Commit 378be94a authored by Julien Muchembled's avatar Julien Muchembled

fixup! Add no_hmac_verify flag

Commit a62b7c9b was broken in that
2 nodes with same id/hmac settings could not communicate when
1 of the 2 has no_hmac_verify.
parent 4b06eebb
...@@ -259,6 +259,7 @@ check_hmac(const unsigned char *packet, int packetlen, int bodylen, ...@@ -259,6 +259,7 @@ check_hmac(const unsigned char *packet, int packetlen, int bodylen,
{ {
int i = bodylen + 4; int i = bodylen + 4;
int len; int len;
int rc = -1;
debugf("check_hmac %s -> %s\n", debugf("check_hmac %s -> %s\n",
format_address(src), format_address(dst)); format_address(src), format_address(dst));
...@@ -278,8 +279,9 @@ check_hmac(const unsigned char *packet, int packetlen, int bodylen, ...@@ -278,8 +279,9 @@ check_hmac(const unsigned char *packet, int packetlen, int bodylen,
packet + i + 2, len, ifp->key); packet + i + 2, len, ifp->key);
if(ok) if(ok)
return 1; return 1;
rc = 0;
} }
i += len + 2; i += len + 2;
} }
return 0; return rc;
} }
...@@ -580,23 +580,26 @@ parse_packet(const unsigned char *from, struct interface *ifp, ...@@ -580,23 +580,26 @@ parse_packet(const unsigned char *from, struct interface *ifp,
bodylen = packetlen - 4; bodylen = packetlen - 4;
} }
if(ifp->key != NULL && !(ifp->flags & IF_NO_HMAC_VERIFY)) { if(ifp->key != NULL) {
if(check_hmac(packet, packetlen, bodylen, from, to, ifp) != 1) { switch(check_hmac(packet, packetlen, bodylen, from, to, ifp)) {
case -1:
if(ifp->flags & IF_NO_HMAC_VERIFY)
break; /* missing key ignored */
case 0:
fprintf(stderr, "Received wrong hmac.\n"); fprintf(stderr, "Received wrong hmac.\n");
return; return;
} case 1:
neigh = find_neighbour(from, ifp); neigh = find_neighbour(from, ifp);
if(neigh == NULL) { if(neigh == NULL) {
fprintf(stderr, "Couldn't allocate neighbour.\n"); fprintf(stderr, "Couldn't allocate neighbour.\n");
return; return;
} }
if(preparse_packet(packet, bodylen, neigh, ifp) == 0) { if(preparse_packet(packet, bodylen, neigh, ifp) == 0) {
fprintf(stderr, "Received wrong PC or failed the challenge.\n"); fprintf(stderr, "Received wrong PC or failed the challenge.\n");
return; return;
} }
} }
}
if(neigh == NULL) { if(neigh == NULL) {
neigh = find_neighbour(from, ifp); neigh = find_neighbour(from, ifp);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment