 0xffffffffUL);
+    st->index = ++index_sequence;
+    st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
     st->comm=find_cl_if(dict,"comm",CL_COMM,True,"site",loc);
     st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
     st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
     st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
 
-    st->localname=dict_read_string(dict, "local-name", True, "site", loc);
     st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
-    st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
-
-    st->remotename=dict_read_string(dict, "name", True, "site", loc);
     st->address=dict_read_string(dict, "address", False, "site", loc);
-    dict_read_subnet_list(dict, "networks", True, "site", loc,
-                         &st->remotenets);
+    if (st->address)
+       st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
+    else st->remoteport=0;
     st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
 
     st->transform=
@@ -1107,30 +1241,43 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
     st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
     st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
 
-    st->key_lifetime=dict_read_number(dict,"key-lifetime",
-                                     False,"site",loc,DEFAULT_KEY_LIFETIME);
-    st->setup_retries=dict_read_number(dict,"setup-retries",
-                                      False,"site",loc,DEFAULT_SETUP_RETRIES);
-    st->setup_timeout=dict_read_number(dict,"setup-timeout",
-                                      False,"site",loc,DEFAULT_SETUP_TIMEOUT);
-    st->wait_timeout=dict_read_number(dict,"wait-time",
-                                     False,"site",loc,DEFAULT_WAIT_TIME);
-    /* XXX should be configurable */
-    st->log_events=LOG_SECURITY|LOG_ERROR|
-       LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SETUP_INIT|LOG_SETUP_TIMEOUT;
+    st->key_lifetime=dict_read_number(
+       dict,"key-lifetime",False,"site",loc,DEFAULT_KEY_LIFETIME);
+    st->setup_retries=dict_read_number(
+       dict,"setup-retries",False,"site",loc,DEFAULT_SETUP_RETRIES);
+    st->setup_timeout=dict_read_number(
+       dict,"setup-timeout",False,"site",loc,DEFAULT_SETUP_TIMEOUT);
+    st->wait_timeout=dict_read_number(
+       dict,"wait-time",False,"site",loc,DEFAULT_WAIT_TIME);
+
+    if (st->key_lifetime < DEFAULT_KEY_RENEGOTIATE_GAP*2)
+       st->key_renegotiate_time=st->key_lifetime/2;
+    else
+       st->key_renegotiate_time=st->key_lifetime-DEFAULT_KEY_RENEGOTIATE_GAP;
+    st->key_renegotiate_time=dict_read_number(
+       dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
+    if (st->key_renegotiate_time > st->key_lifetime) {
+       cfgfatal(loc,"site",
+                "renegotiate-time must be less than key-lifetime\n");
+    }
+    st->keepalive=dict_read_bool(dict,"keepalive",False,"site",loc,False);
+
+    st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
+                                      log_event_table,"site");
 
     st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
                            "site_apply");
     sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
 
     /* The information we expect to see in incoming messages of type 1 */
+    /* fixme: lots of unchecked overflows here, but the results are only
+       corrupted packets rather than undefined behaviour */
     st->setupsiglen=strlen(st->remotename)+strlen(st->localname)+8;
     st->setupsig=safe_malloc(st->setupsiglen,"site_apply");
-    *(uint32_t *)&(st->setupsig[0])=LABEL_MSG1;
-    *(uint16_t *)&(st->setupsig[4])=htons(strlen(st->remotename));
+    put_uint32(st->setupsig+0,LABEL_MSG1);
+    put_uint16(st->setupsig+4,strlen(st->remotename));
     memcpy(&st->setupsig[6],st->remotename,strlen(st->remotename));
-    *(uint16_t *)&(st->setupsig[6+strlen(st->remotename)])=
-       htons(strlen(st->localname));
+    put_uint16(st->setupsig+(6+strlen(st->remotename)),strlen(st->localname));
     memcpy(&st->setupsig[8+strlen(st->remotename)],st->localname,
           strlen(st->localname));
     st->setup_priority=(strcmp(st->localname,st->remotename)>0);
@@ -1150,12 +1297,11 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
     st->sharedsecret=safe_malloc(st->transform->keylen,"site:sharedsecret");
 
     /* We need to register the remote networks with the netlink device */
-    st->netlink_cid=st->netlink->regnets(st->netlink->st, &st->remotenets,
-                                        site_outgoing, st,
-                                        st->transform->max_start_pad+(4*4),
-                                        st->transform->max_end_pad,
-                                        st->tunname);
-
+    st->netlink->reg(st->netlink->st, site_outgoing, st,
+                    st->transform->max_start_pad+(4*4)+
+                    st->comm->min_start_pad,
+                    st->transform->max_end_pad+st->comm->min_end_pad);
+    
     st->comm->request_notify(st->comm->st, st, site_incoming);
 
     st->current_transform=st->transform->create(st->transform->st);
@@ -1163,10 +1309,11 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
 
     enter_state_stop(st);
 
+    add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
+
     return new_closure(&st->cl);
 }
 
-init_module site_module;
 void site_module(dict_t *dict)
 {
     add_closure(dict,"site",site_apply);
Ian's personal secnet repo on chiark, for work-in-progress stuff etc.