]> Cypherpunks.ru repositories - govpn.git/blobdiff - src/govpn/cmd/govpn-server/tcp.go
projects / govpn.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move nonce expectation calculation to common function
[govpn.git] / src / govpn / cmd / govpn-server / tcp.go
diff --git a/src/govpn/cmd/govpn-server/tcp.go b/src/govpn/cmd/govpn-server/tcp.go
index 8aedfa9345dbb7b204a8b221f96d8381bccbfd98..437b5005aa8ca11b085419e484bf218108941c3a 100644 (file)
--- a/src/govpn/cmd/govpn-server/tcp.go
+++ b/src/govpn/cmd/govpn-server/tcp.go
@@ -20,7 +20,6 @@ package main
 
 import (
        "bytes"
-       "encoding/binary"
        "log"
        "net"
        "time"
@@ -37,7 +36,7 @@ func startTCP() {
        if err != nil {
                log.Fatalln("Can not listen on TCP:", err)
        }
-       log.Println("Listening on TCP", *bindAddr)
+       log.Println("Listening on TCP:" + *bindAddr)
        go func() {
                for {
                        conn, err := listener.AcceptTCP()
@@ -72,12 +71,12 @@ func handleTCP(conn net.Conn) {
                        break
                }
                prev += n
-               peerId := govpn.IDsCache.Find(buf[:prev])
+               peerId := idsCache.Find(buf[:prev])
                if peerId == nil {
                        continue
                }
                if hs == nil {
-                       conf = peerId.Conf()
+                       conf = confs[*peerId]
                        if conf == nil {
                                log.Println("Can not get peer configuration:", peerId.String())
                                break
@@ -90,33 +89,31 @@ func handleTCP(conn net.Conn) {
                        continue
                }
                hs.Zero()
+               log.Println("Peer handshake finished:", addr, peer.Id.String())
                peersByIdLock.RLock()
                addrPrev, exists := peersById[*peer.Id]
                peersByIdLock.RUnlock()
                if exists {
-                       peersLock.RLock()
+                       peersLock.Lock()
+                       peers[addrPrev].terminator <- struct{}{}
                        tap = peers[addrPrev].tap
                        ps = &PeerState{
                                peer:       peer,
                                tap:        tap,
-                               terminator: peers[addrPrev].terminator,
+                               terminator: make(chan struct{}),
                        }
-                       peersLock.RUnlock()
-                       ps.terminator <- struct{}{}
-                       peersLock.Lock()
+                       go peerReady(*ps)
                        peersByIdLock.Lock()
                        kpLock.Lock()
                        delete(peers, addrPrev)
                        delete(knownPeers, addrPrev)
-                       delete(peersById, *peer.Id)
                        peers[addr] = ps
                        knownPeers[addr] = &peer
                        peersById[*peer.Id] = addr
                        peersLock.Unlock()
                        peersByIdLock.Unlock()
                        kpLock.Unlock()
-                       go peerReady(*ps)
-                       log.Println("Rehandshake finished:", peer.Id.String())
+                       log.Println("Rehandshake processed:", peer.Id.String())
                } else {
                        ifaceName, err := callUp(peer.Id)
                        if err != nil {
@@ -142,7 +139,7 @@ func handleTCP(conn net.Conn) {
                        peersLock.Unlock()
                        peersByIdLock.Unlock()
                        kpLock.Unlock()
-                       log.Println("New peer:", peer.Id.String())
+                       log.Println("Peer created:", peer.Id.String())
                }
                break
        }
@@ -154,8 +151,7 @@ func handleTCP(conn net.Conn) {
        }
 
        nonceExpectation := make([]byte, govpn.NonceSize)
-       binary.BigEndian.PutUint64(nonceExpectation, peer.NonceExpect)
-       peer.NonceCipher.Encrypt(nonceExpectation, nonceExpectation)
+       peer.NonceExpectation(nonceExpectation)
        prev = 0
        var i int
        for {
@@ -170,15 +166,21 @@ func handleTCP(conn net.Conn) {
                }
                prev += n
        CheckMore:
+               if prev < govpn.MinPktLength {
+                       continue
+               }
                i = bytes.Index(buf[:prev], nonceExpectation)
                if i == -1 {
                        continue
                }
                if !peer.PktProcess(buf[:i+govpn.NonceSize], tap, false) {
+                       log.Println(
+                               "Unauthenticated packet, dropping connection",
+                               addr, peer.Id.String(),
+                       )
                        break
                }
-               binary.BigEndian.PutUint64(nonceExpectation, peer.NonceExpect)
-               peer.NonceCipher.Encrypt(nonceExpectation, nonceExpectation)
+               peer.NonceExpectation(nonceExpectation)
                copy(buf, buf[i+govpn.NonceSize:prev])
                prev = prev - i - govpn.NonceSize
                goto CheckMore
Simple secure free software VPN daemon