X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/a620a048db382ace2ab42cfe0f6e832de1197527..07e4774c32915eeb1d480854a4a10ec91160b57d:/site.c

diff --git a/site.c b/site.c
index fcc36d8..4dbebaf 100644
--- a/site.c
+++ b/site.c
@@ -628,7 +628,6 @@ static bool_t generate_msg5(struct site *st)
     buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
     /* Give the netlink code an opportunity to put its own stuff in the
        message (configuration information, etc.) */
-    st->netlink->output_config(st->netlink->st,&st->buffer);
     buf_prepend_uint32(&st->buffer,LABEL_MSG5);
     st->new_transform->forwards(st->new_transform->st,&st->buffer,
 				&transform_err);
@@ -660,11 +659,8 @@ static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
 	slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
 	return False;
     }
-    if (!st->netlink->check_config(st->netlink->st,msg5)) {
-	slog(st,LOG_SEC,"MSG5/PING packet contained bad netlink config");
-	return False;
-    }
-    CHECK_EMPTY(msg5);
+    /* Older versions of secnet used to write some config data here
+     * which we ignore.  So we don't CHECK_EMPTY */
     return True;
 }
 
@@ -677,7 +673,6 @@ static bool_t generate_msg6(struct site *st)
     buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
     /* Give the netlink code an opportunity to put its own stuff in the
        message (configuration information, etc.) */
-    st->netlink->output_config(st->netlink->st,&st->buffer);
     buf_prepend_uint32(&st->buffer,LABEL_MSG6);
     st->new_transform->forwards(st->new_transform->st,&st->buffer,
 				&transform_err);
@@ -709,34 +704,41 @@ static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
 	slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
 	return False;
     }
-    if (!st->netlink->check_config(st->netlink->st,msg6)) {
-	slog(st,LOG_SEC,"MSG6/PONG packet contained bad netlink config");
+    /* Older versions of secnet used to write some config data here
+     * which we ignore.  So we don't CHECK_EMPTY */
+    return True;
+}
+
+static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0)
+{
+    cstring_t transform_err;
+    struct msg0 m;
+    uint32_t problem;
+
+    if (!unpick_msg0(st,msg0,&m)) return False;
+
+    problem = st->current_transform->reverse(st->current_transform->st,
+					     msg0,&transform_err);
+    if (!problem) return True;
+
+    if (problem==2) {
+	slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
 	return False;
     }
-    CHECK_EMPTY(msg6);
-    return True;
+
+    slog(st,LOG_SEC,"transform: %s",transform_err);
+    initiate_key_setup(st,"incoming message would not decrypt");
+    return False;
 }
 
 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
 			   const struct comm_addr *src)
 {
-    struct msg0 m;
-    cstring_t transform_err;
     uint32_t type;
 
-    if (!st->current_valid) {
-	slog(st,LOG_DROP,"incoming message but no current key -> dropping");
-	return initiate_key_setup(st,"incoming message but no current key");
-    }
-
-    if (!unpick_msg0(st,msg0,&m)) return False;
+    if (!decrypt_msg0(st,msg0))
+	return False;
 
-    if (st->current_transform->reverse(st->current_transform->st,
-				       msg0,&transform_err)) {
-	/* There's a problem */
-	slog(st,LOG_SEC,"transform: %s",transform_err);
-	return initiate_key_setup(st,"incoming message would not decrypt");
-    }
     CHECK_AVAIL(msg0,4);
     type=buf_unprepend_uint32(msg0);
     switch(type) {