X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/01c94fa1b6e5db0dd2b1c6d05f1f598c21fe493d..HEAD:/contrib/tripe-ipif.in

diff --git a/contrib/tripe-ipif.in b/contrib/tripe-ipif.in
index 5a620faf..3d2aa824 100755
--- a/contrib/tripe-ipif.in
+++ b/contrib/tripe-ipif.in
@@ -9,19 +9,18 @@
 ###
 ### This file is part of Trivial IP Encryption (TrIPE).
 ###
-### TrIPE is free software; you can redistribute it and/or modify
-### it under the terms of the GNU General Public License as published by
-### the Free Software Foundation; either version 2 of the License, or
-### (at your option) any later version.
+### TrIPE is free software: you can redistribute it and/or modify it under
+### the terms of the GNU General Public License as published by the Free
+### Software Foundation; either version 3 of the License, or (at your
+### option) any later version.
 ###
-### TrIPE is distributed in the hope that it will be useful,
-### but WITHOUT ANY WARRANTY; without even the implied warranty of
-### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-### GNU General Public License for more details.
+### TrIPE is distributed in the hope that it will be useful, but WITHOUT
+### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+### FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+### for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with TrIPE; if not, write to the Free Software Foundation,
-### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+### along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
 
 ###--------------------------------------------------------------------------
 ### Instructions.
@@ -49,7 +48,9 @@
 ### field is used (a) by the accompanying `ipif-peers' script to set up the
 ### peer association, and (b) to determine the correct MTU to set; it
 ### should have the form ADDRESS[:PORT], where the PORT defaults to 4070 if
-### it's not given explicitly.
+### it's not given explicitly, and an IPv6 ADDRESS is enclosed in square
+### brackets (because of the stupid syntax decision to use colons in IPv6
+### address literals).
 ###
 ### Having done all of that, and having configured userv-ipif correctly,
 ### you should set TRIPE_SLIPIF=.../tripe-ipif and everything should just
@@ -90,19 +91,16 @@ esac
 echo "userv-$peer"
 
 ## Now we can interrogate the server without deadlocking it.
-algs=$(tripectl algs) tagsz=nil blksz=nil
+algs=$(tripectl algs) overhead=nil
 while read line; do
   for i in $line; do
-    case $i in
-      cipher-blksz=*) blksz=${i#*=} ;;
-      mac-tagsz=*) tagsz=${i#*=} ;;
-    esac
+    case $i in bulk-overhead=*) overhead=${i#*=} ;; esac
   done
 done <<EOF
 $algs
 EOF
-case ,$tagsz,$blksz, in
-  *,nil,*) echo >&2 "$quis[$$]: failed to discover cipher suite"; exit 1 ;;
+case $overhead in
+  nil) echo >&2 "$quis[$$]: failed to discover overhead"; exit 1 ;;
 esac
 
 ## Determine the remote address if none is specified; strip off a port number
@@ -112,18 +110,28 @@ case "$remote_ext" in
     addr=$(tripectl addr $peer)
     set -- $addr
     case $1 in
-      INET) remote_ext=$2 ;;
+      INET | INET6) remote_af=$1 remote_ext=$2 ;;
       *) echo >&2 "$quis: unexpected address family \`$1'"; exit 1 ;;
     esac
     ;;
+  \[*\]:*)
+    remote_af=INET6
+    remote_ext=${remote_ext#\[}
+    remote_ext=${remote_ext%\]:*}
+    ;;
   *:*)
+    remote_af=INET
     remote_ext=${remote_ext%:*}
     ;;
 esac
 
 ## Determine the MTU based on the path.
 pmtu=$(pathmtu $remote_ext)
-mtu=$(( $pmtu - 33 - $tagsz - $blksz ))
+case $remote_af in
+  INET) iphdrsz=20 ;;
+  INET6) iphdrsz=40 ;;
+esac
+mtu=$(( $pmtu - $iphdrsz - 8 - $overhead - 1 ))
 
 ## Obtain the tunnel and run it.
 now=$(date +"%Y-%m-%d %H:%M:%S")