###
### This file is part of Trivial IP Encryption (TrIPE).
###
-### TrIPE is free software; you can redistribute it and/or modify
-### it under the terms of the GNU General Public License as published by
-### the Free Software Foundation; either version 2 of the License, or
-### (at your option) any later version.
+### TrIPE is free software: you can redistribute it and/or modify it under
+### the terms of the GNU General Public License as published by the Free
+### Software Foundation; either version 3 of the License, or (at your
+### option) any later version.
###
-### TrIPE is distributed in the hope that it will be useful,
-### but WITHOUT ANY WARRANTY; without even the implied warranty of
-### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-### GNU General Public License for more details.
+### TrIPE is distributed in the hope that it will be useful, but WITHOUT
+### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+### FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+### for more details.
###
### You should have received a copy of the GNU General Public License
-### along with TrIPE; if not, write to the Free Software Foundation,
-### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+### along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
###--------------------------------------------------------------------------
### Instructions.
### field is used (a) by the accompanying `ipif-peers' script to set up the
### peer association, and (b) to determine the correct MTU to set; it
### should have the form ADDRESS[:PORT], where the PORT defaults to 4070 if
-### it's not given explicitly.
+### it's not given explicitly, and an IPv6 ADDRESS is enclosed in square
+### brackets (because of the stupid syntax decision to use colons in IPv6
+### address literals).
###
### Having done all of that, and having configured userv-ipif correctly,
### you should set TRIPE_SLIPIF=.../tripe-ipif and everything should just
echo "userv-$peer"
## Now we can interrogate the server without deadlocking it.
-algs=$(tripectl algs) tagsz=nil blksz=nil
+algs=$(tripectl algs) overhead=nil
while read line; do
for i in $line; do
- case $i in
- cipher-blksz=*) blksz=${i#*=} ;;
- mac-tagsz=*) tagsz=${i#*=} ;;
- esac
+ case $i in bulk-overhead=*) overhead=${i#*=} ;; esac
done
done <<EOF
$algs
EOF
-case ,$tagsz,$blksz, in
- *,nil,*) echo >&2 "$quis[$$]: failed to discover cipher suite"; exit 1 ;;
+case $overhead in
+ nil) echo >&2 "$quis[$$]: failed to discover overhead"; exit 1 ;;
esac
## Determine the remote address if none is specified; strip off a port number
addr=$(tripectl addr $peer)
set -- $addr
case $1 in
- INET) remote_ext=$2 ;;
+ INET | INET6) remote_af=$1 remote_ext=$2 ;;
*) echo >&2 "$quis: unexpected address family \`$1'"; exit 1 ;;
esac
;;
+ \[*\]:*)
+ remote_af=INET6
+ remote_ext=${remote_ext#\[}
+ remote_ext=${remote_ext%\]:*}
+ ;;
*:*)
+ remote_af=INET
remote_ext=${remote_ext%:*}
;;
esac
## Determine the MTU based on the path.
pmtu=$(pathmtu $remote_ext)
-mtu=$(( $pmtu - 33 - $tagsz - $blksz ))
+case $remote_af in
+ INET) iphdrsz=20 ;;
+ INET6) iphdrsz=40 ;;
+esac
+mtu=$(( $pmtu - $iphdrsz - 8 - $overhead - 1 ))
## Obtain the tunnel and run it.
now=$(date +"%Y-%m-%d %H:%M:%S")
~mdw / tripe / blobdiff