j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
tinc/src/node.h

135 lines
6 KiB
C
Raw Normal View History

Started implementing doc/CONNECTIVITY.
2001-10-09 19:30:30 +00:00
/*
node.h -- header for node.c
Releasing 1.1pre5.
2013-01-20 20:03:22 +00:00
Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
Update copyright notices, remove Ivo's email address.
2006-04-26 13:52:58 +00:00
2001-2005 Ivo Timmermans
Started implementing doc/CONNECTIVITY.
2001-10-09 19:30:30 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
Update the address of the Free Software Foundation in all copyright headers.
2009-09-24 22:01:00 +00:00
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Started implementing doc/CONNECTIVITY.
2001-10-09 19:30:30 +00:00
*/
Further implementation of doc/CONNECTIVITY. connection.[ch] is now split into a node, vertex and connection part.
2001-10-10 08:49:47 +00:00
#ifndef __TINC_NODE_H__
#define __TINC_NODE_H__
Use splay trees instead of AVL trees.
2007-05-18 10:05:26 +00:00
#include "splay_tree.h"
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
#include "cipher.h"
Introduction to Simple Local Peer Discovery Protocol (SLPD) Full functionality of tinc mesh relays on having at least one node, accessible, with known address to which all other nodes must connect in order to exchange information about other peers. Sometimes, however, in smaller networks or if two or more peers are located in the same LAN segment without access to any of the nodes with known address, there is no way of establishing a functional mesh without manually changing the configuration. SLPD addresses this problem utilizing multicast groups and autoconnect. - Node sends periodically simple message to multicast group (default 224.0.42.23 port 1655) in this format: "sLPD 0 1 nodename port publickey" "0 1" is the "major minior" version of the protocol - Node listens to the multicast group for messages on all interfaces: - if the nodename is known and the publickey matches the node's public key the source address of the packet will be stored as learned ip address - at this point setup_outgoing_connection() will be able to choose the learned ip for connect Configarion example: * Roadwarriors: SLPDInterval = 30 * Router on your home network or in your hackerspace: - It should broadcast only in the direction of the LAN thus you should set SLPDInterface = eth0 and SLPDInterval = 10 * Defaults: SLPDGroup = "224.0.42.23" SLPDPort = 1655 SLPDInterval = 0 (means SLPD is disabled) The check of the publickey is not implemented yet. IPv6 support must be implemented. This is the first commit - highly experimental.
2016-05-14 22:24:35 +00:00
#include "conf.h"
Big bad commit: - Transition to new node/vertex/connection structures - Use new configuration handling everywhere - Linux tun/tap device handling cleanup - Start of IPv6 support in route.c It compiles, but it won't link.
2001-10-27 12:13:17 +00:00
#include "connection.h"
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
#include "digest.h"
Drop libevent and use our own event handling again. There are several reasons for this: - MacOS/X doesn't support polling the tap device using kqueue, requiring a workaround to fall back to select(). - On Windows only sockets are properly handled, therefore tinc uses a second thread that does a blocking ReadFile() on the TAP-Win32/64 device. However, this does not mix well with libevent. - Libevent, event just the core, is quite large, and although it is easy to get and install on many platforms, it can be a burden. - Libev is more lightweight and seems technically superior, but it doesn't abstract away all the platform differences (for example, async events are not supported on Windows).
2012-11-29 11:28:23 +00:00
#include "event.h"
Big header file cleanup: everything that has to do with standard system libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
#include "subnet.h"
Big bad commit: - Transition to new node/vertex/connection structures - Use new configuration handling everywhere - Linux tun/tap device handling cleanup - Start of IPv6 support in route.c It compiles, but it won't link.
2001-10-27 12:13:17 +00:00
Ensure tinc compiles with gcc -std=c99. We use a lot of C99 features already, but also some extensions which are not in the standard.
2009-09-08 19:45:24 +00:00
typedef struct node_status_t {
Fix whitespace.
2012-10-10 15:17:49 +00:00
unsigned int unused_active:1; /* 1 if active (not used for nodes) */
unsigned int validkey:1; /* 1 if we currently have a valid key for him */
unsigned int waitingforkey:1; /* 1 if we already sent out a request */
unsigned int visited:1; /* 1 if this node has been visited by one of the graph algorithms */
unsigned int reachable:1; /* 1 if this node is reachable in the graph */
unsigned int indirect:1; /* 1 if this node is not directly reachable by us */
Use a status bit to track which nodes use SPTPS.
2012-07-31 19:43:49 +00:00
unsigned int sptps:1; /* 1 if this node supports SPTPS */
Fix whitespace.
2012-10-10 15:17:49 +00:00
unsigned int udp_confirmed:1; /* 1 if the address is one that we received UDP traffic on */
Use edge local addresses for local discovery. This introduces a new way of doing local discovery: when tinc has local address information for the recipient node, it will send local discovery packets directly to the local address of that node, instead of using broadcast packets. This new way of doing local discovery provides numerous advantages compared to using broadcasts: - No broadcast packets "polluting" the local network; - Reliable even if the sending host has multiple network interfaces (in contrast, broadcasts will only be sent through one unpredictable interface) - Works even if the two hosts are not on the same broadcast domain. One example is a large LAN where the two hosts might be on different local subnets. In fact, thanks to UDP hole punching this might even work if there is a NAT sitting in the middle of the LAN between the two nodes! - Sometimes a node is reachable through its "normal" address, and via a local subnet as well. One might think the local subnet is the best route to the node in this case, but more often than not it's actually worse - one example is where the local segment is a third party VPN running in parallel, or ironically it can be the local segment formed by the tinc VPN itself! Because this new algorithm only checks the addresses for which an edge is already established, it is less likely to fall into these traps.
2014-06-22 16:27:55 +00:00
unsigned int send_locally:1; /* 1 if the next UDP packet should be sent on the local network */
Send gratuitous type 2 probe replies. If we receive any traffic from another node, we periodically send back a gratuitous type 2 probe reply with the maximum received packet length. On the other node, this causes the udp and perhaps mtu probe timers to be reset, so it does not need to send a probe request. Gratuitous probe replies from another node also count as received traffic for this purpose, so for nodes that also have a meta-connection, UDP keepalive packets in principle can now solely be type 2 replies. This reduces the amount of probe traffic even more. To work, gratuitous replies should be sent slightly more often than udp_discovery_keepalive_interval, so probe requests won't be triggered. This also means that the timer resolution must be smaller than the difference between the two, and at the moment it's kind of a hack.
2015-01-11 16:44:50 +00:00
unsigned int udppacket:1; /* 1 if the most recently received packet was UDP */
Fix struct node_status_t. Although not a problem for tinc internally, the size of the struct was 12 bytes instead of 4, causing some problems when interpreting the value received from tincd by the CLI.
2015-09-25 08:05:24 +00:00
unsigned int validkey_in:1; /* 1 if we have sent a valid key to him */
AutoConnect now only chooses from nodes for which we know an address. Based partially on work from Rafał Leśniak.
2016-04-30 18:05:22 +00:00
unsigned int has_address:1; /* 1 if we know an external address for this node */
unsigned int unused:20;
Big bad commit: - Transition to new node/vertex/connection structures - Use new configuration handling everywhere - Linux tun/tap device handling cleanup - Start of IPv6 support in route.c It compiles, but it won't link.
2001-10-27 12:13:17 +00:00
} node_status_t;
Started implementing doc/CONNECTIVITY.
2001-10-09 19:30:30 +00:00
typedef struct node_t {
Fix whitespace.
2012-10-10 15:17:49 +00:00
char *name; /* name of this node */
Fix crash is sptps_logger(). Unfortunately, sptps_logger() cannot know if s->handle is pointing to a connection_t or a node_t. But it needs to print name and hostname in both cases. So make sure both types have name and hostname fields at the start with the same offset.
2015-06-10 21:42:17 +00:00
char *hostname; /* the hostname of its real ip */
Introduce node IDs. This introduces a new type of identifier for nodes, which complements node names: node IDs. Node IDs are defined as the first 6 bytes of the SHA-256 hash of the node name. They will be used in future code in lieu of node names as unique node identifiers in contexts where space is at a premium (such as VPN packets). The semantics of node IDs is that they are supposed to be unique in a tinc graph; i.e. two different nodes that are part of the same graph should not have the same ID, otherwise things could break. This solution provides this guarantee based on realistic probabilities: indeed, according to the birthday problem, with a 48-bit hash, the probability of at least one collision is 1e-13 with 10 nodes, 1e-11 with 100 nodes, 1e-9 with 1000 nodes and 1e-7 with 10000 nodes. Things only start getting hairy with more than 1 million nodes, as the probability gets over 0.2%.
2014-09-21 17:17:02 +00:00
node_id_t id; /* unique node ID (name hash) */
Fix whitespace.
2012-10-10 15:17:49 +00:00
uint32_t options; /* options turned on for this node */
Started implementing doc/CONNECTIVITY.
2001-10-09 19:30:30 +00:00
Fix whitespace.
2012-10-10 15:17:49 +00:00
int sock; /* Socket to use for outgoing UDP packets */
sockaddr_t address; /* his real (internet) ip to send UDP packets to */
Started implementing doc/CONNECTIVITY.
2001-10-09 19:30:30 +00:00
Use bools and enums where appropriate.
2003-07-22 20:55:21 +00:00
node_status_t status;
Keep last known address and time since reachability changed. This allows tincctl info to show since when a node is online or offline.
2012-09-26 20:20:43 +00:00
time_t last_state_change;
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
time_t last_req_key;
Big bad commit: - Transition to new node/vertex/connection structures - Use new configuration handling everywhere - Linux tun/tap device handling cleanup - Start of IPv6 support in route.c It compiles, but it won't link.
2001-10-27 12:13:17 +00:00
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
ecdsa_t *ecdsa; /* His public ECDSA key */
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
sptps_t sptps;
Support ECDH key exchange. REQ_KEY requests have an extra field indicating key exchange version. If it is present and > 0, the sender supports ECDH. If the receiver also does, then it will generate a new keypair and sends the public key in a ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will compute the shared secret, which, at the moment,is used as is to set the cipher and HMAC keys. However, this must be changed to use a proper KDF. In the future, the ECDH key exchange must also be signed.
2011-07-03 11:17:28 +00:00
Allow tinc to be compiled without OpenSSL. The option "--disable-legacy-protocol" was added to the configure script. The new protocol does not depend on any external crypto libraries, so when the option is used tinc is no longer linked to OpenSSL's libcrypto.
2014-12-29 21:57:18 +00:00
#ifndef DISABLE_LEGACY
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
cipher_t *incipher; /* Cipher for UDP packets */
digest_t *indigest; /* Digest for UDP packets */
Merging of the entire pre5 branch.
2002-02-10 21:57:54 +00:00
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
cipher_t *outcipher; /* Cipher for UDP packets */
digest_t *outdigest; /* Digest for UDP packets */
Allow tinc to be compiled without OpenSSL. The option "--disable-legacy-protocol" was added to the configure script. The new protocol does not depend on any external crypto libraries, so when the option is used tinc is no longer linked to OpenSSL's libcrypto.
2014-12-29 21:57:18 +00:00
#endif
Merging of the entire pre5 branch.
2002-02-10 21:57:54 +00:00
Fix whitespace.
2012-10-10 15:17:49 +00:00
int incompression; /* Compressionlevel, 0 = no compression */
int outcompression; /* Compressionlevel, 0 = no compression */
Added support for packet compression, thanks to Mark Glines. Add "Compression = <level>" to the host config files, where level can be 0 (off), or any integer between 1 (fast) and 9 (best).
2002-02-11 15:59:18 +00:00
Use Dijkstra's algorithm. Based on patches from Max Rijevskiy.
2008-12-11 18:07:26 +00:00
int distance;
Fix whitespace.
2012-10-10 15:17:49 +00:00
struct node_t *nexthop; /* nearest node from us to him */
struct edge_t *prevedge; /* nearest node from him to us */
struct node_t *via; /* next hop for UDP packets */
Started implementing doc/CONNECTIVITY.
2001-10-09 19:30:30 +00:00
Fix whitespace.
2012-10-10 15:17:49 +00:00
splay_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */
Revert to edge and graph stuff. This time, use a directed graph.
2002-09-04 13:48:52 +00:00
Fix whitespace.
2012-10-10 15:17:49 +00:00
splay_tree_t *edge_tree; /* Edges with this node as one of the endpoints */
Merging of the entire pre5 branch.
2002-02-10 21:57:54 +00:00
Fix whitespace.
2012-10-10 15:17:49 +00:00
struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */
Introduction to Simple Local Peer Discovery Protocol (SLPD) Full functionality of tinc mesh relays on having at least one node, accessible, with known address to which all other nodes must connect in order to exchange information about other peers. Sometimes, however, in smaller networks or if two or more peers are located in the same LAN segment without access to any of the nodes with known address, there is no way of establishing a functional mesh without manually changing the configuration. SLPD addresses this problem utilizing multicast groups and autoconnect. - Node sends periodically simple message to multicast group (default 224.0.42.23 port 1655) in this format: "sLPD 0 1 nodename port publickey" "0 1" is the "major minior" version of the protocol - Node listens to the multicast group for messages on all interfaces: - if the nodename is known and the publickey matches the node's public key the source address of the packet will be stored as learned ip address - at this point setup_outgoing_connection() will be able to choose the learned ip for connect Configarion example: * Roadwarriors: SLPDInterval = 30 * Router on your home network or in your hackerspace: - It should broadcast only in the direction of the LAN thus you should set SLPDInterface = eth0 and SLPDInterval = 10 * Defaults: SLPDGroup = "224.0.42.23" SLPDPort = 1655 SLPDInterval = 0 (means SLPD is disabled) The check of the publickey is not implemented yet. IPv6 support must be implemented. This is the first commit - highly experimental.
2016-05-14 22:24:35 +00:00
struct config_t *slpd_address; /* Address we learned via SLPD */
Changed comment in node.h for SLPD
2016-05-21 20:57:46 +00:00
struct timeval slpd_active_since; /* Last time we accepted SLPD packet for this node */
Fix whitespace.
2012-10-10 15:17:49 +00:00
uint32_t sent_seqno; /* Sequence number last sent to this node */
uint32_t received_seqno; /* Sequence number last received from this node */
Count the number of correctly received UDP packets. Keep track of the number of correct, non-replayed UDP packets that have been received, regardless of their content. This can be compared to the sequence number to determine the real packet loss.
2013-01-15 12:33:16 +00:00
uint32_t received; /* Total valid packets received from this node */
Estimate RTT, bandwidth and packet loss between nodes. Without adding any extra traffic, we can measure round trip times, estimate the bandwidth and packet loss between nodes. The RTT and bandwidth can be measured by timing the MTU probe packets. The RTT is the difference between the time a burst of MTU probes was sent and when the first reply is received. The bandwidth can be estimated by multiplying the size of the probe packets by the time between succesive received probe replies of the same burst. The packet loss can be estimated for incoming traffic by comparing how many packets have actually been received to the increase in the sequence numbers. The estimates are not perfect. Especially bandwidth is difficult to measure, the only accurate way is to continuously send as much data as possible, but that is obviously not desirable. The packet loss rate is also almost always a few percent when sending a lot of data over the VPN via TCP, since TCP *needs* packet loss to work properly.
2013-01-16 15:31:56 +00:00
uint32_t prev_received_seqno;
uint32_t prev_received;
Fix whitespace.
2012-10-10 15:17:49 +00:00
uint32_t farfuture; /* Packets in a row that have arrived from the far future */
unsigned char* late; /* Bitfield marking late packets */
Let tinc figure out the exact MTU of the link.
2003-12-20 19:47:53 +00:00
Send gratuitous type 2 probe replies. If we receive any traffic from another node, we periodically send back a gratuitous type 2 probe reply with the maximum received packet length. On the other node, this causes the udp and perhaps mtu probe timers to be reset, so it does not need to send a probe request. Gratuitous probe replies from another node also count as received traffic for this purpose, so for nodes that also have a meta-connection, UDP keepalive packets in principle can now solely be type 2 replies. This reduces the amount of probe traffic even more. To work, gratuitous replies should be sent slightly more often than udp_discovery_keepalive_interval, so probe requests won't be triggered. This also means that the timer resolution must be smaller than the difference between the two, and at the moment it's kind of a hack.
2015-01-11 16:44:50 +00:00
struct timeval udp_reply_sent; /* Last time a (gratuitous) UDP probe reply was sent */
Remove RTT and packet loss estimation code. This is not working at all anymore. Just remove it, and we'll do another attempt at RTT, bandwidth and packet loss estimation after the new probing code stabilizes.
2015-01-11 13:44:15 +00:00
struct timeval udp_ping_sent; /* Last time a UDP probe was sent */
Add UDP discovery mechanism. This adds a new mechanism by which tinc can determine if a node is reachable via UDP. The new mechanism is currently redundant with the PMTU discovery mechanism - that will be fixed in a future commit. Conceptually, the UDP discovery mechanism works similarly to PMTU discovery: it sends UDP probes (of minmtu size, to make sure the tunnel is fully usable), and assumes UDP is usable if it gets replies. It assumes UDP is broken if too much time has passed since the last reply. The big difference with the current PMTU discovery mechanism, however, is that UDP discovery probes are only triggered as part of the packet TX path (through try_tx()). This is quite interesting, because it means tinc will never send UDP pings more often than normal packets, and most importantly, it will automatically stop sending pings as soon as packets stop flowing, thereby nicely reducing network chatter. Of course, there are small drawbacks in some edge cases: for example, if a node only sends one packet every minute to another node, these packets will only be sent over TCP, because the interval between packets is too long for tinc to maintain the UDP tunnel. I consider this a feature, not a bug: I believe it is appropriate to use TCP in scenarios where traffic is negligible, so that we don't pollute the network with pings just to maintain a UDP tunnel that's seeing negligible usage.
2014-12-29 10:34:39 +00:00
timeout_t udp_ping_timeout; /* Ping timeout event */
Remove RTT and packet loss estimation code. This is not working at all anymore. Just remove it, and we'll do another attempt at RTT, bandwidth and packet loss estimation after the new probing code stabilizes.
2015-01-11 13:44:15 +00:00
struct timeval mtu_ping_sent; /* Last time a MTU probe was sent */
Throttle the rate of MTU_INFO messages. This makes sure MTU_INFO messages are only sent at the maximum rate of 5 per second (by default). As usual with these "probe" mechanisms, the rate of these messages cannot be higher than the rate of data packets themselves, since they are sent from the RX path.
2015-03-08 20:17:27 +00:00
struct timeval mtu_info_sent; /* Last time a MTU_INFO message was sent */
Throttle the rate of UDP_INFO messages. This makes sure UDP_INFO messages are only sent at the maximum rate of 5 per second (by default). As usual with these "probe" mechanisms, the rate of these messages cannot be higher than the rate of data packets themselves, since they are sent from the RX path.
2015-03-08 19:54:44 +00:00
struct timeval udp_info_sent; /* Last time a UDP_INFO message was sent */
Keep track of the largest UDP packet size received from a node.
2015-01-11 15:10:58 +00:00
length_t maxrecentlen; /* Maximum size of recently received packets */
Fix whitespace.
2012-10-10 15:17:49 +00:00
length_t mtu; /* Maximum size of packets to send to this node */
length_t minmtu; /* Probed minimum MTU */
length_t maxmtu; /* Probed maximum MTU */
int mtuprobes; /* Number of probes */
Add per-node traffic counters.
2011-05-14 22:42:29 +00:00
uint64_t in_packets;
uint64_t in_bytes;
uint64_t out_packets;
uint64_t out_bytes;
Started implementing doc/CONNECTIVITY.
2001-10-09 19:30:30 +00:00
} node_t;
Further implementation of doc/CONNECTIVITY. connection.[ch] is now split into a node, vertex and connection part.
2001-10-10 08:49:47 +00:00
Big bad commit: - Transition to new node/vertex/connection structures - Use new configuration handling everywhere - Linux tun/tap device handling cleanup - Start of IPv6 support in route.c It compiles, but it won't link.
2001-10-27 12:13:17 +00:00
extern struct node_t *myself;
Use splay trees instead of AVL trees.
2007-05-18 10:05:26 +00:00
extern splay_tree_t *node_tree;
Further implementation of doc/CONNECTIVITY. connection.[ch] is now split into a node, vertex and connection part.
2001-10-10 08:49:47 +00:00
Big bad commit: - Transition to new node/vertex/connection structures - Use new configuration handling everywhere - Linux tun/tap device handling cleanup - Start of IPv6 support in route.c It compiles, but it won't link.
2001-10-27 12:13:17 +00:00
extern void init_nodes(void);
extern void exit_nodes(void);
Make autoconnect faster When AutoConnect is enabled tinc tries to connect to other nodes picking them at random. This may be sane default behavior but it may take ages if only few nodes have defined Address in thier config. Proposed solution to this problem: - Filter out nodes without known address in periodic_handler I have added new node->status.has_known_address bool - On update_node_udp() update this flag
2015-07-23 15:58:39 +00:00
extern int node_compare(const node_t *, const node_t *);
Prevent definitions from messing up attributes.
2003-07-30 21:52:41 +00:00
extern node_t *new_node(void) __attribute__ ((__malloc__));
- Non-blocking connect()s. - Socket handling revamped to use sockaddr_t. - tinc can now tunnel over IPv6. - Handle all addresses and subnets in network byte order. Only convert them when they need to be printed. - IPv6 subnets bigger than /128 now work. - Use %s and strerror(errno) instead of %m.
2002-02-18 16:25:19 +00:00
extern void free_node(node_t *);
extern void node_add(node_t *);
extern void node_del(node_t *);
Fix compile errors and warnings.
2003-07-29 10:50:15 +00:00
extern node_t *lookup_node(char *);
Introduce node IDs. This introduces a new type of identifier for nodes, which complements node names: node IDs. Node IDs are defined as the first 6 bytes of the SHA-256 hash of the node name. They will be used in future code in lieu of node names as unique node identifiers in contexts where space is at a premium (such as VPN packets). The semantics of node IDs is that they are supposed to be unique in a tinc graph; i.e. two different nodes that are part of the same graph should not have the same ID, otherwise things could break. This solution provides this guarantee based on realistic probabilities: indeed, according to the birthday problem, with a 48-bit hash, the probability of at least one collision is 1e-13 with 10 nodes, 1e-11 with 100 nodes, 1e-9 with 1000 nodes and 1e-7 with 10000 nodes. Things only start getting hairy with more than 1 million nodes, as the probability gets over 0.2%.
2014-09-21 17:17:02 +00:00
extern node_t *lookup_node_id(const node_id_t *);
Sprinkle around a lot of const and some C99 initialisers.
2003-07-24 12:08:16 +00:00
extern node_t *lookup_node_udp(const sockaddr_t *);
Use the TCP socket infrastructure for control sockets. The control socket code was completely different from how meta connections are handled, resulting in lots of extra code to handle requests. Also, not every operating system has UNIX sockets, so we have to resort to another type of sockets or pipes for those anyway. To reduce code duplication and make control sockets work the same on all platforms, we now just connect to the TCP port where tincd is already listening on. To authenticate, the program that wants to control a running tinc daemon must send the contents of a cookie file. The cookie is a random 256 bits number that is regenerated every time tincd starts. The cookie file should only be readable by the same user that can start a tincd. Instead of the binary-ish protocol previously used, we now use an ASCII protocol similar to that of the meta connections, but this can still change.
2009-11-07 22:43:25 +00:00
extern bool dump_nodes(struct connection_t *);
Fix some compiler warnings.
2011-05-17 08:58:22 +00:00
extern bool dump_traffic(struct connection_t *);
Handle UDP packets from different and ports than advertised. Previously, tinc used a fixed address and port for each node for UDP packet exchange. The port was the one advertised by that node as its listening port. However, due to NAT the port might be different. Now, tinc sends a different session key to each node. This way, the sending node can be determined from incoming packets by checking the MAC against all session keys. If a match is found, the address and port for that node are updated.
2009-04-02 23:05:23 +00:00
extern void update_node_udp(node_t *, const sockaddr_t *);
Big bad commit: - Transition to new node/vertex/connection structures - Use new configuration handling everywhere - Linux tun/tap device handling cleanup - Start of IPv6 support in route.c It compiles, but it won't link.
2001-10-27 12:13:17 +00:00
Fix whitespace.
2012-10-10 15:17:49 +00:00
#endif /* __TINC_NODE_H__ */
Reference in a new issue Copy permalink