+/* --- @p_rxupdstats@ --- *
+ *
+ * Arguments: @peer *p@ = peer to update
+ * @size_t n@ = size of incoming packet
+ *
+ * Returns: ---
+ *
+ * Use: Updates the peer's incoming packet statistics.
+ */
+
+static void p_rxupdstats(peer *p, size_t n)
+{
+ p->st.t_last = time(0);
+ p->st.n_in++;
+ p->st.sz_in += n;
+}
+
+/* --- @p_encrypt@ --- *
+ *
+ * Arguments: @peer *p@ = peer to encrypt message to
+ * @int ty@ message type to send
+ * @buf *bin, *bout@ = input and output buffers
+ *
+ * Returns: ---
+ *
+ * Use: Convenience function for packet encryption. Forces
+ * renegotiation when necessary. Check for the output buffer
+ * being broken to find out whether the encryption was
+ * successful.
+ */
+
+static int p_encrypt(peer *p, int ty, buf *bin, buf *bout)
+{
+ int err = ksl_encrypt(&p->ks, ty, bin, bout);
+
+ if (err == KSERR_REGEN) {
+ kx_start(&p->kx, 1);
+ err = 0;
+ }
+ if (!BOK(bout))
+ err = -1;
+ return (err);
+}
+
+/* --- @p_decrypt@ --- *
+ *
+ * Arguments: @peer **pp@ = pointer to peer to decrypt message from
+ * @addr *a@ = address the packet arrived on
+ * @size_t n@ = size of original incoming packet
+ * @int ty@ = message type to expect
+ * @buf *bin, *bout@ = input and output buffers
+ *
+ * Returns: Zero on success; nonzero on error.
+ *
+ * Use: Convenience function for packet decryption. Reports errors
+ * and updates statistics appropriately.
+ *
+ * If @*pp@ is null on entry and there are mobile peers then we
+ * see if any of them can decrypt the packet. If so, we record
+ * @*a@ as the peer's new address and send a notification.
+ */
+
+static int p_decrypt(peer **pp, addr *a, size_t n,
+ int ty, buf *bin, buf *bout)
+{
+ peer *p;
+ peer_byaddr *pa;
+ int err = KSERR_DECRYPT;
+ unsigned f;
+
+ if (*pp) {
+ p = *pp;
+ T( trace(T_PEER, "peer: decrypting packet from known peer `%s'",
+ p_name(p)); )
+ err = ksl_decrypt(&p->ks, ty, bin, bout);
+ } else {
+ p = 0;
+ if (nmobile) {
+ T( trace(T_PEER, "peer: unknown source: trying mobile peers..."); )
+ FOREACH_PEER(q, {
+ if ((err = ksl_decrypt(&q->ks, ty, bin, bout)) == KSERR_DECRYPT) {
+ T( trace(T_PEER, "peer: peer `%s' failed to decrypt",
+ p_name(q)); )
+ continue;
+ } else {
+ p = *pp = q;
+ IF_TRACING(T_PEER, {
+ if (!err)
+ trace(T_PEER, "peer: peer `%s' reports success", p_name(p));
+ else {
+ trace(T_PEER, "peer: peer `%s' reports decryption error %d",
+ p_name(p), err);
+ }
+ })
+ break;
+ }
+ });
+ }
+ if (!p) {
+ a_warn("PEER", "-", "unexpected-source", "?ADDR", a, A_END);
+ return (-1);
+ }
+ if (!err) {
+ T( trace(T_PEER, "peer: updating address for `%s'", p_name(p)); )
+ p_rxupdstats(p, n);
+ pa = am_find(&byaddr, a, sizeof(peer_byaddr), &f); assert(!f);
+ am_remove(&byaddr, p->byaddr);
+ p->byaddr = pa;
+ pa->p = p;
+ p->spec.sa = *a;
+ a_notify("NEWADDR", "?PEER", p, "?ADDR", a, A_END);
+ }
+ }
+ if (err) {
+ if (p) p->st.n_reject++;
+ a_warn("PEER", "?PEER", p, "decrypt-failed",
+ "error-code", "%d", err, A_END);
+ return (-1);
+ }
+ if (!BOK(bout))
+ return (-1);
+ return (0);
+}
+