arrange for that directory to exist with the correct permissions.
Don't try to open the log until after dropping privileges, so as to
provide a check that we can reopen them later.
+ * New peer option `mobile' can be set in peers.d files to indicate that
+ the peer's IP address and/or port are highly volatile and the server
+ should try to keep up with changes by attempting to decrypt incoming
+ packets using any available mobile keys.
- -- Mark Wooding <mdw@distorted.org.uk> Mon, 27 Jun 2011 09:51:08 +0100
+ -- Mark Wooding <mdw@distorted.org.uk> Mon, 27 Jun 2011 09:50:31 +0100
tripe (1.0.0pre10) experimental; urgency=low
add->peer.tag = 0;
add->peer.t_ka = 0;
add->peer.tops = tun_default;
- add->peer.kxf = 0;
+ add->peer.f = 0;
/* --- Parse options --- */
}
})
OPTTIME("-keepalive", t, { add->peer.t_ka = t; })
- OPT("-cork", { add->peer.kxf |= KXF_CORK; })
+ OPT("-cork", { add->peer.f |= KXF_CORK; })
OPTARG("-key", arg, {
if (add->peer.tag)
xfree(add->peer.tag);
T( trace(T_TUNNEL, "peer: attached interface %s to peer `%s'",
p->ifname, p_name(p)); )
p_setkatimer(p);
- if (kx_init(&p->kx, p, &p->ks, p->spec.kxf))
+ if (kx_init(&p->kx, p, &p->ks, p->spec.f & PSF_KXMASK))
goto tidy_4;
a_notify("ADD",
"?PEER", p,
"%s", p->ifname,
"?ADDR", &p->spec.sa,
A_END);
- if (!(p->spec.kxf & KXF_CORK)) {
+ if (!(p->spec.f & KXF_CORK)) {
a_notify("KXSTART", "?PEER", p, A_END);
/* Couldn't tell anyone before */
}
unsigned long t_ka; /* Keep alive interval */
addr sa; /* Socket address to speak to */
size_t sasz; /* Socket address size */
- unsigned kxf; /* Key exchange flags to set */
+ unsigned f; /* Flags for the peer */
+#define PSF_KXMASK 255u /* Key exchange flags to set */
} peerspec;
typedef struct peer_byname {
~mdw / tripe / commitdiff