Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts: NEWS README configure.in doc/tincd.8.in src/Makefile.am src/bsd/device.c src/connection.c src/connection.h src/cygwin/device.c src/device.h src/dropin.h src/linux/device.c src/mingw/device.c src/net.c src/net_packet.c src/net_setup.c src/net_socket.c src/process.c src/protocol.c src/protocol_key.c src/raw_socket_device.c src/route.c src/solaris/device.c src/tincd.c src/uml_device.c
2012-02-22 14:23:59 +01:00 · 2012-02-22 14:23:59 +01:00 · 3fba80174d
commit 3fba80174d
parent fba1c85f44 65e8e06c6d
33 changed files with 614 additions and 273 deletions
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@ -133,7 +133,10 @@ IPv6 listening sockets will be created.
 If your computer has more than one IPv4 or IPv6 address,
 .Nm tinc
 will by default listen on all of them for incoming connections.
-It is possible to bind only to a single address with this variable.
+Multiple
+.Va BindToAddress
+variables may be specified,
+in which case listening sockets for each specified address are made.

 .Pp
 This option may not work on all platforms.
@ -147,6 +150,9 @@ It is possible to bind only to a single interface with this variable.
 .Pp
 This option may not work on all platforms.

+.It Va Broadcast Li = yes | no Po yes Pc Bq experimental
+When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
+
 .It Va ConnectTo Li = Ar name
 Specifies which other tinc daemon to connect to on startup.
 Multiple
@ -165,6 +171,14 @@ If you don't specify a host with
 won't try to connect to other daemons at all,
 and will instead just listen for incoming connections.

+.It Va DecrementTTL Li = yes | no Po yes Pc
+When enabled,
+.Nm tinc
+will decrement the Time To Live field in IPv4 packets, or the Hop Limit field in IPv6 packets,
+before forwarding a received packet to the virtual network device or to another node,
+and will drop packets that have a TTL value of zero,
+in which case it will send an ICMP Time Exceeded packet back.
+
 .It Va Device Li = Ar device Po Pa /dev/tap0 , Pa /dev/net/tun No or other depending on platform Pc
 The virtual network device to use.
 .Nm tinc
@ -177,30 +191,65 @@ instead of
 The info pages of the tinc package contain more information
 about configuring the virtual network device.

-.It Va DeviceType Li = tun | tunnohead | tunifhead | tap Po only supported on BSD platforms Pc
+.It Va DeviceType Li = Ar type Pq platform dependent
 The type of the virtual network device.
-Tinc will normally automatically select the right type, and this option should not be used.
-However, in case tinc does not seem to correctly interpret packets received from the virtual network device,
-using this option might help.
+Tinc will normally automatically select the right type of tun/tap interface, and this option should not be used.
+However, this option can be used to select one of the special interface types, if support for them is compiled in.
 .Bl -tag -width indent

-.It tun
+.It dummy
+Use a dummy interface.
+No packets are ever read or written to a virtual network device.
+Useful for testing, or when setting up a node that only forwards packets for other nodes.
+
+.It raw_socket
+Open a raw socket, and bind it to a pre-existing
+.Va Interface
+(eth0 by default).
+All packets are read from this interface.
+Packets received for the local node are written to the raw socket.
+However, at least on Linux, the operating system does not process IP packets destined for the local host.
+
+.It uml Pq not compiled in by default
+Create a UNIX socket with the filename specified by
+.Va Device ,
+or
+.Pa @localstatedir@/run/ Ns Ar NETNAME Ns Pa .umlsocket
+if not specified.
+.Nm tinc
+will wait for a User Mode Linux instance to connect to this socket.
+
+.It vde Pq not compiled in by default
+Uses the libvdeplug library to connect to a Virtual Distributed Ethernet switch,
+using the UNIX socket specified by
+.Va Device ,
+or
+.Pa @localstatedir@/run/vde.ctl
+if not specified.
+.El
+
+Also, in case tinc does not seem to correctly interpret packets received from the virtual network device,
+it can be used to change the way packets are interpreted:
+
+.Bl -tag -width indent
+
+.It tun Pq BSD and Linux
 Set type to tun.
 Depending on the platform, this can either be with or without an address family header (see below).

-.It tunnohead
+.It tunnohead Pq BSD
 Set type to tun without an address family header.
 Tinc will expect packets read from the virtual network device to start with an IP header.
 On some platforms IPv6 packets cannot be read from or written to the device in this mode.

-.It tunifhead
+.It tunifhead Pq BSD
 Set type to tun with an address family header.
 Tinc will expect packets read from the virtual network device
 to start with a four byte header containing the address family,
 followed by an IP header.
 This mode should support both IPv4 and IPv6 packets.

-.It tap
+.It tap Pq BSD and Linux
 Set type to tap.
 Tinc will expect packets read from the virtual network device
 to start with an Ethernet header.
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@ -782,7 +782,8 @@ both IPv4 and IPv6 or just IPv6 listening sockets will be created.
@item BindToAddress = <@var{address}> [experimental]
 If your computer has more than one IPv4 or IPv6 address, tinc
 will by default listen on all of them for incoming connections.
-It is possible to bind only to a single address with this variable.
+Multiple BindToAddress variables may be specified,
+in which case listening sockets for each specified address are made.

 This option may not work on all platforms.

@ -795,6 +796,10 @@ variable.

 This option may not work on all platforms.

+@cindex Broadcast
+@item Broadcast = <yes | no> (yes) [experimental]
+When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
+
@cindex ConnectTo
@item ConnectTo = <@var{name}>
 Specifies which other tinc daemon to connect to on startup.
@ -807,6 +812,13 @@ If you don't specify a host with ConnectTo,
 tinc won't try to connect to other daemons at all,
 and will instead just listen for incoming connections.

+@cindex DecrementTTL
+@item DecrementTTL = <yes | no> (yes)
+When enabled, tinc will decrement the Time To Live field in IPv4 packets, or the Hop Limit field in IPv6 packets,
+before forwarding a received packet to the virtual network device or to another node,
+and will drop packets that have a TTL value of zero,
+in which case it will send an ICMP Time Exceeded packet back.
+
@cindex Device
@item Device = <@var{device}> (@file{/dev/tap0}, @file{/dev/net/tun} or other depending on platform)
 The virtual network device to use.
@ -817,32 +829,64 @@ Note that you can only use one device per daemon.
 See also @ref{Device files}.

@cindex DeviceType
-@item DeviceType = <tun|tunnohead|tunifhead|tap> (only supported on BSD platforms)
+@item DeviceType = <@var{type}> (platform dependent)
 The type of the virtual network device.
-Tinc will normally automatically select the right type, and this option should not be used.
-However, in case tinc does not seem to correctly interpret packets received from the virtual network device,
-using this option might help.
+Tinc will normally automatically select the right type of tun/tap interface, and this option should not be used.
+However, this option can be used to select one of the special interface types, if support for them is compiled in.

@table @asis
-@item tun
+@cindex dummy
+@item dummy
+Use a dummy interface.
+No packets are ever read or written to a virtual network device.
+Useful for testing, or when setting up a node that only forwards packets for other nodes.
+
+@cindex raw_socket
+@item raw_socket
+Open a raw socket, and bind it to a pre-existing
+@var{Interface} (eth0 by default).
+All packets are read from this interface.
+Packets received for the local node are written to the raw socket.
+However, at least on Linux, the operating system does not process IP packets destined for the local host.
+
+@cindex UML
+@item uml (not compiled in by default)
+Create a UNIX socket with the filename specified by
+@var{Device}, or @file{@value{localstatedir}/run/@var{netname}.umlsocket}
+if not specified.
+Tinc will wait for a User Mode Linux instance to connect to this socket.
+
+@cindex VDE
+@item vde (not compiled in by default)
+Uses the libvdeplug library to connect to a Virtual Distributed Ethernet switch,
+using the UNIX socket specified by
+@var{Device}, or @file{@value{localstatedir}/run/vde.ctl}
+if not specified.
+@end table
+
+Also, in case tinc does not seem to correctly interpret packets received from the virtual network device,
+it can be used to change the way packets are interpreted:
+
+@table @asis
+@item tun (BSD and Linux)
 Set type to tun.
 Depending on the platform, this can either be with or without an address family header (see below).

@cindex tunnohead
-@item tunnohead
+@item tunnohead (BSD)
 Set type to tun without an address family header.
 Tinc will expect packets read from the virtual network device to start with an IP header.
 On some platforms IPv6 packets cannot be read from or written to the device in this mode.

@cindex tunifhead
-@item tunifhead
+@item tunifhead (BSD)
 Set type to tun with an address family header.
 Tinc will expect packets read from the virtual network device
 to start with a four byte header containing the address family,
 followed by an IP header.
 This mode should support both IPv4 and IPv6 packets.

-@item tap
+@item tap (BSD and Linux)
 Set type to tap.
 Tinc will expect packets read from the virtual network device
 to start with an Ethernet header.
@ -1600,6 +1644,12 @@ Store a cookie in @var{filename} which allows tincctl to authenticate.
 If unspecified, the default is
@file{@value{localstatedir}/run/tinc.@var{netname}.pid}.

+@item -o, --option=[@var{HOST}.]@var{KEY}=@var{VALUE}
+Without specifying a @var{HOST}, this will set server configuration variable @var{KEY} to @var{VALUE}.
+If specified as @var{HOST}.@var{KEY}=@var{VALUE},
+this will set the host configuration variable @var{KEY} of the host named @var{HOST} to @var{VALUE}.
+This option can be used more than once to specify multiple configuration variables.
+
@item -L, --mlock
 Lock tinc into main memory.
 This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
--- a/doc/tincd.8.in
+++ b/doc/tincd.8.in
@ -8,11 +8,12 @@
 .Nd tinc VPN daemon
 .Sh SYNOPSIS
 .Nm
-.Op Fl cdDKnLRU
+.Op Fl cdDKnoLRU
 .Op Fl -config Ns = Ns Ar DIR
 .Op Fl -no-detach
 .Op Fl -debug Ns Op = Ns Ar LEVEL
 .Op Fl -net Ns = Ns Ar NETNAME
+.Op Fl -option Ns = Ns Ar [HOST.]KEY=VALUE
 .Op Fl -mlock
 .Op Fl -logfile Ns Op = Ns Ar FILE
 .Op Fl -bypass-security
@ -61,6 +62,22 @@ for
 .Ar NETNAME
 is the same as not specifying any
 .Ar NETNAME .
+.It Fl o, -option Ns = Ns Ar [HOST.]KEY=VALUE
+Without specifying a
+.Ar HOST ,
+this will set server configuration variable
+.Ar KEY 
+to
+.Ar VALUE .
+If specified as
+.Ar HOST.KEY=VALUE ,
+this will set the host configuration variable 
+.Ar KEY
+of the host named
+.Ar HOST
+to
+.Ar VALUE .
+This option can be used more than once to specify multiple configuration variables.
 .It Fl L, -mlock
 Lock tinc into main memory.
 This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.