peer/cipher-data.go

@@ -1,7 +1,6 @@
 package peer
 
 import (
-	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
@@ -39,10 +38,6 @@ func (sc *dataCipher) Key() [32]byte {
 	return sc.key
 }
 
-func (sc *dataCipher) HasKey(k [32]byte) bool {
-	return bytes.Equal(k[:], sc.key[:])
-}
-
 func (sc *dataCipher) Encrypt(h Header, data, out []byte) []byte {
 	const s = dataHeaderSize
 	out = out[:s+dataCipherOverhead+len(data)]

peer/remotefsm.go

@@ -154,6 +154,8 @@ func (r *remoteFSM) stateServer_onInit(msg controlMsg[packetInit]) {
 		Version: version,
 	}
 
+	// Reset traceID to force state update on SYN.
+	r.traceID = 0
 	r.sendControl(conf, init.Marshal(r.buf))
 }
 
@@ -161,6 +163,12 @@ func (r *remoteFSM) stateServer_onSyn(msg controlMsg[packetSyn]) {
 	r.lastSeen = time.Now()
 	p := msg.Packet
 
+	if p.TraceID == r.traceID {
+		return
+	}
+
+	r.traceID = p.TraceID
+
 	// Before we can respond to this packet, we need to make sure the
 	// route is setup properly.
 	conf := r.conf()
@@ -170,10 +178,7 @@ func (r *remoteFSM) stateServer_onSyn(msg controlMsg[packetSyn]) {
 	conf.Direct = p.Direct
 	conf.DirectAddr = msg.SrcAddr
 
-	// Update data cipher if the key has changed.
-	if conf.DataCipher == nil || !conf.DataCipher.HasKey(p.SharedKey) {
 	conf.DataCipher = newDataCipherFromKey(p.SharedKey)
-	}
 
 	r.updateConf(conf)
 
@@ -191,13 +196,14 @@ func (r *remoteFSM) stateServer_onSyn(msg controlMsg[packetSyn]) {
 		return
 	}
 
-	// Send probes if not a direct connection.
+	// Send probes if not a direct connection. The server sends probes without
+	// trace IDs unless responding to a client probe.
 	for _, addr := range msg.Packet.PossibleAddrs {
 		if !addr.IsValid() {
 			break
 		}
 		r.logf("Probing %v...", addr)
-		r.sendControlToAddr(packetProbe{TraceID: r.NewTraceID()}.Marshal(r.buf), addr)
+		r.sendControlToAddr(packetProbe{}.Marshal(r.buf), addr)
 	}
 }
 

peer/statusserver.go

@@ -10,6 +10,7 @@ import (
 )
 
 type StatusReport struct {
+	RelayPeerIP byte
 	Remotes     []RemoteStatus
 }