- uint32_t setup_retries; /* How many times to send setup packets */
- uint32_t setup_timeout; /* Initial timeout for setup packets */
- uint32_t wait_timeout; /* How long to wait if setup unsuccessful */
- uint32_t key_lifetime; /* How long a key lasts once set up */
- uint32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
+ uint32_t index; /* Index of this site */
+ int32_t setup_retries; /* How many times to send setup packets */
+ int32_t setup_timeout; /* Initial timeout for setup packets */
+ int32_t wait_timeout; /* How long to wait if setup unsuccessful */
+ int32_t key_lifetime; /* How long a key lasts once set up */
+ int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
bool_t current_valid;
uint64_t current_key_timeout; /* End of life of current key */
uint64_t renegotiate_key_time; /* When we can negotiate a new key */
bool_t current_valid;
uint64_t current_key_timeout; /* End of life of current key */
uint64_t renegotiate_key_time; /* When we can negotiate a new key */
bool_t peer_valid; /* Peer address becomes invalid when key times out,
but only if we have a DNS name for our peer */
bool_t peer_valid; /* Peer address becomes invalid when key times out,
but only if we have a DNS name for our peer */
timeout before we can listen for another setup packet); perhaps
we should keep a list of 'bad' sources for setup packets. */
uint32_t setup_session_id;
timeout before we can listen for another setup packet); perhaps
we should keep a list of 'bad' sources for setup packets. */
uint32_t setup_session_id;
uint8_t localN[NONCELEN]; /* Nonces for key exchange */
uint8_t remoteN[NONCELEN];
struct buffer_if buffer; /* Current outgoing key exchange packet */
uint8_t localN[NONCELEN]; /* Nonces for key exchange */
uint8_t remoteN[NONCELEN];
struct buffer_if buffer; /* Current outgoing key exchange packet */
- vsnprintf(buf,240,msg,ap);
+ vsnprintf(buf,sizeof(buf),msg,ap);
st->log->log(st->log->st,class,"%s: %s",st->tunname,buf);
}
va_end(ap);
st->log->log(st->log->st,class,"%s: %s",st->tunname,buf);
}
va_end(ap);
buffer_init(&st->buffer,0);
buf_append_uint32(&st->buffer,
(type==LABEL_MSG1?0:st->setup_session_id));
buffer_init(&st->buffer,0);
buf_append_uint32(&st->buffer,
(type==LABEL_MSG1?0:st->setup_session_id));
buf_append_uint32(&st->buffer,type);
buf_append_string(&st->buffer,st->localname);
buf_append_string(&st->buffer,st->remotename);
buf_append_uint32(&st->buffer,type);
buf_append_string(&st->buffer,st->localname);
buf_append_string(&st->buffer,st->remotename);
st->new_transform->forwards(st->new_transform->st,&st->buffer,
&transform_err);
buf_prepend_uint32(&st->buffer,LABEL_MSG5);
st->new_transform->forwards(st->new_transform->st,&st->buffer,
&transform_err);
buf_prepend_uint32(&st->buffer,LABEL_MSG5);
buf_prepend_uint32(&st->buffer,st->setup_session_id);
st->retries=st->setup_retries;
buf_prepend_uint32(&st->buffer,st->setup_session_id);
st->retries=st->setup_retries;
st->new_transform->forwards(st->new_transform->st,&st->buffer,
&transform_err);
buf_prepend_uint32(&st->buffer,LABEL_MSG6);
st->new_transform->forwards(st->new_transform->st,&st->buffer,
&transform_err);
buf_prepend_uint32(&st->buffer,LABEL_MSG6);
buf_prepend_uint32(&st->buffer,st->setup_session_id);
st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
buf_prepend_uint32(&st->buffer,st->setup_session_id);
st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
/* We must forget about the current session. */
delete_key(st,"request from peer",LOG_SEC);
return True;
/* We must forget about the current session. */
delete_key(st,"request from peer",LOG_SEC);
return True;
case LABEL_MSG9:
/* Deliver to netlink layer */
st->netlink->deliver(st->netlink->st,msg0);
return True;
case LABEL_MSG9:
/* Deliver to netlink layer */
st->netlink->deliver(st->netlink->st,msg0);
return True;
- st->setup_peer.sin_family=AF_INET;
- st->setup_peer.sin_port=htons(st->remoteport);
- st->setup_peer.sin_addr=*address;
+ st->setup_peer.comm=st->comm;
+ st->setup_peer.sin.sin_family=AF_INET;
+ st->setup_peer.sin.sin_port=htons(st->remoteport);
+ st->setup_peer.sin.sin_addr=*address;
st->current_transform->forwards(st->current_transform->st,
&st->buffer, &transform_err);
buf_prepend_uint32(&st->buffer,LABEL_MSG0);
st->current_transform->forwards(st->current_transform->st,
&st->buffer, &transform_err);
buf_prepend_uint32(&st->buffer,LABEL_MSG0);
slog(st,LOG_STATE,"entering state WAIT");
st->timeout=st->now+st->wait_timeout;
st->state=SITE_WAIT;
slog(st,LOG_STATE,"entering state WAIT");
st->timeout=st->now+st->wait_timeout;
st->state=SITE_WAIT;
}
static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
}
static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
/* Work out when our next timeout is. The earlier of 'timeout' or
'current_key_timeout'. A stored value of '0' indicates no timeout
active. */
/* Work out when our next timeout is. The earlier of 'timeout' or
'current_key_timeout'. A stored value of '0' indicates no timeout
active. */
- site_settimeout(st->timeout, now, timeout_io);
- site_settimeout(st->current_key_timeout, now, timeout_io);
+ site_settimeout(st->timeout, timeout_io);
+ site_settimeout(st->current_key_timeout, timeout_io);
-static void site_afterpoll(void *sst, struct pollfd *fds, int nfds,
- const struct timeval *tv_now, uint64_t *now)
+static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
st->current_transform->forwards(st->current_transform->st,
buf, &transform_err);
buf_prepend_uint32(buf,LABEL_MSG0);
st->current_transform->forwards(st->current_transform->st,
buf, &transform_err);
buf_prepend_uint32(buf,LABEL_MSG0);
buf_prepend_uint32(buf,st->remote_session_id);
st->comm->sendmsg(st->comm->st,buf,&st->peer);
}
buf_prepend_uint32(buf,st->remote_session_id);
st->comm->sendmsg(st->comm->st,buf,&st->peer);
}
/* This function is called by the communication device to deliver
packets from our peers. */
static bool_t site_incoming(void *sst, struct buffer_if *buf,
/* This function is called by the communication device to deliver
packets from our peers. */
static bool_t site_incoming(void *sst, struct buffer_if *buf,
/* Explicitly addressed to us */
uint32_t msgtype=ntohl(get_uint32(buf->start+8));
if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
/* Explicitly addressed to us */
uint32_t msgtype=ntohl(get_uint32(buf->start+8));
if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
list_t *args)
{
static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
list_t *args)
{
st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
st->comm=find_cl_if(dict,"comm",CL_COMM,True,"site",loc);
st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
st->comm=find_cl_if(dict,"comm",CL_COMM,True,"site",loc);
st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
st->key_lifetime=dict_read_number(
dict,"key-lifetime",False,"site",loc,DEFAULT_KEY_LIFETIME);
st->key_lifetime=dict_read_number(
dict,"key-lifetime",False,"site",loc,DEFAULT_KEY_LIFETIME);
st->setup_retries=dict_read_number(
dict,"setup-retries",False,"site",loc,DEFAULT_SETUP_RETRIES);
st->setup_timeout=dict_read_number(
dict,"setup-timeout",False,"site",loc,DEFAULT_SETUP_TIMEOUT);
st->wait_timeout=dict_read_number(
dict,"wait-time",False,"site",loc,DEFAULT_WAIT_TIME);
st->setup_retries=dict_read_number(
dict,"setup-retries",False,"site",loc,DEFAULT_SETUP_RETRIES);
st->setup_timeout=dict_read_number(
dict,"setup-timeout",False,"site",loc,DEFAULT_SETUP_TIMEOUT);
st->wait_timeout=dict_read_number(
dict,"wait-time",False,"site",loc,DEFAULT_WAIT_TIME);
- dict,"renegotiate-time",False,"site",loc,st->key_lifetime);
+ dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
if (st->key_renegotiate_time > st->key_lifetime) {
cfgfatal(loc,"site",
"renegotiate-time must be less than key-lifetime\n");
}
if (st->key_renegotiate_time > st->key_lifetime) {
cfgfatal(loc,"site",
"renegotiate-time must be less than key-lifetime\n");
}