+/* --- @p_rxupdstats@ --- *
+ *
+ * Arguments: @peer *p@ = peer to update
+ * @size_t n@ = size of incoming packet
+ *
+ * Returns: ---
+ *
+ * Use: Updates the peer's incoming packet statistics.
+ */
+
+static void p_rxupdstats(peer *p, size_t n)
+{
+ p->st.t_last = time(0);
+ p->st.n_in++;
+ p->st.sz_in += n;
+}
+
+/* --- @p_encrypt@ --- *
+ *
+ * Arguments: @peer *p@ = peer to encrypt message to
+ * @int ty@ message type to send
+ * @buf *bin, *bout@ = input and output buffers
+ *
+ * Returns: ---
+ *
+ * Use: Convenience function for packet encryption. Forces
+ * renegotiation when necessary. Check for the output buffer
+ * being broken to find out whether the encryption was
+ * successful.
+ */
+
+static int p_encrypt(peer *p, int ty, buf *bin, buf *bout)
+{
+ int err = ksl_encrypt(&p->ks, ty, bin, bout);
+
+ if (err == KSERR_REGEN) {
+ kx_start(&p->kx, 1);
+ err = 0;
+ }
+ if (!BOK(bout))
+ err = -1;
+ return (err);
+}
+
+/* --- @p_decrypt@ --- *
+ *
+ * Arguments: @peer **pp@ = pointer to peer to decrypt message from
+ * @addr *a@ = address the packet arrived on
+ * @size_t n@ = size of original incoming packet
+ * @int ty@ = message type to expect
+ * @buf *bin, *bout@ = input and output buffers
+ *
+ * Returns: Zero on success; nonzero on error.
+ *
+ * Use: Convenience function for packet decryption. Reports errors
+ * and updates statistics appropriately.
+ *
+ * If @*pp@ is null on entry and there are mobile peers then we
+ * see if any of them can decrypt the packet. If so, we record
+ * @*a@ as the peer's new address and send a notification.
+ */
+
+static int p_decrypt(peer **pp, addr *a, size_t n,
+ int ty, buf *bin, buf *bout)
+{
+ peer *p, *q;
+ peer_byaddr *pa, *qa;
+ int err = KSERR_DECRYPT;
+ unsigned f;
+
+ /* --- If we have a match on the source address then try that first --- */
+
+ q = *pp;
+ if (q) {
+ T( trace(T_PEER, "peer: decrypting packet from known peer `%s'",
+ p_name(q)); )
+ if ((err = ksl_decrypt(&q->ks, ty, bin, bout)) != KSERR_DECRYPT ||
+ !(q->spec.f & PSF_MOBILE) || nmobile == 1) {
+ p = q;
+ goto match;
+ }
+ T( trace(T_PEER, "peer: failed to decrypt: try other mobile peers...",
+ p_name(q)); )
+ } else if (nmobile)
+ T( trace(T_PEER, "peer: unknown source: trying mobile peers..."); )
+ else {
+ p = 0;
+ goto searched;
+ }
+
+ /* --- See whether any mobile peer is interested --- */
+
+ p = 0;
+ FOREACH_PEER(qq, {
+ if (qq == q || !(qq->spec.f & PSF_MOBILE)) continue;
+ if ((err = ksl_decrypt(&qq->ks, ty, bin, bout)) == KSERR_DECRYPT) {
+ T( trace(T_PEER, "peer: peer `%s' failed to decrypt",
+ p_name(qq)); )
+ continue;
+ } else {
+ p = qq;
+ IF_TRACING(T_PEER, {
+ if (!err)
+ trace(T_PEER, "peer: peer `%s' reports success", p_name(qq));
+ else {
+ trace(T_PEER, "peer: peer `%s' reports decryption error %d",
+ p_name(qq), err);
+ }
+ })
+ break;
+ }
+ });
+
+ /* --- We've searched the mobile peers --- */
+
+searched:
+ if (!p) {
+ if (!q)
+ a_warn("PEER", "-", "unexpected-source", "?ADDR", a, A_END);
+ else {
+ a_warn("PEER", "?PEER", p, "decrypt-failed",
+ "error-code", "%d", err, A_END);
+ p_rxupdstats(q, n);
+ }
+ return (-1);
+ }
+
+ /* --- We found one that accepted, so update the peer's address --- *
+ *
+ * If we had an initial guess of which peer this packet came from -- i.e.,
+ * @q@ is not null -- then swap the addresses over. This doesn't leave the
+ * evicted peer in an especially good state, but it ought to get sorted out
+ * soon enough.
+ */
+
+ if (!err) {
+ *pp = p;
+ if (!q) {
+ T( trace(T_PEER, "peer: updating address for `%s'", p_name(p)); )
+ pa = am_find(&byaddr, a, sizeof(peer_byaddr), &f); assert(!f);
+ am_remove(&byaddr, p->byaddr);
+ p->byaddr = pa;
+ pa->p = p;
+ p->spec.sa = *a;
+ a_notify("NEWADDR", "?PEER", p, "?ADDR", a, A_END);
+ } else {
+ T( trace(T_PEER, "peer: swapping addresses for `%s' and `%s'",
+ p_name(p), p_name(q)); )
+ pa = p->byaddr; qa = q->byaddr;
+ pa->p = q; q->byaddr = pa; q->spec.sa = p->spec.sa;
+ qa->p = p; p->byaddr = qa; p->spec.sa = *a;
+ a_notify("NEWADDR", "?PEER", p, "?ADDR", a, A_END);
+ a_notify("NEWADDR", "?PEER", q, "?ADDR", &q->spec.sa, A_END);
+ }
+ }
+
+match:
+ p_rxupdstats(p, n);
+ if (err) {
+ if (p) p->st.n_reject++;
+ a_warn("PEER", "?PEER", p, "decrypt-failed",
+ "error-code", "%d", err, A_END);
+ return (-1);
+ }
+ if (!BOK(bout))
+ return (-1);
+ return (0);
+}
+