~mdw
/
secnet
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Makefile.in: Drop dist target
[secnet]
/
site.c
diff --git
a/site.c
b/site.c
index
9d922ce
..
d0dd909
100644
(file)
--- a/
site.c
+++ b/
site.c
@@
-321,7
+321,7
@@
struct site {
uint32_t local_capabilities;
int32_t setup_retries; /* How many times to send setup packets */
int32_t setup_retry_interval; /* Initial timeout for setup packets */
uint32_t local_capabilities;
int32_t setup_retries; /* How many times to send setup packets */
int32_t setup_retry_interval; /* Initial timeout for setup packets */
- int32_t wait_timeout; /* How long to wait if setup unsuccessful */
+ int32_t wait_timeout
_mean
; /* How long to wait if setup unsuccessful */
int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
int32_t key_lifetime; /* How long a key lasts once set up */
int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
int32_t key_lifetime; /* How long a key lasts once set up */
int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
@@
-535,6
+535,16
@@
struct msg {
char *sig;
};
char *sig;
};
+static int32_t wait_timeout(struct site *st) {
+ int32_t t = st->wait_timeout_mean;
+ int8_t factor;
+ if (t < INT_MAX/2) {
+ st->random->generate(st->random->st,sizeof(factor),&factor);
+ t += (t / 256) * factor;
+ }
+ return t;
+}
+
static _Bool set_new_transform(struct site *st, char *pk)
{
_Bool ok;
static _Bool set_new_transform(struct site *st, char *pk)
{
_Bool ok;
@@
-757,7
+767,7
@@
static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
return False;
}
if (type==LABEL_MSG2) return True;
return False;
}
if (type==LABEL_MSG2) return True;
- if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)
!=0
) {
+ if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)) {
*error="wrong remotely-generated nonce";
return False;
}
*error="wrong remotely-generated nonce";
return False;
}
@@
-1353,7
+1363,7
@@
static void decrement_resolving_count(struct site *st, int by)
} else if (st->local_mobile) {
/* Not very good. We should queue (another) renegotiation
* so that we can update the peer address. */
} else if (st->local_mobile) {
/* Not very good. We should queue (another) renegotiation
* so that we can update the peer address. */
- st->key_renegotiate_time=st->now+
st->wait_timeout
;
+ st->key_renegotiate_time=st->now+
wait_timeout(st)
;
} else {
slog(st,LOG_SETUP_INIT,"resolution failed: "
" continuing to use source address of peer's packets");
} else {
slog(st,LOG_SETUP_INIT,"resolution failed: "
" continuing to use source address of peer's packets");
@@
-1466,7
+1476,8
@@
static void set_link_quality(struct site *st)
static void enter_state_run(struct site *st)
{
static void enter_state_run(struct site *st)
{
- slog(st,LOG_STATE,"entering state RUN");
+ slog(st,LOG_STATE,"entering state RUN%s",
+ current_valid(st) ? " (keyed)" : " (unkeyed)");
st->state=SITE_RUN;
st->timeout=0;
st->state=SITE_RUN;
st->timeout=0;
@@
-1628,7
+1639,7
@@
static bool_t send_msg7(struct site *st, cstring_t reason)
static void enter_state_wait(struct site *st)
{
slog(st,LOG_STATE,"entering state WAIT");
static void enter_state_wait(struct site *st)
{
slog(st,LOG_STATE,"entering state WAIT");
- st->timeout=st->now+
st->wait_timeout
;
+ st->timeout=st->now+
wait_timeout(st)
;
st->state=SITE_WAIT;
set_link_quality(st);
BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
st->state=SITE_WAIT;
set_link_quality(st);
BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
@@
-1770,8
+1781,8
@@
static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
}
static bool_t we_have_priority(struct site *st, const struct msg *m) {
}
static bool_t we_have_priority(struct site *st, const struct msg *m) {
- if (
(st->local_capabilities & m->remote_capabilities)
-
&&
CAPAB_PRIORITY_MOBILE) {
+ if (
st->local_capabilities & m->remote_capabilities &
+ CAPAB_PRIORITY_MOBILE) {
if (st->local_mobile) return True;
if (st-> peer_mobile) return False;
}
if (st->local_mobile) return True;
if (st-> peer_mobile) return False;
}
@@
-2154,7
+2165,7
@@
static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
- st->wait_timeout
=
CFG_NUMBER("wait-time", WAIT_TIME);
+ st->wait_timeout
_mean=
CFG_NUMBER("wait-time", WAIT_TIME);
st->mtu_target= dict_read_number(dict,"mtu-target",False,"site",loc,0);
st->mobile_peer_expiry= dict_read_number(
st->mtu_target= dict_read_number(dict,"mtu-target",False,"site",loc,0);
st->mobile_peer_expiry= dict_read_number(